@mhingston5/conduit 1.1.6 → 1.1.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mhingston5/conduit",
-  "version": "1.1.6",
+  "version": "1.1.8",
   "type": "module",
   "description": "A secure Code Mode execution substrate for MCP agents",
   "main": "index.js",
@@ -60,6 +60,7 @@
     "p-limit": "^7.2.0",
     "pino": "^10.1.0",
     "pyodide": "^0.29.0",
+    "undici": "^7.18.2",
     "uuid": "^13.0.0",
     "zod": "^4.3.5"
   },

package/src/auth.cmd.ts

@@ -157,27 +157,39 @@ export async function handleAuth(options: AuthOptions) {
             }
 
             try {
-                const body = new URLSearchParams();
-                body.set('grant_type', 'authorization_code');
-                body.set('code', code);
-                body.set('redirect_uri', redirectUri);
-                body.set('client_id', options.clientId);
+                const payload: Record<string, string> = {
+                    grant_type: 'authorization_code',
+                    code,
+                    redirect_uri: redirectUri,
+                    client_id: options.clientId,
+                };
+
                 if (options.clientSecret) {
-                    body.set('client_secret', options.clientSecret);
+                    payload.client_secret = options.clientSecret;
                 }
                 if (codeVerifier) {
-                    body.set('code_verifier', codeVerifier);
+                    payload.code_verifier = codeVerifier;
                 }
                 if (resolvedResource) {
-                    body.set('resource', resolvedResource);
+                    payload.resource = resolvedResource;
                 }
 
-                const response = await axios.post(resolvedTokenUrl, body, {
-                    headers: {
-                        'Content-Type': 'application/x-www-form-urlencoded',
-                        'Accept': 'application/json',
-                    },
-                });
+                const tokenHostname = new URL(resolvedTokenUrl).hostname;
+                const useJson = tokenHostname === 'auth.atlassian.com';
+
+                const response = useJson
+                    ? await axios.post(resolvedTokenUrl, payload, {
+                        headers: {
+                            'Content-Type': 'application/json',
+                            'Accept': 'application/json',
+                        },
+                    })
+                    : await axios.post(resolvedTokenUrl, new URLSearchParams(payload), {
+                        headers: {
+                            'Content-Type': 'application/x-www-form-urlencoded',
+                            'Accept': 'application/json',
+                        },
+                    });
 
                 const { refresh_token, access_token } = response.data;
 

package/src/core/config.service.ts

@@ -29,6 +29,8 @@ export const UpstreamCredentialsSchema = z.object({
     tokenUrl: z.string().optional(),
     refreshToken: z.string().optional(),
     scopes: z.array(z.string()).optional(),
+    tokenRequestFormat: z.enum(['form', 'json']).optional(),
+    tokenParams: z.record(z.string(), z.string()).optional(),
     apiKey: z.string().optional(),
     bearerToken: z.string().optional(),
     headerName: z.string().optional(),
@@ -41,6 +43,20 @@ export const HttpUpstreamSchema = z.object({
     credentials: UpstreamCredentialsSchema.optional(),
 });
 
+export const StreamableHttpUpstreamSchema = z.object({
+    id: z.string(),
+    type: z.literal('streamableHttp'),
+    url: z.string(),
+    credentials: UpstreamCredentialsSchema.optional(),
+});
+
+export const SseUpstreamSchema = z.object({
+    id: z.string(),
+    type: z.literal('sse'),
+    url: z.string(),
+    credentials: UpstreamCredentialsSchema.optional(),
+});
+
 export const StdioUpstreamSchema = z.object({
     id: z.string(),
     type: z.literal('stdio'),
@@ -49,7 +65,12 @@ export const StdioUpstreamSchema = z.object({
     env: z.record(z.string(), z.string()).optional(),
 });
 
-export const UpstreamInfoSchema = z.union([HttpUpstreamSchema, StdioUpstreamSchema]);
+export const UpstreamInfoSchema = z.union([
+    HttpUpstreamSchema,
+    StreamableHttpUpstreamSchema,
+    SseUpstreamSchema,
+    StdioUpstreamSchema,
+]);
 
 export type ResourceLimits = z.infer<typeof ResourceLimitsSchema>;
 

package/src/core/middleware/auth.middleware.ts

@@ -12,10 +12,9 @@ export class AuthMiddleware implements Middleware {
         next: NextFunction
     ): Promise<JSONRPCResponse | null> {
         const providedToken = request.auth?.bearerToken || '';
-        const masterToken = this.securityService.getIpcToken();
 
         // If no master token is set (stdio mode), treat all requests as master (auth disabled)
-        const isMaster = !masterToken || providedToken === masterToken;
+        const isMaster = this.securityService.isMasterToken(providedToken);
         const isSession = !isMaster && this.securityService.validateIpcToken(providedToken);
 
         if (!isMaster && !isSession) {

package/src/core/security.service.ts

@@ -38,16 +38,16 @@ export class SecurityService implements IUrlValidator {
         return this.networkPolicy.checkRateLimit(key);
     }
 
-    validateIpcToken(token: string): boolean {
-        // Fix Sev1: Use timing-safe comparison for sensitive tokens
-        if (!this.ipcToken) {
-            return true;
-        }
-
+    isMasterToken(token: string): boolean {
+        if (!this.ipcToken) return true;
         const expected = Buffer.from(this.ipcToken);
-        const actual = Buffer.from(token);
+        const actual = Buffer.from(token || '');
+        return expected.length === actual.length && crypto.timingSafeEqual(expected, actual);
+    }
 
-        if (expected.length === actual.length && crypto.timingSafeEqual(expected, actual)) {
+    validateIpcToken(token: string): boolean {
+        // Fix Sev1: Use timing-safe comparison for sensitive tokens
+        if (this.isMasterToken(token)) {
             return true;
         }
 

package/src/executors/isolate.executor.ts

@@ -44,33 +44,36 @@ export class IsolateExecutor implements Executor {
 
             let currentLogBytes = 0;
             let currentErrorBytes = 0;
+            let totalLogEntries = 0;
 
-            // Inject console.log/error for output capture
             // Inject console.log/error for output capture
             await jail.set('__log', new ivm.Callback((msg: string) => {
+                if (totalLogEntries + 1 > limits.maxLogEntries) {
+                    throw new Error('[LIMIT_LOG_ENTRIES]');
+                }
                 if (currentLogBytes + msg.length + 1 > limits.maxOutputBytes) {
-                    // Check log entry count limit? We don't track count here yet effectively, but bytes is safer.
-                    // The interface says maxOutputBytes applies to total output.
                     throw new Error('[LIMIT_LOG]');
                 }
-                if (currentLogBytes < limits.maxOutputBytes) {
-                    logs.push(msg);
-                    currentLogBytes += msg.length + 1; // +1 for newline approximation
-                }
+
+                totalLogEntries++;
+                logs.push(msg);
+                currentLogBytes += msg.length + 1; // +1 for newline approximation
             }));
             await jail.set('__error', new ivm.Callback((msg: string) => {
+                if (totalLogEntries + 1 > limits.maxLogEntries) {
+                    throw new Error('[LIMIT_LOG_ENTRIES]');
+                }
                 if (currentErrorBytes + msg.length + 1 > limits.maxOutputBytes) {
                     throw new Error('[LIMIT_OUTPUT]');
                 }
-                if (currentErrorBytes < limits.maxOutputBytes) {
-                    errors.push(msg);
-                    currentErrorBytes += msg.length + 1;
-                }
+
+                totalLogEntries++;
+                errors.push(msg);
+                currentErrorBytes += msg.length + 1;
             }));
 
             // Async tool bridge (ID-based to avoid Promise transfer issues)
             let requestIdCounter = 0;
-            const pendingToolCalls = new Map<number, Promise<any>>(); // Not used by Host, but Host initiates work
 
             await jail.set('__dispatchToolCall', new ivm.Callback((nameStr: string, argsStr: string) => {
                 const requestId = ++requestIdCounter;
@@ -244,6 +247,30 @@ export class IsolateExecutor implements Executor {
                 };
             }
 
+            if (message.includes('[LIMIT_LOG_ENTRIES]')) {
+                return {
+                    stdout: logs.join('\n'),
+                    stderr: errors.join('\n'),
+                    exitCode: null,
+                    error: {
+                        code: ConduitError.LogLimitExceeded,
+                        message: 'Log entry limit exceeded',
+                    },
+                };
+            }
+
+            if (message.includes('[LIMIT_LOG]') || message.includes('[LIMIT_OUTPUT]')) {
+                return {
+                    stdout: logs.join('\n'),
+                    stderr: errors.join('\n'),
+                    exitCode: null,
+                    error: {
+                        code: ConduitError.OutputLimitExceeded,
+                        message: 'Output limit exceeded',
+                    },
+                };
+            }
+
             this.logger.error({ err }, 'Isolate execution failed');
             return {
                 stdout: logs.join('\n'),

package/src/gateway/auth.service.ts

@@ -12,6 +12,8 @@ export interface UpstreamCredentials {
     tokenUrl?: string;
     refreshToken?: string;
     scopes?: string[];
+    tokenRequestFormat?: 'form' | 'json';
+    tokenParams?: Record<string, string>;
 }
 
 interface CachedToken {
@@ -23,6 +25,8 @@ export class AuthService {
     private logger: Logger;
     // Cache tokens separately from credentials to avoid mutation
     private tokenCache = new Map<string, CachedToken>();
+    // Keep the latest refresh token in-memory (rotating tokens)
+    private refreshTokenCache = new Map<string, string>();
     // Prevent concurrent refresh requests for the same client
     private refreshLocks = new Map<string, Promise<string>>();
 
@@ -81,23 +85,56 @@ export class AuthService {
         this.logger.info({ tokenUrl: creds.tokenUrl, clientId: creds.clientId }, 'Refreshing OAuth2 token');
 
         try {
-            const body = new URLSearchParams();
-            body.set('grant_type', 'refresh_token');
-            body.set('refresh_token', creds.refreshToken);
-            body.set('client_id', creds.clientId);
+            const tokenUrl = creds.tokenUrl;
+            const cachedRefreshToken = this.refreshTokenCache.get(cacheKey);
+            const refreshToken = cachedRefreshToken || creds.refreshToken;
+
+            if (!refreshToken) {
+                throw new Error('OAuth2 credentials missing required fields for refresh');
+            }
+
+            const payload: Record<string, string> = {
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+                client_id: creds.clientId,
+            };
+
             if (creds.clientSecret) {
-                body.set('client_secret', creds.clientSecret);
+                payload.client_secret = creds.clientSecret;
             }
 
-            const response = await axios.post(creds.tokenUrl, body, {
-                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
-                    'Accept': 'application/json',
-                },
-            });
+            if (creds.tokenParams) {
+                Object.assign(payload, creds.tokenParams);
+            }
 
-            const { access_token, expires_in } = response.data;
-            const expiresInSeconds = Number(expires_in) || 3600;
+            const requestFormat = (() => {
+                if (creds.tokenRequestFormat) return creds.tokenRequestFormat;
+                try {
+                    const hostname = new URL(tokenUrl).hostname;
+                    if (hostname === 'auth.atlassian.com') return 'json';
+                } catch {
+                    // ignore
+                }
+                return 'form';
+            })();
+
+            const response = requestFormat === 'json'
+                ? await axios.post(tokenUrl, payload, {
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'Accept': 'application/json',
+                    },
+                })
+                : await axios.post(tokenUrl, new URLSearchParams(payload), {
+                    headers: {
+                        'Content-Type': 'application/x-www-form-urlencoded',
+                        'Accept': 'application/json',
+                    },
+                });
+
+            const { access_token, expires_in, refresh_token } = response.data;
+            const expiresInRaw = Number(expires_in);
+            const expiresInSeconds = Number.isFinite(expiresInRaw) ? expiresInRaw : 3600;
 
             // Cache the token (don't mutate the input credentials)
             this.tokenCache.set(cacheKey, {
@@ -105,6 +142,11 @@ export class AuthService {
                 expiresAt: Date.now() + (expiresInSeconds * 1000),
             });
 
+            // Some providers (e.g. Atlassian) rotate refresh tokens
+            if (typeof refresh_token === 'string' && refresh_token.length > 0) {
+                this.refreshTokenCache.set(cacheKey, refresh_token);
+            }
+
             return `Bearer ${access_token}`;
         } catch (err: any) {
             const errorMsg = err.response?.data?.error_description || err.response?.data?.error || err.message;

package/src/gateway/gateway.service.ts

@@ -144,15 +144,23 @@ export class GatewayService {
 
         let tools = this.schemaCache.get(packageId);
 
-        // Try manifest first if tools not cached
+        // Discover tools if not cached
         if (!tools) {
-            try {
-                // Try to get manifest FIRST
-                const manifest = await client.getManifest(context);
-                if (manifest && manifest.tools) {
-                    tools = manifest.tools as ToolSchema[];
-                } else {
-                    // Fall back to RPC discovery
+            // 1) Try to get manifest (if supported)
+            if (typeof (client as any).getManifest === 'function') {
+                try {
+                    const manifest = await (client as any).getManifest(context);
+                    if (manifest && manifest.tools) {
+                        tools = manifest.tools as ToolSchema[];
+                    }
+                } catch (e: any) {
+                    this.logger.debug({ upstreamId: packageId, err: e.message }, 'Manifest fetch failed (will fallback)');
+                }
+            }
+
+            // 2) Fall back to RPC discovery
+            if (!tools) {
+                try {
                     if (typeof (client as any).listTools === 'function') {
                         tools = await (client as any).listTools();
                     } else {
@@ -168,14 +176,14 @@ export class GatewayService {
                             this.logger.warn({ upstreamId: packageId, error: response.error }, 'Failed to discover tools via RPC');
                         }
                     }
+                } catch (e: any) {
+                    this.logger.error({ upstreamId: packageId, err: e.message }, 'Error during tool discovery');
                 }
+            }
 
-                if (tools && tools.length > 0) {
-                    this.schemaCache.set(packageId, tools);
-                    this.logger.info({ upstreamId: packageId, toolCount: tools.length }, 'Discovered tools from upstream');
-                }
-            } catch (e: any) {
-                this.logger.error({ upstreamId: packageId, err: e.message }, 'Error during tool discovery');
+            if (tools && tools.length > 0) {
+                this.schemaCache.set(packageId, tools);
+                this.logger.info({ upstreamId: packageId, toolCount: tools.length }, 'Discovered tools from upstream');
             }
         }
 

package/src/gateway/upstream.client.ts

@@ -7,13 +7,20 @@ import { IUrlValidator } from '../core/interfaces/url.validator.interface.js';
 
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
 import { z } from 'zod';
+import dns from 'node:dns';
+import net from 'node:net';
+import { Agent } from 'undici';
 
 export type UpstreamInfo = {
     id: string;
     credentials?: UpstreamCredentials;
 } & (
         | { type?: 'http'; url: string }
+        | { type: 'streamableHttp'; url: string }
+        | { type: 'sse'; url: string }
         | { type: 'stdio'; command: string; args?: string[]; env?: Record<string, string> }
     );
 
@@ -23,9 +30,13 @@ export class UpstreamClient {
     private authService: AuthService;
     private urlValidator: IUrlValidator;
     private mcpClient?: Client;
-    private transport?: StdioClientTransport;
+    private transport?: StdioClientTransport | StreamableHTTPClientTransport | SSEClientTransport;
     private connected: boolean = false;
 
+    // Pinned-IP dispatchers per upstream origin (defends against DNS rebinding)
+    private dispatcherCache = new Map<string, { resolvedIp: string; agent: Agent }>();
+    private pinned?: { origin: string; hostname: string; resolvedIp?: string };
+
     constructor(logger: Logger, info: UpstreamInfo, authService: AuthService, urlValidator: IUrlValidator) {
         this.logger = logger.child({ upstreamId: info.id });
         this.info = info;
@@ -51,13 +62,153 @@ export class UpstreamClient {
             }, {
                 capabilities: {},
             });
+            return;
+        }
+
+        if (this.info.type === 'streamableHttp') {
+            const upstreamUrl = new URL(this.info.url);
+            this.pinned = { origin: upstreamUrl.origin, hostname: upstreamUrl.hostname };
+
+            this.transport = new StreamableHTTPClientTransport(upstreamUrl, {
+                fetch: this.createAuthedFetch(),
+            });
+            this.mcpClient = new Client({
+                name: 'conduit-gateway',
+                version: '1.0.0',
+            }, {
+                capabilities: {},
+            });
+            return;
+        }
+
+        if (this.info.type === 'sse') {
+            const upstreamUrl = new URL(this.info.url);
+            this.pinned = { origin: upstreamUrl.origin, hostname: upstreamUrl.hostname };
+
+            this.mcpClient = new Client({
+                name: 'conduit-gateway',
+                version: '1.0.0',
+            }, {
+                capabilities: {},
+            });
         }
     }
 
-    private async ensureConnected() {
-        if (!this.mcpClient || !this.transport) return;
+    private getDispatcher(origin: string, hostname: string, resolvedIp: string): Agent {
+        const existing = this.dispatcherCache.get(origin);
+        if (existing && existing.resolvedIp === resolvedIp) {
+            return existing.agent;
+        }
+
+        if (existing) {
+            try {
+                existing.agent.close();
+            } catch {
+                // ignore
+            }
+        }
+
+        const agent = new Agent({
+            connect: {
+                lookup: (lookupHostname: string, options: any, callback: any) => {
+                    if (lookupHostname === hostname) {
+                        callback(null, resolvedIp, net.isIP(resolvedIp));
+                        return;
+                    }
+                    dns.lookup(lookupHostname, options, callback);
+                },
+            },
+        });
+
+        this.dispatcherCache.set(origin, { resolvedIp, agent });
+        return agent;
+    }
+
+    private createAuthedFetch() {
+        const creds = this.info.credentials;
+        const pinned = this.pinned;
+
+        // Fall back to global fetch
+        const baseFetch = fetch;
+
+        return async (input: any, init: any = {}) => {
+            const requestUrlStr = (() => {
+                if (typeof input === 'string') return input;
+                if (input instanceof URL) return input.toString();
+                if (input instanceof Request) return input.url;
+                return String(input);
+            })();
+
+            const requestUrl = pinned
+                ? new URL(requestUrlStr, pinned.origin)
+                : new URL(requestUrlStr);
+
+            // Hard safety boundary: never allow fetch to escape upstream origin
+            if (pinned && requestUrl.origin !== pinned.origin) {
+                throw new Error(`Forbidden upstream redirect/origin: ${requestUrl.origin}`);
+            }
+
+            // Validate and (optionally) pin resolved IP for DNS-rebinding defense
+            if (pinned && !pinned.resolvedIp) {
+                const securityResult = await this.urlValidator.validateUrl(pinned.origin);
+                if (!securityResult.valid) {
+                    throw new Error(securityResult.message || 'Forbidden URL');
+                }
+                pinned.resolvedIp = securityResult.resolvedIp;
+            }
+
+            const headers = new Headers((input instanceof Request ? input.headers : undefined) || undefined);
+            const initHeaders = new Headers(init.headers || {});
+            for (const [k, v] of initHeaders.entries()) headers.set(k, v);
+
+            if (creds) {
+                const authHeaders = await this.authService.getAuthHeaders(creds);
+                for (const [k, v] of Object.entries(authHeaders)) {
+                    headers.set(k, v);
+                }
+            }
+
+            const request = input instanceof Request
+                ? new Request(input, { ...init, headers, redirect: init.redirect ?? 'manual' })
+                : new Request(requestUrl.toString(), { ...init, headers, redirect: init.redirect ?? 'manual' });
+
+            const dispatcher = (pinned && pinned.resolvedIp)
+                ? this.getDispatcher(pinned.origin, pinned.hostname, pinned.resolvedIp)
+                : undefined;
+
+            return baseFetch(request, dispatcher ? { dispatcher } : undefined);
+        };
+    }
+
+    private async ensureConnected() { 
+        if (!this.mcpClient) return;
+
+        if (!this.transport && this.info.type === 'sse') {
+            const authHeaders = this.info.credentials
+                ? await this.authService.getAuthHeaders(this.info.credentials)
+                : {};
+
+            this.transport = new SSEClientTransport(new URL(this.info.url), {
+                fetch: this.createAuthedFetch(),
+                eventSourceInit: { headers: authHeaders } as any,
+                requestInit: { headers: authHeaders },
+            });
+        }
+
+        if (!this.transport) return;
         if (this.connected) return;
 
+        if (this.info.type === 'streamableHttp' || this.info.type === 'sse') {
+            const securityResult = await this.urlValidator.validateUrl(this.info.url);
+            if (!securityResult.valid) {
+                this.logger.error({ url: this.info.url }, 'Blocked upstream URL (SSRF)');
+                throw new Error(securityResult.message || 'Forbidden URL');
+            }
+            if (this.pinned) {
+                this.pinned.resolvedIp = securityResult.resolvedIp;
+            }
+        }
+
         try {
             this.logger.debug('Connecting to upstream transport...');
             await this.mcpClient.connect(this.transport);
@@ -70,19 +221,23 @@ export class UpstreamClient {
     }
 
     async call(request: JSONRPCRequest, context: ExecutionContext): Promise<JSONRPCResponse> {
-        // Helper to determine type safely
-        const isStdio = (info: UpstreamInfo): info is { type: 'stdio'; command: string; args?: string[]; env?: Record<string, string>; id: string; credentials?: UpstreamCredentials } => info.type === 'stdio';
+        const usesMcpClientTransport = (info: UpstreamInfo): info is (
+            | { type: 'stdio'; command: string; args?: string[]; env?: Record<string, string> }
+            | { type: 'streamableHttp'; url: string }
+            | { type: 'sse'; url: string }
+        ) & { id: string; credentials?: UpstreamCredentials } =>
+            info.type === 'stdio' || info.type === 'streamableHttp' || info.type === 'sse';
 
-        if (isStdio(this.info)) {
-            return this.callStdio(request);
-        } else {
-            return this.callHttp(request, context as ExecutionContext);
+        if (usesMcpClientTransport(this.info)) {
+            return this.callMcpClient(request);
         }
+
+        return this.callHttp(request, context as ExecutionContext);
     }
 
-    private async callStdio(request: JSONRPCRequest): Promise<JSONRPCResponse> {
+    private async callMcpClient(request: JSONRPCRequest): Promise<JSONRPCResponse> {
         if (!this.mcpClient) {
-            return { jsonrpc: '2.0', id: request.id, error: { code: -32603, message: 'Stdio client not initialized' } };
+            return { jsonrpc: '2.0', id: request.id, error: { code: -32603, message: 'MCP client not initialized' } };
         }
 
         try {
@@ -128,13 +283,13 @@ export class UpstreamClient {
                 };
             }
         } catch (error: any) {
-            this.logger.error({ err: error }, 'Stdio call failed');
+            this.logger.error({ err: error }, 'MCP call failed');
             return {
                 jsonrpc: '2.0',
                 id: request.id,
                 error: {
                     code: error.code || -32603,
-                    message: error.message || 'Internal error in stdio transport'
+                    message: error.message || 'Internal error in MCP transport'
                 }
             };
         }
@@ -142,7 +297,9 @@ export class UpstreamClient {
 
     private async callHttp(request: JSONRPCRequest, context: ExecutionContext): Promise<JSONRPCResponse> {
         // Narrowing for TS
-        if (this.info.type === 'stdio') throw new Error('Unreachable');
+        if (this.info.type === 'stdio' || this.info.type === 'streamableHttp' || this.info.type === 'sse') {
+            throw new Error('Unreachable');
+        }
         const url = this.info.url;
 
         const headers: Record<string, string> = {
@@ -204,7 +361,7 @@ export class UpstreamClient {
         }
     }
     async getManifest(context: ExecutionContext): Promise<ToolManifest | null> {
-        if (this.info.type !== 'http') return null;
+        if (this.info.type && this.info.type !== 'http') return null;
 
         try {
             const baseUrl = this.info.url.replace(/\/$/, ''); // Remove trailing slash

package/src/index.ts

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
+import { createRequire } from 'node:module';
 import { ConfigService } from './core/config.service.js';
 import { createLogger, loggerStorage } from './core/logger.js';
 import { SocketTransport } from './transport/socket.transport.js';
@@ -20,10 +21,13 @@ import { handleAuth } from './auth.cmd.js';
 
 const program = new Command();
 
+const require = createRequire(import.meta.url);
+const pkg = require('../package.json') as { version?: string };
+
 program
     .name('conduit')
     .description('A secure Code Mode execution substrate for MCP agents')
-    .version('1.0.0');
+    .version(pkg.version || '0.0.0');
 
 program
     .command('serve', { isDefault: true })