@nekzus/liop 2.0.0-alpha.1 → 2.0.0-alpha.3

package/dist/bridge/index.js

@@ -1,249 +0,0 @@
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { LiopServer } from "../server/index.js";
-import { log } from "../utils/logger.js";
-/**
- * LIOP MCP Bridge
- * A bi-directional bridge that allows legacy MCP servers to join the LIOP mesh,
- * or exposes a LIOP server as an MCP-compatible stdio process for tools like Claude Desktop.
- */
-export class LiopMcpBridge {
-    options;
-    liopServer = null;
-    legacyMcpServer = null;
-    constructor(source, options = {}) {
-        this.options = options;
-        // Determine mode: Exposing LIOP to MCP (Claude) or Wrapping MCP to LIOP (Mesh)
-        if (source instanceof LiopServer) {
-            this.liopServer = source;
-            log.info("[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)");
-        }
-        else if (source instanceof McpServer) {
-            this.legacyMcpServer = source;
-            log.info("[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)");
-        }
-    }
-    /**
-     * Handles an incoming standard MCP JSON-RPC 2.0 payload.
-     * Pipes it to the underlying server (LIOP or Legacy MCP).
-     */
-    async handleJsonRpcRequest(payload) {
-        const id = payload.id;
-        const method = payload.method;
-        const params = payload.params;
-        if (payload.jsonrpc !== "2.0") {
-            return this.errorResponse(id, -32600, "Invalid Request");
-        }
-        // Mode: EXPOSE (Standard behavior used by Claude Desktop)
-        if (this.liopServer) {
-            return this.handleLiopToMcp(id, method, params);
-        }
-        // Mode: WRAP (Redirecting via internal LiopServer after connect())
-        if (this.legacyMcpServer && this.liopServer) {
-            return this.handleLiopToMcp(id, method, params);
-        }
-        return this.errorResponse(id, -32601, "Bridge source not configured");
-    }
-    async handleLiopToMcp(id, method, params) {
-        if (!this.liopServer)
-            return null;
-        if (method === "initialize") {
-            return this.successResponse(id, {
-                protocolVersion: "2025-11-25",
-                capabilities: {
-                    prompts: {},
-                    resources: {},
-                    tools: {},
-                },
-                serverInfo: this.liopServer.getServerInfo(),
-            });
-        }
-        if (method === "notifications/initialized")
-            return undefined;
-        if (method === "ping")
-            return this.successResponse(id, {});
-        if (method === "tools/list") {
-            const tools = this.liopServer.listTools();
-            return this.successResponse(id, { tools });
-        }
-        if (method === "resources/list") {
-            const resources = this.liopServer.listResources();
-            return this.successResponse(id, { resources });
-        }
-        if (method === "prompts/list") {
-            const prompts = this.liopServer.listPrompts();
-            return this.successResponse(id, { prompts });
-        }
-        if (method === "prompts/get") {
-            if (!params?.name) {
-                return this.errorResponse(id, -32602, "Missing prompt name");
-            }
-            try {
-                const result = await this.liopServer.getPrompt({
-                    name: params.name,
-                    arguments: params.arguments,
-                });
-                return this.successResponse(id, result);
-            }
-            catch (err) {
-                return this.errorResponse(id, -32000, err.message);
-            }
-        }
-        if (method === "resources/read") {
-            if (!params?.uri) {
-                return this.errorResponse(id, -32602, "Missing resource URI");
-            }
-            try {
-                const result = await this.liopServer.readResource(params.uri);
-                return this.successResponse(id, result);
-            }
-            catch (err) {
-                return this.errorResponse(id, -32000, err.message);
-            }
-        }
-        if (method === "tools/call") {
-            if (!params?.name) {
-                return this.errorResponse(id, -32602, "Missing tool name");
-            }
-            const request = {
-                name: params.name,
-                arguments: params.arguments || {},
-            };
-            try {
-                const result = await this.liopServer.callTool(request);
-                const isVerified = await this.verifyZkReceipt(request, result);
-                if (!isVerified) {
-                    return this.successResponse(id, {
-                        content: [
-                            {
-                                type: "text",
-                                text: "ALERT [LIOP ZERO-TRUST SHIELD] ZK Verification Failed. The mathematical ImageID does not match the original payload.",
-                            },
-                        ],
-                        isError: true,
-                    });
-                }
-                return this.successResponse(id, result);
-            }
-            catch (err) {
-                return this.errorResponse(id, -32000, err.message);
-            }
-        }
-        return this.errorResponse(id, -32601, "Method not found");
-    }
-    successResponse(id, result) {
-        return { jsonrpc: "2.0", id, result };
-    }
-    errorResponse(id, code, message) {
-        return { jsonrpc: "2.0", id, error: { code, message } };
-    }
-    async verifyZkReceipt(request, result) {
-        if (!request.arguments?.payload ||
-            typeof request.arguments.payload !== "string") {
-            return true;
-        }
-        try {
-            const payload = request.arguments.payload;
-            const contentText = result.content[0]?.text;
-            if (contentText && typeof contentText === "string") {
-                try {
-                    const data = JSON.parse(contentText);
-                    if (data.image_id || data.zk_receipt) {
-                        // 1. Instantiate the Industrial Verifier ( backed by Piscina Worker Pool )
-                        const { LiopVerifier } = await import("../crypto/verifier.js");
-                        const verifier = new LiopVerifier();
-                        // 2. Delegate the heavy mathematical check (ZK Journal + Seal)
-                        const isAuthentic = await verifier.verifyZkReceipt(Buffer.from(payload, "utf-8"), data.image_id, Buffer.from(data.zk_receipt || "", "base64"));
-                        if (!isAuthentic) {
-                            return false;
-                        }
-                        data.audit_status =
-                            "VERIFIED: ZK-Receipt & ImageID Mathematically Verified by LiopMcpBridge";
-                        result.content[0].text = JSON.stringify(data);
-                    }
-                }
-                catch {
-                    // Output not JSON
-                }
-            }
-            return true;
-        }
-        catch (e) {
-            log.info("[LIOP-Bridge] ZK-Verifier Failure:", e);
-            return false;
-        }
-    }
-    /**
-     * Connects the bridge via stdio or Mesh depending on mode.
-     */
-    async connect() {
-        // In WRAP mode, we actually need to create a LiopServer and join the mesh
-        if (this.legacyMcpServer) {
-            const { LiopServer } = await import("../server/index.js");
-            this.liopServer = new LiopServer(this.options.serverInfo || {
-                name: "liop-bridge",
-                version: "1.0.0",
-            }, { security: this.options.security });
-            if (this.options.publishToMesh) {
-                await this.liopServer.connect();
-                // Automatically Bridge Legacy Capabilities to LIOP Mesh
-                // biome-ignore lint/suspicious/noExplicitAny: Internal legacy MCP properties are completely opaque and unexported
-                const legacy = this.legacyMcpServer;
-                // 1. Sync Tools
-                if (legacy._registeredTools) {
-                    for (const [name, tool] of Object.entries(legacy._registeredTools)) {
-                        // biome-ignore lint/suspicious/noExplicitAny: Opaque legacy structure
-                        const t = tool;
-                        this.liopServer.tool(name, t.description || "", t.inputSchema || {}, 
-                        // biome-ignore lint/suspicious/noExplicitAny: Opaque legacy callback args
-                        async (args) => {
-                            return await t.handler(args);
-                        });
-                    }
-                }
-                // 2. Sync Resources
-                if (legacy._registeredResources) {
-                    for (const [uri, resource] of Object.entries(legacy._registeredResources)) {
-                        // biome-ignore lint/suspicious/noExplicitAny: Opaque legacy structure
-                        const r = resource;
-                        this.liopServer.resource(r.name, uri, r.metadata?.description || "", r.metadata?.mimeType || "application/octet-stream", async () => {
-                            const res = await r.readCallback(new URL(uri));
-                            return res.contents[0].text;
-                        });
-                    }
-                }
-            }
-            return;
-        }
-        // In EXPOSE mode, listen to stdio (Claude Desktop)
-        const readline = await import("node:readline");
-        const rl = readline.createInterface({
-            input: process.stdin,
-            output: process.stdout,
-            terminal: false,
-        });
-        const shutdown = async () => {
-            log.info("[LIOP-Bridge] Disconnecting session...");
-            if (this.liopServer)
-                await this.liopServer.close();
-            process.exit(0);
-        };
-        rl.on("close", shutdown);
-        process.on("SIGINT", shutdown);
-        process.on("SIGTERM", shutdown);
-        rl.on("line", async (line) => {
-            if (!line.trim())
-                return;
-            try {
-                const payload = JSON.parse(line);
-                const response = await this.handleJsonRpcRequest(payload);
-                if (response) {
-                    process.stdout.write(`${JSON.stringify(response)}\n`);
-                }
-            }
-            catch (e) {
-                log.error(`[LIOP-Bridge] Error: ${e.message}`);
-            }
-        });
-    }
-}
-export * from "./stream.js";

package/dist/bridge/stream.js

@@ -1,210 +0,0 @@
-import { randomUUID } from "node:crypto";
-import { serve } from "@hono/node-server";
-import { WebStandardStreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js";
-import { Hono } from "hono";
-import { cors } from "hono/cors";
-import { log } from "../utils/logger.js";
-import { LiopMcpBridge } from "./index.js";
-const DEFAULT_MAX_SESSIONS_PER_IP = 10;
-const DEFAULT_SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
-const EVICTION_INTERVAL_MS = 60 * 1000; // Check every minute
-/**
- * LiopStreamBridge
- *
- * Exposes a LiopServer over a remote HTTP network using the industry-standard
- * MCP Streamable HTTP Transport + Hono JS.
- *
- * Supports concurrent multi-client connections via per-session transport instances (Map pattern).
- * External agents connect using only a URL + Bearer Token (Zero-Trust).
- *
- * Security hardening:
- * - Zero-Trust Bearer Token enforcement
- * - Per-IP rate limiting on session creation
- * - Automatic eviction of idle sessions (TTL)
- */
-export class LiopStreamBridge {
-    options;
-    app;
-    httpServer = null;
-    bridgeLogic;
-    activeSessions;
-    evictionTimer = null;
-    maxSessionsPerIp;
-    sessionTimeoutMs;
-    constructor(internalServer, options = {}) {
-        this.options = options;
-        this.app = new Hono();
-        this.bridgeLogic = new LiopMcpBridge(internalServer);
-        this.activeSessions = new Map();
-        this.maxSessionsPerIp =
-            options.maxSessionsPerIp ?? DEFAULT_MAX_SESSIONS_PER_IP;
-        this.sessionTimeoutMs =
-            options.sessionTimeoutMs ?? DEFAULT_SESSION_TIMEOUT_MS;
-        this.setupRoutes();
-    }
-    /**
-     * Creates a new per-session transport instance and wires it to the LIOPMcpBridge logic.
-     */
-    createSessionTransport(clientIp) {
-        const transport = new WebStandardStreamableHTTPServerTransport({
-            sessionIdGenerator: () => randomUUID(),
-            onsessioninitialized: (sessionId) => {
-                this.activeSessions.set(sessionId, {
-                    transport,
-                    lastActivity: Date.now(),
-                    clientIp,
-                });
-                log.info(`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`);
-            },
-        });
-        // Wire the transport's incoming messages to the LiopMcpBridge JSON-RPC router
-        transport.onmessage = async (message) => {
-            // Touch activity timestamp on every message
-            if (transport.sessionId) {
-                const entry = this.activeSessions.get(transport.sessionId);
-                if (entry)
-                    entry.lastActivity = Date.now();
-            }
-            try {
-                const result = await this.bridgeLogic.handleJsonRpcRequest(message);
-                // Notifications return undefined — no response needed
-                if (result !== undefined) {
-                    await transport.send(result);
-                }
-            }
-            catch (err) {
-                log.info("[LIOP-StreamBridge] JSON-RPC error:", err.message);
-            }
-        };
-        transport.onclose = () => {
-            if (transport.sessionId) {
-                this.activeSessions.delete(transport.sessionId);
-                log.info(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);
-            }
-        };
-        return transport;
-    }
-    /**
-     * Returns the number of active sessions for a given IP.
-     */
-    countSessionsByIp(ip) {
-        let count = 0;
-        for (const entry of this.activeSessions.values()) {
-            if (entry.clientIp === ip)
-                count++;
-        }
-        return count;
-    }
-    /**
-     * Extracts client IP from the request (supports X-Forwarded-For for reverse proxies).
-     */
-    getClientIp(c) {
-        return (c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ||
-            c.req.header("x-real-ip") ||
-            "unknown");
-    }
-    /**
-     * Evicts sessions that have been idle longer than the configured timeout.
-     */
-    evictIdleSessions() {
-        const now = Date.now();
-        for (const [sessionId, entry] of this.activeSessions) {
-            if (now - entry.lastActivity > this.sessionTimeoutMs) {
-                log.info(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);
-                entry.transport.close().catch(() => {
-                    /* Swallow close errors */
-                });
-                this.activeSessions.delete(sessionId);
-            }
-        }
-    }
-    setupRoutes() {
-        this.app.use("*", cors());
-        // Initialize strict zero-trust token if not provided
-        if (!process.env.ZERO_TRUST_TOKEN) {
-            process.env.ZERO_TRUST_TOKEN = randomUUID();
-            log.info("=".repeat(60));
-            log.info("⚠️ STRICT ZERO-TRUST MODE ENABLED ⚠️");
-            log.info("No ZERO_TRUST_TOKEN found in environment.");
-            log.info("A secure ephemeral token has been generated for this session:");
-            log.info(`Token: ${process.env.ZERO_TRUST_TOKEN}`);
-            log.info("=".repeat(60));
-        }
-        // ZTA (Zero-Trust Architecture) Security Middleware
-        this.app.use("/mcp", async (c, next) => {
-            const auth = c.req.header("Authorization");
-            const expectedToken = process.env.ZERO_TRUST_TOKEN;
-            if (!auth?.startsWith("Bearer ") ||
-                auth.split(" ")[1] !== expectedToken) {
-                log.info("[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.");
-                return c.json({ error: "Unauthorized: LIOP Zero-Trust Policy Enforced" }, 401);
-            }
-            await next();
-        });
-        // Multi-Session Streamable HTTP Handler
-        this.app.all("/mcp", async (c) => {
-            const sessionId = c.req.header("mcp-session-id");
-            // Route to existing session if session ID is present
-            if (sessionId) {
-                const existing = this.activeSessions.get(sessionId);
-                if (!existing) {
-                    return c.json({ error: "Session not found" }, 404);
-                }
-                // Touch activity on every routed request
-                existing.lastActivity = Date.now();
-                const response = await existing.transport.handleRequest(c.req.raw);
-                // If DELETE, the transport closes internally but onclose may not fire.
-                // Explicitly clean up the session from the Map.
-                if (c.req.method === "DELETE") {
-                    this.activeSessions.delete(sessionId);
-                    log.info(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);
-                }
-                return response;
-            }
-            // No session ID → New client initializing.
-            // Rate-limit: enforce max sessions per IP
-            const clientIp = this.getClientIp(c);
-            const currentSessions = this.countSessionsByIp(clientIp);
-            if (currentSessions >= this.maxSessionsPerIp) {
-                log.info(`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`);
-                return c.json({ error: "Too Many Sessions: Rate limit exceeded" }, 429);
-            }
-            const transport = this.createSessionTransport(clientIp);
-            return transport.handleRequest(c.req.raw);
-        });
-    }
-    /**
-     * Starts the LiopStreamBridge HTTP server and session eviction timer.
-     */
-    async start(port) {
-        const listenPort = port ?? this.options.port ?? 3000;
-        // Start the idle session eviction timer
-        this.evictionTimer = setInterval(() => this.evictIdleSessions(), EVICTION_INTERVAL_MS);
-        return new Promise((resolve) => {
-            this.httpServer = serve({
-                fetch: this.app.fetch,
-                port: listenPort,
-            }, (info) => {
-                log.info(`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`);
-                resolve();
-            });
-        });
-    }
-    /**
-     * Graceful shutdown — closes all active sessions, stops timers, and releases port.
-     */
-    async stop() {
-        if (this.evictionTimer) {
-            clearInterval(this.evictionTimer);
-            this.evictionTimer = null;
-        }
-        for (const [id, entry] of this.activeSessions) {
-            await entry.transport.close();
-            this.activeSessions.delete(id);
-        }
-        if (this.httpServer) {
-            this.httpServer.close();
-            log.info("[LIOP-StreamBridge] HTTP ports released.");
-        }
-    }
-}