midsummer-sol 0.2.1 → 0.3.0

package/sol-secret-mcp.js

@@ -246,6 +246,141 @@ var init_sign = __esm(() => {
   ED25519_PKCS8_PREFIX2 = Buffer.from("302e020100300506032b657004220420", "hex");
 });
 
+// src/bin/mcp-http.ts
+var exports_mcp_http = {};
+__export(exports_mcp_http, {
+  serveMcpHttp: () => serveMcpHttp,
+  resolveMcpToken: () => resolveMcpToken,
+  parseStandaloneHttp: () => parseStandaloneHttp
+});
+import { randomUUID, timingSafeEqual as timingSafeEqual2 } from "node:crypto";
+import { createServer } from "node:http";
+function tokenMatches(provided, expected) {
+  const a = Buffer.from(provided);
+  const b = Buffer.from(expected);
+  if (a.length !== b.length)
+    return false;
+  return timingSafeEqual2(a, b);
+}
+function bearer(req) {
+  const h = req.headers["authorization"];
+  if (typeof h !== "string")
+    return;
+  const m = /^Bearer\s+(.+)$/i.exec(h.trim());
+  return m ? m[1].trim() : undefined;
+}
+function writeJson(res, status, body) {
+  const s = JSON.stringify(body);
+  res.writeHead(status, { "Content-Type": "application/json" });
+  res.end(s);
+}
+async function readBody(req) {
+  const chunks = [];
+  for await (const c of req)
+    chunks.push(c);
+  if (chunks.length === 0)
+    return;
+  const raw = Buffer.concat(chunks).toString("utf8");
+  if (!raw.trim())
+    return;
+  return JSON.parse(raw);
+}
+async function serveMcpHttp(buildServer, opts) {
+  const { StreamableHTTPServerTransport } = await import("@modelcontextprotocol/sdk/server/streamableHttp.js");
+  const { isInitializeRequest } = await import("@modelcontextprotocol/sdk/types.js");
+  const port = opts.port ?? 8765;
+  const host = opts.host ?? "127.0.0.1";
+  const transports = new Map;
+  const http = createServer(async (req, res) => {
+    try {
+      const tok = bearer(req);
+      if (!tok || !tokenMatches(tok, opts.token)) {
+        res.setHeader("WWW-Authenticate", "Bearer");
+        writeJson(res, 401, { jsonrpc: "2.0", error: { code: -32001, message: "unauthorized: a valid Authorization: Bearer token is required" }, id: null });
+        return;
+      }
+      const url = (req.url ?? "").split("?")[0];
+      if (url !== MCP_PATH) {
+        writeJson(res, 404, { jsonrpc: "2.0", error: { code: -32601, message: `not found — the MCP endpoint is ${MCP_PATH}` }, id: null });
+        return;
+      }
+      const sessionId = req.headers["mcp-session-id"];
+      const sid = typeof sessionId === "string" ? sessionId : undefined;
+      if (req.method === "POST") {
+        const body = await readBody(req);
+        let transport = sid ? transports.get(sid) : undefined;
+        if (!transport) {
+          if (sid || !isInitializeRequest(body)) {
+            writeJson(res, 400, { jsonrpc: "2.0", error: { code: -32000, message: "no valid session — send an initialize request first" }, id: null });
+            return;
+          }
+          transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID(),
+            onsessioninitialized: (id) => void transports.set(id, transport)
+          });
+          transport.onclose = () => {
+            if (transport.sessionId)
+              transports.delete(transport.sessionId);
+          };
+          const server = await buildServer();
+          await server.connect(transport);
+        }
+        await transport.handleRequest(req, res, body);
+        return;
+      }
+      if (req.method === "GET" || req.method === "DELETE") {
+        const transport = sid ? transports.get(sid) : undefined;
+        if (!transport) {
+          writeJson(res, 400, { jsonrpc: "2.0", error: { code: -32000, message: "unknown or missing Mcp-Session-Id" }, id: null });
+          return;
+        }
+        await transport.handleRequest(req, res);
+        return;
+      }
+      writeJson(res, 405, { jsonrpc: "2.0", error: { code: -32000, message: "method not allowed" }, id: null });
+    } catch (e) {
+      if (!res.headersSent) {
+        writeJson(res, 500, { jsonrpc: "2.0", error: { code: -32603, message: "internal error: " + (e instanceof Error ? e.message : String(e)) }, id: null });
+      } else {
+        try {
+          res.end();
+        } catch {}
+      }
+    }
+  });
+  await new Promise((resolve, reject) => {
+    http.once("error", reject);
+    http.listen(port, host, () => {
+      http.off("error", reject);
+      process.stderr.write(`${opts.label} MCP (HTTP) listening on http://${host}:${port}${MCP_PATH} — Authorization: Bearer required
+`);
+      resolve();
+    });
+  });
+  await new Promise(() => {});
+}
+function resolveMcpToken(flagToken) {
+  const t = (flagToken ?? process.env.SOL_MCP_TOKEN ?? "").trim();
+  return t.length ? t : undefined;
+}
+function parseStandaloneHttp(argv, label = "sol") {
+  if (!argv.includes("--http"))
+    return;
+  const val = (name) => {
+    const i = argv.indexOf(name);
+    return i >= 0 && i + 1 < argv.length ? argv[i + 1] : undefined;
+  };
+  const token = resolveMcpToken(val("--token"));
+  if (!token) {
+    process.stderr.write("refusing to start an OPEN HTTP MCP — set SOL_MCP_TOKEN (or --token <T>). every request must send `Authorization: Bearer <token>`.\n");
+    process.exit(1);
+  }
+  const portRaw = val("--port");
+  return { token, port: portRaw ? Number(portRaw) : undefined, host: val("--host"), label };
+}
+var MCP_PATH = "/mcp";
+var init_mcp_http = () => {};
+
 // src/bin/identity-store.ts
 import { chmodSync as chmodSync2, existsSync as existsSync6, mkdirSync as mkdirSync5, readFileSync as readFileSync7, writeFileSync as writeFileSync6 } from "node:fs";
 import { homedir as homedir2 } from "node:os";
@@ -1775,9 +1910,11 @@ function resolveAll(world) {
   return world.manifest.order.map((e) => resolveOne(world, e));
 }
 function audienceFor(world, env, entryAud) {
-  if (entryAud && entryAud.length)
-    return entryAud;
-  return world.files[env]?.audience ?? [];
+  const base = entryAud && entryAud.length ? entryAud : world.files[env]?.audience ?? [];
+  const runtime = world.manifest.runtime[env];
+  if (runtime && !base.includes(runtime))
+    return [...base, runtime];
+  return base;
 }
 function ensureEnvDir(solDir) {
   mkdirSync3(envDir(solDir), { recursive: true });
@@ -1868,7 +2005,14 @@ function validateWorld(solDir, world, opts = {}) {
         const actual = new Set(recipientsOf(box));
         const expected = new Set(resolvedAud.accountIds);
         const extra = [...actual].filter((a) => !expected.has(a));
-        const missing = [...expected].filter((a) => !actual.has(a));
+        let missing = [...expected].filter((a) => !actual.has(a));
+        const runtimeHandle2 = world.manifest.runtime[r.env];
+        const runtimeAccts = new Set((runtimeHandle2 ? world.gate.handles[runtimeHandle2] ?? [] : []).map((rec) => rec.accountId));
+        const missingRuntime = missing.filter((a) => runtimeAccts.has(a));
+        missing = missing.filter((a) => !runtimeAccts.has(a));
+        if (missingRuntime.length) {
+          issues.push({ severity: "warn", check: "audience-integrity", message: `${r.env}/${s.name}: the runtime recipient [${missingRuntime.join(", ")}] joined the env @audience after this value was sealed — it can't inject this secret yet. reseal it (\`sol secret set ${s.name} --env ${r.env}\`) to include the runtime.` });
+        }
         if (extra.length || missing.length) {
           issues.push({ severity: "error", check: "audience-integrity", message: `${r.env}/${s.name}: sealed recipients drift from the audience (missing: [${missing.join(", ")}], extra: [${extra.join(", ")}]) — reseal with \`sol secret set\` or \`sol secret audience\`` });
         }
@@ -2778,7 +2922,9 @@ function secretInject(ctx, args) {
     ctx.die("usage: sol secret inject --env E -- <cmd> [args...]");
   const cmd = args.slice(dashdash + 1);
   const world = loadWorld(ctx.solDir);
-  const self = ctx.loadSelfIdentity();
+  const runtimeRoot = process.env.SOL_RUNTIME_RECOVERY_CODE;
+  const self = runtimeRoot ? runtimeSelfFromRoot(env, runtimeRoot) : ctx.loadSelfIdentity();
+  const recipientActor = self?.accountId ?? ctx.actor;
   const injected = {};
   let revealedCount = 0;
   for (const s of resolveOne(world, env).secrets) {
@@ -2795,7 +2941,7 @@ function secretInject(ctx, args) {
     revealedCount++;
   }
   if (!revealedCount)
-    ctx.die(`no secrets in ${env} are readable by ${ctx.actor} — are you a recipient? (set SOL_RECOVERY_CODE)`);
+    ctx.die(`no secrets in ${env} are readable by ${recipientActor} — are you a recipient? (set SOL_RECOVERY_CODE, or SOL_RUNTIME_RECOVERY_CODE when injecting from the runtime)`);
   process.stderr.write(`sol: injecting ${revealedCount} secret(s) into the subprocess env: ${Object.keys(injected).join(", ")}
 `);
   const res = spawnSync(cmd[0], cmd.slice(1), { stdio: "inherit", env: { ...process.env, ...injected } });
@@ -2912,6 +3058,11 @@ async function runtimeProvision(ctx, args) {
   const { gate } = await audienceAdd(audCtx, world.gate, prov.handle, prov.accountId, prov.x25519Pub);
   writeAudienceDoc(ctx.solDir, gate);
   journal2(ctx, id, { op: "audience-add", handle: prov.handle, members: memberSnapshot(gate, prov.handle), recipientAtOp: true, prevAud, newAud: (gate.handles[prov.handle] ?? []).map((r) => r.accountId), at: Date.now() });
+  const envFile = world.files[env];
+  if (envFile && !(envFile.audience ?? []).includes(prov.handle)) {
+    envFile.audience = [...envFile.audience ?? [], prov.handle];
+    writeEnvFile(ctx.solDir, envFile);
+  }
   world.manifest.runtime[env] = prov.handle;
   writeManifest(ctx.solDir, world.manifest);
   regenerateSchema(ctx.solDir, loadWorld(ctx.solDir));
@@ -3198,16 +3349,10 @@ var EXPORT_KDF = { N: 1 << 15, r: 8, p: 1, maxmem: 64 * 1024 * 1024 };
 var VERIFIED_PATH = join4(homedir(), ".sol", "verified-keys.json");
 
 // src/bin/sol-secret-mcp.ts
-async function startSecretMcp(opts = {}) {
+init_mcp_http();
+async function buildSecretServer(solDir) {
   const { Server } = await import("@modelcontextprotocol/sdk/server/index.js");
-  const { StdioServerTransport } = await import("@modelcontextprotocol/sdk/server/stdio.js");
   const { CallToolRequestSchema, ListToolsRequestSchema } = await import("@modelcontextprotocol/sdk/types.js");
-  const solDir = opts.solDir || process.env.SOL_DIR || join7(process.cwd(), ".sol");
-  if (!existsSync8(solDir)) {
-    process.stderr.write(`sol-secret-mcp: no .sol at ${solDir} \u2014 run \`sol init\` first (or set SOL_DIR)
-`);
-    process.exit(1);
-  }
   const dirUrl = (process.env.SOL_REMOTE || "https://sol.midsummer.new").replace(/\/+$/, "");
   async function fetchKey2(account) {
     const { fetchKey: f } = await Promise.resolve().then(() => (init_seal_audience(), exports_seal_audience));
@@ -3237,10 +3382,27 @@ async function startSecretMcp(opts = {}) {
     const r = await callMcpTool(ctx, req.params.name, req.params.arguments ?? {});
     return { content: [{ type: "text", text: r.text }], isError: r.isError };
   });
+  return server;
+}
+async function startSecretMcp(opts = {}) {
+  const solDir = opts.solDir || process.env.SOL_DIR || join7(process.cwd(), ".sol");
+  if (!existsSync8(solDir)) {
+    process.stderr.write(`sol-secret-mcp: no .sol at ${solDir} \u2014 run \`sol init\` first (or set SOL_DIR)
+`);
+    process.exit(1);
+  }
+  if (opts.http) {
+    const { serveMcpHttp: serveMcpHttp2 } = await Promise.resolve().then(() => (init_mcp_http(), exports_mcp_http));
+    await serveMcpHttp2(() => buildSecretServer(solDir), opts.http);
+    return;
+  }
+  const { StdioServerTransport } = await import("@modelcontextprotocol/sdk/server/stdio.js");
+  const server = await buildSecretServer(solDir);
   await server.connect(new StdioServerTransport);
 }
 if (__require.main == __require.module) {
-  startSecretMcp().catch((e) => {
+  const http = parseStandaloneHttp(process.argv.slice(2), "sol-secrets");
+  startSecretMcp({ http }).catch((e) => {
     process.stderr.write(`sol-secret-mcp: ${e?.message ?? e}
 `);
     process.exit(1);