@nekzus/liop 1.2.0-alpha.10 → 1.2.0-alpha.9

package/README.md

@@ -36,10 +36,9 @@ This fundamentally solves the data privacy, bandwidth, and latency challenges of
 | **MCP Drop-in Replacement** | `LiopServer` mirrors the Anthropic MCP `Server` API — tools, resources, and prompts with `Zod` schemas. |
 | **Guardian AST** | Zero-time heuristic inspection blocks sandbox escapes (`require`, `fs`, `eval`, `fetch`, prototype pollution). |
 | **WASI Sandbox** | JavaScript payloads execute inside V8 isolates with CPU fuel limits and no access to Node.js globals. |
-| **PII Shield** | Multi-layer egress filter with Regional Presets (Email, Credit Card with Luhn, IP, Phone, SSN, IBAN Mod-97, Passport MRZ) and custom keys. |
+| **PII Shield** | Multi-layer egress filter with NIST/OWASP patterns (Email, Credit Card with Luhn, IP, Phone) and configurable forbidden keys. |
 | **ZK-Receipts** | Cryptographic proof (SHA-256 + SHA-512 seal) that the returned result was computed honestly from the injected logic. |
 | **Worker Pool** | Heavy computation (crypto, sandboxing) dispatched to OS threads via `piscina`, unblocking the V8 event loop. |
-| **Cross-AI Adapters**| Zero-Shot system prompts automatically adapt instructions for Claude (XML-heavy) vs OpenAI/Gemini (JSON-schema). |
 | **MCP Bridge** | `LiopMcpBridge` adapts any `LiopServer` to the JSON-RPC 2.0 / stdio protocol used by Claude Desktop, Cursor, etc. |
 | **Post-Quantum Ready** | ML-KEM-768 (Kyber) handshake + AES-256-GCM symmetric encryption for transport-layer security. |
 | **P2P Mesh** | Kademlia DHT discovery via `libp2p` with TCP + WebSocket + Yamux multiplexing and Noise encryption. |
@@ -264,21 +263,13 @@ await bridge.connect();
 Built-in patterns with multi-layer verification:
 
 ```typescript
-import { PII_PATTERNS, PII_PRESETS } from "@nekzus/liop/server";
+import { PII_PATTERNS } from "@nekzus/liop/server";
 
 // Available patterns:
 PII_PATTERNS.EMAIL         // RFC 5322 compliant, excludes @example.com/@test.com
 PII_PATTERNS.CREDIT_CARD   // Visa/MC/Amex + Luhn algorithm validation
 PII_PATTERNS.IP_ADDRESS    // IPv4 with octet range validation (excludes localhost)
 PII_PATTERNS.PHONE         // International phone formats with digit-length validation
-PII_PATTERNS.SSN           // USA Social Security Number rules (blocks 000 segments)
-PII_PATTERNS.IBAN          // ISO 7064 Modulo 97-10 algorithm precision via BigInt
-PII_PATTERNS.PASSPORT_MRZ  // Strict 44-character TD3 international passport MRZ string
-
-// Pre-built Regional Presets ready to drop-in via LiopServer(options):
-PII_PRESETS.GLOBAL_STRICT
-PII_PRESETS.US_COMPLIANT
-PII_PRESETS.EU_GDPR
 ```
 
 ### Forbidden Keys

package/dist/bin/agent.js

@@ -2,105 +2,9 @@
 import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
-import { multiaddr } from "@multiformats/multiaddr";
 import { LiopMcpRouter } from "../gateway/router.js";
 import { MeshNode } from "../mesh/index.js";
 import { LiopServer } from "../server/index.js";
-import { log } from "../utils/logger.js";
-/**
- * Resolves a full libp2p multiaddr (with PeerID) from a LIOP node's
- * HTTP health endpoint. This enables zero-config bootstrap — users
- * only need to provide a URL, not a cryptographic PeerID.
- *
- * @param url - HTTP URL of a LIOP node's health endpoint (e.g. "http://host:3000")
- * @returns Full multiaddr string with PeerID, or null if resolution fails
- */
-async function resolveBootstrapFromUrl(url) {
-    try {
-        const healthUrl = url.endsWith("/health") ? url : `${url}/health`;
-        const response = await fetch(healthUrl, {
-            headers: { Accept: "application/json" },
-            signal: AbortSignal.timeout(10000), // Increased to 10s
-        });
-        if (!response.ok)
-            return null;
-        const data = await response.json();
-        if (!data.mesh?.multiaddrs?.length || !data.mesh?.peerId)
-            return null;
-        // Find TCP multiaddr (prefer non-websocket for stability)
-        const tcpAddr = data.mesh.multiaddrs.find((a) => a.includes("/tcp/") &&
-            !a.includes("/ws") &&
-            !a.includes("/ip4/127.0.0.1/"));
-        if (!tcpAddr)
-            return null;
-        // Rewrite internal Docker IP using industrial mapper if available
-        let resolved = industrialAddressMapper(tcpAddr);
-        if (!resolved || resolved === tcpAddr) {
-            const urlHost = new URL(url).hostname;
-            resolved = tcpAddr.replace(/\/ip4\/[^/]+/, `/ip4/${urlHost}`);
-        }
-        if (!resolved)
-            return null;
-        resolved += resolved.includes("/p2p/") ? "" : `/p2p/${data.mesh.peerId}`;
-        return resolved;
-    }
-    catch {
-        return null;
-    }
-}
-/**
- * Normalizes a bootstrap multiaddr string.
- * If the address contains a Docker bridge IP (172.16-31.x.x) or Loopback (127.0.0.1),
- * rewrites it to the host accessible via LIOP_NEXUS_URL (e.g. WSL2 IP).
- * This is critical when WSL2 mirror-mode networking is broken.
- */
-function normalizeBootstrap(addr) {
-    const trimmed = addr.trim();
-    // Remap Docker bridge IPs and ANY external physical IPs to 127.0.0.1
-    // because Test-NetConnection confirmed 127.0.0.1 is the only reliable path to Docker ports.
-    const dockerIpRegex = /\/ip4\/172\.(1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.[0-9]{1,3}/;
-    const loopbackRegex = /\/ip4\/127\.0\.0\.1/;
-    const physicalIpRegex = /\/ip4\/192\.168\.[0-9]{1,3}\.[0-9]{1,3}/;
-    if (dockerIpRegex.test(trimmed) ||
-        loopbackRegex.test(trimmed) ||
-        physicalIpRegex.test(trimmed)) {
-        const targetIp = "127.0.0.1";
-        const normalized = trimmed
-            .replace(dockerIpRegex, `/ip4/${targetIp}`)
-            .replace(loopbackRegex, `/ip4/${targetIp}`)
-            .replace(physicalIpRegex, `/ip4/${targetIp}`);
-        if (normalized !== trimmed) {
-            log.info(`[LIOP-Agent] 🔄 Local Routing Hack → Forced 127.0.0.1: ${normalized}`);
-        }
-        return normalized;
-    }
-    return trimmed;
-}
-/**
- * industrialAddressMapper
- *
- * Mapea IPs internas de Docker a puertos industriales mapeados en el Host.
- * Nexus (172.20.0.10) -> 13001
- * Vault (172.20.0.11) -> 13003
- * Bank  (172.20.0.12) -> 13004
- * Oracle(172.20.0.13) -> 13005
- */
-function industrialAddressMapper(addr) {
-    if (addr.includes("/ip4/172.20.0.10"))
-        return addr.replace(/\/ip4\/172\.20\.0\.10\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13001");
-    if (addr.includes("/ip4/172.20.0.11"))
-        return addr.replace(/\/ip4\/172\.20\.0\.11\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13003");
-    if (addr.includes("/ip4/172.20.0.12"))
-        return addr.replace(/\/ip4\/172\.20\.0\.12\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13004");
-    if (addr.includes("/ip4/172.20.0.13"))
-        return addr.replace(/\/ip4\/172\.20\.0\.13\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13005");
-    // Drop container-internal loopbacks to prevent the Host Agent from dialing itself or conflicting ports
-    if (addr.includes("/ip4/127.0.0.1/tcp/4000") ||
-        addr.includes("/ip4/127.0.0.1/tcp/3000")) {
-        return null;
-    }
-    return addr;
-}
 /**
  * LIOP Agent (Zero-Config CLI)
  *
@@ -111,8 +15,6 @@ function industrialAddressMapper(addr) {
  * No hardcoded tools, PeerIDs, or port mappings.
  */
 async function main() {
-    const buildTime = new Date().toISOString();
-    log.info(`[LIOP-Agent] 🚀 Version 1.2.0-alpha.9 | Build: ${buildTime}`);
     const liopDir = path.join(os.homedir(), ".liop");
     const identityPath = path.join(liopDir, "identity.json");
     if (!fs.existsSync(liopDir)) {
@@ -125,41 +27,31 @@ async function main() {
     if (args.length > 0) {
         bootstrapNodes = args.filter((a) => a.startsWith("/"));
     }
-    // Priority 1: Physical Beacons (Industrial Pattern) - DETERMINISTIC & INSTANT
+    // Environment variable
+    if (bootstrapNodes.length === 0 && process.env.LIOP_BOOTSTRAP) {
+        bootstrapNodes.push(process.env.LIOP_BOOTSTRAP.trim());
+    }
+    // Convenience: Try to read nexus.multiaddr from multiple locations
     if (bootstrapNodes.length === 0) {
-        const searchDirs = [];
-        // Priority 1.1: Explicit file from environment variable
-        if (process.env.LIOP_BOOTSTRAP_FILE) {
-            const filePath = path.resolve(process.env.LIOP_BOOTSTRAP_FILE);
-            if (fs.existsSync(filePath)) {
-                const addr = fs.readFileSync(filePath, "utf8").trim();
-                if (addr)
-                    bootstrapNodes.push(normalizeBootstrap(addr));
-            }
-        }
-        // Priority 1.2: Traditional locations (Scan for all *.multiaddr)
-        searchDirs.push(process.cwd(), path.join(process.cwd(), "tests/infra/nexus-data"), liopDir, path.join(path
-            .dirname(new URL(import.meta.url).pathname)
-            .replace(/^\/([A-Z]:)/, "$1"), "../../tests/infra/nexus-data"));
-        for (const dir of searchDirs) {
+        const searchPaths = [
+            path.join(process.cwd(), "nexus.multiaddr"),
+            path.join(liopDir, "nexus.multiaddr"),
+            // Try relative to the agent binary (dist/bin/agent.js -> root/nexus.multiaddr)
+            path.join(path.dirname(new URL(import.meta.url).pathname), "../../nexus.multiaddr"),
+            // Windows path fix (remove leading slash if present)
+            path.join(path
+                .dirname(new URL(import.meta.url).pathname)
+                .replace(/^\/([A-Z]:)/, "$1"), "../../nexus.multiaddr"),
+        ];
+        for (const nexusPath of searchPaths) {
             try {
-                if (fs.existsSync(dir)) {
-                    const files = fs.readdirSync(dir);
-                    const multiaddrFiles = files.filter((f) => f.endsWith(".multiaddr"));
-                    for (const file of multiaddrFiles) {
-                        const filePath = path.join(dir, file);
-                        const addr = fs.readFileSync(filePath, "utf8").trim();
-                        if (addr) {
-                            const normalized = normalizeBootstrap(addr);
-                            if (!bootstrapNodes.includes(normalized)) {
-                                bootstrapNodes.push(normalized);
-                                log.info(`[LIOP-Agent] ✅ Loaded beacon: ${file} from ${dir}`);
-                            }
-                        }
-                    }
-                    // If we found any beacons in this directory, we consider discovery successful for this layer
-                    if (bootstrapNodes.length > 0)
+                if (fs.existsSync(nexusPath)) {
+                    const addr = fs.readFileSync(nexusPath, "utf8").trim();
+                    if (addr && !bootstrapNodes.includes(addr)) {
+                        bootstrapNodes.push(addr);
+                        console.error(`[LIOP-Agent] Found bootstrap at: ${nexusPath}`);
                         break;
+                    }
                 }
             }
             catch (_e) {
@@ -167,141 +59,78 @@ async function main() {
             }
         }
     }
-    // Priority 2: Auto-Discovery via NEXUS URL (Aggressive Parallel Discovery)
-    if (process.env.LIOP_NEXUS_URL) {
-        const nexusUrl = process.env.LIOP_NEXUS_URL;
-        log.info(`[LIOP-Agent] 🌐 Running parallel discovery from: ${nexusUrl} (Sources Found: ${bootstrapNodes.length})`);
-        const resolved = await resolveBootstrapFromUrl(nexusUrl);
-        if (resolved) {
-            const normalized = normalizeBootstrap(resolved);
-            if (!bootstrapNodes.includes(normalized)) {
-                bootstrapNodes.push(normalized);
-                log.info(`[LIOP-Agent] ✅ Added bootstrap from URL discovery: ${normalized}`);
-            }
-        }
-    }
-    // Priority 3: Environment variable (direct multiaddr)
-    if (bootstrapNodes.length === 0 && process.env.LIOP_BOOTSTRAP) {
-        bootstrapNodes.push(process.env.LIOP_BOOTSTRAP.trim());
-    }
-    // Final fallback: local Nexus bootstrap for demo environments.
-    // Avoid injecting stale static peer IDs when discovery already found valid peers.
-    if (bootstrapNodes.length === 0) {
-        bootstrapNodes.push("/ip4/127.0.0.1/tcp/13001/p2p/12D3KooWD8FUFdnLQzzLFNdicsaTknM5cpD7os9sK9NWVSVABJMD");
-    }
-    // Sanitize/validate all candidate multiaddrs so malformed PeerIDs don't crash startup.
-    bootstrapNodes = bootstrapNodes.filter((addr) => {
-        try {
-            multiaddr(addr);
-            return true;
-        }
-        catch {
-            log.warn(`[LIOP-Agent] Ignoring invalid bootstrap multiaddr: ${addr}`);
-            return false;
-        }
-    });
     // If no bootstrap nodes found, the agent operates in standalone mode.
     // It will only serve local tools until peers are discovered.
     if (bootstrapNodes.length === 0) {
-        log.info("[LIOP-Agent] No bootstrap nodes configured. Operating in standalone mode.");
-        log.info("[LIOP-Agent] Pass a multiaddr as argument or create 'nexus.multiaddr' file.");
+        console.error("[LIOP-Agent] No bootstrap nodes configured. Operating in standalone mode.");
+        console.error("[LIOP-Agent] Pass a multiaddr as argument or create 'nexus.multiaddr' file.");
     }
     // Initialize local server node (lightweight, no tools registered locally)
     const liopServer = new LiopServer({
         name: "@nekzus/liop-agent",
         version: "1.0.0",
     });
-    // Enable Zero-Shot Autonomy (Industrial Prompt Injection)
-    liopServer.enableZeroShotAutonomy();
     // 2. Mesh Node Configuration
     const meshNode = new MeshNode({
         identityPath: identityPath,
         bootstrapNodes: bootstrapNodes,
-        addressMapper: industrialAddressMapper,
     });
     // Start P2P Mesh
     await meshNode.start();
     // 3. Initialize the Dynamic Router
     // No hardcoded tools — all discovery happens via liop:manifest protocol
     const router = new LiopMcpRouter(liopServer, meshNode);
-    // Proactive Notification to Claude Desktop when tools/resources are discovered dynamically
+    // Proactive Notification to Claude Desktop when tools are discovered dynamically
     router.onToolsChanged = () => {
         process.stdout.write(`{"jsonrpc":"2.0","method":"notifications/tools/list_changed"}\n`);
-        process.stdout.write(`{"jsonrpc":"2.0","method":"notifications/resources/list_changed"}\n`);
     };
-    // Initial warming period (2s) then Adaptive Background Discovery
-    // Polls DHT for new nodes and triggers onToolsChanged when topology shifts.
-    // Uses exponential backoff to reduce polling load on stable meshes.
+    // Initial warming period (2s) then Periodic Discovery Worker (every 10 seconds)
+    // This silently polls the DHT for new nodes and triggers onToolsChanged if the topology shifts.
     setTimeout(() => {
         // biome-ignore lint/suspicious/noExplicitAny: access internal for telemetry
         const rtSize = meshNode.getRoutingTableSize?.() || 0;
-        log.info(`[LIOP-Agent] Warm-up complete. Routing Table size: ${rtSize}`);
+        console.error(`[LIOP-Agent] Warm-up complete. Routing Table size: ${rtSize}`);
         router.refreshManifestCache(true).catch(() => { });
     }, 2000);
-    const POLL_BASE_MS = 10_000;
-    const POLL_MAX_MS = 120_000;
-    let pollIntervalMs = POLL_BASE_MS;
-    const scheduleAdaptivePoll = () => {
-        setTimeout(async () => {
-            const prevSize = router.getCacheSize();
-            await router.refreshManifestCache(true).catch(() => { });
-            const newSize = router.getCacheSize();
-            if (newSize !== prevSize) {
-                // Topology changed — reset to aggressive polling
-                pollIntervalMs = POLL_BASE_MS;
-                log.info(`[LIOP-Agent] Topology change detected (${prevSize} → ${newSize}). Resetting poll to ${POLL_BASE_MS / 1000}s.`);
-            }
-            else {
-                // Stable — relax polling interval (factor 1.5)
-                pollIntervalMs = Math.min(Math.round(pollIntervalMs * 1.5), POLL_MAX_MS);
-            }
-            scheduleAdaptivePoll();
-        }, pollIntervalMs);
-    };
-    scheduleAdaptivePoll();
-    // 4. STDIO Transport — Buffered Line Reader
-    // Uses readline to guarantee complete JSON-RPC messages before parsing.
-    // Raw stdin.on("data") can fragment large payloads across multiple chunks.
-    const readline = await import("node:readline");
-    const rl = readline.createInterface({
-        input: process.stdin,
-        terminal: false,
-    });
+    setInterval(() => {
+        router.refreshManifestCache(true).catch(() => { });
+    }, 15000);
+    // 4. STDIO Transport implementation
     process.stdout.on("error", (err) => {
         if (err.code === "EPIPE") {
             process.exit(0); // Graceful exit when Claude Desktop disconnects
         }
     });
-    rl.on("line", async (line) => {
-        const trimmed = line.trim();
-        if (!trimmed)
+    process.stdin.on("data", async (data) => {
+        const payload = data.toString().trim();
+        if (!payload)
             return;
-        try {
-            const request = JSON.parse(trimmed);
-            if (request.method) {
-                const response = await router.dispatch(request);
-                if (response) {
-                    process.stdout.write(`${JSON.stringify(response)}\n`);
+        const messages = payload.split("\n");
+        for (const msg of messages) {
+            try {
+                const request = JSON.parse(msg);
+                if (request.method) {
+                    const response = await router.dispatch(request);
+                    if (response) {
+                        process.stdout.write(`${JSON.stringify(response)}\n`);
+                    }
                 }
             }
+            catch (_err) {
+                // Silent catch for binary noise
+            }
         }
-        catch (_err) {
-            // Silent catch for binary noise or malformed lines
-        }
-    });
-    rl.on("close", () => {
-        process.exit(0);
     });
     // Status directed only to stderr
-    log.info(`[LIOP-Agent] Guarding Claude Desktop via STDIO.`);
-    log.info(`[LIOP-Agent] P2P Mesh: Joined (${bootstrapNodes.length} bootstraps)`);
-    log.info("[LIOP-Agent] Tool discovery: Dynamic via /liop/manifest/1.0.0");
+    console.error(`[LIOP-Agent] Guarding Claude Desktop via STDIO.`);
+    console.error(`[LIOP-Agent] P2P Mesh: Joined (${bootstrapNodes.length} bootstraps)`);
+    console.error("[LIOP-Agent] Tool discovery: Dynamic via /liop/manifest/1.0.0");
     process.on("SIGINT", async () => {
         await meshNode.stop();
         process.exit(0);
     });
 }
 main().catch((err) => {
-    log.error(`[LIOP-Agent] Fatal Error: ${err.message}`);
+    console.error(`[LIOP-Agent] Fatal Error: ${err.message}`);
     process.exit(1);
 });

package/dist/bridge/index.js

@@ -1,6 +1,5 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { LiopServer } from "../server/index.js";
-import { log } from "../utils/logger.js";
 /**
  * LIOP MCP Bridge
  * A bi-directional bridge that allows legacy MCP servers to join the LIOP mesh,
@@ -15,11 +14,11 @@ export class LiopMcpBridge {
         // Determine mode: Exposing LIOP to MCP (Claude) or Wrapping MCP to LIOP (Mesh)
         if (source instanceof LiopServer) {
             this.liopServer = source;
-            log.info("[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)");
+            console.error("[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)");
         }
         else if (source instanceof McpServer) {
             this.legacyMcpServer = source;
-            log.info("[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)");
+            console.error("[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)");
         }
     }
     /**
@@ -48,7 +47,7 @@ export class LiopMcpBridge {
             return null;
         if (method === "initialize") {
             return this.successResponse(id, {
-                protocolVersion: "2025-11-25",
+                protocolVersion: "2025-03-26",
                 capabilities: {
                     prompts: {},
                     resources: {},
@@ -168,7 +167,7 @@ export class LiopMcpBridge {
             return true;
         }
         catch (e) {
-            log.info("[LIOP-Bridge] ZK-Verifier Failure:", e);
+            console.error("[LIOP-Bridge] ZK-Verifier Failure:", e);
             return false;
         }
     }
@@ -222,7 +221,7 @@ export class LiopMcpBridge {
             terminal: false,
         });
         const shutdown = async () => {
-            log.info("[LIOP-Bridge] Disconnecting session...");
+            console.error("[LIOP-Bridge] Disconnecting session...");
             if (this.liopServer)
                 await this.liopServer.close();
             process.exit(0);
@@ -241,7 +240,7 @@ export class LiopMcpBridge {
                 }
             }
             catch (e) {
-                log.error(`[LIOP-Bridge] Error: ${e.message}`);
+                console.error(`[LIOP-Bridge] Error: ${e.message}`);
             }
         });
     }

package/dist/bridge/stream.js

@@ -3,7 +3,6 @@ import { serve } from "@hono/node-server";
 import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
-import { log } from "../utils/logger.js";
 import { LiopMcpBridge } from "./index.js";
 const DEFAULT_MAX_SESSIONS_PER_IP = 10;
 const DEFAULT_SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
@@ -54,7 +53,7 @@ export class LiopStreamBridge {
                     lastActivity: Date.now(),
                     clientIp,
                 });
-                log.info(`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`);
+                console.error(`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`);
             },
         });
         // Wire the transport's incoming messages to the LiopMcpBridge JSON-RPC router
@@ -73,13 +72,13 @@ export class LiopStreamBridge {
                 }
             }
             catch (err) {
-                log.info("[LIOP-StreamBridge] JSON-RPC error:", err.message);
+                console.error("[LIOP-StreamBridge] JSON-RPC error:", err.message);
             }
         };
         transport.onclose = () => {
             if (transport.sessionId) {
                 this.activeSessions.delete(transport.sessionId);
-                log.info(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);
+                console.error(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);
             }
         };
         return transport;
@@ -110,7 +109,7 @@ export class LiopStreamBridge {
         const now = Date.now();
         for (const [sessionId, entry] of this.activeSessions) {
             if (now - entry.lastActivity > this.sessionTimeoutMs) {
-                log.info(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);
+                console.error(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);
                 entry.transport.close().catch(() => {
                     /* Swallow close errors */
                 });
@@ -125,9 +124,10 @@ export class LiopStreamBridge {
             const auth = c.req.header("Authorization");
             const expectedToken = process.env.ZERO_TRUST_TOKEN;
             if (expectedToken) {
-                if (!auth?.startsWith("Bearer ") ||
+                if (!auth ||
+                    !auth.startsWith("Bearer ") ||
                     auth.split(" ")[1] !== expectedToken) {
-                    log.info("[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.");
+                    console.error("[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.");
                     return c.json({ error: "Unauthorized: LIOP Zero-Trust Policy Enforced" }, 401);
                 }
             }
@@ -149,7 +149,7 @@ export class LiopStreamBridge {
                 // Explicitly clean up the session from the Map.
                 if (c.req.method === "DELETE") {
                     this.activeSessions.delete(sessionId);
-                    log.info(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);
+                    console.error(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);
                 }
                 return response;
             }
@@ -158,7 +158,7 @@ export class LiopStreamBridge {
             const clientIp = this.getClientIp(c);
             const currentSessions = this.countSessionsByIp(clientIp);
             if (currentSessions >= this.maxSessionsPerIp) {
-                log.info(`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`);
+                console.error(`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`);
                 return c.json({ error: "Too Many Sessions: Rate limit exceeded" }, 429);
             }
             const transport = this.createSessionTransport(clientIp);
@@ -177,7 +177,7 @@ export class LiopStreamBridge {
                 fetch: this.app.fetch,
                 port: listenPort,
             }, (info) => {
-                log.info(`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`);
+                console.error(`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`);
                 resolve();
             });
         });
@@ -196,7 +196,7 @@ export class LiopStreamBridge {
         }
         if (this.httpServer) {
             this.httpServer.close();
-            log.info("[LIOP-StreamBridge] HTTP ports released.");
+            console.error("[LIOP-StreamBridge] HTTP ports released.");
         }
     }
 }