@signet-auth/mcp 0.1.0

package/dist/src/index.d.ts

@@ -0,0 +1 @@
+export { SigningTransport, type SigningTransportOptions, type Transport, type JSONRPCMessage } from './signing-transport.js';

package/dist/src/index.js

@@ -0,0 +1 @@
+export { SigningTransport } from './signing-transport.js';

package/dist/src/signing-transport.d.ts

@@ -0,0 +1,43 @@
+import { type SignetReceipt } from '@signet-auth/core';
+export interface JSONRPCMessage {
+    jsonrpc: '2.0';
+    id?: string | number;
+    method?: string;
+    params?: Record<string, unknown>;
+    result?: unknown;
+    error?: unknown;
+}
+export interface Transport {
+    start(): Promise<void>;
+    send(message: JSONRPCMessage, options?: unknown): Promise<void>;
+    close(): Promise<void>;
+    onclose?: () => void;
+    onerror?: (error: Error) => void;
+    onmessage?: (message: JSONRPCMessage, extra?: unknown) => void;
+    sessionId?: string;
+    setProtocolVersion?: (version: string) => void;
+}
+export interface SigningTransportOptions {
+    target?: string;
+    transport?: string;
+    onSign?: (receipt: SignetReceipt) => void;
+}
+export declare class SigningTransport implements Transport {
+    private inner;
+    private secretKey;
+    private signerName;
+    private signerOwner;
+    private opts;
+    constructor(inner: Transport, secretKey: string, signerName: string, signerOwner?: string, options?: SigningTransportOptions);
+    onclose?: () => void;
+    onerror?: (error: Error) => void;
+    onmessage?: (message: JSONRPCMessage, extra?: unknown) => void;
+    get sessionId(): string | undefined;
+    setProtocolVersion: (v: string) => void;
+    start(): Promise<void>;
+    close(): Promise<void>;
+    send(message: JSONRPCMessage, options?: unknown): Promise<void>;
+    private isToolCall;
+    private signToolCall;
+    private injectSignet;
+}

package/dist/src/signing-transport.js

@@ -0,0 +1,63 @@
+import { sign } from '@signet-auth/core';
+export class SigningTransport {
+    inner;
+    secretKey;
+    signerName;
+    signerOwner;
+    opts;
+    constructor(inner, secretKey, signerName, signerOwner, options) {
+        this.inner = inner;
+        this.secretKey = secretKey;
+        this.signerName = signerName;
+        this.signerOwner = signerOwner ?? '';
+        this.opts = options ?? {};
+        // Forward callbacks using lazy closures.
+        // MCP SDK's Protocol.connect() sets our callbacks AFTER construction,
+        // so these closures must read this.onclose/etc lazily at call time.
+        this.inner.onclose = () => this.onclose?.();
+        this.inner.onerror = (e) => this.onerror?.(e);
+        this.inner.onmessage = (msg, extra) => this.onmessage?.(msg, extra);
+    }
+    onclose;
+    onerror;
+    onmessage;
+    get sessionId() { return this.inner.sessionId; }
+    setProtocolVersion = (v) => {
+        this.inner.setProtocolVersion?.(v);
+    };
+    start() { return this.inner.start(); }
+    close() { return this.inner.close(); }
+    async send(message, options) {
+        if (this.isToolCall(message)) {
+            const receipt = this.signToolCall(message);
+            this.injectSignet(message, receipt);
+            this.opts.onSign?.(receipt);
+        }
+        return this.inner.send(message, options);
+    }
+    isToolCall(message) {
+        return message.method === 'tools/call';
+    }
+    signToolCall(message) {
+        const params = (message.params ?? {});
+        const action = {
+            tool: params.name ?? 'unknown',
+            params: params.arguments ?? {},
+            params_hash: '',
+            target: this.opts.target ?? 'unknown',
+            transport: this.opts.transport ?? 'stdio',
+        };
+        return sign(this.secretKey, action, this.signerName, this.signerOwner);
+    }
+    injectSignet(message, receipt) {
+        // Deep-clone params to avoid mutating the original object
+        const params = JSON.parse(JSON.stringify(message.params ?? {}));
+        if (!params._meta)
+            params._meta = {};
+        params._meta._signet = {
+            ...receipt,
+            action: { ...receipt.action, params: null },
+        };
+        message.params = params;
+    }
+}

package/dist/tests/mcp.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tests/mcp.test.js

@@ -0,0 +1,78 @@
+import { describe, it } from 'node:test';
+import assert from 'node:assert';
+import { generateKeypair } from '@signet-auth/core';
+import { SigningTransport } from '../src/index.js';
+// Mock transport that records sent messages
+class MockTransport {
+    sent = [];
+    onclose;
+    onerror;
+    onmessage;
+    sessionId;
+    async start() { }
+    async close() { }
+    async send(message) {
+        this.sent.push(JSON.parse(JSON.stringify(message)));
+    }
+}
+describe('@signet/mcp SigningTransport', () => {
+    const kp = generateKeypair();
+    function createTransport() {
+        const mock = new MockTransport();
+        const signing = new SigningTransport(mock, kp.secretKey, 'test-agent', 'owner', {
+            target: 'mcp://test-server',
+            transport: 'stdio',
+        });
+        return { mock, signing };
+    }
+    function toolCallMessage(name, args) {
+        return {
+            jsonrpc: '2.0',
+            id: 1,
+            method: 'tools/call',
+            params: { name, arguments: args },
+        };
+    }
+    it('signs tool call messages', async () => {
+        const { mock, signing } = createTransport();
+        await signing.send(toolCallMessage('echo', { message: 'hello' }));
+        assert.strictEqual(mock.sent.length, 1);
+        const sent = mock.sent[0];
+        assert(sent.params._meta._signet, '_signet should be injected');
+        assert(sent.params._meta._signet.sig.startsWith('ed25519:'));
+        assert(sent.params._meta._signet.id.startsWith('rec_'));
+    });
+    it('passes through non-tool-call messages', async () => {
+        const { mock, signing } = createTransport();
+        const listMsg = { jsonrpc: '2.0', id: 2, method: 'tools/list', params: {} };
+        await signing.send(listMsg);
+        assert.strictEqual(mock.sent.length, 1);
+        const sent = mock.sent[0];
+        assert.strictEqual(sent.params._meta, undefined);
+    });
+    it('receipt has correct tool name', async () => {
+        const { mock, signing } = createTransport();
+        await signing.send(toolCallMessage('github_create_issue', { title: 'bug' }));
+        const signet = mock.sent[0].params._meta._signet;
+        assert.strictEqual(signet.action.tool, 'github_create_issue');
+    });
+    it('receipt params are null (hash-only)', async () => {
+        const { mock, signing } = createTransport();
+        await signing.send(toolCallMessage('echo', { data: 'secret' }));
+        const signet = mock.sent[0].params._meta._signet;
+        assert.strictEqual(signet.action.params, null);
+        assert(signet.action.params_hash.startsWith('sha256:'));
+    });
+    it('onSign callback fires with receipt', async () => {
+        const mock = new MockTransport();
+        let callbackReceipt = null;
+        const signing = new SigningTransport(mock, kp.secretKey, 'test-agent', 'owner', {
+            onSign: (r) => { callbackReceipt = r; },
+        });
+        await signing.send(toolCallMessage('test', {}));
+        assert(callbackReceipt !== null, 'callback should have been called');
+        const r = callbackReceipt;
+        assert(r.id.startsWith('rec_'));
+        assert.strictEqual(r.signer.name, 'test-agent');
+    });
+});

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@signet-auth/mcp",
+  "version": "0.1.0",
+  "description": "MCP middleware for Signet cryptographic action receipts",
+  "type": "module",
+  "main": "dist/src/index.js",
+  "types": "dist/src/index.d.ts",
+  "files": ["dist/"],
+  "scripts": {
+    "build": "npx tsc",
+    "test": "npx tsc && node --test dist/tests/mcp.test.js"
+  },
+  "dependencies": {
+    "@signet-auth/core": "file:../signet-core"
+  },
+  "devDependencies": {
+    "@types/node": "^22",
+    "typescript": "^5"
+  },
+  "license": "Apache-2.0 OR MIT"
+}