@sanctuary-framework/mcp-server 1.1.1 → 1.1.3

package/dist/cli.cjs

@@ -11887,6 +11887,20 @@ async function handleRequest(deps, req, res) {
   const url = new URL(req.url ?? "/", `http://${host}`);
   const method = (req.method ?? "GET").toUpperCase();
   const path = url.pathname;
+  if (deps.v11Bindings) {
+    const handled = await dispatchV11Request(
+      {
+        bindings: deps.v11Bindings,
+        ...deps.authToken !== void 0 ? { authToken: deps.authToken } : {},
+        loopbackAutoAuth: deps.loopbackAutoAuth ?? false
+      },
+      req,
+      res,
+      url,
+      method
+    );
+    if (handled) return true;
+  }
   if (!isAuthorized(deps, req, url)) {
     writeJSON(res, 401, { error: "unauthorized" });
     return true;
@@ -12067,6 +12081,7 @@ var init_api = __esm({
     init_registry();
     init_init();
     init_discovery();
+    init_dispatch();
   }
 });
 
@@ -13602,6 +13617,53 @@ var init_v1_1 = __esm({
     init_client();
   }
 });
+
+// src/dashboard/v1_1/dispatch.ts
+async function dispatchV11Request(inputs, req, res, url, method) {
+  const { bindings, authToken, loopbackAutoAuth } = inputs;
+  if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
+    return handleDashboardV11Route(
+      {
+        identityId: bindings.identityId,
+        fortressId: bindings.fortressId,
+        ...authToken !== void 0 ? { authToken } : {}
+      },
+      req,
+      res
+    );
+  }
+  if (url.pathname.startsWith("/api/hub/")) {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      req,
+      res
+    );
+  }
+  if (method === "GET" && url.pathname === "/api/identities") {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    const aliasReq = Object.create(req);
+    aliasReq.url = "/api/hub/agents" + url.search;
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      aliasReq,
+      res
+    );
+  }
+  return false;
+}
+var init_dispatch = __esm({
+  "src/dashboard/v1_1/dispatch.ts"() {
+    init_api_router();
+    init_v1_1();
+  }
+});
 function isDashboardViewRoute(method, path) {
   if (method !== "GET") return false;
   return path === "/" || path === "/dashboard" || path === "/fortress" || path === "/events";
@@ -13614,8 +13676,7 @@ var init_dashboard = __esm({
     init_dashboard_html();
     init_fortress_view();
     init_system_prompt_generator();
-    init_api_router();
-    init_v1_1();
+    init_dispatch();
     SESSION_TTL_REMOTE_MS = 5 * 60 * 1e3;
     SESSION_TTL_LOCAL_MS = 24 * 60 * 60 * 1e3;
     MAX_SESSIONS = 1e3;
@@ -13737,45 +13798,17 @@ var init_dashboard = __esm({
        */
       async dispatchV11(req, res, url, method) {
         if (!this.v11Bindings) return false;
-        if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
-          const handled = handleDashboardV11Route(
-            {
-              identityId: this.v11Bindings.identityId,
-              fortressId: this.v11Bindings.fortressId,
-              ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-            },
-            req,
-            res
-          );
-          return handled;
-        }
-        if (url.pathname.startsWith("/api/hub/")) {
-          const authConfig = {
-            loopbackAutoAuth: this._autoAuthLocalhost,
-            ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-          };
-          const handled = await handleHubRoute(
-            { authConfig, service: this.v11Bindings.hubService },
-            req,
-            res
-          );
-          return handled;
-        }
-        if (method === "GET" && url.pathname === "/api/identities") {
-          const authConfig = {
-            loopbackAutoAuth: this._autoAuthLocalhost,
-            ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-          };
-          const aliasReq = Object.create(req);
-          aliasReq.url = "/api/hub/agents" + url.search;
-          const handled = await handleHubRoute(
-            { authConfig, service: this.v11Bindings.hubService },
-            aliasReq,
-            res
-          );
-          return handled;
-        }
-        return false;
+        return dispatchV11Request(
+          {
+            bindings: this.v11Bindings,
+            ...this.authToken !== void 0 ? { authToken: this.authToken } : {},
+            loopbackAutoAuth: this._autoAuthLocalhost
+          },
+          req,
+          res,
+          url,
+          method
+        );
       }
       /**
        * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
@@ -27503,14 +27536,14 @@ var init_generator2 = __esm({
     ]);
   }
 });
-function printRecoveryKeyBanner(recoveryKey, filePath, output = process.stderr) {
+function printSecretBanner(secret, filePath, copy, output = process.stderr) {
   const lines = [
-    "SANCTUARY: First Run, Recovery Key Generated",
+    copy.bannerHeader,
     "",
-    `Recovery Key: ${recoveryKey}`,
+    `${copy.bannerSecretLabel}: ${secret}`,
     "",
-    "SAVE THIS KEY. It will not be shown again.",
-    "Without it, your encrypted state is unrecoverable.",
+    copy.bannerSaveLine,
+    copy.bannerLossLine,
     "",
     "Plaintext copy written to:",
     `  ${filePath}`,
@@ -27529,8 +27562,8 @@ ${bottom}
 
 `);
 }
-async function writeRecoveryKeyFile(opts) {
-  const filePath = path.join(opts.storagePath, RECOVERY_KEY_FILENAME);
+async function writeSecretFile(opts) {
+  const filePath = path.join(opts.storagePath, opts.copy.fileName);
   try {
     await promises.access(filePath, promises.constants.F_OK);
     return { filePath, written: false };
@@ -27540,54 +27573,47 @@ async function writeRecoveryKeyFile(opts) {
   const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))().toISOString();
   const fortressLine = opts.fortressId ? `Fortress: ${opts.fortressId}
 ` : "";
-  const content = `SANCTUARY RECOVERY KEY \u2014 DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.
+  const content = `${opts.copy.fileWarningHeader}
 Generated: ${now}
 ` + fortressLine + `
-Recovery key:
-${opts.recoveryKey}
-
-This file was created on first init. Sanctuary will NOT regenerate this file on
-subsequent runs and will NOT display the key again. After moving this file off
-the host (encrypted backup, password manager, paper safe), delete it from the
-fortress directory. Do NOT keep it in the fortress; the recovery key bypasses
-the cocoon passphrase by design.
-`;
+${opts.copy.fileSecretLabel}
+${opts.secret}
+
+` + opts.copy.fileBody;
   await promises.writeFile(filePath, content, { mode: 384 });
   return { filePath, written: true };
 }
-async function confirmRecoveryKeySaved(io) {
+async function confirmSecretSaved(copy, declinedError, nonInteractiveError, io) {
   const input = io?.input ?? process.stdin;
   const output = io?.output ?? process.stderr;
   const realStdin = !io && process.stdin.isTTY !== true;
   if (realStdin) {
-    throw new RecoveryKeyConfirmationNonInteractiveError();
+    throw new nonInteractiveError();
   }
   const rl = promises$1.createInterface({ input, output });
   try {
     const answer = await rl.question(
-      "Have you saved the recovery key? [y/N] "
+      `Have you saved the ${copy.promptLabel}? [y/N] `
     );
     const normalized = answer.trim().toLowerCase();
     if (normalized !== "y" && normalized !== "yes") {
-      throw new RecoveryKeyConfirmationDeclinedError();
+      throw new declinedError();
     }
   } finally {
     rl.close();
   }
 }
-async function discloseRecoveryKey(opts) {
+async function discloseSecret(opts, copy, declinedError, nonInteractiveError) {
   const mode = opts.mode ?? "interactive";
-  const fileResult = await writeRecoveryKeyFile({
+  const writeOpts = {
     storagePath: opts.storagePath,
-    recoveryKey: opts.recoveryKey,
-    ...opts.fortressId !== void 0 ? { fortressId: opts.fortressId } : {},
-    ...opts.now !== void 0 ? { now: opts.now } : {}
-  });
-  printRecoveryKeyBanner(
-    opts.recoveryKey,
-    fileResult.filePath,
-    opts.io?.output
-  );
+    secret: opts.secret,
+    copy
+  };
+  if (opts.fortressId !== void 0) writeOpts.fortressId = opts.fortressId;
+  if (opts.now !== void 0) writeOpts.now = opts.now;
+  const fileResult = await writeSecretFile(writeOpts);
+  printSecretBanner(opts.secret, fileResult.filePath, copy, opts.io?.output);
   if (mode === "no-confirm" || mode === "stdio-server") {
     return {
       filePath: fileResult.filePath,
@@ -27595,17 +27621,72 @@ async function discloseRecoveryKey(opts) {
       confirmed: false
     };
   }
-  await confirmRecoveryKeySaved(opts.io);
+  await confirmSecretSaved(copy, declinedError, nonInteractiveError, opts.io);
   return {
     filePath: fileResult.filePath,
     fileWritten: fileResult.written,
     confirmed: true
   };
 }
-var RECOVERY_KEY_FILENAME, RecoveryKeyConfirmationDeclinedError, RecoveryKeyConfirmationNonInteractiveError;
+async function discloseRecoveryKey(opts) {
+  const internalOpts = {
+    secret: opts.recoveryKey,
+    storagePath: opts.storagePath
+  };
+  if (opts.fortressId !== void 0) internalOpts.fortressId = opts.fortressId;
+  if (opts.mode !== void 0) internalOpts.mode = opts.mode;
+  if (opts.now !== void 0) internalOpts.now = opts.now;
+  if (opts.io !== void 0) internalOpts.io = opts.io;
+  return discloseSecret(
+    internalOpts,
+    RECOVERY_KEY_COPY,
+    RecoveryKeyConfirmationDeclinedError,
+    RecoveryKeyConfirmationNonInteractiveError
+  );
+}
+async function disclosePassphrase(opts) {
+  const internalOpts = {
+    secret: opts.passphrase,
+    storagePath: opts.storagePath
+  };
+  if (opts.fortressId !== void 0) internalOpts.fortressId = opts.fortressId;
+  if (opts.mode !== void 0) internalOpts.mode = opts.mode;
+  if (opts.now !== void 0) internalOpts.now = opts.now;
+  if (opts.io !== void 0) internalOpts.io = opts.io;
+  return discloseSecret(
+    internalOpts,
+    PASSPHRASE_BACKUP_COPY,
+    PassphraseConfirmationDeclinedError,
+    PassphraseConfirmationNonInteractiveError
+  );
+}
+var RECOVERY_KEY_FILENAME, PASSPHRASE_BACKUP_FILENAME, RECOVERY_KEY_COPY, PASSPHRASE_BACKUP_COPY, RecoveryKeyConfirmationDeclinedError, RecoveryKeyConfirmationNonInteractiveError, PassphraseConfirmationDeclinedError, PassphraseConfirmationNonInteractiveError;
 var init_recovery_key_disclosure = __esm({
   "src/cocoon/recovery-key-disclosure.ts"() {
     RECOVERY_KEY_FILENAME = "recovery-key.txt";
+    PASSPHRASE_BACKUP_FILENAME = "passphrase-backup.txt";
+    RECOVERY_KEY_COPY = {
+      fileName: RECOVERY_KEY_FILENAME,
+      bannerHeader: "SANCTUARY: First Run, Recovery Key Generated",
+      bannerSecretLabel: "Recovery Key",
+      bannerSaveLine: "SAVE THIS KEY. It will not be shown again.",
+      bannerLossLine: "Without it, your encrypted state is unrecoverable.",
+      fileWarningHeader: "SANCTUARY RECOVERY KEY, DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.",
+      fileSecretLabel: "Recovery key:",
+      fileBody: "This file was created on first init. Sanctuary will NOT regenerate this file on\nsubsequent runs and will NOT display the key again. After moving this file off\nthe host (encrypted backup, password manager, paper safe), delete it from the\nfortress directory. Do NOT keep it in the fortress; the recovery key bypasses\nthe cocoon passphrase by design.\n",
+      promptLabel: "recovery key"
+    };
+    PASSPHRASE_BACKUP_COPY = {
+      fileName: PASSPHRASE_BACKUP_FILENAME,
+      bannerHeader: "SANCTUARY: First Run, Passphrase Generated",
+      bannerSecretLabel: "Passphrase",
+      bannerSaveLine: "SAVE THIS PASSPHRASE. It will not be shown again.",
+      bannerLossLine: "Without it, your encrypted state is unrecoverable.",
+      fileWarningHeader: "SANCTUARY PASSPHRASE, DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.",
+      fileSecretLabel: "Passphrase:",
+      fileBody: "This file was created on first wrap when Sanctuary generated the passphrase.\nSanctuary will NOT regenerate this file on subsequent runs and will NOT display\nthe passphrase again. After moving this file off the host (encrypted backup,\npassword manager, paper safe), delete it from the fortress directory. Do NOT\nkeep it in the fortress; the keychain copy is recoverable only while the host\nand its OS keyring are intact.\n",
+      promptLabel: "passphrase"
+    };
     RecoveryKeyConfirmationDeclinedError = class extends Error {
       constructor() {
         super(
@@ -27622,6 +27703,22 @@ var init_recovery_key_disclosure = __esm({
         this.name = "RecoveryKeyConfirmationNonInteractiveError";
       }
     };
+    PassphraseConfirmationDeclinedError = class extends Error {
+      constructor() {
+        super(
+          "Passphrase confirmation declined. Save the passphrase (printed above and written to passphrase-backup.txt) before re-running wrap."
+        );
+        this.name = "PassphraseConfirmationDeclinedError";
+      }
+    };
+    PassphraseConfirmationNonInteractiveError = class extends Error {
+      constructor() {
+        super(
+          "Passphrase confirmation requires an interactive terminal. Re-run with --no-open for scripted use, or run from a TTY."
+        );
+        this.name = "PassphraseConfirmationNonInteractiveError";
+      }
+    };
   }
 });
 
@@ -30023,14 +30120,18 @@ async function startDashboardServer(options) {
       }
     }
   };
-  const deps = {
-    sources: options.sources,
-    authToken: options.authToken,
-    approvals: options.approvals,
-    onEvent
-  };
+  let v11Bindings = null;
+  let v11LoopbackAutoAuth = false;
   const server = http.createServer(async (req, res) => {
     try {
+      const deps = {
+        sources: options.sources,
+        authToken: options.authToken,
+        approvals: options.approvals,
+        onEvent,
+        v11Bindings,
+        loopbackAutoAuth: v11LoopbackAutoAuth
+      };
       const served = await handleRequest(deps, req, res);
       if (!served) {
         res.writeHead(404, { "Content-Type": "application/json" });
@@ -30068,7 +30169,13 @@ async function startDashboardServer(options) {
     publishActivity: (entry) => publish({ type: "activity", data: entry }),
     publishApproval: (approval) => publish({ type: "approval", data: approval }),
     publishInbox: (item) => publish({ type: "inbox", data: item }),
-    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot })
+    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot }),
+    setV11Bindings: (bindings) => {
+      v11Bindings = bindings;
+    },
+    setV11LoopbackAutoAuth: (enabled) => {
+      v11LoopbackAutoAuth = enabled;
+    }
   };
 }
 var DEFAULT_PORT, DEFAULT_HOST;
@@ -31332,12 +31439,14 @@ async function runWrap(options, deps = {}) {
   const storagePath = resolveStoragePath();
   let passphraseLocation;
   let passphraseSource;
+  let passphraseValue;
   if (options.passphrase) {
     try {
       const persist = deps.persistPassphrase ?? ((value) => persistUserProvidedPassphrase(value, { storagePath }));
       const persisted = await persist(options.passphrase);
       passphraseLocation = persisted.location;
       passphraseSource = persisted.source;
+      passphraseValue = options.passphrase;
       console.error(
         `
   \u{1F510} Persisted user-supplied passphrase (${persisted.location}).`
@@ -31355,12 +31464,14 @@ async function runWrap(options, deps = {}) {
   } else if (process.env.SANCTUARY_PASSPHRASE) {
     passphraseLocation = "SANCTUARY_PASSPHRASE";
     passphraseSource = "env";
+    passphraseValue = process.env.SANCTUARY_PASSPHRASE;
   } else {
     try {
       const resolve5 = deps.resolvePassphrase ?? (() => getOrCreatePassphrase({ storagePath }));
       const resolved = await resolve5();
       passphraseLocation = resolved.location;
       passphraseSource = resolved.source;
+      passphraseValue = resolved.value;
       if (resolved.source === "generated") {
         console.error(
           `
@@ -31396,6 +31507,27 @@ async function runWrap(options, deps = {}) {
     );
   }
   await promises.mkdir(storagePath, { recursive: true, mode: 448 });
+  if (passphraseSource === "generated" && passphraseValue !== void 0) {
+    try {
+      await disclosePassphrase({
+        passphrase: passphraseValue,
+        storagePath,
+        fortressId: fortressIdFromStoragePath(storagePath),
+        // --no-open (CI / scripted) or non-TTY stdin both skip the prompt
+        // the same way init's --no-confirm does. Operator who scripted the
+        // call still gets the banner + the file; they will not see a hang.
+        mode: options.noOpen || process.stdin.isTTY !== true ? "no-confirm" : "interactive"
+      });
+    } catch (err) {
+      if (err instanceof PassphraseConfirmationDeclinedError || err instanceof PassphraseConfirmationNonInteractiveError) {
+        console.error(`
+  Sanctuary wrap: ${err.message}
+`);
+        process.exit(2);
+      }
+      throw err;
+    }
+  }
   const profile = createWrapProfile(upstreamServers);
   const profilePath = path.join(storagePath, "cocoon-profile.json");
   await promises.writeFile(profilePath, JSON.stringify(profile, null, 2), {
@@ -31418,6 +31550,13 @@ async function runWrap(options, deps = {}) {
   if (process.env.SANCTUARY_DASHBOARD_ENABLED) {
     sanctuaryEnv.SANCTUARY_DASHBOARD_ENABLED = process.env.SANCTUARY_DASHBOARD_ENABLED;
   }
+  if (options.fortress) {
+    sanctuaryEnv.SANCTUARY_FORTRESS_PATH = path.resolve(options.fortress);
+  } else if (process.env.SANCTUARY_FORTRESS_PATH) {
+    sanctuaryEnv.SANCTUARY_FORTRESS_PATH = path.resolve(
+      process.env.SANCTUARY_FORTRESS_PATH
+    );
+  }
   const rewrite = deps.rewriteConfig ?? rewriteConfigForCocoon;
   await rewrite(
     agentConfig,
@@ -31445,6 +31584,40 @@ async function runWrap(options, deps = {}) {
     authToken,
     readPackageVersion()
   );
+  if (passphraseValue !== void 0) {
+    try {
+      const v11Storage = new FilesystemStorage(`${storagePath}/state`);
+      let existingParams;
+      try {
+        const raw = await v11Storage.read("_meta", "key-params");
+        if (raw) {
+          existingParams = JSON.parse(bytesToString(raw));
+        }
+      } catch {
+      }
+      const derived = await deriveMasterKey(passphraseValue, existingParams);
+      if (!existingParams) {
+        await v11Storage.write(
+          "_meta",
+          "key-params",
+          stringToBytes(JSON.stringify(derived.params))
+        );
+      }
+      const wrapAuditLog = new AuditLog(v11Storage, derived.key);
+      dashboard.setV11Bindings(
+        buildV11Bindings({
+          identityId: `fortress:${storagePath}`,
+          fortressId: fortressIdFromStoragePath(storagePath),
+          auditLog: wrapAuditLog
+        })
+      );
+      dashboard.setV11LoopbackAutoAuth(true);
+    } catch (err) {
+      console.error(
+        `  Note: v1.1 dashboard surfaces unavailable on wrap URL (${err.message}). Run \`sanctuary dashboard\` to reach them.`
+      );
+    }
+  }
   const dashboardUrl = `${dashboard.url}?token=${authToken}`;
   const webhookCallbackPortRaw = process.env.SANCTUARY_WEBHOOK_CALLBACK_PORT;
   const webhookCallbackPort = webhookCallbackPortRaw ? parseInt(webhookCallbackPortRaw, 10) : void 0;
@@ -31807,9 +31980,15 @@ var init_cli2 = __esm({
     init_config_reader();
     init_passphrase();
     init_dashboard2();
+    init_wiring();
+    init_filesystem();
+    init_key_derivation();
+    init_encoding();
+    init_audit_log();
     init_config();
     init_paths();
     init_runtime();
+    init_recovery_key_disclosure();
     COCOON_GOVERNOR_DEFAULTS = {
       volume_limit: 200,
       rate_limit_per_tool: 20,
@@ -35201,10 +35380,10 @@ __export(dashboard_standalone_exports, {
   renderTenantDiscoveryHint: () => renderTenantDiscoveryHint,
   startStandaloneDashboard: () => startStandaloneDashboard
 });
-async function discoverableSubTenants(currentStoragePath) {
+async function discoverableSubTenants(currentStoragePath, discoveryOptions) {
   let all;
   try {
-    all = await discoverTenants();
+    all = await discoverTenants(discoveryOptions);
   } catch {
     return [];
   }
@@ -35607,6 +35786,9 @@ var { version: PKG_VERSION4 } = require4("../package.json");
 async function main() {
   const args = process.argv.slice(2);
   let passphrase = process.env.SANCTUARY_PASSPHRASE;
+  if (process.env.SANCTUARY_FORTRESS_PATH && !process.env.SANCTUARY_STORAGE_PATH) {
+    process.env.SANCTUARY_STORAGE_PATH = process.env.SANCTUARY_FORTRESS_PATH;
+  }
   if (args[0] === "dashboard") {
     await runStandaloneDashboard(args.slice(1));
     return;