agent-tool-forge 0.3.0

package/lib/mcp-server.js

@@ -0,0 +1,252 @@
+/**
+ * MCP Server — Creates an MCP Server instance that proxies tool calls
+ * to internal API endpoints defined in tool_registry.
+ *
+ * Usage: const server = createMcpServer(db, config);
+ *   then: const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: undefined });
+ *         await server.connect(transport);
+ *         await transport.handleRequest(req, res, parsedBody);
+ */
+
+import { Server } from '@modelcontextprotocol/sdk/server';
+import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { getAllToolRegistry, insertMcpCallLog } from './db.js';
+
+/**
+ * Safe JSON.parse — returns null on failure.
+ * @param {string} str
+ * @returns {object|null}
+ */
+function safeParseJson(str) {
+  try { return JSON.parse(str); } catch { return null; }
+}
+
+/**
+ * Call a tool's mcpRouting endpoint with the provided arguments.
+ * Builds URL from config.api.baseUrl + tool's mcpRouting.endpoint.
+ * Maps tool arguments to path params, query params, or body via paramMap.
+ *
+ * @param {object} spec - Parsed tool spec with mcpRouting
+ * @param {object} args - Tool call arguments
+ * @param {object} config - forge config with api.baseUrl
+ * @param {string|null} [userJwt] - User JWT to forward as Authorization header
+ * @returns {Promise<{ status: number; body: object; error: string|null }>}
+ */
+async function callToolEndpoint(spec, args, config, userJwt = null) {
+  const baseUrl = (config.api?.baseUrl || 'http://localhost:3000').replace(/\/$/, '');
+  const routing = spec.mcpRouting || {};
+  const path = routing.endpoint || '/';
+  const method = (routing.method || 'GET').toUpperCase();
+  const paramMap = routing.paramMap || {};
+
+  // Build URL with path params substituted; collect query and body params
+  let url = baseUrl + path;
+  const queryParams = new URLSearchParams();
+  const bodyObj = {};
+
+  // Validate property names before use to prevent prototype pollution
+  const SAFE_PROP_NAME = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/;
+
+  for (const [toolParam, mapping] of Object.entries(paramMap)) {
+    const val = args[toolParam];
+    if (val === undefined) continue;
+    if (mapping.path) {
+      // Validate path param name before substituting into URL
+      if (SAFE_PROP_NAME.test(mapping.path)) {
+        url = url.replace(`{${mapping.path}}`, encodeURIComponent(String(val)));
+      }
+      // silently skip invalid path param names
+    } else if (mapping.query) {
+      if (!SAFE_PROP_NAME.test(mapping.query)) {
+        throw new Error(`Unsafe mapping.query key: ${mapping.query}`);
+      }
+      queryParams.set(mapping.query, String(val));
+    } else if (mapping.body) {
+      // Validate body property name to prevent prototype pollution
+      if (SAFE_PROP_NAME.test(mapping.body)) {
+        bodyObj[mapping.body] = val;
+      }
+      // silently skip invalid property names
+    }
+  }
+
+  if ([...queryParams].length > 0) url += '?' + queryParams.toString();
+
+  const fetchOpts = {
+    method,
+    headers: { 'Content-Type': 'application/json', 'Accept': 'application/json' },
+    signal: AbortSignal.timeout(30_000)
+  };
+  // Forward user JWT if present — allows the app's internal API to validate the user
+  if (userJwt) {
+    fetchOpts.headers['Authorization'] = `Bearer ${userJwt}`;
+  }
+  if (['POST', 'PUT', 'PATCH'].includes(method) && Object.keys(bodyObj).length > 0) {
+    fetchOpts.body = JSON.stringify(bodyObj);
+  }
+
+  const res = await fetch(url, fetchOpts);
+  const text = await res.text();
+  let body;
+  try { body = JSON.parse(text); } catch { body = { text }; }
+  return {
+    status: res.status,
+    body,
+    error: res.ok ? null : `HTTP ${res.status}: ${text.slice(0, 200)}`
+  };
+}
+
+/**
+ * Create an MCP Server that exposes promoted tools from tool_registry.
+ *
+ * @param {import('better-sqlite3').Database} db
+ * @param {object} config - forge.config.json contents
+ * @returns {import('@modelcontextprotocol/sdk/server').Server}
+ */
+export function createMcpServer(db, config, sidecarCtx = null) {
+  const server = new Server(
+    { name: 'forge-mcp-server', version: '1.0.0' },
+    { capabilities: { tools: {} } }
+  );
+
+  // ── tools/list ──────────────────────────────────────────────────────────
+  server.setRequestHandler(ListToolsRequestSchema, async () => {
+    const rows = getAllToolRegistry(db).filter(r => r.lifecycle_state === 'promoted');
+    const tools = [];
+    for (const row of rows) {
+      const spec = safeParseJson(row.spec_json);
+      if (!spec) {
+        console.error(`[mcp-server] Skipping tool "${row.tool_name}": malformed spec_json`);
+        continue;
+      }
+      const schema = spec.schema || {};
+      const properties = {};
+      const required = [];
+      for (const [k, v] of Object.entries(schema)) {
+        properties[k] = {
+          type: v.type || 'string',
+          description: v.description || k
+        };
+        if (!v.optional) required.push(k);
+      }
+      tools.push({
+        name: spec.name || row.tool_name,
+        description: spec.description || '',
+        inputSchema: {
+          type: 'object',
+          properties,
+          ...(required.length ? { required } : {})
+        }
+      });
+    }
+    return { tools };
+  });
+
+  // ── tools/call ───────────────────────────────────────────────────────────
+  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args = {} } = request.params;
+    const rows = getAllToolRegistry(db).filter(r => r.lifecycle_state === 'promoted');
+    const row = rows.find(r => {
+      const s = safeParseJson(r.spec_json);
+      return (s?.name || r.tool_name) === name;
+    });
+
+    if (!row) {
+      return {
+        content: [{ type: 'text', text: `Tool "${name}" not found or not promoted` }],
+        isError: true
+      };
+    }
+
+    const spec = safeParseJson(row.spec_json);
+    if (!spec?.mcpRouting?.endpoint) {
+      return {
+        content: [{ type: 'text', text: `Tool "${name}" has no mcpRouting configured` }],
+        isError: true
+      };
+    }
+
+    const start = Date.now();
+    let result;
+    try {
+      // MCP protocol doesn't carry user JWTs; tool calls made via MCP are
+      // service-level. Pass null explicitly so it's clear this is intentional,
+      // not an accidental omission. A future transport that carries identity
+      // should extract it from sidecarCtx.session and pass it here.
+      const userJwt = null; // MCP protocol doesn't carry user JWT
+      result = await callToolEndpoint(spec, args, config, userJwt);
+    } catch (err) {
+      const latency_ms = Date.now() - start;
+      try {
+        insertMcpCallLog(db, {
+          tool_name: name,
+          input_json: JSON.stringify(args),
+          status_code: 0,
+          latency_ms,
+          error: err.message
+        });
+      } catch (logErr) {
+        console.error('[mcp-server] Failed to log call error:', logErr.message);
+      }
+      return {
+        content: [{ type: 'text', text: `Connection error: ${err.message}` }],
+        isError: true
+      };
+    }
+
+    const latency_ms = Date.now() - start;
+    try {
+      insertMcpCallLog(db, {
+        tool_name: name,
+        input_json: JSON.stringify(args),
+        output_json: JSON.stringify(result.body),
+        status_code: result.status,
+        latency_ms,
+        error: result.error || null
+      });
+    } catch (logErr) {
+      console.error('[mcp-server] Failed to log call:', logErr.message);
+    }
+
+    if (result.error) {
+      return {
+        content: [{ type: 'text', text: result.error }],
+        isError: true
+      };
+    }
+
+    // Run verifiers if sidecar context is available
+    if (sidecarCtx?.verifierRunner) {
+      try {
+        await sidecarCtx.verifierRunner.loadFromDb(db);
+        const vResult = await sidecarCtx.verifierRunner.verify(name, args, result);
+        if (vResult.outcome === 'block') {
+          sidecarCtx.verifierRunner.logResult('mcp', name, vResult);
+          return {
+            content: [{ type: 'text', text: `Tool blocked by verifier "${vResult.verifierName}": ${vResult.message}` }],
+            isError: true
+          };
+        }
+        if (vResult.outcome === 'warn') {
+          sidecarCtx.verifierRunner.logResult('mcp', name, vResult);
+          return {
+            content: [
+              { type: 'text', text: `Warning from verifier "${vResult.verifierName}": ${vResult.message}` },
+              { type: 'text', text: JSON.stringify(result.body, null, 2) }
+            ],
+            structuredContent: result.body,
+            isError: false
+          };
+        }
+      } catch { /* verifier failure is non-fatal */ }
+    }
+
+    return {
+      content: [{ type: 'text', text: JSON.stringify(result.body, null, 2) }],
+      structuredContent: result.body,
+      isError: false
+    };
+  });
+
+  return server;
+}

package/lib/output-groups.js

@@ -0,0 +1,54 @@
+/**
+ * Output Groups — Infer which verifiers apply to which tools.
+ * Maps tool descriptions/tags to output groups, then to suggested verifiers.
+ */
+
+const OUTPUT_GROUP_KEYWORDS = {
+  holdings: ['holdings', 'positions', 'allocation', 'portfolio'],
+  dividends: ['dividends', 'income', 'yield', 'dividend'],
+  performance: ['performance', 'p&l', 'returns', 'net worth'],
+  transactions: ['transactions', 'orders', 'trades'],
+  quotes: ['quotes', 'prices', 'market data', 'market_data'],
+  weather: ['weather', 'temperature', 'humidity', 'conditions'],
+  forecast: ['forecast', 'prediction', 'outlook', 'precipitation']
+};
+
+const VERIFIER_GROUPS = {
+  source_attribution: ['*'],
+  concentration_risk: ['holdings'],
+  stale_data: ['holdings', 'performance', 'quotes', 'dividends', 'weather', 'forecast']
+};
+
+/**
+ * Infer output groups for a tool from its description and tags.
+ * @param {{ description?: string; tags?: string[]; name?: string }} tool
+ * @returns {string[]}
+ */
+export function inferOutputGroups(tool) {
+  const text = [
+    tool.description || '',
+    (tool.tags || []).join(' '),
+    tool.name || ''
+  ]
+    .join(' ')
+    .toLowerCase();
+  const groups = [];
+  for (const [group, keywords] of Object.entries(OUTPUT_GROUP_KEYWORDS)) {
+    if (keywords.some((k) => text.includes(k))) groups.push(group);
+  }
+  return groups.length > 0 ? groups : ['unknown'];
+}
+
+/**
+ * Get verifiers that would cover the given output groups.
+ * @param {string[]} outputGroups
+ * @returns {string[]}
+ */
+export function getVerifiersForGroups(outputGroups) {
+  const verifiers = new Set();
+  for (const [verifier, groups] of Object.entries(VERIFIER_GROUPS)) {
+    if (groups.includes('*')) verifiers.add(verifier);
+    else if (groups.some((g) => outputGroups.includes(g))) verifiers.add(verifier);
+  }
+  return Array.from(verifiers);
+}

package/lib/postgres-store.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Postgres-backed storage adapter for horizontal scaling.
+ *
+ * Mirrors the SQLite query function signatures from `db.js` but uses a `pg` Pool.
+ * Only loaded when `conversation.store === 'postgres'` (or `database.type === 'postgres'`) in config.
+ *
+ * Requires: `npm install pg`
+ */
+export class PostgresStore {
+  constructor(pgConfig: { connectionString: string });
+
+  /**
+   * Connect to Postgres and run schema migrations.
+   * Must be called before any other method.
+   */
+  connect(): Promise<this>;
+
+  /** Close the connection pool. */
+  close(): Promise<void>;
+
+  // ── Prompt versions ───────────────────────────────────────────────────────
+
+  getActivePrompt(): Promise<object | null>;
+  insertPromptVersion(row: { version: string; content: string; notes?: string | null }): Promise<number | null>;
+  activatePromptVersion(id: number): Promise<void>;
+
+  // ── User preferences ──────────────────────────────────────────────────────
+
+  getUserPreferences(userId: string): Promise<{ model: string | null; hitl_level: string | null } | null>;
+  upsertUserPreferences(userId: string, prefs: { model?: string; hitlLevel?: string }): Promise<void>;
+}