@orkify/cli 1.0.0-beta.5

package/dist/mcp/auth.js

@@ -0,0 +1,245 @@
+import { InvalidTokenError } from '@modelcontextprotocol/sdk/server/auth/errors.js';
+import { createHash, randomBytes, timingSafeEqual } from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, statSync, watchFile, writeFileSync } from 'node:fs';
+import { BlockList, isIPv4 } from 'node:net';
+import { dirname } from 'node:path';
+import { parse as parseYaml, stringify as stringifyYaml } from 'yaml';
+import { z } from 'zod';
+import { MCP_CONFIG_FILE, MCP_TOKEN_PREFIX } from '../constants.js';
+/**
+ * Valid MCP tool names — kept in sync with tools registered in server.ts.
+ */
+export const TOOL_NAMES = [
+    'list',
+    'logs',
+    'snap',
+    'listAllUsers',
+    'up',
+    'down',
+    'restart',
+    'reload',
+    'delete',
+    'restore',
+    'kill',
+];
+// Zod schemas
+const mcpKeySchema = z.object({
+    name: z.string().min(1),
+    token: z.string().startsWith(MCP_TOKEN_PREFIX),
+    tools: z.array(z.string()),
+    allowedIps: z.array(z.string()).optional(),
+});
+const mcpConfigSchema = z.object({
+    keys: z.array(mcpKeySchema).default([]),
+});
+// In-memory config cache
+let cachedConfig = null;
+let watching = false;
+/**
+ * Load and validate the MCP config from ~/.orkify/mcp.yml.
+ * Returns cached version if available; cache is invalidated on SIGHUP or file change.
+ */
+export function loadMcpConfig(configPath = MCP_CONFIG_FILE) {
+    if (cachedConfig && configPath === MCP_CONFIG_FILE)
+        return cachedConfig;
+    let raw;
+    try {
+        const content = readFileSync(configPath, 'utf8');
+        raw = parseYaml(content);
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            const empty = { keys: [] };
+            if (configPath === MCP_CONFIG_FILE)
+                cachedConfig = empty;
+            return empty;
+        }
+        throw err;
+    }
+    const config = mcpConfigSchema.parse(raw);
+    if (configPath === MCP_CONFIG_FILE)
+        cachedConfig = config;
+    return config;
+}
+/**
+ * Start watching the config file for changes and listen for SIGHUP to reload.
+ * Called once when the HTTP server starts.
+ */
+export function startConfigWatcher() {
+    if (watching)
+        return;
+    watching = true;
+    // Reload on SIGHUP
+    process.on('SIGHUP', () => {
+        cachedConfig = null;
+        console.error('MCP config cache cleared (SIGHUP)');
+    });
+    // Reload on file change. watchFile uses stat polling, so it works even if
+    // the file doesn't exist yet — the callback fires when the file is created.
+    watchFile(MCP_CONFIG_FILE, { interval: 2000 }, () => {
+        cachedConfig = null;
+    });
+}
+/**
+ * Token verifier that reads keys from the local YAML config.
+ * Implements the MCP SDK's OAuthTokenVerifier interface.
+ */
+export class LocalConfigVerifier {
+    configPath;
+    constructor(configPath = MCP_CONFIG_FILE) {
+        this.configPath = configPath;
+    }
+    async verifyAccessToken(token) {
+        const config = loadMcpConfig(this.configPath);
+        const tokenBuf = Buffer.from(token);
+        for (const key of config.keys) {
+            const keyBuf = Buffer.from(key.token);
+            if (tokenBuf.length === keyBuf.length && timingSafeEqual(tokenBuf, keyBuf)) {
+                return {
+                    token,
+                    clientId: key.name,
+                    scopes: key.tools,
+                    // Static local tokens don't expire — this satisfies the AuthInfo interface.
+                    expiresAt: Math.floor(Date.now() / 1000) + 365 * 24 * 3600,
+                };
+            }
+        }
+        throw new InvalidTokenError('Invalid or unknown token');
+    }
+}
+/**
+ * Token verifier that reads keys from the remote ProjectConfig via ConfigStore.
+ * Matches tokens by SHA-256 hash (the dashboard stores hashes, not raw tokens).
+ */
+export class RemoteConfigVerifier {
+    configStore;
+    constructor(configStore) {
+        this.configStore = configStore;
+    }
+    async verifyAccessToken(token) {
+        const hash = createHash('sha256').update(token).digest('hex');
+        const hashBuf = Buffer.from(hash);
+        const mcpConfig = this.configStore.getMcpConfig();
+        for (const key of mcpConfig.keys) {
+            const keyBuf = Buffer.from(key.key_hash);
+            if (hashBuf.length === keyBuf.length && timingSafeEqual(hashBuf, keyBuf)) {
+                return {
+                    token,
+                    clientId: key.name,
+                    scopes: key.tools,
+                    expiresAt: Math.floor(Date.now() / 1000) + 365 * 24 * 3600,
+                };
+            }
+        }
+        throw new InvalidTokenError('Invalid or unknown token');
+    }
+    getAllowedIpsForToken(token) {
+        const hash = createHash('sha256').update(token).digest('hex');
+        const mcpConfig = this.configStore.getMcpConfig();
+        for (const key of mcpConfig.keys) {
+            if (hash === key.key_hash) {
+                return key.allowed_ips.length > 0 ? key.allowed_ips : undefined;
+            }
+        }
+        return undefined;
+    }
+}
+/**
+ * Generate a new MCP token: prefix + 48 hex chars (24 random bytes).
+ */
+export function generateToken() {
+    return MCP_TOKEN_PREFIX + randomBytes(24).toString('hex');
+}
+/**
+ * Append a new key to the MCP config file.
+ * Creates the file with 0o600 permissions if it doesn't exist.
+ */
+export function appendKeyToConfig(key, configPath = MCP_CONFIG_FILE) {
+    const dir = dirname(configPath);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    let config;
+    try {
+        config = loadMcpConfig(configPath);
+    }
+    catch (err) {
+        console.error('Failed to load MCP config, starting fresh:', err.message);
+        config = { keys: [] };
+    }
+    config.keys.push(key);
+    const yaml = stringifyYaml(config);
+    if (!existsSync(configPath)) {
+        // Create with restrictive permissions (owner-only)
+        writeFileSync(configPath, yaml, { mode: 0o600 });
+    }
+    else {
+        writeFileSync(configPath, yaml);
+    }
+    // Invalidate cache so next load picks up the new key
+    if (configPath === MCP_CONFIG_FILE) {
+        cachedConfig = null;
+    }
+}
+/**
+ * Warn to stderr if the MCP config file has permissions more open than 0600.
+ * Skipped on Windows where Unix mode bits don't apply.
+ */
+export function warnIfConfigInsecure(configPath = MCP_CONFIG_FILE) {
+    if (process.platform === 'win32')
+        return;
+    try {
+        const mode = statSync(configPath).mode & 0o777;
+        if (mode !== 0o600) {
+            console.error(`Warning: ${configPath} has mode 0${mode.toString(8)} — expected 0600. ` +
+                'Other users may be able to read your MCP tokens.');
+        }
+    }
+    catch {
+        // File doesn't exist or can't stat — nothing to warn about
+    }
+}
+/**
+ * Strip the `::ffff:` prefix from IPv4-mapped IPv6 addresses.
+ * Express may report `::ffff:127.0.0.1` for IPv4 clients.
+ */
+export function normalizeIp(ip) {
+    if (ip.startsWith('::ffff:')) {
+        const v4 = ip.slice(7);
+        if (isIPv4(v4))
+            return v4;
+    }
+    return ip;
+}
+/**
+ * Check if a client IP is allowed by the key's `allowedIps` list.
+ * Returns `true` if `allowedIps` is absent or empty (all IPs allowed).
+ * Uses Node.js `BlockList` as an allowlist — `check()` returns `true` for listed IPs.
+ */
+export function isIpAllowed(clientIp, allowedIps) {
+    if (!allowedIps || allowedIps.length === 0)
+        return true;
+    const normalized = normalizeIp(clientIp);
+    const list = new BlockList();
+    for (const entry of allowedIps) {
+        if (entry.includes('/')) {
+            const [prefix, bits] = entry.split('/');
+            const type = isIPv4(prefix) ? 'ipv4' : 'ipv6';
+            list.addSubnet(prefix, Number(bits), type);
+        }
+        else {
+            const type = isIPv4(entry) ? 'ipv4' : 'ipv6';
+            list.addAddress(entry, type);
+        }
+    }
+    const type = isIPv4(normalized) ? 'ipv4' : 'ipv6';
+    return list.check(normalized, type);
+}
+/**
+ * Look up a key by name from the config.
+ */
+export function findKeyByName(name, configPath) {
+    const config = configPath ? loadMcpConfig(configPath) : loadMcpConfig();
+    return config.keys.find((k) => k.name === name);
+}
+//# sourceMappingURL=auth.js.map

package/dist/mcp/http.d.ts

@@ -0,0 +1,20 @@
+import type { OAuthTokenVerifier } from '@modelcontextprotocol/sdk/server/auth/provider.js';
+import { type Server } from 'node:http';
+export interface HttpOptions {
+    port: number;
+    bind: string;
+    /** Enable CORS — "*" for any origin, a specific origin URL, or comma-separated origins. */
+    cors?: string;
+    /** Skip registering SIGTERM/SIGINT handlers (used when running inside the daemon). */
+    skipSignalHandlers?: boolean;
+    /** Custom token verifier — when provided, skips LocalConfigVerifier and local config watcher. */
+    tokenVerifier?: OAuthTokenVerifier;
+}
+export interface McpHttpServer {
+    /** Gracefully close all sessions and stop the HTTP server. */
+    shutdown(): Promise<void>;
+    /** The underlying Node.js HTTP server (for testing). */
+    server: Server;
+}
+export declare function startMcpHttpServer(options: HttpOptions): Promise<McpHttpServer>;
+//# sourceMappingURL=http.d.ts.map

package/dist/mcp/http.js

@@ -0,0 +1,229 @@
+import { requireBearerAuth } from '@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import express from 'express';
+import { randomUUID } from 'node:crypto';
+import { createServer } from 'node:http';
+import { findKeyByName, isIpAllowed, LocalConfigVerifier, startConfigWatcher, } from './auth.js';
+import { createMcpServer } from './server.js';
+// How long a session can be idle before it's reaped (30 minutes)
+const SESSION_TTL_MS = 30 * 60 * 1000;
+// How often to check for expired sessions (5 minutes)
+const SWEEP_INTERVAL_MS = 5 * 60 * 1000;
+export async function startMcpHttpServer(options) {
+    const verifier = options.tokenVerifier ??
+        (() => {
+            startConfigWatcher();
+            return new LocalConfigVerifier();
+        })();
+    const app = express();
+    app.use(express.json());
+    // CORS middleware — must run before auth so OPTIONS preflights aren't rejected with 401
+    if (options.cors) {
+        const raw = options.cors;
+        const isWildcard = raw === '*';
+        const origins = isWildcard ? [] : raw.split(',').map((o) => o.trim());
+        const isMulti = origins.length > 1;
+        app.use('/mcp', (req, res, next) => {
+            if (isWildcard) {
+                res.header('Access-Control-Allow-Origin', '*');
+            }
+            else if (isMulti) {
+                const reqOrigin = req.headers.origin;
+                if (reqOrigin && origins.includes(reqOrigin)) {
+                    res.header('Access-Control-Allow-Origin', reqOrigin);
+                }
+                res.header('Vary', 'Origin');
+            }
+            else {
+                // Single origin — always echo (backward compat)
+                res.header('Access-Control-Allow-Origin', origins[0]);
+                res.header('Vary', 'Origin');
+            }
+            res.header('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS');
+            res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Mcp-Session-Id, Accept');
+            res.header('Access-Control-Expose-Headers', 'Mcp-Session-Id');
+            if (req.method === 'OPTIONS') {
+                res.header('Access-Control-Max-Age', '86400');
+                res.status(204).end();
+                return;
+            }
+            next();
+        });
+    }
+    // Auth middleware on the /mcp endpoint
+    app.use('/mcp', requireBearerAuth({ verifier }));
+    // IP allowlist middleware — runs after auth, before route handlers
+    const isRemoteVerifier = 'getAllowedIpsForToken' in verifier;
+    app.use('/mcp', (req, res, next) => {
+        // Skip for OPTIONS (no auth on preflights — they're handled by CORS above)
+        if (req.method === 'OPTIONS') {
+            next();
+            return;
+        }
+        if (isRemoteVerifier) {
+            // Remote verifier: look up allowed IPs by token hash
+            const token = req.auth?.token;
+            if (token) {
+                const allowedIps = verifier.getAllowedIpsForToken(token);
+                if (allowedIps && allowedIps.length > 0) {
+                    const clientIp = req.ip || req.socket.remoteAddress || '';
+                    if (!isIpAllowed(clientIp, allowedIps)) {
+                        res.status(403).json({ error: 'IP address not allowed for this key' });
+                        return;
+                    }
+                }
+            }
+        }
+        else {
+            // Local verifier: look up allowed IPs by key name from YAML config
+            const clientId = req.auth?.clientId;
+            if (clientId) {
+                const key = findKeyByName(clientId);
+                if (key?.allowedIps && key.allowedIps.length > 0) {
+                    const clientIp = req.ip || req.socket.remoteAddress || '';
+                    if (!isIpAllowed(clientIp, key.allowedIps)) {
+                        res.status(403).json({ error: 'IP address not allowed for this key' });
+                        return;
+                    }
+                }
+            }
+        }
+        next();
+    });
+    // Session management
+    const transports = new Map();
+    const lastActivity = new Map();
+    // Maps session ID → clientId of the token that created it.
+    // Prevents a different key from hijacking another key's session.
+    const sessionOwners = new Map();
+    function touchSession(sessionId) {
+        lastActivity.set(sessionId, Date.now());
+    }
+    function removeSession(sessionId) {
+        transports.delete(sessionId);
+        lastActivity.delete(sessionId);
+        sessionOwners.delete(sessionId);
+    }
+    // Periodic sweep of idle sessions
+    const sweepTimer = setInterval(() => {
+        const cutoff = Date.now() - SESSION_TTL_MS;
+        for (const [sessionId, ts] of lastActivity) {
+            if (ts < cutoff) {
+                const transport = transports.get(sessionId);
+                if (transport)
+                    transport.close().catch(() => { });
+                removeSession(sessionId);
+            }
+        }
+    }, SWEEP_INTERVAL_MS);
+    sweepTimer.unref();
+    // POST /mcp — initialize new sessions and handle messages
+    app.post('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        if (sessionId) {
+            const existing = transports.get(sessionId);
+            if (existing) {
+                const owner = sessionOwners.get(sessionId);
+                if (owner && req.auth?.clientId !== owner) {
+                    res.status(403).json({ error: 'Session belongs to a different key' });
+                    return;
+                }
+                touchSession(sessionId);
+                await existing.handleRequest(req, res, req.body);
+                return;
+            }
+        }
+        // New session: create transport + server
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID(),
+        });
+        const server = createMcpServer({ authInfo: req.auth });
+        transport.onclose = () => {
+            if (transport.sessionId)
+                removeSession(transport.sessionId);
+        };
+        await server.connect(transport);
+        await transport.handleRequest(req, res, req.body);
+        if (transport.sessionId) {
+            transports.set(transport.sessionId, transport);
+            if (req.auth?.clientId) {
+                sessionOwners.set(transport.sessionId, req.auth.clientId);
+            }
+            touchSession(transport.sessionId);
+        }
+    });
+    // GET /mcp — SSE stream for server-initiated messages
+    app.get('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        if (!sessionId) {
+            res.status(400).json({ error: 'Missing Mcp-Session-Id header' });
+            return;
+        }
+        const transport = transports.get(sessionId);
+        if (!transport) {
+            res.status(404).json({ error: 'Unknown session' });
+            return;
+        }
+        const owner = sessionOwners.get(sessionId);
+        if (owner && req.auth?.clientId !== owner) {
+            res.status(403).json({ error: 'Session belongs to a different key' });
+            return;
+        }
+        touchSession(sessionId);
+        await transport.handleRequest(req, res);
+    });
+    // DELETE /mcp — session termination
+    app.delete('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        if (sessionId) {
+            const owner = sessionOwners.get(sessionId);
+            if (owner && req.auth?.clientId !== owner) {
+                res.status(403).json({ error: 'Session belongs to a different key' });
+                return;
+            }
+            const transport = transports.get(sessionId);
+            if (transport) {
+                await transport.close();
+                removeSession(sessionId);
+            }
+        }
+        res.status(200).end();
+    });
+    const httpServer = createServer(app);
+    // Wait for the server to actually be listening (surfaces bind errors like port conflicts)
+    await new Promise((resolve, reject) => {
+        httpServer.once('error', reject);
+        httpServer.listen(options.port, options.bind, () => {
+            httpServer.removeListener('error', reject);
+            console.error(`MCP HTTP server listening on http://${options.bind}:${options.port}/mcp`);
+            resolve();
+        });
+    });
+    async function shutdown() {
+        clearInterval(sweepTimer);
+        // Close all active transports
+        const closePromises = [];
+        for (const [, transport] of transports) {
+            closePromises.push(transport.close().catch(() => { }));
+        }
+        await Promise.all(closePromises);
+        transports.clear();
+        lastActivity.clear();
+        sessionOwners.clear();
+        // Stop accepting new connections and close the server
+        await new Promise((resolve) => {
+            httpServer.close(() => resolve());
+        });
+    }
+    // Graceful shutdown on signals (skip when running inside the daemon)
+    if (!options.skipSignalHandlers) {
+        const onSignal = async () => {
+            await shutdown();
+            process.exit(0);
+        };
+        process.once('SIGTERM', onSignal);
+        process.once('SIGINT', onSignal);
+    }
+    return { shutdown, server: httpServer };
+}
+//# sourceMappingURL=http.js.map

package/dist/mcp/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/mcp/index.js

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+import { startMcpServer } from './server.js';
+startMcpServer().catch((err) => {
+    // Use stderr for errors (stdout is reserved for MCP protocol)
+    console.error('MCP server error:', err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/mcp/server.d.ts

@@ -0,0 +1,37 @@
+import type { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+/**
+ * Format error response for AI consumption
+ */
+declare function formatError(error: string, code?: string, context?: Record<string, unknown>): {
+    content: Array<{
+        type: 'text';
+        text: string;
+    }>;
+    isError: true;
+};
+/**
+ * Check if a tool is accessible given the current auth context.
+ * - No authInfo (stdio mode): always allowed
+ * - Scopes include "*": all tools allowed
+ * - Otherwise: tool name must be in scopes
+ */
+export declare function checkToolAccess(toolName: string, authInfo?: AuthInfo): {
+    allowed: false;
+    error: ReturnType<typeof formatError>;
+} | {
+    allowed: true;
+};
+/**
+ * Create and configure the MCP server with all ORKIFY tools.
+ * When authInfo is provided (HTTP mode), per-tool scope checks are enforced.
+ */
+export declare function createMcpServer(options?: {
+    authInfo?: AuthInfo;
+}): McpServer;
+/**
+ * Start the MCP server with stdio transport
+ */
+export declare function startMcpServer(): Promise<void>;
+export {};
+//# sourceMappingURL=server.d.ts.map