@nekzus/liop 1.2.0-alpha.9 → 1.2.0

package/README.md

@@ -36,9 +36,10 @@ This fundamentally solves the data privacy, bandwidth, and latency challenges of
 | **MCP Drop-in Replacement** | `LiopServer` mirrors the Anthropic MCP `Server` API — tools, resources, and prompts with `Zod` schemas. |
 | **Guardian AST** | Zero-time heuristic inspection blocks sandbox escapes (`require`, `fs`, `eval`, `fetch`, prototype pollution). |
 | **WASI Sandbox** | JavaScript payloads execute inside V8 isolates with CPU fuel limits and no access to Node.js globals. |
-| **PII Shield** | Multi-layer egress filter with NIST/OWASP patterns (Email, Credit Card with Luhn, IP, Phone) and configurable forbidden keys. |
+| **PII Shield** | Multi-layer egress filter with Regional Presets (Email, Credit Card with Luhn, IP, Phone, SSN, IBAN Mod-97, Passport MRZ) and custom keys. |
 | **ZK-Receipts** | Cryptographic proof (SHA-256 + SHA-512 seal) that the returned result was computed honestly from the injected logic. |
 | **Worker Pool** | Heavy computation (crypto, sandboxing) dispatched to OS threads via `piscina`, unblocking the V8 event loop. |
+| **Cross-AI Adapters**| Zero-Shot system prompts automatically adapt instructions for Claude (XML-heavy) vs OpenAI/Gemini (JSON-schema). |
 | **MCP Bridge** | `LiopMcpBridge` adapts any `LiopServer` to the JSON-RPC 2.0 / stdio protocol used by Claude Desktop, Cursor, etc. |
 | **Post-Quantum Ready** | ML-KEM-768 (Kyber) handshake + AES-256-GCM symmetric encryption for transport-layer security. |
 | **P2P Mesh** | Kademlia DHT discovery via `libp2p` with TCP + WebSocket + Yamux multiplexing and Noise encryption. |
@@ -263,13 +264,21 @@ await bridge.connect();
 Built-in patterns with multi-layer verification:
 
 ```typescript
-import { PII_PATTERNS } from "@nekzus/liop/server";
+import { PII_PATTERNS, PII_PRESETS } from "@nekzus/liop/server";
 
 // Available patterns:
 PII_PATTERNS.EMAIL         // RFC 5322 compliant, excludes @example.com/@test.com
 PII_PATTERNS.CREDIT_CARD   // Visa/MC/Amex + Luhn algorithm validation
 PII_PATTERNS.IP_ADDRESS    // IPv4 with octet range validation (excludes localhost)
 PII_PATTERNS.PHONE         // International phone formats with digit-length validation
+PII_PATTERNS.SSN           // USA Social Security Number rules (blocks 000 segments)
+PII_PATTERNS.IBAN          // ISO 7064 Modulo 97-10 algorithm precision via BigInt
+PII_PATTERNS.PASSPORT_MRZ  // Strict 44-character TD3 international passport MRZ string
+
+// Pre-built Regional Presets ready to drop-in via LiopServer(options):
+PII_PRESETS.GLOBAL_STRICT
+PII_PRESETS.US_COMPLIANT
+PII_PRESETS.EU_GDPR
 ```
 
 ### Forbidden Keys
@@ -292,7 +301,7 @@ const server = new LiopServer(info, {
 The following shows a complete Logic-Injection-on-Origin execution cycle (handled internally by the SDK):
 
 ```
-1. LLM generates JavaScript analysis code wrapped in ---BEGIN_LOGIC--- / ---END_LOGIC--- boundaries
+1. LLM generates JavaScript analysis code wrapped in @LIOP / @END boundaries
 2. LiopServer receives the payload via tools/call (JSON-RPC or direct)
 3. Guardian AST inspects for sandbox escapes (zero-time heuristic analysis)
 4. Code executes inside a V8 isolate with CPU fuel limits (no Node.js globals)

package/dist/bin/agent.js

@@ -2,9 +2,105 @@
 import * as fs from "node:fs";
 import * as os from "node:os";
 import * as path from "node:path";
+import { multiaddr } from "@multiformats/multiaddr";
 import { LiopMcpRouter } from "../gateway/router.js";
 import { MeshNode } from "../mesh/index.js";
 import { LiopServer } from "../server/index.js";
+import { log } from "../utils/logger.js";
+/**
+ * Resolves a full libp2p multiaddr (with PeerID) from a LIOP node's
+ * HTTP health endpoint. This enables zero-config bootstrap — users
+ * only need to provide a URL, not a cryptographic PeerID.
+ *
+ * @param url - HTTP URL of a LIOP node's health endpoint (e.g. "http://host:3000")
+ * @returns Full multiaddr string with PeerID, or null if resolution fails
+ */
+async function resolveBootstrapFromUrl(url) {
+    try {
+        const healthUrl = url.endsWith("/health") ? url : `${url}/health`;
+        const response = await fetch(healthUrl, {
+            headers: { Accept: "application/json" },
+            signal: AbortSignal.timeout(10000), // Increased to 10s
+        });
+        if (!response.ok)
+            return null;
+        const data = await response.json();
+        if (!data.mesh?.multiaddrs?.length || !data.mesh?.peerId)
+            return null;
+        // Find TCP multiaddr (prefer non-websocket for stability)
+        const tcpAddr = data.mesh.multiaddrs.find((a) => a.includes("/tcp/") &&
+            !a.includes("/ws") &&
+            !a.includes("/ip4/127.0.0.1/"));
+        if (!tcpAddr)
+            return null;
+        // Rewrite internal Docker IP using industrial mapper if available
+        let resolved = industrialAddressMapper(tcpAddr);
+        if (!resolved || resolved === tcpAddr) {
+            const urlHost = new URL(url).hostname;
+            resolved = tcpAddr.replace(/\/ip4\/[^/]+/, `/ip4/${urlHost}`);
+        }
+        if (!resolved)
+            return null;
+        resolved += resolved.includes("/p2p/") ? "" : `/p2p/${data.mesh.peerId}`;
+        return resolved;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Normalizes a bootstrap multiaddr string.
+ * If the address contains a Docker bridge IP (172.16-31.x.x) or Loopback (127.0.0.1),
+ * rewrites it to the host accessible via LIOP_NEXUS_URL (e.g. WSL2 IP).
+ * This is critical when WSL2 mirror-mode networking is broken.
+ */
+function normalizeBootstrap(addr) {
+    const trimmed = addr.trim();
+    // Remap Docker bridge IPs and ANY external physical IPs to 127.0.0.1
+    // because Test-NetConnection confirmed 127.0.0.1 is the only reliable path to Docker ports.
+    const dockerIpRegex = /\/ip4\/172\.(1[6-9]|2[0-9]|3[0-1])\.[0-9]{1,3}\.[0-9]{1,3}/;
+    const loopbackRegex = /\/ip4\/127\.0\.0\.1/;
+    const physicalIpRegex = /\/ip4\/192\.168\.[0-9]{1,3}\.[0-9]{1,3}/;
+    if (dockerIpRegex.test(trimmed) ||
+        loopbackRegex.test(trimmed) ||
+        physicalIpRegex.test(trimmed)) {
+        const targetIp = "127.0.0.1";
+        const normalized = trimmed
+            .replace(dockerIpRegex, `/ip4/${targetIp}`)
+            .replace(loopbackRegex, `/ip4/${targetIp}`)
+            .replace(physicalIpRegex, `/ip4/${targetIp}`);
+        if (normalized !== trimmed) {
+            log.info(`[LIOP-Agent] 🔄 Local Routing Hack → Forced 127.0.0.1: ${normalized}`);
+        }
+        return normalized;
+    }
+    return trimmed;
+}
+/**
+ * industrialAddressMapper
+ *
+ * Mapea IPs internas de Docker a puertos industriales mapeados en el Host.
+ * Nexus (172.20.0.10) -> 13001
+ * Vault (172.20.0.11) -> 13003
+ * Bank  (172.20.0.12) -> 13004
+ * Oracle(172.20.0.13) -> 13005
+ */
+function industrialAddressMapper(addr) {
+    if (addr.includes("/ip4/172.20.0.10"))
+        return addr.replace(/\/ip4\/172\.20\.0\.10\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13001");
+    if (addr.includes("/ip4/172.20.0.11"))
+        return addr.replace(/\/ip4\/172\.20\.0\.11\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13003");
+    if (addr.includes("/ip4/172.20.0.12"))
+        return addr.replace(/\/ip4\/172\.20\.0\.12\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13004");
+    if (addr.includes("/ip4/172.20.0.13"))
+        return addr.replace(/\/ip4\/172\.20\.0\.13\/tcp\/[0-9]+/, "/ip4/127.0.0.1/tcp/13005");
+    // Drop container-internal loopbacks to prevent the Host Agent from dialing itself or conflicting ports
+    if (addr.includes("/ip4/127.0.0.1/tcp/4000") ||
+        addr.includes("/ip4/127.0.0.1/tcp/3000")) {
+        return null;
+    }
+    return addr;
+}
 /**
  * LIOP Agent (Zero-Config CLI)
  *
@@ -15,6 +111,8 @@ import { LiopServer } from "../server/index.js";
  * No hardcoded tools, PeerIDs, or port mappings.
  */
 async function main() {
+    const buildTime = new Date().toISOString();
+    log.info(`[LIOP-Agent] 🚀 Version 1.2.0-alpha.9 | Build: ${buildTime}`);
     const liopDir = path.join(os.homedir(), ".liop");
     const identityPath = path.join(liopDir, "identity.json");
     if (!fs.existsSync(liopDir)) {
@@ -27,31 +125,41 @@ async function main() {
     if (args.length > 0) {
         bootstrapNodes = args.filter((a) => a.startsWith("/"));
     }
-    // Environment variable
-    if (bootstrapNodes.length === 0 && process.env.LIOP_BOOTSTRAP) {
-        bootstrapNodes.push(process.env.LIOP_BOOTSTRAP.trim());
-    }
-    // Convenience: Try to read nexus.multiaddr from multiple locations
+    // Priority 1: Physical Beacons (Industrial Pattern) - DETERMINISTIC & INSTANT
     if (bootstrapNodes.length === 0) {
-        const searchPaths = [
-            path.join(process.cwd(), "nexus.multiaddr"),
-            path.join(liopDir, "nexus.multiaddr"),
-            // Try relative to the agent binary (dist/bin/agent.js -> root/nexus.multiaddr)
-            path.join(path.dirname(new URL(import.meta.url).pathname), "../../nexus.multiaddr"),
-            // Windows path fix (remove leading slash if present)
-            path.join(path
-                .dirname(new URL(import.meta.url).pathname)
-                .replace(/^\/([A-Z]:)/, "$1"), "../../nexus.multiaddr"),
-        ];
-        for (const nexusPath of searchPaths) {
+        const searchDirs = [];
+        // Priority 1.1: Explicit file from environment variable
+        if (process.env.LIOP_BOOTSTRAP_FILE) {
+            const filePath = path.resolve(process.env.LIOP_BOOTSTRAP_FILE);
+            if (fs.existsSync(filePath)) {
+                const addr = fs.readFileSync(filePath, "utf8").trim();
+                if (addr)
+                    bootstrapNodes.push(normalizeBootstrap(addr));
+            }
+        }
+        // Priority 1.2: Traditional locations (Scan for all *.multiaddr)
+        searchDirs.push(process.cwd(), path.join(process.cwd(), "tests/infra/nexus-data"), liopDir, path.join(path
+            .dirname(new URL(import.meta.url).pathname)
+            .replace(/^\/([A-Z]:)/, "$1"), "../../tests/infra/nexus-data"));
+        for (const dir of searchDirs) {
             try {
-                if (fs.existsSync(nexusPath)) {
-                    const addr = fs.readFileSync(nexusPath, "utf8").trim();
-                    if (addr && !bootstrapNodes.includes(addr)) {
-                        bootstrapNodes.push(addr);
-                        console.error(`[LIOP-Agent] Found bootstrap at: ${nexusPath}`);
-                        break;
+                if (fs.existsSync(dir)) {
+                    const files = fs.readdirSync(dir);
+                    const multiaddrFiles = files.filter((f) => f.endsWith(".multiaddr"));
+                    for (const file of multiaddrFiles) {
+                        const filePath = path.join(dir, file);
+                        const addr = fs.readFileSync(filePath, "utf8").trim();
+                        if (addr) {
+                            const normalized = normalizeBootstrap(addr);
+                            if (!bootstrapNodes.includes(normalized)) {
+                                bootstrapNodes.push(normalized);
+                                log.info(`[LIOP-Agent] ✅ Loaded beacon: ${file} from ${dir}`);
+                            }
+                        }
                     }
+                    // If we found any beacons in this directory, we consider discovery successful for this layer
+                    if (bootstrapNodes.length > 0)
+                        break;
                 }
             }
             catch (_e) {
@@ -59,78 +167,141 @@ async function main() {
             }
         }
     }
+    // Priority 2: Auto-Discovery via NEXUS URL (Aggressive Parallel Discovery)
+    if (process.env.LIOP_NEXUS_URL) {
+        const nexusUrl = process.env.LIOP_NEXUS_URL;
+        log.info(`[LIOP-Agent] 🌐 Running parallel discovery from: ${nexusUrl} (Sources Found: ${bootstrapNodes.length})`);
+        const resolved = await resolveBootstrapFromUrl(nexusUrl);
+        if (resolved) {
+            const normalized = normalizeBootstrap(resolved);
+            if (!bootstrapNodes.includes(normalized)) {
+                bootstrapNodes.push(normalized);
+                log.info(`[LIOP-Agent] ✅ Added bootstrap from URL discovery: ${normalized}`);
+            }
+        }
+    }
+    // Priority 3: Environment variable (direct multiaddr)
+    if (bootstrapNodes.length === 0 && process.env.LIOP_BOOTSTRAP) {
+        bootstrapNodes.push(process.env.LIOP_BOOTSTRAP.trim());
+    }
+    // Final fallback: local Nexus bootstrap for demo environments.
+    // Avoid injecting stale static peer IDs when discovery already found valid peers.
+    if (bootstrapNodes.length === 0) {
+        bootstrapNodes.push("/ip4/127.0.0.1/tcp/13001/p2p/12D3KooWD8FUFdnLQzzLFNdicsaTknM5cpD7os9sK9NWVSVABJMD");
+    }
+    // Sanitize/validate all candidate multiaddrs so malformed PeerIDs don't crash startup.
+    bootstrapNodes = bootstrapNodes.filter((addr) => {
+        try {
+            multiaddr(addr);
+            return true;
+        }
+        catch {
+            log.warn(`[LIOP-Agent] Ignoring invalid bootstrap multiaddr: ${addr}`);
+            return false;
+        }
+    });
     // If no bootstrap nodes found, the agent operates in standalone mode.
     // It will only serve local tools until peers are discovered.
     if (bootstrapNodes.length === 0) {
-        console.error("[LIOP-Agent] No bootstrap nodes configured. Operating in standalone mode.");
-        console.error("[LIOP-Agent] Pass a multiaddr as argument or create 'nexus.multiaddr' file.");
+        log.info("[LIOP-Agent] No bootstrap nodes configured. Operating in standalone mode.");
+        log.info("[LIOP-Agent] Pass a multiaddr as argument or create 'nexus.multiaddr' file.");
     }
     // Initialize local server node (lightweight, no tools registered locally)
     const liopServer = new LiopServer({
         name: "@nekzus/liop-agent",
         version: "1.0.0",
     });
+    // Enable Zero-Shot Autonomy (Industrial Prompt Injection)
+    liopServer.enableZeroShotAutonomy();
     // 2. Mesh Node Configuration
     const meshNode = new MeshNode({
         identityPath: identityPath,
         bootstrapNodes: bootstrapNodes,
+        addressMapper: industrialAddressMapper,
     });
     // Start P2P Mesh
     await meshNode.start();
     // 3. Initialize the Dynamic Router
     // No hardcoded tools — all discovery happens via liop:manifest protocol
     const router = new LiopMcpRouter(liopServer, meshNode);
-    // Proactive Notification to Claude Desktop when tools are discovered dynamically
+    // Proactive Notification to Claude Desktop when tools/resources are discovered dynamically
     router.onToolsChanged = () => {
         process.stdout.write(`{"jsonrpc":"2.0","method":"notifications/tools/list_changed"}\n`);
+        process.stdout.write(`{"jsonrpc":"2.0","method":"notifications/resources/list_changed"}\n`);
     };
-    // Initial warming period (2s) then Periodic Discovery Worker (every 10 seconds)
-    // This silently polls the DHT for new nodes and triggers onToolsChanged if the topology shifts.
+    // Initial warming period (2s) then Adaptive Background Discovery
+    // Polls DHT for new nodes and triggers onToolsChanged when topology shifts.
+    // Uses exponential backoff to reduce polling load on stable meshes.
     setTimeout(() => {
         // biome-ignore lint/suspicious/noExplicitAny: access internal for telemetry
         const rtSize = meshNode.getRoutingTableSize?.() || 0;
-        console.error(`[LIOP-Agent] Warm-up complete. Routing Table size: ${rtSize}`);
+        log.info(`[LIOP-Agent] Warm-up complete. Routing Table size: ${rtSize}`);
         router.refreshManifestCache(true).catch(() => { });
     }, 2000);
-    setInterval(() => {
-        router.refreshManifestCache(true).catch(() => { });
-    }, 15000);
-    // 4. STDIO Transport implementation
+    const POLL_BASE_MS = 10_000;
+    const POLL_MAX_MS = 120_000;
+    let pollIntervalMs = POLL_BASE_MS;
+    const scheduleAdaptivePoll = () => {
+        setTimeout(async () => {
+            const prevSize = router.getCacheSize();
+            await router.refreshManifestCache(true).catch(() => { });
+            const newSize = router.getCacheSize();
+            if (newSize !== prevSize) {
+                // Topology changed — reset to aggressive polling
+                pollIntervalMs = POLL_BASE_MS;
+                log.info(`[LIOP-Agent] Topology change detected (${prevSize} → ${newSize}). Resetting poll to ${POLL_BASE_MS / 1000}s.`);
+            }
+            else {
+                // Stable — relax polling interval (factor 1.5)
+                pollIntervalMs = Math.min(Math.round(pollIntervalMs * 1.5), POLL_MAX_MS);
+            }
+            scheduleAdaptivePoll();
+        }, pollIntervalMs);
+    };
+    scheduleAdaptivePoll();
+    // 4. STDIO Transport — Buffered Line Reader
+    // Uses readline to guarantee complete JSON-RPC messages before parsing.
+    // Raw stdin.on("data") can fragment large payloads across multiple chunks.
+    const readline = await import("node:readline");
+    const rl = readline.createInterface({
+        input: process.stdin,
+        terminal: false,
+    });
     process.stdout.on("error", (err) => {
         if (err.code === "EPIPE") {
             process.exit(0); // Graceful exit when Claude Desktop disconnects
         }
     });
-    process.stdin.on("data", async (data) => {
-        const payload = data.toString().trim();
-        if (!payload)
+    rl.on("line", async (line) => {
+        const trimmed = line.trim();
+        if (!trimmed)
             return;
-        const messages = payload.split("\n");
-        for (const msg of messages) {
-            try {
-                const request = JSON.parse(msg);
-                if (request.method) {
-                    const response = await router.dispatch(request);
-                    if (response) {
-                        process.stdout.write(`${JSON.stringify(response)}\n`);
-                    }
+        try {
+            const request = JSON.parse(trimmed);
+            if (request.method) {
+                const response = await router.dispatch(request);
+                if (response) {
+                    process.stdout.write(`${JSON.stringify(response)}\n`);
                 }
             }
-            catch (_err) {
-                // Silent catch for binary noise
-            }
         }
+        catch (_err) {
+            // Silent catch for binary noise or malformed lines
+        }
+    });
+    rl.on("close", () => {
+        process.exit(0);
     });
     // Status directed only to stderr
-    console.error(`[LIOP-Agent] Guarding Claude Desktop via STDIO.`);
-    console.error(`[LIOP-Agent] P2P Mesh: Joined (${bootstrapNodes.length} bootstraps)`);
-    console.error("[LIOP-Agent] Tool discovery: Dynamic via /liop/manifest/1.0.0");
+    log.info(`[LIOP-Agent] Guarding Claude Desktop via STDIO.`);
+    log.info(`[LIOP-Agent] P2P Mesh: Joined (${bootstrapNodes.length} bootstraps)`);
+    log.info("[LIOP-Agent] Tool discovery: Dynamic via /liop/manifest/1.0.0");
     process.on("SIGINT", async () => {
         await meshNode.stop();
         process.exit(0);
     });
 }
 main().catch((err) => {
-    console.error(`[LIOP-Agent] Fatal Error: ${err.message}`);
+    log.error(`[LIOP-Agent] Fatal Error: ${err.message}`);
     process.exit(1);
 });

package/dist/bridge/index.js

@@ -1,5 +1,6 @@
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { LiopServer } from "../server/index.js";
+import { log } from "../utils/logger.js";
 /**
  * LIOP MCP Bridge
  * A bi-directional bridge that allows legacy MCP servers to join the LIOP mesh,
@@ -14,11 +15,11 @@ export class LiopMcpBridge {
         // Determine mode: Exposing LIOP to MCP (Claude) or Wrapping MCP to LIOP (Mesh)
         if (source instanceof LiopServer) {
             this.liopServer = source;
-            console.error("[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)");
+            log.info("[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)");
         }
         else if (source instanceof McpServer) {
             this.legacyMcpServer = source;
-            console.error("[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)");
+            log.info("[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)");
         }
     }
     /**
@@ -47,7 +48,7 @@ export class LiopMcpBridge {
             return null;
         if (method === "initialize") {
             return this.successResponse(id, {
-                protocolVersion: "2025-03-26",
+                protocolVersion: "2025-11-25",
                 capabilities: {
                     prompts: {},
                     resources: {},
@@ -167,7 +168,7 @@ export class LiopMcpBridge {
             return true;
         }
         catch (e) {
-            console.error("[LIOP-Bridge] ZK-Verifier Failure:", e);
+            log.info("[LIOP-Bridge] ZK-Verifier Failure:", e);
             return false;
         }
     }
@@ -221,7 +222,7 @@ export class LiopMcpBridge {
             terminal: false,
         });
         const shutdown = async () => {
-            console.error("[LIOP-Bridge] Disconnecting session...");
+            log.info("[LIOP-Bridge] Disconnecting session...");
             if (this.liopServer)
                 await this.liopServer.close();
             process.exit(0);
@@ -240,7 +241,7 @@ export class LiopMcpBridge {
                 }
             }
             catch (e) {
-                console.error(`[LIOP-Bridge] Error: ${e.message}`);
+                log.error(`[LIOP-Bridge] Error: ${e.message}`);
             }
         });
     }

package/dist/bridge/stream.js

@@ -3,6 +3,7 @@ import { serve } from "@hono/node-server";
 import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
 import { Hono } from "hono";
 import { cors } from "hono/cors";
+import { log } from "../utils/logger.js";
 import { LiopMcpBridge } from "./index.js";
 const DEFAULT_MAX_SESSIONS_PER_IP = 10;
 const DEFAULT_SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
@@ -53,7 +54,7 @@ export class LiopStreamBridge {
                     lastActivity: Date.now(),
                     clientIp,
                 });
-                console.error(`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`);
+                log.info(`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`);
             },
         });
         // Wire the transport's incoming messages to the LiopMcpBridge JSON-RPC router
@@ -72,13 +73,13 @@ export class LiopStreamBridge {
                 }
             }
             catch (err) {
-                console.error("[LIOP-StreamBridge] JSON-RPC error:", err.message);
+                log.info("[LIOP-StreamBridge] JSON-RPC error:", err.message);
             }
         };
         transport.onclose = () => {
             if (transport.sessionId) {
                 this.activeSessions.delete(transport.sessionId);
-                console.error(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);
+                log.info(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);
             }
         };
         return transport;
@@ -109,7 +110,7 @@ export class LiopStreamBridge {
         const now = Date.now();
         for (const [sessionId, entry] of this.activeSessions) {
             if (now - entry.lastActivity > this.sessionTimeoutMs) {
-                console.error(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);
+                log.info(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);
                 entry.transport.close().catch(() => {
                     /* Swallow close errors */
                 });
@@ -124,10 +125,9 @@ export class LiopStreamBridge {
             const auth = c.req.header("Authorization");
             const expectedToken = process.env.ZERO_TRUST_TOKEN;
             if (expectedToken) {
-                if (!auth ||
-                    !auth.startsWith("Bearer ") ||
+                if (!auth?.startsWith("Bearer ") ||
                     auth.split(" ")[1] !== expectedToken) {
-                    console.error("[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.");
+                    log.info("[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.");
                     return c.json({ error: "Unauthorized: LIOP Zero-Trust Policy Enforced" }, 401);
                 }
             }
@@ -149,7 +149,7 @@ export class LiopStreamBridge {
                 // Explicitly clean up the session from the Map.
                 if (c.req.method === "DELETE") {
                     this.activeSessions.delete(sessionId);
-                    console.error(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);
+                    log.info(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);
                 }
                 return response;
             }
@@ -158,7 +158,7 @@ export class LiopStreamBridge {
             const clientIp = this.getClientIp(c);
             const currentSessions = this.countSessionsByIp(clientIp);
             if (currentSessions >= this.maxSessionsPerIp) {
-                console.error(`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`);
+                log.info(`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`);
                 return c.json({ error: "Too Many Sessions: Rate limit exceeded" }, 429);
             }
             const transport = this.createSessionTransport(clientIp);
@@ -177,7 +177,7 @@ export class LiopStreamBridge {
                 fetch: this.app.fetch,
                 port: listenPort,
             }, (info) => {
-                console.error(`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`);
+                log.info(`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`);
                 resolve();
             });
         });
@@ -196,7 +196,7 @@ export class LiopStreamBridge {
         }
         if (this.httpServer) {
             this.httpServer.close();
-            console.error("[LIOP-StreamBridge] HTTP ports released.");
+            log.info("[LIOP-StreamBridge] HTTP ports released.");
         }
     }
 }