agentgate-mcp 0.2.0

package/src/integrations/captcha-solver.js

@@ -0,0 +1,128 @@
+import https from 'node:https';
+import { createLogger } from '../logger.js';
+
+const log = createLogger('captcha-solver');
+
+const CAPSOLVER_API = 'https://api.capsolver.com';
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+function postJson(url, body) {
+  return new Promise((resolve, reject) => {
+    const data = JSON.stringify(body);
+    const parsed = new URL(url);
+    const req = https.request(
+      {
+        hostname: parsed.hostname,
+        path: parsed.pathname,
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'Content-Length': Buffer.byteLength(data)
+        }
+      },
+      (res) => {
+        const chunks = [];
+        res.on('data', (chunk) => chunks.push(chunk));
+        res.on('end', () => {
+          const text = Buffer.concat(chunks).toString('utf8');
+          try {
+            resolve(JSON.parse(text));
+          } catch {
+            reject(new Error(`Invalid JSON from CapSolver: ${text.slice(0, 200)}`));
+          }
+        });
+      }
+    );
+    req.on('error', reject);
+    req.write(data);
+    req.end();
+  });
+}
+
+export class CaptchaSolver {
+  constructor({ vault }) {
+    this.vault = vault;
+  }
+
+  async solve({ serviceName, provider = 'capsolver', siteKey, siteUrl, captchaType = 'ReCaptchaV2TaskProxyLess', timeoutMs = 120_000 }) {
+    // Mock mode for testing
+    const mockToken = process.env.AGENTGATE_CAPTCHA_MOCK_TOKEN;
+    if (mockToken) {
+      log.info(`Returning mock CAPTCHA token for ${serviceName}`);
+      return { provider, service: serviceName, token: mockToken, source: 'mock' };
+    }
+
+    const apiKey = process.env.CAPSOLVER_API_KEY;
+    if (!apiKey) {
+      throw new Error(
+        'CAPTCHA requested but no solver configured. Set CAPSOLVER_API_KEY or AGENTGATE_CAPTCHA_MOCK_TOKEN.'
+      );
+    }
+
+    if (provider !== 'capsolver') {
+      throw new Error(`Unsupported CAPTCHA provider: ${provider}. Only "capsolver" is supported.`);
+    }
+
+    log.info(`Creating CAPTCHA task for ${serviceName}`, { captchaType });
+
+    // Create task
+    const createResult = await postJson(`${CAPSOLVER_API}/createTask`, {
+      clientKey: apiKey,
+      task: {
+        type: captchaType,
+        websiteURL: siteUrl || `https://${serviceName}.com`,
+        websiteKey: siteKey || ''
+      }
+    });
+
+    if (createResult.errorId && createResult.errorId !== 0) {
+      throw new Error(`CapSolver createTask error: ${createResult.errorDescription || createResult.errorCode}`);
+    }
+
+    const taskId = createResult.taskId;
+    if (!taskId) {
+      throw new Error('CapSolver did not return a taskId');
+    }
+
+    log.info(`CapSolver task created: ${taskId}`);
+
+    // Poll for result
+    const started = Date.now();
+    const pollMs = 3_000;
+
+    while (Date.now() - started < timeoutMs) {
+      await sleep(pollMs);
+
+      const result = await postJson(`${CAPSOLVER_API}/getTaskResult`, {
+        clientKey: apiKey,
+        taskId
+      });
+
+      if (result.errorId && result.errorId !== 0) {
+        throw new Error(`CapSolver error: ${result.errorDescription || result.errorCode}`);
+      }
+
+      if (result.status === 'ready') {
+        const token =
+          result.solution?.gRecaptchaResponse ||
+          result.solution?.token ||
+          result.solution?.text ||
+          '';
+
+        if (!token) {
+          throw new Error('CapSolver returned ready status but no token in solution');
+        }
+
+        log.info(`CAPTCHA solved for ${serviceName}`);
+        return { provider, service: serviceName, token, source: 'capsolver' };
+      }
+
+      log.debug(`CapSolver task ${taskId} still processing...`);
+    }
+
+    throw new Error(`CAPTCHA solving timed out after ${timeoutMs}ms for ${serviceName}`);
+  }
+}

package/src/integrations/gmail-watcher.js

@@ -0,0 +1,129 @@
+import https from 'node:https';
+import { createLogger } from '../logger.js';
+
+const log = createLogger('gmail-watcher');
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+function httpsRequest(url, options = {}) {
+  return new Promise((resolve, reject) => {
+    const req = https.request(url, options, (res) => {
+      const chunks = [];
+      res.on('data', (chunk) => chunks.push(chunk));
+      res.on('end', () => {
+        const body = Buffer.concat(chunks).toString('utf8');
+        if (res.statusCode >= 400) {
+          reject(new Error(`Gmail API ${res.statusCode}: ${body}`));
+        } else {
+          resolve(JSON.parse(body));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.end();
+  });
+}
+
+export class GmailWatcher {
+  constructor({ vault }) {
+    this.vault = vault;
+  }
+
+  async waitForCode({ serviceName, timeoutMs = 120_000, pollMs = 5_000, regex = '(\\d{6})' }) {
+    // Mock mode: environment variable override for testing
+    const mockCode = process.env.AGENTGATE_GMAIL_MOCK_CODE;
+    if (mockCode) {
+      const compiled = new RegExp(regex);
+      const match = mockCode.match(compiled);
+      if (match && match[1]) {
+        log.info(`Returning mock email code for ${serviceName}`);
+        return { code: match[1], source: 'mock', service: serviceName };
+      }
+    }
+
+    const payload = this.vault.getPayload();
+    const token = payload.google?.gmailOAuthToken;
+    if (!token) {
+      throw new Error('Gmail OAuth token missing. Run `agentgate setup`.');
+    }
+
+    log.info(`Polling Gmail for verification code from ${serviceName}`);
+    const started = Date.now();
+    const compiled = new RegExp(regex);
+    const searchAfter = Math.floor(started / 1000) - 60; // messages from last minute
+
+    while (Date.now() - started < timeoutMs) {
+      try {
+        const code = await this.pollOnce({ token, serviceName, compiled, searchAfter });
+        if (code) {
+          log.info(`Found verification code for ${serviceName}`);
+          return { code, source: 'gmail_api', service: serviceName };
+        }
+      } catch (error) {
+        log.warn(`Gmail poll error: ${error instanceof Error ? error.message : String(error)}`);
+      }
+
+      await sleep(pollMs);
+    }
+
+    throw new Error(`Timed out waiting for verification email for ${serviceName}`);
+  }
+
+  async pollOnce({ token, serviceName, compiled, searchAfter }) {
+    const query = encodeURIComponent(`from:${serviceName} after:${searchAfter} is:unread`);
+    const listUrl = `https://gmail.googleapis.com/gmail/v1/users/me/messages?q=${query}&maxResults=5`;
+
+    const listResult = await httpsRequest(listUrl, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+
+    if (!listResult.messages || listResult.messages.length === 0) {
+      return null;
+    }
+
+    for (const msg of listResult.messages) {
+      const msgUrl = `https://gmail.googleapis.com/gmail/v1/users/me/messages/${msg.id}?format=full`;
+      const detail = await httpsRequest(msgUrl, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+
+      const body = this.extractBody(detail);
+      if (!body) continue;
+
+      const match = body.match(compiled);
+      if (match && match[1]) {
+        return match[1];
+      }
+    }
+
+    return null;
+  }
+
+  extractBody(message) {
+    if (!message.payload) return null;
+
+    // Check snippet first (often contains the code)
+    if (message.snippet) {
+      return message.snippet;
+    }
+
+    // Decode body parts
+    const parts = message.payload.parts || [message.payload];
+    for (const part of parts) {
+      if (part.mimeType === 'text/plain' && part.body?.data) {
+        return Buffer.from(part.body.data, 'base64url').toString('utf8');
+      }
+    }
+
+    // Fallback to HTML part
+    for (const part of parts) {
+      if (part.mimeType === 'text/html' && part.body?.data) {
+        return Buffer.from(part.body.data, 'base64url').toString('utf8');
+      }
+    }
+
+    return null;
+  }
+}

package/src/logger.js

@@ -0,0 +1,120 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+const LEVELS = { debug: 0, info: 1, warn: 2, error: 3 };
+
+let globalLevel = LEVELS[process.env.AGENTGATE_LOG_LEVEL?.toLowerCase()] ?? LEVELS.info;
+let logStream = null;
+let logFilePath = null;
+let logFileSize = 0;
+const MAX_LOG_SIZE = 5 * 1024 * 1024; // 5MB
+const MAX_ROTATED = 3;
+
+export function setLogLevel(level) {
+  const normalized = String(level).toLowerCase();
+  if (normalized in LEVELS) {
+    globalLevel = LEVELS[normalized];
+  }
+}
+
+export function getLogLevel() {
+  return Object.entries(LEVELS).find(([, v]) => v === globalLevel)?.[0] ?? 'info';
+}
+
+export function enableFileLogging(logsDir) {
+  try {
+    fs.mkdirSync(logsDir, { recursive: true });
+    logFilePath = path.join(logsDir, 'agentgate.log');
+    rotateIfNeeded();
+    logStream = fs.createWriteStream(logFilePath, { flags: 'a', mode: 0o600 });
+    logFileSize = fs.existsSync(logFilePath) ? fs.statSync(logFilePath).size : 0;
+  } catch {
+    // File logging is optional — silently degrade
+    logStream = null;
+  }
+}
+
+function rotateIfNeeded() {
+  if (!logFilePath || !fs.existsSync(logFilePath)) return;
+  const stat = fs.statSync(logFilePath);
+  if (stat.size < MAX_LOG_SIZE) return;
+
+  for (let i = MAX_ROTATED - 1; i >= 1; i--) {
+    const src = `${logFilePath}.${i}`;
+    const dst = `${logFilePath}.${i + 1}`;
+    if (fs.existsSync(src)) {
+      try { fs.renameSync(src, dst); } catch { /* best effort */ }
+    }
+  }
+  try {
+    fs.renameSync(logFilePath, `${logFilePath}.1`);
+  } catch { /* best effort */ }
+  logFileSize = 0;
+}
+
+export function maskSecrets(str) {
+  if (typeof str !== 'string') return str;
+  // Mask strings that look like API keys (20+ chars), keeping last 4.
+  // Only mask strings with mixed character classes (upper+lower, or letters+digits)
+  // to avoid masking normal identifiers like function names.
+  return str.replace(/\b([A-Za-z0-9_\-]{20,})\b/g, (_match, key) => {
+    const hasUpper = /[A-Z]/.test(key);
+    const hasLower = /[a-z]/.test(key);
+    const hasDigit = /\d/.test(key);
+    const classCount = [hasUpper, hasLower, hasDigit].filter(Boolean).length;
+    if (classCount < 2) return key;
+    return `***${key.slice(-4)}`;
+  });
+}
+
+function formatEntry(level, module, msg, data) {
+  const entry = {
+    ts: new Date().toISOString(),
+    level,
+    module,
+    msg
+  };
+  if (data !== undefined) {
+    entry.data = data;
+  }
+  return JSON.stringify(entry);
+}
+
+function writeLog(line) {
+  process.stderr.write(line + '\n');
+
+  if (logStream) {
+    const bytes = Buffer.byteLength(line) + 1;
+    logFileSize += bytes;
+    logStream.write(line + '\n');
+    if (logFileSize >= MAX_LOG_SIZE) {
+      logStream.end();
+      rotateIfNeeded();
+      logStream = fs.createWriteStream(logFilePath, { flags: 'a', mode: 0o600 });
+    }
+  }
+}
+
+export function createLogger(module) {
+  function log(level, msg, data) {
+    if (LEVELS[level] < globalLevel) return;
+    const safeMsg = maskSecrets(msg);
+    const safeData = data !== undefined ? JSON.parse(maskSecrets(JSON.stringify(data))) : undefined;
+    const line = formatEntry(level, module, safeMsg, safeData);
+    writeLog(line);
+  }
+
+  return {
+    debug: (msg, data) => log('debug', msg, data),
+    info: (msg, data) => log('info', msg, data),
+    warn: (msg, data) => log('warn', msg, data),
+    error: (msg, data) => log('error', msg, data)
+  };
+}
+
+export function closeLogger() {
+  if (logStream) {
+    logStream.end();
+    logStream = null;
+  }
+}

package/src/mcp-server.js

@@ -0,0 +1,204 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import readline from 'node:readline';
+import { createLogger } from './logger.js';
+
+const log = createLogger('mcp-server');
+
+function loadVersion() {
+  try {
+    const pkgPath = path.resolve(import.meta.dirname, '..', 'package.json');
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+    return pkg.version || '0.0.0';
+  } catch {
+    return '0.0.0';
+  }
+}
+
+const VERSION = loadVersion();
+
+const TOOL_DEFS = [
+  {
+    name: 'get_or_create_key',
+    description:
+      'Get an API key for any service. Returns cached key if one exists, otherwise opens a browser ' +
+      'with the saved Google session to sign up and extract a new key. Works for ANY service — ' +
+      'just provide the service name and signup URL.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        service: {
+          type: 'string',
+          description: 'Service name (e.g. "openai", "anthropic", "twelvelabs")'
+        },
+        signup_url: {
+          type: 'string',
+          description: 'URL to the service signup or login page (e.g. "https://platform.openai.com/signup")'
+        },
+        api_key_url: {
+          type: 'string',
+          description: 'Direct URL to the API keys dashboard (e.g. "https://platform.openai.com/api-keys"). If provided, navigates here after sign-in to find/create the key.'
+        }
+      },
+      required: ['service', 'signup_url']
+    }
+  },
+  {
+    name: 'list_my_keys',
+    description: 'List all API keys stored by AgentGate, including active and revoked keys.',
+    inputSchema: {
+      type: 'object',
+      properties: {}
+    }
+  },
+  {
+    name: 'revoke_key',
+    description: 'Revoke the stored API key for a service. This only removes it from AgentGate — it does not revoke it on the provider side.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        service: {
+          type: 'string',
+          description: 'Service name to revoke the key for'
+        }
+      },
+      required: ['service']
+    }
+  },
+  {
+    name: 'check_key_status',
+    description: 'Check whether AgentGate has an active API key stored for a service.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        service: {
+          type: 'string',
+          description: 'Service name to check'
+        }
+      },
+      required: ['service']
+    }
+  }
+];
+
+export class McpServer {
+  constructor({ orchestrator }) {
+    this.orchestrator = orchestrator;
+    this.queue = Promise.resolve();
+    this.initialized = false;
+  }
+
+  start() {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      crlfDelay: Infinity
+    });
+
+    rl.on('line', (line) => {
+      this.queue = this.queue.then(() => this.processLine(line));
+    });
+
+    rl.on('close', () => {
+      log.info('stdin closed, shutting down');
+    });
+
+    log.info('MCP server started', { version: VERSION });
+  }
+
+  async processLine(line) {
+    const trimmed = line.trim();
+    if (!trimmed) return;
+
+    let request;
+    try {
+      request = JSON.parse(trimmed);
+    } catch {
+      this.write({
+        jsonrpc: '2.0',
+        error: { code: -32700, message: 'Parse error' },
+        id: null
+      });
+      return;
+    }
+
+    if (typeof request.id === 'undefined') {
+      this.handleNotification(request);
+      return;
+    }
+
+    try {
+      const result = await this.handleRequest(request);
+      this.write({ jsonrpc: '2.0', id: request.id, result });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : 'Unknown error';
+      log.error(`Request failed: ${request.method}`, { error: message });
+      this.write({
+        jsonrpc: '2.0',
+        id: request.id,
+        error: { code: -32000, message }
+      });
+    }
+  }
+
+  handleNotification(request) {
+    const { method } = request;
+    if (method === 'notifications/initialized') {
+      this.initialized = true;
+      log.info('Client initialized');
+    } else if (method === 'notifications/cancelled') {
+      log.info('Client cancelled request', { params: request.params });
+    } else {
+      log.debug(`Unhandled notification: ${method}`);
+    }
+  }
+
+  async handleRequest(request) {
+    const { method, params } = request;
+
+    if (method === 'initialize') {
+      return {
+        protocolVersion: '2024-11-05',
+        serverInfo: { name: 'agentgate', version: VERSION },
+        capabilities: { tools: {} }
+      };
+    }
+
+    if (method === 'ping') {
+      return {};
+    }
+
+    if (method === 'tools/list') {
+      return { tools: TOOL_DEFS };
+    }
+
+    if (method === 'tools/call') {
+      const { name, arguments: args } = params || {};
+      log.info(`Calling tool: ${name}`, { args });
+      const output = await this.callTool(name, args || {});
+      return {
+        content: [{ type: 'text', text: JSON.stringify(output) }]
+      };
+    }
+
+    throw new Error(`Unsupported method: ${method}`);
+  }
+
+  async callTool(name, args) {
+    switch (name) {
+      case 'get_or_create_key':
+        return this.orchestrator.getOrCreateKey(args);
+      case 'list_my_keys':
+        return this.orchestrator.getAllMyKeys();
+      case 'revoke_key':
+        return this.orchestrator.revokeKey(args.service);
+      case 'check_key_status':
+        return this.orchestrator.checkKeyStatus(args.service);
+      default:
+        throw new Error(`Unknown tool: ${name}`);
+    }
+  }
+
+  write(payload) {
+    process.stdout.write(`${JSON.stringify(payload)}\n`);
+  }
+}

package/src/orchestrator.js

@@ -0,0 +1,107 @@
+import { createLogger } from './logger.js';
+
+const log = createLogger('orchestrator');
+
+export class Orchestrator {
+  constructor({ db, registry, signupEngine }) {
+    this.db = db;
+    this.registry = registry;
+    this.signupEngine = signupEngine;
+  }
+
+  getAllMyKeys() {
+    return this.db.getAllKeys().map((row) => ({
+      service: row.service,
+      api_key: row.api_key,
+      status: row.status,
+      created_at: row.created_at,
+      updated_at: row.updated_at
+    }));
+  }
+
+  checkKeyStatus(service) {
+    const existing = this.db.getActiveKey(service);
+    if (!existing) {
+      return { service, exists: false, status: 'missing' };
+    }
+    return {
+      service,
+      exists: true,
+      status: existing.status,
+      created_at: existing.created_at,
+      updated_at: existing.updated_at
+    };
+  }
+
+  /**
+   * Get or create an API key for any service.
+   *
+   * @param {object} opts
+   * @param {string} opts.service - Service name (e.g. "openai")
+   * @param {string} opts.signup_url - Signup or login URL
+   * @param {string} [opts.api_key_url] - Direct URL to API keys dashboard
+   */
+  async getOrCreateKey({ service, signup_url, api_key_url }) {
+    if (!service) throw new Error('service is required');
+    if (!signup_url) throw new Error('signup_url is required');
+
+    // Check cache first
+    const existing = this.db.getActiveKey(service);
+    if (existing) {
+      log.info(`Returning cached key for ${service}`);
+      return {
+        service,
+        api_key: existing.api_key,
+        source: 'cache',
+        created_at: existing.created_at
+      };
+    }
+
+    // Build service definition — check registry for a recipe, else use smart mode
+    let serviceDef = this.registry.getService(service);
+
+    if (!serviceDef) {
+      // No recipe — create a dynamic service definition
+      serviceDef = {
+        name: service,
+        signup_url,
+        api_key_url: api_key_url || null,
+        workflow: [] // empty = smart navigation mode
+      };
+    } else {
+      // Recipe exists — override URLs if caller provided them
+      if (signup_url) serviceDef.signup_url = signup_url;
+      if (api_key_url) serviceDef.api_key_url = api_key_url;
+    }
+
+    log.info(`Creating key for ${service}`, {
+      mode: serviceDef.workflow?.length > 0 ? 'recipe' : 'smart',
+      signup_url: serviceDef.signup_url,
+      api_key_url: serviceDef.api_key_url
+    });
+
+    const fresh = await this.signupEngine.createKey(serviceDef);
+    const stored = this.db.upsertActiveKey({
+      service,
+      apiKey: fresh.apiKey,
+      metadata: fresh.metadata
+    });
+
+    log.info(`Key created for ${service}`, { source: fresh.metadata?.flow });
+
+    return {
+      service,
+      api_key: stored.api_key,
+      source: fresh.metadata?.flow || 'signup',
+      created_at: stored.created_at
+    };
+  }
+
+  revokeKey(service) {
+    const changed = this.db.revokeKey(service);
+    if (changed) {
+      log.info(`Revoked key for ${service}`);
+    }
+    return { service, revoked: changed };
+  }
+}