@blacksandscyber/mcp-server-bursar 0.5.0

package/dxt/scripts/setup.js

@@ -0,0 +1,520 @@
+#!/usr/bin/env node
+/* eslint-disable no-console */
+/**
+ * Blacksands Bursar MCP — DXT bootstrap entry point (Phase 2)
+ *
+ * This script is the DXT's `server.entry_point`. On each launch it:
+ *
+ *   1. Checks whether a cert bundle already exists in ~/.blacksands/mcp-certs/.
+ *      - If yes, skip straight to step 4 (ordinary launch).
+ *      - If no and a setup_token is configured, redeem it to obtain one.
+ *
+ *   2. Redeems the token by POSTing to {authorizer_url}/v1/mcp/setup-tokens/redeem
+ *      (the shield-api endpoint is exposed through the same Authorizer host
+ *      that the server itself will later talk to, so no extra trust roots).
+ *
+ *   3. Persists cert + key + ca + auth_password to ~/.blacksands/mcp-certs/
+ *      with 0600 permissions on secrets. (Future: keychain via keytar; for
+ *      now, disk-based storage matches the existing admin-issued cert flow.)
+ *
+ *   4. Spawns the real MCP server (server/build/index.js) with all the env
+ *      vars it expects (SHIELD_AUTHORIZER_URL, SHIELD_CLIENT_CERT, etc.),
+ *      forwarding stdio. Exit code is propagated so Claude Desktop sees the
+ *      same shutdown behavior as before.
+ *
+ * Environment inputs (injected by Claude Desktop from user_config):
+ *   SHIELD_AUTHORIZER_URL   required — used for redeem AND by the server
+ *   SHIELD_SETUP_TOKEN      optional — triggers redemption on first launch
+ *   SHIELD_ORG_ID           optional — override the org id from the token
+ *   LOG_LEVEL               optional — forwarded to the server
+ *
+ * The script is written in plain CommonJS with zero external dependencies so
+ * it can run inside the bundled DXT without a separate `npm install` step.
+ */
+
+'use strict';
+
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const https = require('https');
+const http = require('http');
+const { URL } = require('url');
+const { spawn } = require('child_process');
+
+// ──────────────────────────────────────────────────────────────────────────
+// Paths & constants
+// ──────────────────────────────────────────────────────────────────────────
+
+const HOME = os.homedir();
+const CERT_DIR = path.join(HOME, '.blacksands', 'mcp-certs');
+const CLIENT_NAME_FILE = path.join(CERT_DIR, '.client-name');
+const PASSWORD_FILE = path.join(CERT_DIR, '.auth-password');
+const ORG_ID_FILE = path.join(CERT_DIR, '.org-id');
+const ROLE_FILE = path.join(CERT_DIR, '.role');     // 'master' | 'consumer' — read by src/shield/bootRole.ts
+const LAST_TOKEN_FILE = path.join(CERT_DIR, '.last-token-prefix');
+// Where the real MCP server lives. We support two on-disk layouts so this
+// script can be the entry point for both Claude Desktop's DXT bundle AND
+// `npx @blacksandscyber/mcp-server-bursar` (or `claude mcp add shield -- shield-mcp`):
+//
+//   DXT bundle:  <ext>/server/scripts/setup.js
+//                <ext>/server/build/index.js
+//                <ext>/blacksands-ca.crt              ← copied to .dxt root
+//
+//   npm install: <pkg>/dxt/scripts/setup.js
+//                <pkg>/build/index.js                 ← tsc outDir
+//                <pkg>/dxt/blacksands-ca.crt          ← shipped via "files"
+//
+// Source repo (`node dxt/scripts/setup.js` directly) matches the npm layout.
+function resolveByExisting(/* ...candidates */) {
+  for (let i = 0; i < arguments.length; i++) {
+    if (fs.existsSync(arguments[i])) return arguments[i];
+  }
+  // None found — return the first candidate so diagnostics can show the
+  // expected DXT-layout path. die() will report the file as missing later.
+  return arguments[0];
+}
+const SERVER_ENTRY = resolveByExisting(
+  path.resolve(__dirname, '..', 'build', 'index.js'),       // DXT bundle
+  path.resolve(__dirname, '..', '..', 'build', 'index.js'), // npm install / source repo
+);
+// Bundled Blacksands CA chain (Intermediate + Root). Shipped so the MCP
+// server can verify the Authorizer's private-CA TLS cert on every install —
+// even if the redeem response omitted ca_pem.
+const BUNDLED_CA = resolveByExisting(
+  path.resolve(__dirname, '..', '..', 'blacksands-ca.crt'), // DXT bundle (copied to root)
+  path.resolve(__dirname, '..', 'blacksands-ca.crt'),       // npm install / source repo
+);
+
+// OS keystore module (compiled from src/shield/install/keystore.ts). Optional:
+// older builds may not have it, and it's gated behind BS_MCP_KEYSTORE anyway —
+// so a load failure is non-fatal and we silently keep the disk-only path.
+let keystore = null;
+try {
+  const ksPath = resolveByExisting(
+    path.resolve(__dirname, '..', 'build', 'shield', 'install', 'keystore.js'),       // DXT bundle
+    path.resolve(__dirname, '..', '..', 'build', 'shield', 'install', 'keystore.js'), // npm / source
+  );
+  if (fs.existsSync(ksPath)) keystore = require(ksPath);
+} catch { keystore = null; }
+
+const TOKEN_PREFIX = 'bss_';
+const CN_CLIENT_NAME_RE = /^([^.]+)\.mcp\./;
+
+// ──────────────────────────────────────────────────────────────────────────
+// Logging — everything goes to stderr so we never corrupt the MCP stdio
+// stream once the child server takes over.
+// ──────────────────────────────────────────────────────────────────────────
+
+function log(msg, extra) {
+  const prefix = '[shield-mcp-setup]';
+  if (extra !== undefined) {
+    process.stderr.write(`${prefix} ${msg} ${JSON.stringify(extra)}\n`);
+  } else {
+    process.stderr.write(`${prefix} ${msg}\n`);
+  }
+}
+
+function die(msg, extra) {
+  log(`FATAL: ${msg}`, extra);
+  process.exit(1);
+}
+
+// ──────────────────────────────────────────────────────────────────────────
+// HTTP helper (native https/http only; no dependencies)
+// ──────────────────────────────────────────────────────────────────────────
+
+function postJson(urlString, body, timeoutMs = 30_000) {
+  return new Promise((resolve, reject) => {
+    let url;
+    try {
+      url = new URL(urlString);
+    } catch (e) {
+      return reject(new Error(`Invalid URL: ${urlString}`));
+    }
+    const lib = url.protocol === 'http:' ? http : https;
+    const payload = Buffer.from(JSON.stringify(body), 'utf8');
+
+    const req = lib.request(
+      {
+        method: 'POST',
+        hostname: url.hostname,
+        port: url.port || (url.protocol === 'http:' ? 80 : 443),
+        path: url.pathname + (url.search || ''),
+        headers: {
+          'Content-Type': 'application/json',
+          'Content-Length': String(payload.length),
+          'User-Agent': 'blacksands-shield-dxt-setup/0.2',
+          Accept: 'application/json',
+        },
+        timeout: timeoutMs,
+      },
+      (res) => {
+        const chunks = [];
+        res.on('data', (c) => chunks.push(c));
+        res.on('end', () => {
+          const raw = Buffer.concat(chunks).toString('utf8');
+          let json = null;
+          try { json = raw ? JSON.parse(raw) : null; } catch { /* non-JSON */ }
+          resolve({ status: res.statusCode, body: json, raw });
+        });
+      }
+    );
+    req.on('timeout', () => req.destroy(new Error(`Request timed out after ${timeoutMs}ms`)));
+    req.on('error', reject);
+    req.write(payload);
+    req.end();
+  });
+}
+
+// ──────────────────────────────────────────────────────────────────────────
+// Filesystem helpers
+// ──────────────────────────────────────────────────────────────────────────
+
+function ensureCertDir() {
+  if (!fs.existsSync(CERT_DIR)) {
+    fs.mkdirSync(CERT_DIR, { recursive: true, mode: 0o700 });
+    log(`Created cert directory: ${CERT_DIR}`);
+  } else {
+    try { fs.chmodSync(CERT_DIR, 0o700); } catch { /* non-fatal */ }
+  }
+
+  // Seed the Blacksands CA chain if not already present. The Authorizer's TLS
+  // certificate is signed by a private Blacksands CA (not a public CA), so
+  // Node.js needs this chain to verify the TLS handshake. We bundle the chain
+  // in the DXT so it's always available — even when the redeem response omits
+  // ca_pem (e.g. older Shield API versions).
+  const destCa = path.join(CERT_DIR, 'blacksands-ca.crt');
+  if (!fs.existsSync(destCa) && fs.existsSync(BUNDLED_CA)) {
+    try {
+      fs.copyFileSync(BUNDLED_CA, destCa);
+      fs.chmodSync(destCa, 0o644);
+      log(`Seeded CA chain from bundle: ${destCa}`);
+    } catch (e) {
+      log(`Warning: could not seed bundled CA cert: ${e.message}`);
+    }
+  }
+}
+
+function writeSecret(filePath, contents) {
+  fs.writeFileSync(filePath, contents, { mode: 0o600 });
+  try { fs.chmodSync(filePath, 0o600); } catch { /* non-fatal */ }
+}
+
+function writePublic(filePath, contents) {
+  fs.writeFileSync(filePath, contents, { mode: 0o644 });
+}
+
+function readIfExists(filePath) {
+  try { return fs.readFileSync(filePath, 'utf8'); } catch { return null; }
+}
+
+// ──────────────────────────────────────────────────────────────────────────
+// Redeem flow
+// ──────────────────────────────────────────────────────────────────────────
+
+async function redeemToken(setupUrl, token) {
+  // Bootstrap is an onboarding concern — POST to the onboarding-backend's
+  // public edge, not the Authorizer. Authorizer does auth; Receiver does
+  // proxy; onboarding-backend handles bootstrap. See
+  // overview/onboarding-api/routes/mcpInstallRoutes.js.
+  const url = `${setupUrl.replace(/\/$/, '')}/api/onboarding/mcp-install/redeem`;
+  log(`Redeeming setup token at ${url}`);
+  const { status, body, raw } = await postJson(url, { token });
+  if (status === 200 || status === 201) {
+    if (!body || body.success !== true) {
+      throw new Error(`Redeem response not recognized (status ${status}): ${raw.slice(0, 200)}`);
+    }
+    return body;
+  }
+  const reason = body?.reason ? ` (${body.reason})` : '';
+  const msg = body?.message || raw || `HTTP ${status}`;
+  throw new Error(`Token redemption failed${reason}: ${msg}`);
+}
+
+function clientNameFromCn(cn) {
+  // CN format: "{clientName}.mcp.{domain}"
+  if (!cn) return 'mcp-client';
+  const m = cn.match(CN_CLIENT_NAME_RE);
+  return m ? m[1] : 'mcp-client';
+}
+
+async function bootstrap({ setupUrl, token, orgIdOverride }) {
+  ensureCertDir();
+
+  const result = await redeemToken(setupUrl, token);
+  const clientName = clientNameFromCn(result.cn);
+  const orgId = orgIdOverride || result.org_id || result.orgId;
+  if (!result.cert_pem || !result.key_pem) {
+    throw new Error('Redeem response missing cert_pem or key_pem');
+  }
+  if (!result.auth_password) {
+    throw new Error('Redeem response missing auth_password');
+  }
+
+  const certPath = path.join(CERT_DIR, `${clientName}.crt`);
+  const keyPath = path.join(CERT_DIR, `${clientName}.key`);
+  const caPath = path.join(CERT_DIR, 'blacksands-ca.crt');
+
+  writePublic(certPath, result.cert_pem);
+  writeSecret(keyPath, result.key_pem);
+  if (result.ca_pem) writePublic(caPath, result.ca_pem);
+
+  writeSecret(PASSWORD_FILE, result.auth_password);
+  writeSecret(CLIENT_NAME_FILE, clientName);
+  if (orgId) writeSecret(ORG_ID_FILE, orgId);
+  // Persist the role returned by the redeem response so the MCP server's
+  // src/shield/bootRole.ts can filter tool registration on next launch
+  // without an awaited /v1/mcp/identity call. Tolerate missing role
+  // (legacy server response) — the bootRole resolver falls through to
+  // the mode-default.
+  if (result.role === 'master' || result.role === 'consumer') {
+    writeSecret(ROLE_FILE, result.role);
+  }
+
+  // F4.11: when opted in (BS_MCP_KEYSTORE=auto|on) and a backend is available,
+  // also store the private key + auth password in the OS keystore. Disk copies
+  // are retained as a fallback (no lockout); launchServer prefers the keystore
+  // copies when present. Best-effort — never blocks the install.
+  if (keystore && keystore.isKeystoreAvailable()) {
+    try {
+      const okKey = keystore.storeSecret(keystore.secretAccount(clientName, 'key'), result.key_pem);
+      const okPw = keystore.storeSecret(keystore.secretAccount(clientName, 'password'), result.auth_password);
+      log('Stored MCP secrets in OS keystore', { backend: keystore.detectBackend(), key: okKey, password: okPw });
+    } catch (e) {
+      log(`Warning: OS keystore store failed (keeping disk copies): ${e.message}`);
+    }
+  }
+
+  log('Bootstrap complete', {
+    clientName,
+    orgId,
+    role: result.role || '(not provided by server; will default to master)',
+    cn: result.cn,
+    certPath,
+    keyPath,
+    caPath: result.ca_pem ? caPath : null,
+    expires: result.expires || null,
+  });
+
+  return {
+    clientName,
+    orgId,
+    certPath,
+    keyPath,
+    caPath: result.ca_pem ? caPath : null,
+    authPassword: result.auth_password,
+  };
+}
+
+// ──────────────────────────────────────────────────────────────────────────
+// Resolve existing bundle on disk (for subsequent launches)
+// ──────────────────────────────────────────────────────────────────────────
+
+function findExistingBundle() {
+  if (!fs.existsSync(CERT_DIR)) return null;
+
+  const clientName = readIfExists(CLIENT_NAME_FILE);
+  if (!clientName) return null;
+
+  const certPath = path.join(CERT_DIR, `${clientName.trim()}.crt`);
+  const keyPath = path.join(CERT_DIR, `${clientName.trim()}.key`);
+  const caPath = path.join(CERT_DIR, 'blacksands-ca.crt');
+
+  if (!fs.existsSync(certPath) || !fs.existsSync(keyPath)) return null;
+
+  const authPassword = readIfExists(PASSWORD_FILE);
+  if (!authPassword) return null;
+
+  const orgId = readIfExists(ORG_ID_FILE);
+
+  return {
+    clientName: clientName.trim(),
+    orgId: orgId ? orgId.trim() : null,
+    certPath,
+    keyPath,
+    caPath: fs.existsSync(caPath) ? caPath : null,
+    authPassword: authPassword.trim(),
+  };
+}
+
+// ──────────────────────────────────────────────────────────────────────────
+// Launch the real MCP server
+// ──────────────────────────────────────────────────────────────────────────
+
+function launchServer(bundle, authorizerUrl) {
+  // Set env vars before requiring the server module — the server reads these
+  // at load time via config.ts / loadConfig().
+  process.env.SHIELD_AUTHORIZER_URL = authorizerUrl;
+  process.env.SHIELD_SERVICE_ID     = process.env.SHIELD_SERVICE_ID || 'shield-api';
+  // Only set credential vars when we have a real bundle (not in local-only mode)
+  if (bundle.certPath)    process.env.SHIELD_CLIENT_CERT   = bundle.certPath;
+  if (bundle.keyPath)     process.env.SHIELD_CLIENT_KEY    = bundle.keyPath;
+  if (bundle.authPassword) process.env.SHIELD_AUTH_PASSWORD = bundle.authPassword;
+
+  // F4.11: prefer keystore-held secrets over the disk copies when available.
+  // The private key is passed inline (SHIELD_CLIENT_KEY_PEM) so config.ts uses
+  // it directly without a disk read; the password replaces the disk value.
+  // Best-effort: on any miss we silently keep the disk-sourced values above.
+  if (keystore && bundle.clientName && keystore.isKeystoreAvailable()) {
+    try {
+      const keyPem = keystore.retrieveSecret(keystore.secretAccount(bundle.clientName, 'key'));
+      if (keyPem) process.env.SHIELD_CLIENT_KEY_PEM = keyPem;
+      const pw = keystore.retrieveSecret(keystore.secretAccount(bundle.clientName, 'password'));
+      if (pw) process.env.SHIELD_AUTH_PASSWORD = pw;
+      if (keyPem || pw) log('Loaded MCP secrets from OS keystore', { key: !!keyPem, password: !!pw });
+    } catch (e) {
+      log(`Warning: OS keystore read failed (using disk copies): ${e.message}`);
+    }
+  }
+  process.env.SHIELD_ORG_ID = process.env.SHIELD_ORG_ID || bundle.orgId || '';
+  if (bundle.caPath) process.env.SHIELD_CA_CERT = bundle.caPath;
+  if (!process.env.LOG_LEVEL) process.env.LOG_LEVEL = 'info';
+
+  // Never expose the setup token to the MCP server
+  delete process.env.SHIELD_SETUP_TOKEN;
+
+  if (!fs.existsSync(SERVER_ENTRY)) {
+    die(
+      'Blacksands Bursar appears to be incomplete — some files are missing from the extension. ' +
+      'Try uninstalling and reinstalling the extension from https://shield.blacksandscyber.online/download.'
+    );
+  }
+
+  log(`Starting MCP server in-process: ${SERVER_ENTRY}`, {
+    orgId:      process.env.SHIELD_ORG_ID,
+    authorizer: process.env.SHIELD_AUTHORIZER_URL,
+  });
+
+  // Run the MCP server in the SAME process rather than spawning a child.
+  //
+  // Why: Claude Desktop's built-in Node.js runner manages a single process
+  // via its stdio pipe. When setup.js calls spawn() with stdio:'inherit', the
+  // child correctly inherits the stdio fds, but Claude Desktop appears to
+  // monitor the PARENT process specifically. When the parent (setup.js) stays
+  // alive but silent while the child handles the MCP protocol, Claude Desktop
+  // either kills the parent or sees an idle process and closes the connection.
+  //
+  // The in-process approach is simpler: we set the env vars that the server
+  // reads at startup, then require() the compiled entry point directly. The
+  // server's stdio transport binds to process.stdin/stdout which ARE the pipe
+  // Claude Desktop is monitoring. No child process, no relay, no race.
+  require(SERVER_ENTRY);
+}
+
+// ──────────────────────────────────────────────────────────────────────────
+// Main
+// ──────────────────────────────────────────────────────────────────────────
+
+function bundleFromEnv() {
+  // Phase 1 mode: all three of cert path, key path, and auth password are
+  // supplied directly via user_config. No bootstrap needed — just forward.
+  const certPath = process.env.SHIELD_CLIENT_CERT;
+  const keyPath = process.env.SHIELD_CLIENT_KEY;
+  const authPassword = process.env.SHIELD_AUTH_PASSWORD;
+  if (!certPath || !keyPath || !authPassword) return null;
+  if (!fs.existsSync(certPath) || !fs.existsSync(keyPath)) return null;
+  return {
+    clientName: 'env-provided',
+    orgId: process.env.SHIELD_ORG_ID || null,
+    certPath,
+    keyPath,
+    caPath: process.env.SHIELD_CA_CERT && fs.existsSync(process.env.SHIELD_CA_CERT)
+      ? process.env.SHIELD_CA_CERT
+      : null,
+    authPassword,
+  };
+}
+
+// Default URLs baked in so the npm/`shield-mcp` CLI works with zero config —
+// `claude mcp add shield -- shield-mcp` just works in local-only mode without
+// the user having to set SHIELD_AUTHORIZER_URL. Claude Desktop's user_config
+// always overrides these via env.
+const DEFAULT_AUTHORIZER_URL = 'https://mauth-beta.blacksandscyber.online';
+const DEFAULT_SETUP_URL      = 'https://onboard.beta.blacksandscyber.online';
+
+async function main() {
+  // Authorizer URL: only required for token redemption + broker handshake.
+  // For local-only mode (no token, no cert bundle) the URL is unused, but
+  // we still need a sensible default so downstream code can read it without
+  // a null check. Fall back to the bundled default rather than failing hard.
+  const authorizerUrl = process.env.SHIELD_AUTHORIZER_URL || DEFAULT_AUTHORIZER_URL;
+
+  // Bootstrap hits the onboarding edge, NOT the Authorizer (separation of
+  // powers: Authorizer auths, Receiver proxies, onboarding bootstraps).
+  // Fall back to SHIELD_AUTHORIZER_URL if SHIELD_SETUP_URL isn't set so
+  // pre-v0.3.2 manifests that conflated the two URLs still attempt redeem —
+  // it just won't succeed against a pure Authorizer. New installs get the
+  // correct default from manifest-v2.json.
+  const setupUrl = (process.env.SHIELD_SETUP_URL || DEFAULT_SETUP_URL).replace(/\/$/, '');
+
+  const setupToken = (process.env.SHIELD_SETUP_TOKEN || '').trim();
+
+  // Phase 1: direct cert paths from user_config take the fast path.
+  const envBundle = bundleFromEnv();
+  if (envBundle && !setupToken) {
+    log('Using directly-provided cert bundle from user_config (Phase 1 mode)');
+    return launchServer(envBundle, authorizerUrl);
+  }
+
+  // Phase 2: token-based bootstrap
+  let bundle = findExistingBundle();
+
+  // IMPORTANT: we only bootstrap (network call to redeem the token) when there
+  // is NO existing cert bundle on disk. If a bundle already exists we launch
+  // immediately — no network call, no race with Claude Desktop's stdio timeout.
+  //
+  // Why: Claude Desktop has a ~4-8 second window for the MCP server to respond
+  // to the initialize message. A token-redemption round-trip can easily exceed
+  // that window (cert issuance takes 2-6+ s), causing Claude Desktop to close
+  // the stdio pipe before the child server ever starts. The child then reads EOF
+  // and exits silently — showing "Server disconnected" with no stderr output.
+  //
+  // Cert rotation workflow: if you need to rotate credentials, delete
+  // ~/.blacksands/mcp-certs/ (or run preflight.sh --clean) and restart Claude
+  // Desktop. On the next launch the bundle will be absent and bootstrap will run
+  // as a one-time first-install operation.
+  const shouldBootstrap = !bundle && setupToken && setupToken.startsWith(TOKEN_PREFIX);
+
+  if (!bundle && !setupToken) {
+    // No credentials — start in local-only mode so the 9 [FREE] tools work
+    // immediately (codebase scans + the deployment guide). Shield API tools
+    // will return a friendly message directing the user to create an account.
+    log('No Blacksands Bursar credentials found — starting in local-only mode.');
+    log('11 [FREE] tools work without an account: shield_scan_codebase, shield_flag_pii_candidates,');
+    log('shield_get_protection_requirements, shield_guide_deployment, etc.');
+    log('To unlock full Shield protection, visit https://shield.blacksandscyber.online');
+    process.env.MCP_TRANSPORT = 'local-only';
+    launchServer({ certPath: null, keyPath: null, caPath: null, authPassword: '', orgId: '' }, authorizerUrl);
+    return;
+  }
+
+  if (shouldBootstrap) {
+    try {
+      bundle = await bootstrap({
+        setupUrl,
+        token: setupToken,
+        orgIdOverride: process.env.SHIELD_ORG_ID || null,
+      });
+      writeSecret(LAST_TOKEN_FILE, setupToken.slice(0, 12));
+    } catch (err) {
+      die(
+        `Your setup link didn't work — it may have expired (links are valid for a limited time) ` +
+        `or already been used (each link is single-use). ` +
+        `Ask your administrator for a fresh one, or sign up at https://shield.blacksandscyber.online. ` +
+        `(Technical detail: ${err.message})`
+      );
+    }
+  }
+
+  if (!bundle) {
+    die(
+      'Blacksands Bursar could not set up your credentials. ' +
+      'Please try again, or contact support at https://shield.blacksandscyber.online/support.'
+    );
+  }
+
+  launchServer(bundle, authorizerUrl);
+}
+
+main().catch((err) => die(err.message || String(err)));

package/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "@blacksandscyber/mcp-server-bursar",
+  "version": "0.5.0",
+  "description": "Blacksands Bursar MCP Server — zero-trust security operations for AI agents. Installable in Claude Code (`claude mcp add shield -- shield-mcp`) and Claude Desktop (drag-and-drop .dxt).",
+  "main": "build/index.js",
+  "bin": {
+    "shield-mcp": "dxt/scripts/setup.js",
+    "blacksands-shield-mcp": "dxt/scripts/setup.js",
+    "blacksands-shield-mcp-http": "build/http-transport.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "build:dxt": "bash scripts/build-dxt.sh",
+    "start": "node build/index.js",
+    "start:http": "node build/http-transport.js",
+    "dev": "tsc --watch",
+    "test": "jest --forceExit --detectOpenHandles",
+    "lint": "tsc --noEmit",
+    "prepublishOnly": "tsc"
+  },
+  "keywords": [
+    "mcp",
+    "blacksands",
+    "shield",
+    "zero-trust",
+    "security",
+    "ai-agent",
+    "claude",
+    "broker",
+    "mtls"
+  ],
+  "author": "Blacksands Cyber, Inc.",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "@aws-sdk/client-ssm": "^3.1032.0",
+    "@modelcontextprotocol/sdk": "^1.8.0",
+    "axios": "^1.7.0",
+    "glob": "^10.3.0",
+    "js-yaml": "^4.1.1",
+    "ssh2": "^1.17.0"
+  },
+  "devDependencies": {
+    "@types/adm-zip": "^0.5.8",
+    "@types/jest": "^29.5.0",
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.0.0",
+    "@types/ssh2": "^1.15.5",
+    "adm-zip": "^0.5.17",
+    "ajv": "^8.20.0",
+    "ajv-formats": "^3.0.1",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.0",
+    "typescript": "^5.3.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "build/*.js",
+    "build/*.d.ts",
+    "build/shared/**/*.js",
+    "build/shared/**/*.d.ts",
+    "build/shield/**/*.js",
+    "build/shield/**/*.d.ts",
+    "dxt/scripts/setup.js",
+    "dxt/blacksands-ca.crt",
+    "README.md",
+    "LICENSE",
+    "!build/dxt-stage/**",
+    "!**/*.tgz",
+    "!**/*.dxt"
+  ]
+}