npm - @sanctuary-framework/mcp-server - Versions diffs - 1.1.2 → 1.1.3 - Mend

@sanctuary-framework/mcp-server 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.js CHANGED Viewed

@@ -19,7 +19,7 @@ import { fileURLToPath } from 'url';
 import { Client } from '@modelcontextprotocol/sdk/client/index.js';
 import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';
 import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
-import 'readline/promises';
+import { createInterface } from 'readline/promises';
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -26355,14 +26355,41 @@ function createComplianceTools(deps) {
 init_random();
 init_encoding();
 var RECOVERY_KEY_FILENAME = "recovery-key.txt";
-function printRecoveryKeyBanner(recoveryKey, filePath, output = process.stderr) {
+var RECOVERY_KEY_COPY = {
+  fileName: RECOVERY_KEY_FILENAME,
+  bannerHeader: "SANCTUARY: First Run, Recovery Key Generated",
+  bannerSecretLabel: "Recovery Key",
+  bannerSaveLine: "SAVE THIS KEY. It will not be shown again.",
+  bannerLossLine: "Without it, your encrypted state is unrecoverable.",
+  fileWarningHeader: "SANCTUARY RECOVERY KEY, DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.",
+  fileSecretLabel: "Recovery key:",
+  fileBody: "This file was created on first init. Sanctuary will NOT regenerate this file on\nsubsequent runs and will NOT display the key again. After moving this file off\nthe host (encrypted backup, password manager, paper safe), delete it from the\nfortress directory. Do NOT keep it in the fortress; the recovery key bypasses\nthe cocoon passphrase by design.\n",
+  promptLabel: "recovery key"
+};
+var RecoveryKeyConfirmationDeclinedError = class extends Error {
+  constructor() {
+    super(
+      "Recovery key confirmation declined. Save the recovery key (printed above and written to recovery-key.txt) before re-running init."
+    );
+    this.name = "RecoveryKeyConfirmationDeclinedError";
+  }
+};
+var RecoveryKeyConfirmationNonInteractiveError = class extends Error {
+  constructor() {
+    super(
+      "Recovery key confirmation requires an interactive terminal. Re-run with --no-confirm for CI/scripted use, or run from a TTY."
+    );
+    this.name = "RecoveryKeyConfirmationNonInteractiveError";
+  }
+};
+function printSecretBanner(secret, filePath, copy, output = process.stderr) {
   const lines = [
-    "SANCTUARY: First Run, Recovery Key Generated",
+    copy.bannerHeader,
     "",
-    `Recovery Key: ${recoveryKey}`,
+    `${copy.bannerSecretLabel}: ${secret}`,
     "",
-    "SAVE THIS KEY. It will not be shown again.",
-    "Without it, your encrypted state is unrecoverable.",
+    copy.bannerSaveLine,
+    copy.bannerLossLine,
     "",
     "Plaintext copy written to:",
     `  ${filePath}`,
@@ -26381,8 +26408,8 @@ ${bottom}
 `);
 }
-async function writeRecoveryKeyFile(opts) {
-  const filePath = join(opts.storagePath, RECOVERY_KEY_FILENAME);
+async function writeSecretFile(opts) {
+  const filePath = join(opts.storagePath, opts.copy.fileName);
   try {
     await access(filePath, constants.F_OK);
     return { filePath, written: false };
@@ -26392,40 +26419,76 @@ async function writeRecoveryKeyFile(opts) {
   const now = (opts.now ?? (() => /* @__PURE__ */ new Date()))().toISOString();
   const fortressLine = opts.fortressId ? `Fortress: ${opts.fortressId}
 ` : "";
-  const content = `SANCTUARY RECOVERY KEY \u2014 DO NOT COMMIT, DO NOT EMAIL, MOVE OFF-HOST IMMEDIATELY.
+  const content = `${opts.copy.fileWarningHeader}
 Generated: ${now}
 ` + fortressLine + `
-Recovery key:
-${opts.recoveryKey}
-This file was created on first init. Sanctuary will NOT regenerate this file on
-subsequent runs and will NOT display the key again. After moving this file off
-the host (encrypted backup, password manager, paper safe), delete it from the
-fortress directory. Do NOT keep it in the fortress; the recovery key bypasses
-the cocoon passphrase by design.
-`;
+${opts.copy.fileSecretLabel}
+${opts.secret}
+` + opts.copy.fileBody;
   await writeFile(filePath, content, { mode: 384 });
   return { filePath, written: true };
 }
-async function discloseRecoveryKey(opts) {
-  const fileResult = await writeRecoveryKeyFile({
+async function confirmSecretSaved(copy, declinedError, nonInteractiveError, io) {
+  const input = io?.input ?? process.stdin;
+  const output = io?.output ?? process.stderr;
+  const realStdin = !io && process.stdin.isTTY !== true;
+  if (realStdin) {
+    throw new nonInteractiveError();
+  }
+  const rl = createInterface({ input, output });
+  try {
+    const answer = await rl.question(
+      `Have you saved the ${copy.promptLabel}? [y/N] `
+    );
+    const normalized = answer.trim().toLowerCase();
+    if (normalized !== "y" && normalized !== "yes") {
+      throw new declinedError();
+    }
+  } finally {
+    rl.close();
+  }
+}
+async function discloseSecret(opts, copy, declinedError, nonInteractiveError) {
+  const mode = opts.mode ?? "interactive";
+  const writeOpts = {
     storagePath: opts.storagePath,
-    recoveryKey: opts.recoveryKey,
-    ...opts.fortressId !== void 0 ? { fortressId: opts.fortressId } : {},
-    ...opts.now !== void 0 ? { now: opts.now } : {}
-  });
-  printRecoveryKeyBanner(
-    opts.recoveryKey,
-    fileResult.filePath,
-    opts.io?.output
-  );
-  {
+    secret: opts.secret,
+    copy
+  };
+  if (opts.fortressId !== void 0) writeOpts.fortressId = opts.fortressId;
+  if (opts.now !== void 0) writeOpts.now = opts.now;
+  const fileResult = await writeSecretFile(writeOpts);
+  printSecretBanner(opts.secret, fileResult.filePath, copy, opts.io?.output);
+  if (mode === "no-confirm" || mode === "stdio-server") {
     return {
       filePath: fileResult.filePath,
       fileWritten: fileResult.written,
       confirmed: false
     };
   }
+  await confirmSecretSaved(copy, declinedError, nonInteractiveError, opts.io);
+  return {
+    filePath: fileResult.filePath,
+    fileWritten: fileResult.written,
+    confirmed: true
+  };
+}
+async function discloseRecoveryKey(opts) {
+  const internalOpts = {
+    secret: opts.recoveryKey,
+    storagePath: opts.storagePath
+  };
+  if (opts.fortressId !== void 0) internalOpts.fortressId = opts.fortressId;
+  if (opts.mode !== void 0) internalOpts.mode = opts.mode;
+  if (opts.now !== void 0) internalOpts.now = opts.now;
+  if (opts.io !== void 0) internalOpts.io = opts.io;
+  return discloseSecret(
+    internalOpts,
+    RECOVERY_KEY_COPY,
+    RecoveryKeyConfirmationDeclinedError,
+    RecoveryKeyConfirmationNonInteractiveError
+  );
 }
 // src/hub/agent-registry.ts
@@ -29565,7 +29628,9 @@ Refusing to start the cocoon while the reset-history marker is unreadable.`
   if (recoveryKey) {
     await discloseRecoveryKey({
       recoveryKey,
-      storagePath: config.storage_path});
+      storagePath: config.storage_path,
+      mode: "stdio-server"
+    });
   }
   return {
     server,