auramaxx 1.0.0-alpha.4

package/server/mcp/server.ts

@@ -0,0 +1,619 @@
+#!/usr/bin/env node
+/**
+ * AuraWallet MCP Server
+ * =====================
+ * Standalone MCP stdio server that gives any AI agent access to the wallet API.
+ *
+ * Auth bootstrap (in order):
+ *   1. Unix socket auto-approve (ephemeral RSA keypair, encrypted token, zero config)
+ *   2. AURA_TOKEN env var (CI/CD fallback)
+ *
+ * Usage:
+ *   npx tsx server/mcp/server.ts
+ *   AURA_TOKEN=<token> npx tsx server/mcp/server.ts
+ */
+
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+import { readFileSync } from 'fs';
+import { join } from 'path';
+import * as net from 'net';
+import {
+  constants,
+  createDecipheriv,
+  generateKeyPairSync,
+  privateDecrypt,
+} from 'crypto';
+import { TOOLS, executeTool, jsonSchemaToZod } from './tools.js';
+import { buildScopedReadTokenIssueRequest, buildScopedWriteTokenIssueRequest } from '../lib/credential-transport';
+import { resolveMcpIssuanceProfile } from './profile-policy';
+import { evaluateProjectScopeAccess, emitProjectScopeEvent } from '../lib/project-scope';
+
+let token: string | undefined = process.env.AURA_TOKEN;
+
+const WALLET_BASE = () => process.env.WALLET_SERVER_URL || 'http://127.0.0.1:4242';
+
+// ── Socket Bootstrap ───────────────────────────────────────────────────
+
+interface HybridEnvelope {
+  v: number;
+  alg: string;
+  key: string;
+  iv: string;
+  tag: string;
+  data: string;
+}
+
+/**
+ * Decrypt an encrypted blob (token or credential) using our private key.
+ * Supports both direct RSA-OAEP and hybrid RSA-OAEP/AES-256-GCM envelopes.
+ */
+function decryptWithPrivateKey(encryptedBase64: string, privateKeyPem: string): string {
+  const decoded = Buffer.from(encryptedBase64, 'base64');
+  let envelope: HybridEnvelope;
+  try {
+    envelope = JSON.parse(decoded.toString('utf8')) as HybridEnvelope;
+  } catch {
+    // Direct RSA-OAEP ciphertext (small payloads)
+    return privateDecrypt(
+      { key: privateKeyPem, padding: constants.RSA_PKCS1_OAEP_PADDING, oaepHash: 'sha256' },
+      decoded,
+    ).toString('utf8');
+  }
+
+  if (envelope.v !== 1 || envelope.alg !== 'RSA-OAEP/AES-256-GCM') {
+    throw new Error(`Unexpected envelope: v=${envelope.v} alg=${envelope.alg}`);
+  }
+
+  const sessionKey = privateDecrypt(
+    { key: privateKeyPem, padding: constants.RSA_PKCS1_OAEP_PADDING, oaepHash: 'sha256' },
+    Buffer.from(envelope.key, 'base64'),
+  );
+  const decipher = createDecipheriv('aes-256-gcm', sessionKey, Buffer.from(envelope.iv, 'base64'));
+  decipher.setAuthTag(Buffer.from(envelope.tag, 'base64'));
+  return Buffer.concat([
+    decipher.update(Buffer.from(envelope.data, 'base64')),
+    decipher.final(),
+  ]).toString('utf8');
+}
+
+// Ephemeral keypair for this session (used for bootstrap + credential reads)
+const { publicKey: ephemeralPubPem, privateKey: ephemeralPrivPem } = generateKeyPairSync('rsa', {
+  modulusLength: 2048,
+  publicKeyEncoding: { type: 'spki', format: 'pem' },
+  privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
+});
+const ephemeralPubBase64 = Buffer.from(ephemeralPubPem, 'utf8').toString('base64');
+
+/** Token TTL from bootstrap (seconds). Used for refresh scheduling. */
+let tokenTtl = 3600;
+let refreshTimer: ReturnType<typeof setTimeout> | null = null;
+
+/**
+ * Bootstrap auth via Unix socket auto-approve.
+ * Returns true if successful.
+ */
+function bootstrapViaSocket(): Promise<boolean> {
+  return new Promise((resolve) => {
+    const uid = process.getuid?.() ?? 'unknown';
+    const socketPath = `/tmp/aura-cli-${uid}.sock`;
+
+    const socket = net.createConnection(socketPath);
+    let buffer = '';
+    let resolved = false;
+
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        socket.destroy();
+        resolve(false);
+      }
+    }, 5000);
+
+    socket.on('connect', () => {
+      socket.write(JSON.stringify({
+        type: 'auth',
+        agentId: 'mcp-stdio',
+        autoApprove: true,
+        pubkey: ephemeralPubPem,
+      }) + '\n');
+    });
+
+    socket.on('data', (data) => {
+      buffer += data.toString();
+      let newlineIndex;
+      while ((newlineIndex = buffer.indexOf('\n')) !== -1) {
+        const line = buffer.substring(0, newlineIndex);
+        buffer = buffer.substring(newlineIndex + 1);
+
+        if (!line.trim()) continue;
+        try {
+          const msg = JSON.parse(line.trim()) as {
+            type: string;
+            encryptedToken?: string;
+            ttl?: number;
+            message?: string;
+          };
+
+          if (msg.type === 'auth_approved' && msg.encryptedToken) {
+            token = decryptWithPrivateKey(msg.encryptedToken, ephemeralPrivPem);
+            tokenTtl = msg.ttl || 3600;
+            if (!resolved) {
+              resolved = true;
+              clearTimeout(timeout);
+              socket.destroy();
+              console.error('[mcp] Bootstrapped via Unix socket (auto-approve)');
+              resolve(true);
+            }
+          } else if (msg.type === 'error') {
+            if (!resolved) {
+              resolved = true;
+              clearTimeout(timeout);
+              socket.destroy();
+              console.error(`[mcp] Socket bootstrap error: ${msg.message}`);
+              resolve(false);
+            }
+          }
+        } catch { /* ignore parse errors */ }
+      }
+    });
+
+    socket.on('error', (err) => {
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        console.error(`[mcp] Socket bootstrap connection error: ${err.message} (code=${(err as NodeJS.ErrnoException).code})`);
+        resolve(false);
+      }
+    });
+  });
+}
+
+/**
+ * Schedule a token refresh before expiry.
+ */
+function scheduleRefresh(): void {
+  if (refreshTimer) clearTimeout(refreshTimer);
+  // Refresh 60s before expiry, minimum 10s
+  const refreshMs = Math.max((tokenTtl - 60) * 1000, 10_000);
+  refreshTimer = setTimeout(() => attemptRefresh(0), refreshMs);
+}
+
+/** Retry token refresh with exponential backoff (30s, 60s, 120s, 240s, cap 300s). */
+async function attemptRefresh(attempt: number): Promise<void> {
+  console.error(`[mcp] Refreshing token (attempt ${attempt + 1})...`);
+  const ok = await bootstrapViaSocket();
+  if (ok) {
+    scheduleRefresh();
+  } else {
+    const backoffMs = Math.min(30_000 * Math.pow(2, attempt), 300_000); // cap at 5 min
+    console.error(`[mcp] Token refresh failed — retrying in ${backoffMs / 1000}s`);
+    refreshTimer = setTimeout(() => attemptRefresh(attempt + 1), backoffMs);
+  }
+}
+
+// ── MCP Server Setup ───────────────────────────────────────────────────
+
+const server = new McpServer({
+  name: 'aurawallet',
+  version: '1.0.0',
+});
+
+// ── Resources ──────────────────────────────────────────────────────────
+
+function loadApiDocs(): string {
+  try { return readFileSync(join(__dirname, '..', '..', 'docs', 'API.md'), 'utf-8'); }
+  catch { return 'API documentation not found.'; }
+}
+
+function loadAuthDocs(): string {
+  try { return readFileSync(join(__dirname, '..', '..', 'docs', 'AUTH.md'), 'utf-8'); }
+  catch { return 'Auth documentation not found.'; }
+}
+
+function loadAgentGuide(): string {
+  try { return readFileSync(join(__dirname, '..', '..', 'skills', 'aurawallet', 'SKILL.md'), 'utf-8'); }
+  catch { return 'Agent guide not found.'; }
+}
+
+function loadSetupSkillGuide(): string {
+  try { return readFileSync(join(__dirname, '..', '..', 'skills', 'aurawallet-setup', 'SKILL.md'), 'utf-8'); }
+  catch { return 'Setup skill guide not found.'; }
+}
+
+server.resource(
+  'api-reference', 'docs://api',
+  { description: 'Full AuraWallet HTTP API reference — all endpoints, parameters, and examples' },
+  async () => ({ contents: [{ uri: 'docs://api', text: loadApiDocs(), mimeType: 'text/markdown' }] }),
+);
+
+server.resource(
+  'auth-reference', 'docs://auth',
+  { description: 'Authentication, permissions, and spending limits reference' },
+  async () => ({ contents: [{ uri: 'docs://auth', text: loadAuthDocs(), mimeType: 'text/markdown' }] }),
+);
+
+server.resource(
+  'agent-guide', 'docs://guide',
+  { description: 'Agent skill reference — setup, operations, hook modes, permissions, error recovery' },
+  async () => ({ contents: [{ uri: 'docs://guide', text: loadAgentGuide(), mimeType: 'text/markdown' }] }),
+);
+
+server.resource(
+  'setup-skill-guide', 'docs://setup-guide',
+  { description: 'Setup-focused MCP skill guide — install, onboarding flow, and validation checklist' },
+  async () => ({ contents: [{ uri: 'docs://setup-guide', text: loadSetupSkillGuide(), mimeType: 'text/markdown' }] }),
+);
+
+// ── Credential helpers ─────────────────────────────────────────────────
+
+/**
+ * Decrypt a credential payload encrypted to our ephemeral RSA key.
+ */
+async function fetchVaultNameMap(): Promise<Map<string, string>> {
+  const res = await fetch(`${WALLET_BASE()}/setup/vaults`, {
+    signal: AbortSignal.timeout(5000),
+  });
+  if (!res.ok) return new Map();
+  const data = await res.json() as { vaults?: Array<{ id: string; name: string }> };
+  return new Map((data.vaults || []).map((v) => [v.id, v.name]));
+}
+
+function decryptCredentialPayload(encryptedBase64: string): {
+  id: string;
+  vaultId: string;
+  type: string;
+  fields: Array<{ key: string; value: string; type?: string; sensitive?: boolean }>;
+} {
+  const plaintext = decryptWithPrivateKey(encryptedBase64, ephemeralPrivPem);
+  return JSON.parse(plaintext);
+}
+
+/**
+ * Create a scoped token with our ephemeral pubkey for credential reads.
+ */
+async function createCredentialReadToken(): Promise<{ token: string; error?: string }> {
+  if (!token) return { token: '', error: 'No auth token — start AuraWallet server for auto-bootstrap, or set AURA_TOKEN env var' };
+
+  try {
+    const res = await fetch(`${WALLET_BASE()}/actions/token`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${token}`,
+      },
+      body: JSON.stringify(buildScopedReadTokenIssueRequest({
+        agentId: 'mcp-credential-reader',
+        pubkey: ephemeralPubBase64,
+        ...(resolveMcpIssuanceProfile('read') || {}),
+      })),
+      signal: AbortSignal.timeout(5000),
+    });
+
+    if (res.ok) {
+      const data = await res.json() as { encryptedToken?: string };
+      if (!data.encryptedToken) {
+        return { token: '', error: 'No encryptedToken in response' };
+      }
+      return { token: decryptWithPrivateKey(data.encryptedToken, ephemeralPrivPem) };
+    }
+
+    const text = await res.text();
+    return { token: '', error: `Failed to create scoped token (${res.status}): ${text}` };
+  } catch (err) {
+    return { token: '', error: `Token creation failed: ${err}` };
+  }
+}
+
+/**
+ * Create a scoped token with our ephemeral pubkey for credential writes.
+ * Falls back to the base token when scoped minting is not available.
+ */
+async function createCredentialWriteToken(vaultId: string): Promise<{ token: string; error?: string }> {
+  if (!token) return { token: '', error: 'No auth token — start AuraWallet server for auto-bootstrap, or set AURA_TOKEN env var' };
+
+  try {
+    const res = await fetch(`${WALLET_BASE()}/actions/token`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${token}`,
+      },
+      body: JSON.stringify(buildScopedWriteTokenIssueRequest({
+        agentId: 'mcp-credential-writer',
+        vaultId,
+        pubkey: ephemeralPubBase64,
+        ...(resolveMcpIssuanceProfile('write') || {}),
+      })),
+      signal: AbortSignal.timeout(5000),
+    });
+
+    if (res.ok) {
+      const data = await res.json() as { encryptedToken?: string };
+      if (!data.encryptedToken) {
+        return { token: '', error: 'No encryptedToken in response' };
+      }
+      return { token: decryptWithPrivateKey(data.encryptedToken, ephemeralPrivPem) };
+    }
+
+    const text = await res.text();
+    return { token: '', error: `Failed to create scoped write token (${res.status}): ${text}` };
+  } catch (err) {
+    return { token: '', error: `Write token creation failed: ${err}` };
+  }
+}
+
+// ── get_secret rate limiter ─────────────────────────────────────────────
+const GET_SECRET_WINDOW_MS = 60_000; // 1 minute
+const GET_SECRET_MAX = 10; // max 10 requests per window
+const getSecretRequests: number[] = [];
+
+function isGetSecretRateLimited(): boolean {
+  const now = Date.now();
+  // Prune old entries
+  while (getSecretRequests.length > 0 && getSecretRequests[0] <= now - GET_SECRET_WINDOW_MS) {
+    getSecretRequests.shift();
+  }
+  if (getSecretRequests.length >= GET_SECRET_MAX) return true;
+  getSecretRequests.push(now);
+  return false;
+}
+
+// ── get_secret ─────────────────────────────────────────────────────────
+server.tool(
+  'get_secret',
+  'Look up a stored credential/secret by name or tag and return its decrypted value. Searches credential vaults for a matching entry and returns all fields (including sensitive ones like passwords, API keys, etc.).',
+  { name: z.string().describe('Name or tag to search for (e.g. "GitHub", "openai", "deploy")') },
+  async (input) => {
+    const { name } = input as { name: string };
+
+    if (isGetSecretRateLimited()) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'Rate limited — too many get_secret requests. Try again in 1 minute.' }) }] };
+    }
+    if (!token) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'No auth token — start AuraWallet server for auto-bootstrap, or set AURA_TOKEN env var' }) }] };
+    }
+
+    const base = WALLET_BASE();
+
+    // Step 1: Search for credential by name/tag
+    let credentialId: string | null = null;
+    let credentialName = '';
+    try {
+      const vaultNames = await fetchVaultNameMap();
+      for (const queryParam of [`q=${encodeURIComponent(name)}`, `tag=${encodeURIComponent(name)}`]) {
+        const res = await fetch(`${base}/credentials?${queryParam}`, {
+          headers: { 'Authorization': `Bearer ${token}` },
+          signal: AbortSignal.timeout(5000),
+        });
+        if (!res.ok) continue;
+
+        const data = await res.json() as { credentials: Array<{ id: string; name: string; vaultId: string }> };
+        if (!data.credentials || data.credentials.length === 0) continue;
+
+        const decision = evaluateProjectScopeAccess({
+          surface: 'mcp_get_secret',
+          requested: { vaultName: null, credentialName: name },
+          candidates: data.credentials.map((c) => ({
+            id: c.id,
+            name: c.name,
+            vaultName: vaultNames.get(c.vaultId) || null,
+          })),
+          actor: 'mcp-stdio',
+        });
+
+        emitProjectScopeEvent({
+          actor: 'mcp-stdio',
+          surface: 'mcp_get_secret',
+          requestedCredential: { vaultName: null, credentialName: name },
+          decision,
+        });
+
+        if (!decision.allowed) {
+          return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `${decision.code}: ${decision.remediation}` }) }] };
+        }
+
+        const allowedIds = new Set(decision.allowedCandidates.map((c) => c.id).filter(Boolean));
+        const scopedCandidates = data.credentials.filter((c) => allowedIds.has(c.id));
+        if (scopedCandidates.length === 0) continue;
+
+        credentialId = scopedCandidates[0].id;
+        credentialName = scopedCandidates[0].name;
+        break;
+      }
+    } catch (err) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Search failed: ${err}` }) }] };
+    }
+
+    if (!credentialId) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `No credential found matching "${name}"` }) }] };
+    }
+
+    // Step 2: Get a scoped token with our ephemeral pubkey
+    const { token: readToken, error: tokenError } = await createCredentialReadToken();
+    if (!readToken) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: tokenError }) }] };
+    }
+
+    // Step 3: Read credential (encrypted to our ephemeral key)
+    try {
+      const res = await fetch(`${base}/credentials/${credentialId}/read`, {
+        method: 'POST',
+        headers: { 'Authorization': `Bearer ${readToken}` },
+        signal: AbortSignal.timeout(5000),
+      });
+
+      if (!res.ok) {
+        const text = await res.text();
+        return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Read failed (${res.status}): ${text}` }) }] };
+      }
+
+      const data = await res.json() as { encrypted: string };
+      const decrypted = decryptCredentialPayload(data.encrypted);
+
+      // If credential has a TOTP field, generate current code
+      const totpField = decrypted.fields?.find((f: { key: string }) => f.key === 'totp' || f.key === 'otp');
+      let totpCode: string | undefined;
+      let totpRemaining: number | undefined;
+      if (totpField) {
+        try {
+          const totpRes = await fetch(`${base}/credentials/${credentialId}/totp`, {
+            method: 'POST',
+            headers: { 'Authorization': `Bearer ${token}` },
+            signal: AbortSignal.timeout(5000),
+          });
+          if (totpRes.ok) {
+            const totpData = await totpRes.json() as { code: string; remaining: number };
+            totpCode = totpData.code;
+            totpRemaining = totpData.remaining;
+          }
+        } catch {
+          // TOTP generation failed — skip, still return credential
+        }
+      }
+
+      return {
+        content: [{
+          type: 'text' as const,
+          text: JSON.stringify({
+            success: true,
+            name: credentialName,
+            credentialId: decrypted.id,
+            type: decrypted.type,
+            fields: decrypted.fields,
+            ...(totpCode && { totpCode, totpRemaining }),
+          }),
+        }],
+      };
+    } catch (err) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Decryption failed: ${err}` }) }] };
+    }
+  },
+);
+
+// ── put_secret ─────────────────────────────────────────────────────────
+server.tool(
+  'put_secret',
+  'Store a new credential/secret with the given name and value. Creates a "note" type credential in the default vault with a single sensitive field.',
+  {
+    name: z.string().describe('Name for the credential (e.g. "OpenAI API Key", "GitHub Token")'),
+    value: z.string().describe('The secret value to store'),
+    vault: z.string().optional().describe('Vault ID to store in (defaults to "agent", falls back to "primary")'),
+    tags: z.array(z.string()).optional().describe('Optional tags for organization'),
+  },
+  async (input) => {
+    const { name, value, vault, tags } = input as { name: string; value: string; vault?: string; tags?: string[] };
+
+    if (!token) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: 'No auth token — start AuraWallet server for auto-bootstrap, or set AURA_TOKEN env var' }) }] };
+    }
+
+    const base = WALLET_BASE();
+    let vaultId = vault || 'agent';
+    if (!vault) {
+      try {
+        const { listVaults } = await import('../lib/cold');
+        const vaults = listVaults();
+        const agentVault = vaults.find(v => v.name === 'agent');
+        vaultId = agentVault ? agentVault.id : 'primary';
+      } catch {
+        vaultId = 'primary';
+      }
+    }
+
+    try {
+      const { token: scopedWriteToken } = await createCredentialWriteToken(vaultId);
+      const writeToken = scopedWriteToken || token;
+
+      const res = await fetch(`${base}/credentials`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${writeToken}` },
+        body: JSON.stringify({
+          vaultId,
+          type: 'note',
+          name,
+          meta: tags ? { tags } : {},
+          fields: [{ key: 'value', value, type: 'secret', sensitive: true }],
+        }),
+        signal: AbortSignal.timeout(5000),
+      });
+
+      const text = await res.text();
+      if (!res.ok) {
+        return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Store failed (${res.status}): ${text}` }) }] };
+      }
+
+      const data = JSON.parse(text) as { credential: { id: string; name: string } };
+      return {
+        content: [{
+          type: 'text' as const,
+          text: JSON.stringify({
+            success: true,
+            credentialId: data.credential.id,
+            name: data.credential.name,
+            message: `Secret "${name}" stored successfully`,
+          }),
+        }],
+      };
+    } catch (err) {
+      return { content: [{ type: 'text' as const, text: JSON.stringify({ error: `Store failed: ${err}` }) }] };
+    }
+  },
+);
+
+// ── Register shared tools ──────────────────────────────────────────────
+
+for (const tool of TOOLS) {
+  const shape = jsonSchemaToZod(tool.parameters.properties, tool.parameters.required || []);
+
+  server.tool(
+    tool.name,
+    tool.description,
+    shape,
+    async (input) => {
+      const result = await executeTool(tool.name, input as Record<string, unknown>, token);
+
+      // Auto-activate session token when vault is created via MCP
+      if (tool.name === 'create_vault') {
+        try {
+          const parsed = JSON.parse(result);
+          if (parsed.token) {
+            token = parsed.token;
+          }
+        } catch { /* skip */ }
+      }
+
+      return { content: [{ type: 'text' as const, text: result }] };
+    },
+  );
+}
+
+// ── Main ───────────────────────────────────────────────────────────────
+
+async function main() {
+  // Bootstrap auth: try socket first, then env var
+  if (!token) {
+    const ok = await bootstrapViaSocket();
+    if (ok) {
+      scheduleRefresh();
+      console.error('[mcp] Auth: socket bootstrap');
+    } else if (process.env.AURA_TOKEN) {
+      token = process.env.AURA_TOKEN;
+      console.error('[mcp] Auth: AURA_TOKEN env var');
+    } else {
+      console.error('[mcp] Auth: none (tools will return auth errors until server is running)');
+    }
+  } else {
+    // Have AURA_TOKEN from env — still try socket for encrypted upgrade
+    console.error('[mcp] Auth: AURA_TOKEN env var (pre-configured)');
+  }
+
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+
+main().catch((err) => {
+  console.error('MCP server error:', err);
+  process.exit(1);
+});