@mhingston5/conduit 1.1.6 → 1.1.8

package/README.md

@@ -66,6 +66,20 @@ upstreams:
   - id: github
     type: http
     url: "http://localhost:3000/mcp"
+
+  # Remote MCP servers that use Streamable HTTP (preferred) / SSE:
+  - id: atlassian
+    type: streamableHttp
+    url: "https://mcp.atlassian.com/v1/sse"
+    credentials:
+      type: oauth2
+      clientId: ${ATLASSIAN_CLIENT_ID}
+      clientSecret: ${ATLASSIAN_CLIENT_SECRET}
+      tokenUrl: "https://auth.atlassian.com/oauth/token"
+      refreshToken: ${ATLASSIAN_REFRESH_TOKEN}
+      # Atlassian expects JSON token requests:
+      tokenRequestFormat: json
+
   - id: slack
     type: http
     url: "https://your-mcp-server/mcp"
@@ -75,7 +89,8 @@ upstreams:
       clientSecret: ${SLACK_CLIENT_SECRET}
       tokenUrl: "https://slack.com/api/oauth.v2.access"
       refreshToken: ${SLACK_REFRESH_TOKEN}
-    # Or use local stdio for testing:
+
+  # Or use local stdio for testing:
   - id: filesystem
     type: stdio
     command: npx
@@ -95,8 +110,21 @@ npx conduit auth \
   --scopes <scopes>
 ```
 
+For Atlassian (3LO), include `offline_access` and set the audience:
+
+```bash
+npx conduit auth \
+  --client-id <id> \
+  --client-secret <secret> \
+  --auth-url "https://auth.atlassian.com/authorize?audience=api.atlassian.com&prompt=consent" \
+  --token-url "https://auth.atlassian.com/oauth/token" \
+  --scopes "offline_access,read:me"
+```
+
 This will start a temporary local server, open your browser for authorization, and print the generated `credentials` block for your `conduit.yaml`.
 
+Note: some providers (including Atlassian) use rotating refresh tokens. Conduit will cache the latest refresh token in-memory while running, but it does not currently persist the rotated token back into `conduit.yaml`. If you restart Conduit and your old refresh token has expired/rotated, re-run `conduit auth` and update your config.
+
 For GitHub MCP (remote server OAuth), you can auto-discover endpoints and use PKCE:
 
 ```bash

package/dist/index.js

@@ -2,6 +2,7 @@
 
 // src/index.ts
 import { Command } from "commander";
+import { createRequire } from "module";
 
 // src/core/config.service.ts
 import { z } from "zod";
@@ -29,6 +30,8 @@ var UpstreamCredentialsSchema = z.object({
   tokenUrl: z.string().optional(),
   refreshToken: z.string().optional(),
   scopes: z.array(z.string()).optional(),
+  tokenRequestFormat: z.enum(["form", "json"]).optional(),
+  tokenParams: z.record(z.string(), z.string()).optional(),
   apiKey: z.string().optional(),
   bearerToken: z.string().optional(),
   headerName: z.string().optional()
@@ -39,6 +42,18 @@ var HttpUpstreamSchema = z.object({
   url: z.string(),
   credentials: UpstreamCredentialsSchema.optional()
 });
+var StreamableHttpUpstreamSchema = z.object({
+  id: z.string(),
+  type: z.literal("streamableHttp"),
+  url: z.string(),
+  credentials: UpstreamCredentialsSchema.optional()
+});
+var SseUpstreamSchema = z.object({
+  id: z.string(),
+  type: z.literal("sse"),
+  url: z.string(),
+  credentials: UpstreamCredentialsSchema.optional()
+});
 var StdioUpstreamSchema = z.object({
   id: z.string(),
   type: z.literal("stdio"),
@@ -46,7 +61,12 @@ var StdioUpstreamSchema = z.object({
   args: z.array(z.string()).optional(),
   env: z.record(z.string(), z.string()).optional()
 });
-var UpstreamInfoSchema = z.union([HttpUpstreamSchema, StdioUpstreamSchema]);
+var UpstreamInfoSchema = z.union([
+  HttpUpstreamSchema,
+  StreamableHttpUpstreamSchema,
+  SseUpstreamSchema,
+  StdioUpstreamSchema
+]);
 var ConfigSchema = z.object({
   port: z.union([z.string(), z.number()]).default("3000").transform((v) => Number(v)),
   nodeEnv: z.enum(["development", "production", "test"]).default("development"),
@@ -1061,7 +1081,12 @@ var RequestController = class {
 import axios2 from "axios";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
 import { z as z2 } from "zod";
+import dns from "dns";
+import net2 from "net";
+import { Agent } from "undici";
 var UpstreamClient = class {
   logger;
   info;
@@ -1070,6 +1095,9 @@ var UpstreamClient = class {
   mcpClient;
   transport;
   connected = false;
+  // Pinned-IP dispatchers per upstream origin (defends against DNS rebinding)
+  dispatcherCache = /* @__PURE__ */ new Map();
+  pinned;
   constructor(logger, info, authService, urlValidator) {
     this.logger = logger.child({ upstreamId: info.id });
     this.info = info;
@@ -1092,11 +1120,116 @@ var UpstreamClient = class {
       }, {
         capabilities: {}
       });
+      return;
+    }
+    if (this.info.type === "streamableHttp") {
+      const upstreamUrl = new URL(this.info.url);
+      this.pinned = { origin: upstreamUrl.origin, hostname: upstreamUrl.hostname };
+      this.transport = new StreamableHTTPClientTransport(upstreamUrl, {
+        fetch: this.createAuthedFetch()
+      });
+      this.mcpClient = new Client({
+        name: "conduit-gateway",
+        version: "1.0.0"
+      }, {
+        capabilities: {}
+      });
+      return;
+    }
+    if (this.info.type === "sse") {
+      const upstreamUrl = new URL(this.info.url);
+      this.pinned = { origin: upstreamUrl.origin, hostname: upstreamUrl.hostname };
+      this.mcpClient = new Client({
+        name: "conduit-gateway",
+        version: "1.0.0"
+      }, {
+        capabilities: {}
+      });
+    }
+  }
+  getDispatcher(origin, hostname, resolvedIp) {
+    const existing = this.dispatcherCache.get(origin);
+    if (existing && existing.resolvedIp === resolvedIp) {
+      return existing.agent;
+    }
+    if (existing) {
+      try {
+        existing.agent.close();
+      } catch {
+      }
     }
+    const agent = new Agent({
+      connect: {
+        lookup: (lookupHostname, options, callback) => {
+          if (lookupHostname === hostname) {
+            callback(null, resolvedIp, net2.isIP(resolvedIp));
+            return;
+          }
+          dns.lookup(lookupHostname, options, callback);
+        }
+      }
+    });
+    this.dispatcherCache.set(origin, { resolvedIp, agent });
+    return agent;
+  }
+  createAuthedFetch() {
+    const creds = this.info.credentials;
+    const pinned = this.pinned;
+    const baseFetch = fetch;
+    return async (input, init = {}) => {
+      const requestUrlStr = (() => {
+        if (typeof input === "string") return input;
+        if (input instanceof URL) return input.toString();
+        if (input instanceof Request) return input.url;
+        return String(input);
+      })();
+      const requestUrl = pinned ? new URL(requestUrlStr, pinned.origin) : new URL(requestUrlStr);
+      if (pinned && requestUrl.origin !== pinned.origin) {
+        throw new Error(`Forbidden upstream redirect/origin: ${requestUrl.origin}`);
+      }
+      if (pinned && !pinned.resolvedIp) {
+        const securityResult = await this.urlValidator.validateUrl(pinned.origin);
+        if (!securityResult.valid) {
+          throw new Error(securityResult.message || "Forbidden URL");
+        }
+        pinned.resolvedIp = securityResult.resolvedIp;
+      }
+      const headers = new Headers((input instanceof Request ? input.headers : void 0) || void 0);
+      const initHeaders = new Headers(init.headers || {});
+      for (const [k, v] of initHeaders.entries()) headers.set(k, v);
+      if (creds) {
+        const authHeaders = await this.authService.getAuthHeaders(creds);
+        for (const [k, v] of Object.entries(authHeaders)) {
+          headers.set(k, v);
+        }
+      }
+      const request = input instanceof Request ? new Request(input, { ...init, headers, redirect: init.redirect ?? "manual" }) : new Request(requestUrl.toString(), { ...init, headers, redirect: init.redirect ?? "manual" });
+      const dispatcher = pinned && pinned.resolvedIp ? this.getDispatcher(pinned.origin, pinned.hostname, pinned.resolvedIp) : void 0;
+      return baseFetch(request, dispatcher ? { dispatcher } : void 0);
+    };
   }
   async ensureConnected() {
-    if (!this.mcpClient || !this.transport) return;
+    if (!this.mcpClient) return;
+    if (!this.transport && this.info.type === "sse") {
+      const authHeaders = this.info.credentials ? await this.authService.getAuthHeaders(this.info.credentials) : {};
+      this.transport = new SSEClientTransport(new URL(this.info.url), {
+        fetch: this.createAuthedFetch(),
+        eventSourceInit: { headers: authHeaders },
+        requestInit: { headers: authHeaders }
+      });
+    }
+    if (!this.transport) return;
     if (this.connected) return;
+    if (this.info.type === "streamableHttp" || this.info.type === "sse") {
+      const securityResult = await this.urlValidator.validateUrl(this.info.url);
+      if (!securityResult.valid) {
+        this.logger.error({ url: this.info.url }, "Blocked upstream URL (SSRF)");
+        throw new Error(securityResult.message || "Forbidden URL");
+      }
+      if (this.pinned) {
+        this.pinned.resolvedIp = securityResult.resolvedIp;
+      }
+    }
     try {
       this.logger.debug("Connecting to upstream transport...");
       await this.mcpClient.connect(this.transport);
@@ -1108,16 +1241,15 @@ var UpstreamClient = class {
     }
   }
   async call(request, context) {
-    const isStdio = (info) => info.type === "stdio";
-    if (isStdio(this.info)) {
-      return this.callStdio(request);
-    } else {
-      return this.callHttp(request, context);
+    const usesMcpClientTransport = (info) => info.type === "stdio" || info.type === "streamableHttp" || info.type === "sse";
+    if (usesMcpClientTransport(this.info)) {
+      return this.callMcpClient(request);
     }
+    return this.callHttp(request, context);
   }
-  async callStdio(request) {
+  async callMcpClient(request) {
     if (!this.mcpClient) {
-      return { jsonrpc: "2.0", id: request.id, error: { code: -32603, message: "Stdio client not initialized" } };
+      return { jsonrpc: "2.0", id: request.id, error: { code: -32603, message: "MCP client not initialized" } };
     }
     try {
       await this.ensureConnected();
@@ -1157,19 +1289,21 @@ var UpstreamClient = class {
         };
       }
     } catch (error) {
-      this.logger.error({ err: error }, "Stdio call failed");
+      this.logger.error({ err: error }, "MCP call failed");
       return {
         jsonrpc: "2.0",
         id: request.id,
         error: {
           code: error.code || -32603,
-          message: error.message || "Internal error in stdio transport"
+          message: error.message || "Internal error in MCP transport"
         }
       };
     }
   }
   async callHttp(request, context) {
-    if (this.info.type === "stdio") throw new Error("Unreachable");
+    if (this.info.type === "stdio" || this.info.type === "streamableHttp" || this.info.type === "sse") {
+      throw new Error("Unreachable");
+    }
     const url = this.info.url;
     const headers = {
       "Content-Type": "application/json",
@@ -1218,7 +1352,7 @@ var UpstreamClient = class {
     }
   }
   async getManifest(context) {
-    if (this.info.type !== "http") return null;
+    if (this.info.type && this.info.type !== "http") return null;
     try {
       const baseUrl = this.info.url.replace(/\/$/, "");
       const manifestUrl = `${baseUrl}/conduit.manifest.json`;
@@ -1258,6 +1392,8 @@ var AuthService = class {
   logger;
   // Cache tokens separately from credentials to avoid mutation
   tokenCache = /* @__PURE__ */ new Map();
+  // Keep the latest refresh token in-memory (rotating tokens)
+  refreshTokenCache = /* @__PURE__ */ new Map();
   // Prevent concurrent refresh requests for the same client
   refreshLocks = /* @__PURE__ */ new Map();
   constructor(logger) {
@@ -1302,25 +1438,53 @@ var AuthService = class {
     }
     this.logger.info({ tokenUrl: creds.tokenUrl, clientId: creds.clientId }, "Refreshing OAuth2 token");
     try {
-      const body = new URLSearchParams();
-      body.set("grant_type", "refresh_token");
-      body.set("refresh_token", creds.refreshToken);
-      body.set("client_id", creds.clientId);
+      const tokenUrl = creds.tokenUrl;
+      const cachedRefreshToken = this.refreshTokenCache.get(cacheKey);
+      const refreshToken = cachedRefreshToken || creds.refreshToken;
+      if (!refreshToken) {
+        throw new Error("OAuth2 credentials missing required fields for refresh");
+      }
+      const payload = {
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: creds.clientId
+      };
       if (creds.clientSecret) {
-        body.set("client_secret", creds.clientSecret);
+        payload.client_secret = creds.clientSecret;
       }
-      const response = await axios3.post(creds.tokenUrl, body, {
+      if (creds.tokenParams) {
+        Object.assign(payload, creds.tokenParams);
+      }
+      const requestFormat = (() => {
+        if (creds.tokenRequestFormat) return creds.tokenRequestFormat;
+        try {
+          const hostname = new URL(tokenUrl).hostname;
+          if (hostname === "auth.atlassian.com") return "json";
+        } catch {
+        }
+        return "form";
+      })();
+      const response = requestFormat === "json" ? await axios3.post(tokenUrl, payload, {
+        headers: {
+          "Content-Type": "application/json",
+          "Accept": "application/json"
+        }
+      }) : await axios3.post(tokenUrl, new URLSearchParams(payload), {
         headers: {
           "Content-Type": "application/x-www-form-urlencoded",
           "Accept": "application/json"
         }
       });
-      const { access_token, expires_in } = response.data;
-      const expiresInSeconds = Number(expires_in) || 3600;
+      const { access_token, expires_in, refresh_token } = response.data;
+      const expiresInRaw = Number(expires_in);
+      const expiresInSeconds = Number.isFinite(expiresInRaw) ? expiresInRaw : 3600;
       this.tokenCache.set(cacheKey, {
         accessToken: access_token,
         expiresAt: Date.now() + expiresInSeconds * 1e3
       });
+      if (typeof refresh_token === "string" && refresh_token.length > 0) {
+        this.refreshTokenCache.set(cacheKey, refresh_token);
+      }
       return `Bearer ${access_token}`;
     } catch (err) {
       const errorMsg = err.response?.data?.error_description || err.response?.data?.error || err.message;
@@ -1545,11 +1709,18 @@ var GatewayService = class {
     }
     let tools = this.schemaCache.get(packageId);
     if (!tools) {
-      try {
-        const manifest = await client.getManifest(context);
-        if (manifest && manifest.tools) {
-          tools = manifest.tools;
-        } else {
+      if (typeof client.getManifest === "function") {
+        try {
+          const manifest = await client.getManifest(context);
+          if (manifest && manifest.tools) {
+            tools = manifest.tools;
+          }
+        } catch (e) {
+          this.logger.debug({ upstreamId: packageId, err: e.message }, "Manifest fetch failed (will fallback)");
+        }
+      }
+      if (!tools) {
+        try {
           if (typeof client.listTools === "function") {
             tools = await client.listTools();
           } else {
@@ -1564,13 +1735,13 @@ var GatewayService = class {
               this.logger.warn({ upstreamId: packageId, error: response.error }, "Failed to discover tools via RPC");
             }
           }
+        } catch (e) {
+          this.logger.error({ upstreamId: packageId, err: e.message }, "Error during tool discovery");
         }
-        if (tools && tools.length > 0) {
-          this.schemaCache.set(packageId, tools);
-          this.logger.info({ upstreamId: packageId, toolCount: tools.length }, "Discovered tools from upstream");
-        }
-      } catch (e) {
-        this.logger.error({ upstreamId: packageId, err: e.message }, "Error during tool discovery");
+      }
+      if (tools && tools.length > 0) {
+        this.schemaCache.set(packageId, tools);
+        this.logger.info({ upstreamId: packageId, toolCount: tools.length }, "Discovered tools from upstream");
       }
     }
     if (!tools) tools = [];
@@ -1827,8 +1998,8 @@ var GatewayService = class {
 };
 
 // src/core/network.policy.service.ts
-import dns from "dns/promises";
-import net2 from "net";
+import dns2 from "dns/promises";
+import net3 from "net";
 import { LRUCache as LRUCache2 } from "lru-cache";
 var NetworkPolicyService = class {
   logger;
@@ -1869,9 +2040,9 @@ var NetworkPolicyService = class {
           return { valid: false, message: "Access denied: private network access forbidden" };
         }
       }
-      if (!net2.isIP(hostname)) {
+      if (!net3.isIP(hostname)) {
         try {
-          const lookup = await dns.lookup(hostname, { all: true });
+          const lookup = await dns2.lookup(hostname, { all: true });
           const resolvedIps = [];
           for (const address of lookup) {
             let ip = address.address;
@@ -1972,13 +2143,14 @@ var SecurityService = class {
   checkRateLimit(key) {
     return this.networkPolicy.checkRateLimit(key);
   }
-  validateIpcToken(token) {
-    if (!this.ipcToken) {
-      return true;
-    }
+  isMasterToken(token) {
+    if (!this.ipcToken) return true;
     const expected = Buffer.from(this.ipcToken);
-    const actual = Buffer.from(token);
-    if (expected.length === actual.length && crypto2.timingSafeEqual(expected, actual)) {
+    const actual = Buffer.from(token || "");
+    return expected.length === actual.length && crypto2.timingSafeEqual(expected, actual);
+  }
+  validateIpcToken(token) {
+    if (this.isMasterToken(token)) {
       return true;
     }
     return !!this.sessionManager.getSession(token);
@@ -2601,26 +2773,30 @@ var IsolateExecutor = class {
       const jail = ctx.global;
       let currentLogBytes = 0;
       let currentErrorBytes = 0;
+      let totalLogEntries = 0;
       await jail.set("__log", new ivm.Callback((msg) => {
+        if (totalLogEntries + 1 > limits.maxLogEntries) {
+          throw new Error("[LIMIT_LOG_ENTRIES]");
+        }
         if (currentLogBytes + msg.length + 1 > limits.maxOutputBytes) {
           throw new Error("[LIMIT_LOG]");
         }
-        if (currentLogBytes < limits.maxOutputBytes) {
-          logs.push(msg);
-          currentLogBytes += msg.length + 1;
-        }
+        totalLogEntries++;
+        logs.push(msg);
+        currentLogBytes += msg.length + 1;
       }));
       await jail.set("__error", new ivm.Callback((msg) => {
+        if (totalLogEntries + 1 > limits.maxLogEntries) {
+          throw new Error("[LIMIT_LOG_ENTRIES]");
+        }
         if (currentErrorBytes + msg.length + 1 > limits.maxOutputBytes) {
           throw new Error("[LIMIT_OUTPUT]");
         }
-        if (currentErrorBytes < limits.maxOutputBytes) {
-          errors.push(msg);
-          currentErrorBytes += msg.length + 1;
-        }
+        totalLogEntries++;
+        errors.push(msg);
+        currentErrorBytes += msg.length + 1;
       }));
       let requestIdCounter = 0;
-      const pendingToolCalls = /* @__PURE__ */ new Map();
       await jail.set("__dispatchToolCall", new ivm.Callback((nameStr, argsStr) => {
         const requestId = ++requestIdCounter;
         const name = nameStr;
@@ -2756,6 +2932,28 @@ var IsolateExecutor = class {
           }
         };
       }
+      if (message.includes("[LIMIT_LOG_ENTRIES]")) {
+        return {
+          stdout: logs.join("\n"),
+          stderr: errors.join("\n"),
+          exitCode: null,
+          error: {
+            code: -32014 /* LogLimitExceeded */,
+            message: "Log entry limit exceeded"
+          }
+        };
+      }
+      if (message.includes("[LIMIT_LOG]") || message.includes("[LIMIT_OUTPUT]")) {
+        return {
+          stdout: logs.join("\n"),
+          stderr: errors.join("\n"),
+          exitCode: null,
+          error: {
+            code: -32013 /* OutputLimitExceeded */,
+            message: "Output limit exceeded"
+          }
+        };
+      }
       this.logger.error({ err }, "Isolate execution failed");
       return {
         stdout: logs.join("\n"),
@@ -3168,13 +3366,13 @@ var ExecutionService = class {
     const packages = await this.gatewayService.listToolPackages();
     const allBindings = [];
     this.logger.debug({ packageCount: packages.length, packages: packages.map((p) => p.id) }, "Fetching tool bindings");
-    for (const pkg of packages) {
+    for (const pkg2 of packages) {
       try {
-        const stubs = await this.gatewayService.listToolStubs(pkg.id, context);
-        this.logger.debug({ packageId: pkg.id, stubCount: stubs.length }, "Got stubs from package");
+        const stubs = await this.gatewayService.listToolStubs(pkg2.id, context);
+        this.logger.debug({ packageId: pkg2.id, stubCount: stubs.length }, "Got stubs from package");
         allBindings.push(...stubs.map((s) => toToolBinding(s.id, void 0, s.description)));
       } catch (err) {
-        this.logger.warn({ packageId: pkg.id, err: err.message }, "Failed to list stubs for package");
+        this.logger.warn({ packageId: pkg2.id, err: err.message }, "Failed to list stubs for package");
       }
     }
     this.logger.info({ totalBindings: allBindings.length }, "Tool bindings ready for SDK generation");
@@ -3269,8 +3467,7 @@ var AuthMiddleware = class {
   }
   async handle(request, context, next) {
     const providedToken = request.auth?.bearerToken || "";
-    const masterToken = this.securityService.getIpcToken();
-    const isMaster = !masterToken || providedToken === masterToken;
+    const isMaster = this.securityService.isMasterToken(providedToken);
     const isSession = !isMaster && this.securityService.validateIpcToken(providedToken);
     if (!isMaster && !isSession) {
       return {
@@ -3446,21 +3643,29 @@ async function handleAuth(options) {
         return;
       }
       try {
-        const body = new URLSearchParams();
-        body.set("grant_type", "authorization_code");
-        body.set("code", code);
-        body.set("redirect_uri", redirectUri);
-        body.set("client_id", options.clientId);
+        const payload = {
+          grant_type: "authorization_code",
+          code,
+          redirect_uri: redirectUri,
+          client_id: options.clientId
+        };
         if (options.clientSecret) {
-          body.set("client_secret", options.clientSecret);
+          payload.client_secret = options.clientSecret;
         }
         if (codeVerifier) {
-          body.set("code_verifier", codeVerifier);
+          payload.code_verifier = codeVerifier;
         }
         if (resolvedResource) {
-          body.set("resource", resolvedResource);
+          payload.resource = resolvedResource;
         }
-        const response = await axios4.post(resolvedTokenUrl, body, {
+        const tokenHostname = new URL(resolvedTokenUrl).hostname;
+        const useJson = tokenHostname === "auth.atlassian.com";
+        const response = useJson ? await axios4.post(resolvedTokenUrl, payload, {
+          headers: {
+            "Content-Type": "application/json",
+            "Accept": "application/json"
+          }
+        }) : await axios4.post(resolvedTokenUrl, new URLSearchParams(payload), {
           headers: {
             "Content-Type": "application/x-www-form-urlencoded",
             "Accept": "application/json"
@@ -3523,7 +3728,9 @@ async function handleAuth(options) {
 
 // src/index.ts
 var program = new Command();
-program.name("conduit").description("A secure Code Mode execution substrate for MCP agents").version("1.0.0");
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../package.json");
+program.name("conduit").description("A secure Code Mode execution substrate for MCP agents").version(pkg.version || "0.0.0");
 program.command("serve", { isDefault: true }).description("Start the Conduit server").option("--stdio", "Use stdio transport").option("--config <path>", "Path to config file").action(async (options) => {
   try {
     await startServer(options);