npm - @sanctuary-framework/mcp-server - Versions diffs - 1.1.4 → 1.1.5 - Mend

@sanctuary-framework/mcp-server 1.1.4 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/cli.js CHANGED Viewed

@@ -12,7 +12,7 @@ import { argon2id } from 'hash-wasm';
 import { hkdf } from '@noble/hashes/hkdf';
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprotocol/sdk/types.js';
-import { statSync, existsSync, readFileSync, mkdirSync } from 'fs';
+import { existsSync, readFileSync, statSync, mkdirSync, writeFileSync, renameSync, chmodSync } from 'fs';
 import { fileURLToPath } from 'url';
 import { exec, execSync, spawn } from 'child_process';
 import { createServer as createServer$2, get as get$1 } from 'http';
@@ -28580,8 +28580,69 @@ var init_hub = __esm({
     init_api_router();
   }
 });
+function localAgentsFilePath(storagePath) {
+  return join(storagePath, "state", "_hub", "local-agents.json");
+}
+function readPersistedLocalAgents(storagePath) {
+  const filePath = localAgentsFilePath(storagePath);
+  if (!existsSync(filePath)) return [];
+  try {
+    const raw = readFileSync(filePath, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!parsed || !Array.isArray(parsed.agents)) return [];
+    return parsed.agents;
+  } catch {
+    return [];
+  }
+}
+function writePersistedLocalAgents(storagePath, agents) {
+  const filePath = localAgentsFilePath(storagePath);
+  const dir = dirname(filePath);
+  mkdirSync(dir, { recursive: true, mode: 448 });
+  const payload = {
+    version: PERSISTED_VERSION,
+    agents
+  };
+  const tmpPath = `${filePath}.tmp`;
+  writeFileSync(tmpPath, `${JSON.stringify(payload, null, 2)}
+`, {
+    mode: 384
+  });
+  renameSync(tmpPath, filePath);
+  chmodSync(filePath, 384);
+}
+function upsertPersistedLocalAgent(storagePath, record) {
+  const existing = readPersistedLocalAgents(storagePath);
+  const idx = existing.findIndex((r) => r.agent_id === record.agent_id);
+  let next;
+  if (idx >= 0) {
+    const prior = existing[idx];
+    if (prior === void 0) {
+      next = [...existing, record];
+    } else {
+      const updated = {
+        ...record,
+        wrapped_at: prior.wrapped_at,
+        last_activity_at: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      next = [...existing];
+      next[idx] = updated;
+    }
+  } else {
+    next = [...existing, record];
+  }
+  writePersistedLocalAgents(storagePath, next);
+  return next;
+}
+var PERSISTED_VERSION;
+var init_agent_registry_persistence = __esm({
+  "src/hub/agent-registry-persistence.ts"() {
+    PERSISTED_VERSION = "1.1";
+  }
+});
 function buildV11Bindings(inputs) {
-  const registry = new InMemoryLocalAgentRegistry([]);
+  const seed = inputs.storagePath !== void 0 ? readPersistedLocalAgents(inputs.storagePath) : [];
+  const registry = new InMemoryLocalAgentRegistry(seed);
   const hubService = new HubService({
     identityId: inputs.identityId,
     fortressId: inputs.fortressId,
@@ -28619,6 +28680,7 @@ var init_wiring = __esm({
   "src/dashboard/v1_1/wiring.ts"() {
     init_hub();
     init_errors4();
+    init_agent_registry_persistence();
     CapabilityErrorAgentController = class {
       fail(action) {
         throw new HubCapabilityError(
@@ -30651,7 +30713,12 @@ Refusing to start the cocoon while the reset-history marker is unreadable.`
       buildV11Bindings({
         identityId: embeddedHubIdentityId,
         fortressId: fortressIdFromStoragePath(config.storage_path),
-        auditLog
+        auditLog,
+        // v1.1.5 (Finding Z): rehydrate the hub agent registry from
+        // `<storagePath>/state/_hub/local-agents.json` so the embedded
+        // dashboard surfaces wraps performed by prior `sanctuary wrap`
+        // invocations against this same fortress.
+        storagePath: config.storage_path
       })
     );
     await dashboard.start();
@@ -31294,6 +31361,7 @@ __export(cli_exports, {
   PORT_FALLBACK_ATTEMPTS: () => PORT_FALLBACK_ATTEMPTS,
   formatMcpServerCount: () => formatMcpServerCount,
   formatWrapSuccess: () => formatWrapSuccess,
+  formatWrapSuccessNoDashboard: () => formatWrapSuccessNoDashboard,
   parseCocoonArgs: () => parseCocoonArgs,
   parseWrapArgs: () => parseWrapArgs,
   promoteFortressToStoragePath: () => promoteFortressToStoragePath,
@@ -31566,6 +31634,28 @@ async function runWrap(options, deps = {}) {
     backupPath
   );
   if (!verifyOk) process.exit(1);
+  try {
+    upsertPersistedLocalAgent(
+      storagePath,
+      buildLocalAgentRecord({
+        storagePath,
+        platform: agentConfig.platform
+      })
+    );
+  } catch (err) {
+    console.error(
+      `  Note: v1.1 hub agent record not persisted (${err.message}). Re-run \`sanctuary wrap\` to retry, or check storage permissions on ${storagePath}.`
+    );
+  }
+  if (options.noDashboard) {
+    const toolName2 = toolNameFor(agentConfig.platform, agentConfig.servers);
+    printWrapSuccessNoDashboard({
+      toolName: toolName2,
+      version: readPackageVersion(),
+      toolCount: countUpstreamTools(upstreamServers),
+      serverCount: upstreamServers.length});
+    return;
+  }
   const authToken = generateAuthToken();
   const startFn = deps.startDashboard ?? ((opts) => startDashboard({
     port: opts.port,
@@ -31605,7 +31695,12 @@ async function runWrap(options, deps = {}) {
         buildV11Bindings({
           identityId: `fortress:${storagePath}`,
           fortressId: fortressIdFromStoragePath(storagePath),
-          auditLog: wrapAuditLog
+          auditLog: wrapAuditLog,
+          // v1.1.5 (Finding Z): rehydrate from the file the upsert
+          // above just wrote, so the registry the wrap-auto dashboard
+          // serves contains this wrap plus any prior wraps against the
+          // same fortress.
+          storagePath
         })
       );
       dashboard.setV11LoopbackAutoAuth(true);
@@ -31745,6 +31840,32 @@ function formatWrapSuccess(info) {
 function printWrapSuccess(info) {
   console.error(formatWrapSuccess(info));
 }
+function formatWrapSuccessNoDashboard(info) {
+  const g = (s) => `\x1B[32m${s}\x1B[0m`;
+  const d = (s) => `\x1B[2m${s}\x1B[0m`;
+  const b = (s) => `\x1B[1m${s}\x1B[0m`;
+  const check = "\u2713";
+  const lines = [];
+  lines.push("");
+  lines.push(
+    `  ${g(check)} Wrapped ${b(info.toolName)} with Sanctuary v${info.version}`
+  );
+  lines.push(
+    `  ${g(check)} ${info.toolCount} tools registered across ${info.serverCount} upstream server${info.serverCount !== 1 ? "s" : ""}`
+  );
+  lines.push(
+    `  ${d("Dashboard spawn skipped per --no-dashboard. Run `sanctuary dashboard` separately for a persistent dashboard.")}`
+  );
+  lines.push("");
+  lines.push(
+    `  ${b("Your agent is protected.")} L1 Full / L2 Degraded (no TEE) / L3 Full / L4 Full.`
+  );
+  lines.push("");
+  return lines.join("\n");
+}
+function printWrapSuccessNoDashboard(info) {
+  console.error(formatWrapSuccessNoDashboard(info));
+}
 async function verifyRewrittenConfig(configPath, backupPath) {
   try {
     const raw = await readFile(configPath, "utf-8");
@@ -31861,6 +31982,57 @@ function toolNameFor(platform4, _servers) {
       return "your agent";
   }
 }
+function harnessKindForPlatform(platform4) {
+  switch (platform4) {
+    case "openclaw":
+      return "openclaw";
+    case "hermes":
+      return "hermes";
+    case "claude-code":
+      return "claude_code";
+    case "cursor":
+      return "cursor";
+    case "cline":
+      return "cline";
+    case "generic":
+      return "generic_mcp";
+    default: {
+      return "other";
+    }
+  }
+}
+function buildLocalAgentRecord(input) {
+  const harness = harnessKindForPlatform(input.platform);
+  const fortressId = fortressIdFromStoragePath(input.storagePath);
+  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    version: "1.1",
+    agent_id: `agent:${harness}:${fortressId}`,
+    identity_id: `fortress:${input.storagePath}`,
+    harness,
+    model_provider: {
+      vendor: "unknown",
+      model_id: "unknown",
+      runs_locally: false
+    },
+    policy_id: "unbound",
+    status: "active",
+    budget_summary: {
+      last_refreshed_at: nowIso
+    },
+    last_activity_at: nowIso,
+    wrapped_at: nowIso,
+    capabilities: {
+      can_pause: false,
+      can_resume: false,
+      can_restart: false,
+      can_unwrap: true,
+      can_lockdown: false,
+      can_chat: false,
+      can_change_template: false
+    }
+  };
+}
 function countUpstreamTools(servers) {
   return servers.length === 0 ? 0 : servers.length;
 }
@@ -31921,6 +32093,9 @@ function parseWrapArgs(argv) {
       case "--no-open":
         options.noOpen = true;
         break;
+      case "--no-dashboard":
+        options.noDashboard = true;
+        break;
       case "--fortress":
         options.fortress = argv[++i];
         break;
@@ -31961,6 +32136,11 @@ function printWrapHelp() {
     --port <port>      Preferred dashboard port (default: 3501)
     --dry-run          Show what would happen without making changes
     --no-open          Do not auto-open the dashboard in a browser
+    --no-dashboard     Do not spawn a per-call dashboard server. Wrap still
+                       persists the agent record so a separately-running
+                       \`sanctuary dashboard\` (or a later wrap) sees the
+                       harness. Use this for the clean operator setup
+                       (one persistent dashboard + many wraps).
     --help, -h         Show this help
   What happens:
@@ -31978,6 +32158,7 @@ var init_cli2 = __esm({
     init_passphrase();
     init_dashboard2();
     init_wiring();
+    init_agent_registry_persistence();
     init_filesystem();
     init_key_derivation();
     init_encoding();
@@ -35615,7 +35796,12 @@ Refusing to start the dashboard while the reset-history marker is unreadable.`
     buildV11Bindings({
       identityId: hubIdentityId,
       fortressId: fortressIdFromStoragePath(config.storage_path),
-      auditLog
+      auditLog,
+      // v1.1.5 (Finding Z): rehydrate the hub agent registry from
+      // `<storagePath>/state/_hub/local-agents.json` so the standalone
+      // dashboard surfaces wraps performed by prior `sanctuary wrap`
+      // invocations against this same fortress.
+      storagePath: config.storage_path
     })
   );
   const hostIsLoopback = dashboardHost === "127.0.0.1" || dashboardHost === "::1" || dashboardHost === "localhost";
@@ -35645,6 +35831,10 @@ Refusing to start the dashboard while the reset-history marker is unreadable.`
   console.error(`Sanctuary Dashboard v${SANCTUARY_VERSION} (standalone mode)`);
   console.error(`Storage: ${config.storage_path}`);
   console.error(`Identities loaded: ${loadResult.loaded}`);
+  const persistedAgentsCount = readPersistedLocalAgents(
+    config.storage_path
+  ).length;
+  console.error(`Local agents loaded: ${persistedAgentsCount}`);
   console.error(`Listening: http://${dashboardHost}:${dashboardPort}`);
   if (loadResult.total > 0 && loadResult.loaded === 0) {
     const service = keychainServiceFor(config.storage_path, homedir());
@@ -35703,6 +35893,7 @@ var init_dashboard_standalone = __esm({
     init_recovery_key_disclosure();
     init_discovery();
     init_wiring();
+    init_agent_registry_persistence();
   }
 });