@nekzus/liop 1.3.0-alpha.1 → 2.0.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/README.md +41 -17
  2. package/dist/bin/agent.d.ts +0 -1
  3. package/dist/bin/agent.js +5 -306
  4. package/dist/bin/agent.js.map +1 -0
  5. package/dist/{bridge/stream.d.ts → bridge.d.ts} +44 -3
  6. package/dist/bridge.js +2 -0
  7. package/dist/bridge.js.map +1 -0
  8. package/dist/chunk-4ABAFG44.js +33 -0
  9. package/dist/chunk-4ABAFG44.js.map +1 -0
  10. package/dist/chunk-ANFXJGMP.js +2 -0
  11. package/dist/chunk-ANFXJGMP.js.map +1 -0
  12. package/dist/chunk-DBXGYHKY.js +2 -0
  13. package/dist/chunk-DBXGYHKY.js.map +1 -0
  14. package/dist/chunk-HM77MWB6.js +2 -0
  15. package/dist/chunk-HM77MWB6.js.map +1 -0
  16. package/dist/chunk-HNDVAKEK.js +24 -0
  17. package/dist/chunk-HNDVAKEK.js.map +1 -0
  18. package/dist/chunk-HQZHZM6U.js +2 -0
  19. package/dist/chunk-HQZHZM6U.js.map +1 -0
  20. package/dist/chunk-P52IE4L6.js +2 -0
  21. package/dist/chunk-P52IE4L6.js.map +1 -0
  22. package/dist/chunk-PIBCW4BD.js +13 -0
  23. package/dist/chunk-PIBCW4BD.js.map +1 -0
  24. package/dist/chunk-PPCOS2NU.js +2 -0
  25. package/dist/chunk-PPCOS2NU.js.map +1 -0
  26. package/dist/chunk-RWRRBYG4.js +2 -0
  27. package/dist/chunk-RWRRBYG4.js.map +1 -0
  28. package/dist/chunk-S6RJHZV2.js +2 -0
  29. package/dist/chunk-S6RJHZV2.js.map +1 -0
  30. package/dist/chunk-UVTEJYHN.js +2 -0
  31. package/dist/chunk-UVTEJYHN.js.map +1 -0
  32. package/dist/chunk-X6FJATUE.js +29 -0
  33. package/dist/chunk-X6FJATUE.js.map +1 -0
  34. package/dist/chunk-XLVRRGOX.js +3 -0
  35. package/dist/chunk-XLVRRGOX.js.map +1 -0
  36. package/dist/client.d.ts +5 -0
  37. package/dist/client.js +2 -0
  38. package/dist/client.js.map +1 -0
  39. package/dist/{gateway/router.d.ts → gateway.d.ts} +37 -5
  40. package/dist/gateway.js +2 -0
  41. package/dist/gateway.js.map +1 -0
  42. package/dist/{client/index.d.ts → index-CyxNLlz7.d.ts} +24 -5
  43. package/dist/index.d.ts +313 -12
  44. package/dist/index.js +31 -12
  45. package/dist/index.js.map +1 -0
  46. package/dist/kyber-2WDOTUQX.js +2 -0
  47. package/dist/kyber-2WDOTUQX.js.map +1 -0
  48. package/dist/{mesh/node.d.ts → mesh.d.ts} +5 -3
  49. package/dist/mesh.js +2 -0
  50. package/dist/mesh.js.map +1 -0
  51. package/dist/{server/index.d.ts → server.d.ts} +145 -10
  52. package/dist/server.js +2 -0
  53. package/dist/server.js.map +1 -0
  54. package/dist/types.d.ts +17 -14
  55. package/dist/types.js +2 -26
  56. package/dist/types.js.map +1 -0
  57. package/dist/{crypto/verifier.d.ts → verifier-DTCD9imJ.d.ts} +3 -1
  58. package/dist/verifier-RQRYXA4C.js +2 -0
  59. package/dist/verifier-RQRYXA4C.js.map +1 -0
  60. package/dist/workers/logic-execution.d.ts +4 -2
  61. package/dist/workers/logic-execution.js +2 -123
  62. package/dist/workers/logic-execution.js.map +1 -0
  63. package/dist/workers/zk-verifier.d.ts +4 -2
  64. package/dist/workers/zk-verifier.js +2 -98
  65. package/dist/workers/zk-verifier.js.map +1 -0
  66. package/package.json +31 -17
  67. package/dist/bridge/index.d.ts +0 -37
  68. package/dist/bridge/index.js +0 -249
  69. package/dist/bridge/stream.js +0 -210
  70. package/dist/client/index.js +0 -275
  71. package/dist/crypto/logic-image-id.d.ts +0 -3
  72. package/dist/crypto/logic-image-id.js +0 -27
  73. package/dist/crypto/verifier.js +0 -97
  74. package/dist/economy/estimator.d.ts +0 -53
  75. package/dist/economy/estimator.js +0 -69
  76. package/dist/economy/index.d.ts +0 -5
  77. package/dist/economy/index.js +0 -3
  78. package/dist/economy/otel.d.ts +0 -38
  79. package/dist/economy/otel.js +0 -100
  80. package/dist/economy/telemetry.d.ts +0 -77
  81. package/dist/economy/telemetry.js +0 -224
  82. package/dist/errors.d.ts +0 -14
  83. package/dist/errors.js +0 -19
  84. package/dist/gateway/hybrid.d.ts +0 -23
  85. package/dist/gateway/hybrid.js +0 -199
  86. package/dist/gateway/router.js +0 -1036
  87. package/dist/mesh/index.d.ts +0 -1
  88. package/dist/mesh/index.js +0 -1
  89. package/dist/mesh/node.js +0 -853
  90. package/dist/prompts/adapters.d.ts +0 -16
  91. package/dist/prompts/adapters.js +0 -55
  92. package/dist/rpc/client.d.ts +0 -22
  93. package/dist/rpc/client.js +0 -40
  94. package/dist/rpc/codec/lpm.d.ts +0 -20
  95. package/dist/rpc/codec/lpm.js +0 -36
  96. package/dist/rpc/crypto/aes.d.ts +0 -22
  97. package/dist/rpc/crypto/aes.js +0 -47
  98. package/dist/rpc/crypto/kyber.d.ts +0 -27
  99. package/dist/rpc/crypto/kyber.js +0 -70
  100. package/dist/rpc/proto.d.ts +0 -2
  101. package/dist/rpc/proto.js +0 -33
  102. package/dist/rpc/server.d.ts +0 -13
  103. package/dist/rpc/server.js +0 -50
  104. package/dist/rpc/tls.d.ts +0 -26
  105. package/dist/rpc/tls.js +0 -54
  106. package/dist/rpc/types.d.ts +0 -28
  107. package/dist/rpc/types.js +0 -5
  108. package/dist/sandbox/guardian.d.ts +0 -18
  109. package/dist/sandbox/guardian.js +0 -58
  110. package/dist/sandbox/wasi.d.ts +0 -36
  111. package/dist/sandbox/wasi.js +0 -209
  112. package/dist/security/guardian.d.ts +0 -22
  113. package/dist/security/guardian.js +0 -52
  114. package/dist/security/zk.d.ts +0 -37
  115. package/dist/security/zk.js +0 -76
  116. package/dist/server/index.js +0 -937
  117. package/dist/server/pii.d.ts +0 -40
  118. package/dist/server/pii.js +0 -266
  119. package/dist/utils/logger.d.ts +0 -21
  120. package/dist/utils/logger.js +0 -70
  121. package/dist/utils/mcpCompact.d.ts +0 -11
  122. package/dist/utils/mcpCompact.js +0 -29
package/dist/gateway/router.js DELETED
@@ -1,1036 +0,0 @@
1
- import * as crypto from "node:crypto";
2
- import { LiopVerifier } from "../crypto/verifier.js";
3
- import { TokenTelemetryEngine } from "../economy/telemetry.js";
4
- import { Kyber768Wrapper } from "../rpc/crypto/kyber.js";
5
- import { liopV1 } from "../rpc/proto.js";
6
- import { createChannelCredentials } from "../rpc/tls.js";
7
- import { log } from "../utils/logger.js";
8
- import { mcpCompactToolDescriptions, stripVerboseLiopToolDescription, } from "../utils/mcpCompact.js";
9
- /**
10
- * Time-to-live for cached manifests (seconds).
11
- * Aligned with libp2p Kademlia DHT TABLE_REFRESH_INTERVAL (5 minutes).
12
- * Provider records in the DHT are valid for 48 hours (PROVIDERS_VALIDITY),
13
- * so 300s is a conservative, network-friendly value.
14
- */
15
- const MANIFEST_CACHE_TTL_S = 300;
16
- /** Maximum number of DHT query retries for manifest discovery */
17
- const MANIFEST_DISCOVERY_RETRIES = 5;
18
- /**
19
- * LIOP MCP Router
20
- *
21
- * Core logic for routing MCP requests to local or remote LIOP providers.
22
- * Decoupled from transport (HTTP/Stdio).
23
- *
24
- * All tool discovery and port resolution is DYNAMIC via the
25
- * /liop/manifest/1.0.0 protocol stream over Kademlia DHT.
26
- */
27
- export class LiopMcpRouter {
28
- liopServer;
29
- meshNode;
30
- defaultRpcPort;
31
- /** Cached manifests from remote peers. Key = PeerID */
32
- manifestCache = new Map();
33
- /** Guards against concurrent discovery storms */
34
- currentDiscovery = null;
35
- /** Verifier for Tier-0 integrity checks */
36
- verifier = new LiopVerifier();
37
- /** Callback when new remote tools are discovered */
38
- onToolsChanged;
39
- /** Circuit-breaker state for peers that repeatedly fail manifest queries. */
40
- manifestFailureState = new Map();
41
- static MANIFEST_FAILURE_BASE_COOLDOWN_MS = 15_000;
42
- static MANIFEST_FAILURE_MAX_COOLDOWN_MS = 5 * 60_000;
43
- static MANIFEST_SKIP_LOG_THROTTLE_MS = 30_000;
44
- constructor(liopServer, meshNode = null, defaultRpcPort = 50051) {
45
- this.liopServer = liopServer;
46
- this.meshNode = meshNode;
47
- this.defaultRpcPort = defaultRpcPort;
48
- // Auto-register manifest handler if mesh node is provided
49
- if (this.meshNode) {
50
- this.meshNode.registerManifestHandler(() => {
51
- const remoteTools = this.liopServer.listTools().map((t) => ({
52
- name: t.name,
53
- description: t.description,
54
- inputSchema: t.inputSchema,
55
- }));
56
- const resources = this.liopServer.listResources().map((r) => ({
57
- name: r.name,
58
- uri: r.uri,
59
- description: r.description,
60
- mimeType: r.mimeType,
61
- }));
62
- return {
63
- peerId: this.meshNode?.getPeerId() || "unknown",
64
- grpcPort: this.defaultRpcPort,
65
- tools: [...remoteTools],
66
- resources,
67
- serverInfo: this.liopServer.getServerInfo(),
68
- };
69
- });
70
- // Proactively announce manifest capability to the mesh
71
- this.meshNode.announceManifest().catch((err) => {
72
- log.info(`[LIOP-Router] Failed to announce manifest: ${err instanceof Error ? err.message : String(err)}`);
73
- });
74
- }
75
- }
76
- shouldSkipManifestQuery(peerId) {
77
- const state = this.manifestFailureState.get(peerId);
78
- if (!state)
79
- return false;
80
- const now = Date.now();
81
- if (now >= state.cooldownUntil)
82
- return false;
83
- if (now - state.lastSkipLogAt >
84
- LiopMcpRouter.MANIFEST_SKIP_LOG_THROTTLE_MS) {
85
- log.info(`[LIOP-Router] Skipping manifest query for ${peerId} during cooldown (${Math.ceil((state.cooldownUntil - now) / 1000)}s remaining)`);
86
- state.lastSkipLogAt = now;
87
- }
88
- return true;
89
- }
90
- recordManifestQuerySuccess(peerId) {
91
- this.manifestFailureState.delete(peerId);
92
- }
93
- recordManifestQueryFailure(peerId) {
94
- const now = Date.now();
95
- const prev = this.manifestFailureState.get(peerId);
96
- const failures = (prev?.failures || 0) + 1;
97
- const backoff = Math.min(LiopMcpRouter.MANIFEST_FAILURE_BASE_COOLDOWN_MS *
98
- 2 ** Math.max(0, failures - 1), LiopMcpRouter.MANIFEST_FAILURE_MAX_COOLDOWN_MS);
99
- this.manifestFailureState.set(peerId, {
100
- failures,
101
- cooldownUntil: now + backoff,
102
- lastSkipLogAt: 0,
103
- });
104
- }
105
- async dispatch(request) {
106
- const { method, params, id } = request;
107
- log.info(`[LIOP-Router] Processing: ${method}`);
108
- switch (method) {
109
- case "initialize":
110
- return {
111
- jsonrpc: "2.0",
112
- id,
113
- result: {
114
- protocolVersion: "2025-11-25",
115
- capabilities: {
116
- tools: { listChanged: true },
117
- resources: { listChanged: true },
118
- prompts: { listChanged: true },
119
- },
120
- serverInfo: this.liopServer.getServerInfo(),
121
- },
122
- };
123
- case "notifications/initialized":
124
- // Cloud MCP clients often fire tools/list immediately; kick discovery early
125
- // so manifests populate before (or right after) that call completes.
126
- this.kickDiscoveryAfterInitialized().catch(() => { });
127
- return null;
128
- case "notifications/cancelled":
129
- return null; // No-op for MCP spec compliance
130
- case "ping":
131
- return { jsonrpc: "2.0", id, result: {} };
132
- case "tools/list": {
133
- const localTools = this.liopServer.listTools();
134
- const remoteTools = await this.getRemoteTools();
135
- const listedLocals = mcpCompactToolDescriptions()
136
- ? localTools.map((t) => ({
137
- ...t,
138
- description: stripVerboseLiopToolDescription(t.description ?? ""),
139
- }))
140
- : localTools;
141
- log.info(`[LIOP-Router] tools/list: ${localTools.length} local, ${remoteTools.length} remote tools found`);
142
- // Inject a mandatory static diagnostic tool.
143
- // This ensures that the {tools: []} list is never empty on startup.
144
- // Claude Desktop silently hides the connector if it receives an empty array initially,
145
- // which broke the UX due to the ~3s warm-up time of the Kademlia DHT.
146
- const diagnosticTool = {
147
- name: "LiopMeshStatus",
148
- description: "LiopMeshStatus: Returns the current dynamic diagnostic status of the Zero-Trust Neural Mesh.",
149
- inputSchema: {
150
- type: "object",
151
- properties: {},
152
- additionalProperties: false,
153
- },
154
- };
155
- const allTools = [diagnosticTool, ...listedLocals, ...remoteTools];
156
- // [Token Economy] Record telemetry for the tools/list response
157
- const telemetry = TokenTelemetryEngine.getInstance();
158
- const toolsPayload = JSON.stringify(allTools);
159
- const toolsResponsePayload = JSON.stringify({ tools: allTools });
160
- telemetry.record({
161
- type: "tools_list",
162
- method: "tools/list",
163
- estimatedInputTokens: telemetry.countTokens(toolsPayload),
164
- estimatedOutputTokens: telemetry.countTokens(toolsResponsePayload),
165
- });
166
- return {
167
- jsonrpc: "2.0",
168
- id,
169
- result: {
170
- tools: allTools,
171
- },
172
- };
173
- }
174
- case "tools/call":
175
- return this.transcodeMcpToLiop(id, params);
176
- case "resources/list": {
177
- const localResources = this.liopServer.listResources();
178
- const remoteResources = await this.getRemoteResources();
179
- const allResources = [...localResources, ...remoteResources];
180
- // [Token Economy] Record resources/list telemetry
181
- const rlTelemetry = TokenTelemetryEngine.getInstance();
182
- const rlPayload = JSON.stringify(allResources);
183
- rlTelemetry.record({
184
- type: "resource_list",
185
- method: "resources/list",
186
- estimatedInputTokens: 0,
187
- estimatedOutputTokens: rlTelemetry.countTokens(rlPayload),
188
- });
189
- return {
190
- jsonrpc: "2.0",
191
- id,
192
- result: { resources: allResources },
193
- };
194
- }
195
- case "resources/read": {
196
- const typedParams = params;
197
- if (!typedParams?.uri)
198
- return {
199
- jsonrpc: "2.0",
200
- id,
201
- error: { code: -32602, message: "Missing resource uri" },
202
- };
203
- try {
204
- const rrStartTime = Date.now();
205
- const result = await this.liopServer.readResource(typedParams.uri);
206
- // [Token Economy] Record resources/read telemetry
207
- const rrTelemetry = TokenTelemetryEngine.getInstance();
208
- const rrOutputPayload = JSON.stringify(result);
209
- rrTelemetry.record({
210
- type: "resource_read",
211
- method: "resources/read",
212
- toolName: typedParams.uri,
213
- estimatedInputTokens: rrTelemetry.countTokens(typedParams.uri),
214
- estimatedOutputTokens: rrTelemetry.countTokens(rrOutputPayload),
215
- durationMs: Date.now() - rrStartTime,
216
- });
217
- return { jsonrpc: "2.0", id, result };
218
- }
219
- catch (err) {
220
- // Fallback: Resolve remotely from manifest cache
221
- const targetUri = typedParams.uri;
222
- for (const { manifest } of this.manifestCache.values()) {
223
- const remoteResource = manifest.resources.find((r) => r.uri === targetUri);
224
- if (remoteResource) {
225
- log.info(`[LIOP-Router] Resolved resource ${targetUri} from cache (Peer: ${manifest.peerId})`);
226
- return {
227
- jsonrpc: "2.0",
228
- id,
229
- result: {
230
- contents: [
231
- {
232
- uri: remoteResource.uri,
233
- mimeType: remoteResource.mimeType || "text/plain",
234
- text: remoteResource.text ||
235
- remoteResource.description ||
236
- "No content provided",
237
- },
238
- ],
239
- },
240
- };
241
- }
242
- }
243
- return {
244
- jsonrpc: "2.0",
245
- id,
246
- error: {
247
- code: -32000,
248
- message: err instanceof Error ? err.message : String(err),
249
- },
250
- };
251
- }
252
- }
253
- case "prompts/list": {
254
- const promptsList = this.liopServer.listPrompts();
255
- // [Token Economy] Record prompts/list telemetry
256
- const plTelemetry = TokenTelemetryEngine.getInstance();
257
- const plPayload = JSON.stringify(promptsList);
258
- plTelemetry.record({
259
- type: "prompt_list",
260
- method: "prompts/list",
261
- estimatedInputTokens: 0,
262
- estimatedOutputTokens: plTelemetry.countTokens(plPayload),
263
- });
264
- return {
265
- jsonrpc: "2.0",
266
- id,
267
- result: { prompts: promptsList },
268
- };
269
- }
270
- case "prompts/get": {
271
- const typedParams = params;
272
- if (!typedParams?.name)
273
- return {
274
- jsonrpc: "2.0",
275
- id,
276
- error: { code: -32602, message: "Missing prompt name" },
277
- };
278
- try {
279
- const pgStartTime = Date.now();
280
- const result = await this.liopServer.getPrompt({
281
- name: typedParams.name,
282
- arguments: typedParams.arguments || {},
283
- });
284
- // [Token Economy] Record prompts/get telemetry
285
- const pgTelemetry = TokenTelemetryEngine.getInstance();
286
- const pgInputPayload = JSON.stringify({
287
- name: typedParams.name,
288
- arguments: typedParams.arguments,
289
- });
290
- const pgOutputPayload = JSON.stringify(result);
291
- pgTelemetry.record({
292
- type: "prompt_get",
293
- method: "prompts/get",
294
- toolName: typedParams.name,
295
- estimatedInputTokens: pgTelemetry.countTokens(pgInputPayload),
296
- estimatedOutputTokens: pgTelemetry.countTokens(pgOutputPayload),
297
- durationMs: Date.now() - pgStartTime,
298
- });
299
- return { jsonrpc: "2.0", id, result };
300
- }
301
- catch (err) {
302
- return {
303
- jsonrpc: "2.0",
304
- id,
305
- error: {
306
- code: -32000,
307
- message: err instanceof Error ? err.message : String(err),
308
- },
309
- };
310
- }
311
- }
312
- default:
313
- return {
314
- jsonrpc: "2.0",
315
- id,
316
- error: { code: -32601, message: `Method not found: ${method}` },
317
- };
318
- }
319
- }
320
- /**
321
- * MCP clients often send notifications/initialized then immediately tools/list.
322
- * Start manifest discovery without blocking the notification handler.
323
- */
324
- kickDiscoveryAfterInitialized() {
325
- return (async () => {
326
- await new Promise((r) => setTimeout(r, 250));
327
- await Promise.race([
328
- this.refreshManifestCache(true),
329
- new Promise((r) => setTimeout(r, 15_000)),
330
- ]).catch(() => { });
331
- })();
332
- }
333
- /**
334
- * Discovers and caches manifests from all remote LIOP providers in the mesh.
335
- * Uses Kademlia DHT to find "liop:manifest" providers, then opens
336
- * /liop/manifest/1.0.0 protocol streams to retrieve their full metadata.
337
- */
338
- async refreshManifestCache(silent = false) {
339
- if (!this.meshNode)
340
- return;
341
- if (this.currentDiscovery)
342
- return this.currentDiscovery;
343
- // Fast-path: Skip DHT query entirely when cache is fresh and populated.
344
- // Only background polls (silent=true) should bypass this to detect new nodes.
345
- // Foreground requests (tools/list, tools/call) can safely reuse valid cache.
346
- if (!silent && this.manifestCache.size > 0) {
347
- const now = Date.now();
348
- const allFresh = Array.from(this.manifestCache.values()).every(({ cachedAt }) => now - cachedAt < MANIFEST_CACHE_TTL_S * 1000);
349
- if (allFresh)
350
- return;
351
- }
352
- this.currentDiscovery = (async () => {
353
- try {
354
- const prevCount = Array.from(this.manifestCache.values()).reduce((acc, { manifest }) => acc + manifest.tools.length, 0);
355
- // Phase 0: Wait for at least one active connection if mesh is empty (Cold Start)
356
- if (this.manifestCache.size === 0) {
357
- for (let i = 0; i < 3; i++) {
358
- const connections =
359
- // biome-ignore lint/suspicious/noExplicitAny: access internal nodes for connection count
360
- this.meshNode.node?.getConnections().length || 0;
361
- if (connections > 0) {
362
- log.info(`[LIOP-Router] P2P Connection established. Starting discovery...`);
363
- break;
364
- }
365
- log.info(`[LIOP-Router] Waiting for P2P connections (attempt ${i + 1}/10)...`);
366
- await new Promise((r) => setTimeout(r, 1000));
367
- }
368
- }
369
- // Phase 1: Try DHT discovery + Fallback loop
370
- let providerIds = [];
371
- const MAX_COLD_ATTEMPTS = this.manifestCache.size === 0 ? 5 : 1;
372
- for (let coldAttempt = 0; coldAttempt < MAX_COLD_ATTEMPTS; coldAttempt++) {
373
- // 1.1 Try DHT discovery
374
- for (let attempt = 0; attempt < MANIFEST_DISCOVERY_RETRIES; attempt++) {
375
- providerIds =
376
- (await this.meshNode?.discoverManifestProviders()) || [];
377
- const selfId = this.meshNode?.getPeerId();
378
- const remoteIds = providerIds.filter((id) => id !== selfId);
379
- if (remoteIds.length > 0)
380
- break;
381
- if (attempt < MANIFEST_DISCOVERY_RETRIES - 1) {
382
- log.info(`[LIOP-Router] DHT discovery attempt ${attempt + 1}/${MANIFEST_DISCOVERY_RETRIES}...`);
383
- await new Promise((r) => setTimeout(r, 1000));
384
- }
385
- }
386
- // 1.2 Aggressively merge all active connections to bypass DHT propagation delays
387
- const activePeers =
388
- // biome-ignore lint/suspicious/noExplicitAny: access internal nodes
389
- this.meshNode.node
390
- ?.getConnections()
391
- .map((c) => c.remotePeer.toString()) || [];
392
- if (activePeers.length > 0) {
393
- providerIds = Array.from(new Set([...providerIds, ...activePeers]));
394
- }
395
- const selfIdEnd = this.meshNode?.getPeerId();
396
- const remoteIdsEnd = providerIds.filter((id) => id !== selfIdEnd);
397
- if (remoteIdsEnd.length > 0)
398
- break;
399
- if (coldAttempt < MAX_COLD_ATTEMPTS - 1) {
400
- log.info(`[LIOP-Router] Initial discovery failed (0 providers). Retrying in 1s (${coldAttempt + 1}/${MAX_COLD_ATTEMPTS})...`);
401
- await new Promise((r) => setTimeout(r, 1000));
402
- }
403
- }
404
- if (providerIds.length === 0) {
405
- log.info(`[LIOP-Router] No manifest providers found after all attempts.`);
406
- return;
407
- }
408
- if (!silent) {
409
- log.info(`[LIOP-Router] Discovered ${providerIds.length} candidate manifest providers`);
410
- }
411
- // Prioritize already-connected peers to avoid blocking on stale providers.
412
- // This improves first tools/list latency on Linux/Ubuntu while preserving
413
- // full discovery for slower peers in subsequent refresh cycles.
414
- const connectedPeers = new Set(
415
- // biome-ignore lint/suspicious/noExplicitAny: internal node access for fast peer ordering
416
- (this.meshNode.node?.getConnections?.() || []).map((c) => c.remotePeer.toString()));
417
- providerIds = [...providerIds].sort((a, b) => {
418
- const aConnected = connectedPeers.has(a) ? 1 : 0;
419
- const bConnected = connectedPeers.has(b) ? 1 : 0;
420
- return bConnected - aConnected;
421
- });
422
- let successCount = 0;
423
- let errorCount = 0;
424
- let cacheUpdated = false;
425
- // Filter peers eligible for querying
426
- const selfId = this.meshNode?.getPeerId();
427
- const eligiblePeers = providerIds.filter((peerId) => {
428
- if (!this.meshNode)
429
- return false;
430
- if (peerId === selfId)
431
- return false;
432
- if (this.shouldSkipManifestQuery(peerId))
433
- return false;
434
- const cached = this.manifestCache.get(peerId);
435
- if (cached &&
436
- Date.now() - cached.cachedAt < MANIFEST_CACHE_TTL_S * 1000) {
437
- successCount++;
438
- return false;
439
- }
440
- return true;
441
- });
442
- // Parallel manifest queries — eliminates sequential 100ms + retry delays
443
- const queryResults = await Promise.allSettled(eligiblePeers.map(async (peerId) => {
444
- if (!this.meshNode)
445
- return null;
446
- log.info(`[LIOP-Router] Querying manifest from: ${peerId}`);
447
- return {
448
- peerId,
449
- manifest: await this.meshNode.queryManifest(peerId),
450
- };
451
- }));
452
- for (const result of queryResults) {
453
- if (result.status === "fulfilled" && result.value?.manifest) {
454
- const { peerId, manifest } = result.value;
455
- this.manifestCache.set(peerId, {
456
- manifest,
457
- cachedAt: Date.now(),
458
- });
459
- this.recordManifestQuerySuccess(peerId);
460
- cacheUpdated = true;
461
- successCount++;
462
- log.info(`[LIOP-Router] Manifest received from ${peerId} (${manifest.tools.length} tools)`);
463
- }
464
- else if (result.status === "fulfilled" && result.value) {
465
- this.recordManifestQueryFailure(result.value.peerId);
466
- errorCount++;
467
- log.info(`[LIOP-Router] Manifest query returned NULL for ${result.value.peerId}`);
468
- }
469
- else if (result.status === "rejected") {
470
- errorCount++;
471
- log.info(`[LIOP-Router] Fatal error querying manifest:`, result.reason instanceof Error
472
- ? result.reason.message
473
- : String(result.reason));
474
- }
475
- }
476
- // Store discovery stats for LiopMeshStatus diagnostics
477
- // biome-ignore lint/suspicious/noExplicitAny: private stats for telemetry
478
- this._discoveryStats = {
479
- candidates: providerIds.length,
480
- success: successCount,
481
- failures: errorCount,
482
- lastDiscovery: Date.now(),
483
- };
484
- if (cacheUpdated) {
485
- const newCount = Array.from(this.manifestCache.values()).reduce((acc, { manifest }) => acc + manifest.tools.length, 0);
486
- if (newCount !== prevCount && this.onToolsChanged) {
487
- process.stderr.write("[LIOP-Router] Mesh topology updated! Emitting notifications/tools/list_changed.\n");
488
- this.onToolsChanged();
489
- }
490
- }
491
- }
492
- finally {
493
- this.currentDiscovery = null;
494
- }
495
- })();
496
- return this.currentDiscovery;
497
- }
498
- /**
499
- * Returns the current manifest cache size for external telemetry.
500
- * Used by the adaptive polling system to detect topology stabilization.
501
- */
502
- getCacheSize() {
503
- return this.manifestCache.size;
504
- }
505
- /**
506
- * Returns all remote tools discovered via the manifest protocol.
507
- */
508
- async getRemoteTools() {
509
- const EXPECTED_PROVIDERS = Number.parseInt(process.env.LIOP_EXPECTED_PROVIDERS ?? "4", 10);
510
- // [Phase 106] Smart Warm-up with Stabilization Detection
511
- // Loops until EXPECTED_PROVIDERS are found, the deadline expires, or
512
- // the provider count stabilizes (same count for 3 consecutive checks).
513
- // This prevents a ~20s block when a node (e.g. Bank) is absent.
514
- if (this.manifestCache.size < EXPECTED_PROVIDERS && this.meshNode) {
515
- const initialTimeoutMs = Number.parseInt(process.env.LIOP_INITIAL_DISCOVERY_TIMEOUT_MS ?? "12000", 10);
516
- const boundedTimeoutMs = Number.isFinite(initialTimeoutMs) && initialTimeoutMs > 0
517
- ? initialTimeoutMs
518
- : 12000;
519
- const deadline = Date.now() + boundedTimeoutMs;
520
- let stableCount = 0;
521
- let lastCacheSize = -1;
522
- while (Date.now() < deadline) {
523
- if (this.manifestCache.size >= EXPECTED_PROVIDERS)
524
- break;
525
- await Promise.race([
526
- this.refreshManifestCache(true),
527
- new Promise((resolve) => setTimeout(resolve, 3000)),
528
- ]).catch(() => { });
529
- if (this.manifestCache.size >= EXPECTED_PROVIDERS)
530
- break;
531
- // Stabilization detection: exit early when provider count plateaus
532
- if (this.manifestCache.size === lastCacheSize) {
533
- stableCount++;
534
- if (stableCount >= 3 && this.manifestCache.size > 0) {
535
- log.info(`[LIOP-Router] Provider count stabilized at ${this.manifestCache.size}/${EXPECTED_PROVIDERS}. Proceeding with available mesh.`);
536
- break;
537
- }
538
- }
539
- else {
540
- stableCount = 0;
541
- lastCacheSize = this.manifestCache.size;
542
- }
543
- // Wait before the next iteration to avoid CPU spin
544
- await new Promise((r) => setTimeout(r, 1000));
545
- }
546
- // Diagnostic warning for partial mesh availability
547
- if (this.manifestCache.size < EXPECTED_PROVIDERS) {
548
- log.info(`[LIOP-Router] ⚠️ Mesh partially available: ${this.manifestCache.size}/${EXPECTED_PROVIDERS} providers. Some tools may be unavailable. Check Docker containers.`);
549
- // Trigger one more background refresh to catch late joiners
550
- this.refreshManifestCache(true).catch(() => { });
551
- }
552
- }
553
- // biome-ignore lint/suspicious/noExplicitAny: Tool schema is polymorphic
554
- const tools = [];
555
- const seenNames = new Set();
556
- const localToolNames = new Set(this.liopServer.listTools().map((t) => t.name));
557
- for (const [peerId, { manifest }] of this.manifestCache.entries()) {
558
- for (const tool of manifest.tools) {
559
- // LiopMeshStatus is a local-only diagnostic — skip remote copies
560
- if (tool.name === "LiopMeshStatus")
561
- continue;
562
- // [LIOP-STABILITY] Allow discovery of ALL remote tools.
563
- // MCP Requires unique names per server session.
564
- // In a P2P mesh, multiple nodes might expose the same tool (e.g. LiopMeshStatus).
565
- // We suffix duplicate names with a short peer hash to ensure
566
- // ALL tools from ALL providers are correctly registered and visible.
567
- let finalName = tool.name;
568
- if (seenNames.has(tool.name) || localToolNames.has(tool.name)) {
569
- finalName = `${tool.name}_${peerId.slice(-4)}`;
570
- }
571
- seenNames.add(finalName);
572
- const providerName = manifest.serverInfo?.name || "Unknown Provider";
573
- // [SANITIZATION] Create a clean MCP-compliant tool object
574
- const baseDesc = tool.description || `Remote tool from ${providerName}`;
575
- const cleanTool = {
576
- name: finalName,
577
- description: mcpCompactToolDescriptions()
578
- ? stripVerboseLiopToolDescription(baseDesc)
579
- : baseDesc,
580
- inputSchema: (tool.inputSchema || {
581
- type: "object",
582
- properties: {},
583
- }),
584
- };
585
- // Ensure inputSchema has the mandatory 'type: object' for MCP compliance
586
- if (typeof cleanTool.inputSchema === "object" &&
587
- !cleanTool.inputSchema.type) {
588
- cleanTool.inputSchema.type = "object";
589
- }
590
- if (typeof cleanTool.inputSchema === "object" &&
591
- !cleanTool.inputSchema.properties) {
592
- cleanTool.inputSchema.properties = {};
593
- }
594
- let blueprint = "";
595
- if (manifest.taxonomy) {
596
- blueprint = `\n[LIOP-DOMAIN: ${manifest.taxonomy.domain}]`;
597
- }
598
- // LIOP Logic-on-Origin Detection:
599
- // biome-ignore lint/suspicious/noExplicitAny: polymorphic input schema
600
- const properties = (cleanTool.inputSchema.properties || {});
601
- let envelopeDoc = "";
602
- if (!mcpCompactToolDescriptions() && properties.payload) {
603
- envelopeDoc = `\n[REQUIRES: LIOP-PROTO-V1 ENVELOPE]`;
604
- }
605
- // INDUSTRIAL REPLICATION: Highlight schema adherence blocks
606
- if (!mcpCompactToolDescriptions() &&
607
- cleanTool.description.includes("STRICT SCHEMA ADHERENCE")) {
608
- cleanTool.description = cleanTool.description.replace("STRICT SCHEMA ADHERENCE:", "[INDUSTRIAL-REQUISITE] STRICT SCHEMA ADHERENCE (MANDATORY):");
609
- }
610
- const originStamp = mcpCompactToolDescriptions()
611
- ? `\n(Peer: ${peerId.slice(-8)})${blueprint}`
612
- : `\n(Origin: ${peerId.slice(-8)})${blueprint}${envelopeDoc}`;
613
- cleanTool.description = `${cleanTool.description}${originStamp}`;
614
- tools.push(cleanTool);
615
- }
616
- }
617
- return tools;
618
- }
619
- /**
620
- * Returns all remote resources discovered via the manifest protocol.
621
- */
622
- async getRemoteResources() {
623
- // Trigger background refresh if not already discovering
624
- if (!this.currentDiscovery) {
625
- this.refreshManifestCache(true).catch(() => { });
626
- }
627
- const resources = [];
628
- const seenUris = new Set(this.liopServer.listResources().map((r) => r.uri));
629
- for (const [peerId, { manifest }] of this.manifestCache.entries()) {
630
- for (const resource of manifest.resources) {
631
- if (!seenUris.has(resource.uri)) {
632
- const augmentedResource = { ...resource };
633
- const providerName = manifest.serverInfo?.name || "Unknown Provider";
634
- let blueprint = "";
635
- if (manifest.taxonomy) {
636
- blueprint = `\n\n[LIOP Zero-Trust Blueprint]\nDomain: ${manifest.taxonomy.domain}\nClearance Tier: ${manifest.taxonomy.clearanceTier}`;
637
- if (manifest.taxonomy.executionTypes &&
638
- manifest.taxonomy.executionTypes.length > 0) {
639
- blueprint += `\nExecution Types: ${manifest.taxonomy.executionTypes.join(", ")}`;
640
- }
641
- }
642
- const originStamp = `\n\n[LIOP Zero-Trust Origin]\nProvider: ${providerName}\nNetwork ID: ${peerId}${blueprint}`;
643
- // INDUSTRIAL REPLICATION: Mark schema resources clearly
644
- if (augmentedResource.uri.startsWith("liop://schema/")) {
645
- augmentedResource.name = `[SCHEMA] ${augmentedResource.name}`;
646
- augmentedResource.description = `[CRITICAL SCHEMA] ${augmentedResource.description || "Data Dictionary for Zero-Shot Autonomy"}${originStamp}`;
647
- }
648
- else {
649
- augmentedResource.description = augmentedResource.description
650
- ? `${augmentedResource.description}${originStamp}`
651
- : originStamp.trim();
652
- }
653
- resources.push(augmentedResource);
654
- seenUris.add(resource.uri);
655
- }
656
- }
657
- }
658
- return resources;
659
- }
660
- /**
661
- * Resolves the gRPC target (host:port) AND the peerId for a given tool name
662
- * by searching the manifest cache. Supports exact names and suffixed names.
663
- */
664
- resolveManifestTarget(toolName) {
665
- // 1. Try exact match
666
- for (const [peerId, { manifest }] of this.manifestCache.entries()) {
667
- const tool = manifest.tools.find((t) => t.name === toolName);
668
- if (tool) {
669
- return {
670
- peerId,
671
- originalToolName: toolName,
672
- };
673
- }
674
- }
675
- // 2. Try suffixed match (tool_xxxx)
676
- const parts = toolName.split("_");
677
- if (parts.length > 1) {
678
- const suffix = parts.pop();
679
- const baseName = parts.join("_");
680
- for (const [peerId, { manifest }] of this.manifestCache.entries()) {
681
- if (peerId.endsWith(suffix || "")) {
682
- const tool = manifest.tools.find((t) => t.name === baseName);
683
- if (tool) {
684
- return {
685
- peerId,
686
- originalToolName: baseName,
687
- };
688
- }
689
- }
690
- }
691
- }
692
- return null;
693
- }
694
- // biome-ignore lint/suspicious/noExplicitAny: MCP JSON-RPC params/id are polymorphic
695
- async transcodeMcpToLiop(id, params) {
696
- const toolName = params.name;
697
- // Intercept the static diagnostic tool
698
- if (toolName === "LiopMeshStatus") {
699
- // [INDUSTRIAL-FIX] Proactive warm-up: request a refresh when status is called.
700
- // This ensures that even if the DHT was cold, the next status call (or tools/list)
701
- // will have data.
702
- this.refreshManifestCache(true).catch(() => { });
703
- // biome-ignore lint/suspicious/noExplicitAny: private stats for telemetry
704
- const stats = this._discoveryStats || {
705
- candidates: 0,
706
- success: 0,
707
- failures: 0,
708
- };
709
- const providerCount = this.manifestCache.size;
710
- const meshState = this.meshNode ? "Active" : "Offline";
711
- const cachedTools = Array.from(this.manifestCache.values()).reduce((acc, { manifest }) => acc + manifest.tools.length, 0);
712
- const connections = this.meshNode
713
- ? // biome-ignore lint/suspicious/noExplicitAny: access internal nodes
714
- this.meshNode.node?.getConnections().length
715
- : 0;
716
- const bootstrapNodes = this.meshNode &&
717
- // biome-ignore lint/suspicious/noExplicitAny: access internal config
718
- this.meshNode.config?.bootstrapNodes
719
- ? // biome-ignore lint/suspicious/noExplicitAny: access internal config
720
- this.meshNode.config.bootstrapNodes
721
- : [];
722
- const bootstrapCount = bootstrapNodes.length;
723
- const bootstrapList = bootstrapNodes
724
- .map((addr) => {
725
- const parts = addr.split("/");
726
- const id = parts[parts.length - 1];
727
- return ` • ${id ? id.slice(-8) : "Unknown"} (${addr})`;
728
- })
729
- .join("\n");
730
- const routingTableSize = this.meshNode
731
- ? // biome-ignore lint/suspicious/noExplicitAny: access internal nodes
732
- this.meshNode.getRoutingTableSize()
733
- : 0;
734
- const localPeerId = this.meshNode?.getPeerId() || "Offline";
735
- const cachedToolList = Array.from(this.manifestCache.entries())
736
- .flatMap(([peerId, { manifest }]) => manifest.tools.map((t) => ` • ${t.name} (from origin: ${peerId})`))
737
- .join("\n");
738
- const statusText = [
739
- `LIOP Mesh Status: ${meshState === "Active" ? "Active" : "Offline"}`,
740
- `Local Agent Identity: ${localPeerId}`,
741
- `Network: ${connections} Conns | ${routingTableSize} DHT Peers | ${bootstrapCount} Bootstraps`,
742
- bootstrapCount > 0 ? `\nActive Bootstraps:\n${bootstrapList}\n` : "",
743
- `Discovery: ${stats.candidates} Candidates | ${stats.success} OK | ${stats.failures} FAIL`,
744
- `Tooling: ${providerCount} Providers | ${cachedTools} Total Remote Tools`,
745
- cachedTools > 0
746
- ? `\nDiscovered Remote Tools (Zero-Trust Origins):\n${cachedToolList}`
747
- : "\nNo remote tools discovered yet.",
748
- // [Token Economy] Telemetry block (only appears when operations exist)
749
- TokenTelemetryEngine.getInstance().formatStatusBlock(),
750
- ]
751
- .filter((line) => line !== "")
752
- .join("\n");
753
- // [Token Economy] Record diagnostic output telemetry
754
- const diagTelemetry = TokenTelemetryEngine.getInstance();
755
- diagTelemetry.record({
756
- type: "diagnostic",
757
- method: "tools/call",
758
- toolName: "LiopMeshStatus",
759
- estimatedInputTokens: 0,
760
- estimatedOutputTokens: diagTelemetry.countTokens(statusText),
761
- });
762
- return {
763
- jsonrpc: "2.0",
764
- id,
765
- result: {
766
- content: [
767
- {
768
- type: "text",
769
- text: statusText,
770
- },
771
- ],
772
- },
773
- };
774
- }
775
- const isLocal = this.liopServer
776
- .listTools()
777
- .some((t) => t.name === toolName);
778
- if (!isLocal && this.meshNode) {
779
- // Phase 1: Cache-first — resolve directly from cached manifests (zero-latency)
780
- // Per MCP spec, tools don't change between notifications/tools/list_changed.
781
- let target = this.resolveManifestTarget(toolName);
782
- // Phase 2: If not cached, trigger DHT refresh and retry
783
- if (!target) {
784
- await this.refreshManifestCache();
785
- target = this.resolveManifestTarget(toolName);
786
- }
787
- if (target) {
788
- log.info(`[LIOP-Router] Resolved ${toolName} via manifest cache (Peer: ${target.peerId}, Original: ${target.originalToolName})`);
789
- return this.routeToRemoteProvider(id, target.originalToolName, target.peerId, params);
790
- }
791
- // Phase 2: Try DHT-based dynamic provider discovery (fallback for unsuffixed names)
792
- let providers = [];
793
- for (let i = 0; i < 3; i++) {
794
- providers = await this.meshNode.findProviders(toolName);
795
- if (providers.length > 0)
796
- break;
797
- if (i < 2)
798
- await new Promise((r) => setTimeout(r, 1000));
799
- }
800
- if (providers.length > 0) {
801
- return this.routeToRemoteProvider(id, toolName, providers[0], params);
802
- }
803
- }
804
- // If no remote provider found, try local execution
805
- if (isLocal) {
806
- try {
807
- const localStartTime = Date.now();
808
- const result = await this.liopServer.callTool({
809
- name: toolName,
810
- arguments: params.arguments || {},
811
- });
812
- // [Token Economy] Record local tool call telemetry
813
- const localTelemetry = TokenTelemetryEngine.getInstance();
814
- const localInputPayload = JSON.stringify(params.arguments || {});
815
- const localOutputPayload = JSON.stringify(result);
816
- localTelemetry.record({
817
- type: "tool_call",
818
- method: "tools/call",
819
- toolName,
820
- estimatedInputTokens: localTelemetry.countTokens(localInputPayload),
821
- estimatedOutputTokens: localTelemetry.countTokens(localOutputPayload),
822
- durationMs: Date.now() - localStartTime,
823
- });
824
- return { jsonrpc: "2.0", id, result };
825
- }
826
- catch (err) {
827
- return {
828
- jsonrpc: "2.0",
829
- id,
830
- error: {
831
- code: -32000,
832
- message: err instanceof Error ? err.message : String(err),
833
- },
834
- };
835
- }
836
- }
837
- return {
838
- jsonrpc: "2.0",
839
- id,
840
- error: {
841
- code: -32002,
842
- message: `No provider found for tool: ${toolName}. Ensure the provider node is active and connected to the mesh.`,
843
- },
844
- };
845
- }
846
- async routeToRemoteProvider(
847
- // biome-ignore lint/suspicious/noExplicitAny: MCP polymorphic
848
- id, toolName, peerId,
849
- // biome-ignore lint/suspicious/noExplicitAny: MCP polymorphic
850
- params) {
851
- if (!this.meshNode)
852
- return {
853
- jsonrpc: "2.0",
854
- id,
855
- error: { code: -32603, message: "Mesh Node inactive" },
856
- };
857
- // Dynamic gRPC port resolution from manifest cache
858
- let manifestEntry = this.manifestCache.get(peerId);
859
- let grpcPort = this.defaultRpcPort;
860
- if (manifestEntry) {
861
- grpcPort = manifestEntry.manifest.grpcPort;
862
- }
863
- else {
864
- // Try to query the manifest directly
865
- const manifest = await this.meshNode.queryManifest(peerId);
866
- if (manifest) {
867
- grpcPort = manifest.grpcPort;
868
- this.manifestCache.set(peerId, {
869
- manifest,
870
- cachedAt: Date.now(),
871
- });
872
- manifestEntry = this.manifestCache.get(peerId);
873
- }
874
- }
875
- // Host-mode convenience (opt-in):
876
- // Some Docker Desktop setups publish gRPC ports on the host as 13011/13021/13031.
877
- // Inside Docker networks we must keep the manifest-advertised container port.
878
- if (manifestEntry && process.env.LIOP_USE_PUBLISHED_GRPC_PORTS === "1") {
879
- const providerName = manifestEntry.manifest.serverInfo?.name?.toLowerCase() || "";
880
- if (providerName.includes("vault"))
881
- grpcPort = 13011;
882
- else if (providerName.includes("bank"))
883
- grpcPort = 13021;
884
- else if (providerName.includes("oracle"))
885
- grpcPort = 13031;
886
- }
887
- // Resolve IP from active connections
888
- const addrs = await this.meshNode.resolvePeer(peerId);
889
- let targetAddr = null;
890
- // [LIOP-ALPHA] Check if the peer is running on the same physical machine
891
- // by comparing its advertised IPs against our local OS interfaces.
892
- const os = await import("node:os");
893
- const localInterfaces = Object.values(os.networkInterfaces())
894
- .flat()
895
- .filter((i) => i?.family === "IPv4")
896
- .map((i) => i?.address);
897
- // Loop through all advertised addresses to find the optimal target
898
- for (const addr of addrs) {
899
- const parts = addr.split("/");
900
- const ipIdx = parts.indexOf("ip4");
901
- if (ipIdx !== -1) {
902
- const advertisedIp = parts[ipIdx + 1];
903
- // Loopback priority or Same-Machine detection
904
- if (advertisedIp === "127.0.0.1" ||
905
- localInterfaces.includes(advertisedIp)) {
906
- targetAddr = `127.0.0.1:${grpcPort}`;
907
- break; // Supreme priority for local execution
908
- }
909
- // Default to first discovered valid external IP
910
- if (!targetAddr) {
911
- targetAddr = `${advertisedIp}:${grpcPort}`;
912
- }
913
- }
914
- }
915
- if (!targetAddr) {
916
- // Fallback to localhost with the dynamically resolved port
917
- targetAddr = `127.0.0.1:${grpcPort}`;
918
- }
919
- log.info(`[LIOP-Router] Dynamic route: ${toolName} -> ${targetAddr} (PeerID: ${peerId})`);
920
- const remoteClient = new liopV1.LogicMesh(targetAddr, createChannelCredentials());
921
- return this.performTranscoding(id, remoteClient, toolName, params, peerId);
922
- }
923
- async performTranscoding(
924
- // biome-ignore lint/suspicious/noExplicitAny: MCP polymorphic
925
- id,
926
- // biome-ignore lint/suspicious/noExplicitAny: gRPC client from dynamic proto-loader
927
- client, toolName,
928
- // biome-ignore lint/suspicious/noExplicitAny: MCP polymorphic
929
- params, peerId) {
930
- const capabilityHash = toolName;
931
- const proofOfIntent = this.meshNode
932
- ? await this.meshNode.sign(Buffer.from(capabilityHash))
933
- : Buffer.from([]);
934
- const transcodingStartTime = Date.now();
935
- return new Promise((resolve) => {
936
- client.negotiateIntent({
937
- agent_did: `did:liop:${this.meshNode?.getPeerId() || "mcp-proxy"}`,
938
- capability_hash: capabilityHash,
939
- proof_of_intent: proofOfIntent,
940
- }, async (err, response) => {
941
- if (err || !response.accepted) {
942
- return resolve({
943
- jsonrpc: "2.0",
944
- id,
945
- result: {
946
- content: [
947
- {
948
- type: "text",
949
- text: `PQC Handshake Failed: ${err?.message || "Rejected"}`,
950
- },
951
- ],
952
- isError: true,
953
- },
954
- });
955
- }
956
- const { ciphertext, sharedSecret } = await Kyber768Wrapper.encapsulateAsymmetric(response.kyber_public_key);
957
- // SECURITY: Avoid AES-GCM nonce reuse across multiple ciphertexts.
958
- // We embed arguments directly into the proxy logic so we only encrypt ONE payload per session/nonce.
959
- const embeddedArgsJson = JSON.stringify(params.arguments || {});
960
- const proxyLogic = `return { "__liop_proxy_tool": "${toolName}", "__liop_proxy_args": ${embeddedArgsJson} };`;
961
- const nonce = crypto.randomBytes(12);
962
- const sealedLogic = this.encryptWithNonce(Buffer.from(proxyLogic), sharedSecret, nonce);
963
- const call = client.executeLogic({
964
- session_token: response.session_token,
965
- wasm_binary: new Uint8Array(sealedLogic),
966
- inputs: {},
967
- pqc_ciphertext: ciphertext,
968
- aes_nonce: nonce,
969
- });
970
- let resultBody = "";
971
- let lastResponse = null;
972
- call.on("data", (grpcRes) => {
973
- resultBody += grpcRes.semantic_evidence;
974
- lastResponse = grpcRes;
975
- });
976
- call.on("end", async () => {
977
- try {
978
- if (lastResponse) {
979
- const isValid = await this.verifier.verifyZkReceipt(Buffer.from(proxyLogic), Buffer.from(lastResponse.cryptographic_proof).toString("hex"), Buffer.from(lastResponse.zk_receipt));
980
- if (!isValid) {
981
- return resolve({
982
- jsonrpc: "2.0",
983
- id,
984
- result: {
985
- content: [
986
- {
987
- type: "text",
988
- text: "SECURITY ALERT: Remote response failed cryptographic integrity audit.",
989
- },
990
- ],
991
- isError: true,
992
- },
993
- });
994
- }
995
- }
996
- const parsedResult = JSON.parse(resultBody);
997
- // [Token Economy] Record remote tool call telemetry
998
- const remoteTelemetry = TokenTelemetryEngine.getInstance();
999
- remoteTelemetry.record({
1000
- type: "tool_call",
1001
- method: "tools/call",
1002
- toolName,
1003
- peerId,
1004
- estimatedInputTokens: remoteTelemetry.countTokens(embeddedArgsJson),
1005
- estimatedOutputTokens: remoteTelemetry.countTokens(resultBody),
1006
- durationMs: Date.now() - transcodingStartTime,
1007
- });
1008
- resolve({ jsonrpc: "2.0", id, result: parsedResult });
1009
- }
1010
- catch (_e) {
1011
- resolve({
1012
- jsonrpc: "2.0",
1013
- id,
1014
- result: { content: [{ type: "text", text: resultBody }] },
1015
- });
1016
- }
1017
- });
1018
- call.on("error", (e) => resolve({
1019
- jsonrpc: "2.0",
1020
- id,
1021
- result: {
1022
- content: [
1023
- { type: "text", text: `LIOP gRPC Error: ${e.message}` },
1024
- ],
1025
- isError: true,
1026
- },
1027
- }));
1028
- });
1029
- });
1030
- }
1031
- encryptWithNonce(payload, key, nonce) {
1032
- const cipher = crypto.createCipheriv("aes-256-gcm", key, nonce);
1033
- const encrypted = Buffer.concat([cipher.update(payload), cipher.final()]);
1034
- return Buffer.concat([encrypted, cipher.getAuthTag()]);
1035
- }
1036
- }