tinytown 0.10.0

A simple, fast multi-agent orchestration system using Redis for message passing
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

/*
 * Copyright (c) 2024-Present, Jeremy Plichta
 * Licensed under the MIT License
 */

//! Townhall - Tower-based REST and MCP control plane for Tinytown.
//!
//! Supports both REST API and MCP (Model Context Protocol) interfaces.

use std::net::SocketAddr;
use std::path::PathBuf;
use std::sync::Arc;
use std::time::Duration;

use clap::{Parser, Subcommand};
use tower_http::{
    compression::CompressionLayer,
    cors::{Any, CorsLayer},
    timeout::TimeoutLayer,
    trace::{DefaultOnRequest, DefaultOnResponse, TraceLayer},
};
use tracing::{Level, info};
use tracing_subscriber::EnvFilter;

use tinytown::{AppState, McpState, Town, create_mcp_router, create_router};

#[derive(Parser)]
#[command(
    name = "townhall",
    author,
    version,
    about = "Townhall - REST and MCP control plane for Tinytown"
)]
struct Cli {
    #[arg(short, long, default_value = ".", global = true)]
    town: PathBuf,

    #[arg(short, long, global = true)]
    verbose: bool,

    #[command(subcommand)]
    command: Option<Commands>,
}

#[derive(Subcommand)]
enum Commands {
    /// Run the REST API server (default)
    Rest {
        #[arg(short, long)]
        bind: Option<String>,
        #[arg(short, long)]
        port: Option<u16>,
    },
    /// Run the MCP server over stdio
    McpStdio,
    /// Run the MCP server over HTTP/SSE
    McpHttp {
        #[arg(short, long)]
        bind: Option<String>,
        #[arg(short, long)]
        port: Option<u16>,
    },
}

#[tokio::main]
async fn main() -> tinytown::Result<()> {
    let cli = Cli::parse();
    let filter = if cli.verbose {
        EnvFilter::new("townhall=debug,tinytown=debug,tower_http=debug,tower_mcp=debug")
    } else {
        EnvFilter::new("townhall=info,tinytown=info")
    };
    tracing_subscriber::fmt().with_env_filter(filter).init();

    let town = Town::connect(&cli.town).await?;
    let config = town.config().clone();
    info!("🏛️  Townhall starting for town: {}", config.name);

    match cli.command.unwrap_or(Commands::Rest {
        bind: None,
        port: None,
    }) {
        Commands::Rest { bind, port } => run_rest_server(town, config, bind, port).await,
        Commands::McpStdio => run_mcp_stdio(town, config).await,
        Commands::McpHttp { bind, port } => run_mcp_http(town, config, bind, port).await,
    }
}

/// Run the REST API server.
async fn run_rest_server(
    town: Town,
    config: tinytown::Config,
    bind_opt: Option<String>,
    port_opt: Option<u16>,
) -> tinytown::Result<()> {
    let bind = bind_opt.unwrap_or_else(|| config.townhall.bind.clone());
    let port = port_opt.unwrap_or(config.townhall.rest_port);
    let addr: SocketAddr = format!("{}:{}", bind, port)
        .parse()
        .expect("Invalid address");

    // Startup safety rules (Issue #16)
    let is_loopback = addr.ip().is_loopback();
    let auth_mode = &config.townhall.auth.mode;

    // Fail fast: non-loopback binding without authentication
    if !is_loopback && *auth_mode == tinytown::AuthMode::None {
        tracing::error!(
            "❌ FATAL: Binding to non-loopback address {} with auth.mode=none is not allowed. \
             Configure API key or OIDC authentication, or bind to 127.0.0.1.",
            addr
        );
        std::process::exit(1);
    }

    // Warn when using API key mode on non-loopback
    if !is_loopback && *auth_mode == tinytown::AuthMode::ApiKey {
        tracing::warn!(
            "⚠️  Running API key authentication on non-loopback address {}. \
             Consider using OIDC for production deployments.",
            addr
        );
    }

    // Fail fast: TLS enabled but invalid config
    if let Some(err) = config.townhall.tls.validate() {
        tracing::error!("❌ FATAL: TLS configuration error: {}", err);
        std::process::exit(1);
    }

    // Fail fast: mTLS required but invalid config
    if let Some(err) = config.townhall.mtls.validate() {
        tracing::error!("❌ FATAL: mTLS configuration error: {}", err);
        std::process::exit(1);
    }

    info!("🔐 Auth mode: {:?}", auth_mode);
    if config.townhall.tls.enabled {
        info!("🔒 TLS enabled");
    }
    if config.townhall.mtls.enabled {
        info!(
            "🔒 mTLS enabled (required: {})",
            config.townhall.mtls.required
        );
    }

    let timeout_duration = Duration::from_millis(config.townhall.request_timeout_ms);
    let auth_config = Arc::new(config.townhall.auth.clone());
    let state = Arc::new(AppState { town, auth_config });
    #[allow(deprecated)]
    let timeout_layer = TimeoutLayer::new(timeout_duration);

    let trace_layer = TraceLayer::new_for_http()
        .make_span_with(|request: &axum::http::Request<_>| {
            tracing::info_span!(
                "http_request",
                method = %request.method(),
                uri = %request.uri().path(),
                version = ?request.version(),
            )
        })
        .on_request(DefaultOnRequest::new().level(Level::INFO))
        .on_response(DefaultOnResponse::new().level(Level::INFO));

    let app = create_router(state)
        .layer(trace_layer)
        .layer(CompressionLayer::new())
        .layer(timeout_layer)
        .layer(
            CorsLayer::new()
                .allow_origin(Any)
                .allow_methods(Any)
                .allow_headers(Any),
        );

    info!("🚀 REST API listening on http://{}", addr);
    let listener = tokio::net::TcpListener::bind(addr).await?;
    axum::serve(listener, app).await?;
    Ok(())
}

/// Run the MCP server over stdio.
async fn run_mcp_stdio(town: Town, _config: tinytown::Config) -> tinytown::Result<()> {
    use tower_mcp::StdioTransport;

    info!("🔌 Starting MCP server over stdio");
    let mcp_state = Arc::new(McpState::new(town));
    let router = create_mcp_router(mcp_state, "tinytown-mcp", env!("CARGO_PKG_VERSION"));

    StdioTransport::new(router)
        .run()
        .await
        .map_err(|e| tinytown::Error::Io(std::io::Error::other(format!("MCP error: {}", e))))?;

    Ok(())
}

/// Run the MCP server over HTTP/SSE.
async fn run_mcp_http(
    town: Town,
    config: tinytown::Config,
    bind_opt: Option<String>,
    port_opt: Option<u16>,
) -> tinytown::Result<()> {
    use tower_mcp::transport::HttpTransport;

    let bind = bind_opt.unwrap_or_else(|| config.townhall.bind.clone());
    // Use MCP port (default: REST port + 1)
    let port = port_opt.unwrap_or(config.townhall.rest_port + 1);
    let addr: SocketAddr = format!("{}:{}", bind, port)
        .parse()
        .expect("Invalid address");

    info!("🔌 Starting MCP server over HTTP/SSE");
    let mcp_state = Arc::new(McpState::new(town));
    let router = create_mcp_router(mcp_state, "tinytown-mcp", env!("CARGO_PKG_VERSION"));

    let transport = HttpTransport::new(router);
    let app = transport.into_router().layer(
        CorsLayer::new()
            .allow_origin(Any)
            .allow_methods(Any)
            .allow_headers(Any),
    );

    info!("🚀 MCP HTTP/SSE listening on http://{}", addr);
    let listener = tokio::net::TcpListener::bind(addr).await?;
    axum::serve(listener, app).await?;
    Ok(())
}