@sentropic/h2a-cli 0.23.0 → 0.25.1

package/dist/runtime/mcp-http/oauth/single-tenant-provider.js

@@ -0,0 +1,238 @@
+import { InvalidClientMetadataError, InvalidGrantError, InvalidScopeError, InvalidTargetError, InvalidTokenError } from "@modelcontextprotocol/sdk/server/auth/errors.js";
+import { H2A_HOSTED_OAUTH_SCOPE as OAUTH_SCOPE } from "./config.js";
+import { randomToken, sha256Hex, timingSafeEqualString, tokenHashPrefix } from "./crypto.js";
+import { allRedirectUrisAllowed } from "./redirect-uri.js";
+export class SingleTenantOAuthProvider {
+    opts;
+    clientsStore;
+    constructor(opts) {
+        this.opts = opts;
+        this.clientsStore = {
+            getClient: (clientId) => this.opts.store.getClient(clientId),
+            registerClient: async (client) => {
+                if (!allRedirectUrisAllowed(client.redirect_uris, this.opts.allowedRedirectUris, this.opts.nodeEnv)) {
+                    throw new InvalidClientMetadataError("redirect_uris contains a URI that is not allowed");
+                }
+                const normalized = {
+                    ...client,
+                    scope: OAUTH_SCOPE,
+                    grant_types: ["authorization_code", "refresh_token"],
+                    response_types: ["code"],
+                    token_endpoint_auth_method: client.token_endpoint_auth_method ?? "none"
+                };
+                return this.opts.store.registerClient(normalized);
+            }
+        };
+    }
+    nowSeconds() {
+        return this.opts.nowSeconds?.() ?? Math.floor(Date.now() / 1000);
+    }
+    async authorizeRequest(client, params, input) {
+        if (input.method !== "POST") {
+            return { kind: "consent", status: 200, html: this.renderConsentForm(client, params, undefined) };
+        }
+        if (!input.consentSecret || !timingSafeEqualString(input.consentSecret, this.opts.consentSecret)) {
+            return { kind: "consent", status: 401, html: this.renderConsentForm(client, params, "Invalid consent secret") };
+        }
+        const code = await this.issueAuthorizationCode(client, {
+            redirectUri: params.redirectUri,
+            codeChallenge: params.codeChallenge,
+            scopes: this.normalizeScopes(params.scopes),
+            ...(params.resource !== undefined && { resource: params.resource }),
+            ...(params.state !== undefined && { state: params.state })
+        });
+        const redirect = new URL(params.redirectUri);
+        redirect.searchParams.set("code", code);
+        if (params.state)
+            redirect.searchParams.set("state", params.state);
+        return { kind: "redirect", location: redirect.href };
+    }
+    async issueAuthorizationCode(client, params) {
+        const resource = this.normalizeResource(params.resource);
+        const scopes = this.normalizeScopes(params.scopes);
+        const code = randomToken();
+        const now = this.nowSeconds();
+        await this.opts.store.putAuthorizationCode(code, {
+            clientId: client.client_id,
+            redirectUri: params.redirectUri,
+            codeChallenge: params.codeChallenge,
+            scopes,
+            resource: resource.href,
+            createdAt: now,
+            expiresAt: now + this.opts.authCodeTtlSeconds
+        });
+        return code;
+    }
+    renderConsentForm(client, params, error) {
+        const scope = this.normalizeScopes(params.scopes).join(" ");
+        const resource = this.normalizeResource(params.resource).href;
+        const clientName = escapeHtml(client.client_name ?? client.client_id);
+        const errorHtml = error ? `<p class="alert" role="alert">${escapeHtml(error)}</p>` : "";
+        return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Connect to h2a · SENT Tech</title>
+<style>
+  body { margin:0; min-height:100vh; display:grid; place-items:center; background:#f8fafc;
+    color:#0f172a; font-family:Inter,system-ui,sans-serif; line-height:1.5; padding:1.5rem; }
+  .card { width:100%; max-width:30rem; background:#fff; border:1px solid #e2e8f0;
+    border-radius:.5rem; box-shadow:0 1px 3px rgb(15 23 42 / .08); padding:1.75rem; }
+  h1 { font-size:1.125rem; margin:0 0 .25rem; }
+  .lead { font-size:.9375rem; color:#475569; margin:0 0 1.25rem; }
+  dl { display:grid; grid-template-columns:auto 1fr; gap:.4rem .9rem; margin:0 0 1.25rem; font-size:.8125rem; }
+  dt { color:#475569; } dd { margin:0; word-break:break-all; font-family:monospace; font-size:.75rem; }
+  label { display:block; font-size:.875rem; font-weight:600; margin-bottom:.35rem; }
+  .hint { font-weight:400; color:#475569; font-size:.8125rem; }
+  input[type=password] { width:100%; padding:.6rem .7rem; font-size:.95rem; border:1px solid #e2e8f0;
+    border-radius:.5rem; margin-bottom:1rem; font-family:monospace; }
+  button { width:100%; padding:.65rem 1rem; font-size:.95rem; font-weight:600; color:#fff;
+    background:oklch(50% 0.134 242.749); border:0; border-radius:.5rem; cursor:pointer; }
+  .alert { background:#fef2f2; border:1px solid #fecaca; color:#991b1b; border-radius:.5rem;
+    padding:.6rem .8rem; font-size:.8125rem; margin:0 0 1rem; }
+</style>
+</head>
+<body>
+<main class="card">
+  <h1>Connect to h2a</h1>
+  <p class="lead"><strong>${clientName}</strong> is requesting access to this h2a MCP connector.
+    Approving grants it the <code>h2a:read</code> scope on this endpoint only &mdash; a
+    <strong>read-only</strong> view (discover / nhi / posture). It never receives any h2a
+    private key and cannot sign or mutate. Enter the operator consent secret to approve.</p>
+  ${errorHtml}
+  <dl>
+    <dt>Client</dt><dd>${clientName}</dd>
+    <dt>Redirect</dt><dd>${escapeHtml(params.redirectUri)}</dd>
+    <dt>Scope</dt><dd>${escapeHtml(scope)}</dd>
+  </dl>
+  <form method="post" action="/authorize">
+    <input type="hidden" name="response_type" value="code">
+    <input type="hidden" name="client_id" value="${escapeHtml(client.client_id)}">
+    <input type="hidden" name="redirect_uri" value="${escapeHtml(params.redirectUri)}">
+    <input type="hidden" name="code_challenge" value="${escapeHtml(params.codeChallenge)}">
+    <input type="hidden" name="code_challenge_method" value="S256">
+    <input type="hidden" name="scope" value="${escapeHtml(scope)}">
+    <input type="hidden" name="resource" value="${escapeHtml(resource)}">
+    ${params.state ? `<input type="hidden" name="state" value="${escapeHtml(params.state)}">` : ""}
+    <label for="cs">Consent secret <span class="hint">— operator only</span></label>
+    <input id="cs" name="consent_secret" type="password" autocomplete="current-password" autofocus>
+    <button type="submit">Authorize</button>
+  </form>
+</main>
+</body>
+</html>`;
+    }
+    async challengeForAuthorizationCode(_client, authorizationCode) {
+        const record = await this.opts.store.getAuthorizationCode(authorizationCode, this.nowSeconds());
+        if (!record)
+            throw new InvalidGrantError("authorization code is invalid or expired");
+        return record.codeChallenge;
+    }
+    async exchangeAuthorizationCode(client, authorizationCode, _codeVerifier, redirectUri, resource) {
+        const record = await this.opts.store.consumeAuthorizationCode(authorizationCode, this.nowSeconds());
+        if (!record)
+            throw new InvalidGrantError("authorization code is invalid, expired, or already used");
+        if (record.clientId !== client.client_id)
+            throw new InvalidGrantError("authorization code was issued to another client");
+        if (redirectUri && redirectUri !== record.redirectUri)
+            throw new InvalidGrantError("redirect_uri does not match authorization code");
+        if (this.normalizeResource(resource).href !== record.resource)
+            throw new InvalidTargetError("resource does not match authorization code");
+        return this.issueTokens(client, record.scopes, new URL(record.resource), undefined);
+    }
+    async exchangeRefreshToken(client, refreshToken, scopes, resource) {
+        const record = await this.opts.store.findToken(refreshToken);
+        const now = this.nowSeconds();
+        if (!record || record.tokenType !== "refresh" || record.revokedAt || record.expiresAt <= now) {
+            throw new InvalidGrantError("refresh token is invalid or expired");
+        }
+        if (record.clientId !== client.client_id)
+            throw new InvalidGrantError("refresh token was issued to another client");
+        if (this.normalizeResource(resource).href !== record.resource)
+            throw new InvalidTargetError("resource does not match refresh token");
+        const requestedScopes = this.normalizeScopes(scopes ?? record.scopes);
+        if (!requestedScopes.every((scope) => record.scopes.includes(scope))) {
+            throw new InvalidScopeError("requested scope exceeds refresh token scope");
+        }
+        await this.opts.store.revokeToken(refreshToken, now);
+        return this.issueTokens(client, requestedScopes, new URL(record.resource), sha256Hex(refreshToken));
+    }
+    async verifyAccessToken(token) {
+        const record = await this.opts.store.findToken(token);
+        const now = this.nowSeconds();
+        if (!record || record.tokenType !== "access" || record.revokedAt || record.expiresAt <= now) {
+            throw new InvalidTokenError("access token is invalid or expired");
+        }
+        return {
+            token,
+            clientId: record.clientId,
+            scopes: record.scopes,
+            expiresAt: record.expiresAt,
+            resource: new URL(record.resource),
+            extra: { tokenHashPrefix: tokenHashPrefix(record.tokenHash) }
+        };
+    }
+    async revokeToken(_client, request) {
+        await this.opts.store.revokeToken(request.token, this.nowSeconds());
+    }
+    async issueTokensForTests(client) {
+        return this.issueTokens(client, [OAUTH_SCOPE], this.opts.resourceServerUrl, undefined);
+    }
+    async issueTokens(client, scopes, resource, parentRefreshTokenHash) {
+        const accessToken = randomToken();
+        const refreshToken = randomToken();
+        const now = this.nowSeconds();
+        await this.opts.store.putToken(accessToken, {
+            tokenType: "access",
+            clientId: client.client_id,
+            scopes,
+            resource: resource.href,
+            issuedAt: now,
+            expiresAt: now + this.opts.accessTokenTtlSeconds,
+            ...(parentRefreshTokenHash !== undefined && { parentRefreshTokenHash })
+        });
+        await this.opts.store.putToken(refreshToken, {
+            tokenType: "refresh",
+            clientId: client.client_id,
+            scopes,
+            resource: resource.href,
+            issuedAt: now,
+            expiresAt: now + this.opts.refreshTokenTtlSeconds,
+            ...(parentRefreshTokenHash !== undefined && { parentRefreshTokenHash })
+        });
+        return {
+            access_token: accessToken,
+            refresh_token: refreshToken,
+            token_type: "Bearer",
+            expires_in: this.opts.accessTokenTtlSeconds,
+            scope: scopes.join(" ")
+        };
+    }
+    normalizeScopes(scopes) {
+        const requested = scopes && scopes.length > 0 ? [...scopes] : [OAUTH_SCOPE];
+        if (!requested.every((scope) => scope === OAUTH_SCOPE)) {
+            throw new InvalidScopeError(`only ${OAUTH_SCOPE} scope is supported`);
+        }
+        return [OAUTH_SCOPE];
+    }
+    normalizeResource(resource) {
+        const rs = this.opts.resourceServerUrl;
+        if (resource === undefined)
+            return rs;
+        const path = resource.pathname.replace(/\/+$/, "");
+        const rsPath = rs.pathname.replace(/\/+$/, "");
+        if (resource.origin === rs.origin && (path === rsPath || path === ""))
+            return rs;
+        throw new InvalidTargetError("resource must match the MCP resource server URL");
+    }
+}
+function escapeHtml(value) {
+    return value
+        .replaceAll("&", "&amp;")
+        .replaceAll("<", "&lt;")
+        .replaceAll(">", "&gt;")
+        .replaceAll('"', "&quot;")
+        .replaceAll("'", "&#39;");
+}
+//# sourceMappingURL=single-tenant-provider.js.map

package/dist/runtime/mcp-http/oauth/single-tenant-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"single-tenant-provider.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/single-tenant-provider.ts"],"names":[],"mappings":"AAUA,OAAO,EACL,0BAA0B,EAC1B,iBAAiB,EACjB,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EAClB,MAAM,iDAAiD,CAAC;AASzD,OAAO,EAAE,sBAAsB,IAAI,WAAW,EAAE,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7F,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAkC3D,MAAM,OAAO,yBAAyB;IAGP;IAFpB,YAAY,CAAmB;IAExC,YAA6B,IAAqB;QAArB,SAAI,GAAJ,IAAI,CAAiB;QAChD,IAAI,CAAC,YAAY,GAAG;YAClB,SAAS,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC;YAC5D,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;gBAC/B,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACpG,MAAM,IAAI,0BAA0B,CAAC,kDAAkD,CAAC,CAAC;gBAC3F,CAAC;gBACD,MAAM,UAAU,GAA+B;oBAC7C,GAAG,MAAM;oBACT,KAAK,EAAE,WAAW;oBAClB,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;oBACpD,cAAc,EAAE,CAAC,MAAM,CAAC;oBACxB,0BAA0B,EAAE,MAAM,CAAC,0BAA0B,IAAI,MAAM;iBACxE,CAAC;gBACF,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YACpD,CAAC;SACF,CAAC;IACJ,CAAC;IAEO,UAAU;QAChB,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CACpB,MAAkC,EAClC,MAA2B,EAC3B,KAAiD;QAEjD,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC5B,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,aAAa,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;YACjG,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,wBAAwB,CAAC,EAAE,CAAC;QAClH,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE;YACrD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,MAAM,EAAE,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;YACnE,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC;SAC3D,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC7C,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACxC,IAAI,MAAM,CAAC,KAAK;YAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,sBAAsB,CAAC,MAAkC,EAAE,MAAuB;QACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,WAAW,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,EAAE;YAC/C,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,MAAM;YACN,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,kBAAkB;SAC9C,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,iBAAiB,CACvB,MAAkC,EAClC,MAA2B,EAC3B,KAAyB;QAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC;QAC9D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC;QACtE,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,iCAAiC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACxF,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;4BA4BiB,UAAU;;;;IAIlC,SAAS;;yBAEY,UAAU;2BACR,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC;wBACjC,UAAU,CAAC,KAAK,CAAC;;;;mDAIU,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC;sDACzB,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC;wDAC5B,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC;;+CAEzC,UAAU,CAAC,KAAK,CAAC;kDACd,UAAU,CAAC,QAAQ,CAAC;MAChE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,4CAA4C,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;;;;;;;QAO1F,CAAC;IACP,CAAC;IAED,KAAK,CAAC,6BAA6B,CACjC,OAAmC,EACnC,iBAAyB;QAEzB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,iBAAiB,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;QAChG,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,iBAAiB,CAAC,0CAA0C,CAAC,CAAC;QACrF,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,yBAAyB,CAC7B,MAAkC,EAClC,iBAAyB,EACzB,aAAsB,EACtB,WAAoB,EACpB,QAAc;QAEd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,iBAAiB,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;QACpG,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,iBAAiB,CAAC,yDAAyD,CAAC,CAAC;QACpG,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,SAAS;YACtC,MAAM,IAAI,iBAAiB,CAAC,iDAAiD,CAAC,CAAC;QACjF,IAAI,WAAW,IAAI,WAAW,KAAK,MAAM,CAAC,WAAW;YACnD,MAAM,IAAI,iBAAiB,CAAC,gDAAgD,CAAC,CAAC;QAChF,IAAI,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ;YAC3D,MAAM,IAAI,kBAAkB,CAAC,4CAA4C,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,oBAAoB,CACxB,MAAkC,EAClC,YAAoB,EACpB,MAAiB,EACjB,QAAc;QAEd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC7D,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;YAC7F,MAAM,IAAI,iBAAiB,CAAC,qCAAqC,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,CAAC,SAAS;YACtC,MAAM,IAAI,iBAAiB,CAAC,4CAA4C,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ;YAC3D,MAAM,IAAI,kBAAkB,CAAC,uCAAuC,CAAC,CAAC;QACxE,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACtE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,iBAAiB,CAAC,6CAA6C,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;QACrD,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,eAAe,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;IACtG,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;YAC5F,MAAM,IAAI,iBAAiB,CAAC,oCAAoC,CAAC,CAAC;QACpE,CAAC;QACD,OAAO;YACL,KAAK;YACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;YAClC,KAAK,EAAE,EAAE,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;SAC9D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAmC,EAAE,OAAoC;QACzF,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAkC;QAC1D,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;IACzF,CAAC;IAEO,KAAK,CAAC,WAAW,CACvB,MAAkC,EAClC,MAAgB,EAChB,QAAa,EACb,sBAA0C;QAE1C,MAAM,WAAW,GAAG,WAAW,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,WAAW,EAAE,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,EAAE;YAC1C,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM;YACN,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,qBAAqB;YAChD,GAAG,CAAC,sBAAsB,KAAK,SAAS,IAAI,EAAE,sBAAsB,EAAE,CAAC;SACxE,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE;YAC3C,SAAS,EAAE,SAAS;YACpB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,MAAM;YACN,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,QAAQ,EAAE,GAAG;YACb,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,sBAAsB;YACjD,GAAG,CAAC,sBAAsB,KAAK,SAAS,IAAI,EAAE,sBAAsB,EAAE,CAAC;SACxE,CAAC,CAAC;QACH,OAAO;YACL,YAAY,EAAE,WAAW;YACzB,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,qBAAqB;YAC3C,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;SACxB,CAAC;IACJ,CAAC;IAEO,eAAe,CAAC,MAAqC;QAC3D,MAAM,SAAS,GAAG,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;QAC5E,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,WAAW,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAiB,CAAC,QAAQ,WAAW,qBAAqB,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,CAAC,WAAW,CAAC,CAAC;IACvB,CAAC;IAEO,iBAAiB,CAAC,QAAyB;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC;QACvC,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC/C,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAAE,OAAO,EAAE,CAAC;QACjF,MAAM,IAAI,kBAAkB,CAAC,iDAAiD,CAAC,CAAC;IAClF,CAAC;CACF;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK;SACT,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC;SACxB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC;SACvB,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC;SACzB,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;AAC9B,CAAC"}

package/dist/runtime/mcp-http/readonly-allowlist.d.ts

@@ -0,0 +1,24 @@
+/**
+ * EVO-12 hosted MCP — read-only tool allowlist (the load-bearing security
+ * invariant, DEC-116 / EVO-11 key custody).
+ *
+ * The internet-facing hosted MCP (enrolled from claude.ai) exposes ONLY read
+ * tools. No tool that takes a private key is ever routable on the hosted
+ * surface, so the ed25519 private key never travels over the wire. Signing
+ * stays on the keyring-holding side (local CLI / sidecar). This is a STRUCTURAL
+ * deployment property, not a phase: `hostedReadOnlyDescriptors` throws if the
+ * allowlist ever contains a private-key tool (defense-in-depth schema scan).
+ */
+import type { McpToolDescriptor, McpToolName } from "../mcp/tools.js";
+/** Phase-1 read-only surface: "claude.ai has the info" (discover / nhi / posture). */
+export declare const H2A_HOSTED_READONLY_TOOLS: readonly McpToolName[];
+/** True iff the tool's input schema carries a private key (must never be hosted). */
+export declare function toolTakesPrivateKey(descriptor: McpToolDescriptor): boolean;
+export declare function isHostedReadOnlyTool(name: string): boolean;
+/**
+ * The read-only descriptor subset to expose on the hosted MCP. THROWS if any
+ * allowlisted tool takes a private key — the allowlist must never include a
+ * signing tool (structural invariant, not a runtime hope).
+ */
+export declare function hostedReadOnlyDescriptors(all: readonly McpToolDescriptor[]): McpToolDescriptor[];
+//# sourceMappingURL=readonly-allowlist.d.ts.map

package/dist/runtime/mcp-http/readonly-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"readonly-allowlist.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/readonly-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEtE,sFAAsF;AACtF,eAAO,MAAM,yBAAyB,EAAE,SAAS,WAAW,EAO3D,CAAC;AAEF,qFAAqF;AACrF,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,iBAAiB,GAAG,OAAO,CAE1E;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE1D;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,SAAS,iBAAiB,EAAE,GAChC,iBAAiB,EAAE,CAWrB"}

package/dist/runtime/mcp-http/readonly-allowlist.js

@@ -0,0 +1,43 @@
+/**
+ * EVO-12 hosted MCP — read-only tool allowlist (the load-bearing security
+ * invariant, DEC-116 / EVO-11 key custody).
+ *
+ * The internet-facing hosted MCP (enrolled from claude.ai) exposes ONLY read
+ * tools. No tool that takes a private key is ever routable on the hosted
+ * surface, so the ed25519 private key never travels over the wire. Signing
+ * stays on the keyring-holding side (local CLI / sidecar). This is a STRUCTURAL
+ * deployment property, not a phase: `hostedReadOnlyDescriptors` throws if the
+ * allowlist ever contains a private-key tool (defense-in-depth schema scan).
+ */
+/** Phase-1 read-only surface: "claude.ai has the info" (discover / nhi / posture). */
+export const H2A_HOSTED_READONLY_TOOLS = [
+    "h2a_discover_instances",
+    "h2a_discover_sessions",
+    "h2a_nhi_inventory",
+    "h2a_nhi_report",
+    "h2a_conflict_posture",
+    "h2a_blockage_list"
+];
+/** True iff the tool's input schema carries a private key (must never be hosted). */
+export function toolTakesPrivateKey(descriptor) {
+    return JSON.stringify(descriptor.inputSchema ?? {}).includes("privateKeyPem");
+}
+export function isHostedReadOnlyTool(name) {
+    return H2A_HOSTED_READONLY_TOOLS.includes(name);
+}
+/**
+ * The read-only descriptor subset to expose on the hosted MCP. THROWS if any
+ * allowlisted tool takes a private key — the allowlist must never include a
+ * signing tool (structural invariant, not a runtime hope).
+ */
+export function hostedReadOnlyDescriptors(all) {
+    const exposed = all.filter((d) => isHostedReadOnlyTool(d.name));
+    const leaky = exposed.filter(toolTakesPrivateKey);
+    if (leaky.length > 0) {
+        throw new Error(`EVO-12 hosted allowlist must not include private-key tools: ${leaky
+            .map((d) => d.name)
+            .join(", ")}`);
+    }
+    return exposed;
+}
+//# sourceMappingURL=readonly-allowlist.js.map

package/dist/runtime/mcp-http/readonly-allowlist.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"readonly-allowlist.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/readonly-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,sFAAsF;AACtF,MAAM,CAAC,MAAM,yBAAyB,GAA2B;IAC/D,wBAAwB;IACxB,uBAAuB;IACvB,mBAAmB;IACnB,gBAAgB;IAChB,sBAAsB;IACtB,mBAAmB;CACpB,CAAC;AAEF,qFAAqF;AACrF,MAAM,UAAU,mBAAmB,CAAC,UAA6B;IAC/D,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,OAAQ,yBAA+C,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACzE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,yBAAyB,CACvC,GAAiC;IAEjC,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CACb,+DAA+D,KAAK;aACjE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aAClB,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/runtime/mcp-http/serve.d.ts

@@ -0,0 +1,30 @@
+import type { McpServer } from "../mcp/server.js";
+import { type H2AHostedOAuthConfig } from "./oauth/config.js";
+export interface HostedEnv {
+    PUBLIC_BASE_URL?: string;
+    OAUTH_ISSUER_URL?: string;
+    OAUTH_ALLOWED_REDIRECT_URIS?: string;
+    OAUTH_CONSENT_SECRET?: string;
+    OAUTH_ACCESS_TOKEN_TTL_SECONDS?: string;
+    OAUTH_REFRESH_TOKEN_TTL_SECONDS?: string;
+    OAUTH_AUTH_CODE_TTL_SECONDS?: string;
+    OAUTH_STORE_PATH?: string;
+    H2A_ROOT?: string;
+    PORT?: string;
+    NODE_ENV?: string;
+}
+export interface HostedConfig {
+    oauthConfig: H2AHostedOAuthConfig;
+    storePath: string;
+    root: string;
+    port: number;
+}
+/** Pure: validate + derive the hosted config from env (defaults claude.ai redirects). */
+export declare function buildHostedConfigFromEnv(env: HostedEnv): HostedConfig;
+export interface StartedHostedServer {
+    port: number;
+    h2aMcpServer: McpServer;
+    stop(): void;
+}
+export declare function startHostedServer(env?: HostedEnv): Promise<StartedHostedServer>;
+//# sourceMappingURL=serve.d.ts.map

package/dist/runtime/mcp-http/serve.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/serve.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,KAAK,oBAAoB,EAAsB,MAAM,mBAAmB,CAAC;AAIlF,MAAM,WAAW,SAAS;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,oBAAoB,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,SAAS,GAAG,YAAY,CAoBrE;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,SAAS,CAAC;IACxB,IAAI,IAAI,IAAI,CAAC;CACd;AAED,wBAAsB,iBAAiB,CAAC,GAAG,GAAE,SAAuB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAelG"}

package/dist/runtime/mcp-http/serve.js

@@ -0,0 +1,53 @@
+/**
+ * EVO-12 hosted MCP — env-driven entrypoint. Reads the deploy env, builds the
+ * OAuth provider + the read-only h2a MCP surface, and serves the Hono app over
+ * HTTP (@hono/node-server). `buildHostedConfigFromEnv` is the testable core.
+ */
+import { join } from "node:path";
+import { serve } from "@hono/node-server";
+import { createMcpServer } from "../mcp/index.js";
+import { createHostedApp } from "./app.js";
+import { oauthConfigFromEnv } from "./oauth/config.js";
+import { FileOAuthStore } from "./oauth/file-store.js";
+import { SingleTenantOAuthProvider } from "./oauth/single-tenant-provider.js";
+const DEFAULT_CLAUDE_REDIRECTS = "https://claude.ai/api/mcp/auth_callback,https://claude.com/api/mcp/auth_callback";
+/** Pure: validate + derive the hosted config from env (defaults claude.ai redirects). */
+export function buildHostedConfigFromEnv(env) {
+    const publicBaseUrl = env.PUBLIC_BASE_URL;
+    if (!publicBaseUrl)
+        throw new Error("PUBLIC_BASE_URL is required");
+    const root = env.H2A_ROOT ?? join(process.cwd(), ".h2a");
+    const oauthConfig = oauthConfigFromEnv({
+        PUBLIC_BASE_URL: publicBaseUrl,
+        OAUTH_ISSUER_URL: env.OAUTH_ISSUER_URL ?? publicBaseUrl,
+        OAUTH_ALLOWED_REDIRECT_URIS: env.OAUTH_ALLOWED_REDIRECT_URIS ?? DEFAULT_CLAUDE_REDIRECTS,
+        ...(env.OAUTH_CONSENT_SECRET !== undefined && { OAUTH_CONSENT_SECRET: env.OAUTH_CONSENT_SECRET }),
+        OAUTH_ACCESS_TOKEN_TTL_SECONDS: Number(env.OAUTH_ACCESS_TOKEN_TTL_SECONDS ?? 3600),
+        OAUTH_REFRESH_TOKEN_TTL_SECONDS: Number(env.OAUTH_REFRESH_TOKEN_TTL_SECONDS ?? 1_209_600),
+        OAUTH_AUTH_CODE_TTL_SECONDS: Number(env.OAUTH_AUTH_CODE_TTL_SECONDS ?? 60),
+        NODE_ENV: env.NODE_ENV ?? "production"
+    });
+    return {
+        oauthConfig,
+        storePath: env.OAUTH_STORE_PATH ?? join(root, "oauth-clients.json"),
+        root,
+        port: Number(env.PORT ?? 8787)
+    };
+}
+export async function startHostedServer(env = process.env) {
+    const cfg = buildHostedConfigFromEnv(env);
+    const store = new FileOAuthStore(cfg.storePath);
+    await store.load();
+    const oauthProvider = new SingleTenantOAuthProvider({ store, ...cfg.oauthConfig });
+    const h2aMcpServer = createMcpServer({ root: cfg.root });
+    const app = createHostedApp({ oauthProvider, oauthConfig: cfg.oauthConfig, h2aMcpServer });
+    const server = serve({ fetch: app.fetch, port: cfg.port });
+    return {
+        port: cfg.port,
+        h2aMcpServer,
+        stop: () => {
+            server.close?.();
+        }
+    };
+}
+//# sourceMappingURL=serve.js.map

package/dist/runtime/mcp-http/serve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/serve.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAE1C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAA6B,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAgB9E,MAAM,wBAAwB,GAC5B,kFAAkF,CAAC;AASrF,yFAAyF;AACzF,MAAM,UAAU,wBAAwB,CAAC,GAAc;IACrD,MAAM,aAAa,GAAG,GAAG,CAAC,eAAe,CAAC;IAC1C,IAAI,CAAC,aAAa;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACnE,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,eAAe,EAAE,aAAa;QAC9B,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,IAAI,aAAa;QACvD,2BAA2B,EAAE,GAAG,CAAC,2BAA2B,IAAI,wBAAwB;QACxF,GAAG,CAAC,GAAG,CAAC,oBAAoB,KAAK,SAAS,IAAI,EAAE,oBAAoB,EAAE,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACjG,8BAA8B,EAAE,MAAM,CAAC,GAAG,CAAC,8BAA8B,IAAI,IAAI,CAAC;QAClF,+BAA+B,EAAE,MAAM,CAAC,GAAG,CAAC,+BAA+B,IAAI,SAAS,CAAC;QACzF,2BAA2B,EAAE,MAAM,CAAC,GAAG,CAAC,2BAA2B,IAAI,EAAE,CAAC;QAC1E,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,YAAY;KACvC,CAAC,CAAC;IACH,OAAO;QACL,WAAW;QACX,SAAS,EAAE,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC;QACnE,IAAI;QACJ,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;KAC/B,CAAC;AACJ,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAAiB,OAAO,CAAC,GAAG;IAClE,MAAM,GAAG,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;IACnB,MAAM,aAAa,GAAG,IAAI,yBAAyB,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IACnF,MAAM,YAAY,GAAG,eAAe,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,eAAe,CAAC,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC;IAC3F,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,YAAY;QACZ,IAAI,EAAE,GAAG,EAAE;YACR,MAAiC,CAAC,KAAK,EAAE,EAAE,CAAC;QAC/C,CAAC;KACF,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentropic/h2a-cli",
-  "version": "0.23.0",
+  "version": "0.25.1",
   "description": "Unified CLI surface for h2a hosts and MCP-oriented coordination flows.",
   "license": "MIT",
   "type": "module",
@@ -40,7 +40,11 @@
     "skills"
   ],
   "dependencies": {
-    "@sentropic/h2a": "^0.23.0"
+    "@hono/mcp": "^0.3.0",
+    "@hono/node-server": "^2.0.4",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@sentropic/h2a": "^0.25.1",
+    "hono": "^4.12.23"
   },
   "publishConfig": {
     "access": "public"