npm - @sleep2agi/commhub-server - Versions diffs - 0.5.0-preview.37 → 0.5.0-preview.38 - Mend

@sleep2agi/commhub-server 0.5.0-preview.37 → 0.5.0-preview.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sleep2agi/commhub-server",
-  "version": "0.5.0-preview.37",
+  "version": "0.5.0-preview.38",
   "description": "CommHub Server \u2014 AI Agent communication hub with MCP protocol, multi-network isolation, user auth, and 18 MCP tools.",
   "type": "module",
   "main": "src/index.ts",

package/src/auth.ts CHANGED Viewed

@@ -126,10 +126,11 @@ export function createNetworkTokenForNode(userId: string, networkId: string, nod
   return { ok: true, token };
 }
-export function resolveToken(token: string): { user: AuthUser; networkId: string | null } | null {
+export function resolveToken(token: string): { user: AuthUser; networkId: string | null; tokenName: string | null } | null {
   const tHash = hashToken(token);
   const row = db.get<any>(
-    `SELECT t.user_id, t.network_id, t.scope, u.username, u.display_name, u.email, u.role
+    `SELECT t.user_id, t.network_id, t.scope, t.name AS token_name,
+            u.username, u.display_name, u.email, u.role
      FROM api_tokens t JOIN users u ON t.user_id = u.user_id
      WHERE t.token_hash = ?1 AND (t.expires_at IS NULL OR t.expires_at > datetime('now'))`,
     tHash);
@@ -142,6 +143,11 @@ export function resolveToken(token: string): { user: AuthUser; networkId: string
   return {
     user: { user_id: row.user_id, username: row.username, display_name: row.display_name, email: row.email, role: row.role },
     networkId: row.network_id,
+    // tokenName carries the binding identity. For node-scoped ntok_, it's
+    // 'node:<alias>'; we strip the prefix and use it as the default
+    // from_session for any MCP send_task / send_message / etc, so peer
+    // agents see who actually called them (not 'hub').
+    tokenName: row.token_name || null,
   };
 }

package/src/index.ts CHANGED Viewed

@@ -42,12 +42,12 @@ setInterval(() => {
 }, 300000);
 // ── Factory: 每个请求创建新的 McpServer（stateless 模式）──
-function createServer(clientIP?: string, enforceNetworkId?: string | null, enforceUserId?: string | null): McpServer {
+function createServer(clientIP?: string, enforceNetworkId?: string | null, enforceUserId?: string | null, callerAlias?: string | null): McpServer {
   const server = new McpServer({
     name: "commhub",
     version: "0.5.0",
   });
-  registerTools(server, clientIP, enforceNetworkId, enforceUserId);
+  registerTools(server, clientIP, enforceNetworkId, enforceUserId, callerAlias);
   return server;
 }
@@ -70,15 +70,15 @@ function requireAuth(req: Request): Response | null {
   return Response.json({ error: "unauthorized" }, { status: 401 });
 }
-// Extract user + network from request token (for authorization)
-function resolveRequestAuth(req: Request): { userId: string; networkId: string | null; username: string } | null {
+// Extract user + network + token-binding identity from request token.
+function resolveRequestAuth(req: Request): { userId: string; networkId: string | null; username: string; tokenName: string | null } | null {
   const header = req.headers.get("Authorization")?.replace("Bearer ", "");
   const url = new URL(req.url);
   const token = header || url.searchParams.get("token") || "";
   if (!token) return null;
   const resolved = resolveToken(token);
   if (!resolved) return null;
-  return { userId: resolved.user.user_id, networkId: resolved.networkId, username: resolved.user.username };
+  return { userId: resolved.user.user_id, networkId: resolved.networkId, username: resolved.user.username, tokenName: resolved.tokenName };
 }
 type RestNetworkScope = {
@@ -242,10 +242,15 @@ Bun.serve({
       // (which logs in as a user) cannot call send_task.
       const authCtx = resolveRequestAuth(req);
       const enforceNetId = authCtx?.networkId || null;
+      // Derive the calling alias from the token name (e.g., 'node:视频审查')
+      // so peer agents see the real sender instead of 'hub' on send_task.
+      const callerAlias = authCtx?.tokenName?.startsWith("node:")
+        ? authCtx.tokenName.slice("node:".length)
+        : (authCtx?.username || null);
       const transport = new WebStandardStreamableHTTPServerTransport({
         sessionIdGenerator: undefined,
       });
-      const server = createServer(clientIP, enforceNetId, authCtx?.userId || null);
+      const server = createServer(clientIP, enforceNetId, authCtx?.userId || null, callerAlias);
       await server.connect(transport);
       const response = await transport.handleRequest(req);
       // Disconnect after response to prevent McpServer leak

package/src/tools.ts CHANGED Viewed

@@ -8,7 +8,13 @@ function ts(): string {
   return new Date().toTimeString().slice(0, 8);
 }
-export function registerTools(server: McpServer, clientIP?: string, enforceNetworkId?: string | null, enforceUserId?: string | null) {
+export function registerTools(server: McpServer, clientIP?: string, enforceNetworkId?: string | null, enforceUserId?: string | null, callerAlias?: string | null) {
+  // Default from_session for outbound tools — extracted from the calling
+  // token's binding (ntok_ → node alias, utok_ → username). Without this,
+  // an agent's send_task call always claimed from='hub' and peer agents
+  // couldn't tell who actually asked them. Tool callers can still override
+  // by passing from_session explicitly.
+  const defaultFrom = (clientFrom?: string) => clientFrom || callerAlias || "hub";
   // If enforceNetworkId is set, override any client-supplied network_id
   const getNetworkId = (clientNetId?: string | null) => enforceNetworkId ?? clientNetId ?? null;
@@ -385,11 +391,11 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       task: z.string().min(1).max(10000).describe("Task content"),
       priority: z.enum(["high", "normal", "low"]).optional().default("normal"),
       context: z.string().max(10000).optional(),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
       ttl_seconds: z.number().min(1).max(86400).optional().describe("Task TTL in seconds (default: 3600)"),
       network_id: z.string().max(200).optional().describe("Network scope"),
     },
-    async ({ alias, task, priority, context, from_session, ttl_seconds, network_id: netId }) => {
+    async ({ alias, task, priority, context, from_session: _fromIn, ttl_seconds, network_id: netId }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(netId);
       // Role check: viewer cannot send tasks
@@ -462,9 +468,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     {
       alias: z.string().min(1).max(200).describe("Target session alias"),
       message: z.string().min(1).max(10000).describe("Message content"),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
     },
-    async ({ alias, message, from_session }) => {
+    async ({ alias, message, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
       if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       console.log(`[${ts()}] ${from_session} → send_message → ${alias}: ${message.slice(0, 60)}`);
@@ -503,9 +509,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
       text: z.string().min(1).max(10000).describe("Reply content"),
       in_reply_to: z.string().max(200).optional().describe("Original task/message ID"),
       status: z.enum(["replied", "failed", "cancelled"]).optional().default("replied").describe("Task outcome"),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
     },
-    async ({ alias, text, in_reply_to, status: replyStatus, from_session }) => {
+    async ({ alias, text, in_reply_to, status: replyStatus, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
       if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       console.log(`[${ts()}] ${from_session} → send_reply (${replyStatus}) → ${alias}: ${text.slice(0, 60)}`);
@@ -554,9 +560,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     "Acknowledge receipt of a task. Does NOT enter inbox. Updates task status only.",
     {
       task_id: z.string().min(1).max(200).describe("Task ID to acknowledge"),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
     },
-    async ({ task_id, from_session }) => {
+    async ({ task_id, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
       if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       console.log(`[${ts()}] ${from_session} → send_ack → task ${task_id.slice(0, 8)}`);
@@ -580,9 +586,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     "Retry a failed, expired, or cancelled task. Resets status to delivered and re-queues in inbox.",
     {
       task_id: z.string().min(1).max(200).describe("Task ID to retry"),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
     },
-    async ({ task_id, from_session }) => {
+    async ({ task_id, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
       if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       console.log(`[${ts()}] ${from_session} → retry_task → ${task_id.slice(0, 8)}`);
@@ -689,9 +695,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     {
       task_id: z.string().min(1).max(200).describe("Task ID to cancel"),
       reason: z.string().max(1000).optional().describe("Cancellation reason"),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
     },
-    async ({ task_id, reason, from_session }) => {
+    async ({ task_id, reason, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
       if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       console.log(`[${ts()}] ${from_session} → cancel_task → ${task_id.slice(0, 8)}`);
@@ -721,9 +727,9 @@ export function registerTools(server: McpServer, clientIP?: string, enforceNetwo
     {
       task_id: z.string().min(1).max(200).describe("Task ID to reassign"),
       new_alias: z.string().min(1).max(200).describe("Target agent alias"),
-      from_session: z.string().max(200).optional().default("hub"),
+      from_session: z.string().max(200).optional(),
     },
-    async ({ task_id, new_alias, from_session }) => {
+    async ({ task_id, new_alias, from_session: _fromIn }) => { const from_session = defaultFrom(_fromIn);
       const effectiveNetId = getNetworkId(null);
       if (!canWrite(effectiveNetId)) return { content: [{ type: "text" as const, text: JSON.stringify({ ok: false, error: "permission_denied" }) }] };
       console.log(`[${ts()}] ${from_session} → reassign_task → ${task_id.slice(0, 8)} → ${new_alias}`);