feat: implement simple mcp exposure application #9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Deploying splits with
|
| Latest commit: |
622b6d4
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://e5abfe79.splits-2l5.pages.dev |
| Branch Preview URL: | https://feat-cascade-market.splits-2l5.pages.dev |
…h requirements or 3rd party deps
- Implement OAuth 2.0 authorization server with PKCE (RFC 6749, 8414) - Add SIWS (Sign In With Solana) using native signIn or CAIP-122 fallback - Add well-known endpoints for MCP SDK discovery (RFC 9728) - Add rate limiting (60 req/min per IP) on MCP gateway - Enhance payment verification with on-chain confirmation via Tabs - Add auth_codes and refresh_tokens tables for OAuth state - Configure for market.cascade.fyi deployment
Facilitator (apps/facilitator/): - Implement x402 v2 facilitator at facilitator.cascade.fyi - Support RFC #646 instruction layouts (3-6 instructions) - Add CPI verification via simulation for smart wallets - Add deadline validator and durable nonce support - Include 46 tests (37 unit, 9 integration) Gateway: - Upgrade from Tabs v1 to x402 v2 protocol - Add dynamic fee payer discovery from facilitator - Construct proper PaymentRequirements with feePayer Go CLI (packages/golang/cli/): - Add tunnel client for connecting local MCPs to gateway - Use urfave/cli/v3 with goreleaser for releases - Support cross-platform single binary distribution Also: - Add explore, pay, splits, tabs routes to market app - Fix Dashboard type guards for query functions - Update ADR-0004 to reflect Go CLI implementation - Rename ADR-0005 to cascade-market-base-support.md
- Import PaymentPayload, PaymentRequirements, Network from @x402/core/types - Remove duplicate local type definitions - Use Network branded type for proper type safety Also adds Go CLI packaging files: - Apache 2.0 LICENSE - README with installation/usage docs - .gitignore for build artifacts
…rification Replace manual SIWS implementation with official library functions: - Server stores full SolanaSignInInput in KV (not just nonce flag) - Use verifySignIn() for complete field + signature validation - Use createSignInMessageText() for fallback message construction - Structured API contract with proper Uint8Array serialization
Tabs: - Implement full smart account UI (was external redirect) - Add SmartAccountPanel, TransactionHistory, DemoPanel components - Add use-smart-account hook with SDK integration - Add Helius API for transaction history Splits: - Use useWalletConnection() instead of SIWS auth - Fix "wallet not connected" when wallet is connected Refactor: - Delete lib/squads.ts, use @cascade-fyi/tabs-sdk directly - Add lib/constants.ts for USDC_MINT, EXECUTOR_PUBKEY - Use usdc.toDecimalString() from utils for formatting
…MCP refactor - Add Astro Starlight documentation app with ADRs, specifications, and benchmarks - Add /api/echo/resource (x402 demo) and /api/settle (Tabs executor proxy) endpoints - Refactor GitHub MCP example with proper client/types module separation - Update Dashboard and Services page with improved flow
ADRs and benchmarks are now maintained in the Starlight docs site under apps/docs/src/content/docs/. Remove duplicates from legacy locations to avoid confusion.
Replace Go CLI with TypeScript implementation using @effect/cli. Enables better integration with the monorepo toolchain and shared types from splits-sdk.
P0 (blocking): - Fix timing attack in token verification (crypto.subtle.timingSafeEqual) - Remove hardcoded secret fallbacks in tunnel.ts and new.tsx - Add MCP x402 transport (JSON-RPC body extraction for payments) - Implement /sign endpoint for transaction signing P1 (before launch): - Add transaction validation in /sign using tabs-sdk - Validate JSON-RPC response before settlement - Implement refresh token rotation in OAuth - Fix auth code race condition with atomic UPDATE...RETURNING - Add secret validation middleware at startup Also exports SPLIT_CONFIG_DISCRIMINATOR from splits-sdk for getProgramAccounts filtering in service discovery.
Replace database-backed service registry with on-chain discovery per ADR-0004 §4.7. Services are now identified by SplitConfig PDAs with labels starting with @ (e.g., @cascade/twitter). - Add splits.ts with discoverServices() and serviceExists() - Update explore.tsx to use on-chain discovery - Remove services.ts (database-backed registry) - Simplify schema.sql (remove services table)
Adds --sourcemap for debugging and --no-compile-autoload-dotenv to prevent automatic .env loading in compiled binaries.
Improve naming clarity for the Durable Object that bridges Gateway HTTP requests to CLI WebSocket connections. - Rename tunnel.ts → service-bridge.ts - Rename class TunnelRelay → ServiceBridge - Rename binding TUNNEL_RELAY → SERVICE_BRIDGE - Update ADR-0004 references - Fix WebSocket handler signatures (wasClean param, ArrayBuffer) - Add pending request rejection on disconnect
Revert the class rename from c1a0039 while keeping the bug fixes (WebSocket handler signatures, pending request rejection). "Tunnel" is more familiar terminology to developers (like ngrok), while "Bridge" is an internal implementation detail. The class name TunnelRelay accurately describes what it does: relays MCP requests through a WebSocket tunnel to supplier CLIs. Changes: - Rename service-bridge.ts → tunnel.ts - Rename class ServiceBridge → TunnelRelay - Rename binding SERVICE_BRIDGE → TUNNEL_RELAY - Update gateway references and ADR-0004 - Clarify "CLI clients" → "supplier CLIs" in comments
Security fixes from review: 1. Transaction injection prevention (CRITICAL) - Verify exactly 1 instruction in /sign endpoint - Prevents malicious instruction injection attacks 2. Rate limiting for /sign endpoint (HIGH) - 30 requests/minute per wallet using KV sliding window - Prevents DoS attacks on signing endpoint 3. Optimize getProgramAccounts (MEDIUM) - Add memcmp filter on "CSPL:@" prefix at offset 105 - Server-side filtering for marketplace services only - Improves scalability as splits grow 4. SIWS session validation in OAuth (MEDIUM) - Derive userAddress from verified session cookie - Remove client-provided userAddress from input - Prevents wallet address spoofing 5. OAuth client_id format validation (LOW) - Validate format: lowercase alphanumeric + hyphens, 3-64 chars - Prevents invalid client identifiers
Add OAuth login, status, serve (supplier tunnel), and MCP management: - login: OAuth 2.0 + PKCE flow with local callback server - status: Display wallet, Tabs account, and configured MCPs - serve: WebSocket tunnel to Gateway for local MCP exposure - mcp add/remove/proxy: Claude Code integration with x402 payments Supporting libraries: - auth: XDG credential storage with auto-refresh - config: Claude Code settings.json manipulation - tokens: Service token decoding for suppliers - tunnel: WebSocket client with Cloudflare DO reconnection - x402: Payment building via tabs-sdk Also includes: - Gateway audit logging for executor signing (W8) - ADR-0004 update for Tabs PDA discovery pattern
Add /.well-known/oauth-authorization-server endpoint to enable MCP clients to automatically discover OAuth endpoints. This improves interoperability with OAuth 2.1 compliant clients.
Replace custom D1+JWT OAuth implementation with Cloudflare's workers-oauth-provider library, eliminating D1 dependency entirely. - Add HTML consent page with wallet-standard SIWS - Use KV-backed opaque tokens with AES-GCM encryption - Simplify gateway auth via OAuthProvider's ctx.props - Update ADR-0004 to reflect new architecture
…mproved label handling
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.