@usetorii/gateway 0.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +116 -0
  3. package/dist/audit/index.d.ts +5 -0
  4. package/dist/audit/index.d.ts.map +1 -0
  5. package/dist/audit/index.js +27 -0
  6. package/dist/audit/index.js.map +1 -0
  7. package/dist/core/config/loader.d.ts +8 -0
  8. package/dist/core/config/loader.d.ts.map +1 -0
  9. package/dist/core/config/loader.js +61 -0
  10. package/dist/core/config/loader.js.map +1 -0
  11. package/dist/core/config/schema.d.ts +541 -0
  12. package/dist/core/config/schema.d.ts.map +1 -0
  13. package/dist/core/config/schema.js +90 -0
  14. package/dist/core/config/schema.js.map +1 -0
  15. package/dist/core/index.d.ts +4 -0
  16. package/dist/core/index.d.ts.map +1 -0
  17. package/dist/core/index.js +3 -0
  18. package/dist/core/index.js.map +1 -0
  19. package/dist/core/types.d.ts +45 -0
  20. package/dist/core/types.d.ts.map +1 -0
  21. package/dist/core/types.js +2 -0
  22. package/dist/core/types.js.map +1 -0
  23. package/dist/index.d.ts +3 -0
  24. package/dist/index.d.ts.map +1 -0
  25. package/dist/index.js +43 -0
  26. package/dist/index.js.map +1 -0
  27. package/dist/mux/index.d.ts +8 -0
  28. package/dist/mux/index.d.ts.map +1 -0
  29. package/dist/mux/index.js +120 -0
  30. package/dist/mux/index.js.map +1 -0
  31. package/dist/process/manager.d.ts +12 -0
  32. package/dist/process/manager.d.ts.map +1 -0
  33. package/dist/process/manager.js +79 -0
  34. package/dist/process/manager.js.map +1 -0
  35. package/dist/runners/stdio.d.ts +7 -0
  36. package/dist/runners/stdio.d.ts.map +1 -0
  37. package/dist/runners/stdio.js +63 -0
  38. package/dist/runners/stdio.js.map +1 -0
  39. package/dist/security/consent.d.ts +5 -0
  40. package/dist/security/consent.d.ts.map +1 -0
  41. package/dist/security/consent.js +49 -0
  42. package/dist/security/consent.js.map +1 -0
  43. package/dist/security/policy.d.ts +22 -0
  44. package/dist/security/policy.d.ts.map +1 -0
  45. package/dist/security/policy.js +114 -0
  46. package/dist/security/policy.js.map +1 -0
  47. package/dist/security/scanner.d.ts +39 -0
  48. package/dist/security/scanner.d.ts.map +1 -0
  49. package/dist/security/scanner.js +96 -0
  50. package/dist/security/scanner.js.map +1 -0
  51. package/package.json +46 -0
package/dist/core/config/schema.d.ts ADDED
@@ -0,0 +1,541 @@
1
+ import { z } from "zod";
2
+ export declare const ServerSourceSchema: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
3
+ type: z.ZodLiteral<"npm">;
4
+ package: z.ZodString;
5
+ version: z.ZodOptional<z.ZodString>;
6
+ /** Override the bin entry when a package ships multiple binaries */
7
+ bin: z.ZodOptional<z.ZodString>;
8
+ }, "strip", z.ZodTypeAny, {
9
+ type: "npm";
10
+ package: string;
11
+ version?: string | undefined;
12
+ bin?: string | undefined;
13
+ }, {
14
+ type: "npm";
15
+ package: string;
16
+ version?: string | undefined;
17
+ bin?: string | undefined;
18
+ }>, z.ZodObject<{
19
+ type: z.ZodLiteral<"pypi">;
20
+ package: z.ZodString;
21
+ version: z.ZodOptional<z.ZodString>;
22
+ }, "strip", z.ZodTypeAny, {
23
+ type: "pypi";
24
+ package: string;
25
+ version?: string | undefined;
26
+ }, {
27
+ type: "pypi";
28
+ package: string;
29
+ version?: string | undefined;
30
+ }>, z.ZodObject<{
31
+ type: z.ZodLiteral<"docker">;
32
+ image: z.ZodString;
33
+ tag: z.ZodOptional<z.ZodString>;
34
+ }, "strip", z.ZodTypeAny, {
35
+ type: "docker";
36
+ image: string;
37
+ tag?: string | undefined;
38
+ }, {
39
+ type: "docker";
40
+ image: string;
41
+ tag?: string | undefined;
42
+ }>, z.ZodObject<{
43
+ type: z.ZodLiteral<"repo">;
44
+ url: z.ZodString;
45
+ branch: z.ZodOptional<z.ZodString>;
46
+ /** Command to build the server after cloning. Defaults to auto-detection. */
47
+ build_cmd: z.ZodOptional<z.ZodString>;
48
+ }, "strip", z.ZodTypeAny, {
49
+ type: "repo";
50
+ url: string;
51
+ branch?: string | undefined;
52
+ build_cmd?: string | undefined;
53
+ }, {
54
+ type: "repo";
55
+ url: string;
56
+ branch?: string | undefined;
57
+ build_cmd?: string | undefined;
58
+ }>, z.ZodObject<{
59
+ type: z.ZodLiteral<"remote">;
60
+ /** HTTP or SSE endpoint that speaks MCP */
61
+ url: z.ZodString;
62
+ }, "strip", z.ZodTypeAny, {
63
+ type: "remote";
64
+ url: string;
65
+ }, {
66
+ type: "remote";
67
+ url: string;
68
+ }>, z.ZodObject<{
69
+ type: z.ZodLiteral<"local">;
70
+ /** Absolute path to the server's JS entry point. Useful for monorepo development. */
71
+ path: z.ZodString;
72
+ }, "strip", z.ZodTypeAny, {
73
+ type: "local";
74
+ path: string;
75
+ }, {
76
+ type: "local";
77
+ path: string;
78
+ }>]>;
79
+ export declare const ServerDefinitionSchema: z.ZodObject<{
80
+ /**
81
+ * Unique identifier for this server within the gateway.
82
+ * Used as the tool name prefix: railway__list_projects
83
+ */
84
+ id: z.ZodString;
85
+ /** Set to false to disable without removing from config. Default: true */
86
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
87
+ source: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
88
+ type: z.ZodLiteral<"npm">;
89
+ package: z.ZodString;
90
+ version: z.ZodOptional<z.ZodString>;
91
+ /** Override the bin entry when a package ships multiple binaries */
92
+ bin: z.ZodOptional<z.ZodString>;
93
+ }, "strip", z.ZodTypeAny, {
94
+ type: "npm";
95
+ package: string;
96
+ version?: string | undefined;
97
+ bin?: string | undefined;
98
+ }, {
99
+ type: "npm";
100
+ package: string;
101
+ version?: string | undefined;
102
+ bin?: string | undefined;
103
+ }>, z.ZodObject<{
104
+ type: z.ZodLiteral<"pypi">;
105
+ package: z.ZodString;
106
+ version: z.ZodOptional<z.ZodString>;
107
+ }, "strip", z.ZodTypeAny, {
108
+ type: "pypi";
109
+ package: string;
110
+ version?: string | undefined;
111
+ }, {
112
+ type: "pypi";
113
+ package: string;
114
+ version?: string | undefined;
115
+ }>, z.ZodObject<{
116
+ type: z.ZodLiteral<"docker">;
117
+ image: z.ZodString;
118
+ tag: z.ZodOptional<z.ZodString>;
119
+ }, "strip", z.ZodTypeAny, {
120
+ type: "docker";
121
+ image: string;
122
+ tag?: string | undefined;
123
+ }, {
124
+ type: "docker";
125
+ image: string;
126
+ tag?: string | undefined;
127
+ }>, z.ZodObject<{
128
+ type: z.ZodLiteral<"repo">;
129
+ url: z.ZodString;
130
+ branch: z.ZodOptional<z.ZodString>;
131
+ /** Command to build the server after cloning. Defaults to auto-detection. */
132
+ build_cmd: z.ZodOptional<z.ZodString>;
133
+ }, "strip", z.ZodTypeAny, {
134
+ type: "repo";
135
+ url: string;
136
+ branch?: string | undefined;
137
+ build_cmd?: string | undefined;
138
+ }, {
139
+ type: "repo";
140
+ url: string;
141
+ branch?: string | undefined;
142
+ build_cmd?: string | undefined;
143
+ }>, z.ZodObject<{
144
+ type: z.ZodLiteral<"remote">;
145
+ /** HTTP or SSE endpoint that speaks MCP */
146
+ url: z.ZodString;
147
+ }, "strip", z.ZodTypeAny, {
148
+ type: "remote";
149
+ url: string;
150
+ }, {
151
+ type: "remote";
152
+ url: string;
153
+ }>, z.ZodObject<{
154
+ type: z.ZodLiteral<"local">;
155
+ /** Absolute path to the server's JS entry point. Useful for monorepo development. */
156
+ path: z.ZodString;
157
+ }, "strip", z.ZodTypeAny, {
158
+ type: "local";
159
+ path: string;
160
+ }, {
161
+ type: "local";
162
+ path: string;
163
+ }>]>;
164
+ /**
165
+ * Environment variables injected into the server process.
166
+ * Supports ${VAR_NAME} substitution from the host environment.
167
+ * Phase 2: supports vault:provider/key references.
168
+ */
169
+ env: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>>;
170
+ /**
171
+ * Vault credential references (Phase 2).
172
+ * Key = env var name in the server process, value = vault path.
173
+ * Example: { "GITHUB_TOKEN": "vault:github/token" }
174
+ */
175
+ credentials: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
176
+ policy: z.ZodOptional<z.ZodObject<{
177
+ /** Run inside a container sandbox. Default: false in Phase 1, true in Phase 3+ */
178
+ sandbox: z.ZodOptional<z.ZodBoolean>;
179
+ /** Domains this server is allowed to call. Everything else is blocked when sandbox=true */
180
+ network_allow: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
181
+ /** Kill the server process if a single tool call takes longer than this */
182
+ timeout_ms: z.ZodOptional<z.ZodNumber>;
183
+ /** Max memory in MB for the server process */
184
+ max_memory_mb: z.ZodOptional<z.ZodNumber>;
185
+ }, "strip", z.ZodTypeAny, {
186
+ sandbox?: boolean | undefined;
187
+ network_allow?: string[] | undefined;
188
+ timeout_ms?: number | undefined;
189
+ max_memory_mb?: number | undefined;
190
+ }, {
191
+ sandbox?: boolean | undefined;
192
+ network_allow?: string[] | undefined;
193
+ timeout_ms?: number | undefined;
194
+ max_memory_mb?: number | undefined;
195
+ }>>;
196
+ }, "strip", z.ZodTypeAny, {
197
+ id: string;
198
+ enabled: boolean;
199
+ source: {
200
+ type: "npm";
201
+ package: string;
202
+ version?: string | undefined;
203
+ bin?: string | undefined;
204
+ } | {
205
+ type: "pypi";
206
+ package: string;
207
+ version?: string | undefined;
208
+ } | {
209
+ type: "docker";
210
+ image: string;
211
+ tag?: string | undefined;
212
+ } | {
213
+ type: "repo";
214
+ url: string;
215
+ branch?: string | undefined;
216
+ build_cmd?: string | undefined;
217
+ } | {
218
+ type: "remote";
219
+ url: string;
220
+ } | {
221
+ type: "local";
222
+ path: string;
223
+ };
224
+ env: Record<string, string>;
225
+ credentials?: Record<string, string> | undefined;
226
+ policy?: {
227
+ sandbox?: boolean | undefined;
228
+ network_allow?: string[] | undefined;
229
+ timeout_ms?: number | undefined;
230
+ max_memory_mb?: number | undefined;
231
+ } | undefined;
232
+ }, {
233
+ id: string;
234
+ source: {
235
+ type: "npm";
236
+ package: string;
237
+ version?: string | undefined;
238
+ bin?: string | undefined;
239
+ } | {
240
+ type: "pypi";
241
+ package: string;
242
+ version?: string | undefined;
243
+ } | {
244
+ type: "docker";
245
+ image: string;
246
+ tag?: string | undefined;
247
+ } | {
248
+ type: "repo";
249
+ url: string;
250
+ branch?: string | undefined;
251
+ build_cmd?: string | undefined;
252
+ } | {
253
+ type: "remote";
254
+ url: string;
255
+ } | {
256
+ type: "local";
257
+ path: string;
258
+ };
259
+ enabled?: boolean | undefined;
260
+ env?: Record<string, string> | undefined;
261
+ credentials?: Record<string, string> | undefined;
262
+ policy?: {
263
+ sandbox?: boolean | undefined;
264
+ network_allow?: string[] | undefined;
265
+ timeout_ms?: number | undefined;
266
+ max_memory_mb?: number | undefined;
267
+ } | undefined;
268
+ }>;
269
+ export declare const ToriiConfigSchema: z.ZodObject<{
270
+ /** Schema version — bump when making breaking changes */
271
+ version: z.ZodLiteral<"1">;
272
+ servers: z.ZodArray<z.ZodObject<{
273
+ /**
274
+ * Unique identifier for this server within the gateway.
275
+ * Used as the tool name prefix: railway__list_projects
276
+ */
277
+ id: z.ZodString;
278
+ /** Set to false to disable without removing from config. Default: true */
279
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
280
+ source: z.ZodDiscriminatedUnion<"type", [z.ZodObject<{
281
+ type: z.ZodLiteral<"npm">;
282
+ package: z.ZodString;
283
+ version: z.ZodOptional<z.ZodString>;
284
+ /** Override the bin entry when a package ships multiple binaries */
285
+ bin: z.ZodOptional<z.ZodString>;
286
+ }, "strip", z.ZodTypeAny, {
287
+ type: "npm";
288
+ package: string;
289
+ version?: string | undefined;
290
+ bin?: string | undefined;
291
+ }, {
292
+ type: "npm";
293
+ package: string;
294
+ version?: string | undefined;
295
+ bin?: string | undefined;
296
+ }>, z.ZodObject<{
297
+ type: z.ZodLiteral<"pypi">;
298
+ package: z.ZodString;
299
+ version: z.ZodOptional<z.ZodString>;
300
+ }, "strip", z.ZodTypeAny, {
301
+ type: "pypi";
302
+ package: string;
303
+ version?: string | undefined;
304
+ }, {
305
+ type: "pypi";
306
+ package: string;
307
+ version?: string | undefined;
308
+ }>, z.ZodObject<{
309
+ type: z.ZodLiteral<"docker">;
310
+ image: z.ZodString;
311
+ tag: z.ZodOptional<z.ZodString>;
312
+ }, "strip", z.ZodTypeAny, {
313
+ type: "docker";
314
+ image: string;
315
+ tag?: string | undefined;
316
+ }, {
317
+ type: "docker";
318
+ image: string;
319
+ tag?: string | undefined;
320
+ }>, z.ZodObject<{
321
+ type: z.ZodLiteral<"repo">;
322
+ url: z.ZodString;
323
+ branch: z.ZodOptional<z.ZodString>;
324
+ /** Command to build the server after cloning. Defaults to auto-detection. */
325
+ build_cmd: z.ZodOptional<z.ZodString>;
326
+ }, "strip", z.ZodTypeAny, {
327
+ type: "repo";
328
+ url: string;
329
+ branch?: string | undefined;
330
+ build_cmd?: string | undefined;
331
+ }, {
332
+ type: "repo";
333
+ url: string;
334
+ branch?: string | undefined;
335
+ build_cmd?: string | undefined;
336
+ }>, z.ZodObject<{
337
+ type: z.ZodLiteral<"remote">;
338
+ /** HTTP or SSE endpoint that speaks MCP */
339
+ url: z.ZodString;
340
+ }, "strip", z.ZodTypeAny, {
341
+ type: "remote";
342
+ url: string;
343
+ }, {
344
+ type: "remote";
345
+ url: string;
346
+ }>, z.ZodObject<{
347
+ type: z.ZodLiteral<"local">;
348
+ /** Absolute path to the server's JS entry point. Useful for monorepo development. */
349
+ path: z.ZodString;
350
+ }, "strip", z.ZodTypeAny, {
351
+ type: "local";
352
+ path: string;
353
+ }, {
354
+ type: "local";
355
+ path: string;
356
+ }>]>;
357
+ /**
358
+ * Environment variables injected into the server process.
359
+ * Supports ${VAR_NAME} substitution from the host environment.
360
+ * Phase 2: supports vault:provider/key references.
361
+ */
362
+ env: z.ZodDefault<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>>;
363
+ /**
364
+ * Vault credential references (Phase 2).
365
+ * Key = env var name in the server process, value = vault path.
366
+ * Example: { "GITHUB_TOKEN": "vault:github/token" }
367
+ */
368
+ credentials: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
369
+ policy: z.ZodOptional<z.ZodObject<{
370
+ /** Run inside a container sandbox. Default: false in Phase 1, true in Phase 3+ */
371
+ sandbox: z.ZodOptional<z.ZodBoolean>;
372
+ /** Domains this server is allowed to call. Everything else is blocked when sandbox=true */
373
+ network_allow: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
374
+ /** Kill the server process if a single tool call takes longer than this */
375
+ timeout_ms: z.ZodOptional<z.ZodNumber>;
376
+ /** Max memory in MB for the server process */
377
+ max_memory_mb: z.ZodOptional<z.ZodNumber>;
378
+ }, "strip", z.ZodTypeAny, {
379
+ sandbox?: boolean | undefined;
380
+ network_allow?: string[] | undefined;
381
+ timeout_ms?: number | undefined;
382
+ max_memory_mb?: number | undefined;
383
+ }, {
384
+ sandbox?: boolean | undefined;
385
+ network_allow?: string[] | undefined;
386
+ timeout_ms?: number | undefined;
387
+ max_memory_mb?: number | undefined;
388
+ }>>;
389
+ }, "strip", z.ZodTypeAny, {
390
+ id: string;
391
+ enabled: boolean;
392
+ source: {
393
+ type: "npm";
394
+ package: string;
395
+ version?: string | undefined;
396
+ bin?: string | undefined;
397
+ } | {
398
+ type: "pypi";
399
+ package: string;
400
+ version?: string | undefined;
401
+ } | {
402
+ type: "docker";
403
+ image: string;
404
+ tag?: string | undefined;
405
+ } | {
406
+ type: "repo";
407
+ url: string;
408
+ branch?: string | undefined;
409
+ build_cmd?: string | undefined;
410
+ } | {
411
+ type: "remote";
412
+ url: string;
413
+ } | {
414
+ type: "local";
415
+ path: string;
416
+ };
417
+ env: Record<string, string>;
418
+ credentials?: Record<string, string> | undefined;
419
+ policy?: {
420
+ sandbox?: boolean | undefined;
421
+ network_allow?: string[] | undefined;
422
+ timeout_ms?: number | undefined;
423
+ max_memory_mb?: number | undefined;
424
+ } | undefined;
425
+ }, {
426
+ id: string;
427
+ source: {
428
+ type: "npm";
429
+ package: string;
430
+ version?: string | undefined;
431
+ bin?: string | undefined;
432
+ } | {
433
+ type: "pypi";
434
+ package: string;
435
+ version?: string | undefined;
436
+ } | {
437
+ type: "docker";
438
+ image: string;
439
+ tag?: string | undefined;
440
+ } | {
441
+ type: "repo";
442
+ url: string;
443
+ branch?: string | undefined;
444
+ build_cmd?: string | undefined;
445
+ } | {
446
+ type: "remote";
447
+ url: string;
448
+ } | {
449
+ type: "local";
450
+ path: string;
451
+ };
452
+ enabled?: boolean | undefined;
453
+ env?: Record<string, string> | undefined;
454
+ credentials?: Record<string, string> | undefined;
455
+ policy?: {
456
+ sandbox?: boolean | undefined;
457
+ network_allow?: string[] | undefined;
458
+ timeout_ms?: number | undefined;
459
+ max_memory_mb?: number | undefined;
460
+ } | undefined;
461
+ }>, "many">;
462
+ }, "strip", z.ZodTypeAny, {
463
+ version: "1";
464
+ servers: {
465
+ id: string;
466
+ enabled: boolean;
467
+ source: {
468
+ type: "npm";
469
+ package: string;
470
+ version?: string | undefined;
471
+ bin?: string | undefined;
472
+ } | {
473
+ type: "pypi";
474
+ package: string;
475
+ version?: string | undefined;
476
+ } | {
477
+ type: "docker";
478
+ image: string;
479
+ tag?: string | undefined;
480
+ } | {
481
+ type: "repo";
482
+ url: string;
483
+ branch?: string | undefined;
484
+ build_cmd?: string | undefined;
485
+ } | {
486
+ type: "remote";
487
+ url: string;
488
+ } | {
489
+ type: "local";
490
+ path: string;
491
+ };
492
+ env: Record<string, string>;
493
+ credentials?: Record<string, string> | undefined;
494
+ policy?: {
495
+ sandbox?: boolean | undefined;
496
+ network_allow?: string[] | undefined;
497
+ timeout_ms?: number | undefined;
498
+ max_memory_mb?: number | undefined;
499
+ } | undefined;
500
+ }[];
501
+ }, {
502
+ version: "1";
503
+ servers: {
504
+ id: string;
505
+ source: {
506
+ type: "npm";
507
+ package: string;
508
+ version?: string | undefined;
509
+ bin?: string | undefined;
510
+ } | {
511
+ type: "pypi";
512
+ package: string;
513
+ version?: string | undefined;
514
+ } | {
515
+ type: "docker";
516
+ image: string;
517
+ tag?: string | undefined;
518
+ } | {
519
+ type: "repo";
520
+ url: string;
521
+ branch?: string | undefined;
522
+ build_cmd?: string | undefined;
523
+ } | {
524
+ type: "remote";
525
+ url: string;
526
+ } | {
527
+ type: "local";
528
+ path: string;
529
+ };
530
+ enabled?: boolean | undefined;
531
+ env?: Record<string, string> | undefined;
532
+ credentials?: Record<string, string> | undefined;
533
+ policy?: {
534
+ sandbox?: boolean | undefined;
535
+ network_allow?: string[] | undefined;
536
+ timeout_ms?: number | undefined;
537
+ max_memory_mb?: number | undefined;
538
+ } | undefined;
539
+ }[];
540
+ }>;
541
+ //# sourceMappingURL=schema.d.ts.map
package/dist/core/config/schema.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../src/core/config/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA4CxB,eAAO,MAAM,kBAAkB;;;;IApC7B,oEAAoE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAoBpE,6EAA6E;;;;;;;;;;;;;;IAM7E,2CAA2C;;;;;;;;;;IAM3C,qFAAqF;;;;;;;;IAWrF,CAAC;AAiBH,eAAO,MAAM,sBAAsB;IACjC;;;OAGG;;IAQH,0EAA0E;;;;;;QAxE1E,oEAAoE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAoBpE,6EAA6E;;;;;;;;;;;;;;QAM7E,2CAA2C;;;;;;;;;;QAM3C,qFAAqF;;;;;;;;;IA6CrF;;;;OAIG;;IAGH;;;;OAIG;;;QAxCH,kFAAkF;;QAElF,2FAA2F;;QAE3F,2EAA2E;;QAE3E,8CAA8C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsC9C,CAAC;AAIH,eAAO,MAAM,iBAAiB;IAC5B,yDAAyD;;;QApCzD;;;WAGG;;QAQH,0EAA0E;;;;;;YAxE1E,oEAAoE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAoBpE,6EAA6E;;;;;;;;;;;;;;YAM7E,2CAA2C;;;;;;;;;;YAM3C,qFAAqF;;;;;;;;;QA6CrF;;;;WAIG;;QAGH;;;;WAIG;;;YAxCH,kFAAkF;;YAElF,2FAA2F;;YAE3F,2EAA2E;;YAE3E,8CAA8C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgD9C,CAAC"}
package/dist/core/config/schema.js ADDED
@@ -0,0 +1,90 @@
1
+ import { z } from "zod";
2
+ // ── Source types ───────────────────────────────────────────────────────────
3
+ const NpmSourceSchema = z.object({
4
+ type: z.literal("npm"),
5
+ package: z.string().min(1),
6
+ version: z.string().optional(),
7
+ /** Override the bin entry when a package ships multiple binaries */
8
+ bin: z.string().optional(),
9
+ });
10
+ const PypiSourceSchema = z.object({
11
+ type: z.literal("pypi"),
12
+ package: z.string().min(1),
13
+ version: z.string().optional(),
14
+ });
15
+ const DockerSourceSchema = z.object({
16
+ type: z.literal("docker"),
17
+ image: z.string().min(1),
18
+ tag: z.string().optional(),
19
+ });
20
+ const RepoSourceSchema = z.object({
21
+ type: z.literal("repo"),
22
+ url: z.string().url(),
23
+ branch: z.string().optional(),
24
+ /** Command to build the server after cloning. Defaults to auto-detection. */
25
+ build_cmd: z.string().optional(),
26
+ });
27
+ const RemoteSourceSchema = z.object({
28
+ type: z.literal("remote"),
29
+ /** HTTP or SSE endpoint that speaks MCP */
30
+ url: z.string().url(),
31
+ });
32
+ const LocalSourceSchema = z.object({
33
+ type: z.literal("local"),
34
+ /** Absolute path to the server's JS entry point. Useful for monorepo development. */
35
+ path: z.string().min(1),
36
+ });
37
+ export const ServerSourceSchema = z.discriminatedUnion("type", [
38
+ NpmSourceSchema,
39
+ PypiSourceSchema,
40
+ DockerSourceSchema,
41
+ RepoSourceSchema,
42
+ RemoteSourceSchema,
43
+ LocalSourceSchema,
44
+ ]);
45
+ // ── Policy ─────────────────────────────────────────────────────────────────
46
+ const PolicySchema = z.object({
47
+ /** Run inside a container sandbox. Default: false in Phase 1, true in Phase 3+ */
48
+ sandbox: z.boolean().optional(),
49
+ /** Domains this server is allowed to call. Everything else is blocked when sandbox=true */
50
+ network_allow: z.array(z.string()).optional(),
51
+ /** Kill the server process if a single tool call takes longer than this */
52
+ timeout_ms: z.number().positive().optional(),
53
+ /** Max memory in MB for the server process */
54
+ max_memory_mb: z.number().positive().optional(),
55
+ });
56
+ // ── Server definition ──────────────────────────────────────────────────────
57
+ export const ServerDefinitionSchema = z.object({
58
+ /**
59
+ * Unique identifier for this server within the gateway.
60
+ * Used as the tool name prefix: railway__list_projects
61
+ */
62
+ id: z
63
+ .string()
64
+ .regex(/^[a-z0-9][a-z0-9_-]*$/, "id must start with a letter/digit and contain only lowercase alphanumeric, hyphens, underscores"),
65
+ /** Set to false to disable without removing from config. Default: true */
66
+ enabled: z.boolean().optional().default(true),
67
+ source: ServerSourceSchema,
68
+ /**
69
+ * Environment variables injected into the server process.
70
+ * Supports ${VAR_NAME} substitution from the host environment.
71
+ * Phase 2: supports vault:provider/key references.
72
+ */
73
+ env: z.record(z.string(), z.string()).optional().default({}),
74
+ /**
75
+ * Vault credential references (Phase 2).
76
+ * Key = env var name in the server process, value = vault path.
77
+ * Example: { "GITHUB_TOKEN": "vault:github/token" }
78
+ */
79
+ credentials: z.record(z.string(), z.string()).optional(),
80
+ policy: PolicySchema.optional(),
81
+ });
82
+ // ── Root config ────────────────────────────────────────────────────────────
83
+ export const ToriiConfigSchema = z.object({
84
+ /** Schema version — bump when making breaking changes */
85
+ version: z.literal("1"),
86
+ servers: z
87
+ .array(ServerDefinitionSchema)
88
+ .min(1, "At least one server must be defined"),
89
+ });
90
+ //# sourceMappingURL=schema.js.map
package/dist/core/config/schema.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../src/core/config/schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,8EAA8E;AAE9E,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,oEAAoE;IACpE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACzB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,6EAA6E;IAC7E,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACzB,2CAA2C;IAC3C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;CACtB,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IACxB,qFAAqF;IACrF,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CACxB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IAC7D,eAAe;IACf,gBAAgB;IAChB,kBAAkB;IAClB,gBAAgB;IAChB,kBAAkB;IAClB,iBAAiB;CAClB,CAAC,CAAC;AAEH,8EAA8E;AAE9E,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,kFAAkF;IAClF,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,2FAA2F;IAC3F,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,2EAA2E;IAC3E,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC5C,8CAA8C;IAC9C,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEH,8EAA8E;AAE9E,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C;;;OAGG;IACH,EAAE,EAAE,CAAC;SACF,MAAM,EAAE;SACR,KAAK,CACJ,uBAAuB,EACvB,iGAAiG,CAClG;IAEH,0EAA0E;IAC1E,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE7C,MAAM,EAAE,kBAAkB;IAE1B;;;;OAIG;IACH,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IAE5D;;;;OAIG;IACH,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAExD,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,8EAA8E;AAE9E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,yDAAyD;IACzD,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IACvB,OAAO,EAAE,CAAC;SACP,KAAK,CAAC,sBAAsB,CAAC;SAC7B,GAAG,CAAC,CAAC,EAAE,qCAAqC,CAAC;CACjD,CAAC,CAAC"}
package/dist/core/index.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ export { ToriiConfigSchema, ServerDefinitionSchema, ServerSourceSchema } from "./config/schema.js";
2
+ export { loadConfig, resolveEnv } from "./config/loader.js";
3
+ export type { ToriiConfig, ServerDefinition, ServerSource, ConnectedServer, MuxClient, MCPTool, MCPToolResult, AuditEntry, SecurityFinding, } from "./types.js";
4
+ //# sourceMappingURL=index.d.ts.map
package/dist/core/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAC5D,YAAY,EACV,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,SAAS,EACT,OAAO,EACP,aAAa,EACb,UAAU,EACV,eAAe,GAChB,MAAM,YAAY,CAAC"}
package/dist/core/index.js ADDED
@@ -0,0 +1,3 @@
1
+ export { ToriiConfigSchema, ServerDefinitionSchema, ServerSourceSchema } from "./config/schema.js";
2
+ export { loadConfig, resolveEnv } from "./config/loader.js";
3
+ //# sourceMappingURL=index.js.map
package/dist/core/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC"}