kojee-mcp 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Kojee AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,76 @@
+# kojee-mcp
+
+kojee-mcp is a local MCP proxy that lets any MCP-capable agent use Kojee-managed tools seamlessly. It handles DPoP authentication, key enrollment, nonce rotation, step-up re-auth, and governance flows internally -- the agent just sees tools and calls them.
+
+## Quick Start
+
+1. **Get a gateway token** from the [Kojee dashboard](https://kojee.ai).
+2. **Add to your MCP config** (see examples below).
+3. **Tools appear automatically** -- the proxy discovers and exposes all tools your token has access to.
+
+## MCP Config Examples
+
+### Claude Code / Claude Desktop
+
+```json
+{
+  "mcpServers": {
+    "kojee": {
+      "command": "npx",
+      "args": ["kojee-mcp", "--token", "YOUR_TOKEN", "--url", "https://kojee.ai"]
+    }
+  }
+}
+```
+
+### Generic MCP Client
+
+Any MCP client that supports stdio transports can use kojee-mcp. Point it at the CLI binary:
+
+```bash
+npx kojee-mcp --token gw_abc123... --url https://kojee.ai
+```
+
+Or install globally:
+
+```bash
+npm install -g kojee-mcp
+kojee-mcp --token gw_abc123... --url https://kojee.ai
+```
+
+## CLI Flags
+
+| Flag | Required | Default | Description |
+|------|----------|---------|-------------|
+| `--token` | yes | -- | Your Kojee gateway token (starts with `gw_`) |
+| `--url` | yes | -- | Kojee broker URL (e.g. `https://kojee.ai`) |
+| `--keystore-path` | no | `~/.kojee/keypair.json` | Path for DPoP keypair storage |
+
+## How Approvals Work
+
+Some tools are governed by approval policies configured in the Kojee dashboard. When an agent calls a governed tool:
+
+1. The proxy submits the call to the Kojee broker.
+2. If the policy requires approval, the broker returns a `pending_approval` status.
+3. The proxy translates this into a clear MCP response telling the agent that the action is awaiting human approval.
+4. Once approved (via dashboard, Slack, or other configured channel), the agent can retry the call and it will succeed.
+
+Step-up re-authentication and nonce rotation are handled transparently -- the agent never needs to deal with auth mechanics.
+
+## Troubleshooting
+
+**"Gateway token does not start with gw_"**
+You may be using an API key instead of a gateway token. Generate a gateway token from the Kojee dashboard under Settings > Gateway Tokens.
+
+**"Fatal error: Failed to enroll keypair"**
+The proxy cannot reach the broker URL. Check that `--url` is correct and your network allows outbound HTTPS.
+
+**No tools appear**
+Your gateway token may not have any connectors assigned. Check the Kojee dashboard to ensure at least one connector is linked to the token.
+
+**Keypair permission errors**
+The proxy stores its DPoP keypair at `~/.kojee/keypair.json` by default. Ensure the directory is writable, or use `--keystore-path` to specify an alternative location.
+
+## License
+
+MIT

package/dist/chunk-UDF4BJS5.js

@@ -0,0 +1,729 @@
+// src/index.ts
+import path2 from "path";
+
+// src/auth/auth-module.ts
+import { calculateJwkThumbprint } from "jose";
+import crypto from "crypto";
+
+// src/auth/keystore.ts
+import { importJWK, exportJWK, generateKeyPair } from "jose";
+import fs from "fs";
+import path from "path";
+var DEFAULT_PATH = path.join(
+  process.env["HOME"] ?? "~",
+  ".kojee",
+  "keypair.json"
+);
+async function loadKeystore(keystorePath = DEFAULT_PATH, expectedBrokerUrl) {
+  if (!fs.existsSync(keystorePath)) {
+    return null;
+  }
+  const raw = fs.readFileSync(keystorePath, "utf-8");
+  const data = JSON.parse(raw);
+  if (expectedBrokerUrl && data.broker_url !== expectedBrokerUrl) {
+    return null;
+  }
+  const privateKey = await importJWK(data.private_key_jwk, "ES256");
+  return {
+    privateKey,
+    publicJwk: data.public_jwk,
+    kid: data.kid,
+    data
+  };
+}
+async function saveKeystore(privateKey, publicJwk, kid, brokerUrl, keystorePath = DEFAULT_PATH) {
+  const dir = path.dirname(keystorePath);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  }
+  const privateJwk = await exportJWK(privateKey);
+  const data = {
+    private_key_jwk: privateJwk,
+    kid,
+    broker_url: brokerUrl,
+    public_jwk: publicJwk,
+    enrolled_at: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  fs.writeFileSync(keystorePath, JSON.stringify(data, null, 2), {
+    mode: 384
+  });
+}
+async function generateES256KeyPair() {
+  const { privateKey, publicKey } = await generateKeyPair("ES256");
+  const publicJwk = await exportJWK(publicKey);
+  publicJwk.kty = "EC";
+  publicJwk.crv = "P-256";
+  return { privateKey, publicJwk };
+}
+
+// src/auth/registration.ts
+async function registerKey(brokerUrl, token, publicJwk) {
+  const url = `${brokerUrl}/api/v1/bots/keys/register/`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${token}`
+    },
+    body: JSON.stringify({ public_jwk: publicJwk })
+  });
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(
+      `Key registration failed (${response.status}): ${body}`
+    );
+  }
+  return await response.json();
+}
+async function confirmKey(brokerUrl, token, botKeyId, challenge, signature) {
+  const url = `${brokerUrl}/api/v1/bots/keys/confirm/`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${token}`
+    },
+    body: JSON.stringify({
+      bot_key_id: botKeyId,
+      challenge,
+      signature
+    })
+  });
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(
+      `Key confirmation failed (${response.status}): ${body}`
+    );
+  }
+  return await response.json();
+}
+
+// src/auth/auth-module.ts
+async function signChallengeRaw(privateKey, data) {
+  const signer = crypto.createSign("SHA256");
+  signer.update(data);
+  signer.end();
+  const derSignature = signer.sign(
+    privateKey
+  );
+  return derSignature.toString("base64url");
+}
+var AuthModule = class {
+  constructor(token, brokerUrl, keystorePath) {
+    this.token = token;
+    this.brokerUrl = brokerUrl;
+    this.keystorePath = keystorePath;
+  }
+  token;
+  brokerUrl;
+  keystorePath;
+  privateKey = null;
+  publicJwk = null;
+  kid = null;
+  /**
+   * Ensure we have an enrolled keypair. Either loads from disk or
+   * performs the full enrollment flow.
+   */
+  async ensureEnrolled() {
+    const existing = await loadKeystore(this.keystorePath, this.brokerUrl);
+    if (existing) {
+      this.privateKey = existing.privateKey;
+      this.publicJwk = existing.publicJwk;
+      this.kid = existing.kid;
+      console.error("[auth] Loaded existing keypair from keystore");
+      return {
+        privateKey: existing.privateKey,
+        publicJwk: existing.publicJwk,
+        kid: existing.kid
+      };
+    }
+    console.error("[auth] No valid keystore found, enrolling new keypair...");
+    const { privateKey, publicJwk } = await generateES256KeyPair();
+    const regResult = await registerKey(this.brokerUrl, this.token, publicJwk);
+    console.error(`[auth] Key registered: ${regResult.bot_key_id}`);
+    const thumbprint = await calculateJwkThumbprint(publicJwk, "sha256");
+    const challengeData = `${regResult.challenge}.${thumbprint}`;
+    const signature = await signChallengeRaw(privateKey, challengeData);
+    const confirmResult = await confirmKey(
+      this.brokerUrl,
+      this.token,
+      regResult.bot_key_id,
+      regResult.challenge,
+      signature
+    );
+    if (!confirmResult.key_confirmed) {
+      throw new Error("Key enrollment failed: confirmation was rejected");
+    }
+    console.error("[auth] Key enrollment confirmed");
+    await saveKeystore(
+      privateKey,
+      publicJwk,
+      regResult.bot_key_id,
+      this.brokerUrl,
+      this.keystorePath
+    );
+    this.privateKey = privateKey;
+    this.publicJwk = publicJwk;
+    this.kid = regResult.bot_key_id;
+    return {
+      privateKey,
+      publicJwk,
+      kid: regResult.bot_key_id
+    };
+  }
+  getPrivateKey() {
+    if (!this.privateKey) throw new Error("Not enrolled yet");
+    return this.privateKey;
+  }
+  getPublicJwk() {
+    if (!this.publicJwk) throw new Error("Not enrolled yet");
+    return this.publicJwk;
+  }
+  getKid() {
+    if (!this.kid) throw new Error("Not enrolled yet");
+    return this.kid;
+  }
+};
+
+// src/gateway-client.ts
+import crypto3 from "crypto";
+
+// src/auth/dpop.ts
+import { SignJWT, base64url } from "jose";
+import crypto2 from "crypto";
+async function createDPoPProof(privateKey, kid, method, url, nonce, accessToken) {
+  const payload = {
+    htm: method,
+    htu: url,
+    jti: crypto2.randomUUID()
+  };
+  if (nonce) {
+    payload.nonce = nonce;
+  }
+  if (accessToken) {
+    payload.ath = computeAth(accessToken);
+  }
+  const header = {
+    typ: "dpop+jwt",
+    alg: "ES256",
+    jwk: { kid }
+  };
+  return new SignJWT(payload).setProtectedHeader(header).setIssuedAt().sign(privateKey);
+}
+function computeAth(accessToken) {
+  const hash = crypto2.createHash("sha256").update(accessToken).digest();
+  return base64url.encode(hash);
+}
+
+// src/error-translator.ts
+function translateGovernanceResult(result) {
+  const governance = result._meta?.governance;
+  if (!governance) return result;
+  if (governance.decision === "deny") {
+    return formatDenied(governance);
+  }
+  if (governance.decision === "require_approval") {
+    return formatApprovalRequired(governance);
+  }
+  return result;
+}
+function formatApprovalRequired(governance) {
+  const rules = formatRules(governance.triggered_guardrails);
+  const text = `APPROVAL REQUIRED: This action needs user approval before executing. Approval ID: ${governance.approval_id}. Expires: ${governance.expires_at ?? "unknown"}. Triggered rules: ${rules}. The user has been notified. Call kojee_check_approval with this approval_id to check the status.`;
+  return {
+    content: [{ type: "text", text }],
+    isError: true
+  };
+}
+function formatDenied(governance) {
+  const rules = formatRules(governance.triggered_guardrails);
+  const text = `DENIED: This action was blocked by governance policy. Triggered rules: ${rules}. This cannot proceed \u2014 modify your request or ask the user to adjust governance rules.`;
+  return {
+    content: [{ type: "text", text }],
+    isError: true
+  };
+}
+function translateHttpError(status, errorCode, _trigger) {
+  if (status === 401) {
+    if (errorCode === "use_dpop_nonce") {
+      return null;
+    }
+    if (errorCode === "invalid_dpop_proof") {
+      return makeError(
+        "Authentication failed. The proxy will attempt to re-enroll. If this persists, regenerate your gateway token."
+      );
+    }
+    if (errorCode === "key_enrollment_required") {
+      return null;
+    }
+    return makeError(
+      "Gateway token is invalid or expired. Generate a new one."
+    );
+  }
+  if (status === 403 && errorCode === "step_up_required") {
+    return makeError(
+      "Device re-authorization required. The user has been notified but has not yet approved. Try again later."
+    );
+  }
+  if (status === 429) {
+    return makeError(
+      "Rate limit exceeded. Wait before making more requests."
+    );
+  }
+  if (status >= 500) {
+    return makeError(
+      "Kojee gateway encountered an error. Try again."
+    );
+  }
+  return null;
+}
+function translateJsonRpcError(error) {
+  const msg = error.message ?? "";
+  const msgLower = msg.toLowerCase();
+  switch (error.code) {
+    case -32601:
+      return makeError(
+        `Tool not available. It may have been removed or is not connected. Check your connected services in the Kojee dashboard.`
+      );
+    case -32602:
+      return makeError(msg || "Invalid parameters for this tool call.");
+    case -32603: {
+      if (msgLower.includes("multiple accounts connected")) {
+        return makeError(msg);
+      }
+      if (msgLower.includes("not connected")) {
+        return makeError(
+          "The service is not connected. Connect it in the Kojee dashboard."
+        );
+      }
+      if (msgLower.includes("scope") && msgLower.includes("access")) {
+        return makeError(
+          "Token doesn't have access to this tool. Update scopes in the Kojee dashboard."
+        );
+      }
+      if (msgLower.includes("invalid_grant") || msgLower.includes("token refresh failed") || msgLower.includes("re-authorization") || msgLower.includes("reauthorization")) {
+        const serviceMatch = msg.match(
+          /(?:for|connected for)\s+(\w[\w-]*)/i
+        );
+        const service = serviceMatch ? serviceMatch[1] : "service";
+        return makeError(
+          `The ${service} connection needs re-authorization. Ask the user to reconnect it in the Kojee dashboard.`
+        );
+      }
+      return makeError(msg || "An internal error occurred on the gateway.");
+    }
+    case -32600:
+      return makeError(
+        "Unexpected response from gateway. This may be a temporary issue."
+      );
+    case -32e3:
+      return makeError(
+        "Rate limit exceeded. Wait before making more requests."
+      );
+    default:
+      return makeError(msg || "An unknown error occurred.");
+  }
+}
+function translateNetworkError(_error) {
+  return makeError(
+    "Cannot reach Kojee gateway. Check your connection."
+  );
+}
+function translateToolCallResult(result) {
+  if (result._meta?.governance) {
+    return translateGovernanceResult(result);
+  }
+  return result;
+}
+function formatRules(guardrails) {
+  if (!guardrails || guardrails.length === 0) return "unknown";
+  return guardrails.join(", ");
+}
+function makeError(text) {
+  return {
+    content: [{ type: "text", text }],
+    isError: true
+  };
+}
+
+// src/gateway-client.ts
+var STEP_UP_POLL_INTERVAL_MS = 5e3;
+var STEP_UP_MAX_TIMEOUT_MS = 3e5;
+var GatewayClient = class {
+  constructor(brokerUrl, token, privateKey, kid, sessionId) {
+    this.brokerUrl = brokerUrl;
+    this.token = token;
+    this.privateKey = privateKey;
+    this.kid = kid;
+    this.endpoint = `${brokerUrl}/mcp/messages/${sessionId}/`;
+  }
+  brokerUrl;
+  token;
+  privateKey;
+  kid;
+  currentNonce;
+  requestCounter = 0;
+  endpoint;
+  /**
+   * Derive a deterministic session ID from the gateway token.
+   * session_id = sha256(token + "proxy").slice(0, 16)
+   */
+  static deriveSessionId(token) {
+    const hash = crypto3.createHash("sha256").update(token + "proxy").digest("hex");
+    return hash.slice(0, 16);
+  }
+  /**
+   * Send a JSON-RPC 2.0 request to the gateway, handling DPoP auth,
+   * nonce retry, and step-up retry transparently.
+   */
+  async sendRpc(method, params = {}) {
+    const rpcRequest = {
+      jsonrpc: "2.0",
+      id: ++this.requestCounter,
+      method,
+      params
+    };
+    return this.executeWithRetries(rpcRequest);
+  }
+  async executeWithRetries(rpcRequest) {
+    let response;
+    try {
+      response = await this.sendHttpRequest(rpcRequest);
+    } catch (err) {
+      return translateNetworkError(err);
+    }
+    this.trackNonce(response);
+    if (response.status === 401) {
+      const body = await this.tryParseErrorBody(response);
+      if (body?.error === "use_dpop_nonce") {
+        console.error("[gateway] Nonce expired, retrying with fresh nonce...");
+        try {
+          response = await this.sendHttpRequest(rpcRequest);
+        } catch (err) {
+          return translateNetworkError(err);
+        }
+        this.trackNonce(response);
+      } else {
+        const translated = translateHttpError(401, body?.error);
+        if (translated) return translated;
+      }
+    }
+    if (response.status === 403) {
+      const body = await this.tryParseErrorBody(response);
+      if (body?.error === "step_up_required") {
+        return this.handleStepUp(rpcRequest, body.trigger);
+      }
+      const translated = translateHttpError(403, body?.error, body?.trigger);
+      if (translated) return translated;
+    }
+    if (!response.ok) {
+      const body = await this.tryParseErrorBody(response);
+      const translated = translateHttpError(response.status, body?.error);
+      if (translated) return translated;
+      return {
+        content: [{ type: "text", text: `Gateway error: ${response.status}` }],
+        isError: true
+      };
+    }
+    const rpcResponse = await response.json();
+    if (rpcResponse.error) {
+      return translateJsonRpcError(rpcResponse.error);
+    }
+    const result = rpcResponse.result;
+    return result ?? { content: [{ type: "text", text: "No result" }] };
+  }
+  async sendHttpRequest(rpcRequest) {
+    const proof = await createDPoPProof(
+      this.privateKey,
+      this.kid,
+      "POST",
+      this.endpoint,
+      this.currentNonce,
+      this.token
+    );
+    return fetch(this.endpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `DPoP ${this.token}`,
+        DPoP: proof
+      },
+      body: JSON.stringify(rpcRequest)
+    });
+  }
+  /**
+   * Handle step-up retry: poll with backoff until user approves
+   * or timeout is reached.
+   */
+  async handleStepUp(rpcRequest, trigger) {
+    console.error(
+      `[gateway] Device re-authorization required (${trigger ?? "unknown"}). Waiting for user approval...`
+    );
+    const deadline = Date.now() + STEP_UP_MAX_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+      await sleep(STEP_UP_POLL_INTERVAL_MS);
+      let response;
+      try {
+        response = await this.sendHttpRequest(rpcRequest);
+      } catch {
+        continue;
+      }
+      this.trackNonce(response);
+      if (response.status === 403) {
+        const body2 = await this.tryParseErrorBody(response);
+        if (body2?.error === "step_up_required") {
+          console.error("[gateway] Still waiting for step-up approval...");
+          continue;
+        }
+      }
+      if (response.ok) {
+        const rpcResponse = await response.json();
+        if (rpcResponse.error) {
+          return translateJsonRpcError(rpcResponse.error);
+        }
+        const result = rpcResponse.result;
+        return result ?? { content: [{ type: "text", text: "No result" }] };
+      }
+      const body = await this.tryParseErrorBody(response);
+      const translated = translateHttpError(response.status, body?.error);
+      if (translated) return translated;
+    }
+    return {
+      content: [
+        {
+          type: "text",
+          text: "Device re-authorization was not approved within 5 minutes. Try again later."
+        }
+      ],
+      isError: true
+    };
+  }
+  trackNonce(response) {
+    const nonce = response.headers.get("DPoP-Nonce");
+    if (nonce) {
+      this.currentNonce = nonce;
+    }
+  }
+  async tryParseErrorBody(response) {
+    try {
+      return await response.json();
+    } catch {
+      return null;
+    }
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/tool-registry.ts
+var KOJEE_PREFIX = "kojee_";
+var isBuiltinTool = (name) => name.startsWith(KOJEE_PREFIX);
+var ToolRegistry = class {
+  constructor(gateway) {
+    this.gateway = gateway;
+  }
+  gateway;
+  /** Map from agent-facing name (prefixed) to full tool definition */
+  tools = /* @__PURE__ */ new Map();
+  /** Map from agent-facing name to gateway name */
+  nameMap = /* @__PURE__ */ new Map();
+  /**
+   * Discover tools from the gateway:
+   *  1. Call tools/list (lean) — returns names + descriptions for all tools.
+   *  2. Separate built-in kojee_* tools (already prefixed) from connector tools.
+   *  3. Call tools/get_schema for connector tool names to get full inputSchema.
+   *  4. Register everything with the kojee_ prefix mapping.
+   */
+  async discoverTools() {
+    console.error("[tools] Fetching tool list from gateway...");
+    const listResult = await this.gateway.sendRpc("tools/list", {});
+    const toolList = listResult?.tools;
+    if (!toolList || !Array.isArray(toolList)) {
+      console.error("[tools] No tools returned from gateway");
+      return;
+    }
+    console.error(`[tools] Found ${toolList.length} tools`);
+    const builtinTools = [];
+    const connectorToolNames = [];
+    for (const tool of toolList) {
+      if (isBuiltinTool(tool.name)) {
+        builtinTools.push(tool);
+      } else {
+        connectorToolNames.push(tool.name);
+      }
+    }
+    if (builtinTools.length > 0) {
+      const builtinSchemaResult = await this.gateway.sendRpc("tools/get_schema", {
+        names: builtinTools.map((t) => t.name)
+      });
+      const fullBuiltins = builtinSchemaResult?.tools;
+      if (fullBuiltins && Array.isArray(fullBuiltins)) {
+        for (const tool of fullBuiltins) {
+          this.registerTool(tool);
+        }
+      } else {
+        for (const tool of builtinTools) {
+          this.registerTool({
+            name: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema ?? { type: "object", properties: {} }
+          });
+        }
+      }
+    }
+    if (connectorToolNames.length > 0) {
+      console.error(`[tools] Fetching schemas for ${connectorToolNames.length} connector tools...`);
+      const schemaResult = await this.gateway.sendRpc("tools/get_schema", {
+        names: connectorToolNames
+      });
+      const fullTools = schemaResult?.tools;
+      const notFound = schemaResult?.not_found;
+      if (notFound && notFound.length > 0) {
+        console.error(`[tools] Warning: schemas not found for: ${notFound.join(", ")}`);
+      }
+      if (fullTools && Array.isArray(fullTools)) {
+        for (const tool of fullTools) {
+          this.registerTool(tool);
+        }
+      } else {
+        console.error("[tools] Schema fetch failed, using lean definitions");
+        for (const name of connectorToolNames) {
+          const lean = toolList.find((t) => t.name === name);
+          if (lean) {
+            this.registerTool({
+              name: lean.name,
+              description: lean.description,
+              inputSchema: { type: "object", properties: {} }
+            });
+          }
+        }
+      }
+    }
+    console.error(`[tools] Registered ${this.tools.size} tools`);
+  }
+  /**
+   * Register a single tool, applying the kojee_ prefix if needed.
+   */
+  registerTool(tool) {
+    const gatewayName = tool.name;
+    const agentName = gatewayName.startsWith(KOJEE_PREFIX) ? gatewayName : `${KOJEE_PREFIX}${gatewayName}`;
+    this.nameMap.set(agentName, gatewayName);
+    this.tools.set(agentName, {
+      ...tool,
+      name: agentName
+    });
+  }
+  /**
+   * Get all registered tools as MCP tool definitions for the agent.
+   */
+  getTools() {
+    return Array.from(this.tools.values());
+  }
+  /**
+   * Resolve an agent-facing tool name to its gateway name.
+   * Returns null if the tool is not registered.
+   */
+  resolveGatewayName(agentName) {
+    return this.nameMap.get(agentName) ?? null;
+  }
+  /**
+   * Call a tool through the gateway, handling name mapping.
+   */
+  async callTool(agentName, args) {
+    const gatewayName = this.resolveGatewayName(agentName);
+    if (!gatewayName) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Tool '${agentName}' not found. It may have been removed or your token lacks access.`
+          }
+        ],
+        isError: true
+      };
+    }
+    return this.gateway.sendRpc("tools/call", {
+      name: gatewayName,
+      arguments: args
+    });
+  }
+};
+
+// src/server.ts
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  ListToolsRequestSchema,
+  CallToolRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+function createMcpServer(registry) {
+  const server = new Server(
+    {
+      name: "kojee-mcp",
+      version: "0.1.0"
+    },
+    {
+      capabilities: {
+        tools: {}
+      }
+    }
+  );
+  server.setRequestHandler(ListToolsRequestSchema, async () => {
+    const tools = registry.getTools().map((t) => ({
+      name: t.name,
+      description: t.description,
+      inputSchema: t.inputSchema
+    }));
+    return { tools };
+  });
+  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args } = request.params;
+    const rawResult = await registry.callTool(name, args ?? {});
+    const result = translateToolCallResult(rawResult);
+    return {
+      content: result.content,
+      isError: result.isError
+    };
+  });
+  return server;
+}
+async function startMcpServer(server) {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error("[mcp] Server started on stdio transport");
+}
+
+// src/index.ts
+var DEFAULT_KEYSTORE_PATH = path2.join(
+  process.env["HOME"] ?? "~",
+  ".kojee",
+  "keypair.json"
+);
+async function startProxy(config) {
+  const keystorePath = config.keystorePath || DEFAULT_KEYSTORE_PATH;
+  console.error(`[kojee-mcp] Starting proxy for ${config.url}`);
+  const auth = new AuthModule(config.token, config.url, keystorePath);
+  const keyPair = await auth.ensureEnrolled();
+  const sessionId = GatewayClient.deriveSessionId(config.token);
+  console.error(`[kojee-mcp] Session: ${sessionId}`);
+  const gateway = new GatewayClient(
+    config.url,
+    config.token,
+    keyPair.privateKey,
+    keyPair.kid,
+    sessionId
+  );
+  const registry = new ToolRegistry(gateway);
+  await registry.discoverTools();
+  const toolCount = registry.getTools().length;
+  console.error(
+    `[kojee-mcp] Ready \u2014 ${toolCount} tools proxied from ${config.url}`
+  );
+  const server = createMcpServer(registry);
+  await startMcpServer(server);
+}
+
+export {
+  startProxy
+};

package/dist/cli.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/cli.js

@@ -0,0 +1,44 @@
+#!/usr/bin/env node
+import {
+  startProxy
+} from "./chunk-UDF4BJS5.js";
+
+// src/cli.ts
+import { Command } from "commander";
+import path from "path";
+var DEFAULT_KEYSTORE_PATH = path.join(
+  process.env["HOME"] ?? "~",
+  ".kojee",
+  "keypair.json"
+);
+var program = new Command().name("kojee-mcp").description(
+  "Local MCP proxy for Kojee \u2014 handles DPoP auth, tool discovery, and governance transparently"
+).version("0.1.0").requiredOption(
+  "--token <token>",
+  "Gateway token (gw_...)"
+).requiredOption(
+  "--url <url>",
+  "Broker base URL (e.g. https://kojee.ai)"
+).option(
+  "--keystore-path <path>",
+  "Path to persisted keypair file",
+  DEFAULT_KEYSTORE_PATH
+).action(async (opts) => {
+  if (!opts.token.startsWith("gw_")) {
+    console.error(
+      "Warning: Gateway token does not start with 'gw_'. Ensure you are using a valid gateway token."
+    );
+  }
+  const url = opts.url.replace(/\/+$/, "");
+  try {
+    await startProxy({
+      token: opts.token,
+      url,
+      keystorePath: opts.keystorePath
+    });
+  } catch (err) {
+    console.error("[kojee-mcp] Fatal error:", err);
+    process.exit(1);
+  }
+});
+program.parse();

package/dist/index.d.ts

@@ -0,0 +1,19 @@
+interface ProxyConfig {
+    token: string;
+    url: string;
+    keystorePath: string;
+}
+
+/**
+ * Bootstrap and start the Kojee MCP proxy.
+ *
+ * Startup sequence:
+ * 1. Enroll keypair (or load existing)
+ * 2. Derive session ID
+ * 3. Create gateway client
+ * 4. Discover tools from gateway
+ * 5. Start MCP stdio server
+ */
+declare function startProxy(config: ProxyConfig): Promise<void>;
+
+export { type ProxyConfig, startProxy };

package/dist/index.js

@@ -0,0 +1,6 @@
+import {
+  startProxy
+} from "./chunk-UDF4BJS5.js";
+export {
+  startProxy
+};

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "kojee-mcp",
+  "version": "0.1.0",
+  "description": "Local MCP proxy for Kojee — handles DPoP auth, tool discovery, and governance transparently",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": { "kojee-mcp": "dist/cli.js" },
+  "scripts": {
+    "build": "tsup src/cli.ts src/index.ts --format esm --dts --clean",
+    "dev": "tsup src/cli.ts --format esm --watch",
+    "typecheck": "tsc --noEmit"
+  },
+  "files": ["dist"],
+  "keywords": ["mcp", "kojee", "ai-governance", "agent-tools", "dpop"],
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "latest",
+    "jose": "^5.0.0",
+    "commander": "^12.0.0",
+    "zod": "^3.22.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.0",
+    "@types/node": "^20.0.0",
+    "tsup": "^8.0.0",
+    "vitest": "^1.0.0"
+  }
+}