@usetorii/gateway 0.0.0

package/dist/core/types.d.ts

@@ -0,0 +1,45 @@
+import type { z } from "zod";
+import type { ToriiConfigSchema, ServerDefinitionSchema, ServerSourceSchema } from "./config/schema.js";
+export type ToriiConfig = z.infer<typeof ToriiConfigSchema>;
+export type ServerDefinition = z.infer<typeof ServerDefinitionSchema>;
+export type ServerSource = z.infer<typeof ServerSourceSchema>;
+export interface ConnectedServer {
+    id: string;
+    client: MuxClient;
+}
+export interface MuxClient {
+    listTools(): Promise<{
+        tools: MCPTool[];
+    }>;
+    callTool(params: {
+        name: string;
+        arguments?: Record<string, unknown>;
+    }): Promise<MCPToolResult>;
+    close(): Promise<void>;
+}
+export interface MCPTool {
+    name: string;
+    description?: string;
+    inputSchema?: Record<string, unknown>;
+}
+export type MCPToolResult = Record<string, unknown>;
+export interface SecurityFinding {
+    id: string;
+    severity: string;
+    category: string;
+    description: string;
+    matched_text?: string;
+}
+export interface AuditEntry {
+    ts: string;
+    server: string;
+    tool: string;
+    args_size: number;
+    result_size: number;
+    duration_ms: number;
+    error?: string;
+    blocked?: boolean;
+    threat_level?: string;
+    security_findings?: SecurityFinding[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,KAAK,EACV,iBAAiB,EACjB,sBAAsB,EACtB,kBAAkB,EACnB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAG9D,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,SAAS,CAAC;CACnB;AAGD,MAAM,WAAW,SAAS;IACxB,SAAS,IAAI,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,EAAE,CAAA;KAAE,CAAC,CAAC;IAC3C,QAAQ,CAAC,MAAM,EAAE;QACf,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACrC,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC3B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAID,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAIpD,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,eAAe,EAAE,CAAC;CACvC"}

package/dist/core/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+import { loadConfig } from "./core/index.js";
+import { startServers, stopServers } from "./process/manager.js";
+import { createMux } from "./mux/index.js";
+async function main() {
+    let servers = [];
+    // ── Graceful shutdown ─────────────────────────────────────────────────────
+    async function shutdown(signal) {
+        process.stderr.write(`\n[torii] received ${signal}, shutting down...\n`);
+        await stopServers(servers);
+        process.exit(0);
+    }
+    process.on("SIGTERM", () => shutdown("SIGTERM"));
+    process.on("SIGINT", () => shutdown("SIGINT"));
+    // ── Boot ──────────────────────────────────────────────────────────────────
+    let config;
+    try {
+        config = loadConfig();
+    }
+    catch (err) {
+        process.stderr.write(`[torii] config error: ${err.message}\n`);
+        process.exit(1);
+    }
+    process.stderr.write(`[torii] starting gateway with ${config.servers.filter((s) => s.enabled !== false).length} server(s)\n`);
+    try {
+        servers = await startServers(config);
+    }
+    catch (err) {
+        process.stderr.write(`[torii] startup failed: ${err.message}\n`);
+        process.exit(1);
+    }
+    // ── Run mux (blocks until the MCP connection closes) ─────────────────────
+    try {
+        await createMux(servers);
+    }
+    catch (err) {
+        process.stderr.write(`[torii] mux error: ${err.message}\n`);
+        await stopServers(servers);
+        process.exit(1);
+    }
+}
+main();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAG3C,KAAK,UAAU,IAAI;IACjB,IAAI,OAAO,GAAsB,EAAE,CAAC;IAEpC,6EAA6E;IAC7E,KAAK,UAAU,QAAQ,CAAC,MAAc;QACpC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,MAAM,sBAAsB,CAAC,CAAC;QACzE,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE/C,6EAA6E;IAC7E,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,UAAU,EAAE,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAA0B,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;QAC1E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,iCAAiC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC,MAAM,cAAc,CACxG,CAAC;IAEF,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA4B,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;QAC5E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,4EAA4E;IAC5E,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAuB,GAAa,CAAC,OAAO,IAAI,CAAC,CAAC;QACvE,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;QAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/mux/index.d.ts

@@ -0,0 +1,8 @@
+import type { ConnectedServer } from "../core/index.js";
+export declare function buildPrefixedName(serverId: string, toolName: string): string;
+export declare function parsePrefixedName(prefixedName: string): {
+    serverId: string;
+    toolName: string;
+} | null;
+export declare function createMux(servers: ConnectedServer[]): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/mux/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mux/index.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAQxD,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE5E;AAED,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,MAAM,GACnB;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAO/C;AAED,wBAAsB,SAAS,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuHzE"}

package/dist/mux/index.js

@@ -0,0 +1,120 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { ListToolsRequestSchema, CallToolRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { logCall, makeEntry } from "../audit/index.js";
+import { scanToolResult } from "../security/scanner.js";
+import { isHighRisk, requestConsent } from "../security/consent.js";
+import { evaluatePolicy } from "../security/policy.js";
+const SEP = "__";
+export function buildPrefixedName(serverId, toolName) {
+    return `${serverId}${SEP}${toolName}`;
+}
+export function parsePrefixedName(prefixedName) {
+    const idx = prefixedName.indexOf(SEP);
+    if (idx === -1)
+        return null;
+    return {
+        serverId: prefixedName.slice(0, idx),
+        toolName: prefixedName.slice(idx + SEP.length),
+    };
+}
+export async function createMux(servers) {
+    const serverMap = new Map(servers.map((s) => [s.id, s.client]));
+    const mux = new Server({ name: "torii", version: "0.1.0" }, { capabilities: { tools: {} } });
+    mux.setRequestHandler(ListToolsRequestSchema, async () => {
+        const results = await Promise.allSettled(servers.map(async ({ id, client }) => {
+            const { tools } = await client.listTools();
+            return tools.map((tool) => ({
+                ...tool,
+                name: buildPrefixedName(id, tool.name),
+                description: tool.description ? `[${id}] ${tool.description}` : `[${id}]`,
+            }));
+        }));
+        return { tools: results.flatMap((r) => (r.status === "fulfilled" ? r.value : [])) };
+    });
+    mux.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        const parsed = parsePrefixedName(name);
+        if (!parsed)
+            throw new Error(`Invalid tool name '${name}'. Expected format: serverId__toolName`);
+        const { serverId, toolName } = parsed;
+        const client = serverMap.get(serverId);
+        if (!client)
+            throw new Error(`Unknown server '${serverId}'. Available: ${[...serverMap.keys()].join(", ")}`);
+        const startedAt = Date.now();
+        let result;
+        let scan = null;
+        try {
+            // ── Policy gate (Layer 4 — declarative rules) ──────────────────────
+            const matchedPolicy = evaluatePolicy(serverId, toolName, args);
+            if (matchedPolicy) {
+                const policyMsg = matchedPolicy.reason
+                    ? `Policy '${matchedPolicy.name}': ${matchedPolicy.reason}`
+                    : `Blocked by policy '${matchedPolicy.name}'`;
+                if (matchedPolicy.action === "deny") {
+                    logCall(makeEntry(serverId, toolName, args, null, startedAt, policyMsg, true, "high", []));
+                    throw new Error(`Tool '${serverId}__${toolName}' blocked. ${policyMsg}`);
+                }
+                // require_consent — fall through to consent gate regardless of HIGH_RISK pattern
+                if (matchedPolicy.action === "require_consent") {
+                    const decision = await requestConsent(serverId, toolName, args);
+                    if (decision === "rejected") {
+                        const msg = `'${serverId}__${toolName}' rejected by user (policy: ${matchedPolicy.name})`;
+                        logCall(makeEntry(serverId, toolName, args, null, startedAt, msg, true, "high", []));
+                        throw new Error(msg);
+                    }
+                    if (decision === "timeout") {
+                        const msg = `'${serverId}__${toolName}' consent timed out (policy: ${matchedPolicy.name})`;
+                        logCall(makeEntry(serverId, toolName, args, null, startedAt, msg, true, "medium", []));
+                        throw new Error(msg);
+                    }
+                    // approved or skipped → proceed
+                }
+            }
+            // ── Consent gate (Layer 5 — human-in-the-loop for high-risk tools) ─
+            if (!matchedPolicy && isHighRisk(toolName)) {
+                const decision = await requestConsent(serverId, toolName, args);
+                if (decision === "rejected") {
+                    const msg = `'${serverId}__${toolName}' was rejected by the user`;
+                    logCall(makeEntry(serverId, toolName, args, null, startedAt, msg, true, "high", []));
+                    throw new Error(msg);
+                }
+                if (decision === "timeout") {
+                    const msg = `'${serverId}__${toolName}' consent request timed out — action blocked`;
+                    logCall(makeEntry(serverId, toolName, args, null, startedAt, msg, true, "medium", []));
+                    throw new Error(msg);
+                }
+                // "approved" or "skipped" → proceed
+            }
+            result = await client.callTool({ name: toolName, arguments: args });
+            // ── Tool-response scan ────────────────────────────────────────────
+            // The gateway posts the tool result to the Torii backend, which decides
+            // verdicts. If TORII_API_KEY isn't set, or the endpoint isn't deployed
+            // yet, or the network fails, the scan is a no-op (graceful degrade).
+            scan = await scanToolResult(serverId, toolName, result);
+            if (scan?.blocked) {
+                const ids = scan.findings.map((f) => f.id).join(", ");
+                const errMsg = `Tool result from '${serverId}__${toolName}' blocked by security scanner ` +
+                    `[${scan.threat_level}]: ${ids}`;
+                logCall(makeEntry(serverId, toolName, args, null, startedAt, errMsg, true, scan.threat_level, scan.findings));
+                throw new Error(errMsg);
+            }
+            if (scan && !scan.safe) {
+                process.stderr.write(`[torii/security] ${serverId}__${toolName} flagged [${scan.threat_level}]: ` +
+                    scan.findings.map((f) => f.id).join(", ") + "\n");
+            }
+            logCall(makeEntry(serverId, toolName, args, result, startedAt, undefined, false, scan?.threat_level, scan?.findings));
+            return result;
+        }
+        catch (err) {
+            if (!(err instanceof Error && err.message.includes("blocked by security scanner"))) {
+                logCall(makeEntry(serverId, toolName, args, null, startedAt, err));
+            }
+            throw err;
+        }
+    });
+    const transport = new StdioServerTransport();
+    await mux.connect(transport);
+    process.stderr.write("[torii] gateway ready\n");
+}
+//# sourceMappingURL=index.js.map

package/dist/mux/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mux/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,MAAM,GAAG,GAAG,IAAI,CAAC;AAEjB,MAAM,UAAU,iBAAiB,CAAC,QAAgB,EAAE,QAAgB;IAClE,OAAO,GAAG,QAAQ,GAAG,GAAG,GAAG,QAAQ,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,YAAoB;IAEpB,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO;QACL,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QACpC,QAAQ,EAAE,YAAY,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;KAC/C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAA0B;IACxD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAEhE,MAAM,GAAG,GAAG,IAAI,MAAM,CACpB,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,EACnC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,GAAG,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;YACnC,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBAC1B,GAAG,IAAI;gBACP,IAAI,EAAE,iBAAiB,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,CAAC;gBACtC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG;aAC1E,CAAC,CAAC,CAAC;QACN,CAAC,CAAC,CACH,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC7D,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,MAAM,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,wCAAwC,CAAC,CAAC;QAEjG,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QACtC,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,iBAAiB,CAAC,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE7G,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,IAAI,MAAmD,CAAC;QACxD,IAAI,IAAI,GAA+C,IAAI,CAAC;QAE5D,IAAI,CAAC;YACH,sEAAsE;YACtE,MAAM,aAAa,GAAG,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;YAC/D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM;oBACpC,CAAC,CAAC,WAAW,aAAa,CAAC,IAAI,MAAM,aAAa,CAAC,MAAM,EAAE;oBAC3D,CAAC,CAAC,sBAAsB,aAAa,CAAC,IAAI,GAAG,CAAC;gBAEhD,IAAI,aAAa,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBACpC,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;oBAC3F,MAAM,IAAI,KAAK,CAAC,SAAS,QAAQ,KAAK,QAAQ,cAAc,SAAS,EAAE,CAAC,CAAC;gBAC3E,CAAC;gBAED,iFAAiF;gBACjF,IAAI,aAAa,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;oBAC/C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;oBAChE,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;wBAC5B,MAAM,GAAG,GAAG,IAAI,QAAQ,KAAK,QAAQ,+BAA+B,aAAa,CAAC,IAAI,GAAG,CAAC;wBAC1F,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;wBACrF,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;oBACvB,CAAC;oBACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;wBAC3B,MAAM,GAAG,GAAG,IAAI,QAAQ,KAAK,QAAQ,gCAAgC,aAAa,CAAC,IAAI,GAAG,CAAC;wBAC3F,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;wBACvF,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;oBACvB,CAAC;oBACD,gCAAgC;gBAClC,CAAC;YACH,CAAC;YAED,sEAAsE;YACtE,IAAI,CAAC,aAAa,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3C,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;gBAChE,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;oBAC5B,MAAM,GAAG,GAAG,IAAI,QAAQ,KAAK,QAAQ,4BAA4B,CAAC;oBAClE,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;oBACrF,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvB,CAAC;gBACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAC3B,MAAM,GAAG,GAAG,IAAI,QAAQ,KAAK,QAAQ,8CAA8C,CAAC;oBACpF,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;oBACvF,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvB,CAAC;gBACD,oCAAoC;YACtC,CAAC;YAED,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEpE,qEAAqE;YACrE,wEAAwE;YACxE,uEAAuE;YACvE,qEAAqE;YACrE,IAAI,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YAExD,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtD,MAAM,MAAM,GACV,qBAAqB,QAAQ,KAAK,QAAQ,gCAAgC;oBAC1E,IAAI,IAAI,CAAC,YAAY,MAAM,GAAG,EAAE,CAAC;gBACnC,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAC9G,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;YAED,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oBAAoB,QAAQ,KAAK,QAAQ,aAAa,IAAI,CAAC,YAAY,KAAK;oBAC5E,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CACjD,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtH,OAAO,MAAiC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,CAAC,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC;gBACnF,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;AAClD,CAAC"}

package/dist/process/manager.d.ts

@@ -0,0 +1,12 @@
+import type { ToriiConfig, ConnectedServer } from "../core/index.js";
+/**
+ * Starts all enabled servers defined in the config and returns their
+ * connected handles. Failures on individual servers are logged and skipped
+ * so that a single broken server doesn't prevent the gateway from starting.
+ */
+export declare function startServers(config: ToriiConfig): Promise<ConnectedServer[]>;
+/**
+ * Gracefully closes all connected servers.
+ */
+export declare function stopServers(servers: ConnectedServer[]): Promise<void>;
+//# sourceMappingURL=manager.d.ts.map

package/dist/process/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/process/manager.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AA6BrE;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CA2ClF;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAW3E"}

package/dist/process/manager.js

@@ -0,0 +1,79 @@
+import { resolveEnv } from "../core/index.js";
+import { spawnServer } from "../runners/stdio.js";
+import { loadPolicies, startPolicyRefresh } from "../security/policy.js";
+/**
+ * Fetches decrypted credentials for a server from the Torii Vault API.
+ * Returns empty object if TORII_API_URL / TORII_API_KEY are not set, or on
+ * any network error (graceful degradation — vault is optional).
+ */
+async function fetchVaultSecrets(serverId) {
+    const apiUrl = process.env.TORII_API_URL;
+    const apiKey = process.env.TORII_API_KEY;
+    if (!apiUrl || !apiKey)
+        return {};
+    try {
+        const res = await fetch(`${apiUrl}/v1/vault/secrets/${encodeURIComponent(serverId)}`, {
+            headers: { "X-Torii-Key": apiKey },
+            signal: AbortSignal.timeout(3000),
+        });
+        if (!res.ok)
+            return {};
+        return (await res.json());
+    }
+    catch {
+        process.stderr.write(`[torii] warn: could not fetch vault secrets for '${serverId}' — continuing without them\n`);
+        return {};
+    }
+}
+/**
+ * Starts all enabled servers defined in the config and returns their
+ * connected handles. Failures on individual servers are logged and skipped
+ * so that a single broken server doesn't prevent the gateway from starting.
+ */
+export async function startServers(config) {
+    // Load policies from API (non-blocking — failure is graceful)
+    await loadPolicies();
+    startPolicyRefresh();
+    const enabled = config.servers.filter((s) => s.enabled !== false);
+    if (enabled.length === 0) {
+        throw new Error("No enabled servers found in config. Set enabled: true on at least one server.");
+    }
+    const results = await Promise.allSettled(enabled.map(async (def) => {
+        process.stderr.write(`[torii] starting server '${def.id}'...\n`);
+        // Vault provides base credentials; config env block can override per-key
+        const vaultEnv = await fetchVaultSecrets(def.id);
+        const configEnv = resolveEnv(def.env ?? {});
+        const env = { ...vaultEnv, ...configEnv };
+        const client = await spawnServer(def, env);
+        process.stderr.write(`[torii] server '${def.id}' ready\n`);
+        return { id: def.id, client };
+    }));
+    const connected = [];
+    for (const result of results) {
+        if (result.status === "fulfilled") {
+            connected.push(result.value);
+        }
+        else {
+            process.stderr.write(`[torii] error: failed to start server — ${result.reason}\n`);
+        }
+    }
+    if (connected.length === 0) {
+        throw new Error("All servers failed to start. Check the errors above.");
+    }
+    return connected;
+}
+/**
+ * Gracefully closes all connected servers.
+ */
+export async function stopServers(servers) {
+    await Promise.allSettled(servers.map(async ({ id, client }) => {
+        try {
+            await client.close();
+            process.stderr.write(`[torii] server '${id}' stopped\n`);
+        }
+        catch {
+            // Ignore close errors during shutdown
+        }
+    }));
+}
+//# sourceMappingURL=manager.js.map

package/dist/process/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/process/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEzE;;;;GAIG;AACH,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACzC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,qBAAqB,kBAAkB,CAAC,QAAQ,CAAC,EAAE,EAAE;YACpF,OAAO,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE;YAClC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACvB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oDAAoD,QAAQ,+BAA+B,CAC5F,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,MAAmB;IACpD,8DAA8D;IAC9D,MAAM,YAAY,EAAE,CAAC;IACrB,kBAAkB,EAAE,CAAC;IAErB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;IAElE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;IACnG,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CACtC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;QAEjE,yEAAyE;QACzE,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACjD,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,SAAS,EAAE,CAAC;QAE1C,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QAC3D,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,MAAM,EAA4B,CAAC;IAC1D,CAAC,CAAC,CACH,CAAC;IAEF,MAAM,SAAS,GAAsB,EAAE,CAAC;IAExC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,2CAA2C,MAAM,CAAC,MAAM,IAAI,CAC7D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,OAA0B;IAC1D,MAAM,OAAO,CAAC,UAAU,CACtB,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,aAAa,CAAC,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/runners/stdio.d.ts

@@ -0,0 +1,7 @@
+import type { ServerDefinition, MuxClient } from "../core/index.js";
+/**
+ * Spawns a server as a child process and connects to it via MCP stdio.
+ * Returns a MuxClient that the multiplexer can talk to.
+ */
+export declare function spawnServer(def: ServerDefinition, resolvedEnv: Record<string, string>): Promise<MuxClient>;
+//# sourceMappingURL=stdio.d.ts.map

package/dist/runners/stdio.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../../src/runners/stdio.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAwCpE;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,GAAG,EAAE,gBAAgB,EACrB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,OAAO,CAAC,SAAS,CAAC,CAgCpB"}

package/dist/runners/stdio.js

@@ -0,0 +1,63 @@
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+/**
+ * Returns the shell command needed to start a server based on its source type.
+ * Currently handles npm and pypi. Docker/repo/remote runners are Phase 3.
+ */
+function resolveCommand(def) {
+    const { source } = def;
+    switch (source.type) {
+        case "npm": {
+            const pkg = source.version
+                ? `${source.package}@${source.version}`
+                : source.package;
+            return { command: "npx", args: ["-y", pkg] };
+        }
+        case "pypi": {
+            const pkg = source.version
+                ? `${source.package}==${source.version}`
+                : source.package;
+            // uvx runs a PyPI tool in an isolated venv without a global install
+            return { command: "uvx", args: [pkg] };
+        }
+        case "local":
+            // Run a pre-built JS entry point directly with the current Node binary.
+            // Useful for monorepo development before packages are published to npm.
+            return { command: process.execPath, args: [source.path] };
+        case "docker":
+        case "repo":
+        case "remote":
+            throw new Error(`Runner for source type '${source.type}' is not implemented yet. ` +
+                `Only 'npm', 'pypi', and 'local' are supported in Phase 1.`);
+    }
+}
+/**
+ * Spawns a server as a child process and connects to it via MCP stdio.
+ * Returns a MuxClient that the multiplexer can talk to.
+ */
+export async function spawnServer(def, resolvedEnv) {
+    const { command, args } = resolveCommand(def);
+    const transport = new StdioClientTransport({
+        command,
+        args,
+        env: {
+            ...process.env,
+            ...resolvedEnv,
+        },
+    });
+    const client = new Client({ name: "torii-gateway", version: "0.1.0" }, { capabilities: {} });
+    try {
+        await client.connect(transport);
+    }
+    catch (err) {
+        throw new Error(`Failed to connect to server '${def.id}' ` +
+            `(${command} ${args.join(" ")}): ${err.message}`);
+    }
+    // Wrap the SDK client in the MuxClient interface
+    return {
+        listTools: () => client.listTools(),
+        callTool: (params) => client.callTool(params),
+        close: () => client.close(),
+    };
+}
+//# sourceMappingURL=stdio.js.map

package/dist/runners/stdio.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.js","sourceRoot":"","sources":["../../src/runners/stdio.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAGjF;;;GAGG;AACH,SAAS,cAAc,CAAC,GAAqB;IAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;IAEvB,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,KAAK,CAAC,CAAC,CAAC;YACX,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO;gBACxB,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE;gBACvC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YACnB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;QAC/C,CAAC;QAED,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO;gBACxB,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,OAAO,EAAE;gBACxC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YACnB,oEAAoE;YACpE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,CAAC;QAED,KAAK,OAAO;YACV,wEAAwE;YACxE,wEAAwE;YACxE,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAE5D,KAAK,QAAQ,CAAC;QACd,KAAK,MAAM,CAAC;QACZ,KAAK,QAAQ;YACX,MAAM,IAAI,KAAK,CACb,2BAA2B,MAAM,CAAC,IAAI,4BAA4B;gBAChE,2DAA2D,CAC9D,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,GAAqB,EACrB,WAAmC;IAEnC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAE9C,MAAM,SAAS,GAAG,IAAI,oBAAoB,CAAC;QACzC,OAAO;QACP,IAAI;QACJ,GAAG,EAAE;YACH,GAAG,OAAO,CAAC,GAAG;YACd,GAAG,WAAW;SACW;KAC5B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,EAC3C,EAAE,YAAY,EAAE,EAAE,EAAE,CACrB,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,CAAC,EAAE,IAAI;YACxC,IAAI,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAO,GAAa,CAAC,OAAO,EAAE,CAC9D,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,OAAO;QACL,SAAS,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,SAAS,EAAE;QACnC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAsC;QAClF,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE;KAC5B,CAAC;AACJ,CAAC"}

package/dist/security/consent.d.ts

@@ -0,0 +1,5 @@
+export declare function isHighRisk(toolName: string): boolean;
+type Decision = "approved" | "rejected" | "timeout" | "skipped";
+export declare function requestConsent(serverId: string, toolName: string, args: unknown): Promise<Decision>;
+export {};
+//# sourceMappingURL=consent.d.ts.map

package/dist/security/consent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent.d.ts","sourceRoot":"","sources":["../../src/security/consent.ts"],"names":[],"mappings":"AAWA,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEpD;AAID,KAAK,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,GAAG,SAAS,CAAC;AAEhE,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,OAAO,GACZ,OAAO,CAAC,QAAQ,CAAC,CA4CnB"}

package/dist/security/consent.js

@@ -0,0 +1,49 @@
+// ── High-risk tool patterns ────────────────────────────────────────────────
+// These trigger a consent request before the tool executes.
+const HIGH_RISK = [
+    /\b(delete|destroy|drop|purge|wipe|remove)\b/i,
+    /\b(deploy|release|publish|push_to)\b/i,
+    /\b(execute|eval|run_command|shell|exec)\b/i,
+    /\b(send_email|send_message|notify|alert)\b/i,
+    /\b(transfer|pay|charge|refund|cancel)\b/i,
+];
+export function isHighRisk(toolName) {
+    return HIGH_RISK.some((p) => p.test(toolName));
+}
+export async function requestConsent(serverId, toolName, args) {
+    const apiUrl = process.env.TORII_API_URL;
+    const apiKey = process.env.TORII_API_KEY;
+    // If gateway not connected to API, fail open (allow)
+    if (!apiUrl || !apiKey)
+        return "skipped";
+    try {
+        // 1. Create consent request
+        const createRes = await fetch(`${apiUrl}/v1/consent`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json", "X-Torii-Key": apiKey },
+            body: JSON.stringify({ serverId, toolName, args }),
+            signal: AbortSignal.timeout(5_000),
+        });
+        if (!createRes.ok) {
+            process.stderr.write(`[torii/consent] failed to create request (${createRes.status}) — allowing\n`);
+            return "skipped";
+        }
+        const { id } = (await createRes.json());
+        process.stderr.write(`[torii/consent] ⏳ waiting for approval: ${serverId}__${toolName} (id=${id})\n`);
+        // 2. Long-poll for resolution (up to 60 s)
+        const waitRes = await fetch(`${apiUrl}/v1/consent/${id}/wait?timeout=60`, {
+            headers: { "X-Torii-Key": apiKey },
+            signal: AbortSignal.timeout(70_000), // 60 s server + 10 s network buffer
+        });
+        if (!waitRes.ok)
+            return "timeout";
+        const { status } = (await waitRes.json());
+        process.stderr.write(`[torii/consent] ${id} → ${status}\n`);
+        return status;
+    }
+    catch (err) {
+        process.stderr.write(`[torii/consent] error for ${serverId}__${toolName}: ${err} — allowing\n`);
+        return "skipped"; // fail open: if consent service is unreachable, don't block
+    }
+}
+//# sourceMappingURL=consent.js.map

package/dist/security/consent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"consent.js","sourceRoot":"","sources":["../../src/security/consent.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,4DAA4D;AAE5D,MAAM,SAAS,GAAG;IAChB,8CAA8C;IAC9C,uCAAuC;IACvC,4CAA4C;IAC5C,6CAA6C;IAC7C,0CAA0C;CAC3C,CAAC;AAEF,MAAM,UAAU,UAAU,CAAC,QAAgB;IACzC,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AACjD,CAAC;AAMD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,QAAgB,EAChB,IAAa;IAEb,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IAEzC,qDAAqD;IACrD,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAEzC,IAAI,CAAC;QACH,4BAA4B;QAC5B,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,aAAa,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,EAAE;YACtE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAClD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;YAClB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,SAAS,CAAC,MAAM,gBAAgB,CAAC,CAAC;YACpG,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,EAAE,EAAE,EAAE,GAAG,CAAC,MAAM,SAAS,CAAC,IAAI,EAAE,CAAmB,CAAC;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,2CAA2C,QAAQ,KAAK,QAAQ,QAAQ,EAAE,KAAK,CAChF,CAAC;QAEF,2CAA2C;QAC3C,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,eAAe,EAAE,kBAAkB,EAAE;YACxE,OAAO,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE;YAClC,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,oCAAoC;SAC1E,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,OAAO,SAAS,CAAC;QAElC,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,CAAuB,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,MAAM,MAAM,IAAI,CAAC,CAAC;QAE5D,OAAO,MAAkB,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6BAA6B,QAAQ,KAAK,QAAQ,KAAK,GAAG,eAAe,CAC1E,CAAC;QACF,OAAO,SAAS,CAAC,CAAC,4DAA4D;IAChF,CAAC;AACH,CAAC"}

package/dist/security/policy.d.ts

@@ -0,0 +1,22 @@
+interface ArgsCondition {
+    field: string;
+    operator: "equals" | "contains" | "startsWith" | "endsWith" | "matches";
+    value: string;
+}
+export interface PolicyRule {
+    id: string;
+    name: string;
+    enabled: boolean;
+    serverPattern: string;
+    toolPattern: string;
+    argsCondition: ArgsCondition | null;
+    action: "deny" | "require_consent";
+    reason: string | null;
+    priority: number;
+}
+export declare function evaluatePolicy(serverId: string, toolName: string, args: unknown): PolicyRule | null;
+export declare function loadPolicies(): Promise<void>;
+export declare function startPolicyRefresh(intervalMs?: number): void;
+export declare function getPolicies(): PolicyRule[];
+export {};
+//# sourceMappingURL=policy.d.ts.map

package/dist/security/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/security/policy.ts"],"names":[],"mappings":"AAQA,UAAU,aAAa;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,QAAQ,GAAG,UAAU,GAAG,YAAY,GAAG,UAAU,GAAG,SAAS,CAAC;IACxE,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IACpC,MAAM,EAAE,MAAM,GAAG,iBAAiB,CAAC;IACnC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAgED,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,OAAO,GACZ,UAAU,GAAG,IAAI,CAYnB;AAID,wBAAsB,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC,CAkBlD;AAED,wBAAgB,kBAAkB,CAAC,UAAU,SAAS,GAAG,IAAI,CAO5D;AAED,wBAAgB,WAAW,IAAI,UAAU,EAAE,CAE1C"}