wolverine-ai 1.0.0

package/src/mcp/mcp-registry.js

@@ -0,0 +1,228 @@
+const fs = require("fs");
+const path = require("path");
+const chalk = require("chalk");
+const { McpStdioClient, McpHttpClient } = require("./mcp-client");
+const { McpSecurity } = require("./mcp-security");
+
+/**
+ * MCP Registry — manages configured MCP servers and their tools.
+ *
+ * Configuration: .wolverine/mcp.json
+ * {
+ *   "servers": {
+ *     "my-server": {
+ *       "type": "stdio",              // "stdio" or "http"
+ *       "command": "node",            // for stdio
+ *       "args": ["my-mcp-server.js"], // for stdio
+ *       "url": "http://...",          // for http
+ *       "allowedTools": ["tool1", "tool2"] | "*",
+ *       "env": {},                    // extra env vars (values redacted in logs)
+ *       "enabled": true               // default true
+ *     }
+ *   }
+ * }
+ *
+ * Tool naming: mcp__[server]__[tool] (claw-code convention)
+ */
+
+const CONFIG_PATH = ".wolverine/mcp.json";
+
+class McpRegistry {
+  constructor(options = {}) {
+    this.projectRoot = options.projectRoot || process.cwd();
+    this.redactor = options.redactor;
+    this.logger = options.logger;
+
+    this.security = new McpSecurity({ redactor: this.redactor, logger: this.logger });
+    this._clients = new Map(); // serverName → client
+    this._toolMap = new Map(); // "mcp__server__tool" → { client, serverName, toolDef }
+    this._config = null;
+  }
+
+  /**
+   * Initialize — load config, connect to servers, discover tools.
+   */
+  async init() {
+    this._config = this._loadConfig();
+    if (!this._config || !this._config.servers) {
+      console.log(chalk.gray("  🔌 MCP: no servers configured (.wolverine/mcp.json)"));
+      return;
+    }
+
+    const servers = Object.entries(this._config.servers);
+    console.log(chalk.gray(`  🔌 MCP: ${servers.length} server(s) configured`));
+
+    for (const [name, config] of servers) {
+      if (config.enabled === false) {
+        console.log(chalk.gray(`  🔌 MCP: ${name} (disabled)`));
+        continue;
+      }
+
+      try {
+        await this._connectServer(name, config);
+      } catch (err) {
+        console.log(chalk.yellow(`  🔌 MCP: ${name} failed to connect — ${err.message}`));
+        if (this.logger) {
+          this.logger.warn("mcp.connect_failed", `MCP ${name}: ${err.message}`, { server: name });
+        }
+      }
+    }
+
+    console.log(chalk.gray(`  🔌 MCP: ${this._toolMap.size} tools available from ${this._clients.size} server(s)`));
+  }
+
+  /**
+   * Get all MCP tools as agent-compatible tool definitions.
+   * Returns array in OpenAI function-calling format.
+   */
+  getToolDefinitions() {
+    const defs = [];
+    for (const [fullName, entry] of this._toolMap) {
+      const td = entry.toolDef;
+      defs.push({
+        type: "function",
+        function: {
+          name: fullName,
+          description: `[MCP:${entry.serverName}] ${td.description || td.name}`,
+          parameters: td.inputSchema || { type: "object", properties: {} },
+        },
+      });
+    }
+    return defs;
+  }
+
+  /**
+   * Get tool names for display.
+   */
+  getToolList() {
+    return Array.from(this._toolMap.entries()).map(([name, entry]) => ({
+      name,
+      server: entry.serverName,
+      description: entry.toolDef.description || "",
+    }));
+  }
+
+  /**
+   * Call an MCP tool. Security checks applied automatically.
+   */
+  async callTool(fullName, args) {
+    const entry = this._toolMap.get(fullName);
+    if (!entry) return { error: `Unknown MCP tool: ${fullName}` };
+
+    const { client, serverName, toolDef } = entry;
+    const toolName = toolDef.name;
+
+    // Security gate
+    const check = this.security.checkTool(serverName, toolName);
+    if (!check.allowed) {
+      console.log(chalk.red(`  🛡️ MCP blocked: ${check.reason}`));
+      if (this.logger) {
+        this.logger.warn("mcp.blocked", `MCP blocked: ${check.reason}`, { server: serverName, tool: toolName });
+      }
+      return { error: `BLOCKED: ${check.reason}` };
+    }
+
+    // Sanitize args (redact secrets before sending to external server)
+    const safeArgs = this.security.sanitizeArgs(args);
+
+    const startTime = Date.now();
+    try {
+      const result = await client.callTool(toolName, safeArgs);
+      const duration = Date.now() - startTime;
+
+      // Sanitize result (redact secrets, check for injection)
+      let content = "";
+      if (result.content) {
+        for (const item of result.content) {
+          if (item.type === "text") content += item.text;
+        }
+      }
+
+      const safeContent = this.security.sanitizeResult(serverName, toolName, content);
+
+      // Audit log
+      this.security.auditLog(serverName, toolName, safeArgs, safeContent, duration);
+
+      console.log(chalk.gray(`  🔌 MCP: ${serverName}/${toolName} (${duration}ms)`));
+      return { content: safeContent };
+    } catch (err) {
+      const duration = Date.now() - startTime;
+      this.security.auditLog(serverName, toolName, safeArgs, `ERROR: ${err.message}`, duration);
+      return { error: `MCP ${serverName}/${toolName}: ${err.message}` };
+    }
+  }
+
+  /**
+   * Check if a tool name is an MCP tool.
+   */
+  isMcpTool(name) {
+    return name.startsWith("mcp__") && this._toolMap.has(name);
+  }
+
+  /**
+   * Disconnect all servers.
+   */
+  shutdown() {
+    for (const [name, client] of this._clients) {
+      try { client.disconnect(); } catch {}
+    }
+    this._clients.clear();
+    this._toolMap.clear();
+  }
+
+  /**
+   * Get stats for dashboard.
+   */
+  getStats() {
+    return {
+      servers: this._clients.size,
+      tools: this._toolMap.size,
+      serverList: Array.from(this._clients.keys()),
+    };
+  }
+
+  // -- Private --
+
+  async _connectServer(name, config) {
+    let client;
+    if (config.type === "http") {
+      client = new McpHttpClient(name, config);
+    } else {
+      client = new McpStdioClient(name, config);
+    }
+
+    await client.connect();
+    this._clients.set(name, client);
+
+    // Set security allowlist
+    this.security.setAllowedTools(name, config.allowedTools || []);
+
+    // Discover tools
+    const tools = await client.listTools();
+    for (const tool of tools) {
+      const fullName = `mcp__${name}__${tool.name}`;
+      this._toolMap.set(fullName, { client, serverName: name, toolDef: tool });
+    }
+
+    console.log(chalk.green(`  🔌 MCP: ${name} connected (${tools.length} tools)`));
+    if (this.logger) {
+      this.logger.info("mcp.connected", `MCP ${name}: ${tools.length} tools`, {
+        server: name, tools: tools.map(t => t.name),
+      });
+    }
+  }
+
+  _loadConfig() {
+    const configPath = path.join(this.projectRoot, CONFIG_PATH);
+    if (!fs.existsSync(configPath)) return null;
+
+    try {
+      return JSON.parse(fs.readFileSync(configPath, "utf-8"));
+    } catch (err) {
+      console.log(chalk.yellow(`  🔌 MCP: config parse error — ${err.message}`));
+      return null;
+    }
+  }
+}
+
+module.exports = { McpRegistry };

package/src/mcp/mcp-security.js

@@ -0,0 +1,152 @@
+const chalk = require("chalk");
+
+/**
+ * MCP Security Layer — enforces wolverine's security standards on all MCP interactions.
+ *
+ * Every MCP tool call passes through this gate:
+ * 1. Tool allowlist — only explicitly approved tools can execute
+ * 2. Argument sanitization — redacts secrets from args before sending to MCP server
+ * 3. Result sanitization — redacts secrets from MCP server responses
+ * 4. Injection scanning — checks MCP results for prompt injection
+ * 5. Rate limiting — prevents MCP servers from being spammed
+ * 6. Audit logging — every MCP call logged to event system
+ *
+ * MCP servers are UNTRUSTED by default. They run in a separate process
+ * and could be malicious. Treat all MCP data as external input.
+ */
+
+class McpSecurity {
+  constructor(options = {}) {
+    this.redactor = options.redactor;
+    this.logger = options.logger;
+
+    // Per-server tool allowlists. If a server isn't listed, ALL its tools are blocked.
+    // Configured in .wolverine/mcp.json under "allowedTools"
+    this._allowedTools = new Map(); // serverName → Set<toolName> | "*"
+
+    // Rate limiting per server
+    this._callCounts = new Map(); // serverName → { count, windowStart }
+    this._maxCallsPerMinute = options.maxCallsPerMinute || 30;
+
+    // Blocked tool name patterns (never allow these regardless of config)
+    this._blockedPatterns = [
+      /^(rm|delete|drop|truncate|format)/i,
+      /exec.*shell/i,
+      /admin.*override/i,
+    ];
+  }
+
+  /**
+   * Set allowed tools for a server.
+   * @param {string} serverName
+   * @param {string[]|"*"} tools — array of tool names, or "*" for all
+   */
+  setAllowedTools(serverName, tools) {
+    if (tools === "*") {
+      this._allowedTools.set(serverName, "*");
+    } else {
+      this._allowedTools.set(serverName, new Set(tools));
+    }
+  }
+
+  /**
+   * Check if a tool call is allowed. Returns { allowed, reason }.
+   */
+  checkTool(serverName, toolName) {
+    // Check blocked patterns
+    for (const pattern of this._blockedPatterns) {
+      if (pattern.test(toolName)) {
+        return { allowed: false, reason: `Tool "${toolName}" matches blocked pattern` };
+      }
+    }
+
+    // Check allowlist
+    const allowed = this._allowedTools.get(serverName);
+    if (!allowed) {
+      return { allowed: false, reason: `Server "${serverName}" has no allowlisted tools. Configure in .wolverine/mcp.json` };
+    }
+    if (allowed !== "*" && !allowed.has(toolName)) {
+      return { allowed: false, reason: `Tool "${toolName}" not in allowlist for server "${serverName}"` };
+    }
+
+    // Rate limit
+    if (!this._checkRate(serverName)) {
+      return { allowed: false, reason: `Rate limit exceeded for server "${serverName}" (max ${this._maxCallsPerMinute}/min)` };
+    }
+
+    return { allowed: true };
+  }
+
+  /**
+   * Sanitize arguments before sending to MCP server.
+   * Redacts secrets so they never leave wolverine.
+   */
+  sanitizeArgs(args) {
+    if (!this.redactor || !args) return args;
+    return this.redactor.redactObject(args);
+  }
+
+  /**
+   * Sanitize results coming back from MCP server.
+   * Checks for injection and redacts any secrets that leaked.
+   */
+  sanitizeResult(serverName, toolName, result) {
+    if (!result) return result;
+
+    // Convert to string for scanning
+    const resultStr = typeof result === "string" ? result : JSON.stringify(result);
+
+    // Redact any secrets in the result
+    let safe = this.redactor ? this.redactor.redact(resultStr) : resultStr;
+
+    // Check for obvious injection attempts in MCP results
+    const injectionPatterns = [
+      /ignore\s+previous\s+instructions/i,
+      /you\s+are\s+now/i,
+      /system\s*:\s*/i,
+      /new\s+instructions?\s*:/i,
+    ];
+
+    for (const pattern of injectionPatterns) {
+      if (pattern.test(safe)) {
+        console.log(chalk.red(`  🚨 MCP ${serverName}/${toolName}: injection attempt detected in result`));
+        if (this.logger) {
+          this.logger.critical("security.mcp_injection", `Injection in MCP result from ${serverName}/${toolName}`, {
+            server: serverName, tool: toolName,
+          });
+        }
+        return "[BLOCKED: MCP server returned suspicious content]";
+      }
+    }
+
+    return safe;
+  }
+
+  /**
+   * Log an MCP tool call for audit trail.
+   */
+  auditLog(serverName, toolName, args, result, duration) {
+    if (!this.logger) return;
+    this.logger.info("mcp.tool_call", `MCP ${serverName}/${toolName}`, {
+      server: serverName,
+      tool: toolName,
+      duration,
+      resultSize: typeof result === "string" ? result.length : JSON.stringify(result || "").length,
+    });
+  }
+
+  // -- Private --
+
+  _checkRate(serverName) {
+    const now = Date.now();
+    let entry = this._callCounts.get(serverName);
+    if (!entry || now - entry.windowStart > 60000) {
+      entry = { count: 0, windowStart: now };
+      this._callCounts.set(serverName, entry);
+    }
+    entry.count++;
+    return entry.count <= this._maxCallsPerMinute;
+  }
+}
+
+module.exports = { McpSecurity };

package/src/monitor/perf-monitor.js

@@ -0,0 +1,300 @@
+const http = require("http");
+const chalk = require("chalk");
+const { getModel } = require("../core/models");
+const { aiCall } = require("../core/ai-client");
+
+/**
+ * Performance Monitor — detects non-error issues that degrade server quality.
+ *
+ * Monitors:
+ * - Endpoint response times (detects slowdowns)
+ * - Request rate per endpoint (detects spam/DDoS patterns)
+ * - Error rate per endpoint (detects failing routes)
+ * - Memory/CPU via process metrics (if accessible)
+ *
+ * When it detects a pain point, it uses the AI (REASONING_MODEL) to analyze
+ * the relevant code and suggest or apply optimizations.
+ *
+ * Architecture: Injects a lightweight proxy between wolverine and the server
+ * that intercepts HTTP requests to gather metrics without modifying user code.
+ */
+
+class PerfMonitor {
+  constructor(options = {}) {
+    this.logger = options.logger;
+    this.sandbox = options.sandbox;
+    this.cwd = options.cwd || process.cwd();
+    this.port = options.port || parseInt(process.env.PORT, 10) || 3000;
+
+    // Config
+    this.sampleIntervalMs = options.sampleIntervalMs || 30000; // check every 30s
+    this.slowThresholdMs = options.slowThresholdMs || 2000;    // >2s = slow
+    this.spikeMultiplier = options.spikeMultiplier || 5;       // 5x avg = spike
+    this.spamThreshold = options.spamThreshold || 100;          // >100 req/min to one endpoint = spam
+
+    // Metrics store
+    this._endpoints = {};   // path -> { totalRequests, totalTime, errors, timestamps[] }
+    this._timer = null;
+    this._running = false;
+    this._analysisInProgress = false;
+  }
+
+  /**
+   * Start monitoring by polling the server's response times.
+   */
+  start() {
+    this._running = true;
+
+    // Periodic analysis of accumulated metrics
+    this._timer = setInterval(() => this._analyze(), this.sampleIntervalMs);
+
+    if (this.logger) {
+      this.logger.info("perf.start", "Performance monitor started", {
+        sampleInterval: this.sampleIntervalMs,
+        slowThreshold: this.slowThresholdMs,
+      });
+    }
+  }
+
+  stop() {
+    this._running = false;
+    if (this._timer) {
+      clearInterval(this._timer);
+      this._timer = null;
+    }
+  }
+
+  /**
+   * Record a request observation. Call this from a proxy or middleware.
+   */
+  recordRequest(endpoint, responseTimeMs, statusCode) {
+    if (!this._endpoints[endpoint]) {
+      this._endpoints[endpoint] = {
+        totalRequests: 0,
+        totalTime: 0,
+        errors: 0,
+        maxTime: 0,
+        timestamps: [],
+        recentTimes: [],
+      };
+    }
+
+    const ep = this._endpoints[endpoint];
+    ep.totalRequests++;
+    ep.totalTime += responseTimeMs;
+    ep.maxTime = Math.max(ep.maxTime, responseTimeMs);
+    ep.timestamps.push(Date.now());
+    ep.recentTimes.push(responseTimeMs);
+
+    // Keep only last 5 minutes of timestamps
+    const fiveMinAgo = Date.now() - 300000;
+    ep.timestamps = ep.timestamps.filter(t => t > fiveMinAgo);
+    ep.recentTimes = ep.recentTimes.slice(-200);
+
+    if (statusCode >= 400) {
+      ep.errors++;
+    }
+  }
+
+  /**
+   * Get current metrics snapshot for all endpoints.
+   */
+  getMetrics() {
+    const metrics = {};
+    for (const [endpoint, ep] of Object.entries(this._endpoints)) {
+      const avgTime = ep.totalRequests > 0 ? Math.round(ep.totalTime / ep.totalRequests) : 0;
+      const fiveMinAgo = Date.now() - 300000;
+      const recentCount = ep.timestamps.filter(t => t > fiveMinAgo).length;
+      const requestsPerMin = Math.round((recentCount / 5) * 10) / 10;
+
+      metrics[endpoint] = {
+        totalRequests: ep.totalRequests,
+        avgResponseMs: avgTime,
+        maxResponseMs: ep.maxTime,
+        requestsPerMin,
+        errorRate: ep.totalRequests > 0 ? Math.round((ep.errors / ep.totalRequests) * 100) : 0,
+        errors: ep.errors,
+      };
+    }
+    return metrics;
+  }
+
+  /**
+   * Internal — analyze metrics and flag issues.
+   */
+  async _analyze() {
+    if (!this._running || this._analysisInProgress) return;
+    if (Object.keys(this._endpoints).length === 0) return;
+
+    const issues = [];
+
+    for (const [endpoint, ep] of Object.entries(this._endpoints)) {
+      const avgTime = ep.totalRequests > 0 ? ep.totalTime / ep.totalRequests : 0;
+      const fiveMinAgo = Date.now() - 300000;
+      const recentCount = ep.timestamps.filter(t => t > fiveMinAgo).length;
+      const requestsPerMin = recentCount / 5;
+
+      // Slow endpoint detection
+      if (avgTime > this.slowThresholdMs) {
+        issues.push({
+          type: "slow_endpoint",
+          endpoint,
+          avgTime: Math.round(avgTime),
+          maxTime: ep.maxTime,
+          message: `${endpoint} averaging ${Math.round(avgTime)}ms (threshold: ${this.slowThresholdMs}ms)`,
+        });
+      }
+
+      // Response time spike detection
+      if (ep.recentTimes.length >= 10) {
+        const recent = ep.recentTimes.slice(-10);
+        const recentAvg = recent.reduce((a, b) => a + b, 0) / recent.length;
+        if (recentAvg > avgTime * this.spikeMultiplier && avgTime > 100) {
+          issues.push({
+            type: "spike",
+            endpoint,
+            recentAvg: Math.round(recentAvg),
+            overallAvg: Math.round(avgTime),
+            message: `${endpoint} response time spiked: ${Math.round(recentAvg)}ms (normal: ${Math.round(avgTime)}ms)`,
+          });
+        }
+      }
+
+      // Spam/DDoS detection
+      if (requestsPerMin > this.spamThreshold) {
+        issues.push({
+          type: "spam",
+          endpoint,
+          requestsPerMin: Math.round(requestsPerMin),
+          message: `${endpoint} receiving ${Math.round(requestsPerMin)} req/min (threshold: ${this.spamThreshold})`,
+        });
+      }
+
+      // High error rate detection
+      const errorRate = ep.totalRequests > 10 ? ep.errors / ep.totalRequests : 0;
+      if (errorRate > 0.2) {
+        issues.push({
+          type: "error_rate",
+          endpoint,
+          errorRate: Math.round(errorRate * 100),
+          message: `${endpoint} has ${Math.round(errorRate * 100)}% error rate (${ep.errors}/${ep.totalRequests})`,
+        });
+      }
+    }
+
+    if (issues.length === 0) return;
+
+    // Log all issues
+    for (const issue of issues) {
+      const eventType = {
+        slow_endpoint: "perf.slow_endpoint",
+        spike: "perf.spike_detected",
+        spam: "perf.attack_detected",
+        error_rate: "perf.slow_endpoint",
+      }[issue.type];
+
+      const severity = issue.type === "spam" ? "warn" : "info";
+
+      if (this.logger) {
+        this.logger[severity](eventType, issue.message, issue);
+      }
+      console.log(chalk.yellow(`  ⚡ Perf: ${issue.message}`));
+    }
+
+    // If there are serious issues, request AI optimization analysis
+    const serious = issues.filter(i => i.type === "slow_endpoint" || i.type === "spam");
+    if (serious.length > 0 && !this._analysisInProgress) {
+      await this._requestOptimization(serious);
+    }
+  }
+
+  /**
+   * Ask AI to analyze performance issues and suggest optimizations.
+   * Uses REASONING_MODEL since this is deep analysis.
+   */
+  async _requestOptimization(issues) {
+    this._analysisInProgress = true;
+
+    try {
+      const model = getModel("chat");
+      const issuesSummary = issues.map(i => `- ${i.message}`).join("\n");
+
+      const result = await aiCall({
+        model,
+        systemPrompt: "You are a Node.js performance optimization expert.",
+        userPrompt: `The following performance issues were detected on a live server:
+
+${issuesSummary}
+
+Current endpoint metrics:
+${JSON.stringify(this.getMetrics(), null, 2)}
+
+Provide a brief analysis and actionable suggestions. Focus on:
+1. Root cause identification
+2. Quick wins (caching, rate limiting, query optimization)
+3. Whether this looks like an attack (spam patterns)
+
+Keep your response under 300 words. Be specific and actionable.`,
+        maxTokens: 512,
+        category: "security",
+      });
+
+      const analysis = result.content;
+      console.log(chalk.cyan(`\n  📊 Performance Analysis:\n${analysis.split("\n").map(l => "    " + l).join("\n")}\n`));
+
+      if (this.logger) {
+        this.logger.info("perf.optimization", "AI performance analysis completed", {
+          issues: issues.length,
+          analysis: analysis.slice(0, 500),
+        });
+      }
+    } catch (err) {
+      console.log(chalk.yellow(`  Performance analysis failed: ${err.message}`));
+    } finally {
+      this._analysisInProgress = false;
+    }
+  }
+}
+
+/**
+ * Create a lightweight HTTP proxy that wraps the server to capture metrics.
+ * Sits between wolverine and the actual server process.
+ */
+function createMetricsProxy(targetPort, proxyPort, perfMonitor) {
+  const proxy = http.createServer((req, res) => {
+    const startTime = Date.now();
+
+    const options = {
+      hostname: "127.0.0.1",
+      port: targetPort,
+      path: req.url,
+      method: req.method,
+      headers: req.headers,
+    };
+
+    const proxyReq = http.request(options, (proxyRes) => {
+      const responseTime = Date.now() - startTime;
+      perfMonitor.recordRequest(req.url, responseTime, proxyRes.statusCode);
+
+      res.writeHead(proxyRes.statusCode, proxyRes.headers);
+      proxyRes.pipe(res);
+    });
+
+    proxyReq.on("error", (err) => {
+      const responseTime = Date.now() - startTime;
+      perfMonitor.recordRequest(req.url, responseTime, 502);
+      res.writeHead(502, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ error: "Bad Gateway", details: err.message }));
+    });
+
+    req.pipe(proxyReq);
+  });
+
+  proxy.listen(proxyPort, () => {
+    console.log(chalk.gray(`  📊 Metrics proxy on :${proxyPort} → :${targetPort}`));
+  });
+
+  return proxy;
+}
+
+module.exports = { PerfMonitor, createMetricsProxy };