@mhingston5/conduit 1.1.2 → 1.1.3

package/dist/index.js

@@ -0,0 +1,3250 @@
+// src/index.ts
+import { Command } from "commander";
+
+// src/core/config.service.ts
+import { z } from "zod";
+import dotenv from "dotenv";
+import fs from "fs";
+import path from "path";
+import yaml from "js-yaml";
+var originalWrite = process.stdout.write;
+process.stdout.write = () => true;
+dotenv.config();
+process.stdout.write = originalWrite;
+var ResourceLimitsSchema = z.object({
+  timeoutMs: z.number().default(3e4),
+  memoryLimitMb: z.number().default(256),
+  maxOutputBytes: z.number().default(1024 * 1024),
+  // 1MB
+  maxLogEntries: z.number().default(1e4)
+});
+var UpstreamCredentialsSchema = z.object({
+  type: z.enum(["oauth2", "apiKey", "bearer"]),
+  // Align with AuthType
+  clientId: z.string().optional(),
+  clientSecret: z.string().optional(),
+  tokenUrl: z.string().optional(),
+  refreshToken: z.string().optional(),
+  scopes: z.array(z.string()).optional(),
+  apiKey: z.string().optional(),
+  bearerToken: z.string().optional(),
+  headerName: z.string().optional()
+});
+var HttpUpstreamSchema = z.object({
+  id: z.string(),
+  type: z.literal("http").optional().default("http"),
+  url: z.string(),
+  credentials: UpstreamCredentialsSchema.optional()
+});
+var StdioUpstreamSchema = z.object({
+  id: z.string(),
+  type: z.literal("stdio"),
+  command: z.string(),
+  args: z.array(z.string()).optional(),
+  env: z.record(z.string(), z.string()).optional()
+});
+var UpstreamInfoSchema = z.union([HttpUpstreamSchema, StdioUpstreamSchema]);
+var ConfigSchema = z.object({
+  port: z.union([z.string(), z.number()]).default("3000").transform((v) => Number(v)),
+  nodeEnv: z.enum(["development", "production", "test"]).default("development"),
+  logLevel: z.enum(["debug", "info", "warn", "error"]).default("info"),
+  resourceLimits: ResourceLimitsSchema.default({
+    timeoutMs: 3e4,
+    memoryLimitMb: 256,
+    maxOutputBytes: 1024 * 1024,
+    maxLogEntries: 1e4
+  }),
+  secretRedactionPatterns: z.array(z.string()).default([
+    "[A-Za-z0-9-_]{20,}"
+    // Default pattern from spec
+  ]),
+  ipcBearerToken: z.string().optional().default(() => Math.random().toString(36).substring(7)),
+  maxConcurrent: z.number().default(10),
+  denoMaxPoolSize: z.number().default(10),
+  pyodideMaxPoolSize: z.number().default(3),
+  metricsUrl: z.string().default("http://127.0.0.1:9464/metrics"),
+  opsPort: z.number().optional(),
+  transport: z.enum(["socket", "stdio"]).default("socket"),
+  upstreams: z.array(UpstreamInfoSchema).default([])
+});
+var ConfigService = class {
+  config;
+  constructor(overrides = {}) {
+    const fileConfig = this.loadConfigFile();
+    const envConfig = {
+      port: process.env.PORT,
+      nodeEnv: process.env.NODE_ENV,
+      logLevel: process.env.LOG_LEVEL,
+      metricsUrl: process.env.METRICS_URL,
+      ipcBearerToken: process.env.IPC_BEARER_TOKEN,
+      transport: process.argv.includes("--stdio") ? "stdio" : void 0
+      // upstreams: process.env.UPSTREAMS ? JSON.parse(process.env.UPSTREAMS) : undefined, // Removed per user request
+    };
+    Object.keys(envConfig).forEach((key) => envConfig[key] === void 0 && delete envConfig[key]);
+    const mergedConfig = {
+      ...fileConfig,
+      ...envConfig,
+      ...overrides
+    };
+    const result = ConfigSchema.safeParse(mergedConfig);
+    if (!result.success) {
+      const error = result.error.format();
+      throw new Error(`Invalid configuration: ${JSON.stringify(error, null, 2)}`);
+    }
+    this.config = result.data;
+    if (this.config.opsPort === void 0) {
+      if (this.config.transport === "stdio") {
+        this.config.opsPort = 0;
+      } else {
+        this.config.opsPort = this.config.port === 0 ? 0 : this.config.port + 1;
+      }
+    }
+  }
+  get(key) {
+    return this.config[key];
+  }
+  get all() {
+    return { ...this.config };
+  }
+  loadConfigFile() {
+    const configPath = process.env.CONFIG_FILE || (fs.existsSync(path.resolve(process.cwd(), "conduit.yaml")) ? "conduit.yaml" : fs.existsSync(path.resolve(process.cwd(), "conduit.json")) ? "conduit.json" : null);
+    if (!configPath) return {};
+    try {
+      const fullPath = path.resolve(process.cwd(), configPath);
+      let fileContent = fs.readFileSync(fullPath, "utf-8");
+      fileContent = fileContent.replace(/\$\{([a-zA-Z0-9_]+)(?::-([^}]+))?\}/g, (match, varName, defaultValue) => {
+        const value = process.env[varName];
+        if (value !== void 0) {
+          return value;
+        }
+        return defaultValue !== void 0 ? defaultValue : "";
+      });
+      if (configPath.endsWith(".yaml") || configPath.endsWith(".yml")) {
+        return yaml.load(fileContent);
+      } else {
+        return JSON.parse(fileContent);
+      }
+    } catch (error) {
+      console.warn(`Failed to load config file ${configPath}:`, error);
+      return {};
+    }
+  }
+};
+
+// src/core/logger.ts
+import pino from "pino";
+import { AsyncLocalStorage } from "async_hooks";
+var loggerStorage = new AsyncLocalStorage();
+function createLogger(configService) {
+  const logLevel = configService.get("logLevel");
+  const redactionPatterns = configService.get("secretRedactionPatterns");
+  const secretPatterns = redactionPatterns.map((p) => new RegExp(p, "g"));
+  const redactString = (str) => {
+    let result = str;
+    for (const pattern of secretPatterns) {
+      result = result.replace(pattern, "[REDACTED]");
+    }
+    return result;
+  };
+  return pino(
+    {
+      level: logLevel,
+      hooks: {
+        logMethod(inputArgs, method) {
+          const redactedArgs = inputArgs.map((arg) => {
+            try {
+              if (typeof arg === "string") {
+                return redactString(arg);
+              }
+              if (typeof arg === "object" && arg !== null) {
+                const clone = { ...arg };
+                for (const key in clone) {
+                  if (typeof clone[key] === "string") {
+                    clone[key] = redactString(clone[key]);
+                  }
+                }
+                return clone;
+              }
+            } catch (err) {
+              return "[REDACTION_ERROR]";
+            }
+            return arg;
+          });
+          return method.apply(this, redactedArgs);
+        }
+      },
+      redact: {
+        paths: ["toolParams.*", "headers.Authorization", "headers.authorization", "params.token"],
+        censor: "[REDACTED]"
+      },
+      mixin() {
+        const store = loggerStorage.getStore();
+        return {
+          correlationId: store?.correlationId
+        };
+      },
+      // In stdio mode, never use pino-pretty to avoid stdout pollution
+      transport: configService.get("transport") !== "stdio" && configService.get("nodeEnv") === "development" ? { target: "pino-pretty", options: { colorize: true } } : void 0
+    },
+    configService.get("transport") === "stdio" ? pino.destination(2) : void 0
+  );
+}
+
+// src/transport/socket.transport.ts
+import net from "net";
+import os from "os";
+import path2 from "path";
+
+// src/core/execution.context.ts
+import { v4 as uuidv4 } from "uuid";
+var ExecutionContext = class {
+  correlationId;
+  startTime;
+  tenantId;
+  logger;
+  allowedTools;
+  remoteAddress;
+  strictValidation;
+  constructor(options) {
+    this.correlationId = uuidv4();
+    this.startTime = Date.now();
+    this.tenantId = options.tenantId;
+    this.allowedTools = options.allowedTools;
+    this.remoteAddress = options.remoteAddress;
+    this.strictValidation = options.strictValidation ?? false;
+    this.logger = options.logger.child({
+      correlationId: this.correlationId,
+      tenantId: this.tenantId
+    });
+  }
+  getDuration() {
+    return Date.now() - this.startTime;
+  }
+};
+
+// src/transport/socket.transport.ts
+var SocketTransport = class {
+  server;
+  logger;
+  requestController;
+  concurrencyService;
+  constructor(logger, requestController, concurrencyService) {
+    this.logger = logger;
+    this.requestController = requestController;
+    this.concurrencyService = concurrencyService;
+    this.server = net.createServer((socket) => {
+      this.handleConnection(socket);
+    });
+    this.server.on("error", (err) => {
+      this.logger.error({ err }, "Server error");
+    });
+  }
+  async listen(options) {
+    return new Promise((resolve, reject) => {
+      if (options.path) {
+        const socketPath = this.formatSocketPath(options.path);
+        this.logger.info({ socketPath }, "Binding to IPC socket");
+        if (os.platform() !== "win32" && path2.isAbsolute(socketPath)) {
+        }
+        this.server.listen(socketPath, () => {
+          this.resolveAddress(resolve);
+        });
+      } else if (options.port !== void 0) {
+        this.logger.info({ port: options.port, host: options.host }, "Binding to TCP port");
+        this.server.listen(options.port, options.host || "127.0.0.1", () => {
+          this.resolveAddress(resolve);
+        });
+      } else {
+        reject(new Error("Invalid transport configuration: neither path nor port provided"));
+        return;
+      }
+      this.server.on("error", reject);
+    });
+  }
+  resolveAddress(resolve) {
+    const address = this.server.address();
+    const addressStr = typeof address === "string" ? address : `${address?.address}:${address?.port}`;
+    this.logger.info({ address: addressStr }, "Transport server listening");
+    resolve(addressStr);
+  }
+  formatSocketPath(inputPath) {
+    if (os.platform() === "win32") {
+      if (!inputPath.startsWith("\\\\.\\pipe\\")) {
+        return `\\\\.\\pipe\\${inputPath}`;
+      }
+      return inputPath;
+    } else {
+      return path2.isAbsolute(inputPath) ? inputPath : path2.join(os.tmpdir(), inputPath);
+    }
+  }
+  handleConnection(socket) {
+    const remoteAddress = socket.remoteAddress || "pipe";
+    this.logger.debug({ remoteAddress }, "New connection established");
+    socket.setEncoding("utf8");
+    let buffer = "";
+    const MAX_BUFFER_SIZE = 10 * 1024 * 1024;
+    socket.on("data", async (chunk) => {
+      buffer += chunk;
+      if (buffer.length > MAX_BUFFER_SIZE) {
+        this.logger.error({ remoteAddress }, "Connection exceeded max buffer size, closing");
+        socket.destroy();
+        return;
+      }
+      socket.pause();
+      try {
+        let pos;
+        while ((pos = buffer.indexOf("\n")) >= 0) {
+          const line = buffer.substring(0, pos).trim();
+          buffer = buffer.substring(pos + 1);
+          if (!line) continue;
+          let request;
+          try {
+            request = JSON.parse(line);
+          } catch (err) {
+            this.logger.error({ err, line }, "Failed to parse JSON-RPC request");
+            const errorResponse = {
+              jsonrpc: "2.0",
+              id: null,
+              error: {
+                code: -32700,
+                message: "Parse error"
+              }
+            };
+            socket.write(JSON.stringify(errorResponse) + "\n");
+            continue;
+          }
+          const context = new ExecutionContext({
+            logger: this.logger,
+            remoteAddress
+          });
+          await loggerStorage.run({ correlationId: context.correlationId }, async () => {
+            try {
+              const response = await this.concurrencyService.run(
+                () => this.requestController.handleRequest(request, context)
+              );
+              socket.write(JSON.stringify(response) + "\n");
+            } catch (err) {
+              if (err.name === "QueueFullError") {
+                socket.write(JSON.stringify({
+                  jsonrpc: "2.0",
+                  id: request.id,
+                  error: {
+                    code: -32e3 /* ServerBusy */,
+                    message: "Server busy"
+                  }
+                }) + "\n");
+              } else {
+                this.logger.error({ err, requestId: request.id }, "Request handling failed");
+                socket.write(JSON.stringify({
+                  jsonrpc: "2.0",
+                  id: request.id,
+                  error: {
+                    code: -32603 /* InternalError */,
+                    message: "Internal server error"
+                  }
+                }) + "\n");
+              }
+            }
+          });
+        }
+      } catch (err) {
+        this.logger.error({ err }, "Unexpected error in socket data handler");
+        socket.destroy();
+      } finally {
+        socket.resume();
+      }
+    });
+    socket.on("close", () => {
+      this.logger.debug({ remoteAddress }, "Connection closed");
+    });
+    socket.on("error", (err) => {
+      this.logger.error({ err, remoteAddress }, "Socket error");
+    });
+  }
+  async close() {
+    return new Promise((resolve) => {
+      if (this.server.listening) {
+        this.server.close(() => {
+          this.logger.info("Transport server closed");
+          resolve();
+        });
+      } else {
+        resolve();
+      }
+    });
+  }
+};
+
+// src/transport/stdio.transport.ts
+var StdioTransport = class {
+  logger;
+  requestController;
+  concurrencyService;
+  buffer = "";
+  constructor(logger, requestController, concurrencyService) {
+    this.logger = logger;
+    this.requestController = requestController;
+    this.concurrencyService = concurrencyService;
+  }
+  async start() {
+    this.logger.info("Starting Stdio transport");
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", this.handleData.bind(this));
+    process.stdin.on("end", () => {
+      this.logger.info("Stdin closed");
+    });
+  }
+  handleData(chunk) {
+    this.buffer += chunk;
+    let pos;
+    while ((pos = this.buffer.indexOf("\n")) >= 0) {
+      const line = this.buffer.substring(0, pos).trim();
+      this.buffer = this.buffer.substring(pos + 1);
+      if (!line) continue;
+      this.processLine(line);
+    }
+  }
+  async processLine(line) {
+    let request;
+    try {
+      request = JSON.parse(line);
+    } catch (err) {
+      this.logger.error({ err, line }, "Failed to parse JSON-RPC request");
+      const errorResponse = {
+        jsonrpc: "2.0",
+        id: null,
+        error: {
+          code: -32700,
+          message: "Parse error"
+        }
+      };
+      this.sendResponse(errorResponse);
+      return;
+    }
+    const context = new ExecutionContext({
+      logger: this.logger,
+      remoteAddress: "stdio"
+    });
+    await loggerStorage.run({ correlationId: context.correlationId }, async () => {
+      try {
+        const response = await this.concurrencyService.run(
+          () => this.requestController.handleRequest(request, context)
+        );
+        if (response !== null) {
+          this.sendResponse(response);
+        }
+      } catch (err) {
+        if (err.name === "QueueFullError") {
+          this.sendResponse({
+            jsonrpc: "2.0",
+            id: request.id,
+            error: {
+              code: -32e3 /* ServerBusy */,
+              message: "Server busy"
+            }
+          });
+        } else {
+          this.logger.error({ err, requestId: request.id }, "Request handling failed");
+          this.sendResponse({
+            jsonrpc: "2.0",
+            id: request.id,
+            error: {
+              code: -32603 /* InternalError */,
+              message: "Internal server error"
+            }
+          });
+        }
+      }
+    });
+  }
+  sendResponse(response) {
+    process.stdout.write(JSON.stringify(response) + "\n");
+  }
+  async close() {
+    process.stdin.removeAllListeners();
+    return Promise.resolve();
+  }
+};
+
+// src/core/ops.server.ts
+import Fastify from "fastify";
+import axios from "axios";
+var OpsServer = class {
+  fastify = Fastify();
+  logger;
+  config;
+  gatewayService;
+  requestController;
+  constructor(logger, config, gatewayService, requestController) {
+    this.logger = logger;
+    this.config = config;
+    this.gatewayService = gatewayService;
+    this.requestController = requestController;
+    this.setupRoutes();
+  }
+  setupRoutes() {
+    this.fastify.get("/health", async (request, reply) => {
+      const gatewayHealth = await this.gatewayService.healthCheck();
+      const requestHealth = await this.requestController.healthCheck();
+      const overallStatus = gatewayHealth.status === "ok" && requestHealth.status === "ok" ? "ok" : "error";
+      return reply.status(overallStatus === "ok" ? 200 : 503).send({
+        status: overallStatus,
+        version: "1.0.0",
+        gateway: gatewayHealth,
+        request: requestHealth
+      });
+    });
+    this.fastify.get("/metrics", async (request, reply) => {
+      try {
+        const metricsUrl = this.config.metricsUrl || "http://127.0.0.1:9464/metrics";
+        const response = await axios.get(metricsUrl);
+        return reply.type("text/plain").send(response.data);
+      } catch (err) {
+        this.logger.error({ err }, "Failed to fetch OTEL metrics");
+        const fallback = `# Metrics consolidated into OpenTelemetry. Check port 9464.
+conduit_uptime_seconds ${process.uptime()}
+conduit_memory_rss_bytes ${process.memoryUsage().rss}
+`;
+        return reply.type("text/plain").send(fallback);
+      }
+    });
+  }
+  async listen() {
+    const port = this.config.opsPort !== void 0 ? this.config.opsPort : 3001;
+    try {
+      const address = await this.fastify.listen({ port, host: "0.0.0.0" });
+      this.logger.info({ address }, "Ops server listening");
+      return address;
+    } catch (err) {
+      this.logger.error({ err }, "Failed to start Ops server");
+      throw err;
+    }
+  }
+  async close() {
+    await this.fastify.close();
+  }
+};
+
+// src/core/concurrency.service.ts
+import pLimit from "p-limit";
+import { trace } from "@opentelemetry/api";
+
+// src/core/metrics.service.ts
+import { metrics as otelMetrics, ValueType } from "@opentelemetry/api";
+var MetricsService = class _MetricsService {
+  static instance;
+  meter = otelMetrics.getMeter("conduit");
+  executionCounter;
+  cacheHitsCounter;
+  cacheMissesCounter;
+  executionLatency;
+  toolExecutionDuration;
+  requestQueueLength;
+  activeExecutionsGauge;
+  activeExecutionsCount = 0;
+  queueLengthCallback = () => 0;
+  constructor() {
+    this.executionCounter = this.meter.createCounter("conduit.executions.total", {
+      description: "Total number of executions"
+    });
+    this.cacheHitsCounter = this.meter.createCounter("conduit.cache.hits.total", {
+      description: "Total number of schema cache hits"
+    });
+    this.cacheMissesCounter = this.meter.createCounter("conduit.cache.misses.total", {
+      description: "Total number of schema cache misses"
+    });
+    this.executionLatency = this.meter.createHistogram("conduit.executions.latency", {
+      description: "Execution latency in milliseconds",
+      unit: "ms",
+      valueType: ValueType.DOUBLE
+    });
+    this.toolExecutionDuration = this.meter.createHistogram("conduit.tool.execution_duration_seconds", {
+      description: "Duration of tool executions",
+      unit: "s",
+      valueType: ValueType.DOUBLE
+    });
+    this.requestQueueLength = this.meter.createObservableGauge("conduit.request_queue_length", {
+      description: "Current request queue depth",
+      valueType: ValueType.INT
+    });
+    this.activeExecutionsGauge = this.meter.createObservableGauge("conduit.executions.active", {
+      description: "Current number of active executions"
+    });
+    this.activeExecutionsGauge.addCallback((result) => {
+      result.observe(this.activeExecutionsCount);
+    });
+    this.requestQueueLength.addCallback((result) => {
+      result.observe(this.queueLengthCallback());
+    });
+  }
+  static getInstance() {
+    if (!_MetricsService.instance) {
+      _MetricsService.instance = new _MetricsService();
+    }
+    return _MetricsService.instance;
+  }
+  recordExecutionStart() {
+    this.activeExecutionsCount++;
+    this.executionCounter.add(1);
+  }
+  recordExecutionEnd(durationMs, toolName) {
+    this.activeExecutionsCount = Math.max(0, this.activeExecutionsCount - 1);
+    this.executionLatency.record(durationMs, { tool: toolName || "unknown" });
+  }
+  recordToolExecution(durationMs, toolName, success) {
+    this.toolExecutionDuration.record(durationMs / 1e3, {
+      tool_name: toolName,
+      success: String(success)
+    });
+  }
+  recordCacheHit() {
+    this.cacheHitsCounter.add(1);
+  }
+  recordCacheMiss() {
+    this.cacheMissesCounter.add(1);
+  }
+  // This is now handled by OTEL Prometheus exporter, 
+  // but we can provide a way to get the endpoint data if needed.
+  getMetrics() {
+    return {
+      activeExecutions: this.activeExecutionsCount,
+      uptime: process.uptime(),
+      memory: process.memoryUsage()
+    };
+  }
+  registerQueueLengthProvider(provider) {
+    this.queueLengthCallback = provider;
+  }
+};
+var metrics = MetricsService.getInstance();
+
+// src/core/concurrency.service.ts
+var QueueFullError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "QueueFullError";
+  }
+};
+var ConcurrencyService = class {
+  limit;
+  logger;
+  maxQueueSize;
+  queueDepthHistogram;
+  // Using explicit type locally if needed, or rely on metrics service later. Using direct OTEL for now involves refactor.
+  // Let's rely on internal state for rejection and let MetricsService handle reporting if possible, or add it here.
+  // simpler: usage of metrics service is better pattern.
+  constructor(logger, options) {
+    this.logger = logger;
+    this.limit = pLimit(options.maxConcurrent);
+    this.maxQueueSize = options.maxQueueSize || 100;
+    metrics.registerQueueLengthProvider(() => this.limit.pendingCount);
+  }
+  async run(fn) {
+    if (this.limit.pendingCount >= this.maxQueueSize) {
+      this.logger.warn({ pending: this.limit.pendingCount, max: this.maxQueueSize }, "Request queue full, rejecting request");
+      throw new QueueFullError("Server is too busy, please try again later");
+    }
+    const active = this.limit.activeCount;
+    const pending = this.limit.pendingCount;
+    this.logger.debug({ active, pending }, "Concurrency status before task");
+    const span = trace.getActiveSpan();
+    if (span) {
+      span.setAttributes({
+        "concurrency.active": active,
+        "concurrency.pending": pending
+      });
+    }
+    try {
+      return await this.limit(fn);
+    } finally {
+      this.logger.debug({
+        active: this.limit.activeCount,
+        pending: this.limit.pendingCount
+      }, "Concurrency status after task");
+    }
+  }
+  get stats() {
+    return {
+      activeCount: this.limit.activeCount,
+      pendingCount: this.limit.pendingCount
+    };
+  }
+};
+
+// src/core/request.controller.ts
+var RequestController = class {
+  logger;
+  executionService;
+  gatewayService;
+  middlewares = [];
+  constructor(logger, executionService, gatewayService, middlewares = []) {
+    this.logger = logger;
+    this.executionService = executionService;
+    this.gatewayService = gatewayService;
+    this.middlewares = middlewares;
+  }
+  use(middleware) {
+    this.middlewares.push(middleware);
+  }
+  async handleRequest(request, context) {
+    return this.executePipeline(request, context);
+  }
+  async executePipeline(request, context) {
+    let index = -1;
+    const dispatch = async (i) => {
+      if (i <= index) throw new Error("next() called multiple times");
+      index = i;
+      const middleware = this.middlewares[i];
+      if (middleware) {
+        return middleware.handle(request, context, () => dispatch(i + 1));
+      }
+      return this.finalHandler(request, context);
+    };
+    return dispatch(0);
+  }
+  async handleValidateTool(request, context) {
+    const params = request.params;
+    if (!params || !params.toolName || !params.args) {
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32602,
+          message: "Missing toolName or args params"
+        }
+      };
+    }
+    try {
+      const result = await this.gatewayService.validateTool(params.toolName, params.args, context);
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        result
+      };
+    } catch (error) {
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32603,
+          message: error.message || "Validation failed"
+        }
+      };
+    }
+  }
+  async finalHandler(request, context) {
+    const { method, params, id } = request;
+    switch (method) {
+      case "tools/list":
+      // Standard MCP method name
+      case "mcp_discover_tools":
+        return this.handleDiscoverTools(params, context, id);
+      case "mcp_list_tool_packages":
+        return this.handleListToolPackages(params, context, id);
+      case "mcp_list_tool_stubs":
+        return this.handleListToolStubs(params, context, id);
+      case "mcp_read_tool_schema":
+        return this.handleReadToolSchema(params, context, id);
+      case "mcp_validate_tool":
+        return this.handleValidateTool(request, context);
+      case "mcp_call_tool":
+      case "tools/call":
+        return this.handleCallTool(params, context, id);
+      case "mcp_execute_typescript":
+        return this.handleExecuteTypeScript(params, context, id);
+      case "mcp_execute_python":
+        return this.handleExecutePython(params, context, id);
+      case "mcp_execute_isolate":
+        return this.handleExecuteIsolate(params, context, id);
+      case "initialize":
+        return this.handleInitialize(params, context, id);
+      case "notifications/initialized":
+        return null;
+      // Notifications don't get responses per MCP spec
+      case "ping":
+        return { jsonrpc: "2.0", id, result: {} };
+      default:
+        return this.errorResponse(id, -32601, `Method not found: ${method}`);
+    }
+  }
+  async handleDiscoverTools(params, context, id) {
+    const tools = await this.gatewayService.discoverTools(context);
+    const standardizedTools = tools.map((t) => ({
+      name: t.name,
+      description: t.description,
+      inputSchema: t.inputSchema
+    }));
+    return {
+      jsonrpc: "2.0",
+      id,
+      result: {
+        tools: standardizedTools
+      }
+    };
+  }
+  async handleListToolPackages(params, context, id) {
+    const packages = await this.gatewayService.listToolPackages();
+    return {
+      jsonrpc: "2.0",
+      id,
+      result: {
+        packages
+      }
+    };
+  }
+  async handleListToolStubs(params, context, id) {
+    const { packageId } = params;
+    if (!packageId) {
+      return this.errorResponse(id, -32602, "Missing packageId parameter");
+    }
+    try {
+      const stubs = await this.gatewayService.listToolStubs(packageId, context);
+      return {
+        jsonrpc: "2.0",
+        id,
+        result: {
+          stubs
+        }
+      };
+    } catch (error) {
+      return this.errorResponse(id, -32001, error.message);
+    }
+  }
+  async handleReadToolSchema(params, context, id) {
+    const { toolId } = params;
+    if (!toolId) {
+      return this.errorResponse(id, -32602, "Missing toolId parameter");
+    }
+    try {
+      const schema = await this.gatewayService.getToolSchema(toolId, context);
+      if (!schema) {
+        return this.errorResponse(id, -32001, `Tool not found: ${toolId}`);
+      }
+      return {
+        jsonrpc: "2.0",
+        id,
+        result: {
+          schema
+        }
+      };
+    } catch (error) {
+      return this.errorResponse(id, -32003, error.message);
+    }
+  }
+  async handleCallTool(params, context, id) {
+    const { name, arguments: toolArgs } = params;
+    switch (name) {
+      case "mcp_execute_typescript":
+        return this.handleExecuteTypeScript(toolArgs, context, id);
+      case "mcp_execute_python":
+        return this.handleExecutePython(toolArgs, context, id);
+      case "mcp_execute_isolate":
+        return this.handleExecuteIsolate(toolArgs, context, id);
+    }
+    const response = await this.gatewayService.callTool(name, toolArgs, context);
+    return { ...response, id };
+  }
+  async handleExecuteTypeScript(params, context, id) {
+    const { code, limits, allowedTools } = params;
+    if (Array.isArray(allowedTools)) {
+      context.allowedTools = allowedTools;
+    }
+    const result = await this.executionService.executeTypeScript(code, limits, context, allowedTools);
+    if (result.error) {
+      return this.errorResponse(id, result.error.code, result.error.message);
+    }
+    return {
+      jsonrpc: "2.0",
+      id,
+      result: {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode
+      }
+    };
+  }
+  async handleExecutePython(params, context, id) {
+    const { code, limits, allowedTools } = params;
+    if (Array.isArray(allowedTools)) {
+      context.allowedTools = allowedTools;
+    }
+    const result = await this.executionService.executePython(code, limits, context, allowedTools);
+    if (result.error) {
+      return this.errorResponse(id, result.error.code, result.error.message);
+    }
+    return {
+      jsonrpc: "2.0",
+      id,
+      result: {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode
+      }
+    };
+  }
+  async handleInitialize(params, context, id) {
+    const clientVersion = params?.protocolVersion || "2025-06-18";
+    return {
+      jsonrpc: "2.0",
+      id,
+      result: {
+        protocolVersion: clientVersion,
+        capabilities: {
+          tools: {
+            listChanged: true
+          },
+          resources: {
+            listChanged: true,
+            subscribe: true
+          }
+        },
+        serverInfo: {
+          name: "conduit",
+          version: process.env.npm_package_version || "1.1.0"
+        }
+      }
+    };
+  }
+  async handleExecuteIsolate(params, context, id) {
+    const { code, limits, allowedTools } = params;
+    if (Array.isArray(allowedTools)) {
+      context.allowedTools = allowedTools;
+    }
+    const result = await this.executionService.executeIsolate(code, limits, context, allowedTools);
+    if (result.error) {
+      return this.errorResponse(id, result.error.code, result.error.message);
+    }
+    return {
+      jsonrpc: "2.0",
+      id,
+      result: {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode
+      }
+    };
+  }
+  errorResponse(id, code, message) {
+    return {
+      jsonrpc: "2.0",
+      id,
+      error: {
+        code,
+        message
+      }
+    };
+  }
+  async shutdown() {
+    await this.executionService.shutdown();
+  }
+  async healthCheck() {
+    const pyodideHealth = await this.executionService.healthCheck();
+    return {
+      status: pyodideHealth.status === "ok" ? "ok" : "error",
+      pyodide: pyodideHealth
+    };
+  }
+  async warmup() {
+    await this.executionService.warmup();
+  }
+};
+
+// src/gateway/upstream.client.ts
+import axios2 from "axios";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { z as z2 } from "zod";
+var UpstreamClient = class {
+  logger;
+  info;
+  authService;
+  urlValidator;
+  mcpClient;
+  transport;
+  constructor(logger, info, authService, urlValidator) {
+    this.logger = logger.child({ upstreamId: info.id });
+    this.info = info;
+    this.authService = authService;
+    this.urlValidator = urlValidator;
+    if (this.info.type === "stdio") {
+      const env = { ...process.env, ...this.info.env };
+      const cleanEnv = Object.entries(env).reduce((acc, [k, v]) => {
+        if (v !== void 0) acc[k] = v;
+        return acc;
+      }, {});
+      this.transport = new StdioClientTransport({
+        command: this.info.command,
+        args: this.info.args,
+        env: cleanEnv
+      });
+      this.mcpClient = new Client({
+        name: "conduit-gateway",
+        version: "1.0.0"
+      }, {
+        capabilities: {}
+      });
+    }
+  }
+  async ensureConnected() {
+    if (!this.mcpClient || !this.transport) return;
+    try {
+      if (!this.transport.connection) {
+        await this.mcpClient.connect(this.transport);
+      }
+    } catch (e) {
+    }
+  }
+  async call(request, context) {
+    const isStdio = (info) => info.type === "stdio";
+    if (isStdio(this.info)) {
+      return this.callStdio(request);
+    } else {
+      return this.callHttp(request, context);
+    }
+  }
+  async callStdio(request) {
+    if (!this.mcpClient) {
+      return { jsonrpc: "2.0", id: request.id, error: { code: -32603, message: "Stdio client not initialized" } };
+    }
+    try {
+      await this.ensureConnected();
+      if (request.method === "list_tools") {
+        const result = await this.mcpClient.listTools();
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          result
+        };
+      } else if (request.method === "call_tool") {
+        const params = request.params;
+        const result = await this.mcpClient.callTool({
+          name: params.name,
+          arguments: params.arguments
+        });
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          result
+        };
+      } else {
+        const result = await this.mcpClient.request(
+          { method: request.method, params: request.params },
+          z2.any()
+        );
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          result
+        };
+      }
+    } catch (error) {
+      this.logger.error({ err: error }, "Stdio call failed");
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: error.code || -32603,
+          message: error.message || "Internal error in stdio transport"
+        }
+      };
+    }
+  }
+  async callHttp(request, context) {
+    if (this.info.type === "stdio") throw new Error("Unreachable");
+    const url = this.info.url;
+    const headers = {
+      "Content-Type": "application/json",
+      "X-Correlation-Id": context.correlationId
+    };
+    if (context.tenantId) {
+      headers["X-Tenant-Id"] = context.tenantId;
+    }
+    if (this.info.credentials) {
+      const authHeaders = await this.authService.getAuthHeaders(this.info.credentials);
+      Object.assign(headers, authHeaders);
+    }
+    const securityResult = await this.urlValidator.validateUrl(url);
+    if (!securityResult.valid) {
+      this.logger.error({ url }, "Blocked upstream URL (SSRF)");
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32003,
+          message: securityResult.message || "Forbidden URL"
+        }
+      };
+    }
+    try {
+      this.logger.debug({ method: request.method }, "Calling upstream MCP");
+      const originalUrl = new URL(url);
+      const requestUrl = securityResult.resolvedIp ? `${originalUrl.protocol}//${securityResult.resolvedIp}${originalUrl.port ? ":" + originalUrl.port : ""}${originalUrl.pathname}${originalUrl.search}${originalUrl.hash}` : url;
+      headers["Host"] = originalUrl.hostname;
+      const response = await axios2.post(requestUrl, request, {
+        headers,
+        timeout: 1e4,
+        maxRedirects: 0
+      });
+      return response.data;
+    } catch (err) {
+      this.logger.error({ err: err.message }, "Upstream MCP call failed");
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32008,
+          message: `Upstream error: ${err.message}`
+        }
+      };
+    }
+  }
+  async getManifest(context) {
+    if (this.info.type !== "http") return null;
+    try {
+      const baseUrl = this.info.url.replace(/\/$/, "");
+      const manifestUrl = `${baseUrl}/conduit.manifest.json`;
+      const headers = {
+        "X-Correlation-Id": context.correlationId
+      };
+      if (this.info.credentials) {
+        const authHeaders = await this.authService.getAuthHeaders(this.info.credentials);
+        Object.assign(headers, authHeaders);
+      }
+      const securityResult = await this.urlValidator.validateUrl(manifestUrl);
+      if (!securityResult.valid) {
+        this.logger.warn({ url: manifestUrl }, "Blocked manifest URL (SSRF)");
+        return null;
+      }
+      const originalUrl = new URL(manifestUrl);
+      const requestUrl = securityResult.resolvedIp ? `${originalUrl.protocol}//${securityResult.resolvedIp}${originalUrl.port ? ":" + originalUrl.port : ""}${originalUrl.pathname}${originalUrl.search}${originalUrl.hash}` : manifestUrl;
+      headers["Host"] = originalUrl.hostname;
+      const response = await axios2.get(requestUrl, {
+        headers,
+        timeout: 5e3,
+        maxRedirects: 0
+      });
+      if (response.status === 200 && response.data && Array.isArray(response.data.tools)) {
+        return response.data;
+      }
+    } catch (error) {
+      this.logger.debug({ err: error }, "Failed to fetch manifest (will fallback)");
+    }
+    return null;
+  }
+};
+
+// src/gateway/auth.service.ts
+import axios3 from "axios";
+var AuthService = class {
+  logger;
+  // Cache tokens separately from credentials to avoid mutation
+  tokenCache = /* @__PURE__ */ new Map();
+  // Prevent concurrent refresh requests for the same client
+  refreshLocks = /* @__PURE__ */ new Map();
+  constructor(logger) {
+    this.logger = logger;
+  }
+  async getAuthHeaders(creds) {
+    switch (creds.type) {
+      case "apiKey":
+        return { "X-API-Key": creds.apiKey || "" };
+      case "bearer":
+        return { "Authorization": `Bearer ${creds.bearerToken}` };
+      case "oauth2":
+        return { "Authorization": await this.getOAuth2Token(creds) };
+      default:
+        throw new Error(`Unsupported auth type: ${creds.type}`);
+    }
+  }
+  async getOAuth2Token(creds) {
+    if (!creds.tokenUrl || !creds.clientId) {
+      throw new Error("OAuth2 credentials missing required fields (tokenUrl, clientId)");
+    }
+    const cacheKey = `${creds.clientId}:${creds.tokenUrl}`;
+    const cached = this.tokenCache.get(cacheKey);
+    if (cached && cached.expiresAt > Date.now() + 3e4) {
+      return `Bearer ${cached.accessToken}`;
+    }
+    const existingRefresh = this.refreshLocks.get(cacheKey);
+    if (existingRefresh) {
+      return existingRefresh;
+    }
+    const refreshPromise = this.doRefresh(creds, cacheKey);
+    this.refreshLocks.set(cacheKey, refreshPromise);
+    try {
+      return await refreshPromise;
+    } finally {
+      this.refreshLocks.delete(cacheKey);
+    }
+  }
+  async doRefresh(creds, cacheKey) {
+    if (!creds.tokenUrl || !creds.refreshToken || !creds.clientId || !creds.clientSecret) {
+      throw new Error("OAuth2 credentials missing required fields for refresh");
+    }
+    this.logger.info({ tokenUrl: creds.tokenUrl, clientId: creds.clientId }, "Refreshing OAuth2 token");
+    try {
+      const response = await axios3.post(creds.tokenUrl, {
+        grant_type: "refresh_token",
+        refresh_token: creds.refreshToken,
+        client_id: creds.clientId,
+        client_secret: creds.clientSecret
+      });
+      const { access_token, expires_in } = response.data;
+      this.tokenCache.set(cacheKey, {
+        accessToken: access_token,
+        expiresAt: Date.now() + expires_in * 1e3
+      });
+      return `Bearer ${access_token}`;
+    } catch (err) {
+      const errorMsg = err.response?.data?.error_description || err.response?.data?.error || err.message;
+      this.logger.error({ err: errorMsg }, "Failed to refresh OAuth2 token");
+      throw new Error(`OAuth2 refresh failed: ${errorMsg}`);
+    }
+  }
+};
+
+// src/gateway/schema.cache.ts
+import { LRUCache } from "lru-cache";
+var SchemaCache = class {
+  cache;
+  logger;
+  constructor(logger, max = 100, ttl = 1e3 * 60 * 60) {
+    this.logger = logger;
+    this.cache = new LRUCache({
+      max,
+      ttl
+    });
+  }
+  get(upstreamId) {
+    const result = this.cache.get(upstreamId);
+    if (result) {
+      metrics.recordCacheHit();
+    } else {
+      metrics.recordCacheMiss();
+    }
+    return result;
+  }
+  set(upstreamId, tools) {
+    this.logger.debug({ upstreamId, count: tools.length }, "Caching tool schemas");
+    this.cache.set(upstreamId, tools);
+  }
+  invalidate(upstreamId) {
+    this.logger.debug({ upstreamId }, "Invalidating schema cache");
+    this.cache.delete(upstreamId);
+  }
+  clear() {
+    this.cache.clear();
+  }
+};
+
+// src/core/policy.service.ts
+var PolicyService = class {
+  /**
+   * Parse a qualified tool name string into a structured ToolIdentifier.
+   * @param qualifiedName - e.g., "github__createIssue" or "github__api__listRepos"
+   */
+  parseToolName(qualifiedName) {
+    const separatorIndex = qualifiedName.indexOf("__");
+    if (separatorIndex === -1) {
+      return { namespace: "", name: qualifiedName };
+    }
+    return {
+      namespace: qualifiedName.substring(0, separatorIndex),
+      name: qualifiedName.substring(separatorIndex + 2)
+    };
+  }
+  /**
+   * Format a ToolIdentifier back to a qualified string.
+   */
+  formatToolName(tool) {
+    if (!tool.namespace) {
+      return tool.name;
+    }
+    return `${tool.namespace}__${tool.name}`;
+  }
+  /**
+   * Check if a tool matches any pattern in the allowlist.
+   * Supports:
+   *   - Exact match: "github.createIssue" matches "github__createIssue"
+   *   - Wildcard: "github.*" matches any tool in the github namespace
+   * 
+   * @param tool - ToolIdentifier or qualified string
+   * @param allowedTools - Array of patterns (dot-notation, e.g., "github.*" or "github.createIssue")
+   */
+  isToolAllowed(tool, allowedTools) {
+    const toolId = typeof tool === "string" ? this.parseToolName(tool) : tool;
+    const toolParts = [toolId.namespace, ...toolId.name.split("__")].filter((p) => p);
+    return allowedTools.some((pattern) => {
+      const patternParts = pattern.split(".");
+      if (patternParts[patternParts.length - 1] === "*") {
+        const prefixParts = patternParts.slice(0, -1);
+        if (prefixParts.length > toolParts.length) return false;
+        for (let i = 0; i < prefixParts.length; i++) {
+          if (prefixParts[i] !== toolParts[i]) return false;
+        }
+        return true;
+      }
+      if (patternParts.length !== toolParts.length) return false;
+      for (let i = 0; i < patternParts.length; i++) {
+        if (patternParts[i] !== toolParts[i]) return false;
+      }
+      return true;
+    });
+  }
+};
+
+// src/gateway/gateway.service.ts
+import { Ajv } from "ajv";
+import addFormats from "ajv-formats";
+var BUILT_IN_TOOLS = [
+  {
+    name: "mcp_execute_typescript",
+    description: "Executes TypeScript code in a secure sandbox with access to `tools.*` SDK.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        code: {
+          type: "string",
+          description: "The TypeScript code to execute."
+        },
+        allowedTools: {
+          type: "array",
+          items: { type: "string" },
+          description: 'Optional list of tools the script is allowed to call (e.g. ["github.*"]).'
+        }
+      },
+      required: ["code"]
+    }
+  },
+  {
+    name: "mcp_execute_python",
+    description: "Executes Python code in a secure sandbox with access to `tools.*` SDK.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        code: {
+          type: "string",
+          description: "The Python code to execute."
+        },
+        allowedTools: {
+          type: "array",
+          items: { type: "string" },
+          description: 'Optional list of tools the script is allowed to call (e.g. ["github.*"]).'
+        }
+      },
+      required: ["code"]
+    }
+  },
+  {
+    name: "mcp_execute_isolate",
+    description: "Executes JavaScript code in a high-speed V8 isolate (no Deno/Node APIs).",
+    inputSchema: {
+      type: "object",
+      properties: {
+        code: {
+          type: "string",
+          description: "The JavaScript code to execute."
+        },
+        allowedTools: {
+          type: "array",
+          items: { type: "string" },
+          description: "Optional list of tools the script is allowed to call."
+        }
+      },
+      required: ["code"]
+    }
+  }
+];
+var GatewayService = class {
+  logger;
+  clients = /* @__PURE__ */ new Map();
+  authService;
+  schemaCache;
+  urlValidator;
+  policyService;
+  ajv;
+  // Cache compiled validators to avoid recompilation on every call
+  validatorCache = /* @__PURE__ */ new Map();
+  constructor(logger, urlValidator, policyService) {
+    this.logger = logger;
+    this.urlValidator = urlValidator;
+    this.authService = new AuthService(logger);
+    this.schemaCache = new SchemaCache(logger);
+    this.policyService = policyService ?? new PolicyService();
+    this.ajv = new Ajv({ strict: false });
+    addFormats.default(this.ajv);
+  }
+  registerUpstream(info) {
+    const client = new UpstreamClient(this.logger, info, this.authService, this.urlValidator);
+    this.clients.set(info.id, client);
+    this.logger.info({ upstreamId: info.id }, "Registered upstream MCP");
+  }
+  async listToolPackages() {
+    return Array.from(this.clients.entries()).map(([id, client]) => ({
+      id,
+      description: `Upstream ${id}`,
+      // NOTE: Upstream description fetching deferred to V2
+      version: "1.0.0"
+    }));
+  }
+  async listToolStubs(packageId, context) {
+    const client = this.clients.get(packageId);
+    if (!client) {
+      throw new Error(`Upstream package not found: ${packageId}`);
+    }
+    let tools = this.schemaCache.get(packageId);
+    if (!tools) {
+      try {
+        const manifest = await client.getManifest(context);
+        if (manifest) {
+          const stubs2 = manifest.tools.map((t) => ({
+            id: `${packageId}__${t.name}`,
+            name: t.name,
+            description: t.description
+          }));
+          if (context.allowedTools) {
+            return stubs2.filter((t) => this.policyService.isToolAllowed(t.id, context.allowedTools));
+          }
+          return stubs2;
+        }
+      } catch (e) {
+        this.logger.debug({ packageId, err: e }, "Manifest fetch failed, falling back to RPC");
+      }
+      const response = await client.call({
+        jsonrpc: "2.0",
+        id: "discovery",
+        method: "list_tools"
+      }, context);
+      if (response.result?.tools) {
+        tools = response.result.tools;
+        this.schemaCache.set(packageId, tools);
+      } else {
+        this.logger.warn({ upstreamId: packageId, error: response.error }, "Failed to discover tools from upstream");
+        tools = [];
+      }
+    }
+    const stubs = tools.map((t) => ({
+      id: `${packageId}__${t.name}`,
+      name: t.name,
+      description: t.description
+    }));
+    if (context.allowedTools) {
+      return stubs.filter((t) => this.policyService.isToolAllowed(t.id, context.allowedTools));
+    }
+    return stubs;
+  }
+  async getToolSchema(toolId, context) {
+    if (context.allowedTools && !this.policyService.isToolAllowed(toolId, context.allowedTools)) {
+      throw new Error(`Access to tool ${toolId} is forbidden by allowlist`);
+    }
+    const parsed = this.policyService.parseToolName(toolId);
+    const toolName = parsed.name;
+    const builtIn = BUILT_IN_TOOLS.find((t) => t.name === toolId);
+    if (builtIn) return builtIn;
+    const upstreamId = parsed.namespace;
+    if (!this.schemaCache.get(upstreamId)) {
+      await this.listToolStubs(upstreamId, context);
+    }
+    const tools = this.schemaCache.get(upstreamId) || [];
+    const tool = tools.find((t) => t.name === toolName);
+    if (!tool) return null;
+    return {
+      ...tool,
+      name: toolId
+    };
+  }
+  async discoverTools(context) {
+    const allTools = [...BUILT_IN_TOOLS];
+    for (const [id, client] of this.clients.entries()) {
+      let tools = this.schemaCache.get(id);
+      if (!tools) {
+        const response = await client.call({
+          jsonrpc: "2.0",
+          id: "discovery",
+          method: "list_tools"
+          // Standard MCP method
+        }, context);
+        if (response.result?.tools) {
+          tools = response.result.tools;
+          this.schemaCache.set(id, tools);
+        } else {
+          this.logger.warn({ upstreamId: id, error: response.error }, "Failed to discover tools from upstream");
+          tools = [];
+        }
+      }
+      const prefixedTools = tools.map((t) => ({ ...t, name: `${id}__${t.name}` }));
+      if (context.allowedTools) {
+        allTools.push(...prefixedTools.filter((t) => this.policyService.isToolAllowed(t.name, context.allowedTools)));
+      } else {
+        allTools.push(...prefixedTools);
+      }
+    }
+    return allTools;
+  }
+  async callTool(name, params, context) {
+    if (context.allowedTools && !this.policyService.isToolAllowed(name, context.allowedTools)) {
+      this.logger.warn({ name, allowedTools: context.allowedTools }, "Tool call blocked by allowlist");
+      return {
+        jsonrpc: "2.0",
+        id: 0,
+        error: {
+          code: -32003,
+          message: `Authorization failed: tool ${name} is not in the allowlist`
+        }
+      };
+    }
+    const toolId = this.policyService.parseToolName(name);
+    const upstreamId = toolId.namespace;
+    const toolName = toolId.name;
+    const client = this.clients.get(upstreamId);
+    if (!client) {
+      return {
+        jsonrpc: "2.0",
+        id: 0,
+        error: {
+          code: -32003,
+          message: `Upstream not found: ${upstreamId}`
+        }
+      };
+    }
+    if (!this.schemaCache.get(upstreamId)) {
+      await this.listToolStubs(upstreamId, context);
+    }
+    const tools = this.schemaCache.get(upstreamId) || [];
+    const toolSchema = tools.find((t) => t.name === toolName);
+    if (context.strictValidation) {
+      if (!toolSchema) {
+        return {
+          jsonrpc: "2.0",
+          id: 0,
+          error: {
+            code: -32601,
+            // Method not found / Schema missing
+            message: `Strict mode: Tool schema for ${name} not found`
+          }
+        };
+      }
+      if (!toolSchema.inputSchema) {
+        return {
+          jsonrpc: "2.0",
+          id: 0,
+          error: {
+            code: -32602,
+            // Invalid params
+            message: `Strict mode: Tool ${name} has no input schema defined`
+          }
+        };
+      }
+    }
+    if (toolSchema && toolSchema.inputSchema) {
+      const cacheKey = `${upstreamId}__${toolName}`;
+      let validate = this.validatorCache.get(cacheKey);
+      if (!validate) {
+        validate = this.ajv.compile(toolSchema.inputSchema);
+        this.validatorCache.set(cacheKey, validate);
+      }
+      const valid = validate(params);
+      if (!valid) {
+        return {
+          jsonrpc: "2.0",
+          id: 0,
+          error: {
+            code: -32602,
+            // Invalid params
+            message: `Invalid parameters for tool ${name}: ${this.ajv.errorsText(validate.errors)}`
+          }
+        };
+      }
+    }
+    const startTime = performance.now();
+    let success = false;
+    let response;
+    try {
+      response = await client.call({
+        jsonrpc: "2.0",
+        id: context.correlationId,
+        method: "call_tool",
+        params: {
+          name: toolName,
+          arguments: params
+        }
+      }, context);
+      success = !response.error;
+    } catch (error) {
+      success = false;
+      throw error;
+    } finally {
+      const duration = performance.now() - startTime;
+      metrics.recordToolExecution(duration, toolName, success);
+    }
+    if (response.error && response.error.code === -32008) {
+      this.schemaCache.invalidate(upstreamId);
+    }
+    return response;
+  }
+  async healthCheck() {
+    const upstreamStatus = {};
+    const context = new ExecutionContext({ logger: this.logger });
+    await Promise.all(
+      Array.from(this.clients.entries()).map(async ([id, client]) => {
+        try {
+          const response = await client.call({
+            jsonrpc: "2.0",
+            id: "health",
+            method: "list_tools"
+          }, context);
+          upstreamStatus[id] = response.error ? "degraded" : "active";
+        } catch (err) {
+          upstreamStatus[id] = "error";
+        }
+      })
+    );
+    const allOk = Object.values(upstreamStatus).every((s) => s === "active");
+    return {
+      status: allOk ? "ok" : "degraded",
+      upstreams: upstreamStatus
+    };
+  }
+  async validateTool(name, params, context) {
+    const toolId = this.policyService.parseToolName(name);
+    const upstreamId = toolId.namespace;
+    const toolName = toolId.name;
+    if (!this.schemaCache.get(upstreamId)) {
+      await this.listToolStubs(upstreamId, context);
+    }
+    const tools = this.schemaCache.get(upstreamId) || [];
+    const toolSchema = tools.find((t) => t.name === toolName);
+    if (!toolSchema) {
+      return { valid: false, errors: [`Tool ${name} not found`] };
+    }
+    if (context.strictValidation) {
+      if (!toolSchema.inputSchema) {
+        return { valid: false, errors: [`Strict mode: Tool ${name} has no input schema defined`] };
+      }
+    }
+    if (!toolSchema.inputSchema) {
+      return { valid: true };
+    }
+    const validate = this.ajv.compile(toolSchema.inputSchema);
+    const valid = validate(params);
+    if (!valid) {
+      return {
+        valid: false,
+        errors: validate.errors?.map((e) => this.ajv.errorsText([e])) || ["Unknown validation error"]
+      };
+    }
+    return { valid: true };
+  }
+};
+
+// src/core/network.policy.service.ts
+import dns from "dns/promises";
+import net2 from "net";
+import { LRUCache as LRUCache2 } from "lru-cache";
+var NetworkPolicyService = class {
+  logger;
+  privateRanges = [
+    /^127\./,
+    /^10\./,
+    /^172\.(1[6-9]|2[0-9]|3[0-1])\./,
+    /^192\.168\./,
+    /^169\.254\./,
+    // Link-local
+    /^localhost$/i,
+    /^0\.0\.0\.0$/,
+    /^::1$/,
+    // IPv6 localhost
+    /^fc00:/i,
+    // IPv6 private
+    /^fe80:/i
+    // IPv6 link-local
+  ];
+  RATE_LIMIT = 30;
+  WINDOW_MS = 6e4;
+  // Use LRUCache to prevent unbounded memory growth
+  requestCounts;
+  constructor(logger) {
+    this.logger = logger;
+    this.requestCounts = new LRUCache2({
+      max: 1e4,
+      ttl: this.WINDOW_MS
+    });
+  }
+  async validateUrl(url) {
+    try {
+      const parsed = new URL(url);
+      const hostname = parsed.hostname;
+      for (const range of this.privateRanges) {
+        if (range.test(hostname)) {
+          this.logger.warn({ hostname }, "SSRF attempt detected: private range access");
+          return { valid: false, message: "Access denied: private network access forbidden" };
+        }
+      }
+      if (!net2.isIP(hostname)) {
+        try {
+          const lookup = await dns.lookup(hostname, { all: true });
+          const resolvedIps = [];
+          for (const address of lookup) {
+            let ip = address.address;
+            if (ip.startsWith("::ffff:")) {
+              ip = ip.substring(7);
+            }
+            for (const range of this.privateRanges) {
+              if (range.test(ip)) {
+                this.logger.warn({ hostname, ip }, "SSRF attempt detected: DNS resolves to private IP");
+                return { valid: false, message: "Access denied: hostname resolves to private network" };
+              }
+            }
+            resolvedIps.push(ip);
+          }
+          return { valid: true, resolvedIp: resolvedIps[0] };
+        } catch (err) {
+          this.logger.warn({ hostname, err: err.message }, "DNS lookup failed during URL validation, blocking request");
+          return { valid: false, message: "Access denied: hostname resolution failed" };
+        }
+      }
+      return { valid: true, resolvedIp: hostname };
+    } catch (err) {
+      return { valid: false, message: `Invalid URL: ${err.message}` };
+    }
+  }
+  checkRateLimit(key) {
+    const now = Date.now();
+    const record = this.requestCounts.get(key);
+    if (!record || now > record.resetTime) {
+      this.requestCounts.set(key, { count: 1, resetTime: now + this.WINDOW_MS });
+      return true;
+    }
+    if (record.count >= this.RATE_LIMIT) {
+      this.logger.warn({ key }, "Rate limit exceeded");
+      return false;
+    }
+    record.count++;
+    return true;
+  }
+};
+
+// src/core/session.manager.ts
+import { v4 as uuidv42 } from "uuid";
+import { LRUCache as LRUCache3 } from "lru-cache";
+var SessionManager = class {
+  logger;
+  sessions;
+  SESSION_TTL_MS = 36e5;
+  // 1 hour
+  constructor(logger) {
+    this.logger = logger;
+    this.sessions = new LRUCache3({
+      max: 1e4,
+      ttl: this.SESSION_TTL_MS
+    });
+  }
+  createSession(allowedTools) {
+    const token = uuidv42();
+    this.sessions.set(token, {
+      allowedTools,
+      createdAt: Date.now()
+    });
+    return token;
+  }
+  getSession(token) {
+    return this.sessions.get(token);
+  }
+  invalidateSession(token) {
+    this.sessions.delete(token);
+  }
+  cleanupSessions() {
+    this.sessions.purgeStale();
+  }
+};
+
+// src/core/security.service.ts
+import crypto from "crypto";
+var SecurityService = class {
+  logger;
+  ipcToken;
+  networkPolicy;
+  sessionManager;
+  constructor(logger, ipcToken) {
+    this.logger = logger;
+    this.ipcToken = ipcToken;
+    this.networkPolicy = new NetworkPolicyService(logger);
+    this.sessionManager = new SessionManager(logger);
+  }
+  validateCode(code) {
+    if (!code || code.length > 1024 * 1024) {
+      return { valid: false, message: "Code size exceeds limit or is empty" };
+    }
+    return { valid: true };
+  }
+  async validateUrl(url) {
+    return this.networkPolicy.validateUrl(url);
+  }
+  checkRateLimit(key) {
+    return this.networkPolicy.checkRateLimit(key);
+  }
+  validateIpcToken(token) {
+    if (!this.ipcToken) {
+      return true;
+    }
+    const expected = Buffer.from(this.ipcToken);
+    const actual = Buffer.from(token);
+    if (expected.length === actual.length && crypto.timingSafeEqual(expected, actual)) {
+      return true;
+    }
+    return !!this.sessionManager.getSession(token);
+  }
+  createSession(allowedTools) {
+    return this.sessionManager.createSession(allowedTools);
+  }
+  getSession(token) {
+    return this.sessionManager.getSession(token);
+  }
+  invalidateSession(token) {
+    this.sessionManager.invalidateSession(token);
+  }
+  getIpcToken() {
+    return this.ipcToken;
+  }
+};
+
+// src/core/otel.service.ts
+import { NodeSDK } from "@opentelemetry/sdk-node";
+import { getNodeAutoInstrumentations } from "@opentelemetry/auto-instrumentations-node";
+import { PrometheusExporter } from "@opentelemetry/exporter-prometheus";
+import { resourceFromAttributes } from "@opentelemetry/resources";
+import { SemanticResourceAttributes } from "@opentelemetry/semantic-conventions";
+import { PinoInstrumentation } from "@opentelemetry/instrumentation-pino";
+var OtelService = class {
+  constructor(logger) {
+    this.logger = logger;
+  }
+  sdk = null;
+  async start() {
+    this.sdk = new NodeSDK({
+      resource: resourceFromAttributes({
+        [SemanticResourceAttributes.SERVICE_NAME]: "conduit"
+      }),
+      metricReader: new PrometheusExporter({
+        port: 9464
+        // Default prometheus exporter port
+      }),
+      instrumentations: [
+        getNodeAutoInstrumentations(),
+        new PinoInstrumentation()
+      ]
+    });
+    try {
+      await this.sdk.start();
+      this.logger.info("OpenTelemetry SDK started");
+    } catch (error) {
+      this.logger.error({ error }, "Error starting OpenTelemetry SDK");
+    }
+  }
+  async shutdown() {
+    if (this.sdk) {
+      await this.sdk.shutdown();
+      this.logger.info("OpenTelemetry SDK shut down");
+    }
+  }
+};
+
+// src/executors/deno.executor.ts
+import { spawn, exec } from "child_process";
+import { promisify } from "util";
+import fs3 from "fs";
+import path4 from "path";
+import { platform } from "os";
+import { fileURLToPath as fileURLToPath2 } from "url";
+
+// src/core/asset.utils.ts
+import path3 from "path";
+import fs2 from "fs";
+import { fileURLToPath } from "url";
+var __dirname = path3.dirname(fileURLToPath(import.meta.url));
+function resolveAssetPath(filename) {
+  const candidates = [
+    // Source structure: src/core/asset.utils.ts -> src/assets/
+    path3.resolve(__dirname, "../assets", filename),
+    // Dist structure possibility 1: dist/ (flat) with assets/ subdir
+    path3.resolve(__dirname, "./assets", filename),
+    // Dist structure possibility 2: dist/core/ -> dist/assets/
+    path3.resolve(__dirname, "../../assets", filename),
+    // Dist structure possibility 3: dist/ -> assets/ (if called from root)
+    path3.resolve(process.cwd(), "assets", filename),
+    // Dist structure possibility 4: dist/assets/ (from root)
+    path3.resolve(process.cwd(), "dist/assets", filename)
+  ];
+  for (const candidate of candidates) {
+    if (fs2.existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  throw new Error(`Asset not found: ${filename}. Checked paths: ${candidates.join(", ")}`);
+}
+
+// src/executors/deno.executor.ts
+var execAsync = promisify(exec);
+var __dirname2 = path4.dirname(fileURLToPath2(import.meta.url));
+var DenoExecutor = class {
+  shimContent = "";
+  // Track active processes for cleanup
+  // Using 'any' for the Set because ChildProcess type import can be finicky across node versions/types
+  // but at runtime it is a ChildProcess
+  activeProcesses = /* @__PURE__ */ new Set();
+  maxConcurrentProcesses;
+  constructor(maxConcurrentProcesses = 10) {
+    this.maxConcurrentProcesses = maxConcurrentProcesses;
+  }
+  getShim() {
+    if (this.shimContent) return this.shimContent;
+    try {
+      const assetPath = resolveAssetPath("deno-shim.ts");
+      this.shimContent = fs3.readFileSync(assetPath, "utf-8");
+      return this.shimContent;
+    } catch (err) {
+      throw new Error(`Failed to load Deno shim: ${err.message}`);
+    }
+  }
+  async execute(code, limits, context, config) {
+    const { logger } = context;
+    if (this.activeProcesses.size >= this.maxConcurrentProcesses) {
+      return {
+        stdout: "",
+        stderr: "",
+        exitCode: null,
+        error: {
+          code: -32e3 /* ServerBusy */,
+          message: "Too many concurrent Deno processes"
+        }
+      };
+    }
+    let stdout = "";
+    let stderr = "";
+    let totalOutputBytes = 0;
+    let totalLogEntries = 0;
+    let isTerminated = false;
+    let shim = this.getShim().replace("__CONDUIT_IPC_ADDRESS__", config?.ipcAddress || "").replace("__CONDUIT_IPC_TOKEN__", config?.ipcToken || "");
+    if (shim.includes("__CONDUIT_IPC_ADDRESS__")) {
+      throw new Error("Failed to inject IPC address into Deno shim");
+    }
+    if (shim.includes("__CONDUIT_IPC_TOKEN__")) {
+      throw new Error("Failed to inject IPC token into Deno shim");
+    }
+    if (config?.sdkCode) {
+      shim = shim.replace("// __CONDUIT_SDK_INJECTION__", config.sdkCode);
+      if (shim.includes("// __CONDUIT_SDK_INJECTION__")) {
+        throw new Error("Failed to inject SDK code into Deno shim");
+      }
+    }
+    const fullCode = shim + "\n" + code;
+    const args = [
+      "run",
+      `--v8-flags=--max-heap-size=${limits.memoryLimitMb}`
+    ];
+    if (config?.ipcAddress && !config.ipcAddress.includes("/") && !config.ipcAddress.includes("\\")) {
+      try {
+        const url = new URL(`http://${config.ipcAddress}`);
+        let normalizedHost = url.hostname;
+        normalizedHost = normalizedHost.replace(/[\[\]]/g, "");
+        if (normalizedHost === "0.0.0.0" || normalizedHost === "::" || normalizedHost === "::1" || normalizedHost === "") {
+          normalizedHost = "127.0.0.1";
+        }
+        args.push(`--allow-net=${normalizedHost}`);
+      } catch (err) {
+        logger.warn({ address: config.ipcAddress, err }, "Failed to parse IPC address for Deno permissions");
+      }
+    } else {
+    }
+    args.push("-");
+    const child = spawn("deno", args, {
+      stdio: ["pipe", "pipe", "pipe"],
+      env: {
+        PATH: process.env.PATH,
+        HOME: process.env.HOME,
+        TMPDIR: process.env.TMPDIR
+      }
+    });
+    this.activeProcesses.add(child);
+    child.on("spawn", () => {
+    });
+    const cleanupProcess = () => {
+      this.activeProcesses.delete(child);
+    };
+    return new Promise((resolve) => {
+      const timeout = setTimeout(() => {
+        if (!isTerminated) {
+          isTerminated = true;
+          if (typeof monitorInterval !== "undefined") clearInterval(monitorInterval);
+          child.kill("SIGKILL");
+          logger.warn("Execution timed out, SIGKILL sent");
+          cleanupProcess();
+          resolve({
+            stdout,
+            stderr,
+            exitCode: null,
+            error: {
+              code: -32008 /* RequestTimeout */,
+              message: "Execution timed out"
+            }
+          });
+        }
+      }, limits.timeoutMs);
+      const isWindows = platform() === "win32";
+      const monitorInterval = setInterval(async () => {
+        if (isTerminated || !child.pid) {
+          clearInterval(monitorInterval);
+          return;
+        }
+        try {
+          let rssMb = 0;
+          if (isWindows) {
+            try {
+              const { stdout: tasklistOut } = await execAsync(`tasklist /FI "PID eq ${child.pid}" /FO CSV /NH`);
+              const match = tasklistOut.match(/"([^"]+ K)"$/m);
+              if (match) {
+                const memStr = match[1].replace(/[ K,]/g, "");
+                const memKb = parseInt(memStr, 10);
+                if (!isNaN(memKb)) {
+                  rssMb = memKb / 1024;
+                }
+              }
+            } catch (e) {
+            }
+          } else {
+            const { stdout: rssStdout } = await execAsync(`ps -o rss= -p ${child.pid}`);
+            const rssKb = parseInt(rssStdout.trim());
+            if (!isNaN(rssKb)) {
+              rssMb = rssKb / 1024;
+            }
+          }
+          if (rssMb > limits.memoryLimitMb) {
+            isTerminated = true;
+            if (typeof monitorInterval !== "undefined") clearInterval(monitorInterval);
+            child.kill("SIGKILL");
+            logger.warn({ rssMb, limitMb: limits.memoryLimitMb }, "Deno RSS limit exceeded, SIGKILL sent");
+            cleanupProcess();
+            resolve({
+              stdout,
+              stderr,
+              exitCode: null,
+              error: {
+                code: -32009 /* MemoryLimitExceeded */,
+                message: `Memory limit exceeded: ${rssMb.toFixed(2)}MB > ${limits.memoryLimitMb}MB`
+              }
+            });
+          }
+        } catch (err) {
+          clearInterval(monitorInterval);
+        }
+      }, 2e3);
+      child.stdout.on("data", (chunk) => {
+        if (isTerminated) return;
+        totalOutputBytes += chunk.length;
+        const newLines = (chunk.toString().match(/\n/g) || []).length;
+        totalLogEntries += newLines;
+        if (totalOutputBytes > limits.maxOutputBytes || totalLogEntries > limits.maxLogEntries) {
+          isTerminated = true;
+          if (typeof monitorInterval !== "undefined") clearInterval(monitorInterval);
+          child.kill("SIGKILL");
+          logger.warn({ bytes: totalOutputBytes, lines: totalLogEntries }, "Limits exceeded, SIGKILL sent");
+          cleanupProcess();
+          resolve({
+            stdout: stdout + chunk.toString().slice(0, limits.maxOutputBytes - (totalOutputBytes - chunk.length)),
+            stderr,
+            exitCode: null,
+            error: {
+              code: totalOutputBytes > limits.maxOutputBytes ? -32013 /* OutputLimitExceeded */ : -32014 /* LogLimitExceeded */,
+              message: totalOutputBytes > limits.maxOutputBytes ? "Output limit exceeded" : "Log entry limit exceeded"
+            }
+          });
+          return;
+        }
+        stdout += chunk.toString();
+      });
+      child.stderr.on("data", (chunk) => {
+        if (isTerminated) return;
+        totalOutputBytes += chunk.length;
+        const newLines = (chunk.toString().match(/\n/g) || []).length;
+        totalLogEntries += newLines;
+        if (totalOutputBytes > limits.maxOutputBytes || totalLogEntries > limits.maxLogEntries) {
+          isTerminated = true;
+          if (typeof monitorInterval !== "undefined") clearInterval(monitorInterval);
+          child.kill("SIGKILL");
+          logger.warn({ bytes: totalOutputBytes, lines: totalLogEntries }, "Limits exceeded, SIGKILL sent");
+          cleanupProcess();
+          resolve({
+            stdout,
+            stderr: stderr + chunk.toString().slice(0, limits.maxOutputBytes - (totalOutputBytes - chunk.length)),
+            exitCode: null,
+            error: {
+              code: totalOutputBytes > limits.maxOutputBytes ? -32013 /* OutputLimitExceeded */ : -32014 /* LogLimitExceeded */,
+              message: totalOutputBytes > limits.maxOutputBytes ? "Output limit exceeded" : "Log entry limit exceeded"
+            }
+          });
+          return;
+        }
+        stderr += chunk.toString();
+      });
+      child.on("close", (code2) => {
+        clearTimeout(timeout);
+        if (typeof monitorInterval !== "undefined") clearInterval(monitorInterval);
+        cleanupProcess();
+        if (isTerminated) return;
+        resolve({
+          stdout,
+          stderr,
+          exitCode: code2
+        });
+      });
+      child.on("error", (err) => {
+        clearTimeout(timeout);
+        logger.error({ err }, "Child process error");
+        cleanupProcess();
+        let message = err.message;
+        if (err.code === "ENOENT") {
+          message = "Deno executable not found in PATH. Please ensure Deno is installed.";
+        }
+        resolve({
+          stdout,
+          stderr,
+          exitCode: null,
+          error: {
+            code: -32603 /* InternalError */,
+            message
+          }
+        });
+      });
+      child.stdin.write(fullCode);
+      child.stdin.end();
+    });
+  }
+  async shutdown() {
+    for (const child of this.activeProcesses) {
+      try {
+        child.kill("SIGKILL");
+      } catch (err) {
+      }
+    }
+    this.activeProcesses.clear();
+  }
+  async healthCheck() {
+    try {
+      const { stdout } = await execAsync("deno --version");
+      return { status: "ok", detail: stdout.split("\n")[0] };
+    } catch (err) {
+      return { status: "error", detail: err.message };
+    }
+  }
+  async warmup() {
+  }
+};
+
+// src/executors/pyodide.executor.ts
+import { Worker } from "worker_threads";
+import fs4 from "fs";
+import path5 from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+var __dirname3 = path5.dirname(fileURLToPath3(import.meta.url));
+var PyodideExecutor = class {
+  shimContent = "";
+  pool = [];
+  maxPoolSize;
+  maxRunsPerWorker = 1;
+  constructor(maxPoolSize = 3) {
+    this.maxPoolSize = maxPoolSize;
+  }
+  getShim() {
+    if (this.shimContent) return this.shimContent;
+    try {
+      const assetPath = resolveAssetPath("python-shim.py");
+      this.shimContent = fs4.readFileSync(assetPath, "utf-8");
+      return this.shimContent;
+    } catch (err) {
+      throw new Error(`Failed to load Python shim: ${err.message}`);
+    }
+  }
+  waitQueue = [];
+  async getWorker(logger, limits) {
+    let pooled = this.pool.find((w) => !w.busy);
+    if (pooled) {
+      pooled.busy = true;
+      return pooled;
+    }
+    if (this.pool.length < this.maxPoolSize) {
+      logger.info("Creating new Pyodide worker for pool");
+      const worker = this.createWorker(limits);
+      pooled = { worker, busy: true, runs: 0, lastUsed: Date.now() };
+      this.pool.push(pooled);
+      await new Promise((resolve, reject) => {
+        const onMessage = (msg) => {
+          if (msg.type === "ready") {
+            worker.off("message", onMessage);
+            resolve();
+          }
+        };
+        worker.on("message", onMessage);
+        worker.on("error", reject);
+        setTimeout(() => {
+          worker.terminate();
+          this.pool = this.pool.filter((p) => p !== pooled);
+          reject(new Error("Worker init timeout"));
+        }, 1e4);
+      });
+      return pooled;
+    }
+    return new Promise((resolve) => {
+      this.waitQueue.push(resolve);
+    });
+  }
+  createWorker(limits) {
+    let workerPath = path5.resolve(__dirname3, "./pyodide.worker.js");
+    if (!fs4.existsSync(workerPath)) {
+      workerPath = path5.resolve(__dirname3, "./pyodide.worker.ts");
+    }
+    return new Worker(workerPath, {
+      execArgv: process.execArgv.includes("--loader") ? process.execArgv : [],
+      resourceLimits: limits ? {
+        maxOldSpaceSizeMb: limits.memoryLimitMb
+        // Stack size and young generation are usually fine with defaults
+      } : void 0
+    });
+  }
+  async warmup(limits) {
+    const needed = this.maxPoolSize - this.pool.length;
+    if (needed <= 0) return;
+    console.error(`Pre-warming ${needed} Pyodide workers...`);
+    const promises = [];
+    for (let i = 0; i < needed; i++) {
+      promises.push(this.createAndPoolWorker(limits));
+    }
+    await Promise.all(promises);
+    console.error(`Pyodide pool pre-warmed with ${this.pool.length} workers.`);
+  }
+  async createAndPoolWorker(limits) {
+    if (this.pool.length >= this.maxPoolSize) return;
+    const worker = this.createWorker(limits);
+    const pooled = { worker, busy: true, runs: 0, lastUsed: Date.now() };
+    this.pool.push(pooled);
+    try {
+      await new Promise((resolve, reject) => {
+        const onMessage = (msg) => {
+          if (msg.type === "ready") {
+            worker.off("message", onMessage);
+            resolve();
+          }
+        };
+        worker.on("message", onMessage);
+        worker.on("error", reject);
+        setTimeout(() => reject(new Error("Worker init timeout")), 1e4);
+      });
+      pooled.busy = false;
+      if (this.waitQueue.length > 0) {
+        const nextResolve = this.waitQueue.shift();
+        if (nextResolve) {
+          pooled.busy = true;
+          nextResolve(pooled);
+        }
+      }
+    } catch (err) {
+      this.pool = this.pool.filter((p) => p !== pooled);
+      worker.terminate();
+    }
+  }
+  async execute(code, limits, context, config) {
+    const { logger } = context;
+    const pooledWorker = await this.getWorker(logger, limits);
+    const worker = pooledWorker.worker;
+    return new Promise((resolve) => {
+      const timeout = setTimeout(() => {
+        logger.warn("Python execution timed out, terminating worker");
+        worker.terminate();
+        this.pool = this.pool.filter((w) => w !== pooledWorker);
+        resolve({
+          stdout: "",
+          stderr: "Execution timed out",
+          exitCode: null,
+          error: {
+            code: -32008 /* RequestTimeout */,
+            message: "Execution timed out"
+          }
+        });
+      }, limits.timeoutMs);
+      const onMessage = (msg) => {
+        if (msg.type === "ready" || msg.type === "pong") return;
+        clearTimeout(timeout);
+        worker.off("message", onMessage);
+        worker.off("error", onError);
+        pooledWorker.busy = false;
+        if (this.waitQueue.length > 0) {
+          const nextResolve = this.waitQueue.shift();
+          if (nextResolve) {
+            pooledWorker.busy = true;
+            nextResolve(pooledWorker);
+          }
+        }
+        pooledWorker.runs++;
+        pooledWorker.lastUsed = Date.now();
+        if (pooledWorker.runs >= this.maxRunsPerWorker) {
+          logger.info("Recycling Pyodide worker after max runs");
+          worker.terminate();
+          this.pool = this.pool.filter((w) => w !== pooledWorker);
+        }
+        if (msg.success) {
+          resolve({
+            stdout: msg.stdout,
+            stderr: msg.stderr,
+            exitCode: 0
+          });
+        } else {
+          logger.warn({ error: msg.error }, "Python execution failed or limit breached, terminating worker");
+          worker.terminate();
+          this.pool = this.pool.filter((w) => w !== pooledWorker);
+          logger.debug({ error: msg.error }, "Python execution error from worker");
+          const normalizedError = (msg.error || "").toLowerCase();
+          const limitBreached = msg.limitBreached || "";
+          const isLogLimit = limitBreached === "log" || normalizedError.includes("[limit_log]");
+          const isOutputLimit = limitBreached === "output" || normalizedError.includes("[limit_output]");
+          const isAmbiguousLimit = !isOutputLimit && !isLogLimit && (normalizedError.includes("i/o error") || normalizedError.includes("errno 29") || normalizedError.includes("limit exceeded"));
+          resolve({
+            stdout: msg.stdout,
+            stderr: msg.stderr,
+            exitCode: 1,
+            error: {
+              code: isLogLimit ? -32014 /* LogLimitExceeded */ : isOutputLimit || isAmbiguousLimit ? -32013 /* OutputLimitExceeded */ : -32603 /* InternalError */,
+              message: isLogLimit ? "Log entry limit exceeded" : isOutputLimit || isAmbiguousLimit ? "Output limit exceeded" : msg.error
+            }
+          });
+        }
+      };
+      const onError = (err) => {
+        clearTimeout(timeout);
+        worker.off("message", onMessage);
+        worker.off("error", onError);
+        logger.error({ err }, "Pyodide worker error");
+        worker.terminate();
+        this.pool = this.pool.filter((w) => w !== pooledWorker);
+        resolve({
+          stdout: "",
+          stderr: err.message,
+          exitCode: null,
+          error: {
+            code: -32603 /* InternalError */,
+            message: err.message
+          }
+        });
+      };
+      worker.on("message", onMessage);
+      worker.on("error", onError);
+      let shim = this.getShim();
+      if (config?.sdkCode) {
+        shim = shim.replace("# __CONDUIT_SDK_INJECTION__", config.sdkCode);
+      }
+      worker.postMessage({
+        type: "execute",
+        data: { code, limits, ipcInfo: config, shim }
+      });
+    });
+  }
+  async shutdown() {
+    for (const pooled of this.pool) {
+      await pooled.worker.terminate();
+    }
+    this.pool = [];
+  }
+  async healthCheck() {
+    try {
+      const pooled = await this.getWorker(console, {
+        timeoutMs: 5e3,
+        memoryLimitMb: 128,
+        maxOutputBytes: 1024,
+        maxLogEntries: 10
+      });
+      return new Promise((resolve) => {
+        let timeout;
+        const onMessage = (msg) => {
+          if (msg.type === "pong") {
+            cleanup();
+            pooled.busy = false;
+            resolve({ status: "ok", workers: this.pool.length });
+          }
+        };
+        const cleanup = () => {
+          clearTimeout(timeout);
+          pooled.worker.off("message", onMessage);
+        };
+        timeout = setTimeout(() => {
+          cleanup();
+          pooled.busy = false;
+          resolve({ status: "error", workers: this.pool.length, detail: "Health check timeout" });
+        }, 2e3);
+        pooled.worker.on("message", onMessage);
+        pooled.worker.postMessage({ type: "ping" });
+      });
+    } catch (err) {
+      return { status: "error", workers: this.pool.length, detail: err.message };
+    }
+  }
+};
+
+// src/executors/isolate.executor.ts
+import ivm from "isolated-vm";
+var IsolateExecutor = class {
+  logger;
+  gatewayService;
+  constructor(logger, gatewayService) {
+    this.logger = logger;
+    this.gatewayService = gatewayService;
+  }
+  async execute(code, limits, context, config) {
+    const logs = [];
+    const errors = [];
+    let isolate = null;
+    try {
+      isolate = new ivm.Isolate({ memoryLimit: limits.memoryLimitMb });
+      const ctx = await isolate.createContext();
+      const jail = ctx.global;
+      let currentLogBytes = 0;
+      let currentErrorBytes = 0;
+      await jail.set("__log", new ivm.Callback((msg) => {
+        if (currentLogBytes + msg.length + 1 > limits.maxOutputBytes) {
+          throw new Error("[LIMIT_LOG]");
+        }
+        if (currentLogBytes < limits.maxOutputBytes) {
+          logs.push(msg);
+          currentLogBytes += msg.length + 1;
+        }
+      }));
+      await jail.set("__error", new ivm.Callback((msg) => {
+        if (currentErrorBytes + msg.length + 1 > limits.maxOutputBytes) {
+          throw new Error("[LIMIT_OUTPUT]");
+        }
+        if (currentErrorBytes < limits.maxOutputBytes) {
+          errors.push(msg);
+          currentErrorBytes += msg.length + 1;
+        }
+      }));
+      let requestIdCounter = 0;
+      const pendingToolCalls = /* @__PURE__ */ new Map();
+      await jail.set("__dispatchToolCall", new ivm.Callback((nameStr, argsStr) => {
+        const requestId = ++requestIdCounter;
+        const name = nameStr;
+        let args = {};
+        try {
+          args = JSON.parse(argsStr);
+        } catch (e) {
+        }
+        this.gatewayService.callTool(name, args, context).then((res) => {
+          return ctx.evalClosure(`resolveRequest($0, $1, null)`, [requestId, JSON.stringify(res)], { arguments: { copy: true } });
+        }).catch((err) => {
+          return ctx.evalClosure(`resolveRequest($0, null, $1)`, [requestId, err.message || "Unknown error"], { arguments: { copy: true } });
+        }).catch((e) => {
+        });
+        return requestId;
+      }));
+      const bootstrap = `
+                const requests = new Map();
+                
+                // Host calls this to resolve requests
+                globalThis.resolveRequest = (id, resultJson, error) => {
+                    const req = requests.get(id);
+                    if (req) {
+                        requests.delete(id);
+                        if (error) req.reject(new Error(error));
+                        else req.resolve(resultJson);
+                    }
+                };
+
+                // Internal tool call wrapper
+                globalThis.__callTool = (name, argsJson) => {
+                    return new Promise((resolve, reject) => {
+                        const id = __dispatchToolCall(name, argsJson);
+                        requests.set(id, { resolve, reject });
+                    });
+                };
+
+                const format = (arg) => {
+                    if (typeof arg === 'string') return arg;
+                    if (arg instanceof Error) return arg.stack || arg.message;
+                    if (typeof arg === 'object' && arg !== null && arg.message && arg.stack) return arg.stack; // Duck typing
+                    return JSON.stringify(arg);
+                };
+                const console = {
+                    log: (...args) => __log(args.map(format).join(' ')),
+                    error: (...args) => __error(args.map(format).join(' ')),
+                };
+            `;
+      const bootstrapScript = await isolate.compileScript(bootstrap);
+      await bootstrapScript.run(ctx, { timeout: 1e3 });
+      const sdkScript = config?.sdkCode || `
+                const tools = {
+                    $raw: async (name, args) => {
+                        const resStr = await __callTool(name, JSON.stringify(args || {}));
+                        return JSON.parse(resStr);
+                    }
+                };
+            `;
+      const compiledSdk = await isolate.compileScript(sdkScript);
+      await compiledSdk.run(ctx, { timeout: 1e3 });
+      let executionPromiseResolve;
+      const executionPromise = new Promise((resolve) => {
+        executionPromiseResolve = resolve;
+      });
+      await jail.set("__done", new ivm.Callback(() => {
+        if (executionPromiseResolve) executionPromiseResolve();
+      }));
+      let scriptFailed = false;
+      await jail.set("__setFailed", new ivm.Callback(() => {
+        scriptFailed = true;
+      }));
+      const wrappedCode = `void (async () => {
+                try {
+                    ${code}
+                } catch (err) {
+                    console.error(err);
+                    __setFailed();
+                } finally {
+                    __done();
+                }
+            })()`;
+      const script = await isolate.compileScript(wrappedCode);
+      await script.run(ctx, { timeout: limits.timeoutMs });
+      let timedOut = false;
+      const timeoutPromise = new Promise((_, reject) => {
+        setTimeout(() => {
+          timedOut = true;
+          reject(new Error("Script execution timed out"));
+        }, limits.timeoutMs);
+      });
+      try {
+        await Promise.race([executionPromise, timeoutPromise]);
+      } catch (err) {
+        if (err.message === "Script execution timed out") {
+          return {
+            stdout: logs.join("\n"),
+            stderr: errors.join("\n"),
+            exitCode: null,
+            error: {
+              code: -32008 /* RequestTimeout */,
+              message: "Execution timed out"
+            }
+          };
+        }
+        throw err;
+      }
+      return {
+        stdout: logs.join("\n"),
+        stderr: errors.join("\n"),
+        exitCode: scriptFailed ? 1 : 0
+      };
+    } catch (err) {
+      const message = err.message || "Unknown error";
+      if (message.includes("Script execution timed out")) {
+        return {
+          stdout: logs.join("\n"),
+          stderr: errors.join("\n"),
+          exitCode: null,
+          error: {
+            code: -32008 /* RequestTimeout */,
+            message: "Execution timed out"
+          }
+        };
+      }
+      if (message.includes("memory limit") || message.includes("disposed")) {
+        return {
+          stdout: logs.join("\n"),
+          stderr: errors.join("\n"),
+          exitCode: null,
+          error: {
+            code: -32009 /* MemoryLimitExceeded */,
+            message: "Memory limit exceeded"
+          }
+        };
+      }
+      this.logger.error({ err }, "Isolate execution failed");
+      return {
+        stdout: logs.join("\n"),
+        stderr: message,
+        exitCode: 1,
+        error: {
+          code: -32603 /* InternalError */,
+          message
+        }
+      };
+    } finally {
+      if (isolate) {
+        isolate.dispose();
+      }
+    }
+  }
+  async shutdown() {
+  }
+  async healthCheck() {
+    try {
+      const isolate = new ivm.Isolate({ memoryLimit: 8 });
+      isolate.dispose();
+      return { status: "ok" };
+    } catch (err) {
+      return { status: "error", detail: err.message };
+    }
+  }
+  async warmup() {
+  }
+};
+
+// src/core/registries/executor.registry.ts
+var ExecutorRegistry = class {
+  executors = /* @__PURE__ */ new Map();
+  register(name, executor) {
+    this.executors.set(name, executor);
+  }
+  get(name) {
+    return this.executors.get(name);
+  }
+  has(name) {
+    return this.executors.has(name);
+  }
+  async shutdownAll() {
+    for (const executor of this.executors.values()) {
+      if (executor.shutdown) {
+        await executor.shutdown();
+      }
+    }
+    this.executors.clear();
+  }
+};
+
+// src/sdk/tool-binding.ts
+function parseToolName(qualifiedName) {
+  const separatorIndex = qualifiedName.indexOf("__");
+  if (separatorIndex === -1) {
+    return { namespace: "", name: qualifiedName };
+  }
+  return {
+    namespace: qualifiedName.substring(0, separatorIndex),
+    name: qualifiedName.substring(separatorIndex + 2)
+  };
+}
+function toToolBinding(name, inputSchema, description) {
+  const toolId = parseToolName(name);
+  return {
+    name,
+    namespace: toolId.namespace || "default",
+    methodName: toolId.name || name,
+    inputSchema,
+    description
+  };
+}
+function groupByNamespace(bindings) {
+  const groups = /* @__PURE__ */ new Map();
+  for (const binding of bindings) {
+    const existing = groups.get(binding.namespace) || [];
+    existing.push(binding);
+    groups.set(binding.namespace, existing);
+  }
+  return groups;
+}
+
+// src/sdk/sdk-generator.ts
+var SDKGenerator = class {
+  /**
+   * Convert camelCase to snake_case for Python
+   */
+  toSnakeCase(str) {
+    return str.replace(/([A-Z])/g, "_$1").toLowerCase().replace(/^_/, "");
+  }
+  /**
+   * Escape a string for use in generated code
+   */
+  escapeString(str) {
+    return str.replace(/\\/g, "\\\\").replace(/'/g, "\\'").replace(/\n/g, "\\n");
+  }
+  /**
+   * Generate TypeScript SDK code to be injected into Deno sandbox.
+   * Creates: tools.namespace.method(args) => __internalCallTool("namespace__method", args)
+   * @param bindings Tool bindings to generate SDK for
+   * @param allowedTools Optional allowlist for $raw() enforcement
+   * @param enableRawFallback Enable $raw() escape hatch (default: true)
+   */
+  generateTypeScript(bindings, allowedTools, enableRawFallback = true) {
+    const grouped = groupByNamespace(bindings);
+    const lines = [];
+    lines.push("// Generated SDK - Do not edit");
+    if (allowedTools && allowedTools.length > 0) {
+      const normalizedList = allowedTools.map((t) => t.replace(/\./g, "__"));
+      lines.push(`const __allowedTools = ${JSON.stringify(normalizedList)};`);
+    } else {
+      lines.push("const __allowedTools = null;");
+    }
+    lines.push("const tools = {");
+    for (const [namespace, tools] of grouped.entries()) {
+      const safeNamespace = this.isValidIdentifier(namespace) ? namespace : `["${this.escapeString(namespace)}"]`;
+      if (this.isValidIdentifier(namespace)) {
+        lines.push(`  ${namespace}: {`);
+      } else {
+        lines.push(`  "${this.escapeString(namespace)}": {`);
+      }
+      for (const tool of tools) {
+        const methodName = this.isValidIdentifier(tool.methodName) ? tool.methodName : `["${this.escapeString(tool.methodName)}"]`;
+        if (tool.description) {
+          lines.push(`    /** ${this.escapeString(tool.description)} */`);
+        }
+        if (this.isValidIdentifier(tool.methodName)) {
+          lines.push(`    async ${tool.methodName}(args) {`);
+        } else {
+          lines.push(`    "${this.escapeString(tool.methodName)}": async function(args) {`);
+        }
+        lines.push(`      return await __internalCallTool("${this.escapeString(tool.name)}", args);`);
+        lines.push(`    },`);
+      }
+      lines.push(`  },`);
+    }
+    if (enableRawFallback) {
+      lines.push(`  /** Call a tool by its full name (escape hatch for dynamic/unknown tools) */`);
+      lines.push(`  async $raw(name, args) {`);
+      lines.push(`    const normalized = name.replace(/\\./g, '__');`);
+      lines.push(`    if (__allowedTools) {`);
+      lines.push(`      const allowed = __allowedTools.some(p => {`);
+      lines.push(`        if (p.endsWith('__*')) return normalized.startsWith(p.slice(0, -1));`);
+      lines.push(`        return normalized === p;`);
+      lines.push(`      });`);
+      lines.push(`      if (!allowed) throw new Error(\`Tool \${name} is not in the allowlist\`);`);
+      lines.push(`    }`);
+      lines.push(`    return await __internalCallTool(normalized, args);`);
+      lines.push(`  },`);
+    }
+    lines.push("};");
+    lines.push("(globalThis as any).tools = tools;");
+    return lines.join("\n");
+  }
+  /**
+   * Generate Python SDK code to be injected into Pyodide sandbox.
+   * Creates: tools.namespace.method(args) => _internal_call_tool("namespace__method", args)
+   * @param bindings Tool bindings to generate SDK for
+   * @param allowedTools Optional allowlist for raw() enforcement
+   * @param enableRawFallback Enable raw() escape hatch (default: true)
+   */
+  generatePython(bindings, allowedTools, enableRawFallback = true) {
+    const grouped = groupByNamespace(bindings);
+    const lines = [];
+    lines.push("# Generated SDK - Do not edit");
+    if (allowedTools && allowedTools.length > 0) {
+      const normalizedList = allowedTools.map((t) => t.replace(/\./g, "__"));
+      lines.push(`_allowed_tools = ${JSON.stringify(normalizedList)}`);
+    } else {
+      lines.push("_allowed_tools = None");
+    }
+    lines.push("");
+    lines.push("class _ToolNamespace:");
+    lines.push("    def __init__(self, methods):");
+    lines.push("        for name, fn in methods.items():");
+    lines.push("            setattr(self, name, fn)");
+    lines.push("");
+    lines.push("class _Tools:");
+    lines.push("    def __init__(self):");
+    for (const [namespace, tools] of grouped.entries()) {
+      const safeNamespace = this.toSnakeCase(namespace);
+      const methodsDict = [];
+      for (const tool of tools) {
+        const methodName = this.toSnakeCase(tool.methodName);
+        const fullName = tool.name;
+        methodsDict.push(`            "${methodName}": lambda args, n="${this.escapeString(fullName)}": _internal_call_tool(n, args)`);
+      }
+      lines.push(`        self.${safeNamespace} = _ToolNamespace({`);
+      lines.push(methodsDict.join(",\n"));
+      lines.push(`        })`);
+    }
+    if (enableRawFallback) {
+      lines.push("");
+      lines.push("    async def raw(self, name, args):");
+      lines.push('        """Call a tool by its full name (escape hatch for dynamic/unknown tools)"""');
+      lines.push('        normalized = name.replace(".", "__")');
+      lines.push("        if _allowed_tools is not None:");
+      lines.push("            allowed = any(");
+      lines.push('                normalized.startswith(p[:-1]) if p.endswith("__*") else normalized == p');
+      lines.push("                for p in _allowed_tools");
+      lines.push("            )");
+      lines.push("            if not allowed:");
+      lines.push('                raise PermissionError(f"Tool {name} is not in the allowlist")');
+      lines.push("        return await _internal_call_tool(normalized, args)");
+    }
+    lines.push("");
+    lines.push("tools = _Tools()");
+    return lines.join("\n");
+  }
+  /**
+   * Generate JavaScript SDK code for isolated-vm (V8 Isolate).
+   * Creates: tools.namespace.method(args) => __callToolSync("namespace__method", JSON.stringify(args))
+   * @param bindings Tool bindings to generate SDK for
+   * @param allowedTools Optional allowlist for $raw() enforcement
+   * @param enableRawFallback Enable $raw() escape hatch (default: true)
+   */
+  generateIsolateSDK(bindings, allowedTools, enableRawFallback = true) {
+    const grouped = groupByNamespace(bindings);
+    const lines = [];
+    lines.push("// Generated SDK for isolated-vm");
+    if (allowedTools && allowedTools.length > 0) {
+      const normalizedList = allowedTools.map((t) => t.replace(/\./g, "__"));
+      lines.push(`const __allowedTools = ${JSON.stringify(normalizedList)};`);
+    } else {
+      lines.push("const __allowedTools = null;");
+    }
+    lines.push("const tools = {");
+    for (const [namespace, tools] of grouped.entries()) {
+      const safeNamespace = this.isValidIdentifier(namespace) ? namespace : `["${this.escapeString(namespace)}"]`;
+      if (this.isValidIdentifier(namespace)) {
+        lines.push(`  ${namespace}: {`);
+      } else {
+        lines.push(`  "${this.escapeString(namespace)}": {`);
+      }
+      for (const tool of tools) {
+        const methodName = this.isValidIdentifier(tool.methodName) ? tool.methodName : `["${this.escapeString(tool.methodName)}"]`;
+        if (this.isValidIdentifier(tool.methodName)) {
+          lines.push(`    async ${methodName}(args) {`);
+        } else {
+          lines.push(`    "${this.escapeString(tool.methodName)}": async function(args) {`);
+        }
+        lines.push(`      const resStr = await __callTool("${this.escapeString(tool.name)}", JSON.stringify(args || {}));`);
+        lines.push(`      return JSON.parse(resStr);`);
+        lines.push(`    },`);
+      }
+      lines.push(`  },`);
+    }
+    if (enableRawFallback) {
+      lines.push(`  async $raw(name, args) {`);
+      lines.push(`    const normalized = name.replace(/\\./g, '__');`);
+      lines.push(`    if (__allowedTools) {`);
+      lines.push(`      const allowed = __allowedTools.some(p => {`);
+      lines.push(`        if (p.endsWith('__*')) return normalized.startsWith(p.slice(0, -1));`);
+      lines.push(`        return normalized === p;`);
+      lines.push(`      });`);
+      lines.push(`      if (!allowed) throw new Error(\`Tool \${name} is not in the allowlist\`);`);
+      lines.push(`    }`);
+      lines.push(`    const resStr = await __callTool(normalized, JSON.stringify(args || {}));`);
+      lines.push(`    return JSON.parse(resStr);`);
+      lines.push(`  },`);
+    }
+    lines.push("};");
+    return lines.join("\n");
+  }
+  /**
+   * Check if a string is a valid JavaScript/Python identifier
+   */
+  isValidIdentifier(str) {
+    return /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(str);
+  }
+};
+
+// src/core/execution.service.ts
+var ExecutionService = class {
+  logger;
+  executorRegistry;
+  sdkGenerator = new SDKGenerator();
+  defaultLimits;
+  gatewayService;
+  securityService;
+  _ipcAddress = "";
+  constructor(logger, defaultLimits, gatewayService, securityService, executorRegistry) {
+    this.logger = logger;
+    this.defaultLimits = defaultLimits;
+    this.gatewayService = gatewayService;
+    this.securityService = securityService;
+    this.executorRegistry = executorRegistry;
+  }
+  set ipcAddress(addr) {
+    this._ipcAddress = addr;
+  }
+  async executeTypeScript(code, limits, context, allowedTools) {
+    const effectiveLimits = { ...this.defaultLimits, ...limits };
+    const securityResult = this.securityService.validateCode(code);
+    if (!securityResult.valid) {
+      return this.createErrorResult(-32003 /* Forbidden */, securityResult.message || "Access denied");
+    }
+    const cleanCode = code.replace(/\/\*[\s\S]*?\*\/|([^:]|^)\/\/.*$/gm, "$1");
+    const hasImports = /^\s*import\s/m.test(cleanCode) || /^\s*export\s/m.test(cleanCode) || /\bDeno\./.test(cleanCode) || /\bDeno\b/.test(cleanCode);
+    if (!hasImports && this.executorRegistry.has("isolate")) {
+      return await this.executeIsolate(code, effectiveLimits, context, allowedTools);
+    }
+    if (!this._ipcAddress) {
+      return this.createErrorResult(-32603 /* InternalError */, "IPC address not initialized");
+    }
+    if (!this.executorRegistry.has("deno")) {
+      return this.createErrorResult(-32603 /* InternalError */, "Deno execution not available");
+    }
+    const executor = this.executorRegistry.get("deno");
+    const bindings = await this.getToolBindings(context);
+    const sdkCode = this.sdkGenerator.generateTypeScript(bindings, allowedTools);
+    const sessionToken = this.securityService.createSession(allowedTools);
+    try {
+      return await executor.execute(code, effectiveLimits, context, {
+        ipcAddress: this._ipcAddress,
+        ipcToken: sessionToken,
+        sdkCode
+      });
+    } finally {
+      this.securityService.invalidateSession(sessionToken);
+    }
+  }
+  async executePython(code, limits, context, allowedTools) {
+    const effectiveLimits = { ...this.defaultLimits, ...limits };
+    if (!this.executorRegistry.has("python")) {
+      return this.createErrorResult(-32603 /* InternalError */, "Python execution not available");
+    }
+    if (!this._ipcAddress) {
+      return this.createErrorResult(-32603 /* InternalError */, "IPC address not initialized");
+    }
+    const executor = this.executorRegistry.get("python");
+    const securityResult = this.securityService.validateCode(code);
+    if (!securityResult.valid) {
+      return this.createErrorResult(-32003 /* Forbidden */, securityResult.message || "Access denied");
+    }
+    const bindings = await this.getToolBindings(context);
+    const sdkCode = this.sdkGenerator.generatePython(bindings, allowedTools);
+    const sessionToken = this.securityService.createSession(allowedTools);
+    try {
+      return await executor.execute(code, effectiveLimits, context, {
+        ipcAddress: this._ipcAddress,
+        ipcToken: sessionToken,
+        sdkCode
+      });
+    } finally {
+      this.securityService.invalidateSession(sessionToken);
+    }
+  }
+  async getToolBindings(context) {
+    const packages = await this.gatewayService.listToolPackages();
+    const allBindings = [];
+    for (const pkg of packages) {
+      try {
+        const stubs = await this.gatewayService.listToolStubs(pkg.id, context);
+        allBindings.push(...stubs.map((s) => toToolBinding(s.id, void 0, s.description)));
+      } catch (err) {
+        this.logger.warn({ packageId: pkg.id, err: err.message }, "Failed to list stubs for package");
+      }
+    }
+    return allBindings;
+  }
+  async executeIsolate(code, limits, context, allowedTools) {
+    if (!this.executorRegistry.has("isolate")) {
+      return this.createErrorResult(-32603 /* InternalError */, "IsolateExecutor not available");
+    }
+    const executor = this.executorRegistry.get("isolate");
+    const effectiveLimits = { ...this.defaultLimits, ...limits };
+    const securityResult = this.securityService.validateCode(code);
+    if (!securityResult.valid) {
+      return this.createErrorResult(-32003 /* Forbidden */, securityResult.message || "Access denied");
+    }
+    const bindings = await this.getToolBindings(context);
+    const sdkCode = this.sdkGenerator.generateIsolateSDK(bindings, allowedTools);
+    try {
+      return await executor.execute(code, effectiveLimits, context, { sdkCode });
+    } catch (err) {
+      return this.createErrorResult(-32603 /* InternalError */, err.message);
+    }
+  }
+  createErrorResult(code, message) {
+    return {
+      stdout: "",
+      stderr: "",
+      exitCode: null,
+      error: { code, message }
+    };
+  }
+  async shutdown() {
+    await this.executorRegistry.shutdownAll();
+  }
+  async warmup() {
+    const pythonExecutor = this.executorRegistry.get("python");
+    if (pythonExecutor && "warmup" in pythonExecutor) {
+      await pythonExecutor.warmup(this.defaultLimits);
+    }
+  }
+  async healthCheck() {
+    const pythonExecutor = this.executorRegistry.get("python");
+    if (pythonExecutor && "healthCheck" in pythonExecutor) {
+      return pythonExecutor.healthCheck();
+    }
+    return { status: "ok" };
+  }
+};
+
+// src/core/middleware/error.middleware.ts
+var ErrorHandlingMiddleware = class {
+  async handle(request, context, next) {
+    try {
+      return await next();
+    } catch (err) {
+      context.logger.error({ err }, "Error handling request");
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32603 /* InternalError */,
+          message: err.message || "Internal Server Error"
+        }
+      };
+    }
+  }
+};
+
+// src/core/middleware/logging.middleware.ts
+var LoggingMiddleware = class {
+  async handle(request, context, next) {
+    const { method, id } = request;
+    const childLogger = context.logger.child({ method, id });
+    context.logger = childLogger;
+    metrics.recordExecutionStart();
+    const startTime = Date.now();
+    try {
+      const response = await next();
+      metrics.recordExecutionEnd(Date.now() - startTime, method);
+      return response;
+    } catch (err) {
+      metrics.recordExecutionEnd(Date.now() - startTime, method);
+      throw err;
+    }
+  }
+};
+
+// src/core/middleware/auth.middleware.ts
+var AuthMiddleware = class {
+  constructor(securityService) {
+    this.securityService = securityService;
+  }
+  async handle(request, context, next) {
+    const providedToken = request.auth?.bearerToken || "";
+    const masterToken = this.securityService.getIpcToken();
+    const isMaster = !masterToken || providedToken === masterToken;
+    const isSession = !isMaster && this.securityService.validateIpcToken(providedToken);
+    if (!isMaster && !isSession) {
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32003 /* Forbidden */,
+          message: "Invalid bearer token"
+        }
+      };
+    }
+    if (isSession) {
+      const allowedMethods = ["initialize", "notifications/initialized", "mcp_discover_tools", "mcp_call_tool", "ping", "tools/list", "tools/call"];
+      if (!allowedMethods.includes(request.method)) {
+        return {
+          jsonrpc: "2.0",
+          id: request.id,
+          error: {
+            code: -32003 /* Forbidden */,
+            message: "Session tokens are restricted to tool discovery and calling only"
+          }
+        };
+      }
+      const session = this.securityService.getSession(providedToken);
+      if (session?.allowedTools && !context.allowedTools) {
+        context.allowedTools = session.allowedTools;
+      }
+    }
+    return next();
+  }
+};
+
+// src/core/middleware/ratelimit.middleware.ts
+var RateLimitMiddleware = class {
+  constructor(securityService) {
+    this.securityService = securityService;
+  }
+  async handle(request, context, next) {
+    const providedToken = request.auth?.bearerToken;
+    const rateLimitKey = providedToken || context.remoteAddress || "unknown";
+    if (!this.securityService.checkRateLimit(rateLimitKey)) {
+      return {
+        jsonrpc: "2.0",
+        id: request.id,
+        error: {
+          code: -32005,
+          // Rate limit exceeded code
+          message: "Rate limit exceeded"
+        }
+      };
+    }
+    return next();
+  }
+};
+
+// src/core/middleware/middleware.builder.ts
+function buildDefaultMiddleware(securityService) {
+  return [
+    new ErrorHandlingMiddleware(),
+    new LoggingMiddleware(),
+    new AuthMiddleware(securityService),
+    new RateLimitMiddleware(securityService)
+  ];
+}
+
+// src/auth.cmd.ts
+import Fastify2 from "fastify";
+import axios4 from "axios";
+import open from "open";
+import { v4 as uuidv43 } from "uuid";
+async function handleAuth(options) {
+  const port = options.port || 3333;
+  const redirectUri = `http://localhost:${port}/callback`;
+  const state = uuidv43();
+  const fastify = Fastify2();
+  return new Promise((resolve, reject) => {
+    fastify.get("/callback", async (request, reply) => {
+      const { code, state: returnedState, error, error_description } = request.query;
+      if (error) {
+        reply.send(`Authentication failed: ${error} - ${error_description}`);
+        reject(new Error(`OAuth error: ${error}`));
+        return;
+      }
+      if (returnedState !== state) {
+        reply.send("Invalid state parameter");
+        reject(new Error("State mismatch"));
+        return;
+      }
+      try {
+        const response = await axios4.post(options.tokenUrl, {
+          grant_type: "authorization_code",
+          code,
+          redirect_uri: redirectUri,
+          client_id: options.clientId,
+          client_secret: options.clientSecret
+        });
+        const { refresh_token, access_token } = response.data;
+        console.log("\n--- Authentication Successful ---\n");
+        console.log("Use these values in your conduit.yaml:\n");
+        console.log("credentials:");
+        console.log("  type: oauth2");
+        console.log(`  clientId: ${options.clientId}`);
+        console.log(`  clientSecret: ${options.clientSecret}`);
+        console.log(`  tokenUrl: "${options.tokenUrl}"`);
+        console.log(`  refreshToken: "${refresh_token || "N/A (No refresh token returned)"}"`);
+        if (!refresh_token) {
+          console.log('\nWarning: No refresh token was returned. Ensure your app has "offline_access" scope or similar.');
+        }
+        console.log("\nRaw response data:", JSON.stringify(response.data, null, 2));
+        reply.send("Authentication successful! You can close this window and return to the terminal.");
+        resolve();
+      } catch (err) {
+        const msg = err.response?.data?.error_description || err.response?.data?.error || err.message;
+        reply.send(`Failed to exchange code for token: ${msg}`);
+        reject(new Error(`Token exchange failed: ${msg}`));
+      } finally {
+        setTimeout(() => fastify.close(), 1e3);
+      }
+    });
+    fastify.listen({ port, host: "127.0.0.1" }, async (err) => {
+      if (err) {
+        reject(err);
+        return;
+      }
+      const authUrl = new URL(options.authUrl);
+      authUrl.searchParams.append("client_id", options.clientId);
+      authUrl.searchParams.append("redirect_uri", redirectUri);
+      authUrl.searchParams.append("response_type", "code");
+      authUrl.searchParams.append("state", state);
+      if (options.scopes) {
+        authUrl.searchParams.append("scope", options.scopes);
+      }
+      console.log(`Opening browser to: ${authUrl.toString()}`);
+      console.log("Waiting for callback...");
+      await open(authUrl.toString());
+    });
+  });
+}
+
+// src/index.ts
+var program = new Command();
+program.name("conduit").description("A secure Code Mode execution substrate for MCP agents").version("1.0.0");
+program.command("serve", { isDefault: true }).description("Start the Conduit server").option("--stdio", "Use stdio transport").action(async (options) => {
+  try {
+    await startServer();
+  } catch (err) {
+    console.error("Failed to start Conduit:", err);
+    process.exit(1);
+  }
+});
+program.command("auth").description("Help set up OAuth for an upstream MCP server").requiredOption("--client-id <id>", "OAuth Client ID").requiredOption("--client-secret <secret>", "OAuth Client Secret").requiredOption("--auth-url <url>", "OAuth Authorization URL").requiredOption("--token-url <url>", "OAuth Token URL").option("--scopes <scopes>", "OAuth Scopes (comma separated)").option("--port <port>", "Port for the local callback server", "3333").action(async (options) => {
+  try {
+    await handleAuth({
+      clientId: options.clientId,
+      clientSecret: options.clientSecret,
+      authUrl: options.authUrl,
+      tokenUrl: options.tokenUrl,
+      scopes: options.scopes,
+      port: parseInt(options.port, 10)
+    });
+    console.log("\nSuccess! Configuration generated.");
+  } catch (err) {
+    console.error("Authentication helper failed:", err.message);
+    process.exit(1);
+  }
+});
+async function startServer() {
+  const configService = new ConfigService();
+  const logger = createLogger(configService);
+  const otelService = new OtelService(logger);
+  await otelService.start();
+  await loggerStorage.run({ correlationId: "system" }, async () => {
+    const isStdio = configService.get("transport") === "stdio";
+    const ipcToken = isStdio ? void 0 : configService.get("ipcBearerToken");
+    const securityService = new SecurityService(logger, ipcToken);
+    const gatewayService = new GatewayService(logger, securityService);
+    const upstreams = configService.get("upstreams") || [];
+    for (const upstream of upstreams) {
+      gatewayService.registerUpstream(upstream);
+    }
+    const executorRegistry = new ExecutorRegistry();
+    executorRegistry.register("deno", new DenoExecutor(configService.get("denoMaxPoolSize")));
+    executorRegistry.register("python", new PyodideExecutor(configService.get("pyodideMaxPoolSize")));
+    const isolateExecutor = new IsolateExecutor(logger, gatewayService);
+    executorRegistry.register("isolate", isolateExecutor);
+    const executionService = new ExecutionService(
+      logger,
+      configService.get("resourceLimits"),
+      gatewayService,
+      securityService,
+      executorRegistry
+    );
+    const requestController = new RequestController(
+      logger,
+      executionService,
+      gatewayService,
+      buildDefaultMiddleware(securityService)
+    );
+    const opsServer = new OpsServer(logger, configService.all, gatewayService, requestController);
+    await opsServer.listen();
+    const concurrencyService = new ConcurrencyService(logger, {
+      maxConcurrent: configService.get("maxConcurrent")
+    });
+    let transport;
+    let address;
+    if (configService.get("transport") === "stdio") {
+      transport = new StdioTransport(logger, requestController, concurrencyService);
+      await transport.start();
+      address = "stdio";
+    } else {
+      transport = new SocketTransport(logger, requestController, concurrencyService);
+      const port = configService.get("port");
+      address = await transport.listen({ port });
+    }
+    executionService.ipcAddress = address;
+    await requestController.warmup();
+    logger.info("Conduit server started");
+    const shutdown = async () => {
+      logger.info("Shutting down...");
+      await Promise.all([
+        transport.close(),
+        opsServer.close(),
+        requestController.shutdown(),
+        otelService.shutdown()
+      ]);
+      process.exit(0);
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+  });
+}
+program.parse(process.argv);
+//# sourceMappingURL=index.js.map