@agent-lint/mcp 0.2.1 → 0.3.0

package/dist/http-security.d.ts

@@ -0,0 +1,73 @@
+/**
+ * HTTP transport security utilities.
+ *
+ * - Origin/Host validation (DNS rebinding protection)
+ * - CORS preflight handling
+ * - Bearer token authentication (optional)
+ * - Simple in-memory rate limiting
+ *
+ * @module
+ */
+import type { IncomingMessage, ServerResponse } from "node:http";
+export interface HttpSecurityOptions {
+    /**
+     * Allowed origins for CORS and DNS rebinding protection.
+     * Default: ["http://localhost", "http://127.0.0.1"] + any port variants.
+     */
+    allowedOrigins?: string[];
+    /**
+     * Allowed host header values.
+     * Default: ["localhost", "127.0.0.1", "[::1]"] + any port variants.
+     */
+    allowedHosts?: string[];
+    /**
+     * Optional bearer token for authentication.
+     * If set, all requests must include `Authorization: Bearer <token>`.
+     * Read from MCP_AUTH_TOKEN env var if not provided.
+     */
+    authToken?: string;
+    /**
+     * Rate limit: max requests per window per IP.
+     * Default: 100 requests per 60 seconds.
+     */
+    rateLimitMax?: number;
+    /**
+     * Rate limit window in milliseconds.
+     * Default: 60_000 (60 seconds).
+     */
+    rateLimitWindowMs?: number;
+    /**
+     * Enable strict origin checking. When true, requests without
+     * a valid Origin header are rejected (except health checks).
+     * Default: true.
+     */
+    strictOriginCheck?: boolean;
+}
+export declare function startRateLimitCleanup(): void;
+export declare function stopRateLimitCleanup(): void;
+export declare function setCorsHeaders(res: ServerResponse, origin: string | undefined, allowedOrigins: string[]): void;
+export declare function handleCorsPreflightIfNeeded(req: IncomingMessage, res: ServerResponse, allowedOrigins: string[]): boolean;
+export interface HttpSecurityContext {
+    allowedOrigins: string[];
+    allowedHosts: string[];
+    authToken: string | undefined;
+    rateLimitMax: number;
+    rateLimitWindowMs: number;
+    strictOriginCheck: boolean;
+}
+export declare function createSecurityContext(options?: HttpSecurityOptions): HttpSecurityContext;
+/**
+ * Validates an incoming HTTP request against security rules.
+ * Returns an error message string if the request should be rejected, or undefined if OK.
+ */
+export declare function validateRequest(req: IncomingMessage, ctx: HttpSecurityContext, skipOriginCheck?: boolean): string | undefined;
+/**
+ * Send a JSON error response.
+ */
+export declare function sendJsonError(res: ServerResponse, statusCode: number, message: string, jsonrpcId?: unknown): void;
+/**
+ * Parse JSON body from an IncomingMessage.
+ * Returns the parsed body, or undefined if parsing fails.
+ */
+export declare function parseJsonBody(req: IncomingMessage): Promise<unknown>;
+//# sourceMappingURL=http-security.d.ts.map

package/dist/http-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-security.d.ts","sourceRoot":"","sources":["../src/http-security.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAOjE,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAE1B;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IAExB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAsED,wBAAgB,qBAAqB,IAAI,IAAI,CAY5C;AAED,wBAAgB,oBAAoB,IAAI,IAAI,CAM3C;AAwCD,wBAAgB,cAAc,CAC5B,GAAG,EAAE,cAAc,EACnB,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,cAAc,EAAE,MAAM,EAAE,GACvB,IAAI,CAYN;AAED,wBAAgB,2BAA2B,CACzC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,cAAc,EAAE,MAAM,EAAE,GACvB,OAAO,CAOT;AAMD,MAAM,WAAW,mBAAmB;IAClC,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,mBAAwB,GAAG,mBAAmB,CAS5F;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,mBAAmB,EACxB,eAAe,UAAQ,GACtB,MAAM,GAAG,SAAS,CAoCpB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,GAAG,EAAE,cAAc,EACnB,UAAU,EAAE,MAAM,EAClB,OAAO,EAAE,MAAM,EACf,SAAS,CAAC,EAAE,OAAO,GAClB,IAAI,CAWN;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CA+BpE"}

package/dist/http.d.ts

@@ -0,0 +1,35 @@
+/**
+ * HTTP transport for AgentLint MCP server.
+ *
+ * Uses Node.js native `http` module with `StreamableHTTPServerTransport`
+ * from the MCP SDK. No express, no extra dependencies.
+ *
+ * Features:
+ * - Stateful session management via Map<sessionId, transport>
+ * - POST/GET/DELETE /mcp → StreamableHTTPServerTransport.handleRequest()
+ * - GET /healthz → liveness probe
+ * - GET /readyz → readiness probe with session count
+ * - Full security middleware integration (CORS, auth, rate limiting, origin/host validation)
+ * - Graceful shutdown (SIGINT/SIGTERM)
+ *
+ * apply_patches is disabled in HTTP mode per great_plan.md §1.3.
+ *
+ * @module
+ */
+import { type Server } from "node:http";
+import { type HttpSecurityOptions } from "./http-security.js";
+export interface HttpServerOptions {
+    /** TCP port. Default: 3001 or MCP_HTTP_PORT env var. */
+    port?: number;
+    /** Hostname to bind. Default: "127.0.0.1" (loopback only for safety). */
+    hostname?: string;
+    /** Security options forwarded to createSecurityContext(). */
+    security?: HttpSecurityOptions;
+}
+/**
+ * Creates and starts the AgentLint MCP HTTP server.
+ *
+ * Returns the Node.js `http.Server` instance for programmatic control.
+ */
+export declare function runHttpServer(options?: HttpServerOptions): Promise<Server>;
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAA2D,KAAK,MAAM,EAAE,MAAM,WAAW,CAAC;AASjG,OAAO,EASL,KAAK,mBAAmB,EACzB,MAAM,oBAAoB,CAAC;AAM5B,MAAM,WAAW,iBAAiB;IAChC,wDAAwD;IACxD,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,yEAAyE;IACzE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,6DAA6D;IAC7D,QAAQ,CAAC,EAAE,mBAAmB,CAAC;CAChC;AA2HD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,MAAM,CAAC,CA8HpF"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { createAgentLintMcpServer, DEFAULT_MCP_SERVER_NAME, type AgentLintTransportMode, type CreateAgentLintMcpServerOptions, } from "./server.js";
+export { runStdioServer } from "./stdio.js";
+export { runHttpServer, type HttpServerOptions } from "./http.js";
+export { createSecurityContext, validateRequest, setCorsHeaders, handleCorsPreflightIfNeeded, sendJsonError, parseJsonBody, startRateLimitCleanup, stopRateLimitCleanup, type HttpSecurityOptions, type HttpSecurityContext, } from "./http-security.js";
+export { registerAgentLintTools, type RegisterAgentLintToolsOptions, } from "./tools/index.js";
+export { registerAgentLintResources } from "./resources/register-resources.js";
+export { registerAgentLintPrompts } from "./prompts/register-prompts.js";
+export { applyMessageSizeGuard, withToolTimeout, getToolTimeout, ToolTimeoutError, TOOL_TIMEOUTS, MAX_JSONRPC_MESSAGE_BYTES, DEFAULT_TOOL_TIMEOUT_MS, } from "./transport-security.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,+BAA+B,GACrC,MAAM,aAAa,CAAC;AAErB,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,KAAK,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAElE,OAAO,EACL,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,2BAA2B,EAC3B,aAAa,EACb,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,sBAAsB,EACtB,KAAK,6BAA6B,GACnC,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAC/E,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EACL,qBAAqB,EACrB,eAAe,EACf,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC"}

package/dist/index.js

@@ -22,7 +22,7 @@ import {
   stopRateLimitCleanup,
   validateRequest,
   withToolTimeout
-} from "./chunk-MNSQOOMH.js";
+} from "./chunk-ZYDIOQXE.js";
 export {
   DEFAULT_MCP_SERVER_NAME,
   DEFAULT_TOOL_TIMEOUT_MS,

package/dist/logger.d.ts

@@ -0,0 +1,4 @@
+type McpLogLevel = "info" | "warn" | "error";
+export declare function logMcp(level: McpLogLevel, event: string, fields?: Record<string, unknown>): void;
+export {};
+//# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA,KAAK,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE7C,wBAAgB,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GAAG,IAAI,CASpG"}

package/dist/prompts/register-prompts.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerAgentLintPrompts(_server: McpServer): void;
+//# sourceMappingURL=register-prompts.d.ts.map

package/dist/prompts/register-prompts.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-prompts.d.ts","sourceRoot":"","sources":["../../src/prompts/register-prompts.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,SAAS,GAAG,IAAI,CAGjE"}

package/dist/resources/register-resources.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerAgentLintResources(server: McpServer): void;
+//# sourceMappingURL=register-resources.d.ts.map

package/dist/resources/register-resources.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-resources.d.ts","sourceRoot":"","sources":["../../src/resources/register-resources.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAoB,MAAM,yCAAyC,CAAC;AAkCtF,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAyGlE"}

package/dist/server.d.ts

@@ -0,0 +1,12 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare const DEFAULT_MCP_SERVER_NAME = "agentlint";
+export type AgentLintTransportMode = "stdio" | "http";
+export type CreateAgentLintMcpServerOptions = {
+    name?: string;
+    version?: string;
+    instructions?: string;
+    transportMode?: AgentLintTransportMode;
+    enableWorkspaceScan?: boolean;
+};
+export declare function createAgentLintMcpServer(options?: CreateAgentLintMcpServerOptions): McpServer;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAMpE,eAAO,MAAM,uBAAuB,cAAc,CAAC;AAanD,MAAM,MAAM,sBAAsB,GAAG,OAAO,GAAG,MAAM,CAAC;AAEtD,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,sBAAsB,CAAC;IACvC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B,CAAC;AAkCF,wBAAgB,wBAAwB,CACtC,OAAO,GAAE,+BAAoC,GAC5C,SAAS,CA4BX"}

package/dist/stdio.d.ts

@@ -0,0 +1,2 @@
+export declare function runStdioServer(): Promise<void>;
+//# sourceMappingURL=stdio.d.ts.map

package/dist/stdio.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio.d.ts","sourceRoot":"","sources":["../src/stdio.ts"],"names":[],"mappings":"AAKA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CA0BpD"}

package/dist/tools/emit-maintenance-snippet.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerEmitMaintenanceSnippetTool(server: McpServer): void;
+//# sourceMappingURL=emit-maintenance-snippet.d.ts.map

package/dist/tools/emit-maintenance-snippet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"emit-maintenance-snippet.d.ts","sourceRoot":"","sources":["../../src/tools/emit-maintenance-snippet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAQzE,wBAAgB,kCAAkC,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA4B1E"}

package/dist/tools/get-guidelines.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerGetGuidelinesTool(server: McpServer): void;
+//# sourceMappingURL=get-guidelines.d.ts.map

package/dist/tools/get-guidelines.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-guidelines.d.ts","sourceRoot":"","sources":["../../src/tools/get-guidelines.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAQzE,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA0BjE"}

package/dist/tools/index.d.ts

@@ -0,0 +1,6 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export type RegisterAgentLintToolsOptions = {
+    enableWorkspaceScan: boolean;
+};
+export declare function registerAgentLintTools(server: McpServer, options: RegisterAgentLintToolsOptions): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/tools/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/tools/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAOzE,MAAM,MAAM,6BAA6B,GAAG;IAC1C,mBAAmB,EAAE,OAAO,CAAC;CAC9B,CAAC;AAEF,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,6BAA6B,GACrC,IAAI,CAKN"}

package/dist/tools/plan-workspace-autofix.d.ts

@@ -0,0 +1,6 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export type RegisterPlanWorkspaceAutofixToolOptions = {
+    enabled: boolean;
+};
+export declare function registerPlanWorkspaceAutofixTool(server: McpServer, options: RegisterPlanWorkspaceAutofixToolOptions): void;
+//# sourceMappingURL=plan-workspace-autofix.d.ts.map

package/dist/tools/plan-workspace-autofix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plan-workspace-autofix.d.ts","sourceRoot":"","sources":["../../src/tools/plan-workspace-autofix.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAQzE,MAAM,MAAM,uCAAuC,GAAG;IACpD,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,wBAAgB,gCAAgC,CAC9C,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,uCAAuC,GAC/C,IAAI,CAgCN"}

package/dist/tools/quick-check.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerQuickCheckTool(server: McpServer): void;
+//# sourceMappingURL=quick-check.d.ts.map

package/dist/tools/quick-check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quick-check.d.ts","sourceRoot":"","sources":["../../src/tools/quick-check.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAQzE,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA2B9D"}

package/dist/tools/schema-compat.d.ts

@@ -0,0 +1,13 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+type ToolConfig = Parameters<McpServer["registerTool"]>[1];
+type ToolHandler = Parameters<McpServer["registerTool"]>[2];
+type PromptConfig = Parameters<McpServer["registerPrompt"]>[1];
+type PromptHandler = Parameters<McpServer["registerPrompt"]>[2];
+export type CompatibleInputSchema = NonNullable<ToolConfig["inputSchema"]>;
+export type CompatiblePromptArgsSchema = NonNullable<PromptConfig["argsSchema"]>;
+export declare function asInputSchema<T>(schema: T): CompatibleInputSchema;
+export declare function asToolHandler<T>(handler: T): ToolHandler;
+export declare function asPromptArgsSchema<T>(schema: T): CompatiblePromptArgsSchema;
+export declare function asPromptHandler<T>(handler: T): PromptHandler;
+export {};
+//# sourceMappingURL=schema-compat.d.ts.map

package/dist/tools/schema-compat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-compat.d.ts","sourceRoot":"","sources":["../../src/tools/schema-compat.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,KAAK,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3D,KAAK,WAAW,GAAG,UAAU,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAE5D,KAAK,YAAY,GAAG,UAAU,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC/D,KAAK,aAAa,GAAG,UAAU,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAEhE,MAAM,MAAM,qBAAqB,GAAG,WAAW,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;AAC3E,MAAM,MAAM,0BAA0B,GAAG,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;AAEjF,wBAAgB,aAAa,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,qBAAqB,CAEjE;AAED,wBAAgB,aAAa,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,WAAW,CAExD;AAED,wBAAgB,kBAAkB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,0BAA0B,CAE3E;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,GAAG,aAAa,CAE5D"}

package/dist/tools/tool-result.d.ts

@@ -0,0 +1,4 @@
+import type { CallToolResult } from "@modelcontextprotocol/sdk/types.js";
+export declare function toMarkdownResult(markdown: string): CallToolResult;
+export declare function toErrorResult(message: string): CallToolResult;
+//# sourceMappingURL=tool-result.d.ts.map

package/dist/tools/tool-result.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-result.d.ts","sourceRoot":"","sources":["../../src/tools/tool-result.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AAEzE,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,CASjE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,CAU7D"}

package/dist/transport-security.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Transport security utilities for MCP server.
+ *
+ * - Message size limiting for JSON-RPC transport
+ * - Tool execution timeout wrapper
+ *
+ * @module
+ */
+import type { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
+/**
+ * Maximum allowed JSON-RPC message size in bytes (10 MB).
+ * Prevents memory exhaustion from oversized payloads.
+ */
+export declare const MAX_JSONRPC_MESSAGE_BYTES: number;
+/**
+ * Per-tool timeout values in milliseconds, from dos_and_donts.md.
+ */
+export declare const TOOL_TIMEOUTS: Record<string, number>;
+/** Default timeout for unknown tools: 30 seconds */
+export declare const DEFAULT_TOOL_TIMEOUT_MS = 30000;
+/**
+ * Wraps a Transport's `onmessage` callback so that oversized messages are
+ * rejected before reaching the MCP server's handler. The message is serialized
+ * to JSON to compute its byte length — the same representation that travels
+ * over stdio.
+ *
+ * Non-destructive: the original transport is returned (mutated in-place for
+ * the `onmessage` wrapper). All other methods are untouched.
+ */
+export declare function applyMessageSizeGuard<T extends Transport>(transport: T, maxBytes?: number): T;
+/**
+ * Error subclass for tool execution timeouts.
+ */
+export declare class ToolTimeoutError extends Error {
+    readonly toolName: string;
+    readonly timeoutMs: number;
+    constructor(toolName: string, timeoutMs: number);
+}
+/**
+ * Returns the configured timeout for a given tool name.
+ */
+export declare function getToolTimeout(toolName: string): number;
+/**
+ * Wraps an async function with a timeout. If the function does not resolve
+ * within `timeoutMs`, a `ToolTimeoutError` is thrown.
+ *
+ * Uses `AbortSignal.timeout()` where available (Node 18+), with a
+ * `setTimeout` fallback.
+ */
+export declare function withToolTimeout<T>(toolName: string, fn: () => Promise<T>, timeoutMs?: number): Promise<T>;
+//# sourceMappingURL=transport-security.d.ts.map

package/dist/transport-security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-security.d.ts","sourceRoot":"","sources":["../src/transport-security.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,+CAA+C,CAAC;AAQ/E;;;GAGG;AACH,eAAO,MAAM,yBAAyB,QAAmB,CAAC;AAE1D;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAUhD,CAAC;AAEF,oDAAoD;AACpD,eAAO,MAAM,uBAAuB,QAAS,CAAC;AAM9C;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,SAAS,SAAS,EACvD,SAAS,EAAE,CAAC,EACZ,QAAQ,GAAE,MAAkC,GAC3C,CAAC,CAwCH;AAMD;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,SAAgB,QAAQ,EAAE,MAAM,CAAC;IACjC,SAAgB,SAAS,EAAE,MAAM,CAAC;gBAEtB,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;CAMhD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CAAC,CAAC,EACrC,QAAQ,EAAE,MAAM,EAChB,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,CAAC,CAAC,CA+BZ"}

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@agent-lint/mcp",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "type": "module",
   "license": "MIT",
-  "description": "MCP server for AI agent context artifact orchestration. Provides guidelines, action plans, and maintenance rules for AGENTS.md, skills, rules, workflows, and plans. No LLM, no database.",
+  "description": "MCP server for AI agent context artifact orchestration. Guidelines, workspace scanning, and maintenance rules for AGENTS.md, skills, rules, workflows, and plans. No LLM, no database.",
   "author": "Agent Lint Contributors",
   "repository": {
     "type": "git",
@@ -41,9 +41,12 @@
   "engines": {
     "node": ">=18"
   },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
   "scripts": {
     "build": "tsup",
-    "prepublishOnly": "pnpm run build",
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {