@rainfall-devkit/sdk 0.2.0 → 0.2.2

package/dist/cli/index.js

@@ -964,12 +964,16 @@ var init_sdk = __esm({
 // src/cli/config.ts
 var config_exports = {};
 __export(config_exports, {
+  getConfigDir: () => getConfigDir,
   getLLMConfig: () => getLLMConfig,
   getProviderBaseUrl: () => getProviderBaseUrl,
   isLocalProvider: () => isLocalProvider,
   loadConfig: () => loadConfig,
   saveConfig: () => saveConfig
 });
+function getConfigDir() {
+  return CONFIG_DIR;
+}
 function loadConfig() {
   let config = {};
   if ((0, import_fs.existsSync)(CONFIG_FILE)) {
@@ -1034,6 +1038,7 @@ function getProviderBaseUrl(config) {
     case "ollama":
       return config.llm?.baseUrl || "http://localhost:11434/v1";
     case "local":
+    case "custom":
       return config.llm?.baseUrl || "http://localhost:1234/v1";
     case "rainfall":
     default:
@@ -1711,9 +1716,576 @@ var init_listeners = __esm({
   }
 });
 
+// src/services/mcp-proxy.ts
+var import_ws, import_client2, import_stdio, import_streamableHttp, import_types, MCPProxyHub;
+var init_mcp_proxy = __esm({
+  "src/services/mcp-proxy.ts"() {
+    "use strict";
+    init_cjs_shims();
+    import_ws = require("ws");
+    import_client2 = require("@modelcontextprotocol/sdk/client/index.js");
+    import_stdio = require("@modelcontextprotocol/sdk/client/stdio.js");
+    import_streamableHttp = require("@modelcontextprotocol/sdk/client/streamableHttp.js");
+    import_types = require("@modelcontextprotocol/sdk/types.js");
+    MCPProxyHub = class {
+      clients = /* @__PURE__ */ new Map();
+      options;
+      refreshTimer;
+      reconnectTimeouts = /* @__PURE__ */ new Map();
+      requestId = 0;
+      constructor(options = {}) {
+        this.options = {
+          debug: options.debug ?? false,
+          autoReconnect: options.autoReconnect ?? true,
+          reconnectDelay: options.reconnectDelay ?? 5e3,
+          toolTimeout: options.toolTimeout ?? 3e4,
+          refreshInterval: options.refreshInterval ?? 3e4
+        };
+      }
+      /**
+       * Initialize the MCP proxy hub
+       */
+      async initialize() {
+        this.log("\u{1F50C} Initializing MCP Proxy Hub...");
+        this.startRefreshTimer();
+        this.log("\u2705 MCP Proxy Hub initialized");
+      }
+      /**
+       * Shutdown the MCP proxy hub and disconnect all clients
+       */
+      async shutdown() {
+        this.log("\u{1F6D1} Shutting down MCP Proxy Hub...");
+        if (this.refreshTimer) {
+          clearInterval(this.refreshTimer);
+          this.refreshTimer = void 0;
+        }
+        for (const timeout of this.reconnectTimeouts.values()) {
+          clearTimeout(timeout);
+        }
+        this.reconnectTimeouts.clear();
+        const disconnectPromises = Array.from(this.clients.entries()).map(
+          async ([name, client]) => {
+            try {
+              await this.disconnectClient(name);
+            } catch (error) {
+              this.log(`Error disconnecting ${name}:`, error);
+            }
+          }
+        );
+        await Promise.allSettled(disconnectPromises);
+        this.clients.clear();
+        this.log("\u{1F44B} MCP Proxy Hub shut down");
+      }
+      /**
+       * Connect to an MCP server
+       */
+      async connectClient(config) {
+        const { name, transport } = config;
+        if (this.clients.has(name)) {
+          this.log(`Reconnecting client: ${name}`);
+          await this.disconnectClient(name);
+        }
+        this.log(`Connecting to MCP server: ${name} (${transport})...`);
+        try {
+          const client = new import_client2.Client(
+            {
+              name: `rainfall-daemon-${name}`,
+              version: "0.2.0"
+            },
+            {
+              capabilities: {}
+            }
+          );
+          let lastErrorTime = 0;
+          client.onerror = (error) => {
+            const now = Date.now();
+            if (now - lastErrorTime > 5e3) {
+              this.log(`MCP Server Error (${name}):`, error.message);
+              lastErrorTime = now;
+            }
+            if (this.options.autoReconnect) {
+              this.scheduleReconnect(name, config);
+            }
+          };
+          let transportInstance;
+          if (transport === "stdio" && config.command) {
+            const env = {};
+            for (const [key, value] of Object.entries({ ...process.env, ...config.env })) {
+              if (value !== void 0) {
+                env[key] = value;
+              }
+            }
+            transportInstance = new import_stdio.StdioClientTransport({
+              command: config.command,
+              args: config.args,
+              env
+            });
+          } else if (transport === "http" && config.url) {
+            transportInstance = new import_streamableHttp.StreamableHTTPClientTransport(
+              new URL(config.url),
+              {
+                requestInit: {
+                  headers: config.headers
+                }
+              }
+            );
+          } else if (transport === "websocket" && config.url) {
+            transportInstance = new import_ws.WebSocket(config.url);
+            await new Promise((resolve, reject) => {
+              transportInstance.on("open", () => resolve());
+              transportInstance.on("error", reject);
+              setTimeout(() => reject(new Error("WebSocket connection timeout")), 1e4);
+            });
+          } else {
+            throw new Error(`Invalid transport configuration for ${name}`);
+          }
+          await client.connect(transportInstance);
+          const toolsResult = await client.request(
+            {
+              method: "tools/list",
+              params: {}
+            },
+            import_types.ListToolsResultSchema
+          );
+          const tools = toolsResult.tools.map((tool) => ({
+            name: tool.name,
+            description: tool.description || "",
+            inputSchema: tool.inputSchema,
+            serverName: name
+          }));
+          const clientInfo = {
+            name,
+            client,
+            transport: transportInstance,
+            transportType: transport,
+            tools,
+            connectedAt: (/* @__PURE__ */ new Date()).toISOString(),
+            lastUsed: (/* @__PURE__ */ new Date()).toISOString(),
+            config,
+            status: "connected"
+          };
+          this.clients.set(name, clientInfo);
+          this.log(`\u2705 Connected to ${name} (${tools.length} tools)`);
+          this.printAvailableTools(name, tools);
+          return name;
+        } catch (error) {
+          const errorMessage = error instanceof Error ? error.message : String(error);
+          this.log(`\u274C Failed to connect to ${name}:`, errorMessage);
+          if (this.options.autoReconnect) {
+            this.scheduleReconnect(name, config);
+          }
+          throw error;
+        }
+      }
+      /**
+       * Disconnect a specific MCP client
+       */
+      async disconnectClient(name) {
+        const client = this.clients.get(name);
+        if (!client) return;
+        const timeout = this.reconnectTimeouts.get(name);
+        if (timeout) {
+          clearTimeout(timeout);
+          this.reconnectTimeouts.delete(name);
+        }
+        try {
+          await client.client.close();
+          if ("close" in client.transport && typeof client.transport.close === "function") {
+            await client.transport.close();
+          }
+        } catch (error) {
+          this.log(`Error closing client ${name}:`, error);
+        }
+        this.clients.delete(name);
+        this.log(`Disconnected from ${name}`);
+      }
+      /**
+       * Schedule a reconnection attempt
+       */
+      scheduleReconnect(name, config) {
+        if (this.reconnectTimeouts.has(name)) return;
+        const timeout = setTimeout(async () => {
+          this.reconnectTimeouts.delete(name);
+          this.log(`Attempting to reconnect to ${name}...`);
+          try {
+            await this.connectClient(config);
+          } catch (error) {
+            this.log(`Reconnection failed for ${name}`);
+          }
+        }, this.options.reconnectDelay);
+        this.reconnectTimeouts.set(name, timeout);
+      }
+      /**
+       * Call a tool on the appropriate MCP client
+       */
+      async callTool(toolName, args, options = {}) {
+        const timeout = options.timeout ?? this.options.toolTimeout;
+        let clientInfo;
+        let actualToolName = toolName;
+        if (options.namespace) {
+          clientInfo = this.clients.get(options.namespace);
+          if (!clientInfo) {
+            throw new Error(`Namespace '${options.namespace}' not found`);
+          }
+          const prefix = `${options.namespace}-`;
+          if (actualToolName.startsWith(prefix)) {
+            actualToolName = actualToolName.slice(prefix.length);
+          }
+          if (!clientInfo.tools.some((t) => t.name === actualToolName)) {
+            throw new Error(`Tool '${actualToolName}' not found in namespace '${options.namespace}'`);
+          }
+        } else {
+          for (const [, info] of this.clients) {
+            const tool = info.tools.find((t) => t.name === toolName);
+            if (tool) {
+              clientInfo = info;
+              break;
+            }
+          }
+        }
+        if (!clientInfo) {
+          throw new Error(`Tool '${toolName}' not found on any connected MCP server`);
+        }
+        const requestId = `req_${++this.requestId}`;
+        clientInfo.lastUsed = (/* @__PURE__ */ new Date()).toISOString();
+        try {
+          this.log(`[${requestId}] Calling '${actualToolName}' on '${clientInfo.name}'`);
+          const result = await Promise.race([
+            clientInfo.client.request(
+              {
+                method: "tools/call",
+                params: {
+                  name: actualToolName,
+                  arguments: args
+                }
+              },
+              import_types.CallToolResultSchema
+            ),
+            new Promise(
+              (_, reject) => setTimeout(() => reject(new Error(`Tool call timeout after ${timeout}ms`)), timeout)
+            )
+          ]);
+          this.log(`[${requestId}] Completed successfully`);
+          return this.formatToolResult(result);
+        } catch (error) {
+          this.log(`[${requestId}] Failed:`, error instanceof Error ? error.message : error);
+          if (error instanceof import_types.McpError) {
+            throw new Error(`MCP Error (${toolName}): ${error.message} (code: ${error.code})`);
+          }
+          throw error;
+        }
+      }
+      /**
+       * Format MCP tool result for consistent output
+       */
+      formatToolResult(result) {
+        if (!result || !result.content) {
+          return "";
+        }
+        return result.content.map((item) => {
+          if (item.type === "text") {
+            return item.text || "";
+          } else if (item.type === "resource") {
+            return `[Resource: ${item.resource?.uri || "unknown"}]`;
+          } else if (item.type === "image") {
+            return `[Image: ${item.mimeType || "unknown"}]`;
+          } else if (item.type === "audio") {
+            return `[Audio: ${item.mimeType || "unknown"}]`;
+          } else {
+            return JSON.stringify(item);
+          }
+        }).join("\n");
+      }
+      /**
+       * Get all tools from all connected MCP clients
+       * Optionally with namespace prefix
+       */
+      getAllTools(options = {}) {
+        const allTools = [];
+        for (const [clientName, client] of this.clients) {
+          for (const tool of client.tools) {
+            if (options.namespacePrefix) {
+              allTools.push({
+                ...tool,
+                name: `${clientName}-${tool.name}`
+              });
+            } else {
+              allTools.push(tool);
+            }
+          }
+        }
+        return allTools;
+      }
+      /**
+       * Get tools from a specific client
+       */
+      getClientTools(clientName) {
+        const client = this.clients.get(clientName);
+        return client?.tools || [];
+      }
+      /**
+       * Get list of connected MCP clients
+       */
+      listClients() {
+        return Array.from(this.clients.entries()).map(([name, info]) => ({
+          name,
+          status: info.status,
+          toolCount: info.tools.length,
+          connectedAt: info.connectedAt,
+          lastUsed: info.lastUsed,
+          transportType: info.transportType
+        }));
+      }
+      /**
+       * Get client info by name
+       */
+      getClient(name) {
+        return this.clients.get(name);
+      }
+      /**
+       * Refresh tool lists from all connected clients
+       */
+      async refreshTools() {
+        for (const [name, client] of this.clients) {
+          try {
+            const toolsResult = await client.client.request(
+              {
+                method: "tools/list",
+                params: {}
+              },
+              import_types.ListToolsResultSchema
+            );
+            client.tools = toolsResult.tools.map((tool) => ({
+              name: tool.name,
+              description: tool.description || "",
+              inputSchema: tool.inputSchema,
+              serverName: name
+            }));
+            this.log(`Refreshed ${name}: ${client.tools.length} tools`);
+          } catch (error) {
+            this.log(`Failed to refresh tools for ${name}:`, error);
+            client.status = "error";
+            client.error = error instanceof Error ? error.message : String(error);
+          }
+        }
+      }
+      /**
+       * List resources from a specific client or all clients
+       */
+      async listResources(clientName) {
+        const results = [];
+        const clients = clientName ? [clientName] : Array.from(this.clients.keys());
+        for (const name of clients) {
+          const client = this.clients.get(name);
+          if (!client) continue;
+          try {
+            const result = await client.client.request(
+              {
+                method: "resources/list",
+                params: {}
+              },
+              import_types.ListResourcesResultSchema
+            );
+            results.push({
+              clientName: name,
+              resources: result.resources
+            });
+          } catch (error) {
+            this.log(`Failed to list resources for ${name}:`, error);
+          }
+        }
+        return results;
+      }
+      /**
+       * Read a resource from a specific client
+       */
+      async readResource(uri, clientName) {
+        if (clientName) {
+          const client = this.clients.get(clientName);
+          if (!client) {
+            throw new Error(`Client '${clientName}' not found`);
+          }
+          const result = await client.client.request(
+            {
+              method: "resources/read",
+              params: { uri }
+            },
+            import_types.ReadResourceResultSchema
+          );
+          return result;
+        } else {
+          for (const [name, client] of this.clients) {
+            try {
+              const result = await client.client.request(
+                {
+                  method: "resources/read",
+                  params: { uri }
+                },
+                import_types.ReadResourceResultSchema
+              );
+              return { clientName: name, ...result };
+            } catch {
+            }
+          }
+          throw new Error(`Resource '${uri}' not found on any client`);
+        }
+      }
+      /**
+       * List prompts from a specific client or all clients
+       */
+      async listPrompts(clientName) {
+        const results = [];
+        const clients = clientName ? [clientName] : Array.from(this.clients.keys());
+        for (const name of clients) {
+          const client = this.clients.get(name);
+          if (!client) continue;
+          try {
+            const result = await client.client.request(
+              {
+                method: "prompts/list",
+                params: {}
+              },
+              import_types.ListPromptsResultSchema
+            );
+            results.push({
+              clientName: name,
+              prompts: result.prompts
+            });
+          } catch (error) {
+            this.log(`Failed to list prompts for ${name}:`, error);
+          }
+        }
+        return results;
+      }
+      /**
+       * Get a prompt from a specific client
+       */
+      async getPrompt(name, args, clientName) {
+        if (clientName) {
+          const client = this.clients.get(clientName);
+          if (!client) {
+            throw new Error(`Client '${clientName}' not found`);
+          }
+          const result = await client.client.request(
+            {
+              method: "prompts/get",
+              params: { name, arguments: args }
+            },
+            import_types.GetPromptResultSchema
+          );
+          return result;
+        } else {
+          for (const [cName, client] of this.clients) {
+            try {
+              const result = await client.client.request(
+                {
+                  method: "prompts/get",
+                  params: { name, arguments: args }
+                },
+                import_types.GetPromptResultSchema
+              );
+              return { clientName: cName, ...result };
+            } catch {
+            }
+          }
+          throw new Error(`Prompt '${name}' not found on any client`);
+        }
+      }
+      /**
+       * Health check for all connected clients
+       */
+      async healthCheck() {
+        const results = /* @__PURE__ */ new Map();
+        for (const [name, client] of this.clients) {
+          try {
+            const startTime = Date.now();
+            await client.client.request(
+              {
+                method: "tools/list",
+                params: {}
+              },
+              import_types.ListToolsResultSchema
+            );
+            results.set(name, {
+              status: "healthy",
+              responseTime: Date.now() - startTime
+            });
+          } catch (error) {
+            results.set(name, {
+              status: "unhealthy",
+              responseTime: 0,
+              error: error instanceof Error ? error.message : String(error)
+            });
+            if (this.options.autoReconnect) {
+              this.scheduleReconnect(name, client.config);
+            }
+          }
+        }
+        return results;
+      }
+      /**
+       * Start the automatic refresh timer
+       */
+      startRefreshTimer() {
+        if (this.refreshTimer) {
+          clearInterval(this.refreshTimer);
+        }
+        if (this.options.refreshInterval > 0) {
+          this.refreshTimer = setInterval(async () => {
+            try {
+              await this.refreshTools();
+            } catch (error) {
+              this.log("Auto-refresh failed:", error);
+            }
+          }, this.options.refreshInterval);
+        }
+      }
+      /**
+       * Print available tools for a client
+       */
+      printAvailableTools(clientName, tools) {
+        if (tools.length === 0) {
+          this.log(`  No tools available from ${clientName}`);
+          return;
+        }
+        this.log(`
+  --- ${clientName} Tools (${tools.length}) ---`);
+        for (const tool of tools) {
+          this.log(`    \u2022 ${tool.name}: ${tool.description.slice(0, 60)}${tool.description.length > 60 ? "..." : ""}`);
+        }
+      }
+      /**
+       * Debug logging
+       */
+      log(...args) {
+        if (this.options.debug) {
+          console.log("[MCP-Proxy]", ...args);
+        }
+      }
+      /**
+       * Get statistics about the MCP proxy hub
+       */
+      getStats() {
+        const clients = Array.from(this.clients.entries()).map(([name, info]) => ({
+          name,
+          toolCount: info.tools.length,
+          status: info.status,
+          transportType: info.transportType
+        }));
+        return {
+          totalClients: this.clients.size,
+          totalTools: clients.reduce((sum, c) => sum + c.toolCount, 0),
+          clients
+        };
+      }
+    };
+  }
+});
+
 // src/daemon/index.ts
 var daemon_exports = {};
 __export(daemon_exports, {
+  MCPProxyHub: () => MCPProxyHub,
   RainfallDaemon: () => RainfallDaemon,
   getDaemonInstance: () => getDaemonInstance,
   getDaemonStatus: () => getDaemonStatus,
@@ -1746,17 +2318,19 @@ function getDaemonStatus() {
 function getDaemonInstance() {
   return daemonInstance;
 }
-var import_ws, import_express, RainfallDaemon, daemonInstance;
+var import_ws2, import_express, RainfallDaemon, daemonInstance;
 var init_daemon = __esm({
   "src/daemon/index.ts"() {
     "use strict";
     init_cjs_shims();
-    import_ws = require("ws");
+    import_ws2 = require("ws");
     import_express = __toESM(require("express"));
     init_sdk();
     init_networked();
     init_context();
     init_listeners();
+    init_mcp_proxy();
+    init_mcp_proxy();
     RainfallDaemon = class {
       wss;
       openaiApp;
@@ -1772,11 +2346,16 @@ var init_daemon = __esm({
       networkedExecutor;
       context;
       listeners;
+      mcpProxy;
+      enableMcpProxy;
+      mcpNamespacePrefix;
       constructor(config = {}) {
         this.port = config.port || 8765;
         this.openaiPort = config.openaiPort || 8787;
         this.rainfallConfig = config.rainfallConfig;
         this.debug = config.debug || false;
+        this.enableMcpProxy = config.enableMcpProxy ?? true;
+        this.mcpNamespacePrefix = config.mcpNamespacePrefix ?? true;
         this.openaiApp = (0, import_express.default)();
         this.openaiApp.use(import_express.default.json());
       }
@@ -1812,6 +2391,19 @@ var init_daemon = __esm({
           this.networkedExecutor
         );
         await this.loadTools();
+        if (this.enableMcpProxy) {
+          this.mcpProxy = new MCPProxyHub({ debug: this.debug });
+          await this.mcpProxy.initialize();
+          if (this.rainfallConfig?.mcpClients) {
+            for (const clientConfig of this.rainfallConfig.mcpClients) {
+              try {
+                await this.mcpProxy.connectClient(clientConfig);
+              } catch (error) {
+                this.log(`Failed to connect MCP client ${clientConfig.name}:`, error);
+              }
+            }
+          }
+        }
         await this.startWebSocketServer();
         await this.startOpenAIProxy();
         console.log(`\u{1F680} Rainfall daemon running`);
@@ -1832,6 +2424,10 @@ var init_daemon = __esm({
         if (this.networkedExecutor) {
           await this.networkedExecutor.unregisterEdgeNode();
         }
+        if (this.mcpProxy) {
+          await this.mcpProxy.shutdown();
+          this.mcpProxy = void 0;
+        }
         for (const client of this.clients) {
           client.close();
         }
@@ -1860,6 +2456,30 @@ var init_daemon = __esm({
       getListenerRegistry() {
         return this.listeners;
       }
+      /**
+       * Get the MCP Proxy Hub for managing external MCP clients
+       */
+      getMCPProxy() {
+        return this.mcpProxy;
+      }
+      /**
+       * Connect an MCP client dynamically
+       */
+      async connectMCPClient(config) {
+        if (!this.mcpProxy) {
+          throw new Error("MCP Proxy Hub is not enabled");
+        }
+        return this.mcpProxy.connectClient(config);
+      }
+      /**
+       * Disconnect an MCP client
+       */
+      async disconnectMCPClient(name) {
+        if (!this.mcpProxy) {
+          throw new Error("MCP Proxy Hub is not enabled");
+        }
+        return this.mcpProxy.disconnectClient(name);
+      }
       async initializeRainfall() {
         if (this.rainfallConfig?.apiKey) {
           this.rainfall = new Rainfall(this.rainfallConfig);
@@ -1900,7 +2520,7 @@ var init_daemon = __esm({
         }
       }
       async startWebSocketServer() {
-        this.wss = new import_ws.WebSocketServer({ port: this.port });
+        this.wss = new import_ws2.WebSocketServer({ port: this.port });
         this.wss.on("connection", (ws) => {
           this.log("\u{1F7E2} MCP client connected");
           this.clients.add(ws);
@@ -1962,7 +2582,7 @@ var init_daemon = __esm({
             const toolParams = params?.arguments;
             try {
               const startTime = Date.now();
-              const result = await this.executeTool(toolName, toolParams);
+              const result = await this.executeToolWithMCP(toolName, toolParams);
               const duration = Date.now() - startTime;
               if (this.context) {
                 this.context.recordExecution(toolName, toolParams || {}, result, { duration });
@@ -2027,6 +2647,16 @@ var init_daemon = __esm({
             });
           }
         }
+        if (this.mcpProxy) {
+          const proxyTools = this.mcpProxy.getAllTools({ namespacePrefix: this.mcpNamespacePrefix });
+          for (const tool of proxyTools) {
+            mcpTools.push({
+              name: this.mcpNamespacePrefix ? `${tool.serverName}-${tool.name}` : tool.name,
+              description: tool.description,
+              inputSchema: tool.inputSchema || { type: "object", properties: {} }
+            });
+          }
+        }
         return mcpTools;
       }
       async executeTool(toolId, params) {
@@ -2035,6 +2665,30 @@ var init_daemon = __esm({
         }
         return this.rainfall.executeTool(toolId, params);
       }
+      /**
+       * Execute a tool, trying MCP proxy first, then falling back to Rainfall tools
+       */
+      async executeToolWithMCP(toolName, params) {
+        if (this.mcpProxy) {
+          try {
+            if (this.mcpNamespacePrefix && toolName.includes("-")) {
+              const namespace = toolName.split("-")[0];
+              const actualToolName = toolName.slice(namespace.length + 1);
+              if (this.mcpProxy.getClient(namespace)) {
+                return await this.mcpProxy.callTool(toolName, params || {}, {
+                  namespace
+                });
+              }
+            }
+            return await this.mcpProxy.callTool(toolName, params || {});
+          } catch (error) {
+            if (error instanceof Error && !error.message.includes("not found")) {
+              throw error;
+            }
+          }
+        }
+        return this.executeTool(toolName, params);
+      }
       async startOpenAIProxy() {
         this.openaiApp.get("/v1/models", async (_req, res) => {
           try {
@@ -2150,6 +2804,10 @@ var init_daemon = __esm({
                     this.log(`  \u2192 Executing locally`);
                     const args = JSON.parse(toolArgsStr);
                     toolResult = await this.executeLocalTool(localTool.id, args);
+                  } else if (this.mcpProxy) {
+                    this.log(`  \u2192 Trying MCP proxy`);
+                    const args = JSON.parse(toolArgsStr);
+                    toolResult = await this.executeToolWithMCP(toolName.replace(/_/g, "-"), args);
                   } else {
                     const shouldExecuteLocal = body.tool_priority === "local" || body.tool_priority === "stacked";
                     if (shouldExecuteLocal) {
@@ -2199,15 +2857,52 @@ var init_daemon = __esm({
           }
         });
         this.openaiApp.get("/health", (_req, res) => {
+          const mcpStats = this.mcpProxy?.getStats();
           res.json({
             status: "ok",
             daemon: "rainfall",
-            version: "0.1.0",
+            version: "0.2.0",
             tools_loaded: this.tools.length,
+            mcp_clients: mcpStats?.totalClients || 0,
+            mcp_tools: mcpStats?.totalTools || 0,
             edge_node_id: this.networkedExecutor?.getEdgeNodeId(),
             clients_connected: this.clients.size
           });
         });
+        this.openaiApp.get("/v1/mcp/clients", (_req, res) => {
+          if (!this.mcpProxy) {
+            res.status(503).json({ error: "MCP proxy not enabled" });
+            return;
+          }
+          res.json(this.mcpProxy.listClients());
+        });
+        this.openaiApp.post("/v1/mcp/connect", async (req, res) => {
+          if (!this.mcpProxy) {
+            res.status(503).json({ error: "MCP proxy not enabled" });
+            return;
+          }
+          try {
+            const name = await this.mcpProxy.connectClient(req.body);
+            res.json({ success: true, client: name });
+          } catch (error) {
+            res.status(500).json({
+              error: error instanceof Error ? error.message : "Failed to connect MCP client"
+            });
+          }
+        });
+        this.openaiApp.post("/v1/mcp/disconnect", async (req, res) => {
+          if (!this.mcpProxy) {
+            res.status(503).json({ error: "MCP proxy not enabled" });
+            return;
+          }
+          const { name } = req.body;
+          if (!name) {
+            res.status(400).json({ error: "Missing required field: name" });
+            return;
+          }
+          await this.mcpProxy.disconnectClient(name);
+          res.json({ success: true });
+        });
         this.openaiApp.get("/status", (_req, res) => {
           res.json(this.getStatus());
         });
@@ -2342,6 +3037,7 @@ var init_daemon = __esm({
         switch (provider) {
           case "local":
           case "ollama":
+          case "custom":
             return this.callLocalLLM(params, config);
           case "openai":
           case "anthropic":
@@ -2378,7 +3074,8 @@ var init_daemon = __esm({
           method: "POST",
           headers: {
             "Content-Type": "application/json",
-            "Authorization": `Bearer ${apiKey}`
+            "Authorization": `Bearer ${apiKey}`,
+            "User-Agent": "Rainfall-DevKit/1.0"
           },
           body: JSON.stringify({
             model,
@@ -2409,7 +3106,8 @@ var init_daemon = __esm({
           method: "POST",
           headers: {
             "Content-Type": "application/json",
-            "Authorization": `Bearer ${apiKey}`
+            "Authorization": `Bearer ${apiKey}`,
+            "User-Agent": "Rainfall-DevKit/1.0"
           },
           body: JSON.stringify({
             model,
@@ -2490,7 +3188,7 @@ var init_daemon = __esm({
       }
       async getOpenAITools() {
         const tools = [];
-        for (const tool of this.tools.slice(0, 128)) {
+        for (const tool of this.tools.slice(0, 100)) {
           const schema = await this.getToolSchema(tool.id);
           if (schema) {
             const toolSchema = schema;
@@ -2514,6 +3212,24 @@ var init_daemon = __esm({
             });
           }
         }
+        if (this.mcpProxy) {
+          const proxyTools = this.mcpProxy.getAllTools({ namespacePrefix: this.mcpNamespacePrefix });
+          for (const tool of proxyTools.slice(0, 28)) {
+            const inputSchema = tool.inputSchema || {};
+            tools.push({
+              type: "function",
+              function: {
+                name: this.mcpNamespacePrefix ? `${tool.serverName}_${tool.name}`.replace(/-/g, "_") : tool.name.replace(/-/g, "_"),
+                description: `[${tool.serverName}] ${tool.description}`,
+                parameters: {
+                  type: "object",
+                  properties: inputSchema.properties || {},
+                  required: inputSchema.required || []
+                }
+              }
+            });
+          }
+        }
         return tools;
       }
       buildResponseContent() {
@@ -2559,6 +3275,274 @@ var import_url = require("url");
 init_sdk();
 init_config();
 var import_child_process = require("child_process");
+
+// src/security/edge-node.ts
+init_cjs_shims();
+var import_libsodium_wrappers_sumo = __toESM(require("libsodium-wrappers-sumo"));
+var EdgeNodeSecurity = class {
+  sodiumReady;
+  backendSecret;
+  keyPair;
+  constructor(options = {}) {
+    this.sodiumReady = import_libsodium_wrappers_sumo.default.ready;
+    this.backendSecret = options.backendSecret;
+    this.keyPair = options.keyPair;
+  }
+  /**
+   * Initialize libsodium
+   */
+  async initialize() {
+    await this.sodiumReady;
+  }
+  // ============================================================================
+  // JWT Token Management
+  // ============================================================================
+  /**
+   * Generate a JWT token for an edge node
+   * Note: In production, this is done by the backend. This is for testing.
+   */
+  generateJWT(edgeNodeId, subscriberId, expiresInDays = 30) {
+    if (!this.backendSecret) {
+      throw new Error("Backend secret not configured");
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const exp = now + expiresInDays * 24 * 60 * 60;
+    const jti = this.generateTokenId();
+    const payload = {
+      sub: edgeNodeId,
+      iss: "rainfall-backend",
+      iat: now,
+      exp,
+      jti,
+      scope: ["edge:heartbeat", "edge:claim", "edge:submit", "edge:queue"]
+    };
+    const header = { alg: "HS256", typ: "JWT" };
+    const encodedHeader = this.base64UrlEncode(JSON.stringify(header));
+    const encodedPayload = this.base64UrlEncode(JSON.stringify(payload));
+    const signature = this.hmacSha256(
+      `${encodedHeader}.${encodedPayload}`,
+      this.backendSecret
+    );
+    const encodedSignature = this.base64UrlEncode(signature);
+    return `${encodedHeader}.${encodedPayload}.${encodedSignature}`;
+  }
+  /**
+   * Validate a JWT token
+   */
+  validateJWT(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      throw new Error("Invalid JWT format");
+    }
+    const [encodedHeader, encodedPayload, encodedSignature] = parts;
+    if (this.backendSecret) {
+      const expectedSignature = this.hmacSha256(
+        `${encodedHeader}.${encodedPayload}`,
+        this.backendSecret
+      );
+      const expectedEncoded = this.base64UrlEncode(expectedSignature);
+      if (!this.timingSafeEqual(encodedSignature, expectedEncoded)) {
+        throw new Error("Invalid JWT signature");
+      }
+    }
+    const payload = JSON.parse(this.base64UrlDecode(encodedPayload));
+    const now = Math.floor(Date.now() / 1e3);
+    if (payload.exp < now) {
+      throw new Error("JWT token expired");
+    }
+    if (payload.iss !== "rainfall-backend") {
+      throw new Error("Invalid JWT issuer");
+    }
+    return {
+      edgeNodeId: payload.sub,
+      subscriberId: payload.sub,
+      // Same as edge node ID for now
+      scopes: payload.scope,
+      expiresAt: payload.exp
+    };
+  }
+  /**
+   * Extract bearer token from Authorization header
+   */
+  extractBearerToken(authHeader) {
+    if (!authHeader) return null;
+    const match = authHeader.match(/^Bearer\s+(.+)$/i);
+    return match ? match[1] : null;
+  }
+  // ============================================================================
+  // ACL Enforcement
+  // ============================================================================
+  /**
+   * Check if an edge node is allowed to perform an action on a job
+   * Rule: Edge nodes can only access jobs for their own subscriber
+   */
+  checkACL(check) {
+    if (check.subscriberId !== check.jobSubscriberId) {
+      return {
+        allowed: false,
+        reason: `Edge node ${check.edgeNodeId} cannot access jobs from subscriber ${check.jobSubscriberId}`
+      };
+    }
+    const allowedActions = ["heartbeat", "claim", "submit", "queue"];
+    if (!allowedActions.includes(check.action)) {
+      return {
+        allowed: false,
+        reason: `Unknown action: ${check.action}`
+      };
+    }
+    return { allowed: true };
+  }
+  /**
+   * Middleware-style ACL check for job operations
+   */
+  requireSameSubscriber(edgeNodeSubscriberId, jobSubscriberId, operation) {
+    const result = this.checkACL({
+      edgeNodeId: edgeNodeSubscriberId,
+      subscriberId: edgeNodeSubscriberId,
+      jobSubscriberId,
+      action: operation
+    });
+    if (!result.allowed) {
+      throw new Error(result.reason);
+    }
+  }
+  // ============================================================================
+  // Encryption (Libsodium)
+  // ============================================================================
+  /**
+   * Generate a new Ed25519 key pair for an edge node
+   */
+  async generateKeyPair() {
+    await this.sodiumReady;
+    const keyPair = import_libsodium_wrappers_sumo.default.crypto_box_keypair();
+    return {
+      publicKey: this.bytesToBase64(keyPair.publicKey),
+      privateKey: this.bytesToBase64(keyPair.privateKey)
+    };
+  }
+  /**
+   * Encrypt job parameters for a target edge node using its public key
+   */
+  async encryptForEdgeNode(plaintext, targetPublicKeyBase64) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const targetPublicKey = this.base64ToBytes(targetPublicKeyBase64);
+    const ephemeralKeyPair = import_libsodium_wrappers_sumo.default.crypto_box_keypair();
+    const nonce = import_libsodium_wrappers_sumo.default.randombytes_buf(import_libsodium_wrappers_sumo.default.crypto_box_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = import_libsodium_wrappers_sumo.default.crypto_box_easy(
+      message,
+      nonce,
+      targetPublicKey,
+      ephemeralKeyPair.privateKey
+    );
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce),
+      ephemeralPublicKey: this.bytesToBase64(ephemeralKeyPair.publicKey)
+    };
+  }
+  /**
+   * Decrypt job parameters received from the backend
+   */
+  async decryptFromBackend(encrypted) {
+    await this.sodiumReady;
+    if (!this.keyPair) {
+      throw new Error("Local key pair not configured");
+    }
+    const privateKey = this.base64ToBytes(this.keyPair.privateKey);
+    const ephemeralPublicKey = this.base64ToBytes(encrypted.ephemeralPublicKey);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = import_libsodium_wrappers_sumo.default.crypto_box_open_easy(
+      ciphertext,
+      nonce,
+      ephemeralPublicKey,
+      privateKey
+    );
+    if (!decrypted) {
+      throw new Error("Decryption failed - invalid ciphertext or keys");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  /**
+   * Encrypt job parameters for local storage (using secretbox)
+   */
+  async encryptLocal(plaintext, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = import_libsodium_wrappers_sumo.default.randombytes_buf(import_libsodium_wrappers_sumo.default.crypto_secretbox_NONCEBYTES);
+    const message = new TextEncoder().encode(plaintext);
+    const ciphertext = import_libsodium_wrappers_sumo.default.crypto_secretbox_easy(message, nonce, keyBytes);
+    return {
+      ciphertext: this.bytesToBase64(ciphertext),
+      nonce: this.bytesToBase64(nonce)
+    };
+  }
+  /**
+   * Decrypt locally stored job parameters
+   */
+  async decryptLocal(encrypted, key) {
+    await this.sodiumReady;
+    const keyBytes = this.deriveKey(key);
+    const nonce = this.base64ToBytes(encrypted.nonce);
+    const ciphertext = this.base64ToBytes(encrypted.ciphertext);
+    const decrypted = import_libsodium_wrappers_sumo.default.crypto_secretbox_open_easy(ciphertext, nonce, keyBytes);
+    if (!decrypted) {
+      throw new Error("Local decryption failed");
+    }
+    return new TextDecoder().decode(decrypted);
+  }
+  // ============================================================================
+  // Utility Methods
+  // ============================================================================
+  generateTokenId() {
+    return `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
+  }
+  base64UrlEncode(str) {
+    return btoa(str).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  base64UrlDecode(str) {
+    const padding = "=".repeat((4 - str.length % 4) % 4);
+    const base64 = str.replace(/-/g, "+").replace(/_/g, "/") + padding;
+    return atob(base64);
+  }
+  hmacSha256(message, secret) {
+    const key = new TextEncoder().encode(secret);
+    const msg = new TextEncoder().encode(message);
+    const hash = import_libsodium_wrappers_sumo.default.crypto_auth(msg, key);
+    return this.bytesToBase64(hash);
+  }
+  timingSafeEqual(a, b) {
+    if (a.length !== b.length) return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return result === 0;
+  }
+  bytesToBase64(bytes) {
+    const binString = Array.from(bytes, (b) => String.fromCharCode(b)).join("");
+    return btoa(binString);
+  }
+  base64ToBytes(base64) {
+    const binString = atob(base64);
+    return Uint8Array.from(binString, (m) => m.charCodeAt(0));
+  }
+  deriveKey(password) {
+    const passwordBytes = new TextEncoder().encode(password);
+    return import_libsodium_wrappers_sumo.default.crypto_generichash(32, passwordBytes, null);
+  }
+};
+async function createEdgeNodeSecurity(options = {}) {
+  const security = new EdgeNodeSecurity(options);
+  await security.initialize();
+  return security;
+}
+
+// src/cli/index.ts
 function printHelp() {
   console.log(`
 Rainfall CLI - 200+ tools, one key
@@ -2591,6 +3575,9 @@ Commands:
   config set <key> <value>      Set configuration value
   config llm                    Show LLM configuration
   
+  edge generate-keys            Generate key pair for edge node encryption
+  edge status                   Show edge node security status
+  
   version                       Show version information
   upgrade                       Upgrade to the latest version
   
@@ -2611,6 +3598,9 @@ Options for 'run':
 Options for 'daemon start':
   --port <port>                 WebSocket port (default: 8765)
   --openai-port <port>          OpenAI API port (default: 8787)
+  --mcp-proxy                   Enable MCP proxy hub (default: enabled)
+  --no-mcp-proxy                Disable MCP proxy hub
+  --secure                      Enable edge node security (JWT, ACLs, encryption)
   --debug                       Enable verbose debug logging
 
 Examples:
@@ -2990,10 +3980,13 @@ function configLLM() {
   console.log("  anthropic - Use Anthropic API directly");
   console.log("  ollama    - Use local Ollama instance");
   console.log("  local     - Use any OpenAI-compatible endpoint (LM Studio, etc.)");
+  console.log("  custom    - Use any custom OpenAI-compatible endpoint (RunPod, etc.)");
   console.log();
   console.log("Examples:");
   console.log("  rainfall config set llm.provider local");
   console.log("  rainfall config set llm.baseUrl http://localhost:1234/v1");
+  console.log("  rainfall config set llm.provider custom");
+  console.log("  rainfall config set llm.baseUrl https://your-runpod-endpoint.runpod.net/v1");
   console.log("  rainfall config set llm.provider openai");
   console.log("  rainfall config set llm.apiKey sk-...");
 }
@@ -3051,6 +4044,7 @@ async function daemonStart(args) {
   let port;
   let openaiPort;
   let debug = false;
+  let enableMcpProxy = true;
   for (let i = 0; i < args.length; i++) {
     const arg = args[i];
     if (arg === "--port") {
@@ -3061,11 +4055,15 @@ async function daemonStart(args) {
       if (!isNaN(val)) openaiPort = val;
     } else if (arg === "--debug") {
       debug = true;
+    } else if (arg === "--mcp-proxy") {
+      enableMcpProxy = true;
+    } else if (arg === "--no-mcp-proxy") {
+      enableMcpProxy = false;
     }
   }
   const { startDaemon: startDaemon2 } = await Promise.resolve().then(() => (init_daemon(), daemon_exports));
   try {
-    await startDaemon2({ port, openaiPort, debug });
+    await startDaemon2({ port, openaiPort, debug, enableMcpProxy });
     process.on("SIGINT", async () => {
       console.log("\n");
       const { stopDaemon: stopDaemon2 } = await Promise.resolve().then(() => (init_daemon(), daemon_exports));
@@ -3137,6 +4135,8 @@ async function daemonStatus() {
   console.log(`  WebSocket port: ${status.port}`);
   console.log(`  OpenAI API port: ${status.openaiPort}`);
   console.log(`  Tools loaded: ${status.toolsLoaded}`);
+  console.log(`  MCP clients: ${status.mcpClients || 0}`);
+  console.log(`  MCP tools: ${status.mcpTools || 0}`);
   console.log(`  Clients connected: ${status.clientsConnected}`);
   console.log(`  Edge Node ID: ${status.edgeNodeId || "local"}`);
   console.log();
@@ -3177,6 +4177,71 @@ async function workflowRun(args) {
   console.log(`\u{1F6A7} Running workflow: ${workflowId}`);
   console.log("Workflow execution coming soon!");
 }
+async function edgeGenerateKeys() {
+  console.log("\u{1F510} Generating edge node key pair...\n");
+  try {
+    const security = await createEdgeNodeSecurity();
+    const keyPair = await security.generateKeyPair();
+    const configDir = getConfigDir();
+    const keysDir = (0, import_path2.join)(configDir, "keys");
+    if (!(0, import_fs2.existsSync)(keysDir)) {
+      (0, import_fs2.mkdirSync)(keysDir, { recursive: true });
+    }
+    const publicKeyPath = (0, import_path2.join)(keysDir, "edge-node.pub");
+    const privateKeyPath = (0, import_path2.join)(keysDir, "edge-node.key");
+    (0, import_fs2.writeFileSync)(publicKeyPath, keyPair.publicKey, { mode: 420 });
+    (0, import_fs2.writeFileSync)(privateKeyPath, keyPair.privateKey, { mode: 384 });
+    console.log("\u2705 Key pair generated successfully!\n");
+    console.log("Public key:", keyPair.publicKey);
+    console.log("\nKey files saved to:");
+    console.log("  Public:", publicKeyPath);
+    console.log("  Private:", privateKeyPath);
+    console.log("\n\u{1F4CB} To register this edge node:");
+    console.log("  1. Copy the public key above");
+    console.log("  2. Register with: rainfall edge register <public-key>");
+    console.log("  3. The backend will return an edgeNodeSecret (JWT)");
+    console.log("  4. Store the secret securely - it expires in 30 days");
+  } catch (error) {
+    console.error("\u274C Failed to generate keys:", error instanceof Error ? error.message : error);
+    process.exit(1);
+  }
+}
+async function edgeStatus() {
+  const configDir = getConfigDir();
+  const keysDir = (0, import_path2.join)(configDir, "keys");
+  const publicKeyPath = (0, import_path2.join)(keysDir, "edge-node.pub");
+  const privateKeyPath = (0, import_path2.join)(keysDir, "edge-node.key");
+  console.log("\u{1F510} Edge Node Security Status\n");
+  const hasPublicKey = (0, import_fs2.existsSync)(publicKeyPath);
+  const hasPrivateKey = (0, import_fs2.existsSync)(privateKeyPath);
+  console.log("Key Pair:");
+  console.log("  Public key:", hasPublicKey ? "\u2705 Present" : "\u274C Missing");
+  console.log("  Private key:", hasPrivateKey ? "\u2705 Present" : "\u274C Missing");
+  if (hasPublicKey) {
+    const publicKey = (0, import_fs2.readFileSync)(publicKeyPath, "utf-8");
+    console.log("\nPublic Key:");
+    console.log("  " + publicKey.substring(0, 50) + "...");
+  }
+  const config = loadConfig();
+  if (config.edgeNodeId) {
+    console.log("\nRegistration:");
+    console.log("  Edge Node ID:", config.edgeNodeId);
+  }
+  if (config.edgeNodeSecret) {
+    console.log("  JWT Secret: \u2705 Present (expires: check with backend)");
+  } else {
+    console.log("  JWT Secret: \u274C Not configured");
+  }
+  console.log("\n\u{1F4DA} Next steps:");
+  if (!hasPublicKey) {
+    console.log("  1. Run: rainfall edge generate-keys");
+  } else if (!config.edgeNodeSecret) {
+    console.log("  1. Register your edge node with the backend");
+    console.log("  2. Store the returned edgeNodeSecret in config");
+  } else {
+    console.log("  Edge node is configured and ready for secure operation");
+  }
+}
 async function main() {
   const args = process.argv.slice(2);
   const command = args[0];
@@ -3282,6 +4347,20 @@ async function main() {
     case "upgrade":
       await upgrade();
       break;
+    case "edge":
+      switch (subcommand) {
+        case "generate-keys":
+          await edgeGenerateKeys();
+          break;
+        case "status":
+          await edgeStatus();
+          break;
+        default:
+          console.error("Error: Unknown edge subcommand");
+          console.error("\nUsage: rainfall edge <generate-keys|status>");
+          process.exit(1);
+      }
+      break;
     case "help":
     case "--help":
     case "-h":