mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-23 04:26:42 +02:00
16c8818338
Foundation for autonomous Claude-driven testing. Plan:
docs/plans/mana-mcp-and-personas.md.
New packages
- @mana/tool-registry — schema-first ToolSpec<InputSchema, OutputSchema>
with zod generics, scope ('user-space' | 'admin') and policyHint
('read' | 'write' | 'destructive'). sync-client helpers speak the
mana-sync push/pull protocol directly so RLS and field-level LWW are
preserved. MasterKeyClient fetches per-user MKs via the existing
mana-auth GET /api/v1/me/encryption-vault/key endpoint (JWT-gated,
ZK-aware, already audited) — no new service-key endpoint built.
ZeroKnowledgeUserError surfaced as a typed throw.
- @mana/shared-crypto — AES-GCM-256 primitives extracted from the web
app's $lib/data/crypto/aes.ts so the server-side tool handlers and the
browser produce byte-for-byte identical wire format
(enc:1:{b64(iv)}.{b64(ct)}). Web app aes.ts now re-exports from
shared-crypto — 5 existing importers unchanged, svelte-check stays
green.
New service
- services/mana-mcp (:3069, Bun/Hono) — MCP Streamable HTTP gateway.
JWKS auth against mana-auth, per-user session isolation (session-id
belongs to the user who opened it — cross-user access returns 403),
admin-scoped tools filtered out before registration. MasterKeyClient
cached per process with a 5-minute TTL.
11 tools registered
- habits.{create,list,update,archive}, spaces.list (plaintext, M1)
- todo.{create,list,complete}, notes.{create,search}, journal.add
(encrypted — field lists match
apps/mana/apps/web/src/lib/data/crypto/registry.ts verbatim)
Infra
- Port 3069 added to docs/PORT_SCHEMA.md
- services/mana-mcp/CLAUDE.md with architecture, auth model,
tool-authoring recipe, local smoke-test steps
- Root CLAUDE.md services list updated
Type-check green across shared-crypto, mana-tool-registry, mana-mcp.
svelte-check on apps/mana/apps/web stays at 0 errors / 0 warnings.
Boot smoke verified: /health returns registry.loaded=true, unauthed
/mcp → 401, invalid-JWT /mcp → 401 with descriptive message.
Decisions locked in for later milestones (per plan D1–D10):
- Personas will be real mana-auth users (users.kind='persona'), no
service-key bypass (D1, D2)
- Tool-registry is the SSOT; mana-ai and the legacy
apps/api/src/mcp/server.ts get merged into it in M4 (three current
parallel tool catalogs collapse to one)
- Persona-runner (:3070) will be a separate service using the Claude
Agent SDK + MCP client (D5)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
113 lines
3.5 KiB
TypeScript
113 lines
3.5 KiB
TypeScript
/**
|
|
* Fetches and caches each caller's master key for the lifetime of a tool-
|
|
* context.
|
|
*
|
|
* Reuses the existing `GET /api/v1/me/encryption-vault/key` endpoint
|
|
* rather than building a service-key-gated bypass:
|
|
* - The endpoint is already JWT-auth'd, so the caller's own token is
|
|
* exactly the right credential.
|
|
* - Zero-knowledge users receive a recovery blob (never plaintext MK) —
|
|
* a server-side agent cannot open their data, and we return null from
|
|
* `getKey()` so callers fail loud.
|
|
* - The endpoint already writes an audit trail row per fetch, which is
|
|
* the observability we want.
|
|
*
|
|
* Caching: per-userId, in-process, short TTL. A long-running MCP session
|
|
* invokes many tools in a row; re-fetching the MK for each tool would
|
|
* spam the audit log and add ~20 ms latency per call. The TTL is short
|
|
* enough that key-rotation picks up within a tick, not a day.
|
|
*/
|
|
|
|
import { importMasterKey } from '@mana/shared-crypto';
|
|
|
|
export interface MasterKeyClientConfig {
|
|
authUrl: string;
|
|
/** How long a cached CryptoKey stays valid. Default 5 minutes. */
|
|
ttlMs?: number;
|
|
}
|
|
|
|
interface CacheEntry {
|
|
key: CryptoKey;
|
|
expiresAt: number;
|
|
}
|
|
|
|
export class ZeroKnowledgeUserError extends Error {
|
|
constructor(userId: string) {
|
|
super(
|
|
`User ${userId.slice(0, 8)}… is in zero-knowledge mode — the server has no way to unwrap their master key. Agent-side encryption is not possible for this user.`
|
|
);
|
|
this.name = 'ZeroKnowledgeUserError';
|
|
}
|
|
}
|
|
|
|
export class MasterKeyFetchError extends Error {
|
|
constructor(status: number, body: string) {
|
|
super(`mana-auth /encryption-vault/key failed: HTTP ${status} — ${body.slice(0, 200)}`);
|
|
this.name = 'MasterKeyFetchError';
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Response shape of `GET /api/v1/me/encryption-vault/key` (standard mode).
|
|
* ZK-mode returns a different shape (recovery blob, no `masterKey`) — we
|
|
* detect that and throw `ZeroKnowledgeUserError`.
|
|
*/
|
|
interface VaultKeyResponse {
|
|
masterKey?: string; // base64, 32 bytes when present
|
|
formatVersion?: number;
|
|
kekId?: string;
|
|
zeroKnowledge?: boolean;
|
|
}
|
|
|
|
function base64ToBytes(b64: string): Uint8Array {
|
|
const bin = atob(b64);
|
|
const out = new Uint8Array(bin.length);
|
|
for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);
|
|
return out;
|
|
}
|
|
|
|
export class MasterKeyClient {
|
|
private readonly cache = new Map<string, CacheEntry>();
|
|
private readonly ttlMs: number;
|
|
|
|
constructor(private readonly config: MasterKeyClientConfig) {
|
|
this.ttlMs = config.ttlMs ?? 5 * 60 * 1000;
|
|
}
|
|
|
|
/**
|
|
* Returns the caller's master key as a non-extractable CryptoKey.
|
|
* Throws `ZeroKnowledgeUserError` for ZK users, `MasterKeyFetchError`
|
|
* on any other network/auth failure.
|
|
*/
|
|
async getKey(userId: string, jwt: string): Promise<CryptoKey> {
|
|
const cached = this.cache.get(userId);
|
|
const now = Date.now();
|
|
if (cached && cached.expiresAt > now) return cached.key;
|
|
|
|
const url = `${this.config.authUrl}/api/v1/me/encryption-vault/key`;
|
|
const res = await fetch(url, {
|
|
headers: { authorization: `Bearer ${jwt}` },
|
|
});
|
|
|
|
if (!res.ok) {
|
|
const body = await res.text().catch(() => '<unreadable>');
|
|
throw new MasterKeyFetchError(res.status, body);
|
|
}
|
|
|
|
const body = (await res.json()) as VaultKeyResponse;
|
|
if (body.zeroKnowledge || !body.masterKey) {
|
|
throw new ZeroKnowledgeUserError(userId);
|
|
}
|
|
|
|
const raw = base64ToBytes(body.masterKey);
|
|
const key = await importMasterKey(raw);
|
|
|
|
this.cache.set(userId, { key, expiresAt: now + this.ttlMs });
|
|
return key;
|
|
}
|
|
|
|
/** Test-only — clears cache. */
|
|
__clearForTests(): void {
|
|
this.cache.clear();
|
|
}
|
|
}
|