npm - mcp-twin - Versions diffs - 1.2.0 → 1.3.0 - Mend

mcp-twin 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/.env.example +24 -0
package/PRD.md +682 -0
package/dist/cli.js +41 -0
package/dist/cli.js.map +1 -1
package/dist/cloud/auth.d.ts +108 -0
package/dist/cloud/auth.d.ts.map +1 -0
package/dist/cloud/auth.js +199 -0
package/dist/cloud/auth.js.map +1 -0
package/dist/cloud/db.d.ts +21 -0
package/dist/cloud/db.d.ts.map +1 -0
package/dist/cloud/db.js +158 -0
package/dist/cloud/db.js.map +1 -0
package/dist/cloud/routes/auth.d.ts +7 -0
package/dist/cloud/routes/auth.d.ts.map +1 -0
package/dist/cloud/routes/auth.js +291 -0
package/dist/cloud/routes/auth.js.map +1 -0
package/dist/cloud/routes/twins.d.ts +7 -0
package/dist/cloud/routes/twins.d.ts.map +1 -0
package/dist/cloud/routes/twins.js +740 -0
package/dist/cloud/routes/twins.js.map +1 -0
package/dist/cloud/routes/usage.d.ts +7 -0
package/dist/cloud/routes/usage.d.ts.map +1 -0
package/dist/cloud/routes/usage.js +145 -0
package/dist/cloud/routes/usage.js.map +1 -0
package/dist/cloud/server.d.ts +10 -0
package/dist/cloud/server.d.ts.map +1 -0
package/dist/cloud/server.js +143 -0
package/dist/cloud/server.js.map +1 -0
package/package.json +23 -4
package/src/cli.ts +10 -0
package/src/cloud/auth.ts +269 -0
package/src/cloud/db.ts +167 -0
package/src/cloud/routes/auth.ts +355 -0
package/src/cloud/routes/twins.ts +908 -0
package/src/cloud/routes/usage.ts +186 -0
package/src/cloud/server.ts +151 -0

package/src/cloud/auth.ts ADDED Viewed

@@ -0,0 +1,269 @@
+/**
+ * Authentication Helpers
+ * MCP Twin Cloud
+ */
+import { Request, Response, NextFunction } from 'express';
+import bcrypt from 'bcryptjs';
+import jwt from 'jsonwebtoken';
+import { v4 as uuidv4 } from 'uuid';
+import { query, queryOne } from './db';
+const JWT_SECRET = process.env.JWT_SECRET || 'mcp-twin-dev-secret-change-in-prod';
+const JWT_EXPIRES_IN = '7d';
+const SALT_ROUNDS = 10;
+// Extend Express Request type
+declare global {
+  namespace Express {
+    interface Request {
+      user?: {
+        id: string;
+        email: string;
+        tier: string;
+      };
+      apiKey?: {
+        id: string;
+        userId: string;
+      };
+    }
+  }
+}
+export interface User {
+  id: string;
+  email: string;
+  password_hash: string;
+  tier: string;
+  stripe_customer_id?: string;
+  stripe_subscription_id?: string;
+  created_at: Date;
+}
+export interface ApiKey {
+  id: string;
+  user_id: string;
+  key_hash: string;
+  key_prefix: string;
+  name?: string;
+  last_used_at?: Date;
+  created_at: Date;
+  revoked_at?: Date;
+}
+/**
+ * Hash a password
+ */
+export async function hashPassword(password: string): Promise<string> {
+  return bcrypt.hash(password, SALT_ROUNDS);
+}
+/**
+ * Verify a password against a hash
+ */
+export async function verifyPassword(password: string, hash: string): Promise<boolean> {
+  return bcrypt.compare(password, hash);
+}
+/**
+ * Generate a JWT session token
+ */
+export function generateSessionToken(user: { id: string; email: string; tier: string }): string {
+  return jwt.sign(
+    { userId: user.id, email: user.email, tier: user.tier },
+    JWT_SECRET,
+    { expiresIn: JWT_EXPIRES_IN }
+  );
+}
+/**
+ * Verify a JWT session token
+ */
+export function verifySessionToken(token: string): { userId: string; email: string; tier: string } | null {
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET) as any;
+    return { userId: decoded.userId, email: decoded.email, tier: decoded.tier };
+  } catch {
+    return null;
+  }
+}
+/**
+ * Generate an API key
+ * Returns: { key: 'mtc_live_xxxxx', hash: 'hashed_value', prefix: 'mtc_live_abc' }
+ */
+export async function generateApiKey(): Promise<{ key: string; hash: string; prefix: string }> {
+  const keyId = uuidv4().replace(/-/g, '');
+  const key = `mtc_live_${keyId}`;
+  const hash = await bcrypt.hash(key, SALT_ROUNDS);
+  const prefix = `mtc_live_${keyId.substring(0, 8)}`;
+  return { key, hash, prefix };
+}
+/**
+ * Verify an API key and return the associated user
+ */
+export async function verifyApiKey(key: string): Promise<{ apiKeyId: string; user: User } | null> {
+  // Get all non-revoked API keys (in production, use a better lookup strategy)
+  const apiKeys = await query<ApiKey>(
+    'SELECT * FROM api_keys WHERE revoked_at IS NULL'
+  );
+  for (const apiKey of apiKeys) {
+    const valid = await bcrypt.compare(key, apiKey.key_hash);
+    if (valid) {
+      // Update last_used_at
+      await query(
+        'UPDATE api_keys SET last_used_at = NOW() WHERE id = $1',
+        [apiKey.id]
+      );
+      // Get user
+      const user = await queryOne<User>(
+        'SELECT * FROM users WHERE id = $1',
+        [apiKey.user_id]
+      );
+      if (user) {
+        return { apiKeyId: apiKey.id, user };
+      }
+    }
+  }
+  return null;
+}
+/**
+ * Middleware: Authenticate via API key
+ */
+export async function authenticateApiKey(
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> {
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    res.status(401).json({
+      error: {
+        code: 'UNAUTHORIZED',
+        message: 'Missing or invalid Authorization header. Use: Bearer <api_key>',
+      },
+    });
+    return;
+  }
+  const token = authHeader.substring(7);
+  // Check if it's an API key (starts with mtc_)
+  if (token.startsWith('mtc_')) {
+    const result = await verifyApiKey(token);
+    if (!result) {
+      res.status(401).json({
+        error: {
+          code: 'UNAUTHORIZED',
+          message: 'Invalid API key',
+        },
+      });
+      return;
+    }
+    req.user = {
+      id: result.user.id,
+      email: result.user.email,
+      tier: result.user.tier,
+    };
+    req.apiKey = {
+      id: result.apiKeyId,
+      userId: result.user.id,
+    };
+    next();
+    return;
+  }
+  // Otherwise, treat as JWT session token
+  const decoded = verifySessionToken(token);
+  if (!decoded) {
+    res.status(401).json({
+      error: {
+        code: 'UNAUTHORIZED',
+        message: 'Invalid or expired session token',
+      },
+    });
+    return;
+  }
+  req.user = {
+    id: decoded.userId,
+    email: decoded.email,
+    tier: decoded.tier,
+  };
+  next();
+}
+/**
+ * Middleware: Optional authentication (doesn't fail if not authenticated)
+ */
+export async function optionalAuth(
+  req: Request,
+  res: Response,
+  next: NextFunction
+): Promise<void> {
+  const authHeader = req.headers.authorization;
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    next();
+    return;
+  }
+  const token = authHeader.substring(7);
+  if (token.startsWith('mtc_')) {
+    const result = await verifyApiKey(token);
+    if (result) {
+      req.user = {
+        id: result.user.id,
+        email: result.user.email,
+        tier: result.user.tier,
+      };
+    }
+  } else {
+    const decoded = verifySessionToken(token);
+    if (decoded) {
+      req.user = {
+        id: decoded.userId,
+        email: decoded.email,
+        tier: decoded.tier,
+      };
+    }
+  }
+  next();
+}
+/**
+ * Get tier limits
+ */
+export function getTierLimits(tier: string): { twins: number; requestsPerMonth: number; logRetentionDays: number } {
+  const limits: Record<string, { twins: number; requestsPerMonth: number; logRetentionDays: number }> = {
+    free: { twins: 1, requestsPerMonth: 10_000, logRetentionDays: 1 },
+    starter: { twins: 5, requestsPerMonth: 100_000, logRetentionDays: 7 },
+    pro: { twins: -1, requestsPerMonth: 1_000_000, logRetentionDays: 30 }, // -1 = unlimited
+    enterprise: { twins: -1, requestsPerMonth: -1, logRetentionDays: 90 },
+  };
+  return limits[tier] || limits.free;
+}
+export default {
+  hashPassword,
+  verifyPassword,
+  generateSessionToken,
+  verifySessionToken,
+  generateApiKey,
+  verifyApiKey,
+  authenticateApiKey,
+  optionalAuth,
+  getTierLimits,
+};

package/src/cloud/db.ts ADDED Viewed

@@ -0,0 +1,167 @@
+/**
+ * Database Connection - PostgreSQL
+ * MCP Twin Cloud
+ */
+import { Pool, PoolClient } from 'pg';
+let pool: Pool | null = null;
+export function getPool(): Pool {
+  if (!pool) {
+    const connectionString = process.env.DATABASE_URL;
+    if (!connectionString) {
+      throw new Error('DATABASE_URL environment variable is required');
+    }
+    pool = new Pool({
+      connectionString,
+      ssl: process.env.NODE_ENV === 'production' ? { rejectUnauthorized: false } : false,
+      max: 20,
+      idleTimeoutMillis: 30000,
+      connectionTimeoutMillis: 2000,
+    });
+    pool.on('error', (err) => {
+      console.error('[DB] Unexpected error on idle client', err);
+    });
+  }
+  return pool;
+}
+export async function query<T = any>(text: string, params?: any[]): Promise<T[]> {
+  const pool = getPool();
+  const start = Date.now();
+  const result = await pool.query(text, params);
+  const duration = Date.now() - start;
+  if (process.env.DEBUG_SQL) {
+    console.log('[DB] Query executed', { text, duration, rows: result.rowCount });
+  }
+  return result.rows as T[];
+}
+export async function queryOne<T = any>(text: string, params?: any[]): Promise<T | null> {
+  const rows = await query<T>(text, params);
+  return rows[0] || null;
+}
+export async function transaction<T>(
+  callback: (client: PoolClient) => Promise<T>
+): Promise<T> {
+  const pool = getPool();
+  const client = await pool.connect();
+  try {
+    await client.query('BEGIN');
+    const result = await callback(client);
+    await client.query('COMMIT');
+    return result;
+  } catch (error) {
+    await client.query('ROLLBACK');
+    throw error;
+  } finally {
+    client.release();
+  }
+}
+export async function initializeDatabase(): Promise<void> {
+  console.log('[DB] Initializing database schema...');
+  const schema = `
+    -- Users table
+    CREATE TABLE IF NOT EXISTS users (
+      id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      email VARCHAR(255) UNIQUE NOT NULL,
+      password_hash VARCHAR(255) NOT NULL,
+      tier VARCHAR(20) DEFAULT 'free' CHECK (tier IN ('free', 'starter', 'pro', 'enterprise')),
+      stripe_customer_id VARCHAR(255),
+      stripe_subscription_id VARCHAR(255),
+      created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+      updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+    );
+    -- API Keys table
+    CREATE TABLE IF NOT EXISTS api_keys (
+      id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+      key_hash VARCHAR(255) NOT NULL,
+      key_prefix VARCHAR(20) NOT NULL,
+      name VARCHAR(100),
+      last_used_at TIMESTAMP WITH TIME ZONE,
+      created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+      revoked_at TIMESTAMP WITH TIME ZONE
+    );
+    -- Twins table
+    CREATE TABLE IF NOT EXISTS twins (
+      id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+      name VARCHAR(100) NOT NULL,
+      config_json JSONB NOT NULL,
+      status VARCHAR(20) DEFAULT 'stopped' CHECK (status IN ('stopped', 'starting', 'running', 'error')),
+      active_server VARCHAR(1) DEFAULT 'a' CHECK (active_server IN ('a', 'b')),
+      port_a INTEGER,
+      port_b INTEGER,
+      pid_a INTEGER,
+      pid_b INTEGER,
+      created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW(),
+      updated_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+    );
+    -- Logs table
+    CREATE TABLE IF NOT EXISTS logs (
+      id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+      twin_id UUID REFERENCES twins(id) ON DELETE CASCADE,
+      tool_name VARCHAR(100) NOT NULL,
+      args JSONB,
+      result JSONB,
+      error TEXT,
+      status VARCHAR(20) NOT NULL CHECK (status IN ('success', 'error', 'timeout')),
+      duration_ms INTEGER NOT NULL,
+      server VARCHAR(1) NOT NULL CHECK (server IN ('a', 'b')),
+      created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+    );
+    -- Usage tracking (aggregated daily)
+    CREATE TABLE IF NOT EXISTS usage_daily (
+      id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+      user_id UUID REFERENCES users(id) ON DELETE CASCADE,
+      date DATE NOT NULL,
+      request_count INTEGER DEFAULT 0,
+      error_count INTEGER DEFAULT 0,
+      total_duration_ms BIGINT DEFAULT 0,
+      UNIQUE(user_id, date)
+    );
+    -- Indexes
+    CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash) WHERE revoked_at IS NULL;
+    CREATE INDEX IF NOT EXISTS idx_twins_user ON twins(user_id);
+    CREATE INDEX IF NOT EXISTS idx_logs_twin_created ON logs(twin_id, created_at DESC);
+    CREATE INDEX IF NOT EXISTS idx_logs_user_created ON logs(user_id, created_at DESC);
+    CREATE INDEX IF NOT EXISTS idx_usage_user_date ON usage_daily(user_id, date DESC);
+  `;
+  await query(schema);
+  console.log('[DB] Database schema initialized');
+}
+export async function closePool(): Promise<void> {
+  if (pool) {
+    await pool.end();
+    pool = null;
+  }
+}
+export default {
+  query,
+  queryOne,
+  transaction,
+  getPool,
+  initializeDatabase,
+  closePool,
+};