@sanctuary-framework/mcp-server 1.1.1 → 1.1.2

package/dist/cli.cjs

@@ -11887,6 +11887,20 @@ async function handleRequest(deps, req, res) {
   const url = new URL(req.url ?? "/", `http://${host}`);
   const method = (req.method ?? "GET").toUpperCase();
   const path = url.pathname;
+  if (deps.v11Bindings) {
+    const handled = await dispatchV11Request(
+      {
+        bindings: deps.v11Bindings,
+        ...deps.authToken !== void 0 ? { authToken: deps.authToken } : {},
+        loopbackAutoAuth: deps.loopbackAutoAuth ?? false
+      },
+      req,
+      res,
+      url,
+      method
+    );
+    if (handled) return true;
+  }
   if (!isAuthorized(deps, req, url)) {
     writeJSON(res, 401, { error: "unauthorized" });
     return true;
@@ -12067,6 +12081,7 @@ var init_api = __esm({
     init_registry();
     init_init();
     init_discovery();
+    init_dispatch();
   }
 });
 
@@ -13602,6 +13617,53 @@ var init_v1_1 = __esm({
     init_client();
   }
 });
+
+// src/dashboard/v1_1/dispatch.ts
+async function dispatchV11Request(inputs, req, res, url, method) {
+  const { bindings, authToken, loopbackAutoAuth } = inputs;
+  if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
+    return handleDashboardV11Route(
+      {
+        identityId: bindings.identityId,
+        fortressId: bindings.fortressId,
+        ...authToken !== void 0 ? { authToken } : {}
+      },
+      req,
+      res
+    );
+  }
+  if (url.pathname.startsWith("/api/hub/")) {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      req,
+      res
+    );
+  }
+  if (method === "GET" && url.pathname === "/api/identities") {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    const aliasReq = Object.create(req);
+    aliasReq.url = "/api/hub/agents" + url.search;
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      aliasReq,
+      res
+    );
+  }
+  return false;
+}
+var init_dispatch = __esm({
+  "src/dashboard/v1_1/dispatch.ts"() {
+    init_api_router();
+    init_v1_1();
+  }
+});
 function isDashboardViewRoute(method, path) {
   if (method !== "GET") return false;
   return path === "/" || path === "/dashboard" || path === "/fortress" || path === "/events";
@@ -13614,8 +13676,7 @@ var init_dashboard = __esm({
     init_dashboard_html();
     init_fortress_view();
     init_system_prompt_generator();
-    init_api_router();
-    init_v1_1();
+    init_dispatch();
     SESSION_TTL_REMOTE_MS = 5 * 60 * 1e3;
     SESSION_TTL_LOCAL_MS = 24 * 60 * 60 * 1e3;
     MAX_SESSIONS = 1e3;
@@ -13737,45 +13798,17 @@ var init_dashboard = __esm({
        */
       async dispatchV11(req, res, url, method) {
         if (!this.v11Bindings) return false;
-        if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
-          const handled = handleDashboardV11Route(
-            {
-              identityId: this.v11Bindings.identityId,
-              fortressId: this.v11Bindings.fortressId,
-              ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-            },
-            req,
-            res
-          );
-          return handled;
-        }
-        if (url.pathname.startsWith("/api/hub/")) {
-          const authConfig = {
-            loopbackAutoAuth: this._autoAuthLocalhost,
-            ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-          };
-          const handled = await handleHubRoute(
-            { authConfig, service: this.v11Bindings.hubService },
-            req,
-            res
-          );
-          return handled;
-        }
-        if (method === "GET" && url.pathname === "/api/identities") {
-          const authConfig = {
-            loopbackAutoAuth: this._autoAuthLocalhost,
-            ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-          };
-          const aliasReq = Object.create(req);
-          aliasReq.url = "/api/hub/agents" + url.search;
-          const handled = await handleHubRoute(
-            { authConfig, service: this.v11Bindings.hubService },
-            aliasReq,
-            res
-          );
-          return handled;
-        }
-        return false;
+        return dispatchV11Request(
+          {
+            bindings: this.v11Bindings,
+            ...this.authToken !== void 0 ? { authToken: this.authToken } : {},
+            loopbackAutoAuth: this._autoAuthLocalhost
+          },
+          req,
+          res,
+          url,
+          method
+        );
       }
       /**
        * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
@@ -30023,14 +30056,18 @@ async function startDashboardServer(options) {
       }
     }
   };
-  const deps = {
-    sources: options.sources,
-    authToken: options.authToken,
-    approvals: options.approvals,
-    onEvent
-  };
+  let v11Bindings = null;
+  let v11LoopbackAutoAuth = false;
   const server = http.createServer(async (req, res) => {
     try {
+      const deps = {
+        sources: options.sources,
+        authToken: options.authToken,
+        approvals: options.approvals,
+        onEvent,
+        v11Bindings,
+        loopbackAutoAuth: v11LoopbackAutoAuth
+      };
       const served = await handleRequest(deps, req, res);
       if (!served) {
         res.writeHead(404, { "Content-Type": "application/json" });
@@ -30068,7 +30105,13 @@ async function startDashboardServer(options) {
     publishActivity: (entry) => publish({ type: "activity", data: entry }),
     publishApproval: (approval) => publish({ type: "approval", data: approval }),
     publishInbox: (item) => publish({ type: "inbox", data: item }),
-    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot })
+    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot }),
+    setV11Bindings: (bindings) => {
+      v11Bindings = bindings;
+    },
+    setV11LoopbackAutoAuth: (enabled) => {
+      v11LoopbackAutoAuth = enabled;
+    }
   };
 }
 var DEFAULT_PORT, DEFAULT_HOST;
@@ -31332,12 +31375,14 @@ async function runWrap(options, deps = {}) {
   const storagePath = resolveStoragePath();
   let passphraseLocation;
   let passphraseSource;
+  let passphraseValue;
   if (options.passphrase) {
     try {
       const persist = deps.persistPassphrase ?? ((value) => persistUserProvidedPassphrase(value, { storagePath }));
       const persisted = await persist(options.passphrase);
       passphraseLocation = persisted.location;
       passphraseSource = persisted.source;
+      passphraseValue = options.passphrase;
       console.error(
         `
   \u{1F510} Persisted user-supplied passphrase (${persisted.location}).`
@@ -31355,12 +31400,14 @@ async function runWrap(options, deps = {}) {
   } else if (process.env.SANCTUARY_PASSPHRASE) {
     passphraseLocation = "SANCTUARY_PASSPHRASE";
     passphraseSource = "env";
+    passphraseValue = process.env.SANCTUARY_PASSPHRASE;
   } else {
     try {
       const resolve5 = deps.resolvePassphrase ?? (() => getOrCreatePassphrase({ storagePath }));
       const resolved = await resolve5();
       passphraseLocation = resolved.location;
       passphraseSource = resolved.source;
+      passphraseValue = resolved.value;
       if (resolved.source === "generated") {
         console.error(
           `
@@ -31418,6 +31465,13 @@ async function runWrap(options, deps = {}) {
   if (process.env.SANCTUARY_DASHBOARD_ENABLED) {
     sanctuaryEnv.SANCTUARY_DASHBOARD_ENABLED = process.env.SANCTUARY_DASHBOARD_ENABLED;
   }
+  if (options.fortress) {
+    sanctuaryEnv.SANCTUARY_FORTRESS_PATH = path.resolve(options.fortress);
+  } else if (process.env.SANCTUARY_FORTRESS_PATH) {
+    sanctuaryEnv.SANCTUARY_FORTRESS_PATH = path.resolve(
+      process.env.SANCTUARY_FORTRESS_PATH
+    );
+  }
   const rewrite = deps.rewriteConfig ?? rewriteConfigForCocoon;
   await rewrite(
     agentConfig,
@@ -31445,6 +31499,40 @@ async function runWrap(options, deps = {}) {
     authToken,
     readPackageVersion()
   );
+  if (passphraseValue !== void 0) {
+    try {
+      const v11Storage = new FilesystemStorage(`${storagePath}/state`);
+      let existingParams;
+      try {
+        const raw = await v11Storage.read("_meta", "key-params");
+        if (raw) {
+          existingParams = JSON.parse(bytesToString(raw));
+        }
+      } catch {
+      }
+      const derived = await deriveMasterKey(passphraseValue, existingParams);
+      if (!existingParams) {
+        await v11Storage.write(
+          "_meta",
+          "key-params",
+          stringToBytes(JSON.stringify(derived.params))
+        );
+      }
+      const wrapAuditLog = new AuditLog(v11Storage, derived.key);
+      dashboard.setV11Bindings(
+        buildV11Bindings({
+          identityId: `fortress:${storagePath}`,
+          fortressId: fortressIdFromStoragePath(storagePath),
+          auditLog: wrapAuditLog
+        })
+      );
+      dashboard.setV11LoopbackAutoAuth(true);
+    } catch (err) {
+      console.error(
+        `  Note: v1.1 dashboard surfaces unavailable on wrap URL (${err.message}). Run \`sanctuary dashboard\` to reach them.`
+      );
+    }
+  }
   const dashboardUrl = `${dashboard.url}?token=${authToken}`;
   const webhookCallbackPortRaw = process.env.SANCTUARY_WEBHOOK_CALLBACK_PORT;
   const webhookCallbackPort = webhookCallbackPortRaw ? parseInt(webhookCallbackPortRaw, 10) : void 0;
@@ -31807,6 +31895,11 @@ var init_cli2 = __esm({
     init_config_reader();
     init_passphrase();
     init_dashboard2();
+    init_wiring();
+    init_filesystem();
+    init_key_derivation();
+    init_encoding();
+    init_audit_log();
     init_config();
     init_paths();
     init_runtime();
@@ -35201,10 +35294,10 @@ __export(dashboard_standalone_exports, {
   renderTenantDiscoveryHint: () => renderTenantDiscoveryHint,
   startStandaloneDashboard: () => startStandaloneDashboard
 });
-async function discoverableSubTenants(currentStoragePath) {
+async function discoverableSubTenants(currentStoragePath, discoveryOptions) {
   let all;
   try {
-    all = await discoverTenants();
+    all = await discoverTenants(discoveryOptions);
   } catch {
     return [];
   }
@@ -35607,6 +35700,9 @@ var { version: PKG_VERSION4 } = require4("../package.json");
 async function main() {
   const args = process.argv.slice(2);
   let passphrase = process.env.SANCTUARY_PASSPHRASE;
+  if (process.env.SANCTUARY_FORTRESS_PATH && !process.env.SANCTUARY_STORAGE_PATH) {
+    process.env.SANCTUARY_STORAGE_PATH = process.env.SANCTUARY_FORTRESS_PATH;
+  }
   if (args[0] === "dashboard") {
     await runStandaloneDashboard(args.slice(1));
     return;