airlock-bot 0.0.1 → 0.2.1

package/dist/stdio-mode.js

@@ -0,0 +1,130 @@
+import { ClientPool } from './pool/pool.js';
+import { requiredMcpsForAgent } from './pool/required-mcps.js';
+import { ToolRegistry } from './registry/registry.js';
+import { AllowlistEngine } from './allowlist/engine.js';
+import { HitlEngine } from './hitl/engine.js';
+import { HitlBatcher } from './hitl/batcher.js';
+import { AuditLogger } from './audit/logger.js';
+import { createHitlProvider } from './hitl/provider-factory.js';
+import { runStdioServer } from './transport/stdio-server.js';
+import { ConfigWatcher } from './config/watcher.js';
+import { getMcpConfigs } from './config/schema.js';
+import { buildAdapters } from './backend/factory.js';
+import { childLogger } from './util/logger.js';
+const log = childLogger('stdio-mode');
+export async function runStdioMode(config, agentId, configPath) {
+    const agentConfig = config.agents[agentId];
+    if (!agentConfig) {
+        throw new Error(`Unknown agent profile: ${agentId}`);
+    }
+    // Stdio mode uses stdin/stdout for MCP protocol — the stdio approval provider
+    // also reads from stdin, which would corrupt the MCP transport.
+    const providers = Array.isArray(config.approvals.provider)
+        ? config.approvals.provider
+        : [config.approvals.provider];
+    if (providers.some((p) => p.type === 'stdio')) {
+        throw new Error('Cannot use approval provider "stdio" in stdio mode — both the MCP transport and approval ' +
+            'provider would read from stdin. Use "telegram", "slack", "webhook", or "openclaw" instead.');
+    }
+    log.info({ agentId }, 'Starting Airlock in stdio mode');
+    let currentAgentConfig = agentConfig;
+    // Audit
+    const auditLogger = new AuditLogger(config.audit);
+    auditLogger.startDailyCleanup();
+    // Approvals — provider is created before engine, so forward calls via closure
+    // eslint-disable-next-line prefer-const
+    let hitlEngine;
+    const approvalForwarder = {
+        approve: (code) => hitlEngine.approve(code),
+        deny: (code, reason) => hitlEngine.deny(code, reason),
+    };
+    const hitlBatcher = new HitlBatcher(config.approvals.batch_window_ms);
+    const hitlProvider = createHitlProvider(config.approvals.provider, approvalForwarder);
+    hitlEngine = new HitlEngine(auditLogger, hitlProvider, config.approvals.timeout_ms);
+    hitlBatcher.onBatchReady((_agentId, requests) => {
+        void hitlProvider
+            .notify(requests)
+            .catch((err) => log.error({ err }, 'Failed to send approval notification'));
+    });
+    await hitlProvider.init();
+    await hitlEngine.recoverPending();
+    // Pool — only the MCPs this profile actually needs
+    const mcpConfigs = getMcpConfigs(config.providers);
+    const allMcpIds = Object.keys(mcpConfigs);
+    const neededIds = requiredMcpsForAgent(agentConfig, allMcpIds);
+    const filteredMcps = Object.fromEntries(neededIds.map((id) => [id, mcpConfigs[id]]));
+    log.info({ agentId, needed: neededIds, skipped: allMcpIds.filter((id) => !neededIds.includes(id)) }, 'Connecting to required MCPs only');
+    const pool = new ClientPool(filteredMcps);
+    pool.onClientReady((id) => {
+        log.info({ id }, 'MCP became ready, refreshing tool registry');
+        registry
+            .refresh()
+            .catch((err) => log.error({ err }, 'Failed to refresh registry after MCP ready'));
+    });
+    await pool.initialize();
+    // Build adapters from config (MCP, builtins, CLIs, APIs)
+    const adapters = buildAdapters(config, pool);
+    const allowlist = new AllowlistEngine(config.agents);
+    const registry = new ToolRegistry(adapters, allowlist, config.agents);
+    await registry.refresh();
+    // Hot reload — allowlists, agent config, security (not MCP connections or approval provider)
+    const watcher = new ConfigWatcher(configPath);
+    watcher.on('reload', (newConfig) => {
+        try {
+            if (newConfig.agents[agentId]) {
+                currentAgentConfig = newConfig.agents[agentId];
+            }
+            const newMcpConfigs = getMcpConfigs(newConfig.providers);
+            pool
+                .reload(newMcpConfigs)
+                .then(() => {
+                allowlist.reload(newConfig.agents);
+                registry.reloadAgents(newConfig.agents);
+                const newAdapters = buildAdapters(newConfig, pool);
+                registry.setAdapters(newAdapters);
+                return registry.refresh();
+            })
+                .then(() => {
+                log.info('Config reloaded: providers, allowlist, agent config, security');
+            })
+                .catch((err) => {
+                log.error({ err }, 'Failed to apply reloaded config');
+            });
+        }
+        catch (err) {
+            log.error({ err }, 'Failed to apply reloaded config');
+        }
+    });
+    watcher.start();
+    // Graceful shutdown
+    const shutdown = async () => {
+        log.info('Shutting down stdio mode');
+        try {
+            watcher.stop();
+            await registry.stopAll();
+            await pool.stop();
+            await hitlProvider.stop();
+            auditLogger.stop();
+        }
+        catch (err) {
+            log.error({ err }, 'Error during stdio shutdown');
+        }
+        process.exit(0);
+    };
+    process.on('SIGTERM', () => void shutdown());
+    process.on('SIGINT', () => void shutdown());
+    // No HTTP server — stdio only
+    await runStdioServer({
+        agentId,
+        agentConfig,
+        getAgentConfig: () => currentAgentConfig,
+        registry,
+        allowlist,
+        hitlEngine,
+        hitlBatcher,
+        hitlProvider,
+        auditLogger,
+        securityConfig: config.security,
+    });
+}
+//# sourceMappingURL=stdio-mode.js.map

package/dist/stdio-mode.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-mode.js","sourceRoot":"","sources":["../src/stdio-mode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGpD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;AAEtC,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAc,EACd,OAAe,EACf,UAAkB;IAElB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,0BAA0B,OAAO,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,8EAA8E;IAC9E,gEAAgE;IAChE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC;QACxD,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ;QAC3B,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAChC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CACb,2FAA2F;YACzF,4FAA4F,CAC/F,CAAC;IACJ,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,gCAAgC,CAAC,CAAC;IAExD,IAAI,kBAAkB,GAAG,WAAW,CAAC;IAErC,QAAQ;IACR,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClD,WAAW,CAAC,iBAAiB,EAAE,CAAC;IAEhC,8EAA8E;IAC9E,wCAAwC;IACxC,IAAI,UAAuB,CAAC;IAC5B,MAAM,iBAAiB,GAAgB;QACrC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC;QAC3C,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;KACtD,CAAC;IAEF,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IACtE,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IAEtF,UAAU,GAAG,IAAI,UAAU,CAAC,WAAW,EAAE,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAEpF,WAAW,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE;QAC9C,KAAK,YAAY;aACd,MAAM,CAAC,QAAQ,CAAC;aAChB,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,sCAAsC,CAAC,CAAC,CAAC;IAChF,CAAC,CAAC,CAAC;IAEH,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;IAC1B,MAAM,UAAU,CAAC,cAAc,EAAE,CAAC;IAElC,mDAAmD;IACnD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,oBAAoB,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC/D,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAErF,GAAG,CAAC,IAAI,CACN,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,EAC1F,kCAAkC,CACnC,CAAC;IAEF,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,YAAY,CAAC,CAAC;IAC1C,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,EAAE;QACxB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,4CAA4C,CAAC,CAAC;QAC/D,QAAQ;aACL,OAAO,EAAE;aACT,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,4CAA4C,CAAC,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IACH,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;IAExB,yDAAyD;IACzD,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAE7C,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACtE,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;IAEzB,6FAA6F;IAC7F,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,SAAS,EAAE,EAAE;QACjC,IAAI,CAAC;YACH,IAAI,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9B,kBAAkB,GAAG,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACjD,CAAC;YACD,MAAM,aAAa,GAAG,aAAa,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI;iBACD,MAAM,CAAC,aAAa,CAAC;iBACrB,IAAI,CAAC,GAAG,EAAE;gBACT,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACnC,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBACxC,MAAM,WAAW,GAAG,aAAa,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACnD,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;gBAClC,OAAO,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC5B,CAAC,CAAC;iBACD,IAAI,CAAC,GAAG,EAAE;gBACT,GAAG,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;YAC5E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iCAAiC,CAAC,CAAC;YACxD,CAAC,CAAC,CAAC;QACP,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iCAAiC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,oBAAoB;IACpB,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,GAAG,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QACrC,IAAI,CAAC;YACH,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC;YAC1B,WAAW,CAAC,IAAI,EAAE,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,6BAA6B,CAAC,CAAC;QACpD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,KAAK,QAAQ,EAAE,CAAC,CAAC;IAE5C,8BAA8B;IAC9B,MAAM,cAAc,CAAC;QACnB,OAAO;QACP,WAAW;QACX,cAAc,EAAE,GAAG,EAAE,CAAC,kBAAkB;QACxC,QAAQ;QACR,SAAS;QACT,UAAU;QACV,WAAW;QACX,YAAY;QACZ,WAAW;QACX,cAAc,EAAE,MAAM,CAAC,QAAQ;KAChC,CAAC,CAAC;AACL,CAAC"}

package/dist/tools/exec.d.ts

@@ -0,0 +1,20 @@
+import type { AgentConfig } from '../config/schema.js';
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+export interface ExecResult {
+    exit_code: number | null;
+    stdout: string;
+    stderr: string;
+    duration_ms: number;
+    timed_out: boolean;
+    truncated?: boolean;
+}
+export type ExecDecision = 'allow' | 'ask' | 'deny';
+export declare function buildExecTool(): Tool;
+/**
+ * Reject commands containing shell metacharacters that could bypass
+ * the prefix-based allow/deny matching (e.g. chaining via ; && || | $()).
+ */
+export declare function containsShellInjection(command: string): boolean;
+export declare function evaluateExecCommand(command: string, agentConfig: AgentConfig): ExecDecision;
+export declare function executeExec(command: string, agentConfig: AgentConfig, cwd?: string, timeoutMs?: number): Promise<ExecResult>;
+//# sourceMappingURL=exec.d.ts.map

package/dist/tools/exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAG/D,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAOpD,wBAAgB,aAAa,IAAI,IAAI,CAcpC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,WAAW,GAAG,YAAY,CAS3F;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,WAAW,EACxB,GAAG,CAAC,EAAE,MAAM,EACZ,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,UAAU,CAAC,CAmErB"}

package/dist/tools/exec.js

@@ -0,0 +1,105 @@
+import { spawn } from 'child_process';
+import { matchesCommand } from '../allowlist/pattern.js';
+const MAX_OUTPUT_BYTES = 10 * 1024 * 1024; // 10MB cap on stdout/stderr
+/** Shell metacharacters that allow command chaining / injection */
+const SHELL_INJECTION_RE = /[;|&`$(){}]/;
+export function buildExecTool() {
+    return {
+        name: 'exec/run',
+        description: 'Run a shell command in a controlled environment',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                command: { type: 'string', description: 'Shell command to run' },
+                cwd: { type: 'string', description: 'Working directory' },
+                timeout_ms: { type: 'number', description: 'Timeout in milliseconds' },
+            },
+            required: ['command'],
+        },
+    };
+}
+/**
+ * Reject commands containing shell metacharacters that could bypass
+ * the prefix-based allow/deny matching (e.g. chaining via ; && || | $()).
+ */
+export function containsShellInjection(command) {
+    return SHELL_INJECTION_RE.test(command);
+}
+export function evaluateExecCommand(command, agentConfig) {
+    // Reject shell injection regardless of allow/deny patterns
+    if (containsShellInjection(command))
+        return 'deny';
+    // Deny takes priority
+    if (agentConfig.exec.deny.some((p) => matchesCommand(p, command)))
+        return 'deny';
+    if (agentConfig.exec.ask.some((p) => matchesCommand(p, command)))
+        return 'ask';
+    if (agentConfig.exec.allow.some((p) => matchesCommand(p, command)))
+        return 'allow';
+    return 'deny'; // fail-closed
+}
+export async function executeExec(command, agentConfig, cwd, timeoutMs) {
+    const timeout = timeoutMs ?? agentConfig.exec.default_timeout_ms;
+    const start = Date.now();
+    return new Promise((resolve, reject) => {
+        const child = spawn('/bin/sh', ['-c', command], {
+            cwd,
+            env: agentConfig.exec.env,
+            stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        let stdout = '';
+        let stderr = '';
+        let timedOut = false;
+        let stdoutBytes = 0;
+        let stderrBytes = 0;
+        let truncated = false;
+        child.stdout.on('data', (chunk) => {
+            if (stdoutBytes < MAX_OUTPUT_BYTES) {
+                const remaining = MAX_OUTPUT_BYTES - stdoutBytes;
+                stdout += chunk.slice(0, remaining).toString();
+            }
+            else {
+                truncated = true;
+            }
+            stdoutBytes += chunk.length;
+        });
+        child.stderr.on('data', (chunk) => {
+            if (stderrBytes < MAX_OUTPUT_BYTES) {
+                const remaining = MAX_OUTPUT_BYTES - stderrBytes;
+                stderr += chunk.slice(0, remaining).toString();
+            }
+            else {
+                truncated = true;
+            }
+            stderrBytes += chunk.length;
+        });
+        const timer = setTimeout(() => {
+            timedOut = true;
+            child.kill('SIGTERM');
+            setTimeout(() => {
+                try {
+                    child.kill('SIGKILL');
+                }
+                catch {
+                    /* kill may fail — best effort */
+                }
+            }, 2000);
+        }, timeout);
+        child.on('close', (code) => {
+            clearTimeout(timer);
+            resolve({
+                exit_code: code,
+                stdout,
+                stderr,
+                duration_ms: Date.now() - start,
+                timed_out: timedOut,
+                truncated,
+            });
+        });
+        child.on('error', (err) => {
+            clearTimeout(timer);
+            reject(err);
+        });
+    });
+}
+//# sourceMappingURL=exec.js.map

package/dist/tools/exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.js","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAGtC,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAazD,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,4BAA4B;AAEvE,mEAAmE;AACnE,MAAM,kBAAkB,GAAG,aAAa,CAAC;AAEzC,MAAM,UAAU,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,iDAAiD;QAC9D,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;gBAChE,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;gBACzD,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yBAAyB,EAAE;aACvE;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAe,EAAE,WAAwB;IAC3E,2DAA2D;IAC3D,IAAI,sBAAsB,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAEnD,sBAAsB;IACtB,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IACjF,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/E,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAAE,OAAO,OAAO,CAAC;IACnF,OAAO,MAAM,CAAC,CAAC,cAAc;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAe,EACf,WAAwB,EACxB,GAAY,EACZ,SAAkB;IAElB,MAAM,OAAO,GAAG,SAAS,IAAI,WAAW,CAAC,IAAI,CAAC,kBAAkB,CAAC;IACjE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE;YAC9C,GAAG;YACH,GAAG,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG;YACzB,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,WAAW,GAAG,CAAC,CAAC;QACpB,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,IAAI,WAAW,GAAG,gBAAgB,EAAE,CAAC;gBACnC,MAAM,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACxC,IAAI,WAAW,GAAG,gBAAgB,EAAE,CAAC;gBACnC,MAAM,SAAS,GAAG,gBAAgB,GAAG,WAAW,CAAC;gBACjD,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,WAAW,IAAI,KAAK,CAAC,MAAM,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtB,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,CAAC;oBACH,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC;oBACP,iCAAiC;gBACnC,CAAC;YACH,CAAC,EAAE,IAAI,CAAC,CAAC;QACX,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,OAAO,CAAC;gBACN,SAAS,EAAE,IAAI;gBACf,MAAM;gBACN,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;gBAC/B,SAAS,EAAE,QAAQ;gBACnB,SAAS;aACV,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/tools/http.d.ts

@@ -0,0 +1,13 @@
+import type { AgentConfig, SecurityConfig } from '../config/schema.js';
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+export interface HttpResult {
+    status: number;
+    headers: Record<string, string>;
+    body: string;
+    truncated?: boolean;
+}
+export declare const HTTP_METHODS: readonly ["get", "post", "put", "patch", "delete", "head"];
+export type HttpMethod = (typeof HTTP_METHODS)[number];
+export declare function buildHttpTools(): Tool[];
+export declare function executeHttp(method: HttpMethod, args: Record<string, unknown>, agentConfig: AgentConfig, securityConfig: SecurityConfig): Promise<HttpResult>;
+//# sourceMappingURL=http.d.ts.map

package/dist/tools/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/tools/http.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACvE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAI/D,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,eAAO,MAAM,YAAY,4DAA6D,CAAC;AACvF,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,YAAY,CAAC,CAAC,MAAM,CAAC,CAAC;AAEvD,wBAAgB,cAAc,IAAI,IAAI,EAAE,CAmBvC;AAED,wBAAsB,WAAW,CAC/B,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,WAAW,EAAE,WAAW,EACxB,cAAc,EAAE,cAAc,GAC7B,OAAO,CAAC,UAAU,CAAC,CA+ErB"}

package/dist/tools/http.js

@@ -0,0 +1,99 @@
+import { isBlockedHost } from '../security/blocked-hosts.js';
+import { isDomainAllowed } from '../security/domain-allowlist.js';
+const MAX_RESPONSE_BYTES = 1_048_576; // 1MB default
+export const HTTP_METHODS = ['get', 'post', 'put', 'patch', 'delete', 'head'];
+export function buildHttpTools() {
+    return HTTP_METHODS.map((method) => ({
+        name: `http/${method}`,
+        description: `HTTP ${method.toUpperCase()} request`,
+        inputSchema: {
+            type: 'object',
+            properties: {
+                url: { type: 'string', description: 'Full URL' },
+                headers: {
+                    type: 'object',
+                    description: 'Request headers',
+                    additionalProperties: { type: 'string' },
+                },
+                body: { type: 'string', description: 'Request body (for POST/PUT/PATCH)' },
+                timeout_ms: { type: 'number', description: 'Timeout in milliseconds (default 30000)' },
+            },
+            required: ['url'],
+        },
+    }));
+}
+export async function executeHttp(method, args, agentConfig, securityConfig) {
+    const url = args['url'];
+    const headers = (args['headers'] ?? {});
+    const body = args['body'];
+    const timeoutMs = args['timeout_ms'] ?? agentConfig.http.timeout_ms;
+    const maxBytes = agentConfig.http.max_response_bytes ?? MAX_RESPONSE_BYTES;
+    let hostname;
+    try {
+        hostname = new URL(url).hostname;
+    }
+    catch {
+        throw new Error(`Invalid URL: ${url}`);
+    }
+    // Security checks
+    if (isBlockedHost(hostname, securityConfig.blocked_hosts, securityConfig.allowed_local)) {
+        throw new Error(`Blocked host: ${hostname}`);
+    }
+    if (!isDomainAllowed(hostname, agentConfig.http.domain_allowlist)) {
+        throw new Error(`Domain not in agent allowlist: ${hostname}`);
+    }
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const response = await fetch(url, {
+            method: method.toUpperCase(),
+            headers,
+            body: ['post', 'put', 'patch'].includes(method) ? body : undefined,
+            signal: controller.signal,
+            redirect: 'manual',
+        });
+        clearTimeout(timer);
+        const responseHeaders = {};
+        response.headers.forEach((value, key) => {
+            responseHeaders[key] = value;
+        });
+        // Stream response with size cap instead of buffering entirely
+        let bodyText = '';
+        let truncated = false;
+        const reader = response.body?.getReader();
+        if (reader) {
+            let bytesRead = 0;
+            const decoder = new TextDecoder();
+            while (true) {
+                const { done, value } = (await reader.read());
+                if (done)
+                    break;
+                bytesRead += value.byteLength;
+                if (bytesRead <= maxBytes) {
+                    bodyText += decoder.decode(value, { stream: true });
+                }
+                else {
+                    // Only include up to the limit
+                    const overshoot = bytesRead - maxBytes;
+                    const usable = value.byteLength - overshoot;
+                    if (usable > 0) {
+                        bodyText += decoder.decode(value.slice(0, usable), { stream: true });
+                    }
+                    truncated = true;
+                    void reader.cancel();
+                    break;
+                }
+            }
+            bodyText += decoder.decode(); // flush
+        }
+        return { status: response.status, headers: responseHeaders, body: bodyText, truncated };
+    }
+    catch (err) {
+        clearTimeout(timer);
+        if (err.name === 'AbortError') {
+            throw new Error(`HTTP request timed out after ${timeoutMs}ms`, { cause: err });
+        }
+        throw err;
+    }
+}
+//# sourceMappingURL=http.js.map

package/dist/tools/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/tools/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAIlE,MAAM,kBAAkB,GAAG,SAAS,CAAC,CAAC,cAAc;AASpD,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAU,CAAC;AAGvF,MAAM,UAAU,cAAc;IAC5B,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnC,IAAI,EAAE,QAAQ,MAAM,EAAE;QACtB,WAAW,EAAE,QAAQ,MAAM,CAAC,WAAW,EAAE,UAAU;QACnD,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE;gBAChD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iBAAiB;oBAC9B,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;iBACzC;gBACD,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mCAAmC,EAAE;gBAC1E,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;aACvF;YACD,QAAQ,EAAE,CAAC,KAAK,CAAC;SAClB;KACF,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAkB,EAClB,IAA6B,EAC7B,WAAwB,EACxB,cAA8B;IAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAW,CAAC;IAClC,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAA2B,CAAC;IAClE,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAuB,CAAC;IAChD,MAAM,SAAS,GAAI,IAAI,CAAC,YAAY,CAAwB,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC;IAC5F,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,kBAAkB,IAAI,kBAAkB,CAAC;IAE3E,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,kBAAkB;IAClB,IAAI,aAAa,CAAC,QAAQ,EAAE,cAAc,CAAC,aAAa,EAAE,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;QACxF,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAE9D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM,CAAC,WAAW,EAAE;YAC5B,OAAO;YACP,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;YAClE,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QAEH,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,MAAM,eAAe,GAA2B,EAAE,CAAC;QACnD,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACtC,eAAe,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,8DAA8D;QAC9D,IAAI,QAAQ,GAAG,EAAE,CAAC;QAClB,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;QAE1C,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,SAAS,GAAG,CAAC,CAAC;YAClB,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;YAClC,OAAO,IAAI,EAAE,CAAC;gBACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAyC,CAAC;gBACtF,IAAI,IAAI;oBAAE,MAAM;gBAChB,SAAS,IAAI,KAAK,CAAC,UAAU,CAAC;gBAC9B,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;oBAC1B,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtD,CAAC;qBAAM,CAAC;oBACN,+BAA+B;oBAC/B,MAAM,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;oBACvC,MAAM,MAAM,GAAG,KAAK,CAAC,UAAU,GAAG,SAAS,CAAC;oBAC5C,IAAI,MAAM,GAAG,CAAC,EAAE,CAAC;wBACf,QAAQ,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;oBACvE,CAAC;oBACD,SAAS,GAAG,IAAI,CAAC;oBACjB,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;oBACrB,MAAM;gBACR,CAAC;YACH,CAAC;YACD,QAAQ,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ;QACxC,CAAC;QAED,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IAC1F,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,YAAY,CAAC,KAAK,CAAC,CAAC;QACpB,IAAK,GAAa,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/transport/agent-server.d.ts

@@ -0,0 +1,26 @@
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import type { Transport } from '@modelcontextprotocol/sdk/shared/transport.js';
+import type { ToolRegistry } from '../registry/registry.js';
+import type { AllowlistEngine } from '../allowlist/engine.js';
+import type { HitlEngine } from '../hitl/engine.js';
+import type { HitlBatcher } from '../hitl/batcher.js';
+import type { HitlProvider } from '../hitl/providers/types.js';
+import type { AuditLogger } from '../audit/logger.js';
+import type { AgentConfig, SecurityConfig } from '../config/schema.js';
+import type { Middleware } from '../middleware/types.js';
+export interface AgentServerDeps {
+    agentId: string;
+    agentConfig: AgentConfig;
+    getAgentConfig?: () => AgentConfig;
+    registry: ToolRegistry;
+    allowlist: AllowlistEngine;
+    hitlEngine: HitlEngine;
+    hitlBatcher: HitlBatcher;
+    hitlProvider: HitlProvider;
+    auditLogger: AuditLogger;
+    securityConfig?: SecurityConfig;
+    chain?: Middleware;
+}
+export declare function createAgentServer(deps: AgentServerDeps): Server;
+export declare function connectAgentServer(server: Server, transport: Transport): Promise<void>;
+//# sourceMappingURL=agent-server.d.ts.map

package/dist/transport/agent-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-server.d.ts","sourceRoot":"","sources":["../../src/transport/agent-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAEnE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,+CAA+C,CAAC;AAC/E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACvE,OAAO,KAAK,EAAE,UAAU,EAAmB,MAAM,wBAAwB,CAAC;AAI1E,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,WAAW,CAAC;IACnC,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,WAAW,CAAC;IACzB,YAAY,EAAE,YAAY,CAAC;IAC3B,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM,CAsD/D;AAED,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAE5F"}

package/dist/transport/agent-server.js

@@ -0,0 +1,54 @@
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { buildMiddlewareChain } from '../middleware/chain-builder.js';
+import { generateId } from '../util/id.js';
+export function createAgentServer(deps) {
+    const { agentId, registry, allowlist, hitlEngine, hitlBatcher, auditLogger } = deps;
+    const getConfig = deps.getAgentConfig ?? (() => deps.agentConfig);
+    const chain = deps.chain ??
+        buildMiddlewareChain(getConfig(), {
+            registry,
+            allowlist,
+            hitlEngine,
+            hitlBatcher,
+            auditLogger,
+            securityConfig: deps.securityConfig ?? { blocked_hosts: [], allowed_local: [] },
+        });
+    const server = new Server({ name: 'airlock', version: '0.1.0' }, { capabilities: { tools: {} } });
+    server.setRequestHandler(ListToolsRequestSchema, () => {
+        const tools = registry.getFiltered(agentId);
+        return { tools };
+    });
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const toolName = request.params.name;
+        const args = request.params.arguments ?? {};
+        const ctx = {
+            callId: generateId(),
+            agentId,
+            agentConfig: getConfig(),
+            toolName,
+            args,
+            meta: {},
+            deps: {
+                registry,
+                allowlist,
+                hitlEngine,
+                hitlBatcher,
+                auditLogger,
+                securityConfig: deps.securityConfig ?? { blocked_hosts: [], allowed_local: [] },
+            },
+            startedAt: Date.now(),
+        };
+        const response = await chain(ctx, () => {
+            throw new Error('Middleware chain did not terminate — missing execute middleware');
+        });
+        return {
+            content: [{ type: 'text', text: response.text }],
+        };
+    });
+    return server;
+}
+export async function connectAgentServer(server, transport) {
+    await server.connect(transport);
+}
+//# sourceMappingURL=agent-server.js.map

package/dist/transport/agent-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-server.js","sourceRoot":"","sources":["../../src/transport/agent-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAC;AAUnG,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAgB3C,MAAM,UAAU,iBAAiB,CAAC,IAAqB;IACrD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;IACpF,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAElE,MAAM,KAAK,GACT,IAAI,CAAC,KAAK;QACV,oBAAoB,CAAC,SAAS,EAAE,EAAE;YAChC,QAAQ;YACR,SAAS;YACT,UAAU;YACV,WAAW;YACX,WAAW;YACX,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;SAChF,CAAC,CAAC;IAEL,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAElG,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpD,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC5C,OAAO,EAAE,KAAK,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC;QACrC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAC;QAE5C,MAAM,GAAG,GAAoB;YAC3B,MAAM,EAAE,UAAU,EAAE;YACpB,OAAO;YACP,WAAW,EAAE,SAAS,EAAE;YACxB,QAAQ;YACR,IAAI;YACJ,IAAI,EAAE,EAAE;YACR,IAAI,EAAE;gBACJ,QAAQ;gBACR,SAAS;gBACT,UAAU;gBACV,WAAW;gBACX,WAAW;gBACX,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE;aAChF;YACD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE;YACrC,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACrF,CAAC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAc,EAAE,SAAoB;IAC3E,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC"}

package/dist/transport/mcp-normalizer.d.ts

@@ -0,0 +1,9 @@
+import type { ToolCall, ToolResult } from '../types.js';
+export declare function callToolRequestToToolCall(name: string, args: Record<string, unknown>, agentId: string): ToolCall;
+export declare function toolResultToCallToolResult(result: ToolResult): {
+    content: Array<{
+        type: 'text';
+        text: string;
+    }>;
+};
+//# sourceMappingURL=mcp-normalizer.d.ts.map

package/dist/transport/mcp-normalizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-normalizer.d.ts","sourceRoot":"","sources":["../../src/transport/mcp-normalizer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAExD,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,MAAM,GACd,QAAQ,CAEV;AAED,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,UAAU,GAAG;IAC9D,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChD,CAOA"}

package/dist/transport/mcp-normalizer.js

@@ -0,0 +1,12 @@
+export function callToolRequestToToolCall(name, args, agentId) {
+    return { tool: name, args, agentId };
+}
+export function toolResultToCallToolResult(result) {
+    if (!result.success) {
+        throw new Error(result.error ?? 'Unknown error');
+    }
+    return {
+        content: [{ type: 'text', text: JSON.stringify(result.data) }],
+    };
+}
+//# sourceMappingURL=mcp-normalizer.js.map

package/dist/transport/mcp-normalizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-normalizer.js","sourceRoot":"","sources":["../../src/transport/mcp-normalizer.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,yBAAyB,CACvC,IAAY,EACZ,IAA6B,EAC7B,OAAe;IAEf,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,MAAkB;IAG3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC;IACnD,CAAC;IACD,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;KAC/D,CAAC;AACJ,CAAC"}

package/dist/transport/sse-server.d.ts

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from 'fastify';
+import type { AgentServerDeps } from './agent-server.js';
+export declare function sseServerPlugin(app: FastifyInstance, opts: {
+    getDeps: (agentId: string) => AgentServerDeps | undefined;
+    secret?: string;
+}): Promise<void>;
+//# sourceMappingURL=sse-server.d.ts.map

package/dist/transport/sse-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse-server.d.ts","sourceRoot":"","sources":["../../src/transport/sse-server.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAE7E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAazD,wBAAsB,eAAe,CACnC,GAAG,EAAE,eAAe,EACpB,IAAI,EAAE;IACJ,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,eAAe,GAAG,SAAS,CAAC;IAC1D,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GACA,OAAO,CAAC,IAAI,CAAC,CA+Ff"}

package/dist/transport/sse-server.js

@@ -0,0 +1,94 @@
+import { timingSafeEqual } from 'crypto';
+import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';
+import { createAgentServer, connectAgentServer } from './agent-server.js';
+import { childLogger } from '../util/logger.js';
+const log = childLogger('sse-server');
+function constantTimeEqual(a, b) {
+    const bufA = Buffer.from(a);
+    const bufB = Buffer.from(b);
+    if (bufA.length !== bufB.length)
+        return false;
+    return timingSafeEqual(bufA, bufB);
+}
+// eslint-disable-next-line @typescript-eslint/require-await
+export async function sseServerPlugin(app, opts) {
+    const { secret } = opts;
+    const sessions = new Map();
+    function checkAgentAuth(request, reply, deps) {
+        const token = deps.agentConfig.token;
+        if (token) {
+            const auth = request.headers.authorization ?? '';
+            if (!constantTimeEqual(auth, `Bearer ${token}`)) {
+                reply.status(401).send({ error: 'Unauthorized' });
+                return false;
+            }
+            return true;
+        }
+        // No per-agent token — fall back to global api_secret
+        if (secret) {
+            const auth = request.headers.authorization ?? '';
+            if (!constantTimeEqual(auth, `Bearer ${secret}`)) {
+                reply.status(401).send({ error: 'Unauthorized' });
+                return false;
+            }
+        }
+        return true;
+    }
+    // Auth for non-agent endpoints (management API)
+    app.addHook('preHandler', async (request, reply) => {
+        const url = request.url;
+        // Agent endpoints handle their own auth
+        if (url.startsWith('/agents/'))
+            return;
+        if (!secret)
+            return;
+        const auth = request.headers.authorization ?? '';
+        if (!constantTimeEqual(auth, `Bearer ${secret}`)) {
+            return reply.status(401).send({ error: 'Unauthorized' });
+        }
+    });
+    app.get('/agents/:profileId/sse', async (request, reply) => {
+        const { profileId } = request.params;
+        const deps = opts.getDeps(profileId);
+        if (!deps) {
+            return reply.status(404).send({ error: `Unknown agent profile: ${profileId}` });
+        }
+        if (!checkAgentAuth(request, reply, deps))
+            return;
+        log.info({ profileId }, 'New SSE connection');
+        const transport = new SSEServerTransport('/agents/' + profileId + '/messages', reply.raw);
+        sessions.set(transport.sessionId, { transport, profileId });
+        transport.onclose = () => {
+            sessions.delete(transport.sessionId);
+            log.info({ profileId, sessionId: transport.sessionId }, 'SSE session closed');
+        };
+        const server = createAgentServer(deps);
+        await connectAgentServer(server, transport);
+        // Clean up when client disconnects
+        request.raw.on('close', () => {
+            sessions.delete(transport.sessionId);
+            transport.close().catch(() => { });
+        });
+    });
+    app.post('/agents/:profileId/messages', async (request, reply) => {
+        const { profileId } = request.params;
+        const { sessionId } = request.query;
+        if (!sessionId) {
+            return reply.status(400).send({ error: 'sessionId query param required' });
+        }
+        const session = sessions.get(sessionId);
+        if (!session) {
+            return reply.status(404).send({ error: `Session not found: ${sessionId}` });
+        }
+        // Verify the session belongs to the profile in the URL
+        if (session.profileId !== profileId) {
+            return reply.status(403).send({ error: 'Session does not belong to this agent' });
+        }
+        // Check auth on message posts too
+        const deps = opts.getDeps(profileId);
+        if (!deps || !checkAgentAuth(request, reply, deps))
+            return;
+        await session.transport.handlePostMessage(request.raw, reply.raw);
+    });
+}
+//# sourceMappingURL=sse-server.js.map