@sanctuary-framework/mcp-server 1.1.1 → 1.1.3

package/dist/index.d.cts

@@ -5495,6 +5495,23 @@ interface DashboardHandle {
      * `agent_id`.
      */
     publishAgentStatus: (snapshot: unknown) => void;
+    /**
+     * v1.1.2 hotfix (Finding V): bind v1.1 hub bindings to this dashboard
+     * instance so /v1.1, /api/hub/*, and /api/identities serve the v1.1
+     * surface. Pass null to detach. PR #82 wired these routes only on the
+     * principal-policy DashboardApprovalChannel; the wrap-auto operator
+     * dashboard (this server) needed the same wiring for the wrap-emitted
+     * URL to expose the v1.1 surfaces the v1.1.1 release notes claim.
+     */
+    setV11Bindings: (bindings: V11Bindings | null) => void;
+    /**
+     * v1.1.2: enable loopback auto-auth for /api/hub/* + /api/identities.
+     * When true, requests from 127.0.0.1 / ::1 bypass the bearer-token
+     * check (mirrors the principal-policy dashboard's _autoAuthLocalhost
+     * flag). Set true when the dashboard binds to a loopback host and the
+     * caller has independently authenticated the operator.
+     */
+    setV11LoopbackAutoAuth: (enabled: boolean) => void;
 }
 declare function startDashboardServer(options: DashboardServerOptions): Promise<DashboardHandle>;
 

package/dist/index.d.ts

@@ -5495,6 +5495,23 @@ interface DashboardHandle {
      * `agent_id`.
      */
     publishAgentStatus: (snapshot: unknown) => void;
+    /**
+     * v1.1.2 hotfix (Finding V): bind v1.1 hub bindings to this dashboard
+     * instance so /v1.1, /api/hub/*, and /api/identities serve the v1.1
+     * surface. Pass null to detach. PR #82 wired these routes only on the
+     * principal-policy DashboardApprovalChannel; the wrap-auto operator
+     * dashboard (this server) needed the same wiring for the wrap-emitted
+     * URL to expose the v1.1 surfaces the v1.1.1 release notes claim.
+     */
+    setV11Bindings: (bindings: V11Bindings | null) => void;
+    /**
+     * v1.1.2: enable loopback auto-auth for /api/hub/* + /api/identities.
+     * When true, requests from 127.0.0.1 / ::1 bypass the bearer-token
+     * check (mirrors the principal-policy dashboard's _autoAuthLocalhost
+     * flag). Set true when the dashboard binds to a loopback host and the
+     * caller has independently authenticated the operator.
+     */
+    setV11LoopbackAutoAuth: (enabled: boolean) => void;
 }
 declare function startDashboardServer(options: DashboardServerOptions): Promise<DashboardHandle>;
 

package/dist/index.js

@@ -19,7 +19,7 @@ import { fileURLToPath } from 'url';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
-import 'readline/promises';
+import { createInterface } from 'readline/promises';
 
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -11138,6 +11138,20 @@ async function handleRequest(deps, req, res) {
   const url = new URL(req.url ?? "/", `http://${host}`);
   const method = (req.method ?? "GET").toUpperCase();
   const path = url.pathname;
+  if (deps.v11Bindings) {
+    const handled = await dispatchV11Request(
+      {
+        bindings: deps.v11Bindings,
+        ...deps.authToken !== void 0 ? { authToken: deps.authToken } : {},
+        loopbackAutoAuth: deps.loopbackAutoAuth ?? false
+      },
+      req,
+      res,
+      url,
+      method
+    );
+    if (handled) return true;
+  }
   if (!isAuthorized(deps, req, url)) {
     writeJSON(res, 401, { error: "unauthorized" });
     return true;
@@ -12767,6 +12781,47 @@ function handleDashboardV11Route(deps, req, res) {
   return true;
 }
 
+// src/dashboard/v1_1/dispatch.ts
+async function dispatchV11Request(inputs, req, res, url, method) {
+  const { bindings, authToken, loopbackAutoAuth } = inputs;
+  if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
+    return handleDashboardV11Route(
+      {
+        identityId: bindings.identityId,
+        fortressId: bindings.fortressId,
+        ...authToken !== void 0 ? { authToken } : {}
+      },
+      req,
+      res
+    );
+  }
+  if (url.pathname.startsWith("/api/hub/")) {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      req,
+      res
+    );
+  }
+  if (method === "GET" && url.pathname === "/api/identities") {
+    const authConfig = {
+      loopbackAutoAuth,
+      ...authToken !== void 0 ? { authToken } : {}
+    };
+    const aliasReq = Object.create(req);
+    aliasReq.url = "/api/hub/agents" + url.search;
+    return handleHubRoute(
+      { authConfig, service: bindings.hubService },
+      aliasReq,
+      res
+    );
+  }
+  return false;
+}
+
 // src/principal-policy/dashboard.ts
 var SESSION_TTL_REMOTE_MS = 5 * 60 * 1e3;
 var SESSION_TTL_LOCAL_MS = 24 * 60 * 60 * 1e3;
@@ -12893,45 +12948,17 @@ var DashboardApprovalChannel = class {
    */
   async dispatchV11(req, res, url, method) {
     if (!this.v11Bindings) return false;
-    if (method === "GET" && (url.pathname === "/v1.1" || url.pathname === "/v1.1/")) {
-      const handled = handleDashboardV11Route(
-        {
-          identityId: this.v11Bindings.identityId,
-          fortressId: this.v11Bindings.fortressId,
-          ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-        },
-        req,
-        res
-      );
-      return handled;
-    }
-    if (url.pathname.startsWith("/api/hub/")) {
-      const authConfig = {
-        loopbackAutoAuth: this._autoAuthLocalhost,
-        ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-      };
-      const handled = await handleHubRoute(
-        { authConfig, service: this.v11Bindings.hubService },
-        req,
-        res
-      );
-      return handled;
-    }
-    if (method === "GET" && url.pathname === "/api/identities") {
-      const authConfig = {
-        loopbackAutoAuth: this._autoAuthLocalhost,
-        ...this.authToken !== void 0 ? { authToken: this.authToken } : {}
-      };
-      const aliasReq = Object.create(req);
-      aliasReq.url = "/api/hub/agents" + url.search;
-      const handled = await handleHubRoute(
-        { authConfig, service: this.v11Bindings.hubService },
-        aliasReq,
-        res
-      );
-      return handled;
-    }
-    return false;
+    return dispatchV11Request(
+      {
+        bindings: this.v11Bindings,
+        ...this.authToken !== void 0 ? { authToken: this.authToken } : {},
+        loopbackAutoAuth: this._autoAuthLocalhost
+      },
+      req,
+      res,
+      url,
+      method
+    );
   }
   /**
    * v0.10.2: enable (or disable) the loopback auto-auth fast path. See
@@ -26328,14 +26355,41 @@ function createComplianceTools(deps) {
 init_random();
 init_encoding();
 var RECOVERY_KEY_FILENAME = "recovery-key.txt";
-function printRecoveryKeyBanner(recoveryKey, filePath, output = process.stderr) {
+var RECOVERY_KEY_COPY = {
+  fileName: RECOVERY_KEY_FILENAME,
+  bannerHeader: "SANCTUARY: First Run, Recovery Key Generated",
+  bannerSecretLabel: "Recovery Key",
+  bannerSaveLine: "SAVE THIS KEY. It will not be shown again.",
+  bannerLossLine: "Without it, your encrypted state is unrecoverable.",
+  fileWarningHeader: "SANCTUARY RECOVERY KEY, DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.",
+  fileSecretLabel: "Recovery key:",
+  fileBody: "This file was created on first init. Sanctuary will NOT regenerate this file on\nsubsequent runs and will NOT display the key again. After moving this file off\nthe host (encrypted backup, password manager, paper safe), delete it from the\nfortress directory. Do NOT keep it in the fortress; the recovery key bypasses\nthe cocoon passphrase by design.\n",
+  promptLabel: "recovery key"
+};
+var RecoveryKeyConfirmationDeclinedError = class extends Error {
+  constructor() {
+    super(
+      "Recovery key confirmation declined. Save the recovery key (printed above and written to recovery-key.txt) before re-running init."
+    );
+    this.name = "RecoveryKeyConfirmationDeclinedError";
+  }
+};
+var RecoveryKeyConfirmationNonInteractiveError = class extends Error {
+  constructor() {
+    super(
+      "Recovery key confirmation requires an interactive terminal. Re-run with --no-confirm for CI/scripted use, or run from a TTY."
+    );
+    this.name = "RecoveryKeyConfirmationNonInteractiveError";
+  }
+};
+function printSecretBanner(secret, filePath, copy, output = process.stderr) {
   const lines = [
-    "SANCTUARY: First Run, Recovery Key Generated",
+    copy.bannerHeader,
     "",
-    `Recovery Key: ${recoveryKey}`,
+    `${copy.bannerSecretLabel}: ${secret}`,
     "",
-    "SAVE THIS KEY. It will not be shown again.",
-    "Without it, your encrypted state is unrecoverable.",
+    copy.bannerSaveLine,
+    copy.bannerLossLine,
     "",
     "Plaintext copy written to:",
     `  ${filePath}`,
@@ -26354,8 +26408,8 @@ ${bottom}
 
 `);
 }
-async function writeRecoveryKeyFile(opts) {
-  const filePath = join(opts.storagePath, RECOVERY_KEY_FILENAME);
+async function writeSecretFile(opts) {
+  const filePath = join(opts.storagePath, opts.copy.fileName);
   try {
     await access(filePath, constants.F_OK);
     return { filePath, written: false };
@@ -26365,40 +26419,76 @@ async function writeRecoveryKeyFile(opts) {
   const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))().toISOString();
   const fortressLine = opts.fortressId ? `Fortress: ${opts.fortressId}
 ` : "";
-  const content = `SANCTUARY RECOVERY KEY \u2014 DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.
+  const content = `${opts.copy.fileWarningHeader}
 Generated: ${now}
 ` + fortressLine + `
-Recovery key:
-${opts.recoveryKey}
-
-This file was created on first init. Sanctuary will NOT regenerate this file on
-subsequent runs and will NOT display the key again. After moving this file off
-the host (encrypted backup, password manager, paper safe), delete it from the
-fortress directory. Do NOT keep it in the fortress; the recovery key bypasses
-the cocoon passphrase by design.
-`;
+${opts.copy.fileSecretLabel}
+${opts.secret}
+
+` + opts.copy.fileBody;
   await writeFile(filePath, content, { mode: 384 });
   return { filePath, written: true };
 }
-async function discloseRecoveryKey(opts) {
-  const fileResult = await writeRecoveryKeyFile({
+async function confirmSecretSaved(copy, declinedError, nonInteractiveError, io) {
+  const input = io?.input ?? process.stdin;
+  const output = io?.output ?? process.stderr;
+  const realStdin = !io && process.stdin.isTTY !== true;
+  if (realStdin) {
+    throw new nonInteractiveError();
+  }
+  const rl = createInterface({ input, output });
+  try {
+    const answer = await rl.question(
+      `Have you saved the ${copy.promptLabel}? [y/N] `
+    );
+    const normalized = answer.trim().toLowerCase();
+    if (normalized !== "y" && normalized !== "yes") {
+      throw new declinedError();
+    }
+  } finally {
+    rl.close();
+  }
+}
+async function discloseSecret(opts, copy, declinedError, nonInteractiveError) {
+  const mode = opts.mode ?? "interactive";
+  const writeOpts = {
     storagePath: opts.storagePath,
-    recoveryKey: opts.recoveryKey,
-    ...opts.fortressId !== void 0 ? { fortressId: opts.fortressId } : {},
-    ...opts.now !== void 0 ? { now: opts.now } : {}
-  });
-  printRecoveryKeyBanner(
-    opts.recoveryKey,
-    fileResult.filePath,
-    opts.io?.output
-  );
-  {
+    secret: opts.secret,
+    copy
+  };
+  if (opts.fortressId !== void 0) writeOpts.fortressId = opts.fortressId;
+  if (opts.now !== void 0) writeOpts.now = opts.now;
+  const fileResult = await writeSecretFile(writeOpts);
+  printSecretBanner(opts.secret, fileResult.filePath, copy, opts.io?.output);
+  if (mode === "no-confirm" || mode === "stdio-server") {
     return {
       filePath: fileResult.filePath,
       fileWritten: fileResult.written,
       confirmed: false
     };
   }
+  await confirmSecretSaved(copy, declinedError, nonInteractiveError, opts.io);
+  return {
+    filePath: fileResult.filePath,
+    fileWritten: fileResult.written,
+    confirmed: true
+  };
+}
+async function discloseRecoveryKey(opts) {
+  const internalOpts = {
+    secret: opts.recoveryKey,
+    storagePath: opts.storagePath
+  };
+  if (opts.fortressId !== void 0) internalOpts.fortressId = opts.fortressId;
+  if (opts.mode !== void 0) internalOpts.mode = opts.mode;
+  if (opts.now !== void 0) internalOpts.now = opts.now;
+  if (opts.io !== void 0) internalOpts.io = opts.io;
+  return discloseSecret(
+    internalOpts,
+    RECOVERY_KEY_COPY,
+    RecoveryKeyConfirmationDeclinedError,
+    RecoveryKeyConfirmationNonInteractiveError
+  );
 }
 
 // src/hub/agent-registry.ts
@@ -28820,14 +28910,18 @@ async function startDashboardServer(options) {
       }
     }
   };
-  const deps = {
-    sources: options.sources,
-    authToken: options.authToken,
-    approvals: options.approvals,
-    onEvent
-  };
+  let v11Bindings = null;
+  let v11LoopbackAutoAuth = false;
   const server = createServer$2(async (req, res) => {
     try {
+      const deps = {
+        sources: options.sources,
+        authToken: options.authToken,
+        approvals: options.approvals,
+        onEvent,
+        v11Bindings,
+        loopbackAutoAuth: v11LoopbackAutoAuth
+      };
       const served = await handleRequest(deps, req, res);
       if (!served) {
         res.writeHead(404, { "Content-Type": "application/json" });
@@ -28865,7 +28959,13 @@ async function startDashboardServer(options) {
     publishActivity: (entry) => publish({ type: "activity", data: entry }),
     publishApproval: (approval) => publish({ type: "approval", data: approval }),
     publishInbox: (item) => publish({ type: "inbox", data: item }),
-    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot })
+    publishAgentStatus: (snapshot) => publish({ type: "agent_status", data: snapshot }),
+    setV11Bindings: (bindings) => {
+      v11Bindings = bindings;
+    },
+    setV11LoopbackAutoAuth: (enabled) => {
+      v11LoopbackAutoAuth = enabled;
+    }
   };
 }
 
@@ -29528,7 +29628,9 @@ Refusing to start the cocoon while the reset-history marker is unreadable.`
   if (recoveryKey) {
     await discloseRecoveryKey({
       recoveryKey,
-      storagePath: config.storage_path});
+      storagePath: config.storage_path,
+      mode: "stdio-server"
+    });
   }
   return {
     server,