@veertu/anka-mcp 0.1.0

package/dist/config.js

@@ -0,0 +1,98 @@
+import { execFileSync } from "node:child_process";
+function parseIntEnv(value, fallback) {
+    if (!value)
+        return fallback;
+    const parsed = Number.parseInt(value, 10);
+    return Number.isFinite(parsed) ? parsed : fallback;
+}
+function parsePositiveIntEnv(value, fallback) {
+    const parsed = parseIntEnv(value, fallback);
+    return parsed > 0 ? parsed : fallback;
+}
+function parseNonNegativeIntEnv(value, fallback) {
+    const parsed = parseIntEnv(value, fallback);
+    return parsed >= 0 ? parsed : fallback;
+}
+function parseBoolEnv(value) {
+    if (!value)
+        return false;
+    return ["1", "true", "yes", "on"].includes(value.trim().toLowerCase());
+}
+function parseListEnv(value) {
+    if (!value)
+        return [];
+    return value
+        .split(",")
+        .map((item) => item.trim())
+        .filter((item) => item.length > 0);
+}
+function stripTrailingSlash(value) {
+    return value.replace(/\/+$/, "");
+}
+/** Detect whether the local anka CLI is usable by invoking `<bin> --version`. */
+function detectLocalAnka(bin) {
+    try {
+        execFileSync(bin, ["--version"], { stdio: "ignore", timeout: 5000 });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Resolve whether the local backend is enabled. `ANKA_LOCAL` may be
+ * `auto` (detect the binary), `on`, or `off`. When unset, `defaultMode`
+ * applies (`off` when a controller URL is configured, otherwise `auto`).
+ */
+function resolveLocalEnabled(value, bin, defaultMode = "auto") {
+    const mode = value?.trim().toLowerCase() || defaultMode;
+    if (mode === "on" || parseBoolEnv(mode))
+        return true;
+    if (mode === "off" || ["0", "false", "no"].includes(mode))
+        return false;
+    return detectLocalAnka(bin);
+}
+/** Build the runtime config from environment variables (read once at startup). */
+export function loadConfig(env = process.env) {
+    const ankaBin = env.ANKA_BIN?.trim() || "anka";
+    const controllerUrl = stripTrailingSlash(env.ANKA_CONTROLLER_URL?.trim() || "");
+    const controllerEnabled = controllerUrl.length > 0;
+    const defaultLocalMode = controllerEnabled ? "off" : "auto";
+    return {
+        httpPort: parsePositiveIntEnv(env.MCP_HTTP_PORT, 9111),
+        httpHost: env.MCP_HTTP_HOST?.trim() || "127.0.0.1",
+        authToken: env.MCP_AUTH_TOKEN?.trim() || "",
+        adminToken: env.MCP_ADMIN_TOKEN?.trim() || "",
+        dbPath: env.MCP_DB_PATH?.trim() || "./anka-mcp.db",
+        revokeCleanupEnabled: !["0", "false", "no", "off"].includes(env.MCP_REVOKE_CLEANUP?.trim().toLowerCase() ?? ""),
+        allowNoAuth: parseBoolEnv(env.MCP_ALLOW_NO_AUTH),
+        allowedOrigins: parseListEnv(env.MCP_ALLOWED_ORIGINS),
+        logEnabled: !["0", "false", "no", "off"].includes(env.MCP_LOG?.trim().toLowerCase() ?? ""),
+        auditLogPath: env.MCP_AUDIT_LOG?.trim() || "",
+        maxBodyBytes: parsePositiveIntEnv(env.MCP_MAX_BODY_BYTES, 1_048_576),
+        rateLimitRpm: parseNonNegativeIntEnv(env.MCP_RATE_LIMIT_RPM, 120),
+        sessionIdleMs: parsePositiveIntEnv(env.MCP_SESSION_IDLE_MS, 3_600_000),
+        maxSessions: parsePositiveIntEnv(env.MCP_MAX_SESSIONS, 50),
+        maxResponseChars: parsePositiveIntEnv(env.MCP_MAX_RESPONSE_CHARS, 32_768),
+        localEnabled: resolveLocalEnabled(env.ANKA_LOCAL, ankaBin, defaultLocalMode),
+        ankaBin,
+        ankaTimeoutMs: parsePositiveIntEnv(env.ANKA_TIMEOUT_MS, 300_000),
+        localMaxVms: parseNonNegativeIntEnv(env.ANKA_LOCAL_MAX_VMS, 2),
+        localPollIntervalMs: parsePositiveIntEnv(env.ANKA_LOCAL_POLL_INTERVAL_MS, 2000),
+        localIpTimeoutMs: parsePositiveIntEnv(env.ANKA_LOCAL_IP_TIMEOUT_MS, 120_000),
+        controllerEnabled,
+        controllerUrl,
+        controllerAuth: env.ANKA_CONTROLLER_AUTH?.trim() || "",
+        controllerTlsInsecure: parseBoolEnv(env.ANKA_CONTROLLER_TLS_INSECURE),
+        controllerPollIntervalMs: parsePositiveIntEnv(env.ANKA_CONTROLLER_POLL_INTERVAL_MS, 3000),
+        controllerStartTimeoutMs: parsePositiveIntEnv(env.ANKA_CONTROLLER_START_TIMEOUT_MS, 180_000),
+        controllerSshProbeEnabled: !["0", "false", "no", "off"].includes(env.ANKA_CONTROLLER_SSH_PROBE?.trim().toLowerCase() ?? ""),
+        vmSshUser: env.ANKA_VM_SSH_USER?.trim() || "anka",
+        vmSshPassword: env.ANKA_VM_SSH_PASSWORD ?? "admin",
+        vmSshGuestPort: parsePositiveIntEnv(env.ANKA_VM_SSH_GUEST_PORT, 22),
+        serverName: "anka-mcp",
+        serverVersion: "0.1.0"
+    };
+}
+export const config = loadConfig();
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AA8ElD,SAAS,WAAW,CAAC,KAAyB,EAAE,QAAgB;IAC9D,IAAI,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AACrD,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAyB,EAAE,QAAgB;IACtE,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC5C,OAAO,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AACxC,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAyB,EAAE,QAAgB;IACzE,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC5C,OAAO,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;AACzC,CAAC;AAED,SAAS,YAAY,CAAC,KAAyB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,SAAS,YAAY,CAAC,KAAyB;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACnC,CAAC;AAED,iFAAiF;AACjF,SAAS,eAAe,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,YAAY,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAC1B,KAAyB,EACzB,GAAW,EACX,cAA8B,MAAM;IAEpC,MAAM,IAAI,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,WAAW,CAAC;IACxD,IAAI,IAAI,KAAK,IAAI,IAAI,YAAY,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,IAAI,KAAK,KAAK,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACxE,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,UAAU,CAAC,MAAyB,OAAO,CAAC,GAAG;IAC7D,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,MAAM,CAAC;IAC/C,MAAM,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAChF,MAAM,iBAAiB,GAAG,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC;IACnD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAE5D,OAAO;QACL,QAAQ,EAAE,mBAAmB,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC;QACtD,QAAQ,EAAE,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,IAAI,WAAW;QAClD,SAAS,EAAE,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,EAAE;QAC3C,UAAU,EAAE,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,EAAE;QAC7C,MAAM,EAAE,GAAG,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,eAAe;QAClD,oBAAoB,EAAE,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CACzD,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,EAAE,CACnD;QACD,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAChD,cAAc,EAAE,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACrD,UAAU,EAAE,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC;QAC1F,YAAY,EAAE,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,IAAI,EAAE;QAC7C,YAAY,EAAE,mBAAmB,CAAC,GAAG,CAAC,kBAAkB,EAAE,SAAS,CAAC;QACpE,YAAY,EAAE,sBAAsB,CAAC,GAAG,CAAC,kBAAkB,EAAE,GAAG,CAAC;QACjE,aAAa,EAAE,mBAAmB,CAAC,GAAG,CAAC,mBAAmB,EAAE,SAAS,CAAC;QACtE,WAAW,EAAE,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,EAAE,EAAE,CAAC;QAC1D,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,CAAC,sBAAsB,EAAE,MAAM,CAAC;QAEzE,YAAY,EAAE,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,EAAE,gBAAgB,CAAC;QAC5E,OAAO;QACP,aAAa,EAAE,mBAAmB,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC;QAChE,WAAW,EAAE,sBAAsB,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAC9D,mBAAmB,EAAE,mBAAmB,CAAC,GAAG,CAAC,2BAA2B,EAAE,IAAI,CAAC;QAC/E,gBAAgB,EAAE,mBAAmB,CAAC,GAAG,CAAC,wBAAwB,EAAE,OAAO,CAAC;QAE5E,iBAAiB;QACjB,aAAa;QACb,cAAc,EAAE,GAAG,CAAC,oBAAoB,EAAE,IAAI,EAAE,IAAI,EAAE;QACtD,qBAAqB,EAAE,YAAY,CAAC,GAAG,CAAC,4BAA4B,CAAC;QACrE,wBAAwB,EAAE,mBAAmB,CAAC,GAAG,CAAC,gCAAgC,EAAE,IAAI,CAAC;QACzF,wBAAwB,EAAE,mBAAmB,CAAC,GAAG,CAAC,gCAAgC,EAAE,OAAO,CAAC;QAC5F,yBAAyB,EAAE,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAC9D,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,IAAI,EAAE,CAC1D;QAED,SAAS,EAAE,GAAG,CAAC,gBAAgB,EAAE,IAAI,EAAE,IAAI,MAAM;QACjD,aAAa,EAAE,GAAG,CAAC,oBAAoB,IAAI,OAAO;QAClD,cAAc,EAAE,mBAAmB,CAAC,GAAG,CAAC,sBAAsB,EAAE,EAAE,CAAC;QAEnE,UAAU,EAAE,UAAU;QACtB,aAAa,EAAE,OAAO;KACvB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC"}

package/dist/controller.d.ts

@@ -0,0 +1,73 @@
+export interface PortForwardingRule {
+    guest_port: number;
+    host_port?: number;
+    protocol?: string;
+    name?: string;
+}
+/** Subset of the `vminfo` object we rely on (other fields are passed through). */
+export interface VmInfo {
+    uuid?: string;
+    name?: string;
+    status?: string;
+    host_ip?: string;
+    ip?: string;
+    vnc_port?: number;
+    port_forwarding?: PortForwardingRule[];
+    [key: string]: unknown;
+}
+/** A controller VM instance as returned by GET /api/v1/vm?id=. */
+export interface Instance {
+    instance_id?: string;
+    instance_state?: string;
+    vmid?: string;
+    tag?: string;
+    vminfo?: VmInfo;
+    [key: string]: unknown;
+}
+export interface RegistryTemplate {
+    id: string;
+    name: string;
+    arch?: string;
+    [key: string]: unknown;
+}
+export interface SshEndpoint {
+    host: string;
+    port: number;
+    username: string;
+}
+export interface StartVmRequest {
+    vmid: string;
+    tag?: string;
+    name?: string;
+    externalId?: string;
+    /** When true, attach an SSH port-forward rule even if the template lacks one. */
+    addSshPortForward?: boolean;
+    /** Base64-encoded startup script (controller `startup_script` field). */
+    startupScript?: string;
+}
+/** Raised when the controller responds with a non-OK status or a transport error. */
+export declare class ControllerError extends Error {
+}
+export declare class ControllerClient {
+    private readonly baseUrl;
+    private readonly authHeader;
+    constructor(baseUrl?: string, authHeader?: string);
+    private request;
+    /** List registry templates so a caller can find the vmid/tag to start from. */
+    listTemplates(): Promise<RegistryTemplate[]>;
+    /** Start a single VM instance from a template; returns the new instance id. */
+    startVm(req: StartVmRequest): Promise<string>;
+    /** Fetch a single instance's full record. */
+    getVm(instanceId: string): Promise<Instance>;
+    /** Terminate a running instance. */
+    terminateVm(instanceId: string): Promise<void>;
+}
+/**
+ * Pull SSH endpoint details out of a vminfo object: forwarded host port for the
+ * SSH guest port plus the configured username. Returns undefined when the VM is
+ * not yet reachable over SSH.
+ */
+export declare function extractSshEndpoint(vminfo: VmInfo | undefined): SshEndpoint | undefined;
+/** True once the controller reports a started VM with a forwarded SSH port. */
+export declare function isSshReady(instance: Instance): boolean;
+export declare const controller: ControllerClient;

package/dist/controller.js

@@ -0,0 +1,125 @@
+import { config } from "./config.js";
+import { logControllerRequest } from "./log.js";
+/** Raised when the controller responds with a non-OK status or a transport error. */
+export class ControllerError extends Error {
+}
+export class ControllerClient {
+    baseUrl;
+    authHeader;
+    constructor(baseUrl = config.controllerUrl, authHeader = config.controllerAuth) {
+        this.baseUrl = baseUrl.replace(/\/+$/, "");
+        this.authHeader = authHeader;
+        // Global fetch (undici) has no per-request TLS toggle; opt out process-wide.
+        if (config.controllerTlsInsecure) {
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+        }
+    }
+    async request(method, path, body) {
+        const headers = { "Content-Type": "application/json" };
+        if (this.authHeader)
+            headers.Authorization = this.authHeader;
+        let response;
+        try {
+            response = await fetch(`${this.baseUrl}${path}`, {
+                method,
+                headers,
+                body: body === undefined ? undefined : JSON.stringify(body)
+            });
+        }
+        catch (error) {
+            const detail = String(error);
+            logControllerRequest(method, path, { ok: false, detail });
+            throw new ControllerError(`Failed to reach controller at ${this.baseUrl}: ${detail}`);
+        }
+        const text = await response.text();
+        let envelope;
+        if (text.trim()) {
+            try {
+                envelope = JSON.parse(text);
+            }
+            catch {
+                // Fall through to the HTTP-status check below.
+            }
+        }
+        if (!response.ok) {
+            const detail = envelope?.message || text || `HTTP ${response.status}`;
+            logControllerRequest(method, path, { ok: false, detail });
+            throw new ControllerError(`Controller request failed (${method} ${path}): ${detail}`);
+        }
+        if (envelope && envelope.status && envelope.status !== "OK") {
+            const detail = envelope.message || envelope.status;
+            logControllerRequest(method, path, { ok: false, detail });
+            throw new ControllerError(`Controller request failed (${method} ${path}): ${detail}`);
+        }
+        logControllerRequest(method, path, { ok: true });
+        return (envelope ? envelope.body : undefined);
+    }
+    /** List registry templates so a caller can find the vmid/tag to start from. */
+    async listTemplates() {
+        const body = await this.request("GET", "/api/v1/registry/vm");
+        return body ?? [];
+    }
+    /** Start a single VM instance from a template; returns the new instance id. */
+    async startVm(req) {
+        const payload = { vmid: req.vmid, count: 1 };
+        if (req.tag)
+            payload.tag = req.tag;
+        if (req.name)
+            payload.name = req.name;
+        if (req.externalId)
+            payload.external_id = req.externalId;
+        if (req.addSshPortForward) {
+            payload.port_forwarding_override = [
+                { name: "ssh", guest_port: String(config.vmSshGuestPort) }
+            ];
+        }
+        if (req.startupScript) {
+            payload.startup_script = req.startupScript;
+            // 1 = run immediately (before networking); installs the SSH key as early as possible.
+            payload.startup_script_condition = 1;
+        }
+        const body = await this.request("POST", "/api/v1/vm", payload);
+        const instanceId = body?.[0];
+        if (!instanceId) {
+            throw new ControllerError("Controller did not return an instance id for the started VM");
+        }
+        return instanceId;
+    }
+    /** Fetch a single instance's full record. */
+    async getVm(instanceId) {
+        const body = await this.request("GET", `/api/v1/vm?id=${encodeURIComponent(instanceId)}`);
+        if (!body) {
+            throw new ControllerError(`Instance ${instanceId} not found`);
+        }
+        return body;
+    }
+    /** Terminate a running instance. */
+    async terminateVm(instanceId) {
+        await this.request("DELETE", "/api/v1/vm", { id: instanceId });
+    }
+}
+/**
+ * Pull SSH endpoint details out of a vminfo object: forwarded host port for the
+ * SSH guest port plus the configured username. Returns undefined when the VM is
+ * not yet reachable over SSH.
+ */
+export function extractSshEndpoint(vminfo) {
+    if (!vminfo?.host_ip)
+        return undefined;
+    const rule = vminfo.port_forwarding?.find((entry) => entry.guest_port === config.vmSshGuestPort && entry.host_port);
+    if (!rule?.host_port)
+        return undefined;
+    return {
+        host: vminfo.host_ip,
+        port: rule.host_port,
+        username: config.vmSshUser
+    };
+}
+/** True once the controller reports a started VM with a forwarded SSH port. */
+export function isSshReady(instance) {
+    return (instance.instance_state === "Started" &&
+        instance.vminfo?.status === "running" &&
+        extractSshEndpoint(instance.vminfo) !== undefined);
+}
+export const controller = new ControllerClient();
+//# sourceMappingURL=controller.js.map

package/dist/controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"controller.js","sourceRoot":"","sources":["../src/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AA8DhD,qFAAqF;AACrF,MAAM,OAAO,eAAgB,SAAQ,KAAK;CAAG;AAE7C,MAAM,OAAO,gBAAgB;IACV,OAAO,CAAS;IAChB,UAAU,CAAS;IAEpC,YAAY,UAAkB,MAAM,CAAC,aAAa,EAAE,aAAqB,MAAM,CAAC,cAAc;QAC5F,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,6EAA6E;QAC7E,IAAI,MAAM,CAAC,qBAAqB,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,GAAG,CAAC;QACjD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,MAAiC,EACjC,IAAY,EACZ,IAAc;QAEd,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;QAC/E,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC;QAE7D,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,EAAE;gBAC/C,MAAM;gBACN,OAAO;gBACP,IAAI,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;aAC5D,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7B,oBAAoB,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1D,MAAM,IAAI,eAAe,CAAC,iCAAiC,IAAI,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,QAA2C,CAAC;QAChD,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA0B,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,+CAA+C;YACjD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACtE,oBAAoB,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1D,MAAM,IAAI,eAAe,CAAC,8BAA8B,MAAM,IAAI,IAAI,MAAM,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,QAAQ,IAAI,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YAC5D,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC;YACnD,oBAAoB,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC1D,MAAM,IAAI,eAAe,CAAC,8BAA8B,MAAM,IAAI,IAAI,MAAM,MAAM,EAAE,CAAC,CAAC;QACxF,CAAC;QAED,oBAAoB,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAM,CAAC;IACrD,CAAC;IAED,+EAA+E;IAC/E,KAAK,CAAC,aAAa;QACjB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAqB,KAAK,EAAE,qBAAqB,CAAC,CAAC;QAClF,OAAO,IAAI,IAAI,EAAE,CAAC;IACpB,CAAC;IAED,+EAA+E;IAC/E,KAAK,CAAC,OAAO,CAAC,GAAmB;QAC/B,MAAM,OAAO,GAA4B,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QACtE,IAAI,GAAG,CAAC,GAAG;YAAE,OAAO,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC;QACnC,IAAI,GAAG,CAAC,IAAI;YAAE,OAAO,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACtC,IAAI,GAAG,CAAC,UAAU;YAAE,OAAO,CAAC,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC;QACzD,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC1B,OAAO,CAAC,wBAAwB,GAAG;gBACjC,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;aAC3D,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,CAAC,aAAa,EAAE,CAAC;YACtB,OAAO,CAAC,cAAc,GAAG,GAAG,CAAC,aAAa,CAAC;YAC3C,sFAAsF;YACtF,OAAO,CAAC,wBAAwB,GAAG,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAW,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC,CAAC;QACzE,MAAM,UAAU,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,eAAe,CAAC,6DAA6D,CAAC,CAAC;QAC3F,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,6CAA6C;IAC7C,KAAK,CAAC,KAAK,CAAC,UAAkB;QAC5B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,KAAK,EACL,iBAAiB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAClD,CAAC;QACF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,eAAe,CAAC,YAAY,UAAU,YAAY,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oCAAoC;IACpC,KAAK,CAAC,WAAW,CAAC,UAAkB;QAClC,MAAM,IAAI,CAAC,OAAO,CAAU,QAAQ,EAAE,YAAY,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1E,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA0B;IAC3D,IAAI,CAAC,MAAM,EAAE,OAAO;QAAE,OAAO,SAAS,CAAC;IACvC,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,EAAE,IAAI,CACvC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,KAAK,MAAM,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,CACzE,CAAC;IACF,IAAI,CAAC,IAAI,EAAE,SAAS;QAAE,OAAO,SAAS,CAAC;IACvC,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,OAAO;QACpB,IAAI,EAAE,IAAI,CAAC,SAAS;QACpB,QAAQ,EAAE,MAAM,CAAC,SAAS;KAC3B,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,UAAU,CAAC,QAAkB;IAC3C,OAAO,CACL,QAAQ,CAAC,cAAc,KAAK,SAAS;QACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,KAAK,SAAS;QACrC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,SAAS,CAClD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,gBAAgB,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import { startHttp } from "./transports/http.js";
+startHttp().catch((error) => {
+    process.stderr.write(`anka-mcp: fatal error: ${String(error)}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAEjD,SAAS,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0BAA0B,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/log.d.ts

@@ -0,0 +1,107 @@
+import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+export interface McpClientInfo {
+    name?: string;
+    version?: string;
+}
+export interface RequestContext {
+    /** Compact label for logs: IP plus optional user-agent. */
+    source: string;
+    ip: string;
+    userAgent?: string;
+    sessionId?: string;
+    mcpClientName?: string;
+    mcpClientVersion?: string;
+    credentialId?: string;
+    credentialLabel?: string;
+}
+/** Log an auth failure (always written when logging is enabled). */
+export declare function logAuthFailure(source: string, route: string, reason?: string): void;
+/** Identifies who triggered a limit or security event in logs. */
+export interface LimitActor {
+    source?: string;
+    ip?: string;
+    credentialId?: string;
+    credentialLabel?: string;
+}
+/** Build actor fields from an Express request (includes credential when auth ran). */
+export declare function limitActorFromRequest(req: {
+    ip?: string;
+    socket: {
+        remoteAddress?: string | null;
+    };
+    headers: Record<string, string | string[] | undefined>;
+    mcpCredential?: {
+        credentialId: string;
+        credentialLabel?: string;
+    };
+}): LimitActor;
+/** Build actor fields from the current async request context. */
+export declare function limitActorFromContext(): LimitActor;
+/**
+ * Log that a configured limit was hit. Format:
+ * `LIMIT REACHED MCP_RATE_LIMIT_RPM=120 by source=… credential_id=… route=/mcp …`
+ */
+export declare function logLimitReached(opts: {
+    limit: string;
+    configured: string;
+    route?: string;
+    actor?: LimitActor;
+    detail?: string;
+}): void;
+/** Log MCP session lifecycle events. */
+export declare function logSessionEvent(event: "created" | "closed", sessionId: string, actor?: LimitActor): void;
+/** Log admin token lifecycle events (never logs plaintext secrets). */
+export declare function logAdminEvent(event: "token created" | "token revoked", detail: {
+    id: string;
+    label?: string;
+}): void;
+/** Run `fn` with request-scoped logging context (client source). */
+export declare function runWithRequestContext<T>(context: RequestContext, fn: () => T): T;
+/** Run async `fn` with request-scoped logging context. */
+export declare function runWithRequestContextAsync<T>(context: RequestContext, fn: () => Promise<T>): Promise<T>;
+export declare function getRequestSource(): string;
+export declare function getRequestContext(): RequestContext | undefined;
+/**
+ * Build a controller `external_id` that identifies the MCP caller for admins.
+ * Always includes client/IP/session context; an optional caller `ref` is appended.
+ */
+export declare function buildControllerExternalId(callerExternalId?: string): string;
+/** Build request-scoped context from an HTTP request and optional MCP client info. */
+export declare function buildRequestContext(req: {
+    ip?: string;
+    socket: {
+        remoteAddress?: string | null;
+    };
+    headers: Record<string, string | string[] | undefined>;
+    mcpCredential?: {
+        credentialId: string;
+        credentialLabel?: string;
+    };
+}, clientInfo?: McpClientInfo, sessionId?: string): RequestContext;
+/** Extract MCP clientInfo from an initialize JSON-RPC body. */
+export declare function mcpClientInfoFromBody(body: unknown): McpClientInfo | undefined;
+/** Build a compact client label from an Express request. */
+export declare function clientSourceFromRequest(req: {
+    ip?: string;
+    socket: {
+        remoteAddress?: string | null;
+    };
+    headers: Record<string, string | string[] | undefined>;
+}): string;
+/** Redact known secret fields before logging structured data. */
+export declare function sanitizeForLog(value: unknown): unknown;
+/** Extract JSON-RPC method name(s) from an MCP POST body. */
+export declare function mcpMethodsFromBody(body: unknown): string[];
+export declare function logMcpRequest(method: string, detail?: Record<string, unknown>): void;
+export declare function logToolCall(name: string, args: unknown, result: CallToolResult): void;
+export declare function logToolError(name: string, args: unknown, error: unknown): void;
+export declare function logAnkaCommand(args: string[], outcome: {
+    ok: boolean;
+    message?: string;
+}): void;
+export declare function logControllerRequest(method: string, path: string, outcome: {
+    ok: boolean;
+    detail?: string;
+}): void;
+/** Log the tool names registered at startup (always written, like the listen banner). */
+export declare function logStartupTools(toolNames: string[]): void;