@nekzus/liop 2.0.1-beta.1 → 2.1.0-alpha.2

package/dist/{chunk-W2QGWRTT.js.map → chunk-I7OTWNFM.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../src/bridge/stream.ts","../src/bridge/index.ts"],"names":["DEFAULT_MAX_SESSIONS_PER_IP","DEFAULT_SESSION_TIMEOUT_MS","EVICTION_INTERVAL_MS","LiopStreamBridge","internalServer","options","Hono","LiopMcpBridge","clientIp","WebStandardStreamableHTTPServerTransport","transport","randomUUID","sessionId","log","message","entry","result","err","ip","count","c","now","cors","next","auth","token","expectedToken","jwtValidator","e","existing","response","currentSessions","port","listenPort","resolve","serve","info","id","source","payload","method","params","tools","resources","prompts","request","code","contentText","data","LiopVerifier","LiopServer","legacy","name","tool","t","args","uri","resource","r","rl","shutdown","line"],"mappings":"+JA6BA,IAAMA,CAAAA,CAA8B,GAC9BC,CAAAA,CAA6B,IAAA,CAAU,GAAA,CACvCC,CAAAA,CAAuB,GAAK,GAAA,CAgBrBC,CAAAA,CAAN,KAAuB,CAS7B,WAAA,CACCC,EACQC,CAAAA,CAAmC,EAAC,CAC3C,CADO,aAAAA,CAAAA,CAER,IAAA,CAAK,IAAM,IAAIC,IAAAA,CACf,KAAK,WAAA,CAAc,IAAIC,CAAAA,CAAcH,CAAc,EACnD,IAAA,CAAK,cAAA,CAAiB,IAAI,GAAA,CAC1B,IAAA,CAAK,iBACJC,CAAAA,CAAQ,gBAAA,EAAoBL,CAAAA,CAC7B,IAAA,CAAK,iBACJK,CAAAA,CAAQ,gBAAA,EAAoBJ,EAE7B,IAAA,CAAK,WAAA,GACN,CArBQ,GAAA,CACA,UAAA,CAA8C,IAAA,CAC9C,YACA,cAAA,CACA,aAAA,CAAuD,KACvD,gBAAA,CACA,gBAAA,CAoBR,MAAc,sBAAA,CACbO,CAAAA,CACoD,CACpD,GAAM,CAAE,wCAAA,CAAAC,CAAyC,EAAI,MAAM,OAC1D,+DACD,CAAA,CACMC,CAAAA,CAAY,IAAID,CAAAA,CAAyC,CAC9D,kBAAA,CAAoB,IAAME,YAAW,CACrC,oBAAA,CAAuBC,GAAsB,CAC5C,IAAA,CAAK,cAAA,CAAe,GAAA,CAAIA,EAAW,CAClC,SAAA,CAAAF,EACA,YAAA,CAAc,IAAA,CAAK,KAAI,CACvB,QAAA,CAAAF,CACD,CAAC,EACDK,CAAAA,CAAI,IAAA,CACH,uCAAuCD,CAAS,CAAA,MAAA,EAASJ,CAAQ,CAAA,CAAA,CAClE,EACD,CACD,CAAC,EAGD,OAAAE,CAAAA,CAAU,UAAY,MAAOI,CAAAA,EAA4B,CAExD,GAAIJ,CAAAA,CAAU,SAAA,CAAW,CACxB,IAAMK,CAAAA,CAAQ,IAAA,CAAK,eAAe,GAAA,CAAIL,CAAAA,CAAU,SAAS,CAAA,CACrDK,CAAAA,GAAOA,CAAAA,CAAM,YAAA,CAAe,KAAK,GAAA,EAAI,EAC1C,CAEA,GAAI,CACH,IAAMC,CAAAA,CAAS,MAAM,IAAA,CAAK,WAAA,CAAY,qBACrCF,CACD,CAAA,CAEIE,IAAW,KAAA,CAAA,EACd,MAAMN,EAAU,IAAA,CAAKM,CAAwB,EAE/C,CAAA,MAASC,EAAc,CACtBJ,CAAAA,CAAI,KAAK,qCAAA,CAAwCI,CAAAA,CAAc,OAAO,EACvE,CACD,CAAA,CAEAP,CAAAA,CAAU,QAAU,IAAM,CACrBA,EAAU,SAAA,GACb,IAAA,CAAK,eAAe,MAAA,CAAOA,CAAAA,CAAU,SAAS,CAAA,CAC9CG,EAAI,IAAA,CAAK,CAAA,oCAAA,EAAuCH,EAAU,SAAS,CAAA,CAAE,GAEvE,CAAA,CAEOA,CACR,CAKQ,iBAAA,CAAkBQ,EAAoB,CAC7C,IAAIC,EAAQ,CAAA,CACZ,IAAA,IAAWJ,KAAS,IAAA,CAAK,cAAA,CAAe,MAAA,EAAO,CAC1CA,EAAM,QAAA,GAAaG,CAAAA,EAAIC,IAE5B,OAAOA,CACR,CAKQ,WAAA,CAAYC,CAAAA,CAET,CACV,OACCA,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,IAChDA,CAAAA,CAAE,GAAA,CAAI,OAAO,WAAW,CAAA,EACxB,SAEF,CAKQ,iBAAA,EAA0B,CACjC,IAAMC,EAAM,IAAA,CAAK,GAAA,GACjB,IAAA,GAAW,CAACT,EAAWG,CAAK,CAAA,GAAK,IAAA,CAAK,cAAA,CACjCM,EAAMN,CAAAA,CAAM,YAAA,CAAe,KAAK,gBAAA,GACnCF,CAAAA,CAAI,KAAK,CAAA,2CAAA,EAA8CD,CAAS,CAAA,CAAE,CAAA,CAClEG,EAAM,SAAA,CAAU,KAAA,GAAQ,KAAA,CAAM,IAAM,CAEpC,CAAC,CAAA,CACD,IAAA,CAAK,cAAA,CAAe,OAAOH,CAAS,CAAA,EAGvC,CAEQ,WAAA,EAAc,CACrB,KAAK,GAAA,CAAI,GAAA,CAAI,GAAA,CAAKU,IAAAA,EAAM,CAAA,CAGnB,OAAA,CAAQ,IAAI,gBAAA,GAChB,OAAA,CAAQ,IAAI,gBAAA,CAAmBX,UAAAA,EAAW,CAC1CE,CAAAA,CAAI,KAAK,GAAA,CAAI,MAAA,CAAO,EAAE,CAAC,CAAA,CACvBA,EAAI,IAAA,CAAK,0DAAsC,CAAA,CAC/CA,CAAAA,CAAI,KAAK,2CAA2C,CAAA,CACpDA,EAAI,IAAA,CAAK,+DAA+D,EACxEA,CAAAA,CAAI,IAAA,CAAK,CAAA,OAAA,EAAU,OAAA,CAAQ,IAAI,gBAAgB,CAAA,CAAE,EACjDA,CAAAA,CAAI,IAAA,CAAK,IAAI,MAAA,CAAO,EAAE,CAAC,CAAA,CAAA,CAIxB,KAAK,GAAA,CAAI,GAAA,CAAI,OAAQ,MAAOO,CAAAA,CAAGG,IAAS,CACvC,IAAMC,CAAAA,CAAOJ,CAAAA,CAAE,IAAI,MAAA,CAAO,eAAe,EACzC,GAAI,CAACI,GAAM,UAAA,CAAW,SAAS,CAAA,CAC9B,OAAOJ,EAAE,IAAA,CACR,CAAE,MAAO,+CAAgD,CAAA,CACzD,GACD,CAAA,CAGD,IAAMK,CAAAA,CAAQD,CAAAA,CAAK,MAAM,CAAC,CAAA,CACpBE,EAAgB,OAAA,CAAQ,GAAA,CAAI,iBAGlC,GAAIA,CAAAA,EAAiBD,CAAAA,GAAUC,CAAAA,CAAe,CAC7C,MAAMH,CAAAA,GACN,MACD,CAGA,IAAMI,CAAAA,CAAe,IAAA,CAAK,WAAA,CAAY,SAAA,IAAa,YAAA,CACnD,GAAIA,EACH,GAAI,CACH,MAAMA,CAAAA,CAAa,QAAA,CAASF,CAAK,CAAA,CACjC,MAAMF,CAAAA,EAAK,CACX,MACD,CAAA,MAASK,GAAAA,CAAY,CACpB,OAAAf,CAAAA,CAAI,IAAA,CACH,CAAA,2CAAA,EAA+Ce,IAAY,OAAO,CAAA,CACnE,EACOR,CAAAA,CAAE,IAAA,CACR,CACC,KAAA,CAAO,CAAA,sCAAA,EAA0CQ,GAAAA,CAAY,OAAO,EACrE,CAAA,CACA,GACD,CACD,CAGD,OAAAf,EAAI,IAAA,CACH,sEACD,CAAA,CACOO,CAAAA,CAAE,KACR,CAAE,KAAA,CAAO,+CAAgD,CAAA,CACzD,GACD,CACD,CAAC,CAAA,CAGD,IAAA,CAAK,GAAA,CAAI,IAAI,MAAA,CAAQ,MAAOA,GAAM,CACjC,IAAMR,EAAYQ,CAAAA,CAAE,GAAA,CAAI,MAAA,CAAO,gBAAgB,EAG/C,GAAIR,CAAAA,CAAW,CACd,IAAMiB,CAAAA,CAAW,KAAK,cAAA,CAAe,GAAA,CAAIjB,CAAS,CAAA,CAClD,GAAI,CAACiB,CAAAA,CACJ,OAAOT,CAAAA,CAAE,IAAA,CAAK,CAAE,KAAA,CAAO,mBAAoB,CAAA,CAAG,GAAG,EAGlDS,CAAAA,CAAS,YAAA,CAAe,KAAK,GAAA,EAAI,CAEjC,IAAMC,GAAAA,CAAW,MAAMD,CAAAA,CAAS,SAAA,CAAU,cAAcT,CAAAA,CAAE,GAAA,CAAI,GAAG,CAAA,CAIjE,OAAIA,EAAE,GAAA,CAAI,MAAA,GAAW,QAAA,GACpB,IAAA,CAAK,eAAe,MAAA,CAAOR,CAAS,EACpCC,CAAAA,CAAI,IAAA,CAAK,gDAAgDD,CAAS,CAAA,CAAE,CAAA,CAAA,CAG9DkB,GACR,CAIA,IAAMtB,CAAAA,CAAW,KAAK,WAAA,CAAYY,CAAC,EAC7BW,CAAAA,CAAkB,IAAA,CAAK,iBAAA,CAAkBvB,CAAQ,EACvD,OAAIuB,CAAAA,EAAmB,KAAK,gBAAA,EAC3BlB,CAAAA,CAAI,KACH,CAAA,2CAAA,EAA8CL,CAAQ,CAAA,EAAA,EAAKuB,CAAe,YAC3E,CAAA,CACOX,CAAAA,CAAE,KAAK,CAAE,KAAA,CAAO,wCAAyC,CAAA,CAAG,GAAG,CAAA,EAIhE,KAAA,CADW,MAAM,IAAA,CAAK,sBAAA,CAAuBZ,CAAQ,CAAA,EACrC,aAAA,CAAcY,EAAE,GAAA,CAAI,GAAG,CAC/C,CAAC,EACF,CAKA,MAAa,MAAMY,CAAAA,CAA8B,CAChD,IAAMC,CAAAA,CAAaD,CAAAA,EAAQ,IAAA,CAAK,OAAA,CAAQ,MAAQ,GAAA,CAGhD,OAAA,IAAA,CAAK,cAAgB,WAAA,CACpB,IAAM,KAAK,iBAAA,EAAkB,CAC7B9B,CACD,CAAA,CAEO,IAAI,OAAA,CAASgC,CAAAA,EAAY,CAC/B,IAAA,CAAK,UAAA,CAAaC,MACjB,CACC,KAAA,CAAO,IAAA,CAAK,GAAA,CAAI,MAChB,IAAA,CAAMF,CACP,EACCG,CAAAA,EAAS,CACTvB,EAAI,IAAA,CACH,CAAA,gEAAA,EAAmEuB,CAAAA,CAAK,IAAI,MAC7E,CAAA,CACAF,CAAAA,GACD,CACD,EACD,CAAC,CACF,CAKA,MAAa,IAAA,EAAsB,CAC9B,IAAA,CAAK,aAAA,GACR,cAAc,IAAA,CAAK,aAAa,EAChC,IAAA,CAAK,aAAA,CAAgB,IAAA,CAAA,CAGtB,IAAA,GAAW,CAACG,CAAAA,CAAItB,CAAK,IAAK,IAAA,CAAK,cAAA,CAC9B,MAAMA,CAAAA,CAAM,SAAA,CAAU,KAAA,EAAM,CAC5B,KAAK,cAAA,CAAe,MAAA,CAAOsB,CAAE,CAAA,CAG1B,IAAA,CAAK,aACR,IAAA,CAAK,UAAA,CAAW,KAAA,EAAM,CACtBxB,EAAI,IAAA,CAAK,0CAA0C,GAErD,CACD,MCvSaN,CAAAA,CAAN,KAAoB,CAG1B,WAAA,CAEC+B,EACQjC,CAAAA,CAA6B,GACpC,CADO,IAAA,CAAA,OAAA,CAAAA,EAIJiC,CAAAA,EAAQ,WAAA,EAAa,IAAA,GAAS,YAAA,EACjC,KAAK,UAAA,CAAaA,CAAAA,CAClBzB,EAAI,IAAA,CAAK,gDAAgD,GAC/CyB,CAAAA,EAAQ,WAAA,EAAa,IAAA,GAAS,WAAA,EACxC,KAAK,eAAA,CAAkBA,CAAAA,CACvBzB,EAAI,IAAA,CAAK,oDAAoD,IAG7D,IAAA,CAAK,eAAA,CAAkByB,CAAAA,CACvBzB,CAAAA,CAAI,KAAK,6DAA6D,CAAA,EAExE,CApBQ,UAAA,CAAgC,IAAA,CAChC,gBAAoC,IAAA,CAyB5C,MAAa,oBAAA,CACZ0B,CAAAA,CACmB,CACnB,IAAMF,CAAAA,CAAKE,EAAQ,EAAA,CACbC,CAAAA,CAASD,EAAQ,MAAA,CACjBE,CAAAA,CAASF,CAAAA,CAAQ,MAAA,CAEvB,OAAIA,CAAAA,CAAQ,OAAA,GAAY,MAChB,IAAA,CAAK,aAAA,CAAcF,EAAI,MAAA,CAAQ,iBAAiB,CAAA,CAIpD,IAAA,CAAK,WACD,IAAA,CAAK,eAAA,CAAgBA,EAAIG,CAAAA,CAAQC,CAAM,EAI3C,IAAA,CAAK,eAAA,EAAmB,IAAA,CAAK,UAAA,CACzB,KAAK,eAAA,CAAgBJ,CAAAA,CAAIG,EAAQC,CAAM,CAAA,CAGxC,KAAK,aAAA,CAAcJ,CAAAA,CAAI,MAAA,CAAQ,8BAA8B,CACrE,CAEA,MAAc,gBACbA,CAAAA,CACAG,CAAAA,CACAC,EACmB,CACnB,GAAI,CAAC,IAAA,CAAK,WAAY,OAAO,IAAA,CAE7B,GAAID,CAAAA,GAAW,YAAA,CACd,OAAO,IAAA,CAAK,eAAA,CAAgBH,CAAAA,CAAI,CAC/B,gBAAiB,YAAA,CACjB,YAAA,CAAc,CACb,OAAA,CAAS,GACT,SAAA,CAAW,EAAC,CACZ,KAAA,CAAO,EACR,CAAA,CACA,WAAY,IAAA,CAAK,UAAA,CAAW,eAC7B,CAAC,CAAA,CAGF,GAAIG,IAAW,2BAAA,CACf,CAAA,GAAIA,IAAW,MAAA,CAAQ,OAAO,KAAK,eAAA,CAAgBH,CAAAA,CAAI,EAAE,EAEzD,GAAIG,CAAAA,GAAW,aAAc,CAC5B,IAAME,EAAQ,IAAA,CAAK,UAAA,CAAW,SAAA,EAAU,CACxC,OAAO,IAAA,CAAK,eAAA,CAAgBL,EAAI,CAAE,KAAA,CAAAK,CAAM,CAAC,CAC1C,CAEA,GAAIF,IAAW,gBAAA,CAAkB,CAChC,IAAMG,CAAAA,CAAY,IAAA,CAAK,WAAW,aAAA,EAAc,CAChD,OAAO,IAAA,CAAK,gBAAgBN,CAAAA,CAAI,CAAE,UAAAM,CAAU,CAAC,CAC9C,CAEA,GAAIH,CAAAA,GAAW,cAAA,CAAgB,CAC9B,IAAMI,CAAAA,CAAU,KAAK,UAAA,CAAW,WAAA,GAChC,OAAO,IAAA,CAAK,eAAA,CAAgBP,CAAAA,CAAI,CAAE,OAAA,CAAAO,CAAQ,CAAC,CAC5C,CAEA,GAAIJ,CAAAA,GAAW,aAAA,CAAe,CAC7B,GAAI,CAACC,CAAAA,EAAQ,IAAA,CACZ,OAAO,IAAA,CAAK,aAAA,CAAcJ,EAAI,MAAA,CAAQ,qBAAqB,CAAA,CAE5D,GAAI,CACH,IAAMrB,CAAAA,CAAS,MAAM,IAAA,CAAK,UAAA,CAAW,UAAU,CAC9C,IAAA,CAAMyB,CAAAA,CAAO,IAAA,CACb,UAAWA,CAAAA,CAAO,SACnB,CAAC,CAAA,CACD,OAAO,KAAK,eAAA,CAAgBJ,CAAAA,CAAIrB,CAAM,CACvC,OAASC,CAAAA,CAAc,CACtB,OAAO,IAAA,CAAK,aAAA,CAAcoB,EAAI,KAAA,CAASpB,CAAAA,CAAc,OAAO,CAC7D,CACD,CAEA,GAAIuB,IAAW,gBAAA,CAAkB,CAChC,GAAI,CAACC,CAAAA,EAAQ,GAAA,CACZ,OAAO,KAAK,aAAA,CAAcJ,CAAAA,CAAI,OAAQ,sBAAsB,CAAA,CAE7D,GAAI,CACH,IAAMrB,CAAAA,CAAS,MAAM,KAAK,UAAA,CAAW,YAAA,CAAayB,EAAO,GAAa,CAAA,CACtE,OAAO,IAAA,CAAK,eAAA,CAAgBJ,CAAAA,CAAIrB,CAAM,CACvC,CAAA,MAASC,CAAAA,CAAc,CACtB,OAAO,IAAA,CAAK,cAAcoB,CAAAA,CAAI,KAAA,CAASpB,CAAAA,CAAc,OAAO,CAC7D,CACD,CAEA,GAAIuB,CAAAA,GAAW,YAAA,CAAc,CAC5B,GAAI,CAACC,CAAAA,EAAQ,IAAA,CACZ,OAAO,IAAA,CAAK,aAAA,CAAcJ,EAAI,MAAA,CAAQ,mBAAmB,EAE1D,IAAMQ,CAAAA,CAA2B,CAChC,IAAA,CAAMJ,EAAO,IAAA,CACb,SAAA,CAAYA,EAAO,SAAA,EAAyC,EAC7D,CAAA,CAEA,GAAI,CACH,IAAMzB,EAAyB,MAAM,IAAA,CAAK,WAAW,QAAA,CAAS6B,CAAO,EAOrE,OAAA,CAJmB7B,CAAAA,CAAO,OAAA,CACvB,CAAA,CAAA,CACA,MAAM,IAAA,CAAK,eAAA,CAAgB6B,EAAS7B,CAAM,CAAA,EActC,KAAK,eAAA,CAAgBqB,CAAAA,CAAIrB,CAAM,CAAA,CAX9B,KAAK,eAAA,CAAgBqB,CAAAA,CAAI,CAC/B,OAAA,CAAS,CACR,CACC,IAAA,CAAM,MAAA,CACN,IAAA,CAAM,sHACP,CACD,CAAA,CACA,OAAA,CAAS,EACV,CAAC,CAIH,OAASpB,CAAAA,CAAc,CACtB,OAAO,IAAA,CAAK,cAAcoB,CAAAA,CAAI,KAAA,CAASpB,EAAc,OAAO,CAC7D,CACD,CAEA,OAAO,IAAA,CAAK,aAAA,CAAcoB,EAAI,MAAA,CAAQ,kBAAkB,EACzD,CAEQ,eAAA,CACPA,EACArB,CAAAA,CACC,CACD,OAAO,CAAE,QAAS,KAAA,CAAO,EAAA,CAAAqB,EAAI,MAAA,CAAArB,CAAO,CACrC,CAEQ,aAAA,CAAcqB,CAAAA,CAAqBS,CAAAA,CAAchC,EAAiB,CACzE,OAAO,CAAE,OAAA,CAAS,KAAA,CAAO,GAAAuB,CAAAA,CAAI,KAAA,CAAO,CAAE,IAAA,CAAAS,EAAM,OAAA,CAAAhC,CAAQ,CAAE,CACvD,CAEA,MAAc,eAAA,CACb+B,CAAAA,CACA7B,CAAAA,CACmB,CACnB,GACC,CAAC6B,CAAAA,CAAQ,WAAW,OAAA,EACpB,OAAOA,EAAQ,SAAA,CAAU,OAAA,EAAY,QAAA,CAErC,OAAO,MAGR,GAAI,CACH,IAAMN,CAAAA,CAAUM,CAAAA,CAAQ,UAAU,OAAA,CAC5BE,CAAAA,CAAc/B,CAAAA,CAAO,OAAA,CAAQ,CAAC,CAAA,EAAG,IAAA,CAEvC,GAAI+B,CAAAA,EAAe,OAAOA,GAAgB,QAAA,CACzC,GAAI,CACH,IAAMC,EAAO,IAAA,CAAK,KAAA,CAAMD,CAAW,CAAA,CAEnC,GAAIC,EAAK,QAAA,EAAYA,CAAAA,CAAK,UAAA,CAAY,CAErC,GAAM,CAAE,YAAA,CAAAC,CAAa,CAAA,CAAI,aAAa,wBAAuB,CAAA,CAU7D,GAAI,CANgB,MAHH,IAAIA,CAAAA,GAGc,eAAA,CAClC,MAAA,CAAO,KAAKV,CAAAA,CAAS,OAAO,CAAA,CAC5BS,CAAAA,CAAK,SACL,MAAA,CAAO,IAAA,CAAKA,EAAK,UAAA,EAAc,EAAA,CAAI,QAAQ,CAC5C,CAAA,CAGC,OAAO,CAAA,CAAA,CAGRA,EAAK,YAAA,CACJ,yEAAA,CACDhC,EAAO,OAAA,CAAQ,CAAC,EAAE,IAAA,CAAO,IAAA,CAAK,SAAA,CAAUgC,CAAI,EAC7C,CACD,CAAA,KAAQ,CAER,CAED,OAAO,EACR,CAAA,MAASpB,CAAAA,CAAG,CACX,OAAAf,EAAI,IAAA,CAAK,oCAAA,CAAsCe,CAAC,CAAA,CACzC,KACR,CACD,CAKA,MAAa,OAAA,EAAyB,CAErC,GAAI,IAAA,CAAK,eAAA,CAAiB,CACzB,GAAM,CAAE,WAAAsB,CAAW,CAAA,CAAI,MAAM,OAAO,aAAoB,CAAA,CASxD,GARA,KAAK,UAAA,CAAa,IAAIA,EACrB,IAAA,CAAK,OAAA,CAAQ,UAAA,EAAc,CAC1B,KAAM,aAAA,CACN,OAAA,CAAS,OACV,CAAA,CACA,CAAE,SAAU,IAAA,CAAK,OAAA,CAAQ,QAAS,CACnC,EAEI,IAAA,CAAK,OAAA,CAAQ,cAAe,CAC/B,MAAM,KAAK,UAAA,CAAW,OAAA,EAAQ,CAI9B,IAAMC,EAAS,IAAA,CAAK,eAAA,CAGpB,GAAIA,CAAAA,CAAO,gBAAA,CACV,OAAW,CAACC,CAAAA,CAAMC,CAAI,CAAA,GAAK,OAAO,OAAA,CAAQF,CAAAA,CAAO,gBAAgB,CAAA,CAAG,CAEnE,IAAMG,CAAAA,CAAID,CAAAA,CACV,IAAA,CAAK,UAAA,CAAW,KACfD,CAAAA,CACAE,CAAAA,CAAE,aAAe,EAAA,CACjBA,CAAAA,CAAE,aAAe,EAAC,CAElB,MAAOC,CAAAA,EACC,MAAMD,CAAAA,CAAE,OAAA,CAAQC,CAAI,CAE7B,EACD,CAID,GAAIJ,CAAAA,CAAO,oBAAA,CACV,IAAA,GAAW,CAACK,CAAAA,CAAKC,CAAQ,IAAK,MAAA,CAAO,OAAA,CACpCN,EAAO,oBACR,CAAA,CAAG,CAEF,IAAMO,EAAID,CAAAA,CACV,IAAA,CAAK,WAAW,QAAA,CACfC,CAAAA,CAAE,KACFF,CAAAA,CACAE,CAAAA,CAAE,QAAA,EAAU,WAAA,EAAe,GAC3BA,CAAAA,CAAE,QAAA,EAAU,UAAY,0BAAA,CACxB,SAAA,CACa,MAAMA,CAAAA,CAAE,YAAA,CAAa,IAAI,GAAA,CAAIF,CAAG,CAAC,CAAA,EAClC,SAAS,CAAC,CAAA,CAAE,IAEzB,EACD,CAEF,CACA,MACD,CAIA,IAAMG,CAAAA,CAAAA,CADW,MAAM,OAAO,UAAe,GACzB,eAAA,CAAgB,CACnC,KAAA,CAAO,OAAA,CAAQ,MACf,MAAA,CAAQ,OAAA,CAAQ,OAChB,QAAA,CAAU,KACX,CAAC,CAAA,CAEKC,CAAAA,CAAW,SAAY,CAC5B/C,EAAI,IAAA,CAAK,wCAAwC,EAC7C,IAAA,CAAK,UAAA,EAAY,MAAM,IAAA,CAAK,UAAA,CAAW,KAAA,EAAM,CACjD,QAAQ,IAAA,CAAK,CAAC,EACf,CAAA,CAEA8C,CAAAA,CAAG,GAAG,OAAA,CAASC,CAAQ,CAAA,CACvB,OAAA,CAAQ,GAAG,QAAA,CAAUA,CAAQ,EAC7B,OAAA,CAAQ,EAAA,CAAG,UAAWA,CAAQ,CAAA,CAE9BD,CAAAA,CAAG,EAAA,CAAG,OAAQ,MAAOE,CAAAA,EAAS,CAC7B,GAAKA,CAAAA,CAAK,MAAK,CACf,GAAI,CACH,IAAMtB,EAAU,IAAA,CAAK,KAAA,CAAMsB,CAAI,CAAA,CACzB/B,CAAAA,CAAW,MAAM,IAAA,CAAK,oBAAA,CAAqBS,CAAO,CAAA,CACpDT,CAAAA,EACH,QAAQ,MAAA,CAAO,KAAA,CAAM,GAAG,IAAA,CAAK,SAAA,CAAUA,CAAQ,CAAC;AAAA,CAAI,EAEtD,OAASF,CAAAA,CAAY,CACpBf,EAAI,KAAA,CAAM,CAAA,qBAAA,EAAyBe,EAAY,OAAO,CAAA,CAAE,EACzD,CACD,CAAC,EACF,CAEO,SAAA,EAA+B,CACrC,OAAO,IAAA,CAAK,UACb,CACD","file":"chunk-W2QGWRTT.js","sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport { serve } from \"@hono/node-server\";\nimport type { WebStandardStreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\";\nimport type { JSONRPCMessage } from \"@modelcontextprotocol/sdk/types.js\";\nimport { Hono } from \"hono\";\nimport { cors } from \"hono/cors\";\nimport type { LiopServer } from \"../server/index.js\";\nimport { log } from \"../utils/logger.js\";\nimport { LiopMcpBridge } from \"./index.js\";\n\n/**\n * Configuration options for LiopStreamBridge.\n */\nexport interface LiopStreamBridgeOptions {\n\t/** Port to listen on (default: 3000) */\n\tport?: number;\n\t/** Max concurrent sessions per IP (default: 5) */\n\tmaxSessionsPerIp?: number;\n\t/** Session idle timeout in milliseconds (default: 30 min) */\n\tsessionTimeoutMs?: number;\n}\n\n/** Internal metadata for tracked sessions */\ninterface SessionEntry {\n\ttransport: WebStandardStreamableHTTPServerTransport;\n\tlastActivity: number;\n\tclientIp: string;\n}\n\nconst DEFAULT_MAX_SESSIONS_PER_IP = 10;\nconst DEFAULT_SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes\nconst EVICTION_INTERVAL_MS = 60 * 1000; // Check every minute\n\n/**\n * LiopStreamBridge\n *\n * Exposes a LiopServer over a remote HTTP network using the industry-standard\n * MCP Streamable HTTP Transport + Hono JS.\n *\n * Supports concurrent multi-client connections via per-session transport instances (Map pattern).\n * External agents connect using only a URL + Bearer Token (Zero-Trust).\n *\n * Security hardening:\n * - Zero-Trust Bearer Token enforcement\n * - Per-IP rate limiting on session creation\n * - Automatic eviction of idle sessions (TTL)\n */\nexport class LiopStreamBridge {\n\tprivate app: Hono;\n\tprivate httpServer: ReturnType<typeof serve> | null = null;\n\tprivate bridgeLogic: LiopMcpBridge;\n\tprivate activeSessions: Map<string, SessionEntry>;\n\tprivate evictionTimer: ReturnType<typeof setInterval> | null = null;\n\tprivate maxSessionsPerIp: number;\n\tprivate sessionTimeoutMs: number;\n\n\tconstructor(\n\t\tinternalServer: LiopServer,\n\t\tprivate options: LiopStreamBridgeOptions = {},\n\t) {\n\t\tthis.app = new Hono();\n\t\tthis.bridgeLogic = new LiopMcpBridge(internalServer);\n\t\tthis.activeSessions = new Map();\n\t\tthis.maxSessionsPerIp =\n\t\t\toptions.maxSessionsPerIp ?? DEFAULT_MAX_SESSIONS_PER_IP;\n\t\tthis.sessionTimeoutMs =\n\t\t\toptions.sessionTimeoutMs ?? DEFAULT_SESSION_TIMEOUT_MS;\n\n\t\tthis.setupRoutes();\n\t}\n\n\t/**\n\t * Creates a new per-session transport instance and wires it to the LIOPMcpBridge logic.\n\t */\n\tprivate async createSessionTransport(\n\t\tclientIp: string,\n\t): Promise<WebStandardStreamableHTTPServerTransport> {\n\t\tconst { WebStandardStreamableHTTPServerTransport } = await import(\n\t\t\t\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\"\n\t\t);\n\t\tconst transport = new WebStandardStreamableHTTPServerTransport({\n\t\t\tsessionIdGenerator: () => randomUUID(),\n\t\t\tonsessioninitialized: (sessionId: string) => {\n\t\t\t\tthis.activeSessions.set(sessionId, {\n\t\t\t\t\ttransport,\n\t\t\t\t\tlastActivity: Date.now(),\n\t\t\t\t\tclientIp,\n\t\t\t\t});\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`,\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\t// Wire the transport's incoming messages to the LiopMcpBridge JSON-RPC router\n\t\ttransport.onmessage = async (message: JSONRPCMessage) => {\n\t\t\t// Touch activity timestamp on every message\n\t\t\tif (transport.sessionId) {\n\t\t\t\tconst entry = this.activeSessions.get(transport.sessionId);\n\t\t\t\tif (entry) entry.lastActivity = Date.now();\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst result = await this.bridgeLogic.handleJsonRpcRequest(\n\t\t\t\t\tmessage as unknown as Record<string, unknown>,\n\t\t\t\t);\n\t\t\t\t// Notifications return undefined — no response needed\n\t\t\t\tif (result !== undefined) {\n\t\t\t\t\tawait transport.send(result as JSONRPCMessage);\n\t\t\t\t}\n\t\t\t} catch (err: unknown) {\n\t\t\t\tlog.info(\"[LIOP-StreamBridge] JSON-RPC error:\", (err as Error).message);\n\t\t\t}\n\t\t};\n\n\t\ttransport.onclose = () => {\n\t\t\tif (transport.sessionId) {\n\t\t\t\tthis.activeSessions.delete(transport.sessionId);\n\t\t\t\tlog.info(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);\n\t\t\t}\n\t\t};\n\n\t\treturn transport;\n\t}\n\n\t/**\n\t * Returns the number of active sessions for a given IP.\n\t */\n\tprivate countSessionsByIp(ip: string): number {\n\t\tlet count = 0;\n\t\tfor (const entry of this.activeSessions.values()) {\n\t\t\tif (entry.clientIp === ip) count++;\n\t\t}\n\t\treturn count;\n\t}\n\n\t/**\n\t * Extracts client IP from the request (supports X-Forwarded-For for reverse proxies).\n\t */\n\tprivate getClientIp(c: {\n\t\treq: { header: (name: string) => string | undefined };\n\t}): string {\n\t\treturn (\n\t\t\tc.req.header(\"x-forwarded-for\")?.split(\",\")[0]?.trim() ||\n\t\t\tc.req.header(\"x-real-ip\") ||\n\t\t\t\"unknown\"\n\t\t);\n\t}\n\n\t/**\n\t * Evicts sessions that have been idle longer than the configured timeout.\n\t */\n\tprivate evictIdleSessions(): void {\n\t\tconst now = Date.now();\n\t\tfor (const [sessionId, entry] of this.activeSessions) {\n\t\t\tif (now - entry.lastActivity > this.sessionTimeoutMs) {\n\t\t\t\tlog.info(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);\n\t\t\t\tentry.transport.close().catch(() => {\n\t\t\t\t\t/* Swallow close errors */\n\t\t\t\t});\n\t\t\t\tthis.activeSessions.delete(sessionId);\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate setupRoutes() {\n\t\tthis.app.use(\"*\", cors());\n\n\t\t// Initialize strict zero-trust token if not provided\n\t\tif (!process.env.ZERO_TRUST_TOKEN) {\n\t\t\tprocess.env.ZERO_TRUST_TOKEN = randomUUID();\n\t\t\tlog.info(\"=\".repeat(60));\n\t\t\tlog.info(\"⚠️ STRICT ZERO-TRUST MODE ENABLED ⚠️\");\n\t\t\tlog.info(\"No ZERO_TRUST_TOKEN found in environment.\");\n\t\t\tlog.info(\"A secure ephemeral token has been generated for this session:\");\n\t\t\tlog.info(`Token: ${process.env.ZERO_TRUST_TOKEN}`);\n\t\t\tlog.info(\"=\".repeat(60));\n\t\t}\n\n\t\t// ZTA (Zero-Trust Architecture) Security Middleware\n\t\tthis.app.use(\"/mcp\", async (c, next) => {\n\t\t\tconst auth = c.req.header(\"Authorization\");\n\t\t\tif (!auth?.startsWith(\"Bearer \")) {\n\t\t\t\treturn c.json(\n\t\t\t\t\t{ error: \"Unauthorized: LIOP Zero-Trust Policy Enforced\" },\n\t\t\t\t\t401,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst token = auth.slice(7);\n\t\t\tconst expectedToken = process.env.ZERO_TRUST_TOKEN;\n\n\t\t\t// Check static token fallback first (retrocompatibility)\n\t\t\tif (expectedToken && token === expectedToken) {\n\t\t\t\tawait next();\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// Validate with JWT Validator if configured on the server\n\t\t\tconst jwtValidator = this.bridgeLogic.getServer()?.jwtValidator;\n\t\t\tif (jwtValidator) {\n\t\t\t\ttry {\n\t\t\t\t\tawait jwtValidator.validate(token);\n\t\t\t\t\tawait next();\n\t\t\t\t\treturn;\n\t\t\t\t} catch (e: unknown) {\n\t\t\t\t\tlog.info(\n\t\t\t\t\t\t`[LIOP-StreamBridge] JWT Validation failed: ${(e as Error).message}`,\n\t\t\t\t\t);\n\t\t\t\t\treturn c.json(\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\terror: `Unauthorized: JWT Validation failed - ${(e as Error).message}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t\t401,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tlog.info(\n\t\t\t\t\"[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.\",\n\t\t\t);\n\t\t\treturn c.json(\n\t\t\t\t{ error: \"Unauthorized: LIOP Zero-Trust Policy Enforced\" },\n\t\t\t\t401,\n\t\t\t);\n\t\t});\n\n\t\t// Multi-Session Streamable HTTP Handler\n\t\tthis.app.all(\"/mcp\", async (c) => {\n\t\t\tconst sessionId = c.req.header(\"mcp-session-id\");\n\n\t\t\t// Route to existing session if session ID is present\n\t\t\tif (sessionId) {\n\t\t\t\tconst existing = this.activeSessions.get(sessionId);\n\t\t\t\tif (!existing) {\n\t\t\t\t\treturn c.json({ error: \"Session not found\" }, 404);\n\t\t\t\t}\n\t\t\t\t// Touch activity on every routed request\n\t\t\t\texisting.lastActivity = Date.now();\n\n\t\t\t\tconst response = await existing.transport.handleRequest(c.req.raw);\n\n\t\t\t\t// If DELETE, the transport closes internally but onclose may not fire.\n\t\t\t\t// Explicitly clean up the session from the Map.\n\t\t\t\tif (c.req.method === \"DELETE\") {\n\t\t\t\t\tthis.activeSessions.delete(sessionId);\n\t\t\t\t\tlog.info(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);\n\t\t\t\t}\n\n\t\t\t\treturn response;\n\t\t\t}\n\n\t\t\t// No session ID → New client initializing.\n\t\t\t// Rate-limit: enforce max sessions per IP\n\t\t\tconst clientIp = this.getClientIp(c);\n\t\t\tconst currentSessions = this.countSessionsByIp(clientIp);\n\t\t\tif (currentSessions >= this.maxSessionsPerIp) {\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`,\n\t\t\t\t);\n\t\t\t\treturn c.json({ error: \"Too Many Sessions: Rate limit exceeded\" }, 429);\n\t\t\t}\n\n\t\t\tconst transport = await this.createSessionTransport(clientIp);\n\t\t\treturn await transport.handleRequest(c.req.raw);\n\t\t});\n\t}\n\n\t/**\n\t * Starts the LiopStreamBridge HTTP server and session eviction timer.\n\t */\n\tpublic async start(port?: number): Promise<void> {\n\t\tconst listenPort = port ?? this.options.port ?? 3000;\n\n\t\t// Start the idle session eviction timer\n\t\tthis.evictionTimer = setInterval(\n\t\t\t() => this.evictIdleSessions(),\n\t\t\tEVICTION_INTERVAL_MS,\n\t\t);\n\n\t\treturn new Promise((resolve) => {\n\t\t\tthis.httpServer = serve(\n\t\t\t\t{\n\t\t\t\t\tfetch: this.app.fetch,\n\t\t\t\t\tport: listenPort,\n\t\t\t\t},\n\t\t\t\t(info) => {\n\t\t\t\t\tlog.info(\n\t\t\t\t\t\t`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`,\n\t\t\t\t\t);\n\t\t\t\t\tresolve();\n\t\t\t\t},\n\t\t\t);\n\t\t});\n\t}\n\n\t/**\n\t * Graceful shutdown — closes all active sessions, stops timers, and releases port.\n\t */\n\tpublic async stop(): Promise<void> {\n\t\tif (this.evictionTimer) {\n\t\t\tclearInterval(this.evictionTimer);\n\t\t\tthis.evictionTimer = null;\n\t\t}\n\n\t\tfor (const [id, entry] of this.activeSessions) {\n\t\t\tawait entry.transport.close();\n\t\t\tthis.activeSessions.delete(id);\n\t\t}\n\n\t\tif (this.httpServer) {\n\t\t\tthis.httpServer.close();\n\t\t\tlog.info(\"[LIOP-StreamBridge] HTTP ports released.\");\n\t\t}\n\t}\n}\n","import type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport type { LiopServer, LiopServerOptions } from \"../server/index.js\";\nimport type { CallToolRequest, CallToolResult } from \"../types.js\";\nimport { log } from \"../utils/logger.js\";\n\nexport interface LiopBridgeOptions {\n\tpublishToMesh?: boolean;\n\tmeshIdentity?: string;\n\tserverInfo?: {\n\t\tname: string;\n\t\tversion: string;\n\t};\n\tsecurity?: LiopServerOptions[\"security\"];\n}\n\n/**\n * LIOP MCP Bridge\n * A bi-directional bridge that allows legacy MCP servers to join the LIOP mesh,\n * or exposes a LIOP server as an MCP-compatible stdio process for tools like Claude Desktop.\n */\nexport class LiopMcpBridge {\n\tprivate liopServer: LiopServer | null = null;\n\tprivate legacyMcpServer: McpServer | null = null;\n\tconstructor(\n\t\t// biome-ignore lint/suspicious/noExplicitAny: polymorphic source detection\n\t\tsource: LiopServer | McpServer | any,\n\t\tprivate options: LiopBridgeOptions = {},\n\t) {\n\t\t// Determine mode: Exposing LIOP to MCP (Claude) or Wrapping MCP to LIOP (Mesh)\n\t\t// We use constructor name check to avoid hard dependency on optional SDK at runtime start\n\t\tif (source?.constructor?.name === \"LiopServer\") {\n\t\t\tthis.liopServer = source as LiopServer;\n\t\t\tlog.info(\"[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)\");\n\t\t} else if (source?.constructor?.name === \"McpServer\") {\n\t\t\tthis.legacyMcpServer = source as McpServer;\n\t\t\tlog.info(\"[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)\");\n\t\t} else {\n\t\t\t// Fallback for inferred legacy MCP servers\n\t\t\tthis.legacyMcpServer = source as McpServer;\n\t\t\tlog.info(\"[LIOP-Bridge] Mode: WRAP (Inferred Legacy MCP -> LIOP Mesh)\");\n\t\t}\n\t}\n\n\t/**\n\t * Handles an incoming standard MCP JSON-RPC 2.0 payload.\n\t * Pipes it to the underlying server (LIOP or Legacy MCP).\n\t */\n\tpublic async handleJsonRpcRequest(\n\t\tpayload: Record<string, unknown>,\n\t): Promise<unknown> {\n\t\tconst id = payload.id as string | number;\n\t\tconst method = payload.method as string;\n\t\tconst params = payload.params as Record<string, unknown> | undefined;\n\n\t\tif (payload.jsonrpc !== \"2.0\") {\n\t\t\treturn this.errorResponse(id, -32600, \"Invalid Request\");\n\t\t}\n\n\t\t// Mode: EXPOSE (Standard behavior used by Claude Desktop)\n\t\tif (this.liopServer) {\n\t\t\treturn this.handleLiopToMcp(id, method, params);\n\t\t}\n\n\t\t// Mode: WRAP (Redirecting via internal LiopServer after connect())\n\t\tif (this.legacyMcpServer && this.liopServer) {\n\t\t\treturn this.handleLiopToMcp(id, method, params);\n\t\t}\n\n\t\treturn this.errorResponse(id, -32601, \"Bridge source not configured\");\n\t}\n\n\tprivate async handleLiopToMcp(\n\t\tid: string | number,\n\t\tmethod: string,\n\t\tparams: Record<string, unknown> | undefined,\n\t): Promise<unknown> {\n\t\tif (!this.liopServer) return null;\n\n\t\tif (method === \"initialize\") {\n\t\t\treturn this.successResponse(id, {\n\t\t\t\tprotocolVersion: \"2025-11-25\",\n\t\t\t\tcapabilities: {\n\t\t\t\t\tprompts: {},\n\t\t\t\t\tresources: {},\n\t\t\t\t\ttools: {},\n\t\t\t\t},\n\t\t\t\tserverInfo: this.liopServer.getServerInfo(),\n\t\t\t});\n\t\t}\n\n\t\tif (method === \"notifications/initialized\") return undefined;\n\t\tif (method === \"ping\") return this.successResponse(id, {});\n\n\t\tif (method === \"tools/list\") {\n\t\t\tconst tools = this.liopServer.listTools();\n\t\t\treturn this.successResponse(id, { tools });\n\t\t}\n\n\t\tif (method === \"resources/list\") {\n\t\t\tconst resources = this.liopServer.listResources();\n\t\t\treturn this.successResponse(id, { resources });\n\t\t}\n\n\t\tif (method === \"prompts/list\") {\n\t\t\tconst prompts = this.liopServer.listPrompts();\n\t\t\treturn this.successResponse(id, { prompts });\n\t\t}\n\n\t\tif (method === \"prompts/get\") {\n\t\t\tif (!params?.name) {\n\t\t\t\treturn this.errorResponse(id, -32602, \"Missing prompt name\");\n\t\t\t}\n\t\t\ttry {\n\t\t\t\tconst result = await this.liopServer.getPrompt({\n\t\t\t\t\tname: params.name as string,\n\t\t\t\t\targuments: params.arguments as Record<string, string> | undefined,\n\t\t\t\t});\n\t\t\t\treturn this.successResponse(id, result);\n\t\t\t} catch (err: unknown) {\n\t\t\t\treturn this.errorResponse(id, -32000, (err as Error).message);\n\t\t\t}\n\t\t}\n\n\t\tif (method === \"resources/read\") {\n\t\t\tif (!params?.uri) {\n\t\t\t\treturn this.errorResponse(id, -32602, \"Missing resource URI\");\n\t\t\t}\n\t\t\ttry {\n\t\t\t\tconst result = await this.liopServer.readResource(params.uri as string);\n\t\t\t\treturn this.successResponse(id, result);\n\t\t\t} catch (err: unknown) {\n\t\t\t\treturn this.errorResponse(id, -32000, (err as Error).message);\n\t\t\t}\n\t\t}\n\n\t\tif (method === \"tools/call\") {\n\t\t\tif (!params?.name) {\n\t\t\t\treturn this.errorResponse(id, -32602, \"Missing tool name\");\n\t\t\t}\n\t\t\tconst request: CallToolRequest = {\n\t\t\t\tname: params.name as string,\n\t\t\t\targuments: (params.arguments as Record<string, unknown>) || {},\n\t\t\t};\n\n\t\t\ttry {\n\t\t\t\tconst result: CallToolResult = await this.liopServer.callTool(request);\n\t\t\t\t// If the tool execution returned an error (e.g. policy violation), we bypass\n\t\t\t\t// ZK-Receipt verification because no cryptographic proof is generated for errors.\n\t\t\t\tconst isVerified = result.isError\n\t\t\t\t\t? true\n\t\t\t\t\t: await this.verifyZkReceipt(request, result);\n\n\t\t\t\tif (!isVerified) {\n\t\t\t\t\treturn this.successResponse(id, {\n\t\t\t\t\t\tcontent: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\ttype: \"text\",\n\t\t\t\t\t\t\t\ttext: \"ALERT [LIOP ZERO-TRUST SHIELD] ZK Verification Failed. The mathematical ImageID does not match the original payload.\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t\tisError: true,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\treturn this.successResponse(id, result);\n\t\t\t} catch (err: unknown) {\n\t\t\t\treturn this.errorResponse(id, -32000, (err as Error).message);\n\t\t\t}\n\t\t}\n\n\t\treturn this.errorResponse(id, -32601, \"Method not found\");\n\t}\n\n\tprivate successResponse(\n\t\tid: string | number | null | undefined,\n\t\tresult: unknown,\n\t) {\n\t\treturn { jsonrpc: \"2.0\", id, result };\n\t}\n\n\tprivate errorResponse(id: string | number, code: number, message: string) {\n\t\treturn { jsonrpc: \"2.0\", id, error: { code, message } };\n\t}\n\n\tprivate async verifyZkReceipt(\n\t\trequest: CallToolRequest,\n\t\tresult: CallToolResult,\n\t): Promise<boolean> {\n\t\tif (\n\t\t\t!request.arguments?.payload ||\n\t\t\ttypeof request.arguments.payload !== \"string\"\n\t\t) {\n\t\t\treturn true;\n\t\t}\n\n\t\ttry {\n\t\t\tconst payload = request.arguments.payload as string;\n\t\t\tconst contentText = result.content[0]?.text;\n\n\t\t\tif (contentText && typeof contentText === \"string\") {\n\t\t\t\ttry {\n\t\t\t\t\tconst data = JSON.parse(contentText);\n\n\t\t\t\t\tif (data.image_id || data.zk_receipt) {\n\t\t\t\t\t\t// 1. Instantiate the Industrial Verifier ( backed by Piscina Worker Pool )\n\t\t\t\t\t\tconst { LiopVerifier } = await import(\"../crypto/verifier.js\");\n\t\t\t\t\t\tconst verifier = new LiopVerifier();\n\n\t\t\t\t\t\t// 2. Delegate the heavy mathematical check (ZK Journal + Seal)\n\t\t\t\t\t\tconst isAuthentic = await verifier.verifyZkReceipt(\n\t\t\t\t\t\t\tBuffer.from(payload, \"utf-8\"),\n\t\t\t\t\t\t\tdata.image_id,\n\t\t\t\t\t\t\tBuffer.from(data.zk_receipt || \"\", \"base64\"),\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tif (!isAuthentic) {\n\t\t\t\t\t\t\treturn false;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tdata.audit_status =\n\t\t\t\t\t\t\t\"VERIFIED: ZK-Receipt & ImageID Mathematically Verified by LiopMcpBridge\";\n\t\t\t\t\t\tresult.content[0].text = JSON.stringify(data);\n\t\t\t\t\t}\n\t\t\t\t} catch {\n\t\t\t\t\t// Output not JSON\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn true;\n\t\t} catch (e) {\n\t\t\tlog.info(\"[LIOP-Bridge] ZK-Verifier Failure:\", e);\n\t\t\treturn false;\n\t\t}\n\t}\n\n\t/**\n\t * Connects the bridge via stdio or Mesh depending on mode.\n\t */\n\tpublic async connect(): Promise<void> {\n\t\t// In WRAP mode, we actually need to create a LiopServer and join the mesh\n\t\tif (this.legacyMcpServer) {\n\t\t\tconst { LiopServer } = await import(\"../server/index.js\");\n\t\t\tthis.liopServer = new LiopServer(\n\t\t\t\tthis.options.serverInfo || {\n\t\t\t\t\tname: \"liop-bridge\",\n\t\t\t\t\tversion: \"1.0.0\",\n\t\t\t\t},\n\t\t\t\t{ security: this.options.security },\n\t\t\t);\n\n\t\t\tif (this.options.publishToMesh) {\n\t\t\t\tawait this.liopServer.connect();\n\n\t\t\t\t// Automatically Bridge Legacy Capabilities to LIOP Mesh\n\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Internal legacy MCP properties are completely opaque and unexported\n\t\t\t\tconst legacy = this.legacyMcpServer as any;\n\n\t\t\t\t// 1. Sync Tools\n\t\t\t\tif (legacy._registeredTools) {\n\t\t\t\t\tfor (const [name, tool] of Object.entries(legacy._registeredTools)) {\n\t\t\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Opaque legacy structure\n\t\t\t\t\t\tconst t = tool as any;\n\t\t\t\t\t\tthis.liopServer.tool(\n\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\tt.description || \"\",\n\t\t\t\t\t\t\tt.inputSchema || {},\n\t\t\t\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Opaque legacy callback args\n\t\t\t\t\t\t\tasync (args: any) => {\n\t\t\t\t\t\t\t\treturn await t.handler(args);\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// 2. Sync Resources\n\t\t\t\tif (legacy._registeredResources) {\n\t\t\t\t\tfor (const [uri, resource] of Object.entries(\n\t\t\t\t\t\tlegacy._registeredResources,\n\t\t\t\t\t)) {\n\t\t\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Opaque legacy structure\n\t\t\t\t\t\tconst r = resource as any;\n\t\t\t\t\t\tthis.liopServer.resource(\n\t\t\t\t\t\t\tr.name,\n\t\t\t\t\t\t\turi,\n\t\t\t\t\t\t\tr.metadata?.description || \"\",\n\t\t\t\t\t\t\tr.metadata?.mimeType || \"application/octet-stream\",\n\t\t\t\t\t\t\tasync () => {\n\t\t\t\t\t\t\t\tconst res = await r.readCallback(new URL(uri));\n\t\t\t\t\t\t\t\treturn res.contents[0].text;\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn;\n\t\t}\n\n\t\t// In EXPOSE mode, listen to stdio (Claude Desktop)\n\t\tconst readline = await import(\"node:readline\");\n\t\tconst rl = readline.createInterface({\n\t\t\tinput: process.stdin,\n\t\t\toutput: process.stdout,\n\t\t\tterminal: false,\n\t\t});\n\n\t\tconst shutdown = async () => {\n\t\t\tlog.info(\"[LIOP-Bridge] Disconnecting session...\");\n\t\t\tif (this.liopServer) await this.liopServer.close();\n\t\t\tprocess.exit(0);\n\t\t};\n\n\t\trl.on(\"close\", shutdown);\n\t\tprocess.on(\"SIGINT\", shutdown);\n\t\tprocess.on(\"SIGTERM\", shutdown);\n\n\t\trl.on(\"line\", async (line) => {\n\t\t\tif (!line.trim()) return;\n\t\t\ttry {\n\t\t\t\tconst payload = JSON.parse(line);\n\t\t\t\tconst response = await this.handleJsonRpcRequest(payload);\n\t\t\t\tif (response) {\n\t\t\t\t\tprocess.stdout.write(`${JSON.stringify(response)}\\n`);\n\t\t\t\t}\n\t\t\t} catch (e: unknown) {\n\t\t\t\tlog.error(`[LIOP-Bridge] Error: ${(e as Error).message}`);\n\t\t\t}\n\t\t});\n\t}\n\n\tpublic getServer(): LiopServer | null {\n\t\treturn this.liopServer;\n\t}\n}\n\nexport * from \"./stream.js\";\n"]}
+{"version":3,"sources":["../src/bridge/stream.ts","../src/bridge/index.ts"],"names":["DEFAULT_MAX_SESSIONS_PER_IP","DEFAULT_SESSION_TIMEOUT_MS","EVICTION_INTERVAL_MS","LiopStreamBridge","internalServer","options","Hono","LiopMcpBridge","clientIp","WebStandardStreamableHTTPServerTransport","transport","randomUUID","sessionId","log","message","entry","result","err","ip","count","c","now","cors","next","auth","token","expectedToken","jwtValidator","e","existing","response","currentSessions","port","listenPort","resolve","serve","info","id","source","payload","method","params","tools","resources","prompts","request","code","contentText","data","LiopVerifier","LiopServer","legacy","name","tool","t","args","uri","resource","r","rl","shutdown","line"],"mappings":"+JA6BA,IAAMA,CAAAA,CAA8B,GAC9BC,CAAAA,CAA6B,IAAA,CAAU,GAAA,CACvCC,CAAAA,CAAuB,GAAK,GAAA,CAgBrBC,CAAAA,CAAN,KAAuB,CAS7B,WAAA,CACCC,EACQC,CAAAA,CAAmC,EAAC,CAC3C,CADO,aAAAA,CAAAA,CAER,IAAA,CAAK,IAAM,IAAIC,IAAAA,CACf,KAAK,WAAA,CAAc,IAAIC,CAAAA,CAAcH,CAAc,EACnD,IAAA,CAAK,cAAA,CAAiB,IAAI,GAAA,CAC1B,IAAA,CAAK,iBACJC,CAAAA,CAAQ,gBAAA,EAAoBL,CAAAA,CAC7B,IAAA,CAAK,iBACJK,CAAAA,CAAQ,gBAAA,EAAoBJ,EAE7B,IAAA,CAAK,WAAA,GACN,CArBQ,GAAA,CACA,UAAA,CAA8C,IAAA,CAC9C,YACA,cAAA,CACA,aAAA,CAAuD,KACvD,gBAAA,CACA,gBAAA,CAoBR,MAAc,sBAAA,CACbO,CAAAA,CACoD,CACpD,GAAM,CAAE,wCAAA,CAAAC,CAAyC,EAAI,MAAM,OAC1D,+DACD,CAAA,CACMC,CAAAA,CAAY,IAAID,CAAAA,CAAyC,CAC9D,kBAAA,CAAoB,IAAME,YAAW,CACrC,oBAAA,CAAuBC,GAAsB,CAC5C,IAAA,CAAK,cAAA,CAAe,GAAA,CAAIA,EAAW,CAClC,SAAA,CAAAF,EACA,YAAA,CAAc,IAAA,CAAK,KAAI,CACvB,QAAA,CAAAF,CACD,CAAC,EACDK,CAAAA,CAAI,IAAA,CACH,uCAAuCD,CAAS,CAAA,MAAA,EAASJ,CAAQ,CAAA,CAAA,CAClE,EACD,CACD,CAAC,EAGD,OAAAE,CAAAA,CAAU,UAAY,MAAOI,CAAAA,EAA4B,CAExD,GAAIJ,CAAAA,CAAU,SAAA,CAAW,CACxB,IAAMK,CAAAA,CAAQ,IAAA,CAAK,eAAe,GAAA,CAAIL,CAAAA,CAAU,SAAS,CAAA,CACrDK,CAAAA,GAAOA,CAAAA,CAAM,YAAA,CAAe,KAAK,GAAA,EAAI,EAC1C,CAEA,GAAI,CACH,IAAMC,CAAAA,CAAS,MAAM,IAAA,CAAK,WAAA,CAAY,qBACrCF,CACD,CAAA,CAEIE,IAAW,KAAA,CAAA,EACd,MAAMN,EAAU,IAAA,CAAKM,CAAwB,EAE/C,CAAA,MAASC,EAAc,CACtBJ,CAAAA,CAAI,KAAK,qCAAA,CAAwCI,CAAAA,CAAc,OAAO,EACvE,CACD,CAAA,CAEAP,CAAAA,CAAU,QAAU,IAAM,CACrBA,EAAU,SAAA,GACb,IAAA,CAAK,eAAe,MAAA,CAAOA,CAAAA,CAAU,SAAS,CAAA,CAC9CG,EAAI,IAAA,CAAK,CAAA,oCAAA,EAAuCH,EAAU,SAAS,CAAA,CAAE,GAEvE,CAAA,CAEOA,CACR,CAKQ,iBAAA,CAAkBQ,EAAoB,CAC7C,IAAIC,EAAQ,CAAA,CACZ,IAAA,IAAWJ,KAAS,IAAA,CAAK,cAAA,CAAe,MAAA,EAAO,CAC1CA,EAAM,QAAA,GAAaG,CAAAA,EAAIC,IAE5B,OAAOA,CACR,CAKQ,WAAA,CAAYC,CAAAA,CAET,CACV,OACCA,EAAE,GAAA,CAAI,MAAA,CAAO,iBAAiB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,IAChDA,CAAAA,CAAE,GAAA,CAAI,OAAO,WAAW,CAAA,EACxB,SAEF,CAKQ,iBAAA,EAA0B,CACjC,IAAMC,EAAM,IAAA,CAAK,GAAA,GACjB,IAAA,GAAW,CAACT,EAAWG,CAAK,CAAA,GAAK,IAAA,CAAK,cAAA,CACjCM,EAAMN,CAAAA,CAAM,YAAA,CAAe,KAAK,gBAAA,GACnCF,CAAAA,CAAI,KAAK,CAAA,2CAAA,EAA8CD,CAAS,CAAA,CAAE,CAAA,CAClEG,EAAM,SAAA,CAAU,KAAA,GAAQ,KAAA,CAAM,IAAM,CAEpC,CAAC,CAAA,CACD,IAAA,CAAK,cAAA,CAAe,OAAOH,CAAS,CAAA,EAGvC,CAEQ,WAAA,EAAc,CACrB,KAAK,GAAA,CAAI,GAAA,CAAI,GAAA,CAAKU,IAAAA,EAAM,CAAA,CAGnB,OAAA,CAAQ,IAAI,gBAAA,GAChB,OAAA,CAAQ,IAAI,gBAAA,CAAmBX,UAAAA,EAAW,CAC1CE,CAAAA,CAAI,KAAK,GAAA,CAAI,MAAA,CAAO,EAAE,CAAC,CAAA,CACvBA,EAAI,IAAA,CAAK,0DAAsC,CAAA,CAC/CA,CAAAA,CAAI,KAAK,2CAA2C,CAAA,CACpDA,EAAI,IAAA,CAAK,+DAA+D,EACxEA,CAAAA,CAAI,IAAA,CAAK,CAAA,OAAA,EAAU,OAAA,CAAQ,IAAI,gBAAgB,CAAA,CAAE,EACjDA,CAAAA,CAAI,IAAA,CAAK,IAAI,MAAA,CAAO,EAAE,CAAC,CAAA,CAAA,CAIxB,KAAK,GAAA,CAAI,GAAA,CAAI,OAAQ,MAAOO,CAAAA,CAAGG,IAAS,CACvC,IAAMC,EAAOJ,CAAAA,CAAE,GAAA,CAAI,OAAO,eAAe,CAAA,CACzC,GAAI,CAACI,CAAAA,EAAM,WAAW,SAAS,CAAA,CAC9B,OAAOJ,CAAAA,CAAE,KACR,CAAE,KAAA,CAAO,+CAAgD,CAAA,CACzD,GACD,EAGD,IAAMK,CAAAA,CAAQD,CAAAA,CAAK,KAAA,CAAM,CAAC,CAAA,CACpBE,CAAAA,CAAgB,QAAQ,GAAA,CAAI,gBAAA,CAGlC,GAAIA,CAAAA,EAAiBD,CAAAA,GAAUC,CAAAA,CAAe,CAC7C,MAAMH,CAAAA,EAAK,CACX,MACD,CAGA,IAAMI,EAAe,IAAA,CAAK,WAAA,CAAY,SAAA,EAAU,EAAG,aACnD,GAAIA,CAAAA,CACH,GAAI,CACH,MAAMA,EAAa,QAAA,CAASF,CAAK,CAAA,CACjC,MAAMF,GAAK,CACX,MACD,OAASK,GAAAA,CAAY,CACpB,OAAAf,CAAAA,CAAI,IAAA,CACH,CAAA,2CAAA,EAA+Ce,GAAAA,CAAY,OAAO,CAAA,CACnE,CAAA,CACOR,EAAE,IAAA,CACR,CACC,MAAO,CAAA,sCAAA,EAA0CQ,GAAAA,CAAY,OAAO,CAAA,CACrE,EACA,GACD,CACD,CAGD,OAAAf,CAAAA,CAAI,KACH,sEACD,CAAA,CACOO,CAAAA,CAAE,IAAA,CACR,CAAE,KAAA,CAAO,+CAAgD,EACzD,GACD,CACD,CAAC,CAAA,CAGD,IAAA,CAAK,GAAA,CAAI,GAAA,CAAI,OAAQ,MAAOA,CAAAA,EAAM,CACjC,IAAMR,CAAAA,CAAYQ,EAAE,GAAA,CAAI,MAAA,CAAO,gBAAgB,CAAA,CAG/C,GAAIR,CAAAA,CAAW,CACd,IAAMiB,CAAAA,CAAW,IAAA,CAAK,eAAe,GAAA,CAAIjB,CAAS,CAAA,CAClD,GAAI,CAACiB,CAAAA,CACJ,OAAOT,EAAE,IAAA,CAAK,CAAE,MAAO,mBAAoB,CAAA,CAAG,GAAG,CAAA,CAGlDS,EAAS,YAAA,CAAe,IAAA,CAAK,KAAI,CAEjC,IAAMC,IAAW,MAAMD,CAAAA,CAAS,SAAA,CAAU,aAAA,CAAcT,EAAE,GAAA,CAAI,GAAG,EAIjE,OAAIA,CAAAA,CAAE,IAAI,MAAA,GAAW,QAAA,GACpB,IAAA,CAAK,cAAA,CAAe,OAAOR,CAAS,CAAA,CACpCC,EAAI,IAAA,CAAK,CAAA,6CAAA,EAAgDD,CAAS,CAAA,CAAE,CAAA,CAAA,CAG9DkB,GACR,CAIA,IAAMtB,CAAAA,CAAW,IAAA,CAAK,YAAYY,CAAC,CAAA,CAC7BW,EAAkB,IAAA,CAAK,iBAAA,CAAkBvB,CAAQ,CAAA,CACvD,OAAIuB,CAAAA,EAAmB,IAAA,CAAK,kBAC3BlB,CAAAA,CAAI,IAAA,CACH,8CAA8CL,CAAQ,CAAA,EAAA,EAAKuB,CAAe,CAAA,UAAA,CAC3E,EACOX,CAAAA,CAAE,IAAA,CAAK,CAAE,KAAA,CAAO,wCAAyC,EAAG,GAAG,CAAA,EAIhE,KAAA,CADW,MAAM,KAAK,sBAAA,CAAuBZ,CAAQ,GACrC,aAAA,CAAcY,CAAAA,CAAE,IAAI,GAAG,CAC/C,CAAC,EACF,CAKA,MAAa,KAAA,CAAMY,EAA8B,CAChD,IAAMC,EAAaD,CAAAA,EAAQ,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAQ,IAGhD,OAAA,IAAA,CAAK,aAAA,CAAgB,YACpB,IAAM,IAAA,CAAK,mBAAkB,CAC7B9B,CACD,CAAA,CAEO,IAAI,QAASgC,CAAAA,EAAY,CAC/B,KAAK,UAAA,CAAaC,KAAAA,CACjB,CACC,KAAA,CAAO,IAAA,CAAK,GAAA,CAAI,KAAA,CAChB,KAAMF,CACP,CAAA,CACCG,GAAS,CACTvB,CAAAA,CAAI,KACH,CAAA,gEAAA,EAAmEuB,CAAAA,CAAK,IAAI,CAAA,IAAA,CAC7E,EACAF,CAAAA,GACD,CACD,EACD,CAAC,CACF,CAKA,MAAa,IAAA,EAAsB,CAC9B,KAAK,aAAA,GACR,aAAA,CAAc,KAAK,aAAa,CAAA,CAChC,KAAK,aAAA,CAAgB,IAAA,CAAA,CAGtB,IAAA,GAAW,CAACG,EAAItB,CAAK,CAAA,GAAK,KAAK,cAAA,CAC9B,MAAMA,EAAM,SAAA,CAAU,KAAA,EAAM,CAC5B,IAAA,CAAK,eAAe,MAAA,CAAOsB,CAAE,EAG1B,IAAA,CAAK,UAAA,GACR,KAAK,UAAA,CAAW,KAAA,EAAM,CACtBxB,CAAAA,CAAI,KAAK,0CAA0C,CAAA,EAErD,CACD,ECvSO,IAAMN,EAAN,KAAoB,CAG1B,WAAA,CAEC+B,CAAAA,CACQjC,EAA6B,EAAC,CACrC,CADO,IAAA,CAAA,OAAA,CAAAA,CAAAA,CAIJiC,GAAQ,WAAA,EAAa,IAAA,GAAS,YAAA,EACjC,IAAA,CAAK,WAAaA,CAAAA,CAClBzB,CAAAA,CAAI,KAAK,gDAAgD,CAAA,EAC/CyB,GAAQ,WAAA,EAAa,IAAA,GAAS,WAAA,EACxC,IAAA,CAAK,gBAAkBA,CAAAA,CACvBzB,CAAAA,CAAI,KAAK,oDAAoD,CAAA,GAG7D,KAAK,eAAA,CAAkByB,CAAAA,CACvBzB,CAAAA,CAAI,IAAA,CAAK,6DAA6D,CAAA,EAExE,CApBQ,WAAgC,IAAA,CAChC,eAAA,CAAoC,KAyB5C,MAAa,oBAAA,CACZ0B,EACmB,CACnB,IAAMF,EAAKE,CAAAA,CAAQ,EAAA,CACbC,EAASD,CAAAA,CAAQ,MAAA,CACjBE,EAASF,CAAAA,CAAQ,MAAA,CAEvB,OAAIA,CAAAA,CAAQ,UAAY,KAAA,CAChB,IAAA,CAAK,cAAcF,CAAAA,CAAI,MAAA,CAAQ,iBAAiB,CAAA,CAIpD,IAAA,CAAK,UAAA,CACD,IAAA,CAAK,gBAAgBA,CAAAA,CAAIG,CAAAA,CAAQC,CAAM,CAAA,CAI3C,IAAA,CAAK,iBAAmB,IAAA,CAAK,UAAA,CACzB,IAAA,CAAK,eAAA,CAAgBJ,EAAIG,CAAAA,CAAQC,CAAM,EAGxC,IAAA,CAAK,aAAA,CAAcJ,EAAI,MAAA,CAAQ,8BAA8B,CACrE,CAEA,MAAc,eAAA,CACbA,CAAAA,CACAG,EACAC,CAAAA,CACmB,CACnB,GAAI,CAAC,IAAA,CAAK,UAAA,CAAY,OAAO,KAE7B,GAAID,CAAAA,GAAW,aACd,OAAO,IAAA,CAAK,gBAAgBH,CAAAA,CAAI,CAC/B,eAAA,CAAiB,YAAA,CACjB,aAAc,CACb,OAAA,CAAS,EAAC,CACV,SAAA,CAAW,EAAC,CACZ,KAAA,CAAO,EACR,EACA,UAAA,CAAY,IAAA,CAAK,WAAW,aAAA,EAC7B,CAAC,CAAA,CAGF,GAAIG,CAAAA,GAAW,2BAAA,CACf,IAAIA,CAAAA,GAAW,MAAA,CAAQ,OAAO,IAAA,CAAK,eAAA,CAAgBH,EAAI,EAAE,CAAA,CAEzD,GAAIG,IAAW,YAAA,CAAc,CAC5B,IAAME,CAAAA,CAAQ,IAAA,CAAK,WAAW,SAAA,EAAU,CACxC,OAAO,IAAA,CAAK,gBAAgBL,CAAAA,CAAI,CAAE,MAAAK,CAAM,CAAC,CAC1C,CAEA,GAAIF,CAAAA,GAAW,gBAAA,CAAkB,CAChC,IAAMG,CAAAA,CAAY,KAAK,UAAA,CAAW,aAAA,GAClC,OAAO,IAAA,CAAK,eAAA,CAAgBN,CAAAA,CAAI,CAAE,SAAA,CAAAM,CAAU,CAAC,CAC9C,CAEA,GAAIH,CAAAA,GAAW,cAAA,CAAgB,CAC9B,IAAMI,EAAU,IAAA,CAAK,UAAA,CAAW,aAAY,CAC5C,OAAO,KAAK,eAAA,CAAgBP,CAAAA,CAAI,CAAE,OAAA,CAAAO,CAAQ,CAAC,CAC5C,CAEA,GAAIJ,CAAAA,GAAW,cAAe,CAC7B,GAAI,CAACC,CAAAA,EAAQ,KACZ,OAAO,IAAA,CAAK,cAAcJ,CAAAA,CAAI,MAAA,CAAQ,qBAAqB,CAAA,CAE5D,GAAI,CACH,IAAMrB,EAAS,MAAM,IAAA,CAAK,WAAW,SAAA,CAAU,CAC9C,KAAMyB,CAAAA,CAAO,IAAA,CACb,SAAA,CAAWA,CAAAA,CAAO,SACnB,CAAC,CAAA,CACD,OAAO,IAAA,CAAK,eAAA,CAAgBJ,EAAIrB,CAAM,CACvC,CAAA,MAASC,CAAAA,CAAc,CACtB,OAAO,IAAA,CAAK,cAAcoB,CAAAA,CAAI,KAAA,CAASpB,EAAc,OAAO,CAC7D,CACD,CAEA,GAAIuB,CAAAA,GAAW,gBAAA,CAAkB,CAChC,GAAI,CAACC,GAAQ,GAAA,CACZ,OAAO,IAAA,CAAK,aAAA,CAAcJ,EAAI,MAAA,CAAQ,sBAAsB,EAE7D,GAAI,CACH,IAAMrB,CAAAA,CAAS,MAAM,IAAA,CAAK,UAAA,CAAW,aAAayB,CAAAA,CAAO,GAAa,EACtE,OAAO,IAAA,CAAK,gBAAgBJ,CAAAA,CAAIrB,CAAM,CACvC,CAAA,MAASC,EAAc,CACtB,OAAO,KAAK,aAAA,CAAcoB,CAAAA,CAAI,MAASpB,CAAAA,CAAc,OAAO,CAC7D,CACD,CAEA,GAAIuB,CAAAA,GAAW,aAAc,CAC5B,GAAI,CAACC,CAAAA,EAAQ,IAAA,CACZ,OAAO,IAAA,CAAK,cAAcJ,CAAAA,CAAI,MAAA,CAAQ,mBAAmB,CAAA,CAE1D,IAAMQ,EAA2B,CAChC,IAAA,CAAMJ,CAAAA,CAAO,IAAA,CACb,UAAYA,CAAAA,CAAO,SAAA,EAAyC,EAC7D,CAAA,CAEA,GAAI,CACH,IAAMzB,CAAAA,CAAyB,MAAM,KAAK,UAAA,CAAW,QAAA,CAAS6B,CAAO,CAAA,CAOrE,OAAA,CAJmB7B,EAAO,OAAA,CACvB,CAAA,CAAA,CACA,MAAM,IAAA,CAAK,gBAAgB6B,CAAAA,CAAS7B,CAAM,GActC,IAAA,CAAK,eAAA,CAAgBqB,EAAIrB,CAAM,CAAA,CAX9B,IAAA,CAAK,eAAA,CAAgBqB,EAAI,CAC/B,OAAA,CAAS,CACR,CACC,IAAA,CAAM,OACN,IAAA,CAAM,sHACP,CACD,CAAA,CACA,QAAS,CAAA,CACV,CAAC,CAIH,CAAA,MAASpB,CAAAA,CAAc,CACtB,OAAO,IAAA,CAAK,aAAA,CAAcoB,CAAAA,CAAI,MAASpB,CAAAA,CAAc,OAAO,CAC7D,CACD,CAEA,OAAO,IAAA,CAAK,aAAA,CAAcoB,CAAAA,CAAI,MAAA,CAAQ,kBAAkB,CAAA,CACzD,CAEQ,gBACPA,CAAAA,CACArB,CAAAA,CACC,CACD,OAAO,CAAE,QAAS,KAAA,CAAO,EAAA,CAAAqB,EAAI,MAAA,CAAArB,CAAO,CACrC,CAEQ,aAAA,CAAcqB,EAAqBS,CAAAA,CAAchC,CAAAA,CAAiB,CACzE,OAAO,CAAE,OAAA,CAAS,KAAA,CAAO,GAAAuB,CAAAA,CAAI,KAAA,CAAO,CAAE,IAAA,CAAAS,CAAAA,CAAM,OAAA,CAAAhC,CAAQ,CAAE,CACvD,CAEA,MAAc,eAAA,CACb+B,CAAAA,CACA7B,EACmB,CACnB,GACC,CAAC6B,CAAAA,CAAQ,WAAW,OAAA,EACpB,OAAOA,EAAQ,SAAA,CAAU,OAAA,EAAY,SAErC,OAAO,KAAA,CAGR,GAAI,CACH,IAAMN,CAAAA,CAAUM,CAAAA,CAAQ,UAAU,OAAA,CAC5BE,CAAAA,CAAc/B,EAAO,OAAA,CAAQ,CAAC,CAAA,EAAG,IAAA,CAEvC,GAAI+B,CAAAA,EAAe,OAAOA,GAAgB,QAAA,CACzC,GAAI,CACH,IAAMC,CAAAA,CAAO,IAAA,CAAK,KAAA,CAAMD,CAAW,CAAA,CAEnC,GAAIC,EAAK,QAAA,EAAYA,CAAAA,CAAK,WAAY,CAErC,GAAM,CAAE,YAAA,CAAAC,CAAa,CAAA,CAAI,aAAa,wBAAuB,CAAA,CAY7D,GAAI,CARgB,MAHH,IAAIA,CAAAA,GAGc,eAAA,CAClC,MAAA,CAAO,KAAKV,CAAAA,CAAS,OAAO,EAC5BS,CAAAA,CAAK,QAAA,CACL,MAAA,CAAO,IAAA,CAAKA,EAAK,UAAA,EAAc,EAAA,CAAI,QAAQ,CAAA,CAC3C,KAAA,CAAA,CACAA,EAAK,kBACN,CAAA,CAGC,OAAO,CAAA,CAAA,CAGRA,EAAK,YAAA,CACJ,yEAAA,CACDhC,EAAO,OAAA,CAAQ,CAAC,EAAE,IAAA,CAAO,IAAA,CAAK,SAAA,CAAUgC,CAAI,EAC7C,CACD,CAAA,KAAQ,CAER,CAED,OAAO,EACR,CAAA,MAASpB,CAAAA,CAAG,CACX,OAAAf,EAAI,IAAA,CAAK,oCAAA,CAAsCe,CAAC,CAAA,CACzC,KACR,CACD,CAKA,MAAa,OAAA,EAAyB,CAErC,GAAI,IAAA,CAAK,eAAA,CAAiB,CACzB,GAAM,CAAE,WAAAsB,CAAW,CAAA,CAAI,MAAM,OAAO,aAAoB,CAAA,CASxD,GARA,KAAK,UAAA,CAAa,IAAIA,EACrB,IAAA,CAAK,OAAA,CAAQ,UAAA,EAAc,CAC1B,KAAM,aAAA,CACN,OAAA,CAAS,OACV,CAAA,CACA,CAAE,SAAU,IAAA,CAAK,OAAA,CAAQ,QAAS,CACnC,EAEI,IAAA,CAAK,OAAA,CAAQ,cAAe,CAC/B,MAAM,KAAK,UAAA,CAAW,OAAA,EAAQ,CAI9B,IAAMC,EAAS,IAAA,CAAK,eAAA,CAGpB,GAAIA,CAAAA,CAAO,gBAAA,CACV,OAAW,CAACC,CAAAA,CAAMC,CAAI,CAAA,GAAK,OAAO,OAAA,CAAQF,CAAAA,CAAO,gBAAgB,CAAA,CAAG,CAEnE,IAAMG,CAAAA,CAAID,CAAAA,CACV,IAAA,CAAK,UAAA,CAAW,KACfD,CAAAA,CACAE,CAAAA,CAAE,aAAe,EAAA,CACjBA,CAAAA,CAAE,aAAe,EAAC,CAElB,MAAOC,CAAAA,EACC,MAAMD,CAAAA,CAAE,OAAA,CAAQC,CAAI,CAE7B,EACD,CAID,GAAIJ,CAAAA,CAAO,oBAAA,CACV,IAAA,GAAW,CAACK,CAAAA,CAAKC,CAAQ,IAAK,MAAA,CAAO,OAAA,CACpCN,EAAO,oBACR,CAAA,CAAG,CAEF,IAAMO,EAAID,CAAAA,CACV,IAAA,CAAK,WAAW,QAAA,CACfC,CAAAA,CAAE,KACFF,CAAAA,CACAE,CAAAA,CAAE,QAAA,EAAU,WAAA,EAAe,GAC3BA,CAAAA,CAAE,QAAA,EAAU,UAAY,0BAAA,CACxB,SAAA,CACa,MAAMA,CAAAA,CAAE,YAAA,CAAa,IAAI,GAAA,CAAIF,CAAG,CAAC,CAAA,EAClC,SAAS,CAAC,CAAA,CAAE,IAEzB,EACD,CAEF,CACA,MACD,CAIA,IAAMG,CAAAA,CAAAA,CADW,MAAM,OAAO,UAAe,GACzB,eAAA,CAAgB,CACnC,KAAA,CAAO,OAAA,CAAQ,MACf,MAAA,CAAQ,OAAA,CAAQ,OAChB,QAAA,CAAU,KACX,CAAC,CAAA,CAEKC,CAAAA,CAAW,SAAY,CAC5B/C,EAAI,IAAA,CAAK,wCAAwC,EAC7C,IAAA,CAAK,UAAA,EAAY,MAAM,IAAA,CAAK,UAAA,CAAW,KAAA,EAAM,CACjD,QAAQ,IAAA,CAAK,CAAC,EACf,CAAA,CAEA8C,CAAAA,CAAG,GAAG,OAAA,CAASC,CAAQ,CAAA,CACvB,OAAA,CAAQ,GAAG,QAAA,CAAUA,CAAQ,EAC7B,OAAA,CAAQ,EAAA,CAAG,UAAWA,CAAQ,CAAA,CAE9BD,CAAAA,CAAG,EAAA,CAAG,OAAQ,MAAOE,CAAAA,EAAS,CAC7B,GAAKA,CAAAA,CAAK,MAAK,CACf,GAAI,CACH,IAAMtB,EAAU,IAAA,CAAK,KAAA,CAAMsB,CAAI,CAAA,CACzB/B,CAAAA,CAAW,MAAM,IAAA,CAAK,oBAAA,CAAqBS,CAAO,CAAA,CACpDT,CAAAA,EACH,QAAQ,MAAA,CAAO,KAAA,CAAM,GAAG,IAAA,CAAK,SAAA,CAAUA,CAAQ,CAAC;AAAA,CAAI,EAEtD,OAASF,CAAAA,CAAY,CACpBf,EAAI,KAAA,CAAM,CAAA,qBAAA,EAAyBe,EAAY,OAAO,CAAA,CAAE,EACzD,CACD,CAAC,EACF,CAEO,SAAA,EAA+B,CACrC,OAAO,IAAA,CAAK,UACb,CACD","file":"chunk-I7OTWNFM.js","sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport { serve } from \"@hono/node-server\";\nimport type { WebStandardStreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\";\nimport type { JSONRPCMessage } from \"@modelcontextprotocol/sdk/types.js\";\nimport { Hono } from \"hono\";\nimport { cors } from \"hono/cors\";\nimport type { LiopServer } from \"../server/index.js\";\nimport { log } from \"../utils/logger.js\";\nimport { LiopMcpBridge } from \"./index.js\";\n\n/**\n * Configuration options for LiopStreamBridge.\n */\nexport interface LiopStreamBridgeOptions {\n\t/** Port to listen on (default: 3000) */\n\tport?: number;\n\t/** Max concurrent sessions per IP (default: 5) */\n\tmaxSessionsPerIp?: number;\n\t/** Session idle timeout in milliseconds (default: 30 min) */\n\tsessionTimeoutMs?: number;\n}\n\n/** Internal metadata for tracked sessions */\ninterface SessionEntry {\n\ttransport: WebStandardStreamableHTTPServerTransport;\n\tlastActivity: number;\n\tclientIp: string;\n}\n\nconst DEFAULT_MAX_SESSIONS_PER_IP = 10;\nconst DEFAULT_SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes\nconst EVICTION_INTERVAL_MS = 60 * 1000; // Check every minute\n\n/**\n * LiopStreamBridge\n *\n * Exposes a LiopServer over a remote HTTP network using the industry-standard\n * MCP Streamable HTTP Transport + Hono JS.\n *\n * Supports concurrent multi-client connections via per-session transport instances (Map pattern).\n * External agents connect using only a URL + Bearer Token (Zero-Trust).\n *\n * Security hardening:\n * - Zero-Trust Bearer Token enforcement\n * - Per-IP rate limiting on session creation\n * - Automatic eviction of idle sessions (TTL)\n */\nexport class LiopStreamBridge {\n\tprivate app: Hono;\n\tprivate httpServer: ReturnType<typeof serve> | null = null;\n\tprivate bridgeLogic: LiopMcpBridge;\n\tprivate activeSessions: Map<string, SessionEntry>;\n\tprivate evictionTimer: ReturnType<typeof setInterval> | null = null;\n\tprivate maxSessionsPerIp: number;\n\tprivate sessionTimeoutMs: number;\n\n\tconstructor(\n\t\tinternalServer: LiopServer,\n\t\tprivate options: LiopStreamBridgeOptions = {},\n\t) {\n\t\tthis.app = new Hono();\n\t\tthis.bridgeLogic = new LiopMcpBridge(internalServer);\n\t\tthis.activeSessions = new Map();\n\t\tthis.maxSessionsPerIp =\n\t\t\toptions.maxSessionsPerIp ?? DEFAULT_MAX_SESSIONS_PER_IP;\n\t\tthis.sessionTimeoutMs =\n\t\t\toptions.sessionTimeoutMs ?? DEFAULT_SESSION_TIMEOUT_MS;\n\n\t\tthis.setupRoutes();\n\t}\n\n\t/**\n\t * Creates a new per-session transport instance and wires it to the LIOPMcpBridge logic.\n\t */\n\tprivate async createSessionTransport(\n\t\tclientIp: string,\n\t): Promise<WebStandardStreamableHTTPServerTransport> {\n\t\tconst { WebStandardStreamableHTTPServerTransport } = await import(\n\t\t\t\"@modelcontextprotocol/sdk/server/webStandardStreamableHttp.js\"\n\t\t);\n\t\tconst transport = new WebStandardStreamableHTTPServerTransport({\n\t\t\tsessionIdGenerator: () => randomUUID(),\n\t\t\tonsessioninitialized: (sessionId: string) => {\n\t\t\t\tthis.activeSessions.set(sessionId, {\n\t\t\t\t\ttransport,\n\t\t\t\t\tlastActivity: Date.now(),\n\t\t\t\t\tclientIp,\n\t\t\t\t});\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LIOP-StreamBridge] Session opened: ${sessionId} (IP: ${clientIp})`,\n\t\t\t\t);\n\t\t\t},\n\t\t});\n\n\t\t// Wire the transport's incoming messages to the LiopMcpBridge JSON-RPC router\n\t\ttransport.onmessage = async (message: JSONRPCMessage) => {\n\t\t\t// Touch activity timestamp on every message\n\t\t\tif (transport.sessionId) {\n\t\t\t\tconst entry = this.activeSessions.get(transport.sessionId);\n\t\t\t\tif (entry) entry.lastActivity = Date.now();\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst result = await this.bridgeLogic.handleJsonRpcRequest(\n\t\t\t\t\tmessage as unknown as Record<string, unknown>,\n\t\t\t\t);\n\t\t\t\t// Notifications return undefined — no response needed\n\t\t\t\tif (result !== undefined) {\n\t\t\t\t\tawait transport.send(result as JSONRPCMessage);\n\t\t\t\t}\n\t\t\t} catch (err: unknown) {\n\t\t\t\tlog.info(\"[LIOP-StreamBridge] JSON-RPC error:\", (err as Error).message);\n\t\t\t}\n\t\t};\n\n\t\ttransport.onclose = () => {\n\t\t\tif (transport.sessionId) {\n\t\t\t\tthis.activeSessions.delete(transport.sessionId);\n\t\t\t\tlog.info(`[LIOP-StreamBridge] Session closed: ${transport.sessionId}`);\n\t\t\t}\n\t\t};\n\n\t\treturn transport;\n\t}\n\n\t/**\n\t * Returns the number of active sessions for a given IP.\n\t */\n\tprivate countSessionsByIp(ip: string): number {\n\t\tlet count = 0;\n\t\tfor (const entry of this.activeSessions.values()) {\n\t\t\tif (entry.clientIp === ip) count++;\n\t\t}\n\t\treturn count;\n\t}\n\n\t/**\n\t * Extracts client IP from the request (supports X-Forwarded-For for reverse proxies).\n\t */\n\tprivate getClientIp(c: {\n\t\treq: { header: (name: string) => string | undefined };\n\t}): string {\n\t\treturn (\n\t\t\tc.req.header(\"x-forwarded-for\")?.split(\",\")[0]?.trim() ||\n\t\t\tc.req.header(\"x-real-ip\") ||\n\t\t\t\"unknown\"\n\t\t);\n\t}\n\n\t/**\n\t * Evicts sessions that have been idle longer than the configured timeout.\n\t */\n\tprivate evictIdleSessions(): void {\n\t\tconst now = Date.now();\n\t\tfor (const [sessionId, entry] of this.activeSessions) {\n\t\t\tif (now - entry.lastActivity > this.sessionTimeoutMs) {\n\t\t\t\tlog.info(`[LIOP-StreamBridge] Evicting idle session: ${sessionId}`);\n\t\t\t\tentry.transport.close().catch(() => {\n\t\t\t\t\t/* Swallow close errors */\n\t\t\t\t});\n\t\t\t\tthis.activeSessions.delete(sessionId);\n\t\t\t}\n\t\t}\n\t}\n\n\tprivate setupRoutes() {\n\t\tthis.app.use(\"*\", cors());\n\n\t\t// Initialize strict zero-trust token if not provided\n\t\tif (!process.env.ZERO_TRUST_TOKEN) {\n\t\t\tprocess.env.ZERO_TRUST_TOKEN = randomUUID();\n\t\t\tlog.info(\"=\".repeat(60));\n\t\t\tlog.info(\"⚠️ STRICT ZERO-TRUST MODE ENABLED ⚠️\");\n\t\t\tlog.info(\"No ZERO_TRUST_TOKEN found in environment.\");\n\t\t\tlog.info(\"A secure ephemeral token has been generated for this session:\");\n\t\t\tlog.info(`Token: ${process.env.ZERO_TRUST_TOKEN}`);\n\t\t\tlog.info(\"=\".repeat(60));\n\t\t}\n\n\t\t// ZTA (Zero-Trust Architecture) Security Middleware\n\t\tthis.app.use(\"/mcp\", async (c, next) => {\n\t\t\tconst auth = c.req.header(\"Authorization\");\n\t\t\tif (!auth?.startsWith(\"Bearer \")) {\n\t\t\t\treturn c.json(\n\t\t\t\t\t{ error: \"Unauthorized: LIOP Zero-Trust Policy Enforced\" },\n\t\t\t\t\t401,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst token = auth.slice(7);\n\t\t\tconst expectedToken = process.env.ZERO_TRUST_TOKEN;\n\n\t\t\t// Check static token fallback first (retrocompatibility)\n\t\t\tif (expectedToken && token === expectedToken) {\n\t\t\t\tawait next();\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// Validate with JWT Validator if configured on the server\n\t\t\tconst jwtValidator = this.bridgeLogic.getServer()?.jwtValidator;\n\t\t\tif (jwtValidator) {\n\t\t\t\ttry {\n\t\t\t\t\tawait jwtValidator.validate(token);\n\t\t\t\t\tawait next();\n\t\t\t\t\treturn;\n\t\t\t\t} catch (e: unknown) {\n\t\t\t\t\tlog.info(\n\t\t\t\t\t\t`[LIOP-StreamBridge] JWT Validation failed: ${(e as Error).message}`,\n\t\t\t\t\t);\n\t\t\t\t\treturn c.json(\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\terror: `Unauthorized: JWT Validation failed - ${(e as Error).message}`,\n\t\t\t\t\t\t},\n\t\t\t\t\t\t401,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tlog.info(\n\t\t\t\t\"[LIOP-StreamBridge] ALERT: Access denied - Invalid Zero-Trust token.\",\n\t\t\t);\n\t\t\treturn c.json(\n\t\t\t\t{ error: \"Unauthorized: LIOP Zero-Trust Policy Enforced\" },\n\t\t\t\t401,\n\t\t\t);\n\t\t});\n\n\t\t// Multi-Session Streamable HTTP Handler\n\t\tthis.app.all(\"/mcp\", async (c) => {\n\t\t\tconst sessionId = c.req.header(\"mcp-session-id\");\n\n\t\t\t// Route to existing session if session ID is present\n\t\t\tif (sessionId) {\n\t\t\t\tconst existing = this.activeSessions.get(sessionId);\n\t\t\t\tif (!existing) {\n\t\t\t\t\treturn c.json({ error: \"Session not found\" }, 404);\n\t\t\t\t}\n\t\t\t\t// Touch activity on every routed request\n\t\t\t\texisting.lastActivity = Date.now();\n\n\t\t\t\tconst response = await existing.transport.handleRequest(c.req.raw);\n\n\t\t\t\t// If DELETE, the transport closes internally but onclose may not fire.\n\t\t\t\t// Explicitly clean up the session from the Map.\n\t\t\t\tif (c.req.method === \"DELETE\") {\n\t\t\t\t\tthis.activeSessions.delete(sessionId);\n\t\t\t\t\tlog.info(`[LIOP-StreamBridge] Session closed (DELETE): ${sessionId}`);\n\t\t\t\t}\n\n\t\t\t\treturn response;\n\t\t\t}\n\n\t\t\t// No session ID → New client initializing.\n\t\t\t// Rate-limit: enforce max sessions per IP\n\t\t\tconst clientIp = this.getClientIp(c);\n\t\t\tconst currentSessions = this.countSessionsByIp(clientIp);\n\t\t\tif (currentSessions >= this.maxSessionsPerIp) {\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LIOP-StreamBridge] Rate limit hit for IP: ${clientIp} (${currentSessions} sessions)`,\n\t\t\t\t);\n\t\t\t\treturn c.json({ error: \"Too Many Sessions: Rate limit exceeded\" }, 429);\n\t\t\t}\n\n\t\t\tconst transport = await this.createSessionTransport(clientIp);\n\t\t\treturn await transport.handleRequest(c.req.raw);\n\t\t});\n\t}\n\n\t/**\n\t * Starts the LiopStreamBridge HTTP server and session eviction timer.\n\t */\n\tpublic async start(port?: number): Promise<void> {\n\t\tconst listenPort = port ?? this.options.port ?? 3000;\n\n\t\t// Start the idle session eviction timer\n\t\tthis.evictionTimer = setInterval(\n\t\t\t() => this.evictIdleSessions(),\n\t\t\tEVICTION_INTERVAL_MS,\n\t\t);\n\n\t\treturn new Promise((resolve) => {\n\t\t\tthis.httpServer = serve(\n\t\t\t\t{\n\t\t\t\t\tfetch: this.app.fetch,\n\t\t\t\t\tport: listenPort,\n\t\t\t\t},\n\t\t\t\t(info) => {\n\t\t\t\t\tlog.info(\n\t\t\t\t\t\t`[LIOP-StreamBridge] Streamable HTTP Gateway on http://localhost:${info.port}/mcp`,\n\t\t\t\t\t);\n\t\t\t\t\tresolve();\n\t\t\t\t},\n\t\t\t);\n\t\t});\n\t}\n\n\t/**\n\t * Graceful shutdown — closes all active sessions, stops timers, and releases port.\n\t */\n\tpublic async stop(): Promise<void> {\n\t\tif (this.evictionTimer) {\n\t\t\tclearInterval(this.evictionTimer);\n\t\t\tthis.evictionTimer = null;\n\t\t}\n\n\t\tfor (const [id, entry] of this.activeSessions) {\n\t\t\tawait entry.transport.close();\n\t\t\tthis.activeSessions.delete(id);\n\t\t}\n\n\t\tif (this.httpServer) {\n\t\t\tthis.httpServer.close();\n\t\t\tlog.info(\"[LIOP-StreamBridge] HTTP ports released.\");\n\t\t}\n\t}\n}\n","import type { McpServer } from \"@modelcontextprotocol/sdk/server/mcp.js\";\nimport type { LiopServer, LiopServerOptions } from \"../server/index.js\";\nimport type { CallToolRequest, CallToolResult } from \"../types.js\";\nimport { log } from \"../utils/logger.js\";\n\nexport interface LiopBridgeOptions {\n\tpublishToMesh?: boolean;\n\tmeshIdentity?: string;\n\tserverInfo?: {\n\t\tname: string;\n\t\tversion: string;\n\t};\n\tsecurity?: LiopServerOptions[\"security\"];\n}\n\n/**\n * LIOP MCP Bridge\n * A bi-directional bridge that allows legacy MCP servers to join the LIOP mesh,\n * or exposes a LIOP server as an MCP-compatible stdio process for tools like Claude Desktop.\n */\nexport class LiopMcpBridge {\n\tprivate liopServer: LiopServer | null = null;\n\tprivate legacyMcpServer: McpServer | null = null;\n\tconstructor(\n\t\t// biome-ignore lint/suspicious/noExplicitAny: polymorphic source detection\n\t\tsource: LiopServer | McpServer | any,\n\t\tprivate options: LiopBridgeOptions = {},\n\t) {\n\t\t// Determine mode: Exposing LIOP to MCP (Claude) or Wrapping MCP to LIOP (Mesh)\n\t\t// We use constructor name check to avoid hard dependency on optional SDK at runtime start\n\t\tif (source?.constructor?.name === \"LiopServer\") {\n\t\t\tthis.liopServer = source as LiopServer;\n\t\t\tlog.info(\"[LIOP-Bridge] Mode: EXPOSE (LIOP -> MCP Stdio)\");\n\t\t} else if (source?.constructor?.name === \"McpServer\") {\n\t\t\tthis.legacyMcpServer = source as McpServer;\n\t\t\tlog.info(\"[LIOP-Bridge] Mode: WRAP (Legacy MCP -> LIOP Mesh)\");\n\t\t} else {\n\t\t\t// Fallback for inferred legacy MCP servers\n\t\t\tthis.legacyMcpServer = source as McpServer;\n\t\t\tlog.info(\"[LIOP-Bridge] Mode: WRAP (Inferred Legacy MCP -> LIOP Mesh)\");\n\t\t}\n\t}\n\n\t/**\n\t * Handles an incoming standard MCP JSON-RPC 2.0 payload.\n\t * Pipes it to the underlying server (LIOP or Legacy MCP).\n\t */\n\tpublic async handleJsonRpcRequest(\n\t\tpayload: Record<string, unknown>,\n\t): Promise<unknown> {\n\t\tconst id = payload.id as string | number;\n\t\tconst method = payload.method as string;\n\t\tconst params = payload.params as Record<string, unknown> | undefined;\n\n\t\tif (payload.jsonrpc !== \"2.0\") {\n\t\t\treturn this.errorResponse(id, -32600, \"Invalid Request\");\n\t\t}\n\n\t\t// Mode: EXPOSE (Standard behavior used by Claude Desktop)\n\t\tif (this.liopServer) {\n\t\t\treturn this.handleLiopToMcp(id, method, params);\n\t\t}\n\n\t\t// Mode: WRAP (Redirecting via internal LiopServer after connect())\n\t\tif (this.legacyMcpServer && this.liopServer) {\n\t\t\treturn this.handleLiopToMcp(id, method, params);\n\t\t}\n\n\t\treturn this.errorResponse(id, -32601, \"Bridge source not configured\");\n\t}\n\n\tprivate async handleLiopToMcp(\n\t\tid: string | number,\n\t\tmethod: string,\n\t\tparams: Record<string, unknown> | undefined,\n\t): Promise<unknown> {\n\t\tif (!this.liopServer) return null;\n\n\t\tif (method === \"initialize\") {\n\t\t\treturn this.successResponse(id, {\n\t\t\t\tprotocolVersion: \"2025-11-25\",\n\t\t\t\tcapabilities: {\n\t\t\t\t\tprompts: {},\n\t\t\t\t\tresources: {},\n\t\t\t\t\ttools: {},\n\t\t\t\t},\n\t\t\t\tserverInfo: this.liopServer.getServerInfo(),\n\t\t\t});\n\t\t}\n\n\t\tif (method === \"notifications/initialized\") return undefined;\n\t\tif (method === \"ping\") return this.successResponse(id, {});\n\n\t\tif (method === \"tools/list\") {\n\t\t\tconst tools = this.liopServer.listTools();\n\t\t\treturn this.successResponse(id, { tools });\n\t\t}\n\n\t\tif (method === \"resources/list\") {\n\t\t\tconst resources = this.liopServer.listResources();\n\t\t\treturn this.successResponse(id, { resources });\n\t\t}\n\n\t\tif (method === \"prompts/list\") {\n\t\t\tconst prompts = this.liopServer.listPrompts();\n\t\t\treturn this.successResponse(id, { prompts });\n\t\t}\n\n\t\tif (method === \"prompts/get\") {\n\t\t\tif (!params?.name) {\n\t\t\t\treturn this.errorResponse(id, -32602, \"Missing prompt name\");\n\t\t\t}\n\t\t\ttry {\n\t\t\t\tconst result = await this.liopServer.getPrompt({\n\t\t\t\t\tname: params.name as string,\n\t\t\t\t\targuments: params.arguments as Record<string, string> | undefined,\n\t\t\t\t});\n\t\t\t\treturn this.successResponse(id, result);\n\t\t\t} catch (err: unknown) {\n\t\t\t\treturn this.errorResponse(id, -32000, (err as Error).message);\n\t\t\t}\n\t\t}\n\n\t\tif (method === \"resources/read\") {\n\t\t\tif (!params?.uri) {\n\t\t\t\treturn this.errorResponse(id, -32602, \"Missing resource URI\");\n\t\t\t}\n\t\t\ttry {\n\t\t\t\tconst result = await this.liopServer.readResource(params.uri as string);\n\t\t\t\treturn this.successResponse(id, result);\n\t\t\t} catch (err: unknown) {\n\t\t\t\treturn this.errorResponse(id, -32000, (err as Error).message);\n\t\t\t}\n\t\t}\n\n\t\tif (method === \"tools/call\") {\n\t\t\tif (!params?.name) {\n\t\t\t\treturn this.errorResponse(id, -32602, \"Missing tool name\");\n\t\t\t}\n\t\t\tconst request: CallToolRequest = {\n\t\t\t\tname: params.name as string,\n\t\t\t\targuments: (params.arguments as Record<string, unknown>) || {},\n\t\t\t};\n\n\t\t\ttry {\n\t\t\t\tconst result: CallToolResult = await this.liopServer.callTool(request);\n\t\t\t\t// If the tool execution returned an error (e.g. policy violation), we bypass\n\t\t\t\t// ZK-Receipt verification because no cryptographic proof is generated for errors.\n\t\t\t\tconst isVerified = result.isError\n\t\t\t\t\t? true\n\t\t\t\t\t: await this.verifyZkReceipt(request, result);\n\n\t\t\t\tif (!isVerified) {\n\t\t\t\t\treturn this.successResponse(id, {\n\t\t\t\t\t\tcontent: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\ttype: \"text\",\n\t\t\t\t\t\t\t\ttext: \"ALERT [LIOP ZERO-TRUST SHIELD] ZK Verification Failed. The mathematical ImageID does not match the original payload.\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t\tisError: true,\n\t\t\t\t\t});\n\t\t\t\t}\n\n\t\t\t\treturn this.successResponse(id, result);\n\t\t\t} catch (err: unknown) {\n\t\t\t\treturn this.errorResponse(id, -32000, (err as Error).message);\n\t\t\t}\n\t\t}\n\n\t\treturn this.errorResponse(id, -32601, \"Method not found\");\n\t}\n\n\tprivate successResponse(\n\t\tid: string | number | null | undefined,\n\t\tresult: unknown,\n\t) {\n\t\treturn { jsonrpc: \"2.0\", id, result };\n\t}\n\n\tprivate errorResponse(id: string | number, code: number, message: string) {\n\t\treturn { jsonrpc: \"2.0\", id, error: { code, message } };\n\t}\n\n\tprivate async verifyZkReceipt(\n\t\trequest: CallToolRequest,\n\t\tresult: CallToolResult,\n\t): Promise<boolean> {\n\t\tif (\n\t\t\t!request.arguments?.payload ||\n\t\t\ttypeof request.arguments.payload !== \"string\"\n\t\t) {\n\t\t\treturn true;\n\t\t}\n\n\t\ttry {\n\t\t\tconst payload = request.arguments.payload as string;\n\t\t\tconst contentText = result.content[0]?.text;\n\n\t\t\tif (contentText && typeof contentText === \"string\") {\n\t\t\t\ttry {\n\t\t\t\t\tconst data = JSON.parse(contentText);\n\n\t\t\t\t\tif (data.image_id || data.zk_receipt) {\n\t\t\t\t\t\t// 1. Instantiate the Industrial Verifier ( backed by Piscina Worker Pool )\n\t\t\t\t\t\tconst { LiopVerifier } = await import(\"../crypto/verifier.js\");\n\t\t\t\t\t\tconst verifier = new LiopVerifier();\n\n\t\t\t\t\t\t// 2. Delegate the heavy mathematical check (ZK Journal + Seal)\n\t\t\t\t\t\tconst isAuthentic = await verifier.verifyZkReceipt(\n\t\t\t\t\t\t\tBuffer.from(payload, \"utf-8\"),\n\t\t\t\t\t\t\tdata.image_id,\n\t\t\t\t\t\t\tBuffer.from(data.zk_receipt || \"\", \"base64\"),\n\t\t\t\t\t\t\tundefined,\n\t\t\t\t\t\t\tdata.computation_result,\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tif (!isAuthentic) {\n\t\t\t\t\t\t\treturn false;\n\t\t\t\t\t\t}\n\n\t\t\t\t\t\tdata.audit_status =\n\t\t\t\t\t\t\t\"VERIFIED: ZK-Receipt & ImageID Mathematically Verified by LiopMcpBridge\";\n\t\t\t\t\t\tresult.content[0].text = JSON.stringify(data);\n\t\t\t\t\t}\n\t\t\t\t} catch {\n\t\t\t\t\t// Output not JSON\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn true;\n\t\t} catch (e) {\n\t\t\tlog.info(\"[LIOP-Bridge] ZK-Verifier Failure:\", e);\n\t\t\treturn false;\n\t\t}\n\t}\n\n\t/**\n\t * Connects the bridge via stdio or Mesh depending on mode.\n\t */\n\tpublic async connect(): Promise<void> {\n\t\t// In WRAP mode, we actually need to create a LiopServer and join the mesh\n\t\tif (this.legacyMcpServer) {\n\t\t\tconst { LiopServer } = await import(\"../server/index.js\");\n\t\t\tthis.liopServer = new LiopServer(\n\t\t\t\tthis.options.serverInfo || {\n\t\t\t\t\tname: \"liop-bridge\",\n\t\t\t\t\tversion: \"1.0.0\",\n\t\t\t\t},\n\t\t\t\t{ security: this.options.security },\n\t\t\t);\n\n\t\t\tif (this.options.publishToMesh) {\n\t\t\t\tawait this.liopServer.connect();\n\n\t\t\t\t// Automatically Bridge Legacy Capabilities to LIOP Mesh\n\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Internal legacy MCP properties are completely opaque and unexported\n\t\t\t\tconst legacy = this.legacyMcpServer as any;\n\n\t\t\t\t// 1. Sync Tools\n\t\t\t\tif (legacy._registeredTools) {\n\t\t\t\t\tfor (const [name, tool] of Object.entries(legacy._registeredTools)) {\n\t\t\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Opaque legacy structure\n\t\t\t\t\t\tconst t = tool as any;\n\t\t\t\t\t\tthis.liopServer.tool(\n\t\t\t\t\t\t\tname,\n\t\t\t\t\t\t\tt.description || \"\",\n\t\t\t\t\t\t\tt.inputSchema || {},\n\t\t\t\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Opaque legacy callback args\n\t\t\t\t\t\t\tasync (args: any) => {\n\t\t\t\t\t\t\t\treturn await t.handler(args);\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\n\t\t\t\t// 2. Sync Resources\n\t\t\t\tif (legacy._registeredResources) {\n\t\t\t\t\tfor (const [uri, resource] of Object.entries(\n\t\t\t\t\t\tlegacy._registeredResources,\n\t\t\t\t\t)) {\n\t\t\t\t\t\t// biome-ignore lint/suspicious/noExplicitAny: Opaque legacy structure\n\t\t\t\t\t\tconst r = resource as any;\n\t\t\t\t\t\tthis.liopServer.resource(\n\t\t\t\t\t\t\tr.name,\n\t\t\t\t\t\t\turi,\n\t\t\t\t\t\t\tr.metadata?.description || \"\",\n\t\t\t\t\t\t\tr.metadata?.mimeType || \"application/octet-stream\",\n\t\t\t\t\t\t\tasync () => {\n\t\t\t\t\t\t\t\tconst res = await r.readCallback(new URL(uri));\n\t\t\t\t\t\t\t\treturn res.contents[0].text;\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn;\n\t\t}\n\n\t\t// In EXPOSE mode, listen to stdio (Claude Desktop)\n\t\tconst readline = await import(\"node:readline\");\n\t\tconst rl = readline.createInterface({\n\t\t\tinput: process.stdin,\n\t\t\toutput: process.stdout,\n\t\t\tterminal: false,\n\t\t});\n\n\t\tconst shutdown = async () => {\n\t\t\tlog.info(\"[LIOP-Bridge] Disconnecting session...\");\n\t\t\tif (this.liopServer) await this.liopServer.close();\n\t\t\tprocess.exit(0);\n\t\t};\n\n\t\trl.on(\"close\", shutdown);\n\t\tprocess.on(\"SIGINT\", shutdown);\n\t\tprocess.on(\"SIGTERM\", shutdown);\n\n\t\trl.on(\"line\", async (line) => {\n\t\t\tif (!line.trim()) return;\n\t\t\ttry {\n\t\t\t\tconst payload = JSON.parse(line);\n\t\t\t\tconst response = await this.handleJsonRpcRequest(payload);\n\t\t\t\tif (response) {\n\t\t\t\t\tprocess.stdout.write(`${JSON.stringify(response)}\\n`);\n\t\t\t\t}\n\t\t\t} catch (e: unknown) {\n\t\t\t\tlog.error(`[LIOP-Bridge] Error: ${(e as Error).message}`);\n\t\t\t}\n\t\t});\n\t}\n\n\tpublic getServer(): LiopServer | null {\n\t\treturn this.liopServer;\n\t}\n}\n\nexport * from \"./stream.js\";\n"]}

package/dist/chunk-PWCXZWSE.js

@@ -0,0 +1,2 @@
+import {b}from'./chunk-ANFXJGMP.js';import {a}from'./chunk-S6RJHZV2.js';import*as p from'fs';import {createRequire}from'module';import s from'path';import {fileURLToPath,pathToFileURL}from'url';import {Piscina}from'piscina';var P=fileURLToPath(import.meta.url),c=s.dirname(P),u=class f{static zkWorkerPool=null;getZkPool(){if(!f.zkWorkerPool){let e=import.meta.url.endsWith(".ts"),i=e?".ts":".js",t=[];if(e)try{let a=createRequire(import.meta.url).resolve("tsx/package.json");t=["--import",pathToFileURL(s.join(s.dirname(a),"dist","loader.mjs")).href];}catch{t=["--import","tsx"];}let n=[s.resolve(c,`./workers/zk-verifier${i}`),s.resolve(c,`../workers/zk-verifier${i}`)],l=n.find(r=>p.existsSync(r))||n[1];f.zkWorkerPool=new Piscina({filename:l,minThreads:1,maxThreads:2,idleTimeout:3e4,execArgv:t}),f.zkWorkerPool.run({action:"warmup"}).catch(r=>{a.debug(`[LiopVerifier] Verification pool warm-up ping failed: ${r.message}`);});}return f.zkWorkerPool}async verifyZkReceipt(e,i,t,n,l){let r=this.getZkPool();if(!r)throw new Error("Worker pool initialization failed");let a$1=await r.run({action:"verify_receipt",logicPayload:new Uint8Array(e),remoteImageIdHex:i,zkReceipt:new Uint8Array(t),sessionSecret:n?new Uint8Array(n):void 0,expectedOutput:l});return a$1.verified?(a.info(`[LiopVerifier] ${a$1.message}`),true):(a.error(`[LiopVerifier] FAILED: ${a$1.message}`),false)}async verifyTeeAttestation(e){if(e.length===0)return  true;try{return a.info("[LiopVerifier] TEE Attestation: Not configured (no-op)."),!0}catch(i){return a.error("[LiopVerifier] TEE Verification Failed:",i),false}}deriveImageId(e){return b(e)}};export{u as a};//# sourceMappingURL=chunk-PWCXZWSE.js.map
+//# sourceMappingURL=chunk-PWCXZWSE.js.map

package/dist/chunk-PWCXZWSE.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/crypto/verifier.ts"],"names":["__filename","fileURLToPath","__dirname","path","LiopVerifier","_LiopVerifier","isTS","workerExt","execArgv","tsxPkg","createRequire","pathToFileURL","workerPaths","workerFilename","p","Piscina","err","log","logicPayload","remoteImageIdHex","zkReceipt","sessionSecret","expectedOutput","pool","result","attestationReport","deriveLogicImageDigest"],"mappings":"gOAQA,IAAMA,CAAAA,CAAaC,aAAAA,CAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA,CAC1CC,CAAAA,CAAYC,CAAAA,CAAK,OAAA,CAAQH,CAAU,EAS5BI,CAAAA,CAAN,MAAMC,CAAa,CAEzB,OAAe,YAAA,CAA+B,IAAA,CAEtC,SAAA,EAAY,CACnB,GAAI,CAACA,CAAAA,CAAa,YAAA,CAAc,CAC/B,IAAMC,CAAAA,CAAO,YAAY,GAAA,CAAI,QAAA,CAAS,KAAK,CAAA,CACrCC,CAAAA,CAAYD,CAAAA,CAAO,KAAA,CAAQ,KAAA,CAE7BE,EAAqB,EAAC,CAC1B,GAAIF,CAAAA,CACH,GAAI,CAEH,IAAMG,CAAAA,CADMC,cAAc,MAAA,CAAA,IAAA,CAAY,GAAG,CAAA,CACtB,OAAA,CAAQ,kBAAkB,CAAA,CAI7CF,CAAAA,CAAW,CAAC,UAAA,CAHQG,aAAAA,CACnBR,CAAAA,CAAK,IAAA,CAAKA,CAAAA,CAAK,OAAA,CAAQM,CAAM,CAAA,CAAG,OAAQ,YAAY,CACrD,CAAA,CAAE,IACiC,EACpC,CAAA,KAAa,CACZD,CAAAA,CAAW,CAAC,UAAA,CAAY,KAAK,EAC9B,CAID,IAAMI,CAAAA,CAAc,CACnBT,CAAAA,CAAK,QAAQD,CAAAA,CAAW,CAAA,qBAAA,EAAwBK,CAAS,CAAA,CAAE,CAAA,CAC3DJ,CAAAA,CAAK,OAAA,CAAQD,CAAAA,CAAW,CAAA,sBAAA,EAAyBK,CAAS,CAAA,CAAE,CAC7D,CAAA,CAEMM,CAAAA,CACLD,CAAAA,CAAY,IAAA,CAAME,GAAS,CAAA,CAAA,UAAA,CAAWA,CAAC,CAAC,CAAA,EAAKF,CAAAA,CAAY,CAAC,CAAA,CAE3DP,CAAAA,CAAa,aAAe,IAAIU,OAAAA,CAAQ,CACvC,QAAA,CAAUF,CAAAA,CACV,UAAA,CAAY,CAAA,CACZ,UAAA,CAAY,EACZ,WAAA,CAAa,GAAA,CACb,QAAA,CAAAL,CACD,CAAC,CAAA,CAGDH,CAAAA,CAAa,YAAA,CAAa,GAAA,CAAI,CAAE,MAAA,CAAQ,QAAS,CAAC,CAAA,CAAE,KAAA,CAAOW,CAAAA,EAAQ,CAClEC,CAAAA,CAAI,KAAA,CACH,CAAA,sDAAA,EAAyDD,CAAAA,CAAI,OAAO,CAAA,CACrE,EACD,CAAC,EACF,CACA,OAAOX,CAAAA,CAAa,YACrB,CASA,MAAa,eAAA,CACZa,CAAAA,CACAC,EACAC,CAAAA,CACAC,CAAAA,CACAC,CAAAA,CACmB,CACnB,IAAMC,CAAAA,CAAO,IAAA,CAAK,SAAA,EAAU,CAC5B,GAAI,CAACA,CAAAA,CAAM,MAAM,IAAI,KAAA,CAAM,mCAAmC,EAC9D,IAAMC,GAAAA,CAAS,MAAMD,CAAAA,CAAK,GAAA,CAAI,CAC7B,MAAA,CAAQ,gBAAA,CACR,aAAc,IAAI,UAAA,CAAWL,CAAY,CAAA,CACzC,gBAAA,CAAAC,CAAAA,CACA,SAAA,CAAW,IAAI,WAAWC,CAAS,CAAA,CACnC,aAAA,CAAeC,CAAAA,CAAgB,IAAI,UAAA,CAAWA,CAAa,CAAA,CAAI,MAAA,CAC/D,cAAA,CAAAC,CACD,CAAC,CAAA,CAED,OAAIE,GAAAA,CAAO,QAAA,EACVP,EAAI,IAAA,CAAK,CAAA,eAAA,EAAkBO,GAAAA,CAAO,OAAO,CAAA,CAAE,CAAA,CACpC,IAAA,GAGRP,CAAAA,CAAI,MAAM,CAAA,uBAAA,EAA0BO,GAAAA,CAAO,OAAO,CAAA,CAAE,CAAA,CAC7C,KAAA,CACR,CAOA,MAAa,qBACZC,CAAAA,CACmB,CACnB,GAAIA,CAAAA,CAAkB,MAAA,GAAW,CAAA,CAAG,OAAO,KAAA,CAE3C,GAAI,CAKH,OAAAR,CAAAA,CAAI,IAAA,CAAK,yDAAyD,CAAA,CAC3D,CAAA,CACR,OAASD,CAAAA,CAAK,CACb,OAAAC,CAAAA,CAAI,KAAA,CAAM,yCAAA,CAA2CD,CAAG,CAAA,CACjD,KACR,CACD,CAKO,aAAA,CAAcE,CAAAA,CAA8B,CAClD,OAAOQ,CAAAA,CAAuBR,CAAY,CAC3C,CACD","file":"chunk-PWCXZWSE.js","sourcesContent":["import * as fs from \"node:fs\";\nimport { createRequire } from \"node:module\";\nimport path from \"node:path\";\nimport { fileURLToPath, pathToFileURL } from \"node:url\";\nimport { Piscina } from \"piscina\";\nimport { log } from \"../utils/logger.js\";\nimport { deriveLogicImageDigest } from \"./logic-image-id.js\";\n\nconst __filename = fileURLToPath(import.meta.url);\nconst __dirname = path.dirname(__filename);\n\n/**\n * LIOP Tier-0 Industrial Verifier\n *\n * This engine is responsible for the trustless verification of remote logic execution.\n * It validates both the integrity of the code (ZkImageID) and the mathematical proof\n * of its execution (ZkSeal), as well as hardware-level attestation (TEE).\n */\nexport class LiopVerifier {\n\t// Singleton Worker Pool for heavy ZK verification\n\tprivate static zkWorkerPool: Piscina | null = null;\n\n\tprivate getZkPool() {\n\t\tif (!LiopVerifier.zkWorkerPool) {\n\t\t\tconst isTS = import.meta.url.endsWith(\".ts\");\n\t\t\tconst workerExt = isTS ? \".ts\" : \".js\";\n\n\t\t\tlet execArgv: string[] = [];\n\t\t\tif (isTS) {\n\t\t\t\ttry {\n\t\t\t\t\tconst req = createRequire(import.meta.url);\n\t\t\t\t\tconst tsxPkg = req.resolve(\"tsx/package.json\");\n\t\t\t\t\tconst absoluteTsx = pathToFileURL(\n\t\t\t\t\t\tpath.join(path.dirname(tsxPkg), \"dist\", \"loader.mjs\"),\n\t\t\t\t\t).href;\n\t\t\t\t\texecArgv = [\"--import\", absoluteTsx];\n\t\t\t\t} catch (_e) {\n\t\t\t\t\texecArgv = [\"--import\", \"tsx\"];\n\t\t\t\t}\n\t\t\t}\n\n\t\t\t// Support both flat dist/ and original src/ structure\n\t\t\tconst workerPaths = [\n\t\t\t\tpath.resolve(__dirname, `./workers/zk-verifier${workerExt}`), // Flat dist/ (tsup)\n\t\t\t\tpath.resolve(__dirname, `../workers/zk-verifier${workerExt}`), // Original src/\n\t\t\t];\n\n\t\t\tconst workerFilename =\n\t\t\t\tworkerPaths.find((p) => fs.existsSync(p)) || workerPaths[1];\n\n\t\t\tLiopVerifier.zkWorkerPool = new Piscina({\n\t\t\t\tfilename: workerFilename,\n\t\t\t\tminThreads: 1,\n\t\t\t\tmaxThreads: 2, // Minimal footprint since verification is fast compared to generation\n\t\t\t\tidleTimeout: 30000,\n\t\t\t\texecArgv,\n\t\t\t});\n\n\t\t\t// Pre-warm the verification worker\n\t\t\tLiopVerifier.zkWorkerPool.run({ action: \"warmup\" }).catch((err) => {\n\t\t\t\tlog.debug(\n\t\t\t\t\t`[LiopVerifier] Verification pool warm-up ping failed: ${err.message}`,\n\t\t\t\t);\n\t\t\t});\n\t\t}\n\t\treturn LiopVerifier.zkWorkerPool;\n\t}\n\n\t/**\n\t * Verifies a Zero-Knowledge Receipt from a remote LIOP node via Worker Pool.\n\t *\n\t * @param logicPayload The raw WASM or JS logic that was sent to the provider.\n\t * @param remoteImageIdHex The ImageID reported by the provider (must match our local calculation).\n\t * @param zkReceipt The mathematical proof (Seal + Journal) from the zkVM.\n\t */\n\tpublic async verifyZkReceipt(\n\t\tlogicPayload: Buffer,\n\t\tremoteImageIdHex: string,\n\t\tzkReceipt: Buffer,\n\t\tsessionSecret?: Buffer,\n\t\texpectedOutput?: unknown,\n\t): Promise<boolean> {\n\t\tconst pool = this.getZkPool();\n\t\tif (!pool) throw new Error(\"Worker pool initialization failed\");\n\t\tconst result = await pool.run({\n\t\t\taction: \"verify_receipt\",\n\t\t\tlogicPayload: new Uint8Array(logicPayload),\n\t\t\tremoteImageIdHex,\n\t\t\tzkReceipt: new Uint8Array(zkReceipt),\n\t\t\tsessionSecret: sessionSecret ? new Uint8Array(sessionSecret) : undefined,\n\t\t\texpectedOutput,\n\t\t});\n\n\t\tif (result.verified) {\n\t\t\tlog.info(`[LiopVerifier] ${result.message}`);\n\t\t\treturn true;\n\t\t}\n\n\t\tlog.error(`[LiopVerifier] FAILED: ${result.message}`);\n\t\treturn false;\n\t}\n\n\t/**\n\t * Verifies if a node is running inside an authenticated TEE (e.g. AWS Nitro).\n\t *\n\t * @param attestationReport The COSE-signed attestation document from the hardware.\n\t */\n\tpublic async verifyTeeAttestation(\n\t\tattestationReport: Buffer,\n\t): Promise<boolean> {\n\t\tif (attestationReport.length === 0) return true; // Optional in Mesh Alpha\n\n\t\ttry {\n\t\t\t// Architecture for AWS Nitro Enclaves:\n\t\t\t// 1. Decode CBOR/COSE\n\t\t\t// 2. Verify Signature against AWS Nitro Root CA\n\t\t\t// 3. Compare PCRs\n\t\t\tlog.info(\"[LiopVerifier] TEE Attestation: Not configured (no-op).\");\n\t\t\treturn true;\n\t\t} catch (err) {\n\t\t\tlog.error(\"[LiopVerifier] TEE Verification Failed:\", err);\n\t\t\treturn false;\n\t\t}\n\t}\n\n\t/**\n\t * Derives the ImageID of a logic payload following the LIOP v1 Standard.\n\t */\n\tpublic deriveImageId(logicPayload: Buffer): Buffer {\n\t\treturn deriveLogicImageDigest(logicPayload);\n\t}\n}\n"]}

package/dist/{chunk-N6FGTZ6A.js → chunk-T3L6OCM3.js}

@@ -1,3 +1,3 @@
-import {a as a$1}from'./chunk-SW53FNSN.js';import {a as a$4}from'./chunk-DBXGYHKY.js';import {c,a}from'./chunk-V5MKJT6S.js';import {a as a$3}from'./chunk-DQ6UW6L7.js';import {a as a$2}from'./chunk-S6RJHZV2.js';import*as L from'@grpc/grpc-js';import {createDecipheriv,randomBytes,createCipheriv}from'crypto';var v=class{client;token;constructor(e,o,t){let i=c(o);this.client=new a.LogicMesh(e,i),this.token=t;}async negotiateIntent(e){return new Promise((o,t)=>{let i=new L.Metadata;this.token&&i.add("authorization",`Bearer ${this.token}`),this.client.NegotiateIntent(e,i,(n,s)=>{n?t(n):o(s);});})}executeLogic(e){let o=new L.Metadata;return this.token&&o.add("authorization",`Bearer ${this.token}`),this.client.ExecuteLogic(e,o)}close(){this.client.close();}};var M={encryptPayload(u,e){if(e.length!==32)throw new Error("Symmetric Key must be exactly 32 bytes (256 bits).");let o=randomBytes(12),t=createCipheriv("aes-256-gcm",e,o),i=Buffer.concat([t.update(u),t.final()]),n=t.getAuthTag();return {ciphertext:Buffer.concat([i,n]),nonce:o}},decryptPayload(u,e,o){if(u.length<16)throw new Error("Invalid GCM Ciphertext; missing authentication tag length");let t=u.subarray(0,-16),i=u.subarray(-16),n=createDecipheriv("aes-256-gcm",o,e);return n.setAuthTag(i),Buffer.concat([n.update(t),n.final()])}};var x=class{meshNode=null;rpcClients=new Map;manifests=new Map;tlsOptions;serverInfo;verifier=new a$1;oauthToken;constructor(e){this.tlsOptions=e;}async acquireM2MToken(e){let t=`${e.nexusUrl.endsWith("/oidc")?e.nexusUrl:`${e.nexusUrl}/oidc`}/token`;a$2.info(`[LiopClient] Requesting M2M Token from Nexus AS: ${t}`);let i=new URLSearchParams({grant_type:"client_credentials",scope:e.scope||"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query",resource:e.audience,client_id:e.clientId,client_secret:e.clientSecret}),n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i.toString()});if(!n.ok){let c=await n.text();throw new Error(`OAuth token request failed with status ${n.status}: ${c}`)}let s=await n.json();if(!s.access_token)throw new Error("OAuth token response did not contain an access_token.");return a$2.info("[LiopClient] M2M Token acquired successfully."),s.access_token}async connect(e,o){let t=o?.auth?.clientId||process.env.LIOP_OAUTH_CLIENT_ID||process.env.LIOP_CLIENT_ID,i=o?.auth?.clientSecret||process.env.LIOP_OAUTH_CLIENT_SECRET||process.env.LIOP_CLIENT_SECRET,n=o?.auth?.nexusUrl||process.env.LIOP_NEXUS_URL||"http://localhost:3000",s=o?.auth?.audience||process.env.LIOP_OAUTH_AUDIENCE||"urn:liop:mesh:api",c=o?.auth?.scope||process.env.LIOP_OAUTH_SCOPE||"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query";if(this.oauthToken=o?.auth?.token||process.env.LIOP_OAUTH_TOKEN||process.env.LIOP_TOKEN,t&&i)try{this.oauthToken=await this.acquireM2MToken({clientId:t,clientSecret:i,nexusUrl:n,audience:s,scope:c});}catch(a){a$2.error(`[LiopClient] Failed to acquire OAuth M2M Token: ${a instanceof Error?a.message:String(a)}`);}this.meshNode=new a$3(o?.meshConfig),await this.meshNode.start(),a$2.info(`[LiopClient] Mesh Node synchronized. PeerID: ${this.meshNode.getPeerId()}`),e?(this.rpcClients.set("static",new v(e,this.tlsOptions,this.oauthToken)),this.serverInfo={name:`LiopServer (${e})`,version:"1.0.0"},a$2.info(`[LiopClient] Static gRPC configured for: ${e}`)):this.serverInfo={name:"LiopServer (Mesh Alpha)",version:"1.0.0"};}async resolveCapability(e){if(!this.meshNode)throw new Error("Client must be connected to Mesh to resolve capabilities.");a$2.info(`[LiopClient] Querying Mesh DHT for Provider: ${e}...`);let o=await this.meshNode.findProviders(e);if(o.length===0)throw new Error(`Kademlia DHT found zero providers for capability: ${e}`);let t=o[0];a$2.info(`[LiopClient] Identified Alpha Provider PeerID: ${t}`);let i=50051,n=await this.meshNode.queryManifest(t);n&&(i=n.grpcPort,a$2.info(`[LiopClient] Manifest resolved: gRPC port ${i}`));let s=await this.meshNode.resolvePeer(t);for(let c of s){let a=c.split("/");if(a[1]==="ip4"){let p=`${a[2]}:${i}`;return a$2.info(`[LiopClient] Translated Multiaddr to gRPC Target: ${p}`),p}}return `127.0.0.1:${i}`}async discoverTools(){if(!this.meshNode)throw new Error("Client must be connected before discovering tools.");a$2.info("[LiopClient] Discovery started...");let e=await this.meshNode.discoverManifestProviders(),o=[],t=new Set;for(let i of e)try{a$2.info(`[LiopClient] Querying manifest from: ${i}`);let n=await this.meshNode.queryManifest(i);if(n){this.manifests.set(i,n);for(let s of n.tools)t.has(s.name)||(o.push({name:s.name,description:s.description}),t.add(s.name));}}catch(n){a$2.info(`[LiopClient] Error querying manifest from ${i}:`,n instanceof Error?n.message:String(n));}return a$2.info(`[LiopClient] Discovery finished. Found ${o.length} unique tools.`),o}async callTool(e,o){if(!this.meshNode)throw new Error("Client must be connected before calling tools.");let t=e.name;a$2.info(`[LiopClient] Resolving Tool: ${t}`);let i=this.rpcClients.get("static");if(i)a$2.info(`[LiopClient] Using existing static gRPC connection for ${t}.`);else {let y=await this.resolveCapability(t);i=this.getOrCreateRpcClient(t,y);}a$2.info(`[LiopClient] Negotiating intent for ${t}...`);let n=this.meshNode?`did:liop:${this.meshNode.getPeerId()}`:"did:liop:ephemeral",s=Buffer.from(`${t}:${Date.now()}`),c=this.meshNode?await this.meshNode.sign(s):s,a=await i.negotiateIntent({agent_did:n,capability_hash:t,proof_of_intent:c});if(!a.accepted)throw new Error(`Intent denied by host: ${a.error_message}`);let p=a.kyber_public_key||a.kyberPublicKey,f=a.session_token||a.sessionToken;if(!p)throw a$2.info("[LiopClient] Critical Error: Kyber Public Key not found in IntentResponse.",a),new Error("Handshake failed: Remote host did not provide a valid Kyber Public Key.");a$2.info(`[LiopClient] Encapsulating Post-Quantum Shared Secret for ${e.name}...`);let{ciphertext:C,sharedSecret:g}=await a$4.encapsulateAsymmetric(p);a$2.info("[LiopClient] Sealing WASM Payload and Inputs...");let T=o||Buffer.from(""),{ciphertext:A,nonce:S}=M.encryptPayload(T,g),_={},I=await import('crypto');for(let[y,h]of Object.entries(e.arguments||{})){let m=I.randomBytes(12),d=I.createCipheriv("aes-256-gcm",g,m),w=Buffer.concat([d.update(JSON.stringify(h)),d.final()]),l=d.getAuthTag();_[y]=Buffer.concat([m,w,l]);}let U={session_token:f,wasm_binary:A,inputs:_,pqc_ciphertext:C,aes_nonce:S};return new Promise((y,h)=>{let m=i.executeLogic(U);if(!m){h(new Error("RPC Client unavailable or failed to create stream."));return}let d=false,w=false;m.on("data",async l=>{if(!d){w=true,a$2.info("[LiopClient] Logic Executed. Verification in progress...");try{if(!l.is_error&&!await this.verifier.verifyZkReceipt(T,Buffer.from(l.cryptographic_proof).toString("hex"),Buffer.from(l.zk_receipt),Buffer.from(g))){h(new Error("PROTOCOL INTEGRITY VIOLATION: ZK-Receipt verification failed."));return}d=!0,y({content:[{type:"text",text:l.semantic_evidence}],isError:l.is_error});}catch(P){h(P);}}}),m.on("error",l=>{d||(a$2.error("[LiopClient] Stream Error:",l),h(l));}),m.on("end",()=>{!w&&!d&&h(new Error("Logic-on-Origin stream closed without results."));});})}getOrCreateRpcClient(e,o){let t=this.rpcClients.get(e);if(!t){let i=this.oauthToken,n=this.manifests.get(e),s=e;if(!n){for(let[f,C]of this.manifests.entries())if(C.tools.some(g=>g.name===e)){n=C,s=f;break}}let c=n?.serverInfo?.name?.toLowerCase()||"",a,p=n?.tokenSlug;if(p&&(a=process.env[`LIOP_TOKEN_${p}`]||process.env[`LIOP_OAUTH_TOKEN_${p}`]),!a&&s){let f=s.slice(-8).toUpperCase();a=process.env[`LIOP_TOKEN_${f}`]||process.env[`LIOP_OAUTH_TOKEN_${f}`];}if(!a&&c){let f=c.toUpperCase().replace(/[^A-Z0-9_]/g,"_");a=process.env[`LIOP_TOKEN_${f}`]||process.env[`LIOP_OAUTH_TOKEN_${f}`];}a&&(a$2.info(`[LiopClient] Resolved node-specific token for peer ${s.slice(-8)} (${c||"unknown"})`),i=a),t=new v(o,this.tlsOptions,i),this.rpcClients.set(e,t);}return t}async readResource(e){if(!this.meshNode)throw new Error("Client must be connected before reading resources.");a$2.info(`[LiopClient] Querying Mesh for Resource: ${e}...`);let o=await this.meshNode.findProviders(e);if(o.length===0)throw new Error(`No mesh providers found for resource: ${e}`);let t=await this.meshNode.queryManifest(o[0]);if(!t)throw new Error("Target peer did not return a valid LIOP Manifest.");let i=t.resources?.find(n=>n.uri===e);if(!i)throw new Error(`Resource ${e} not listed in remote manifest.`);return {contents:[{uri:e,mimeType:i.mimeType||"application/json",text:JSON.stringify(i,null,2)}]}}getServerInfo(){return this.serverInfo}async close(){this.meshNode&&await this.meshNode.stop();}};
-export{v as a,x as b};//# sourceMappingURL=chunk-N6FGTZ6A.js.map
-//# sourceMappingURL=chunk-N6FGTZ6A.js.map
+import {a as a$1}from'./chunk-PWCXZWSE.js';import {a as a$4}from'./chunk-DBXGYHKY.js';import {c,a}from'./chunk-V5MKJT6S.js';import {a as a$3}from'./chunk-DQ6UW6L7.js';import {a as a$2}from'./chunk-S6RJHZV2.js';import*as L from'@grpc/grpc-js';import {createDecipheriv,randomBytes,createCipheriv}from'crypto';var v=class{client;token;constructor(e,o,t){let i=c(o);this.client=new a.LogicMesh(e,i),this.token=t;}async negotiateIntent(e){return new Promise((o,t)=>{let i=new L.Metadata;this.token&&i.add("authorization",`Bearer ${this.token}`),this.client.NegotiateIntent(e,i,(n,s)=>{n?t(n):o(s);});})}executeLogic(e){let o=new L.Metadata;return this.token&&o.add("authorization",`Bearer ${this.token}`),this.client.ExecuteLogic(e,o)}close(){this.client.close();}};var M={encryptPayload(u,e){if(e.length!==32)throw new Error("Symmetric Key must be exactly 32 bytes (256 bits).");let o=randomBytes(12),t=createCipheriv("aes-256-gcm",e,o),i=Buffer.concat([t.update(u),t.final()]),n=t.getAuthTag();return {ciphertext:Buffer.concat([i,n]),nonce:o}},decryptPayload(u,e,o){if(u.length<16)throw new Error("Invalid GCM Ciphertext; missing authentication tag length");let t=u.subarray(0,-16),i=u.subarray(-16),n=createDecipheriv("aes-256-gcm",o,e);return n.setAuthTag(i),Buffer.concat([n.update(t),n.final()])}};var x=class{meshNode=null;rpcClients=new Map;manifests=new Map;tlsOptions;serverInfo;verifier=new a$1;oauthToken;constructor(e){this.tlsOptions=e;}async acquireM2MToken(e){let t=`${e.nexusUrl.endsWith("/oidc")?e.nexusUrl:`${e.nexusUrl}/oidc`}/token`;a$2.info(`[LiopClient] Requesting M2M Token from Nexus AS: ${t}`);let i=new URLSearchParams({grant_type:"client_credentials",scope:e.scope||"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query",resource:e.audience,client_id:e.clientId,client_secret:e.clientSecret}),n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:i.toString()});if(!n.ok){let c=await n.text();throw new Error(`OAuth token request failed with status ${n.status}: ${c}`)}let s=await n.json();if(!s.access_token)throw new Error("OAuth token response did not contain an access_token.");return a$2.info("[LiopClient] M2M Token acquired successfully."),s.access_token}async connect(e,o){let t=o?.auth?.clientId||process.env.LIOP_OAUTH_CLIENT_ID||process.env.LIOP_CLIENT_ID,i=o?.auth?.clientSecret||process.env.LIOP_OAUTH_CLIENT_SECRET||process.env.LIOP_CLIENT_SECRET,n=o?.auth?.nexusUrl||process.env.LIOP_NEXUS_URL||"http://localhost:3000",s=o?.auth?.audience||process.env.LIOP_OAUTH_AUDIENCE||"urn:liop:mesh:api",c=o?.auth?.scope||process.env.LIOP_OAUTH_SCOPE||"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query";if(this.oauthToken=o?.auth?.token||process.env.LIOP_OAUTH_TOKEN||process.env.LIOP_TOKEN,t&&i)try{this.oauthToken=await this.acquireM2MToken({clientId:t,clientSecret:i,nexusUrl:n,audience:s,scope:c});}catch(a){a$2.error(`[LiopClient] Failed to acquire OAuth M2M Token: ${a instanceof Error?a.message:String(a)}`);}this.meshNode=new a$3(o?.meshConfig),await this.meshNode.start(),a$2.info(`[LiopClient] Mesh Node synchronized. PeerID: ${this.meshNode.getPeerId()}`),e?(this.rpcClients.set("static",new v(e,this.tlsOptions,this.oauthToken)),this.serverInfo={name:`LiopServer (${e})`,version:"1.0.0"},a$2.info(`[LiopClient] Static gRPC configured for: ${e}`)):this.serverInfo={name:"LiopServer (Mesh Alpha)",version:"1.0.0"};}async resolveCapability(e){if(!this.meshNode)throw new Error("Client must be connected to Mesh to resolve capabilities.");a$2.info(`[LiopClient] Querying Mesh DHT for Provider: ${e}...`);let o=await this.meshNode.findProviders(e);if(o.length===0)throw new Error(`Kademlia DHT found zero providers for capability: ${e}`);let t=o[0];a$2.info(`[LiopClient] Identified Alpha Provider PeerID: ${t}`);let i=50051,n=await this.meshNode.queryManifest(t);n&&(i=n.grpcPort,a$2.info(`[LiopClient] Manifest resolved: gRPC port ${i}`));let s=await this.meshNode.resolvePeer(t);for(let c of s){let a=c.split("/");if(a[1]==="ip4"){let p=`${a[2]}:${i}`;return a$2.info(`[LiopClient] Translated Multiaddr to gRPC Target: ${p}`),p}}return `127.0.0.1:${i}`}async discoverTools(){if(!this.meshNode)throw new Error("Client must be connected before discovering tools.");a$2.info("[LiopClient] Discovery started...");let e=await this.meshNode.discoverManifestProviders(),o=[],t=new Set;for(let i of e)try{a$2.info(`[LiopClient] Querying manifest from: ${i}`);let n=await this.meshNode.queryManifest(i);if(n){this.manifests.set(i,n);for(let s of n.tools)t.has(s.name)||(o.push({name:s.name,description:s.description}),t.add(s.name));}}catch(n){a$2.info(`[LiopClient] Error querying manifest from ${i}:`,n instanceof Error?n.message:String(n));}return a$2.info(`[LiopClient] Discovery finished. Found ${o.length} unique tools.`),o}async callTool(e,o){if(!this.meshNode)throw new Error("Client must be connected before calling tools.");let t=e.name;a$2.info(`[LiopClient] Resolving Tool: ${t}`);let i=this.rpcClients.get("static");if(i)a$2.info(`[LiopClient] Using existing static gRPC connection for ${t}.`);else {let y=await this.resolveCapability(t);i=this.getOrCreateRpcClient(t,y);}a$2.info(`[LiopClient] Negotiating intent for ${t}...`);let n=this.meshNode?`did:liop:${this.meshNode.getPeerId()}`:"did:liop:ephemeral",s=Buffer.from(`${t}:${Date.now()}`),c=this.meshNode?await this.meshNode.sign(s):s,a=await i.negotiateIntent({agent_did:n,capability_hash:t,proof_of_intent:c});if(!a.accepted)throw new Error(`Intent denied by host: ${a.error_message}`);let p=a.kyber_public_key||a.kyberPublicKey,f=a.session_token||a.sessionToken;if(!p)throw a$2.info("[LiopClient] Critical Error: Kyber Public Key not found in IntentResponse.",a),new Error("Handshake failed: Remote host did not provide a valid Kyber Public Key.");a$2.info(`[LiopClient] Encapsulating Post-Quantum Shared Secret for ${e.name}...`);let{ciphertext:C,sharedSecret:g}=await a$4.encapsulateAsymmetric(p);a$2.info("[LiopClient] Sealing WASM Payload and Inputs...");let T=o||Buffer.from(""),{ciphertext:A,nonce:S}=M.encryptPayload(T,g),_={},I=await import('crypto');for(let[y,h]of Object.entries(e.arguments||{})){let m=I.randomBytes(12),d=I.createCipheriv("aes-256-gcm",g,m),w=Buffer.concat([d.update(JSON.stringify(h)),d.final()]),l=d.getAuthTag();_[y]=Buffer.concat([m,w,l]);}let U={session_token:f,wasm_binary:A,inputs:_,pqc_ciphertext:C,aes_nonce:S};return new Promise((y,h)=>{let m=i.executeLogic(U);if(!m){h(new Error("RPC Client unavailable or failed to create stream."));return}let d=false,w=false;m.on("data",async l=>{if(!d){w=true,a$2.info("[LiopClient] Logic Executed. Verification in progress...");try{if(!l.is_error&&!await this.verifier.verifyZkReceipt(T,Buffer.from(l.cryptographic_proof).toString("hex"),Buffer.from(l.zk_receipt),Buffer.from(g),l.semantic_evidence)){h(new Error("PROTOCOL INTEGRITY VIOLATION: ZK-Receipt verification failed."));return}d=!0,y({content:[{type:"text",text:l.semantic_evidence}],isError:l.is_error});}catch(P){h(P);}}}),m.on("error",l=>{d||(a$2.error("[LiopClient] Stream Error:",l),h(l));}),m.on("end",()=>{!w&&!d&&h(new Error("Logic-on-Origin stream closed without results."));});})}getOrCreateRpcClient(e,o){let t=this.rpcClients.get(e);if(!t){let i=this.oauthToken,n=this.manifests.get(e),s=e;if(!n){for(let[f,C]of this.manifests.entries())if(C.tools.some(g=>g.name===e)){n=C,s=f;break}}let c=n?.serverInfo?.name?.toLowerCase()||"",a,p=n?.tokenSlug;if(p&&(a=process.env[`LIOP_TOKEN_${p}`]||process.env[`LIOP_OAUTH_TOKEN_${p}`]),!a&&s){let f=s.slice(-8).toUpperCase();a=process.env[`LIOP_TOKEN_${f}`]||process.env[`LIOP_OAUTH_TOKEN_${f}`];}if(!a&&c){let f=c.toUpperCase().replace(/[^A-Z0-9_]/g,"_");a=process.env[`LIOP_TOKEN_${f}`]||process.env[`LIOP_OAUTH_TOKEN_${f}`];}a&&(a$2.info(`[LiopClient] Resolved node-specific token for peer ${s.slice(-8)} (${c||"unknown"})`),i=a),t=new v(o,this.tlsOptions,i),this.rpcClients.set(e,t);}return t}async readResource(e){if(!this.meshNode)throw new Error("Client must be connected before reading resources.");a$2.info(`[LiopClient] Querying Mesh for Resource: ${e}...`);let o=await this.meshNode.findProviders(e);if(o.length===0)throw new Error(`No mesh providers found for resource: ${e}`);let t=await this.meshNode.queryManifest(o[0]);if(!t)throw new Error("Target peer did not return a valid LIOP Manifest.");let i=t.resources?.find(n=>n.uri===e);if(!i)throw new Error(`Resource ${e} not listed in remote manifest.`);return {contents:[{uri:e,mimeType:i.mimeType||"application/json",text:JSON.stringify(i,null,2)}]}}getServerInfo(){return this.serverInfo}async close(){this.meshNode&&await this.meshNode.stop();}};
+export{v as a,x as b};//# sourceMappingURL=chunk-T3L6OCM3.js.map
+//# sourceMappingURL=chunk-T3L6OCM3.js.map

package/dist/chunk-T3L6OCM3.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/rpc/client.ts","../src/rpc/crypto/aes.ts","../src/client/index.ts"],"names":["LiopRpcClient","address","tls","token","credentials","createChannelCredentials","liopV1","request","resolve","reject","metadata","error","response","AesGcmWrapper","payload","sharedSecret","nonce","randomBytes","cipher","createCipheriv","encrypted","authTag","ciphertextBuffer","encryptedData","decipher","createDecipheriv","LiopClient","LiopVerifier","authOpts","tokenUrl","log","params","text","data","options","clientId","clientSecret","nexusUrl","audience","scope","err","MeshNode","toolName","providers","providerId","grpcPort","manifest","addrs","maddr","parts","grpcHost","providerIds","tools","seenNames","peerId","tool","_wasmPayload","rpcClient","dynamicAddress","agentDid","intentPayload","proofOfIntent","intentResponse","publicKey","sessionToken","kyberCiphertext","Kyber768Wrapper","_safePayload","encryptedWasm","aesNonce","encryptedInputs","crypto","key","value","inputNonce","logicRequest","stream","resultFulfilled","hasReceivedData","client","nodeToken","realPeerId","pId","m","t","providerName","envToken","slug","shortId","cleanName","uri","resourceDef","r"],"mappings":"mTAcO,IAAMA,EAAN,KAAoB,CAElB,OACA,KAAA,CAER,WAAA,CAAYC,CAAAA,CAAiBC,CAAAA,CAAsBC,EAAgB,CAClE,IAAMC,EAAcC,CAAAA,CAAyBH,CAAG,EAChD,IAAA,CAAK,MAAA,CAAS,IAAII,CAAAA,CAAO,UAAUL,CAAAA,CAASG,CAAW,EACvD,IAAA,CAAK,KAAA,CAAQD,EACd,CAMA,MAAa,gBACZI,CAAAA,CAC0B,CAC1B,OAAO,IAAI,OAAA,CAAQ,CAACC,CAAAA,CAASC,CAAAA,GAAW,CACvC,IAAMC,CAAAA,CAAW,IAAS,CAAA,CAAA,QAAA,CACtB,KAAK,KAAA,EACRA,CAAAA,CAAS,IAAI,eAAA,CAAiB,CAAA,OAAA,EAAU,KAAK,KAAK,CAAA,CAAE,CAAA,CAErD,IAAA,CAAK,OAAO,eAAA,CACXH,CAAAA,CACAG,EACA,CAACC,CAAAA,CAAiCC,IAA6B,CAC1DD,CAAAA,CACHF,CAAAA,CAAOE,CAAK,EAEZH,CAAAA,CAAQI,CAAQ,EAElB,CACD,EACD,CAAC,CACF,CAMO,aACNL,CAAAA,CAC2C,CAC3C,IAAMG,CAAAA,CAAW,IAAS,WAC1B,OAAI,IAAA,CAAK,OACRA,CAAAA,CAAS,GAAA,CAAI,eAAA,CAAiB,CAAA,OAAA,EAAU,KAAK,KAAK,CAAA,CAAE,EAE9C,IAAA,CAAK,MAAA,CAAO,aAAaH,CAAAA,CAASG,CAAQ,CAClD,CAEO,OAAc,CACpB,IAAA,CAAK,OAAO,KAAA,GACb,CACD,EC7DO,IAAMG,EAAgB,CAQ5B,cAAA,CACCC,EACAC,CAAAA,CAIC,CACD,GAAIA,CAAAA,CAAa,MAAA,GAAW,GAC3B,MAAM,IAAI,MAAM,oDAAoD,CAAA,CAIrE,IAAMC,CAAAA,CAAQC,YAAY,EAAE,CAAA,CAEtBC,EAASC,cAAAA,CAAe,aAAA,CAAeJ,EAAcC,CAAK,CAAA,CAG1DI,EAAY,MAAA,CAAO,MAAA,CAAO,CAACF,CAAAA,CAAO,MAAA,CAAOJ,CAAO,CAAA,CAAGI,CAAAA,CAAO,OAAO,CAAC,CAAA,CAClEG,CAAAA,CAAUH,EAAO,UAAA,EAAW,CAMlC,OAAO,CACN,UAAA,CAHuB,OAAO,MAAA,CAAO,CAACE,EAAWC,CAAO,CAAC,EAIzD,KAAA,CAAOL,CACR,CACD,CAAA,CAKA,cAAA,CACCM,EACAN,CAAAA,CACAD,CAAAA,CACS,CACT,GAAIO,EAAiB,MAAA,CAAS,EAAA,CAC7B,MAAM,IAAI,KAAA,CACT,2DACD,CAAA,CAID,IAAMC,CAAAA,CAAgBD,CAAAA,CAAiB,SAAS,CAAA,CAAG,GAAG,EAChDD,CAAAA,CAAUC,CAAAA,CAAiB,SAAS,GAAG,CAAA,CAEvCE,CAAAA,CAAWC,gBAAAA,CAAiB,cAAeV,CAAAA,CAAcC,CAAK,EACpE,OAAAQ,CAAAA,CAAS,WAAWH,CAAO,CAAA,CAEpB,OAAO,MAAA,CAAO,CAACG,EAAS,MAAA,CAAOD,CAAa,EAAGC,CAAAA,CAAS,KAAA,EAAO,CAAC,CACxE,CACD,CAAA,KClDaE,CAAAA,CAAN,KAAiB,CACf,QAAA,CAA4B,IAAA,CAC5B,WAAyC,IAAI,GAAA,CAC7C,SAAA,CAAuC,IAAI,IAC3C,UAAA,CACA,UAAA,CACD,SAAyB,IAAIC,GAAAA,CAC5B,WAER,WAAA,CAAYzB,CAAAA,CAAsB,CACjC,IAAA,CAAK,WAAaA,EACnB,CAKA,MAAc,eAAA,CAAgB0B,CAAAA,CAMV,CAInB,IAAMC,CAAAA,CAAW,GAHDD,CAAAA,CAAS,QAAA,CAAS,SAAS,OAAO,CAAA,CAC/CA,EAAS,QAAA,CACT,CAAA,EAAGA,EAAS,QAAQ,CAAA,KAAA,CACI,CAAA,MAAA,CAAA,CAC3BE,GAAAA,CAAI,KAAK,CAAA,iDAAA,EAAoDD,CAAQ,EAAE,CAAA,CAEvE,IAAME,EAAS,IAAI,eAAA,CAAgB,CAClC,UAAA,CAAY,qBACZ,KAAA,CACCH,CAAAA,CAAS,OACT,sFAAA,CACD,QAAA,CAAUA,EAAS,QAAA,CACnB,SAAA,CAAWA,CAAAA,CAAS,QAAA,CACpB,cAAeA,CAAAA,CAAS,YACzB,CAAC,CAAA,CAEKhB,CAAAA,CAAW,MAAM,KAAA,CAAMiB,CAAAA,CAAU,CACtC,MAAA,CAAQ,MAAA,CACR,QAAS,CACR,cAAA,CAAgB,mCACjB,CAAA,CACA,IAAA,CAAME,EAAO,QAAA,EACd,CAAC,CAAA,CAED,GAAI,CAACnB,CAAAA,CAAS,GAAI,CACjB,IAAMoB,EAAO,MAAMpB,CAAAA,CAAS,MAAK,CACjC,MAAM,IAAI,KAAA,CACT,CAAA,uCAAA,EAA0CA,EAAS,MAAM,CAAA,EAAA,EAAKoB,CAAI,CAAA,CACnE,CACD,CAEA,IAAMC,EAAQ,MAAMrB,CAAAA,CAAS,MAAK,CAIlC,GAAI,CAACqB,CAAAA,CAAK,YAAA,CACT,MAAM,IAAI,KAAA,CAAM,uDAAuD,CAAA,CAGxE,OAAAH,IAAI,IAAA,CAAK,+CAA+C,EACjDG,CAAAA,CAAK,YACb,CAMA,MAAa,QACZhC,CAAAA,CACAiC,CAAAA,CAWgB,CAEhB,IAAMC,CAAAA,CACLD,GAAS,IAAA,EAAM,QAAA,EACf,OAAA,CAAQ,GAAA,CAAI,sBACZ,OAAA,CAAQ,GAAA,CAAI,eACPE,CAAAA,CACLF,CAAAA,EAAS,MAAM,YAAA,EACf,OAAA,CAAQ,GAAA,CAAI,wBAAA,EACZ,QAAQ,GAAA,CAAI,kBAAA,CACPG,EACLH,CAAAA,EAAS,IAAA,EAAM,UACf,OAAA,CAAQ,GAAA,CAAI,gBACZ,uBAAA,CACKI,CAAAA,CACLJ,GAAS,IAAA,EAAM,QAAA,EACf,QAAQ,GAAA,CAAI,mBAAA,EACZ,oBACKK,CAAAA,CACLL,CAAAA,EAAS,IAAA,EAAM,KAAA,EACf,QAAQ,GAAA,CAAI,gBAAA,EACZ,uFAOD,GALA,IAAA,CAAK,WACJA,CAAAA,EAAS,IAAA,EAAM,KAAA,EACf,OAAA,CAAQ,IAAI,gBAAA,EACZ,OAAA,CAAQ,IAAI,UAAA,CAETC,CAAAA,EAAYC,EACf,GAAI,CACH,IAAA,CAAK,UAAA,CAAa,MAAM,IAAA,CAAK,eAAA,CAAgB,CAC5C,QAAA,CAAAD,CAAAA,CACA,aAAAC,CAAAA,CACA,QAAA,CAAAC,EACA,QAAA,CAAAC,CAAAA,CACA,MAAAC,CACD,CAAC,EACF,CAAA,MAASC,CAAAA,CAAc,CACtBV,GAAAA,CAAI,KAAA,CACH,CAAA,gDAAA,EACCU,CAAAA,YAAe,MAAQA,CAAAA,CAAI,OAAA,CAAU,OAAOA,CAAG,CAChD,EACD,EAED,CAGD,IAAA,CAAK,QAAA,CAAW,IAAIC,GAAAA,CAASP,CAAAA,EAAS,UAAU,CAAA,CAChD,MAAM,KAAK,QAAA,CAAS,KAAA,EAAM,CAC1BJ,GAAAA,CAAI,KACH,CAAA,6CAAA,EAAgD,IAAA,CAAK,SAAS,SAAA,EAAW,EAC1E,CAAA,CAEI7B,CAAAA,EACH,KAAK,UAAA,CAAW,GAAA,CACf,SACA,IAAID,CAAAA,CAAcC,EAAS,IAAA,CAAK,UAAA,CAAY,KAAK,UAAU,CAC5D,CAAA,CACA,IAAA,CAAK,WAAa,CAAE,IAAA,CAAM,eAAeA,CAAO,CAAA,CAAA,CAAA,CAAK,QAAS,OAAQ,CAAA,CACtE6B,IAAI,IAAA,CAAK,CAAA,yCAAA,EAA4C7B,CAAO,CAAA,CAAE,CAAA,EAE9D,KAAK,UAAA,CAAa,CAAE,KAAM,yBAAA,CAA2B,OAAA,CAAS,OAAQ,EAExE,CAMA,MAAa,iBAAA,CAAkByC,EAAmC,CACjE,GAAI,CAAC,IAAA,CAAK,QAAA,CACT,MAAM,IAAI,KAAA,CACT,2DACD,CAAA,CAEDZ,GAAAA,CAAI,KAAK,CAAA,6CAAA,EAAgDY,CAAQ,KAAK,CAAA,CACtE,IAAMC,CAAAA,CAAY,MAAM,KAAK,QAAA,CAAS,aAAA,CAAcD,CAAQ,CAAA,CAE5D,GAAIC,EAAU,MAAA,GAAW,CAAA,CACxB,MAAM,IAAI,MACT,CAAA,kDAAA,EAAqDD,CAAQ,EAC9D,CAAA,CAGD,IAAME,EAAaD,CAAAA,CAAU,CAAC,CAAA,CAC9Bb,GAAAA,CAAI,KAAK,CAAA,+CAAA,EAAkDc,CAAU,EAAE,CAAA,CAEvE,IAAIC,EAAW,KAAA,CACTC,CAAAA,CAAW,MAAM,IAAA,CAAK,QAAA,CAAS,cAAcF,CAAU,CAAA,CACzDE,IACHD,CAAAA,CAAWC,CAAAA,CAAS,SACpBhB,GAAAA,CAAI,IAAA,CAAK,CAAA,0CAAA,EAA6Ce,CAAQ,EAAE,CAAA,CAAA,CAGjE,IAAME,EAAQ,MAAM,IAAA,CAAK,SAAS,WAAA,CAAYH,CAAU,CAAA,CACxD,IAAA,IAAWI,KAASD,CAAAA,CAAO,CAC1B,IAAME,CAAAA,CAAQD,CAAAA,CAAM,MAAM,GAAG,CAAA,CAC7B,GAAIC,CAAAA,CAAM,CAAC,CAAA,GAAM,KAAA,CAAO,CACvB,IAAMC,CAAAA,CAAW,GAAGD,CAAAA,CAAM,CAAC,CAAC,CAAA,CAAA,EAAIJ,CAAQ,GACxC,OAAAf,GAAAA,CAAI,KACH,CAAA,kDAAA,EAAqDoB,CAAQ,EAC9D,CAAA,CACOA,CACR,CACD,CAEA,OAAO,CAAA,UAAA,EAAaL,CAAQ,EAC7B,CAKA,MAAa,eAEX,CACD,GAAI,CAAC,IAAA,CAAK,SACT,MAAM,IAAI,MAAM,oDAAoD,CAAA,CAGrEf,IAAI,IAAA,CAAK,mCAAmC,CAAA,CAC5C,IAAMqB,EAAc,MAAM,IAAA,CAAK,SAAS,yBAAA,EAA0B,CAC5DC,EAAkD,EAAC,CACnDC,EAAY,IAAI,GAAA,CAEtB,QAAWC,CAAAA,IAAUH,CAAAA,CACpB,GAAI,CACHrB,GAAAA,CAAI,KAAK,CAAA,qCAAA,EAAwCwB,CAAM,CAAA,CAAE,CAAA,CACzD,IAAMR,CAAAA,CAAW,MAAM,KAAK,QAAA,CAAS,aAAA,CAAcQ,CAAM,CAAA,CACzD,GAAIR,EAAU,CACb,IAAA,CAAK,UAAU,GAAA,CAAIQ,CAAAA,CAAQR,CAAQ,CAAA,CACnC,IAAA,IAAWS,KAAQT,CAAAA,CAAS,KAAA,CACtBO,CAAAA,CAAU,GAAA,CAAIE,EAAK,IAAI,CAAA,GAC3BH,EAAM,IAAA,CAAK,CAAE,KAAMG,CAAAA,CAAK,IAAA,CAAM,YAAaA,CAAAA,CAAK,WAAY,CAAC,CAAA,CAC7DF,CAAAA,CAAU,IAAIE,CAAAA,CAAK,IAAI,GAG1B,CACD,CAAA,MAASf,CAAAA,CAAc,CACtBV,IAAI,IAAA,CACH,CAAA,0CAAA,EAA6CwB,CAAM,CAAA,CAAA,CAAA,CACnDd,CAAAA,YAAe,MAAQA,CAAAA,CAAI,OAAA,CAAU,MAAA,CAAOA,CAAG,CAChD,EACD,CAGD,OAAAV,GAAAA,CAAI,IAAA,CACH,0CAA0CsB,CAAAA,CAAM,MAAM,CAAA,cAAA,CACvD,CAAA,CACOA,CACR,CAKA,MAAa,SACZ7C,CAAAA,CACAiD,CAAAA,CAC0B,CAC1B,GAAI,CAAC,KAAK,QAAA,CACT,MAAM,IAAI,KAAA,CAAM,gDAAgD,EAGjE,IAAMd,CAAAA,CAAWnC,EAAQ,IAAA,CACzBuB,GAAAA,CAAI,IAAA,CAAK,CAAA,6BAAA,EAAgCY,CAAQ,CAAA,CAAE,CAAA,CAGnD,IAAIe,CAAAA,CAAY,IAAA,CAAK,WAAW,GAAA,CAAI,QAAQ,CAAA,CAE5C,GAAKA,EAIJ3B,GAAAA,CAAI,IAAA,CACH,0DAA0DY,CAAQ,CAAA,CAAA,CACnE,OANe,CACf,IAAMgB,CAAAA,CAAiB,MAAM,KAAK,iBAAA,CAAkBhB,CAAQ,EAC5De,CAAAA,CAAY,IAAA,CAAK,qBAAqBf,CAAAA,CAAUgB,CAAc,EAC/D,CAMA5B,GAAAA,CAAI,KAAK,CAAA,oCAAA,EAAuCY,CAAQ,KAAK,CAAA,CAC7D,IAAMiB,EAAW,IAAA,CAAK,QAAA,CACnB,CAAA,SAAA,EAAY,IAAA,CAAK,SAAS,SAAA,EAAW,GACrC,oBAAA,CACGC,CAAAA,CAAgB,OAAO,IAAA,CAAK,CAAA,EAAGlB,CAAQ,CAAA,CAAA,EAAI,KAAK,GAAA,EAAK,EAAE,CAAA,CACvDmB,CAAAA,CAAgB,KAAK,QAAA,CACxB,MAAM,IAAA,CAAK,QAAA,CAAS,KAAKD,CAAa,CAAA,CACtCA,EAEGE,CAAAA,CAAkB,MAAML,EAAU,eAAA,CAAgB,CACvD,UAAWE,CAAAA,CACX,eAAA,CAAiBjB,EACjB,eAAA,CAAiBmB,CAClB,CAAC,CAAA,CASD,GAAI,CAACC,CAAAA,CAAe,QAAA,CACnB,MAAM,IAAI,MAAM,CAAA,uBAAA,EAA0BA,CAAAA,CAAe,aAAa,CAAA,CAAE,CAAA,CAIzE,IAAMC,CAAAA,CACLD,CAAAA,CAAe,kBAAoBA,CAAAA,CAAe,cAAA,CAC7CE,EACLF,CAAAA,CAAe,aAAA,EAAiBA,EAAe,YAAA,CAEhD,GAAI,CAACC,CAAAA,CACJ,MAAAjC,GAAAA,CAAI,IAAA,CACH,6EACAgC,CACD,CAAA,CACM,IAAI,KAAA,CACT,yEACD,EAIDhC,GAAAA,CAAI,IAAA,CACH,6DAA6DvB,CAAAA,CAAQ,IAAI,KAC1E,CAAA,CACA,GAAM,CAAE,UAAA,CAAY0D,CAAAA,CAAiB,aAAAlD,CAAa,CAAA,CACjD,MAAMmD,GAAAA,CAAgB,sBAAsBH,CAAS,CAAA,CAGtDjC,IAAI,IAAA,CAAK,iDAAiD,EAE1D,IAAMqC,CAAAA,CAAeX,CAAAA,EAAgB,MAAA,CAAO,KAAK,EAAE,CAAA,CAG7C,CAAE,UAAA,CAAYY,CAAAA,CAAe,MAAOC,CAAS,CAAA,CAClDxD,CAAAA,CAAc,cAAA,CAAesD,EAAcpD,CAAY,CAAA,CAGlDuD,EAA8C,EAAC,CAC/CC,EAAS,MAAM,OAAO,QAAa,CAAA,CACzC,IAAA,GAAW,CAACC,CAAAA,CAAKC,CAAK,IAAK,MAAA,CAAO,OAAA,CAAQlE,EAAQ,SAAA,EAAa,EAAE,CAAA,CAAG,CACnE,IAAMmE,CAAAA,CAAaH,EAAO,WAAA,CAAY,EAAE,EAClCrD,CAAAA,CAASqD,CAAAA,CAAO,cAAA,CACrB,aAAA,CACAxD,EACA2D,CACD,CAAA,CACMtD,EAAY,MAAA,CAAO,MAAA,CAAO,CAC/BF,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,SAAA,CAAUuD,CAAK,CAAC,CAAA,CACnCvD,EAAO,KAAA,EACR,CAAC,CAAA,CACKG,CAAAA,CAAUH,EAAO,UAAA,EAAW,CAElCoD,EAAgBE,CAAG,CAAA,CAAI,OAAO,MAAA,CAAO,CAACE,EAAYtD,CAAAA,CAAWC,CAAO,CAAC,EACtE,CAGA,IAAMsD,CAAAA,CAA6B,CAClC,aAAA,CAAeX,CAAAA,CACf,YAAaI,CAAAA,CACb,MAAA,CAAQE,CAAAA,CACR,cAAA,CAAgBL,EAChB,SAAA,CAAWI,CACZ,EAEA,OAAO,IAAI,QAAQ,CAAC7D,CAAAA,CAASC,CAAAA,GAAW,CACvC,IAAMmE,CAAAA,CAASnB,CAAAA,CAAU,aAAakB,CAAY,CAAA,CAClD,GAAI,CAACC,CAAAA,CAAQ,CACZnE,CAAAA,CAAO,IAAI,MAAM,oDAAoD,CAAC,EACtE,MACD,CACA,IAAIoE,CAAAA,CAAkB,KAAA,CAClBC,CAAAA,CAAkB,KAAA,CAEtBF,EAAO,EAAA,CAAG,MAAA,CAAQ,MAAOhE,CAAAA,EAA4B,CACpD,GAAI,CAAAiE,CAAAA,CACJ,CAAAC,CAAAA,CAAkB,IAAA,CAElBhD,IAAI,IAAA,CAAK,0DAA0D,EAEnE,GAAI,CAIH,GAAI,CAAClB,CAAAA,CAAS,QAAA,EAST,CARY,MAAM,IAAA,CAAK,QAAA,CAAS,gBACnCuD,CAAAA,CACA,MAAA,CAAO,KAAKvD,CAAAA,CAAS,mBAAmB,EAAE,QAAA,CAAS,KAAK,EACxD,MAAA,CAAO,IAAA,CAAKA,EAAS,UAAU,CAAA,CAC/B,OAAO,IAAA,CAAKG,CAAY,CAAA,CACxBH,CAAAA,CAAS,iBACV,CAAA,CAEc,CACbH,EACC,IAAI,KAAA,CACH,+DACD,CACD,CAAA,CACA,MACD,CAGDoE,EAAkB,CAAA,CAAA,CAClBrE,CAAAA,CAAQ,CACP,OAAA,CAAS,CACR,CACC,IAAA,CAAM,MAAA,CACN,IAAA,CAAMI,CAAAA,CAAS,iBAChB,CACD,CAAA,CACA,QAASA,CAAAA,CAAS,QACnB,CAAC,EACF,CAAA,MAAS4B,EAAK,CACb/B,CAAAA,CAAO+B,CAAG,EACX,CAAA,CACD,CAAC,CAAA,CAEDoC,CAAAA,CAAO,GAAG,OAAA,CAAUpC,CAAAA,EAAQ,CACvBqC,CAAAA,GACJ/C,IAAI,KAAA,CAAM,4BAAA,CAA8BU,CAAG,CAAA,CAC3C/B,CAAAA,CAAO+B,CAAG,CAAA,EACX,CAAC,CAAA,CAEDoC,CAAAA,CAAO,GAAG,KAAA,CAAO,IAAM,CAGlB,CAACE,CAAAA,EAAmB,CAACD,CAAAA,EACxBpE,CAAAA,CAAO,IAAI,KAAA,CAAM,gDAAgD,CAAC,EAEpE,CAAC,EACF,CAAC,CACF,CAEQ,oBAAA,CAAqB6C,EAAgBrD,CAAAA,CAAgC,CAC5E,IAAI8E,CAAAA,CAAS,IAAA,CAAK,WAAW,GAAA,CAAIzB,CAAM,EACvC,GAAI,CAACyB,CAAAA,CAAQ,CACZ,IAAIC,CAAAA,CAAY,IAAA,CAAK,WAEjBlC,CAAAA,CAAW,IAAA,CAAK,UAAU,GAAA,CAAIQ,CAAM,CAAA,CACpC2B,CAAAA,CAAa3B,EAIjB,GAAI,CAACR,GACJ,IAAA,GAAW,CAACoC,EAAKC,CAAC,CAAA,GAAK,IAAA,CAAK,SAAA,CAAU,SAAQ,CAC7C,GAAIA,EAAE,KAAA,CAAM,IAAA,CAAMC,GAAMA,CAAAA,CAAE,IAAA,GAAS9B,CAAM,CAAA,CAAG,CAC3CR,EAAWqC,CAAAA,CACXF,CAAAA,CAAaC,EACb,KACD,CAAA,CAIF,IAAMG,CAAAA,CAAevC,CAAAA,EAAU,UAAA,EAAY,IAAA,EAAM,aAAY,EAAK,EAAA,CAC9DwC,EAGEC,CAAAA,CAAOzC,CAAAA,EAAU,UAQvB,GAPIyC,CAAAA,GACHD,EACC,OAAA,CAAQ,GAAA,CAAI,cAAcC,CAAI,CAAA,CAAE,GAChC,OAAA,CAAQ,GAAA,CAAI,oBAAoBA,CAAI,CAAA,CAAE,CAAA,CAAA,CAIpC,CAACD,GAAYL,CAAAA,CAAY,CAC5B,IAAMO,CAAAA,CAAUP,CAAAA,CAAW,MAAM,EAAE,CAAA,CAAE,aAAY,CACjDK,CAAAA,CACC,QAAQ,GAAA,CAAI,CAAA,WAAA,EAAcE,CAAO,CAAA,CAAE,CAAA,EACnC,QAAQ,GAAA,CAAI,CAAA,iBAAA,EAAoBA,CAAO,CAAA,CAAE,EAC3C,CAGA,GAAI,CAACF,CAAAA,EAAYD,CAAAA,CAAc,CAC9B,IAAMI,CAAAA,CAAYJ,CAAAA,CAChB,WAAA,GACA,OAAA,CAAQ,aAAA,CAAe,GAAG,CAAA,CAC5BC,CAAAA,CACC,QAAQ,GAAA,CAAI,CAAA,WAAA,EAAcG,CAAS,CAAA,CAAE,GACrC,OAAA,CAAQ,GAAA,CAAI,oBAAoBA,CAAS,CAAA,CAAE,EAC7C,CAEIH,CAAAA,GACHxD,IAAI,IAAA,CACH,CAAA,mDAAA,EAAsDmD,EAAW,KAAA,CAAM,EAAE,CAAC,CAAA,EAAA,EAAKI,CAAAA,EAAgB,SAAS,CAAA,CAAA,CACzG,CAAA,CACAL,CAAAA,CAAYM,CAAAA,CAAAA,CAGbP,EAAS,IAAI/E,CAAAA,CAAcC,EAAS,IAAA,CAAK,UAAA,CAAY+E,CAAS,CAAA,CAC9D,IAAA,CAAK,UAAA,CAAW,GAAA,CAAI1B,EAAQyB,CAAM,EACnC,CACA,OAAOA,CACR,CAMA,MAAa,YAAA,CAAaW,CAAAA,CAEvB,CACF,GAAI,CAAC,IAAA,CAAK,SACT,MAAM,IAAI,MAAM,oDAAoD,CAAA,CAErE5D,IAAI,IAAA,CAAK,CAAA,yCAAA,EAA4C4D,CAAG,CAAA,GAAA,CAAK,CAAA,CAG7D,IAAM/C,CAAAA,CAAY,MAAM,KAAK,QAAA,CAAS,aAAA,CAAc+C,CAAG,CAAA,CACvD,GAAI/C,CAAAA,CAAU,MAAA,GAAW,EACxB,MAAM,IAAI,MAAM,CAAA,sCAAA,EAAyC+C,CAAG,CAAA,CAAE,CAAA,CAI/D,IAAM5C,CAAAA,CAAW,MAAM,KAAK,QAAA,CAAS,aAAA,CAAcH,EAAU,CAAC,CAAC,CAAA,CAC/D,GAAI,CAACG,CAAAA,CACJ,MAAM,IAAI,KAAA,CAAM,mDAAmD,EAIpE,IAAM6C,CAAAA,CAAc7C,EAAS,SAAA,EAAW,IAAA,CAAM8C,GAAMA,CAAAA,CAAE,GAAA,GAAQF,CAAG,CAAA,CACjE,GAAI,CAACC,CAAAA,CACJ,MAAM,IAAI,KAAA,CAAM,YAAYD,CAAG,CAAA,+BAAA,CAAiC,EAIjE,OAAO,CACN,SAAU,CACT,CACC,IAAAA,CAAAA,CACA,QAAA,CAAUC,EAAY,QAAA,EAAY,kBAAA,CAClC,KAAM,IAAA,CAAK,SAAA,CAAUA,EAAa,IAAA,CAAM,CAAC,CAC1C,CACD,CACD,CACD,CAEO,eAA+D,CACrE,OAAO,KAAK,UACb,CAKA,MAAa,KAAA,EAAuB,CAC/B,KAAK,QAAA,EACR,MAAM,KAAK,QAAA,CAAS,IAAA,GAEtB,CACD","file":"chunk-T3L6OCM3.js","sourcesContent":["import * as grpc from \"@grpc/grpc-js\";\nimport { liopV1 } from \"./proto.js\";\nimport { createChannelCredentials, type LiopTlsOptions } from \"./tls.js\";\nimport type {\n\tIntentRequest,\n\tIntentResponse,\n\tLogicRequest,\n\tLogicResponse,\n} from \"./types.js\";\n\n/**\n * LIOP gRPC Client Implementation\n * Provides a high-level interface for secure intent negotiation and logic execution.\n */\nexport class LiopRpcClient {\n\t// biome-ignore lint/suspicious/noExplicitAny: internal gRPC client type\n\tprivate client: any;\n\tprivate token?: string;\n\n\tconstructor(address: string, tls?: LiopTlsOptions, token?: string) {\n\t\tconst credentials = createChannelCredentials(tls);\n\t\tthis.client = new liopV1.LogicMesh(address, credentials);\n\t\tthis.token = token;\n\t}\n\n\t/**\n\t * Negotiates intent with the remote host.\n\t * Returns the ephemeral Kyber public key for payload encryption.\n\t */\n\tpublic async negotiateIntent(\n\t\trequest: IntentRequest,\n\t): Promise<IntentResponse> {\n\t\treturn new Promise((resolve, reject) => {\n\t\t\tconst metadata = new grpc.Metadata();\n\t\t\tif (this.token) {\n\t\t\t\tmetadata.add(\"authorization\", `Bearer ${this.token}`);\n\t\t\t}\n\t\t\tthis.client.NegotiateIntent(\n\t\t\t\trequest,\n\t\t\t\tmetadata,\n\t\t\t\t(error: grpc.ServiceError | null, response: IntentResponse) => {\n\t\t\t\t\tif (error) {\n\t\t\t\t\t\treject(error);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tresolve(response);\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t);\n\t\t});\n\t}\n\n\t/**\n\t * Pushes the encrypted Logic-on-Origin payload to the origin.\n\t * Returns a stream of semantic responses and ZK proofs.\n\t */\n\tpublic executeLogic(\n\t\trequest: LogicRequest,\n\t): grpc.ClientReadableStream<LogicResponse> {\n\t\tconst metadata = new grpc.Metadata();\n\t\tif (this.token) {\n\t\t\tmetadata.add(\"authorization\", `Bearer ${this.token}`);\n\t\t}\n\t\treturn this.client.ExecuteLogic(request, metadata);\n\t}\n\n\tpublic close(): void {\n\t\tthis.client.close();\n\t}\n}\n","import { createCipheriv, createDecipheriv, randomBytes } from \"node:crypto\";\n\n/**\n * LIOP Symmetric Payload Encryption Wrapper\n * Uses AES-256-GCM to secure WASM Code transport over Zero-Trust networks.\n * Fully compatible with the `aes-gcm` Rust crate used by Wasmtime.\n */\nexport const AesGcmWrapper = {\n\t/**\n\t * Encrypts a raw WASM payload using the shared secret negotiated via Kyber768.\n\t *\n\t * @param payload Raw incoming WASM byte array or string.\n\t * @param sharedSecret A perfectly derived 32-byte (256-bit) shared secret array\n\t * @returns The encrypted buffer to push to the GRPc stream, along with the 12-byte initialization vector natively generated.\n\t */\n\tencryptPayload(\n\t\tpayload: Uint8Array | Buffer,\n\t\tsharedSecret: Uint8Array,\n\t): {\n\t\tciphertext: Buffer;\n\t\tnonce: Buffer;\n\t} {\n\t\tif (sharedSecret.length !== 32) {\n\t\t\tthrow new Error(\"Symmetric Key must be exactly 32 bytes (256 bits).\");\n\t\t}\n\n\t\t// LIOP standard demands 96-bit (12 byte) IVs/Nonces for AES-GCM\n\t\tconst nonce = randomBytes(12);\n\n\t\tconst cipher = createCipheriv(\"aes-256-gcm\", sharedSecret, nonce);\n\n\t\t// Encrypt the payload and seal the tag\n\t\tconst encrypted = Buffer.concat([cipher.update(payload), cipher.final()]);\n\t\tconst authTag = cipher.getAuthTag(); // 16 bytes for GCM integrity\n\n\t\t// In LIOP, the auth tag is strictly appended to the end of the ciphertext bytes\n\t\t// mirroring the default serialization logic within `aes_gcm::Aes256Gcm` in Rust\n\t\tconst finalCiphertext = Buffer.concat([encrypted, authTag]);\n\n\t\treturn {\n\t\t\tciphertext: finalCiphertext,\n\t\t\tnonce: nonce,\n\t\t};\n\t},\n\n\t/**\n\t * Decrypts a remote Zero-Knowledge receipt using AES-256-GCM.\n\t */\n\tdecryptPayload(\n\t\tciphertextBuffer: Buffer,\n\t\tnonce: Buffer,\n\t\tsharedSecret: Uint8Array,\n\t): Buffer {\n\t\tif (ciphertextBuffer.length < 16) {\n\t\t\tthrow new Error(\n\t\t\t\t\"Invalid GCM Ciphertext; missing authentication tag length\",\n\t\t\t);\n\t\t}\n\n\t\t// The last 16 bytes represent the AuthTag appended by rust-aes-gcm\n\t\tconst encryptedData = ciphertextBuffer.subarray(0, -16);\n\t\tconst authTag = ciphertextBuffer.subarray(-16);\n\n\t\tconst decipher = createDecipheriv(\"aes-256-gcm\", sharedSecret, nonce);\n\t\tdecipher.setAuthTag(authTag);\n\n\t\treturn Buffer.concat([decipher.update(encryptedData), decipher.final()]);\n\t},\n};\n","import { LiopVerifier } from \"../crypto/verifier.js\";\nimport {\n\ttype LiopManifest,\n\tMeshNode,\n\ttype MeshNodeConfig,\n} from \"../mesh/node.js\";\nimport { LiopRpcClient } from \"../rpc/client.js\";\nimport { AesGcmWrapper } from \"../rpc/crypto/aes.js\";\nimport { Kyber768Wrapper } from \"../rpc/crypto/kyber.js\";\nimport type { LiopTlsOptions } from \"../rpc/tls.js\";\nimport type { LogicRequest, LogicResponse } from \"../rpc/types.js\";\nimport type { CallToolRequest, CallToolResult } from \"../types.js\";\nimport { log } from \"../utils/logger.js\";\n\n/**\n * LIOP Client\n * High-level orchestration for discovery and execution in the Logic-Injection-on-Origin mesh.\n */\nexport class LiopClient {\n\tprivate meshNode: MeshNode | null = null;\n\tprivate rpcClients: Map<string, LiopRpcClient> = new Map();\n\tprivate manifests: Map<string, LiopManifest> = new Map();\n\tprivate tlsOptions?: LiopTlsOptions;\n\tprivate serverInfo?: { name: string; version: string };\n\tpublic verifier: LiopVerifier = new LiopVerifier();\n\tprivate oauthToken?: string;\n\n\tconstructor(tls?: LiopTlsOptions) {\n\t\tthis.tlsOptions = tls;\n\t}\n\n\t/**\n\t * Requests an M2M access token from the Nexus Authorization Server using Client Credentials.\n\t */\n\tprivate async acquireM2MToken(authOpts: {\n\t\tclientId: string;\n\t\tclientSecret: string;\n\t\tnexusUrl: string;\n\t\taudience: string;\n\t\tscope?: string;\n\t}): Promise<string> {\n\t\tconst baseUrl = authOpts.nexusUrl.endsWith(\"/oidc\")\n\t\t\t? authOpts.nexusUrl\n\t\t\t: `${authOpts.nexusUrl}/oidc`;\n\t\tconst tokenUrl = `${baseUrl}/token`;\n\t\tlog.info(`[LiopClient] Requesting M2M Token from Nexus AS: ${tokenUrl}`);\n\n\t\tconst params = new URLSearchParams({\n\t\t\tgrant_type: \"client_credentials\",\n\t\t\tscope:\n\t\t\t\tauthOpts.scope ||\n\t\t\t\t\"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query\",\n\t\t\tresource: authOpts.audience,\n\t\t\tclient_id: authOpts.clientId,\n\t\t\tclient_secret: authOpts.clientSecret,\n\t\t});\n\n\t\tconst response = await fetch(tokenUrl, {\n\t\t\tmethod: \"POST\",\n\t\t\theaders: {\n\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t},\n\t\t\tbody: params.toString(),\n\t\t});\n\n\t\tif (!response.ok) {\n\t\t\tconst text = await response.text();\n\t\t\tthrow new Error(\n\t\t\t\t`OAuth token request failed with status ${response.status}: ${text}`,\n\t\t\t);\n\t\t}\n\n\t\tconst data = (await response.json()) as {\n\t\t\taccess_token: string;\n\t\t\texpires_in?: number;\n\t\t};\n\t\tif (!data.access_token) {\n\t\t\tthrow new Error(\"OAuth token response did not contain an access_token.\");\n\t\t}\n\n\t\tlog.info(\"[LiopClient] M2M Token acquired successfully.\");\n\t\treturn data.access_token;\n\t}\n\n\t/**\n\t * Discovers and connects to the target server or mesh capability.\n\t * If address is omitted, it sets up the MeshNode to act purely dynamically.\n\t */\n\tpublic async connect(\n\t\taddress?: string,\n\t\toptions?: {\n\t\t\tmeshConfig?: MeshNodeConfig;\n\t\t\tauth?: {\n\t\t\t\tclientId?: string;\n\t\t\t\tclientSecret?: string;\n\t\t\t\tnexusUrl?: string;\n\t\t\t\taudience?: string;\n\t\t\t\tscope?: string;\n\t\t\t\ttoken?: string;\n\t\t\t};\n\t\t},\n\t): Promise<void> {\n\t\t// Attempt to acquire OAuth M2M access token if credentials are provided\n\t\tconst clientId =\n\t\t\toptions?.auth?.clientId ||\n\t\t\tprocess.env.LIOP_OAUTH_CLIENT_ID ||\n\t\t\tprocess.env.LIOP_CLIENT_ID;\n\t\tconst clientSecret =\n\t\t\toptions?.auth?.clientSecret ||\n\t\t\tprocess.env.LIOP_OAUTH_CLIENT_SECRET ||\n\t\t\tprocess.env.LIOP_CLIENT_SECRET;\n\t\tconst nexusUrl =\n\t\t\toptions?.auth?.nexusUrl ||\n\t\t\tprocess.env.LIOP_NEXUS_URL ||\n\t\t\t\"http://localhost:3000\";\n\t\tconst audience =\n\t\t\toptions?.auth?.audience ||\n\t\t\tprocess.env.LIOP_OAUTH_AUDIENCE ||\n\t\t\t\"urn:liop:mesh:api\";\n\t\tconst scope =\n\t\t\toptions?.auth?.scope ||\n\t\t\tprocess.env.LIOP_OAUTH_SCOPE ||\n\t\t\t\"liop:tools:call liop:tools:list liop:resources:read liop:schema:read liop:mesh:query\";\n\n\t\tthis.oauthToken =\n\t\t\toptions?.auth?.token ||\n\t\t\tprocess.env.LIOP_OAUTH_TOKEN ||\n\t\t\tprocess.env.LIOP_TOKEN;\n\n\t\tif (clientId && clientSecret) {\n\t\t\ttry {\n\t\t\t\tthis.oauthToken = await this.acquireM2MToken({\n\t\t\t\t\tclientId,\n\t\t\t\t\tclientSecret,\n\t\t\t\t\tnexusUrl,\n\t\t\t\t\taudience,\n\t\t\t\t\tscope,\n\t\t\t\t});\n\t\t\t} catch (err: unknown) {\n\t\t\t\tlog.error(\n\t\t\t\t\t`[LiopClient] Failed to acquire OAuth M2M Token: ${\n\t\t\t\t\t\terr instanceof Error ? err.message : String(err)\n\t\t\t\t\t}`,\n\t\t\t\t);\n\t\t\t\t// In development or when using static local token, allow connection to proceed\n\t\t\t}\n\t\t}\n\n\t\tthis.meshNode = new MeshNode(options?.meshConfig);\n\t\tawait this.meshNode.start();\n\t\tlog.info(\n\t\t\t`[LiopClient] Mesh Node synchronized. PeerID: ${this.meshNode.getPeerId()}`,\n\t\t);\n\n\t\tif (address) {\n\t\t\tthis.rpcClients.set(\n\t\t\t\t\"static\",\n\t\t\t\tnew LiopRpcClient(address, this.tlsOptions, this.oauthToken),\n\t\t\t);\n\t\t\tthis.serverInfo = { name: `LiopServer (${address})`, version: \"1.0.0\" };\n\t\t\tlog.info(`[LiopClient] Static gRPC configured for: ${address}`);\n\t\t} else {\n\t\t\tthis.serverInfo = { name: \"LiopServer (Mesh Alpha)\", version: \"1.0.0\" };\n\t\t}\n\t}\n\n\t/**\n\t * Dynamically queries Kademlia DHT to find the optimal PeerID providing the Capability\n\t * and returns the physical gRPC target (host:port) resolved from the provider's manifest.\n\t */\n\tpublic async resolveCapability(toolName: string): Promise<string> {\n\t\tif (!this.meshNode)\n\t\t\tthrow new Error(\n\t\t\t\t\"Client must be connected to Mesh to resolve capabilities.\",\n\t\t\t);\n\n\t\tlog.info(`[LiopClient] Querying Mesh DHT for Provider: ${toolName}...`);\n\t\tconst providers = await this.meshNode.findProviders(toolName);\n\n\t\tif (providers.length === 0) {\n\t\t\tthrow new Error(\n\t\t\t\t`Kademlia DHT found zero providers for capability: ${toolName}`,\n\t\t\t);\n\t\t}\n\n\t\tconst providerId = providers[0];\n\t\tlog.info(`[LiopClient] Identified Alpha Provider PeerID: ${providerId}`);\n\n\t\tlet grpcPort = 50051;\n\t\tconst manifest = await this.meshNode.queryManifest(providerId);\n\t\tif (manifest) {\n\t\t\tgrpcPort = manifest.grpcPort;\n\t\t\tlog.info(`[LiopClient] Manifest resolved: gRPC port ${grpcPort}`);\n\t\t}\n\n\t\tconst addrs = await this.meshNode.resolvePeer(providerId);\n\t\tfor (const maddr of addrs) {\n\t\t\tconst parts = maddr.split(\"/\");\n\t\t\tif (parts[1] === \"ip4\") {\n\t\t\t\tconst grpcHost = `${parts[2]}:${grpcPort}`;\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LiopClient] Translated Multiaddr to gRPC Target: ${grpcHost}`,\n\t\t\t\t);\n\t\t\t\treturn grpcHost;\n\t\t\t}\n\t\t}\n\n\t\treturn `127.0.0.1:${grpcPort}`;\n\t}\n\n\t/**\n\t * Discovers remote capabilities via the LIOP Manifest Protocol.\n\t */\n\tpublic async discoverTools(): Promise<\n\t\t{ name: string; description?: string }[]\n\t> {\n\t\tif (!this.meshNode) {\n\t\t\tthrow new Error(\"Client must be connected before discovering tools.\");\n\t\t}\n\n\t\tlog.info(`[LiopClient] Discovery started...`);\n\t\tconst providerIds = await this.meshNode.discoverManifestProviders();\n\t\tconst tools: { name: string; description?: string }[] = [];\n\t\tconst seenNames = new Set<string>();\n\n\t\tfor (const peerId of providerIds) {\n\t\t\ttry {\n\t\t\t\tlog.info(`[LiopClient] Querying manifest from: ${peerId}`);\n\t\t\t\tconst manifest = await this.meshNode.queryManifest(peerId);\n\t\t\t\tif (manifest) {\n\t\t\t\t\tthis.manifests.set(peerId, manifest);\n\t\t\t\t\tfor (const tool of manifest.tools) {\n\t\t\t\t\t\tif (!seenNames.has(tool.name)) {\n\t\t\t\t\t\t\ttools.push({ name: tool.name, description: tool.description });\n\t\t\t\t\t\t\tseenNames.add(tool.name);\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t} catch (err: unknown) {\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LiopClient] Error querying manifest from ${peerId}:`,\n\t\t\t\t\terr instanceof Error ? err.message : String(err),\n\t\t\t\t);\n\t\t\t}\n\t\t}\n\n\t\tlog.info(\n\t\t\t`[LiopClient] Discovery finished. Found ${tools.length} unique tools.`,\n\t\t);\n\t\treturn tools;\n\t}\n\n\t/**\n\t * Invokes a tool.\n\t */\n\tpublic async callTool(\n\t\trequest: CallToolRequest,\n\t\t_wasmPayload?: Buffer,\n\t): Promise<CallToolResult> {\n\t\tif (!this.meshNode) {\n\t\t\tthrow new Error(\"Client must be connected before calling tools.\");\n\t\t}\n\n\t\tconst toolName = request.name;\n\t\tlog.info(`[LiopClient] Resolving Tool: ${toolName}`);\n\n\t\t// [ALPHA-FIX] Bypass DHT discovery if we are already statically connected to a provider (Enterprise/Test mode)\n\t\tlet rpcClient = this.rpcClients.get(\"static\");\n\n\t\tif (!rpcClient) {\n\t\t\tconst dynamicAddress = await this.resolveCapability(toolName);\n\t\t\trpcClient = this.getOrCreateRpcClient(toolName, dynamicAddress);\n\t\t} else {\n\t\t\tlog.info(\n\t\t\t\t`[LiopClient] Using existing static gRPC connection for ${toolName}.`,\n\t\t\t);\n\t\t}\n\n\t\tlog.info(`[LiopClient] Negotiating intent for ${toolName}...`);\n\t\tconst agentDid = this.meshNode\n\t\t\t? `did:liop:${this.meshNode.getPeerId()}`\n\t\t\t: \"did:liop:ephemeral\";\n\t\tconst intentPayload = Buffer.from(`${toolName}:${Date.now()}`);\n\t\tconst proofOfIntent = this.meshNode\n\t\t\t? await this.meshNode.sign(intentPayload)\n\t\t\t: intentPayload;\n\n\t\tconst intentResponse = (await rpcClient.negotiateIntent({\n\t\t\tagent_did: agentDid,\n\t\t\tcapability_hash: toolName,\n\t\t\tproof_of_intent: proofOfIntent,\n\t\t})) as unknown as {\n\t\t\taccepted: boolean;\n\t\t\terror_message: string;\n\t\t\tkyber_public_key: Uint8Array;\n\t\t\tkyberPublicKey: Uint8Array;\n\t\t\tsession_token: string;\n\t\t\tsessionToken: string;\n\t\t};\n\n\t\tif (!intentResponse.accepted) {\n\t\t\tthrow new Error(`Intent denied by host: ${intentResponse.error_message}`);\n\t\t}\n\n\t\t// LIOP Robust Field Extraction (Supports both snake_case and camelCase via gRPC-JS)\n\t\tconst publicKey =\n\t\t\tintentResponse.kyber_public_key || intentResponse.kyberPublicKey;\n\t\tconst sessionToken =\n\t\t\tintentResponse.session_token || intentResponse.sessionToken;\n\n\t\tif (!publicKey) {\n\t\t\tlog.info(\n\t\t\t\t\"[LiopClient] Critical Error: Kyber Public Key not found in IntentResponse.\",\n\t\t\t\tintentResponse,\n\t\t\t);\n\t\t\tthrow new Error(\n\t\t\t\t\"Handshake failed: Remote host did not provide a valid Kyber Public Key.\",\n\t\t\t);\n\t\t}\n\n\t\t// 2. Post-Quantum Encapsulation (ML-KEM-768)\n\t\tlog.info(\n\t\t\t`[LiopClient] Encapsulating Post-Quantum Shared Secret for ${request.name}...`,\n\t\t);\n\t\tconst { ciphertext: kyberCiphertext, sharedSecret } =\n\t\t\tawait Kyber768Wrapper.encapsulateAsymmetric(publicKey);\n\n\t\t// 3. Symmetric Sealing (AES-256-GCM)\n\t\tlog.info(`[LiopClient] Sealing WASM Payload and Inputs...`);\n\n\t\tconst _safePayload = _wasmPayload || Buffer.from(\"\");\n\n\t\t// Encrypt WASM binary\n\t\tconst { ciphertext: encryptedWasm, nonce: aesNonce } =\n\t\t\tAesGcmWrapper.encryptPayload(_safePayload, sharedSecret);\n\n\t\t// Encrypt inputs using a fresh random nonce per input to prevent AES-GCM nonce reuse\n\t\tconst encryptedInputs: Record<string, Uint8Array> = {};\n\t\tconst crypto = await import(\"node:crypto\");\n\t\tfor (const [key, value] of Object.entries(request.arguments || {})) {\n\t\t\tconst inputNonce = crypto.randomBytes(12);\n\t\t\tconst cipher = crypto.createCipheriv(\n\t\t\t\t\"aes-256-gcm\",\n\t\t\t\tsharedSecret,\n\t\t\t\tinputNonce,\n\t\t\t);\n\t\t\tconst encrypted = Buffer.concat([\n\t\t\t\tcipher.update(JSON.stringify(value)),\n\t\t\t\tcipher.final(),\n\t\t\t]);\n\t\t\tconst authTag = cipher.getAuthTag();\n\t\t\t// Prepend the 12-byte nonce to the ciphertext\n\t\t\tencryptedInputs[key] = Buffer.concat([inputNonce, encrypted, authTag]);\n\t\t}\n\n\t\t// 4. Assemble and Execute gRPC LogicRequest\n\t\tconst logicRequest: LogicRequest = {\n\t\t\tsession_token: sessionToken,\n\t\t\twasm_binary: encryptedWasm,\n\t\t\tinputs: encryptedInputs,\n\t\t\tpqc_ciphertext: kyberCiphertext,\n\t\t\taes_nonce: aesNonce,\n\t\t};\n\n\t\treturn new Promise((resolve, reject) => {\n\t\t\tconst stream = rpcClient.executeLogic(logicRequest);\n\t\t\tif (!stream) {\n\t\t\t\treject(new Error(\"RPC Client unavailable or failed to create stream.\"));\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tlet resultFulfilled = false;\n\t\t\tlet hasReceivedData = false;\n\n\t\t\tstream.on(\"data\", async (response: LogicResponse) => {\n\t\t\t\tif (resultFulfilled) return;\n\t\t\t\thasReceivedData = true;\n\n\t\t\t\tlog.info(\"[LiopClient] Logic Executed. Verification in progress...\");\n\n\t\t\t\ttry {\n\t\t\t\t\t// Only verify ZK-Receipt if the remote execution succeeded.\n\t\t\t\t\t// If the remote execution failed due to a policy error (e.g. Egress Shield),\n\t\t\t\t\t// the ZK proof is empty and we should bypass validation to propagate the original error.\n\t\t\t\t\tif (!response.is_error) {\n\t\t\t\t\t\tconst isValid = await this.verifier.verifyZkReceipt(\n\t\t\t\t\t\t\t_safePayload,\n\t\t\t\t\t\t\tBuffer.from(response.cryptographic_proof).toString(\"hex\"),\n\t\t\t\t\t\t\tBuffer.from(response.zk_receipt),\n\t\t\t\t\t\t\tBuffer.from(sharedSecret),\n\t\t\t\t\t\t\tresponse.semantic_evidence,\n\t\t\t\t\t\t);\n\n\t\t\t\t\t\tif (!isValid) {\n\t\t\t\t\t\t\treject(\n\t\t\t\t\t\t\t\tnew Error(\n\t\t\t\t\t\t\t\t\t\"PROTOCOL INTEGRITY VIOLATION: ZK-Receipt verification failed.\",\n\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t);\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\n\t\t\t\t\tresultFulfilled = true;\n\t\t\t\t\tresolve({\n\t\t\t\t\t\tcontent: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\ttype: \"text\",\n\t\t\t\t\t\t\t\ttext: response.semantic_evidence,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t\tisError: response.is_error,\n\t\t\t\t\t});\n\t\t\t\t} catch (err) {\n\t\t\t\t\treject(err);\n\t\t\t\t}\n\t\t\t});\n\n\t\t\tstream.on(\"error\", (err) => {\n\t\t\t\tif (resultFulfilled) return;\n\t\t\t\tlog.error(\"[LiopClient] Stream Error:\", err);\n\t\t\t\treject(err);\n\t\t\t});\n\n\t\t\tstream.on(\"end\", () => {\n\t\t\t\t// We don't throw here if we already received a response block that is currently\n\t\t\t\t// undergoing ZK Verification in the Piscina worker pool.\n\t\t\t\tif (!hasReceivedData && !resultFulfilled) {\n\t\t\t\t\treject(new Error(\"Logic-on-Origin stream closed without results.\"));\n\t\t\t\t}\n\t\t\t});\n\t\t});\n\t}\n\n\tprivate getOrCreateRpcClient(peerId: string, address: string): LiopRpcClient {\n\t\tlet client = this.rpcClients.get(peerId);\n\t\tif (!client) {\n\t\t\tlet nodeToken = this.oauthToken;\n\n\t\t\tlet manifest = this.manifests.get(peerId);\n\t\t\tlet realPeerId = peerId;\n\n\t\t\t// If peerId is actually a toolName (which happens when called from callTool),\n\t\t\t// resolve the real PeerID and its manifest from the manifest cache.\n\t\t\tif (!manifest) {\n\t\t\t\tfor (const [pId, m] of this.manifests.entries()) {\n\t\t\t\t\tif (m.tools.some((t) => t.name === peerId)) {\n\t\t\t\t\t\tmanifest = m;\n\t\t\t\t\t\trealPeerId = pId;\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst providerName = manifest?.serverInfo?.name?.toLowerCase() || \"\";\n\t\t\tlet envToken: string | undefined;\n\n\t\t\t// 0. Deterministic tokenSlug resolution (highest priority, zero heuristic)\n\t\t\tconst slug = manifest?.tokenSlug;\n\t\t\tif (slug) {\n\t\t\t\tenvToken =\n\t\t\t\t\tprocess.env[`LIOP_TOKEN_${slug}`] ||\n\t\t\t\t\tprocess.env[`LIOP_OAUTH_TOKEN_${slug}`];\n\t\t\t}\n\n\t\t\t// 1. PeerID-specific resolution: LIOP_TOKEN_<last 8 chars of PeerID in uppercase>\n\t\t\tif (!envToken && realPeerId) {\n\t\t\t\tconst shortId = realPeerId.slice(-8).toUpperCase();\n\t\t\t\tenvToken =\n\t\t\t\t\tprocess.env[`LIOP_TOKEN_${shortId}`] ||\n\t\t\t\t\tprocess.env[`LIOP_OAUTH_TOKEN_${shortId}`];\n\t\t\t}\n\n\t\t\t// 2. Provider-name resolution: LIOP_TOKEN_<CLEAN_PROVIDER_NAME_UPPERCASE>\n\t\t\tif (!envToken && providerName) {\n\t\t\t\tconst cleanName = providerName\n\t\t\t\t\t.toUpperCase()\n\t\t\t\t\t.replace(/[^A-Z0-9_]/g, \"_\");\n\t\t\t\tenvToken =\n\t\t\t\t\tprocess.env[`LIOP_TOKEN_${cleanName}`] ||\n\t\t\t\t\tprocess.env[`LIOP_OAUTH_TOKEN_${cleanName}`];\n\t\t\t}\n\n\t\t\tif (envToken) {\n\t\t\t\tlog.info(\n\t\t\t\t\t`[LiopClient] Resolved node-specific token for peer ${realPeerId.slice(-8)} (${providerName || \"unknown\"})`,\n\t\t\t\t);\n\t\t\t\tnodeToken = envToken;\n\t\t\t}\n\n\t\t\tclient = new LiopRpcClient(address, this.tlsOptions, nodeToken);\n\t\t\tthis.rpcClients.set(peerId, client);\n\t\t}\n\t\treturn client;\n\t}\n\n\t/**\n\t * Reads a specific resource by URI.\n\t * In LIOP, resources can be static definitions or dynamic streams.\n\t */\n\tpublic async readResource(uri: string): Promise<{\n\t\tcontents: Array<{ uri: string; mimeType?: string; text: string }>;\n\t}> {\n\t\tif (!this.meshNode) {\n\t\t\tthrow new Error(\"Client must be connected before reading resources.\");\n\t\t}\n\t\tlog.info(`[LiopClient] Querying Mesh for Resource: ${uri}...`);\n\n\t\t// We search for the peer hosting the resource in the P2P Mesh\n\t\tconst providers = await this.meshNode.findProviders(uri);\n\t\tif (providers.length === 0) {\n\t\t\tthrow new Error(`No mesh providers found for resource: ${uri}`);\n\t\t}\n\n\t\t// Query the remote peer's manifest\n\t\tconst manifest = await this.meshNode.queryManifest(providers[0]);\n\t\tif (!manifest) {\n\t\t\tthrow new Error(\"Target peer did not return a valid LIOP Manifest.\");\n\t\t}\n\n\t\t// Locate the exact resource metadata\n\t\tconst resourceDef = manifest.resources?.find((r) => r.uri === uri);\n\t\tif (!resourceDef) {\n\t\t\tthrow new Error(`Resource ${uri} not listed in remote manifest.`);\n\t\t}\n\n\t\t// Return the declarative metadata (Logic-Injection is required for actual data extraction)\n\t\treturn {\n\t\t\tcontents: [\n\t\t\t\t{\n\t\t\t\t\turi,\n\t\t\t\t\tmimeType: resourceDef.mimeType || \"application/json\",\n\t\t\t\t\ttext: JSON.stringify(resourceDef, null, 2),\n\t\t\t\t},\n\t\t\t],\n\t\t};\n\t}\n\n\tpublic getServerInfo(): { name: string; version: string } | undefined {\n\t\treturn this.serverInfo;\n\t}\n\n\t/**\n\t * Destroys the active Mesh Node resources.\n\t */\n\tpublic async close(): Promise<void> {\n\t\tif (this.meshNode) {\n\t\t\tawait this.meshNode.stop();\n\t\t}\n\t}\n}\n"]}