@mhingston5/conduit 1.1.1 → 1.1.3

package/docs/CODE_MODE.md

@@ -28,6 +28,6 @@ Because logic executes in a sandbox, you can enforce limits on loops, memory, an
 ## Implementation in Conduit
 
 Conduit provides:
-1. **`executeTypeScript` / `executePython`**: The entry points.
+1. **`mcp_execute_typescript` / `mcp_execute_python`**: The entry points.
 2. **`tools.*` SDK**: A dynamically generated client injected into the runtime.
 3. **Sandboxes**: Deno, Pyodide, and isolated-vm to run the code safely.

package/docs/SECURITY.md

@@ -27,7 +27,7 @@ Conduit enforces strict Server-Side Request Forgery (SSRF) protections on upstre
 ## Authorization
 
 - **Master Token**: Full access to all methods (set via `IPC_BEARER_TOKEN`).
-- **Session Tokens**: Generated per-execution, restricted to `mcp.discoverTools` and `mcp.callTool` only.
+- **Session Tokens**: Generated per-execution, restricted to `mcp_discover_tools` and `mcp_call_tool` only.
 - **Tool Allowlisting**: Per-request scope limits which tools code can discover/call (e.g., `["github.*"]`).
 
 ## Runtime Security

package/package.json

@@ -1,9 +1,12 @@
 {
   "name": "@mhingston5/conduit",
-  "version": "1.1.1",
+  "version": "1.1.3",
   "type": "module",
   "description": "A secure Code Mode execution substrate for MCP agents",
   "main": "index.js",
+  "bin": {
+    "conduit": "./dist/index.js"
+  },
   "publishConfig": {
     "access": "public"
   },
@@ -47,11 +50,13 @@
     "ajv": "^8.17.1",
     "ajv-formats": "^3.0.1",
     "axios": "^1.13.2",
+    "commander": "^14.0.2",
     "dotenv": "^17.2.3",
     "fastify": "^5.6.2",
     "isolated-vm": "^6.0.2",
     "js-yaml": "^4.1.1",
     "lru-cache": "^11.2.4",
+    "open": "^11.0.0",
     "p-limit": "^7.2.0",
     "pino": "^10.1.0",
     "pyodide": "^0.29.0",

package/src/assets/deno-shim.ts

@@ -81,12 +81,12 @@ async function sendIPCRequest(method: string, params: any) {
 
 // Internal tool call function - used by generated SDK
 const __internalCallTool = async (name: string, params: any) => {
-    return await sendIPCRequest('mcp.callTool', { name, arguments: params });
+    return await sendIPCRequest('mcp_call_tool', { name, arguments: params });
 };
 
 // Tool discovery - still available for dynamic scenarios
 (globalThis as any).discoverMCPTools = async (options: any) => {
-    const result = await sendIPCRequest('mcp.discoverTools', options);
+    const result = await sendIPCRequest('mcp_discover_tools', options);
     return result.tools || [];
 };
 

package/src/auth.cmd.ts

@@ -0,0 +1,95 @@
+import Fastify from 'fastify';
+import axios from 'axios';
+import open from 'open';
+import { v4 as uuidv4 } from 'uuid';
+
+export interface AuthOptions {
+    authUrl: string;
+    tokenUrl: string;
+    clientId: string;
+    clientSecret: string;
+    scopes?: string;
+    port?: number;
+}
+
+export async function handleAuth(options: AuthOptions) {
+    const port = options.port || 3333;
+    const redirectUri = `http://localhost:${port}/callback`;
+    const state = uuidv4();
+
+    const fastify = Fastify();
+
+    return new Promise<void>((resolve, reject) => {
+        fastify.get('/callback', async (request, reply) => {
+            const { code, state: returnedState, error, error_description } = request.query as any;
+
+            if (error) {
+                reply.send(`Authentication failed: ${error} - ${error_description}`);
+                reject(new Error(`OAuth error: ${error}`));
+                return;
+            }
+
+            if (returnedState !== state) {
+                reply.send('Invalid state parameter');
+                reject(new Error('State mismatch'));
+                return;
+            }
+
+            try {
+                const response = await axios.post(options.tokenUrl, {
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: redirectUri,
+                    client_id: options.clientId,
+                    client_secret: options.clientSecret,
+                });
+
+                const { refresh_token, access_token } = response.data;
+
+                console.log('\n--- Authentication Successful ---\n');
+                console.log('Use these values in your conduit.yaml:\n');
+                console.log('credentials:');
+                console.log('  type: oauth2');
+                console.log(`  clientId: ${options.clientId}`);
+                console.log(`  clientSecret: ${options.clientSecret}`);
+                console.log(`  tokenUrl: "${options.tokenUrl}"`);
+                console.log(`  refreshToken: "${refresh_token || 'N/A (No refresh token returned)'}"`);
+
+                if (!refresh_token) {
+                    console.log('\nWarning: No refresh token was returned. Ensure your app has "offline_access" scope or similar.');
+                }
+
+                console.log('\nRaw response data:', JSON.stringify(response.data, null, 2));
+
+                reply.send('Authentication successful! You can close this window and return to the terminal.');
+                resolve();
+            } catch (err: any) {
+                const msg = err.response?.data?.error_description || err.response?.data?.error || err.message;
+                reply.send(`Failed to exchange code for token: ${msg}`);
+                reject(new Error(`Token exchange failed: ${msg}`));
+            } finally {
+                setTimeout(() => fastify.close(), 1000);
+            }
+        });
+
+        fastify.listen({ port: port, host: '127.0.0.1' }, async (err) => {
+            if (err) {
+                reject(err);
+                return;
+            }
+
+            const authUrl = new URL(options.authUrl);
+            authUrl.searchParams.append('client_id', options.clientId);
+            authUrl.searchParams.append('redirect_uri', redirectUri);
+            authUrl.searchParams.append('response_type', 'code');
+            authUrl.searchParams.append('state', state);
+            if (options.scopes) {
+                authUrl.searchParams.append('scope', options.scopes);
+            }
+
+            console.log(`Opening browser to: ${authUrl.toString()}`);
+            console.log('Waiting for callback...');
+            await open(authUrl.toString());
+        });
+    });
+}

package/src/core/config.service.ts

@@ -2,6 +2,7 @@ import { z } from 'zod';
 import dotenv from 'dotenv';
 import fs from 'node:fs';
 import path from 'node:path';
+import crypto from 'node:crypto';
 import yaml from 'js-yaml';
 
 // Silence dotenv logging
@@ -22,12 +23,14 @@ export const ResourceLimitsSchema = z.object({
 });
 
 export const UpstreamCredentialsSchema = z.object({
-    type: z.enum(['oauth2', 'apikey']), // Add other types as needed
+    type: z.enum(['oauth2', 'apiKey', 'bearer']), // Align with AuthType
     clientId: z.string().optional(),
     clientSecret: z.string().optional(),
     tokenUrl: z.string().optional(),
+    refreshToken: z.string().optional(),
     scopes: z.array(z.string()).optional(),
     apiKey: z.string().optional(),
+    bearerToken: z.string().optional(),
     headerName: z.string().optional(),
 });
 
@@ -63,7 +66,7 @@ export const ConfigSchema = z.object({
     secretRedactionPatterns: z.array(z.string()).default([
         '[A-Za-z0-9-_]{20,}', // Default pattern from spec
     ]),
-    ipcBearerToken: z.string().optional().default(() => Math.random().toString(36).substring(7)),
+    ipcBearerToken: z.string().optional().default(() => crypto.randomUUID()),
     maxConcurrent: z.number().default(10),
     denoMaxPoolSize: z.number().default(10),
     pyodideMaxPoolSize: z.number().default(3),

package/src/core/middleware/auth.middleware.ts

@@ -31,7 +31,7 @@ export class AuthMiddleware implements Middleware {
 
         // Strict scoping for session tokens
         if (isSession) {
-            const allowedMethods = ['initialize', 'notifications/initialized', 'mcp.discoverTools', 'mcp.callTool', 'ping'];
+            const allowedMethods = ['initialize', 'notifications/initialized', 'mcp_discover_tools', 'mcp_call_tool', 'ping', 'tools/list', 'tools/call'];
             if (!allowedMethods.includes(request.method)) {
                 return {
                     jsonrpc: '2.0',

package/src/core/request.controller.ts

@@ -102,23 +102,24 @@ export class RequestController {
 
         switch (method) {
             case 'tools/list': // Standard MCP method name
-            case 'mcp.discoverTools':
+            case 'mcp_discover_tools':
                 return this.handleDiscoverTools(params, context, id);
-            case 'mcp.listToolPackages':
+            case 'mcp_list_tool_packages':
                 return this.handleListToolPackages(params, context, id);
-            case 'mcp.listToolStubs':
+            case 'mcp_list_tool_stubs':
                 return this.handleListToolStubs(params, context, id);
-            case 'mcp.readToolSchema':
+            case 'mcp_read_tool_schema':
                 return this.handleReadToolSchema(params, context, id);
-            case 'mcp.validateTool':
+            case 'mcp_validate_tool':
                 return this.handleValidateTool(request, context);
-            case 'mcp.callTool':
+            case 'mcp_call_tool':
+            case 'tools/call':
                 return this.handleCallTool(params, context, id);
-            case 'mcp.executeTypeScript':
+            case 'mcp_execute_typescript':
                 return this.handleExecuteTypeScript(params, context, id);
-            case 'mcp.executePython':
+            case 'mcp_execute_python':
                 return this.handleExecutePython(params, context, id);
-            case 'mcp.executeIsolate':
+            case 'mcp_execute_isolate':
                 return this.handleExecuteIsolate(params, context, id);
             case 'initialize':
                 return this.handleInitialize(params, context, id);
@@ -208,12 +209,25 @@ export class RequestController {
     }
 
     private async handleCallTool(params: any, context: ExecutionContext, id: string | number): Promise<JSONRPCResponse> {
+        if (!params) return this.errorResponse(id, -32602, 'Missing parameters');
         const { name, arguments: toolArgs } = params;
+
+        // Route built-in tools to their specific handlers
+        switch (name) {
+            case 'mcp_execute_typescript':
+                return this.handleExecuteTypeScript(toolArgs, context, id);
+            case 'mcp_execute_python':
+                return this.handleExecutePython(toolArgs, context, id);
+            case 'mcp_execute_isolate':
+                return this.handleExecuteIsolate(toolArgs, context, id);
+        }
+
         const response = await this.gatewayService.callTool(name, toolArgs, context);
         return { ...response, id };
     }
 
     private async handleExecuteTypeScript(params: any, context: ExecutionContext, id: string | number): Promise<JSONRPCResponse> {
+        if (!params) return this.errorResponse(id, -32602, 'Missing parameters');
         const { code, limits, allowedTools } = params;
 
         if (Array.isArray(allowedTools)) {
@@ -238,6 +252,7 @@ export class RequestController {
     }
 
     private async handleExecutePython(params: any, context: ExecutionContext, id: string | number): Promise<JSONRPCResponse> {
+        if (!params) return this.errorResponse(id, -32602, 'Missing parameters');
         const { code, limits, allowedTools } = params;
 
         if (Array.isArray(allowedTools)) {
@@ -287,6 +302,7 @@ export class RequestController {
     }
 
     private async handleExecuteIsolate(params: any, context: ExecutionContext, id: string | number): Promise<JSONRPCResponse> {
+        if (!params) return this.errorResponse(id, -32602, 'Missing parameters');
         const { code, limits, allowedTools } = params;
 
         if (Array.isArray(allowedTools)) {

package/src/core/security.service.ts

@@ -9,11 +9,11 @@ export type { Session };
 
 export class SecurityService implements IUrlValidator {
     private logger: Logger;
-    private ipcToken: string;
+    private ipcToken: string | undefined;
     private networkPolicy: NetworkPolicyService;
     private sessionManager: SessionManager;
 
-    constructor(logger: Logger, ipcToken: string) {
+    constructor(logger: Logger, ipcToken: string | undefined) {
         this.logger = logger;
         this.ipcToken = ipcToken;
         this.networkPolicy = new NetworkPolicyService(logger);
@@ -67,7 +67,7 @@ export class SecurityService implements IUrlValidator {
     }
 
 
-    getIpcToken(): string {
+    getIpcToken(): string | undefined {
         return this.ipcToken;
     }
 }

package/src/executors/pyodide.worker.ts

@@ -131,11 +131,11 @@ async function handleTask(data: any) {
         };
 
         (p as any).globals.set('discover_mcp_tools_js', (options: any) => {
-            return sendIPCRequest('mcp.discoverTools', options);
+            return sendIPCRequest('mcp_discover_tools', options);
         });
 
         (p as any).globals.set('call_mcp_tool_js', (name: string, args: any) => {
-            return sendIPCRequest('mcp.callTool', { name, arguments: args });
+            return sendIPCRequest('mcp_call_tool', { name, arguments: args });
         });
 
         if (shim) {

package/src/gateway/auth.service.ts

@@ -7,12 +7,10 @@ export interface UpstreamCredentials {
     type: AuthType;
     apiKey?: string;
     bearerToken?: string;
-    oauth2?: {
-        clientId: string;
-        clientSecret: string;
-        tokenUrl: string;
-        refreshToken: string;
-    };
+    clientId?: string;
+    clientSecret?: string;
+    tokenUrl?: string;
+    refreshToken?: string;
 }
 
 interface CachedToken {
@@ -45,10 +43,11 @@ export class AuthService {
     }
 
     private async getOAuth2Token(creds: UpstreamCredentials): Promise<string> {
-        if (!creds.oauth2) throw new Error('OAuth2 credentials missing');
+        if (!creds.tokenUrl || !creds.clientId) {
+            throw new Error('OAuth2 credentials missing required fields (tokenUrl, clientId)');
+        }
 
-        const { oauth2 } = creds;
-        const cacheKey = `${oauth2.clientId}:${oauth2.tokenUrl}`;
+        const cacheKey = `${creds.clientId}:${creds.tokenUrl}`;
 
         // Check cache first (with 30s buffer)
         const cached = this.tokenCache.get(cacheKey);
@@ -74,17 +73,18 @@ export class AuthService {
     }
 
     private async doRefresh(creds: UpstreamCredentials, cacheKey: string): Promise<string> {
-        const { oauth2 } = creds;
-        if (!oauth2) throw new Error('OAuth2 credentials missing');
+        if (!creds.tokenUrl || !creds.refreshToken || !creds.clientId || !creds.clientSecret) {
+            throw new Error('OAuth2 credentials missing required fields for refresh');
+        }
 
-        this.logger.info('Refreshing OAuth2 token');
+        this.logger.info({ tokenUrl: creds.tokenUrl, clientId: creds.clientId }, 'Refreshing OAuth2 token');
 
         try {
-            const response = await axios.post(oauth2.tokenUrl, {
+            const response = await axios.post(creds.tokenUrl, {
                 grant_type: 'refresh_token',
-                refresh_token: oauth2.refreshToken,
-                client_id: oauth2.clientId,
-                client_secret: oauth2.clientSecret,
+                refresh_token: creds.refreshToken,
+                client_id: creds.clientId,
+                client_secret: creds.clientSecret,
             });
 
             const { access_token, expires_in } = response.data;
@@ -97,8 +97,9 @@ export class AuthService {
 
             return `Bearer ${access_token}`;
         } catch (err: any) {
-            this.logger.error({ err: err.message }, 'Failed to refresh OAuth2 token');
-            throw new Error(`OAuth2 refresh failed: ${err.message}`);
+            const errorMsg = err.response?.data?.error_description || err.response?.data?.error || err.message;
+            this.logger.error({ err: errorMsg }, 'Failed to refresh OAuth2 token');
+            throw new Error(`OAuth2 refresh failed: ${errorMsg}`);
         }
     }
 }

package/src/gateway/gateway.service.ts

@@ -12,7 +12,7 @@ import addFormats from 'ajv-formats';
 
 const BUILT_IN_TOOLS: ToolSchema[] = [
     {
-        name: 'mcp.executeTypeScript',
+        name: 'mcp_execute_typescript',
         description: 'Executes TypeScript code in a secure sandbox with access to `tools.*` SDK.',
         inputSchema: {
             type: 'object',
@@ -31,7 +31,7 @@ const BUILT_IN_TOOLS: ToolSchema[] = [
         }
     },
     {
-        name: 'mcp.executePython',
+        name: 'mcp_execute_python',
         description: 'Executes Python code in a secure sandbox with access to `tools.*` SDK.',
         inputSchema: {
             type: 'object',
@@ -50,7 +50,7 @@ const BUILT_IN_TOOLS: ToolSchema[] = [
         }
     },
     {
-        name: 'mcp.executeIsolate',
+        name: 'mcp_execute_isolate',
         description: 'Executes JavaScript code in a high-speed V8 isolate (no Deno/Node APIs).',
         inputSchema: {
             type: 'object',

package/src/index.ts

@@ -1,3 +1,4 @@
+import { Command } from 'commander';
 import { ConfigService } from './core/config.service.js';
 import { createLogger, loggerStorage } from './core/logger.js';
 import { SocketTransport } from './transport/socket.transport.js';
@@ -14,10 +15,56 @@ import { IsolateExecutor } from './executors/isolate.executor.js';
 import { ExecutorRegistry } from './core/registries/executor.registry.js';
 import { ExecutionService } from './core/execution.service.js';
 import { buildDefaultMiddleware } from './core/middleware/middleware.builder.js';
-async function main() {
-    // console.error('DEBUG: Starting Conduit main...');
+import { handleAuth } from './auth.cmd.js';
+
+const program = new Command();
+
+program
+    .name('conduit')
+    .description('A secure Code Mode execution substrate for MCP agents')
+    .version('1.0.0');
+
+program
+    .command('serve', { isDefault: true })
+    .description('Start the Conduit server')
+    .option('--stdio', 'Use stdio transport')
+    .action(async (options) => {
+        try {
+            await startServer();
+        } catch (err) {
+            console.error('Failed to start Conduit:', err);
+            process.exit(1);
+        }
+    });
+
+program
+    .command('auth')
+    .description('Help set up OAuth for an upstream MCP server')
+    .requiredOption('--client-id <id>', 'OAuth Client ID')
+    .requiredOption('--client-secret <secret>', 'OAuth Client Secret')
+    .requiredOption('--auth-url <url>', 'OAuth Authorization URL')
+    .requiredOption('--token-url <url>', 'OAuth Token URL')
+    .option('--scopes <scopes>', 'OAuth Scopes (comma separated)')
+    .option('--port <port>', 'Port for the local callback server', '3333')
+    .action(async (options) => {
+        try {
+            await handleAuth({
+                clientId: options.clientId,
+                clientSecret: options.clientSecret,
+                authUrl: options.authUrl,
+                tokenUrl: options.tokenUrl,
+                scopes: options.scopes,
+                port: parseInt(options.port, 10),
+            });
+            console.log('\nSuccess! Configuration generated.');
+        } catch (err: any) {
+            console.error('Authentication helper failed:', err.message);
+            process.exit(1);
+        }
+    });
+
+async function startServer() {
     const configService = new ConfigService();
-    // console.error('DEBUG: Config loaded');
     const logger = createLogger(configService);
 
     const otelService = new OtelService(logger);
@@ -78,7 +125,7 @@ async function main() {
             const port = configService.get('port');
             address = await transport.listen({ port });
         }
-        executionService.ipcAddress = address; // Update IPC address on ExecutionService instead of RequestController
+        executionService.ipcAddress = address;
 
         // Pre-warm workers
         await requestController.warmup();
@@ -102,7 +149,4 @@ async function main() {
     });
 }
 
-main().catch((err) => {
-    console.error('Failed to start Conduit:', err);
-    process.exit(1);
-});
+program.parse(process.argv);

package/src/transport/socket.transport.ts

@@ -1,4 +1,5 @@
 import net from 'node:net';
+import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
 import { Logger } from 'pino';
@@ -46,9 +47,13 @@ export class SocketTransport {
 
                 // Cleanup existing socket if needed (unlikely on Windows, but good for Unix)
                 if (os.platform() !== 'win32' && path.isAbsolute(socketPath)) {
-                    // We rely on caller or deployment to clean up, or error out. 
-                    // Trying to unlink here might be dangerous if we don't own it.
-                    // But strictly, we should just listen.
+                    try {
+                        fs.unlinkSync(socketPath);
+                    } catch (error: any) {
+                        if (error.code !== 'ENOENT') {
+                            this.logger.warn({ err: error, socketPath }, 'Failed to unlink socket before binding');
+                        }
+                    }
                 }
 
                 this.server.listen(socketPath, () => {

package/tests/auth.service.test.ts

@@ -25,13 +25,10 @@ describe('AuthService', () => {
     it('should refresh OAuth2 token when expired', async () => {
         const creds: any = {
             type: 'oauth2',
-            oauth2: {
-                clientId: 'id',
-                clientSecret: 'secret',
-                tokenUrl: 'http://token',
-                refreshToken: 'refresh',
-                expiresAt: Date.now() - 1000, // Expired
-            },
+            clientId: 'id',
+            clientSecret: 'secret',
+            tokenUrl: 'http://token',
+            refreshToken: 'refresh',
         };
 
         (axios.post as any).mockResolvedValue({
@@ -50,12 +47,10 @@ describe('AuthService', () => {
         // First call - will trigger refresh
         const creds: any = {
             type: 'oauth2',
-            oauth2: {
-                clientId: 'id',
-                clientSecret: 'secret',
-                tokenUrl: 'http://token',
-                refreshToken: 'refresh',
-            },
+            clientId: 'id',
+            clientSecret: 'secret',
+            tokenUrl: 'http://token',
+            refreshToken: 'refresh',
         };
 
         (axios.post as any).mockResolvedValue({

package/tests/config.service.test.ts

@@ -67,4 +67,35 @@ describe('ConfigService', () => {
         existsSpy.mockRestore();
         readSpy.mockRestore();
     });
+
+    it('should parse OAuth2 credentials correctly', () => {
+        const existsSpy = vi.spyOn(fs, 'existsSync').mockImplementation((p: any) => p.endsWith('conduit.test.yaml'));
+        const readSpy = vi.spyOn(fs, 'readFileSync').mockReturnValue(`
+upstreams:
+  - id: test-oauth
+    type: http
+    url: http://upstream
+    credentials:
+      type: oauth2
+      clientId: my-id
+      clientSecret: my-secret
+      tokenUrl: http://token
+      refreshToken: my-refresh
+`);
+
+        vi.stubEnv('CONFIG_FILE', 'conduit.test.yaml');
+        const configService = new ConfigService();
+        const upstreams = configService.get('upstreams');
+        expect(upstreams).toHaveLength(1);
+        expect(upstreams![0].credentials).toEqual({
+            type: 'oauth2',
+            clientId: 'my-id',
+            clientSecret: 'my-secret',
+            tokenUrl: 'http://token',
+            refreshToken: 'my-refresh'
+        });
+
+        existsSpy.mockRestore();
+        readSpy.mockRestore();
+    });
 });

package/tests/contract.test.ts

@@ -32,8 +32,8 @@ describe('Contract Test: Conduit vs Reference MCP', () => {
 
     it('should successfully discover tools from reference MCP', async () => {
         const tools = await gateway.discoverTools(context);
-        expect(tools).toHaveLength(1);
-        expect(tools[0].name).toBe('ref__echo');
+        expect(tools.length).toBeGreaterThanOrEqual(1);
+        expect(tools.find(t => t.name === 'ref__echo')).toBeDefined();
     });
 
     it('should successfully call tool on reference MCP', async () => {

package/tests/dynamic.tool.test.ts

@@ -96,7 +96,7 @@ describe('Dynamic Tool Calling (E2E)', () => {
         const response = await requestController.handleRequest({
             jsonrpc: '2.0',
             id: 1,
-            method: 'mcp.executeTypeScript',
+            method: 'mcp_execute_typescript',
             params: { code },
             auth: { bearerToken: testToken }
         }, context);
@@ -122,7 +122,7 @@ print(f"RESULT:{result}")
         const response = await requestController.handleRequest({
             jsonrpc: '2.0',
             id: 2,
-            method: 'mcp.executePython',
+            method: 'mcp_execute_python',
             params: { code },
             auth: { bearerToken: testToken }
         }, context);
@@ -151,7 +151,7 @@ print(f"RESULT:{result}")
         const response = await requestController.handleRequest({
             jsonrpc: '2.0',
             id: 3,
-            method: 'mcp.executeTypeScript',
+            method: 'mcp_execute_typescript',
             params: {
                 code,
                 allowedTools: ['mock.hello']  // Only mock.hello allowed
@@ -178,7 +178,7 @@ print(f"RESULT:{result}")
         const response = await requestController.handleRequest({
             jsonrpc: '2.0',
             id: 4,
-            method: 'mcp.executeTypeScript',
+            method: 'mcp_execute_typescript',
             params: {
                 code,
                 allowedTools: ['mock.*']  // Wildcard allows all mock tools
@@ -206,7 +206,7 @@ print(f"RESULT:{result}")
         const response = await requestController.handleRequest({
             jsonrpc: '2.0',
             id: 5,
-            method: 'mcp.executeIsolate',
+            method: 'mcp_execute_isolate',
             params: {
                 code,
                 allowedTools: ['mock.*'],