@boldsec/mcp 0.1.0

package/README.md

@@ -0,0 +1,50 @@
+# @boldsec/mcp
+
+The **BoLD MCP server** — connect, wire, and verify [BoLD](https://boldsec.io) live BOLA/IDOR
+monitoring from your AI editor (Claude Desktop, Cursor, Codex). Your editor's AI assistant reads your
+repo and wires BoLD for you; you review every change.
+
+- **Metadata only.** BoLD receives only request metadata, never your code or your users' data. This
+  server reads nothing and uploads nothing; it just talks to the BoLD API on your behalf.
+- **Never reaches a verdict.** The MCP only connects / lists / shows coverage / explains wiring. BoLD's
+  engine owns every verdict; no tool here decides "vulnerable" or "safe".
+- **You stay in control.** The assistant proposes diffs; you approve them. Nothing is committed for you.
+
+## Setup
+
+1. In BoLD, under **Settings**, mint a **personal access token** (starts with `blt_`).
+2. Add the server to your editor's MCP config. For Claude Desktop (`claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "bold": {
+      "command": "npx",
+      "args": ["-y", "@boldsec/mcp"],
+      "env": { "BOLD_TOKEN": "blt_your_token_here" }
+    }
+  }
+}
+```
+
+`BOLD_API_URL` is optional (defaults to `https://api.boldsec.io`). The token is a secret: it is sent
+only in the Authorization header and is never logged or echoed.
+
+## Tools
+
+- **bold_connect_app(name, base_url)** — connect an app; returns the two env vars to set (the ingest
+  key is a secret shown once).
+- **bold_list_monitors()** — your connected apps and whether each is watching or waiting.
+- **bold_coverage(monitor_id)** — the routes BoLD has actually seen traffic on. Reports only observed
+  routes; never implies coverage of an unwired route (not an all-clear).
+- **bold_wiring_guide(stack?)** — step-by-step wiring instructions for the current repo, including how
+  to write `resolveCallerId` for your auth, and the rule to leave the `TODO` if unsure.
+
+## What a session looks like
+
+> "Connect this app to BoLD and wire it up."
+
+The assistant calls `bold_connect_app`, then `bold_wiring_guide`, then wraps your routes with
+`@boldsec/next`, writes `resolveCallerId` from your repo's auth (or leaves the `TODO` and asks you if
+it cannot tell), sets the env vars, and finally calls `bold_coverage` so you can watch the routes light
+up. You review and approve every diff.

package/dist/client.d.ts

@@ -0,0 +1,64 @@
+/**
+ * The BoLD REST client the MCP tools call. A THIN wrapper over the existing /api/live + /api/tokens
+ * endpoints, authenticated with the user's personal access token (Bearer). No detection logic lives
+ * here; the MCP never reaches a verdict.
+ *
+ * TRUST: the token is a secret. It is sent only in the Authorization header, NEVER logged, NEVER
+ * echoed into a tool result. Errors are turned into a typed, honest BoldApiError (status + message),
+ * never a raw stack trace, and never a fabricated success (a failed call must read as a failure, not
+ * a silent empty "all clear").
+ */
+export declare class BoldApiError extends Error {
+    readonly status: number;
+    constructor(status: number, message: string);
+}
+export interface Monitor {
+    id: string;
+    label: string;
+    base_url: string;
+    active: boolean;
+    events_seen: number;
+    last_event_at: string | null;
+}
+export interface MonitorCreated extends Monitor {
+    ingest_key: string;
+}
+export interface CoverageEndpoint {
+    endpoint: string;
+    hits: number;
+    first_seen_at: string;
+    last_seen_at: string;
+}
+export interface Coverage {
+    monitor_id: string;
+    endpoints: CoverageEndpoint[];
+    endpoints_seen: number;
+    truncated: boolean;
+}
+/** A minimal fetch signature so tests can inject a stub without a network. */
+export type FetchLike = (url: string, init?: {
+    method?: string;
+    headers?: Record<string, string>;
+    body?: string;
+}) => Promise<{
+    status: number;
+    ok: boolean;
+    json: () => Promise<unknown>;
+    text: () => Promise<string>;
+}>;
+export interface BoldClientConfig {
+    apiUrl: string;
+    token: string;
+    fetchImpl?: FetchLike;
+}
+export declare class BoldClient {
+    private readonly apiUrl;
+    private readonly token;
+    private readonly fetchImpl;
+    constructor(cfg: BoldClientConfig);
+    private request;
+    connectApp(name: string, baseUrl: string): Promise<MonitorCreated>;
+    listMonitors(): Promise<Monitor[]>;
+    coverage(monitorId: string): Promise<Coverage>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,qBAAa,YAAa,SAAQ,KAAK;IACrC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBACZ,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK5C;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,WAAW,cAAe,SAAQ,OAAO;IAC7C,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,8EAA8E;AAC9E,MAAM,MAAM,SAAS,GAAG,CACtB,GAAG,EAAE,MAAM,EACX,IAAI,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,KACxE,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IAAC,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;CAAE,CAAC,CAAC;AAEzG,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,SAAS,CAAC;CACvB;AAED,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;gBAE1B,GAAG,EAAE,gBAAgB;YAMnB,OAAO;IAkCrB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAOlE,YAAY,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAIlC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;CAM/C"}

package/dist/client.js

@@ -0,0 +1,74 @@
+/**
+ * The BoLD REST client the MCP tools call. A THIN wrapper over the existing /api/live + /api/tokens
+ * endpoints, authenticated with the user's personal access token (Bearer). No detection logic lives
+ * here; the MCP never reaches a verdict.
+ *
+ * TRUST: the token is a secret. It is sent only in the Authorization header, NEVER logged, NEVER
+ * echoed into a tool result. Errors are turned into a typed, honest BoldApiError (status + message),
+ * never a raw stack trace, and never a fabricated success (a failed call must read as a failure, not
+ * a silent empty "all clear").
+ */
+export class BoldApiError extends Error {
+    status;
+    constructor(status, message) {
+        super(message);
+        this.status = status;
+        this.name = "BoldApiError";
+    }
+}
+export class BoldClient {
+    apiUrl;
+    token;
+    fetchImpl;
+    constructor(cfg) {
+        this.apiUrl = cfg.apiUrl.replace(/\/+$/, "");
+        this.token = cfg.token;
+        this.fetchImpl = cfg.fetchImpl ?? globalThis.fetch;
+    }
+    async request(method, path, body) {
+        let res;
+        try {
+            res = await this.fetchImpl(`${this.apiUrl}${path}`, {
+                method,
+                headers: {
+                    authorization: `Bearer ${this.token}`,
+                    ...(body !== undefined ? { "content-type": "application/json" } : {}),
+                },
+                ...(body !== undefined ? { body: JSON.stringify(body) } : {}),
+            });
+        }
+        catch (e) {
+            // A network/DNS failure is honest, not a verdict: surface it, never pretend success.
+            throw new BoldApiError(0, `Could not reach BoLD at ${this.apiUrl}: ${e.message}`);
+        }
+        if (res.status === 401) {
+            throw new BoldApiError(401, "BoLD rejected the token (invalid or revoked). Mint a new personal access token in BoLD under Settings and update BOLD_TOKEN.");
+        }
+        if (!res.ok) {
+            let detail = `HTTP ${res.status}`;
+            try {
+                const j = (await res.json());
+                if (j?.detail)
+                    detail = j.detail;
+            }
+            catch {
+                // keep the status-only message
+            }
+            throw new BoldApiError(res.status, detail);
+        }
+        return (await res.json());
+    }
+    connectApp(name, baseUrl) {
+        return this.request("POST", "/api/live/monitors", {
+            label: name,
+            base_url: baseUrl,
+        });
+    }
+    listMonitors() {
+        return this.request("GET", "/api/live/monitors");
+    }
+    coverage(monitorId) {
+        return this.request("GET", `/api/live/monitors/${encodeURIComponent(monitorId)}/coverage`);
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,OAAO,YAAa,SAAQ,KAAK;IAC5B,MAAM,CAAS;IACxB,YAAY,MAAc,EAAE,OAAe;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAyCD,MAAM,OAAO,UAAU;IACJ,MAAM,CAAS;IACf,KAAK,CAAS;IACd,SAAS,CAAY;IAEtC,YAAY,GAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,IAAK,UAAU,CAAC,KAA8B,CAAC;IAC/E,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACnE,IAAI,GAAmC,CAAC;QACxC,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE,EAAE;gBAClD,MAAM;gBACN,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;oBACrC,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACtE;gBACD,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,qFAAqF;YACrF,MAAM,IAAI,YAAY,CAAC,CAAC,EAAE,2BAA2B,IAAI,CAAC,MAAM,KAAM,CAAW,CAAC,OAAO,EAAE,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,YAAY,CACpB,GAAG,EACH,8HAA8H,CAC/H,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,MAAM,GAAG,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAwB,CAAC;gBACpD,IAAI,CAAC,EAAE,MAAM;oBAAE,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,+BAA+B;YACjC,CAAC;YACD,MAAM,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAM,CAAC;IACjC,CAAC;IAED,UAAU,CAAC,IAAY,EAAE,OAAe;QACtC,OAAO,IAAI,CAAC,OAAO,CAAiB,MAAM,EAAE,oBAAoB,EAAE;YAChE,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,OAAO;SAClB,CAAC,CAAC;IACL,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,OAAO,CAAY,KAAK,EAAE,oBAAoB,CAAC,CAAC;IAC9D,CAAC;IAED,QAAQ,CAAC,SAAiB;QACxB,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,sBAAsB,kBAAkB,CAAC,SAAS,CAAC,WAAW,CAC/D,CAAC;IACJ,CAAC;CACF"}

package/dist/guide.d.ts

@@ -0,0 +1,12 @@
+/**
+ * The wiring guide text the MCP hands the user's AI agent. PURE TEXT, no code is written here. It
+ * teaches the agent how to wire BoLD into THIS repo (auth detection, owner-field discovery, the exact
+ * resolveCallerId patterns), with the anthem baked in as hard rules. Above all: if the caller-id
+ * namespace can't be confidently determined, LEAVE THE TODO (a wrong resolveCallerId causes a false
+ * verdict, which is worse than none).
+ *
+ * M3 makes this repo-aware and precise enough that the agent can wire a real app end to end, with the
+ * human approving every diff. The MCP never edits the user's files; the agent does, in the editor.
+ */
+export declare function wiringGuide(stack?: string): string;
+//# sourceMappingURL=guide.d.ts.map

package/dist/guide.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guide.d.ts","sourceRoot":"","sources":["../src/guide.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAmBH,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CAkDlD"}

package/dist/guide.js

@@ -0,0 +1,76 @@
+/**
+ * The wiring guide text the MCP hands the user's AI agent. PURE TEXT, no code is written here. It
+ * teaches the agent how to wire BoLD into THIS repo (auth detection, owner-field discovery, the exact
+ * resolveCallerId patterns), with the anthem baked in as hard rules. Above all: if the caller-id
+ * namespace can't be confidently determined, LEAVE THE TODO (a wrong resolveCallerId causes a false
+ * verdict, which is worse than none).
+ *
+ * M3 makes this repo-aware and precise enough that the agent can wire a real app end to end, with the
+ * human approving every diff. The MCP never edits the user's files; the agent does, in the editor.
+ */
+const RESOLVER_PATTERNS = [
+    "  - NextAuth / Auth.js:",
+    "      import { auth } from \"@/auth\";",
+    "      const resolveCallerId = async () => (await auth())?.user?.id ?? null;",
+    "  - Supabase Auth (server):",
+    "      const { data } = await supabase.auth.getUser();",
+    "      const resolveCallerId = async () => data.user?.id ?? null;",
+    "  - JWT in the Authorization header:",
+    "      const resolveCallerId = async (req) => {",
+    "        const t = req.headers.get(\"authorization\")?.replace(\"Bearer \", \"\");",
+    "        return t ? (jwtVerify(t, KEY)).payload.sub ?? null : null;",
+    "      };",
+    "  - Session id in a cookie:",
+    "      const resolveCallerId = async () =>",
+    "        (await lookupUserIdForSession((await cookies()).get(\"session\")?.value)) ?? null;",
+];
+export function wiringGuide(stack) {
+    const stackNote = stack && stack.toLowerCase() === "cloudflare"
+        ? "This app is on Cloudflare, so the one-header edge path is an option (one global header covers every route). Otherwise use the SDK wrapper below."
+        : "Use the SDK wrapper (works on any host). If the app sits behind an edge/proxy you control, the one-header path can cover every route at once, but the wrapper is the default.";
+    return [
+        "# Wiring BoLD into this app (instructions for the AI assistant)",
+        "",
+        "You are wiring BoLD, a runtime BOLA/IDOR alarm, into the user's Next.js App Router app. Work in",
+        "the user's editor and PRESENT EVERY CHANGE AS A DIFF THE USER APPROVES. Never commit silently.",
+        "BoLD only ever receives request metadata; never send the user's code or data anywhere.",
+        "",
+        "## Steps",
+        "1. Install the SDK:  npm install @boldsec/next",
+        "2. Wrap every route handler:  npx @boldsec/next init   (dry run first; --apply writes; review the diff)",
+        `3. ${stackNote}`,
+        "4. Write resolveCallerId for EACH wrapped route (the codemod leaves a TODO(BoLD) marker). See below.",
+        "5. Set the two env vars from bold_connect_app (BOLD_INGEST_URL, BOLD_INGEST_KEY), then redeploy.",
+        "6. Verify with bold_coverage once a request has been made.",
+        "",
+        "## Step 4 in detail -- write resolveCallerId correctly from THIS repo",
+        "resolveCallerId(request) must return the SIGNED-IN user's id in the SAME FORM as the owner field",
+        "(ownerId / owner_id / user_id / ...) that this app's object responses expose. Determine BOTH ends",
+        "from the actual code, do not assume:",
+        "",
+        "a) Find how the app authenticates a request (read the repo):",
+        "   look for next-auth/@auth, @supabase/ssr or supabase-js, a jwt/jose verify, or a session cookie",
+        "   that maps to a user. Identify the call that yields the current user's id.",
+        "b) Find the owner field's VALUE SHAPE: open an example object route's response (or its DB model)",
+        "   and note what the owner id looks like (e.g. usr_101, a bare number, a uuid).",
+        "c) Write a resolver returning the caller id in THAT shape. Common patterns:",
+        ...RESOLVER_PATTERNS,
+        "",
+        "d) SANITY-CHECK the shape with bold_check_resolver (pass a sample caller id + a sample owner",
+        "   value). It flags a gross mismatch (e.g. you return a number but owners are usr_*). A shape",
+        "   match does NOT prove correctness, you must still be sure the value is the caller's OWN id.",
+        "",
+        "## THE ANTHEM RULE (do not break this)",
+        "If you CANNOT confidently determine that the id your resolver returns is the signed-in caller's",
+        "own id, in the owner field's namespace, DO NOT GUESS. Leave the TODO(BoLD) in place and tell the",
+        "user you were unsure and why. A wrong resolveCallerId makes BoLD compare the wrong identities,",
+        "which can cause a FALSE alarm or hide a real one. A left-in TODO is safe (BoLD holds cross-reads",
+        "for review); a wrong resolver is not. When unsure: stop and ask, never ship a confident guess.",
+        "",
+        "## After wiring",
+        "Tell the user to make one authenticated request, then call bold_coverage to confirm BoLD has",
+        "started seeing routes. bold_coverage reports ONLY routes BoLD has actually observed; it never",
+        "implies coverage of an unwired route.",
+    ].join("\n");
+}
+//# sourceMappingURL=guide.js.map

package/dist/guide.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guide.js","sourceRoot":"","sources":["../src/guide.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,iBAAiB,GAAG;IACxB,yBAAyB;IACzB,wCAAwC;IACxC,6EAA6E;IAC7E,6BAA6B;IAC7B,uDAAuD;IACvD,kEAAkE;IAClE,sCAAsC;IACtC,gDAAgD;IAChD,mFAAmF;IACnF,oEAAoE;IACpE,UAAU;IACV,6BAA6B;IAC7B,2CAA2C;IAC3C,4FAA4F;CAC7F,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,KAAc;IACxC,MAAM,SAAS,GACb,KAAK,IAAI,KAAK,CAAC,WAAW,EAAE,KAAK,YAAY;QAC3C,CAAC,CAAC,kJAAkJ;QACpJ,CAAC,CAAC,+KAA+K,CAAC;IAEtL,OAAO;QACL,iEAAiE;QACjE,EAAE;QACF,iGAAiG;QACjG,gGAAgG;QAChG,wFAAwF;QACxF,EAAE;QACF,UAAU;QACV,gDAAgD;QAChD,yGAAyG;QACzG,MAAM,SAAS,EAAE;QACjB,sGAAsG;QACtG,kGAAkG;QAClG,4DAA4D;QAC5D,EAAE;QACF,uEAAuE;QACvE,kGAAkG;QAClG,mGAAmG;QACnG,sCAAsC;QACtC,EAAE;QACF,8DAA8D;QAC9D,mGAAmG;QACnG,8EAA8E;QAC9E,kGAAkG;QAClG,iFAAiF;QACjF,6EAA6E;QAC7E,GAAG,iBAAiB;QACpB,EAAE;QACF,8FAA8F;QAC9F,+FAA+F;QAC/F,+FAA+F;QAC/F,EAAE;QACF,wCAAwC;QACxC,iGAAiG;QACjG,kGAAkG;QAClG,gGAAgG;QAChG,kGAAkG;QAClG,gGAAgG;QAChG,EAAE;QACF,iBAAiB;QACjB,8FAA8F;QAC9F,+FAA+F;QAC/F,uCAAuC;KACxC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,16 @@
+#!/usr/bin/env node
+/**
+ * @boldsec/mcp entry point. An MCP server (stdio) that the user's AI editor (Claude Desktop, Cursor,
+ * Codex) spawns. It exposes BoLD's connect / list / coverage / wiring-guide tools so the user can
+ * wire BoLD without leaving their editor, with the agent proposing diffs the human approves.
+ *
+ * Config via environment (set in the editor's MCP config, never hardcoded):
+ *   BOLD_TOKEN    the personal access token (blt_...) minted in BoLD under Settings. REQUIRED.
+ *   BOLD_API_URL  the BoLD API base. Optional; defaults to https://api.boldsec.io.
+ *
+ * The token is a secret: it is sent only in the Authorization header and is NEVER logged or echoed.
+ * On a missing token we fail fast with a clear message (to stderr, never stdout, which is the MCP
+ * protocol channel).
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG"}

package/dist/index.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+/**
+ * @boldsec/mcp entry point. An MCP server (stdio) that the user's AI editor (Claude Desktop, Cursor,
+ * Codex) spawns. It exposes BoLD's connect / list / coverage / wiring-guide tools so the user can
+ * wire BoLD without leaving their editor, with the agent proposing diffs the human approves.
+ *
+ * Config via environment (set in the editor's MCP config, never hardcoded):
+ *   BOLD_TOKEN    the personal access token (blt_...) minted in BoLD under Settings. REQUIRED.
+ *   BOLD_API_URL  the BoLD API base. Optional; defaults to https://api.boldsec.io.
+ *
+ * The token is a secret: it is sent only in the Authorization header and is NEVER logged or echoed.
+ * On a missing token we fail fast with a clear message (to stderr, never stdout, which is the MCP
+ * protocol channel).
+ */
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { BoldClient } from "./client.js";
+import { buildServer } from "./server.js";
+const DEFAULT_API_URL = "https://api.boldsec.io";
+async function main() {
+    const token = process.env.BOLD_TOKEN;
+    if (!token) {
+        // stderr only: stdout is the JSON-RPC channel and must not carry human messages.
+        process.stderr.write("BOLD_TOKEN is not set. Mint a personal access token in BoLD (Settings) and set it as " +
+            "BOLD_TOKEN in your editor's MCP config for @boldsec/mcp.\n");
+        process.exit(1);
+    }
+    const apiUrl = process.env.BOLD_API_URL ?? DEFAULT_API_URL;
+    const client = new BoldClient({ apiUrl, token });
+    const server = buildServer(client);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    // The server now runs until the editor closes the transport. Nothing is written to stdout except
+    // the MCP protocol; the token never appears anywhere.
+}
+main().catch((e) => {
+    process.stderr.write(`@boldsec/mcp failed to start: ${e.message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,eAAe,GAAG,wBAAwB,CAAC;AAEjD,KAAK,UAAU,IAAI;IACjB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACrC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,iFAAiF;QACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uFAAuF;YACrF,4DAA4D,CAC/D,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,eAAe,CAAC;IAE3D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,iGAAiG;IACjG,sDAAsD;AACxD,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iCAAkC,CAAW,CAAC,OAAO,IAAI,CAAC,CAAC;IAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,12 @@
+/**
+ * The BoLD MCP server wiring. Registers the four SAFE tools (connect / list / coverage / wiring
+ * guide) over a BoldClient. Building the server is separated from process startup so tests can drive
+ * a real server with an injected (stubbed) client over an in-memory transport, no editor or network.
+ *
+ * Scope (M2): connect + read + guide only. There is deliberately NO tool that reaches a verdict or
+ * writes the user's code. The MCP relays; classify() owns every verdict, untouched.
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import type { BoldClient } from "./client.ts";
+export declare function buildServer(client: BoldClient): McpServer;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAGpE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAmB9C,wBAAgB,WAAW,CAAC,MAAM,EAAE,UAAU,GAAG,SAAS,CAkFzD"}

package/dist/server.js

@@ -0,0 +1,72 @@
+/**
+ * The BoLD MCP server wiring. Registers the four SAFE tools (connect / list / coverage / wiring
+ * guide) over a BoldClient. Building the server is separated from process startup so tests can drive
+ * a real server with an injected (stubbed) client over an in-memory transport, no editor or network.
+ *
+ * Scope (M2): connect + read + guide only. There is deliberately NO tool that reaches a verdict or
+ * writes the user's code. The MCP relays; classify() owns every verdict, untouched.
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
+import { toolCheckResolver, toolConnectApp, toolCoverage, toolListMonitors, toolWiringGuide, } from "./tools.js";
+const VERSION = "0.1.0";
+function content(r) {
+    return {
+        content: [{ type: "text", text: r.text }],
+        isError: r.isError,
+    };
+}
+export function buildServer(client) {
+    const server = new McpServer({ name: "boldsec-mcp", version: VERSION });
+    server.registerTool("bold_connect_app", {
+        title: "Connect an app to BoLD",
+        description: "Connect an app to BoLD live monitoring. Returns the ingest env vars (the ingest key is a " +
+            "secret shown once). After this, wire the routes (bold_wiring_guide) and confirm (bold_coverage).",
+        inputSchema: {
+            name: z.string().min(1).describe("A label for the app, e.g. 'My SaaS'."),
+            base_url: z.string().min(1).describe("The app's base URL, e.g. https://myapp.com"),
+        },
+    }, async (args) => content(await toolConnectApp(client, args)));
+    server.registerTool("bold_list_monitors", {
+        title: "List connected apps",
+        description: "List the apps connected to BoLD and whether each is watching or waiting.",
+        inputSchema: {},
+    }, async () => content(await toolListMonitors(client)));
+    server.registerTool("bold_coverage", {
+        title: "Routes BoLD has seen",
+        description: "Show the routes BoLD has actually observed traffic on for an app. Reports ONLY observed " +
+            "routes; never implies coverage of an unwired route (not an all-clear).",
+        inputSchema: {
+            monitor_id: z.string().min(1).describe("The monitor id from bold_connect_app/bold_list_monitors."),
+        },
+    }, async (args) => content(await toolCoverage(client, args)));
+    server.registerTool("bold_wiring_guide", {
+        title: "How to wire BoLD into this app",
+        description: "Return step-by-step instructions for wiring BoLD into the current repo, including how to " +
+            "write resolveCallerId for this app's auth, and the rule to leave the TODO if unsure.",
+        inputSchema: {
+            stack: z
+                .string()
+                .optional()
+                .describe("Optional hosting stack hint (e.g. 'cloudflare', 'vercel')."),
+        },
+    }, async (args) => content(toolWiringGuide(args)));
+    server.registerTool("bold_check_resolver", {
+        title: "Sanity-check a resolveCallerId shape",
+        description: "Given a sample caller id (what resolveCallerId returns) and a sample owner-field value, " +
+            "flag a gross shape mismatch. A shape match does NOT prove correctness; the human must still " +
+            "confirm the value is the caller's own id. Never asserts a resolver is right.",
+        inputSchema: {
+            caller_id_sample: z
+                .string()
+                .min(1)
+                .describe("An example id resolveCallerId returns, e.g. 'usr_101'."),
+            owner_value_sample: z
+                .string()
+                .min(1)
+                .describe("An example value of the response owner field, e.g. 'usr_777'."),
+        },
+    }, async (args) => content(toolCheckResolver(args)));
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,eAAe,GAEhB,MAAM,YAAY,CAAC;AAEpB,MAAM,OAAO,GAAG,OAAO,CAAC;AAExB,SAAS,OAAO,CAAC,CAAa;IAC5B,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAClD,OAAO,EAAE,CAAC,CAAC,OAAO;KACnB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAkB;IAC5C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAExE,MAAM,CAAC,YAAY,CACjB,kBAAkB,EAClB;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EACT,2FAA2F;YAC3F,kGAAkG;QACpG,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,sCAAsC,CAAC;YACxE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,4CAA4C,CAAC;SACnF;KACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,cAAc,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAC5D,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,oBAAoB,EACpB;QACE,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,0EAA0E;QACvF,WAAW,EAAE,EAAE;KAChB,EACD,KAAK,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,gBAAgB,CAAC,MAAM,CAAC,CAAC,CACpD,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;QACE,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EACT,0FAA0F;YAC1F,wEAAwE;QAC1E,WAAW,EAAE;YACX,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,0DAA0D,CAAC;SACnG;KACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAC1D,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,2FAA2F;YAC3F,sFAAsF;QACxF,WAAW,EAAE;YACX,KAAK,EAAE,CAAC;iBACL,MAAM,EAAE;iBACR,QAAQ,EAAE;iBACV,QAAQ,CAAC,4DAA4D,CAAC;SAC1E;KACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAC/C,CAAC;IAEF,MAAM,CAAC,YAAY,CACjB,qBAAqB,EACrB;QACE,KAAK,EAAE,sCAAsC;QAC7C,WAAW,EACT,0FAA0F;YAC1F,8FAA8F;YAC9F,8EAA8E;QAChF,WAAW,EAAE;YACX,gBAAgB,EAAE,CAAC;iBAChB,MAAM,EAAE;iBACR,GAAG,CAAC,CAAC,CAAC;iBACN,QAAQ,CAAC,wDAAwD,CAAC;YACrE,kBAAkB,EAAE,CAAC;iBAClB,MAAM,EAAE;iBACR,GAAG,CAAC,CAAC,CAAC;iBACN,QAAQ,CAAC,+DAA+D,CAAC;SAC7E;KACF,EACD,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CACjD,CAAC;IAEF,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/shapes.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Id-shape classification for the resolveCallerId sanity check (M3). Mirrors how the BoLD SDK reads
+ * object ids: numeric (42), uuid/long-hex, or a prefixed id (usr_101). Used by bold_check_resolver to
+ * catch a GROSS shape mismatch between what a resolver returns and the owner-field value.
+ *
+ * IMPORTANT (the anthem): a shape MATCH is necessary but NOT sufficient. usr_101 and usr_999 share a
+ * shape yet are different users. This classifier can only flag an obvious mismatch (e.g. resolver
+ * returns a numeric id while owners are usr_*); it can NEVER assert a resolver is correct. The caller
+ * (the agent + the human) must still confirm the actual value is the caller's own id.
+ */
+export type IdShape = "numeric" | "uuid-or-hex" | "prefixed" | "other";
+export declare function classifyShape(value: string): IdShape;
+export interface ShapeCheck {
+    match: boolean;
+    callerShape: IdShape;
+    ownerShape: IdShape;
+    message: string;
+}
+/** Compare the shape a resolver returns against a sample owner value. Honest by construction: it
+ *  reports a plausible match or a likely mismatch, and ALWAYS reminds the caller that a shape match
+ *  does not prove the value is correct (only the human/agent can confirm that). */
+export declare function checkResolverShape(callerIdSample: string, ownerValueSample: string): ShapeCheck;
+//# sourceMappingURL=shapes.d.ts.map

package/dist/shapes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shapes.d.ts","sourceRoot":"","sources":["../src/shapes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,OAAO,GAAG,SAAS,GAAG,aAAa,GAAG,UAAU,GAAG,OAAO,CAAC;AAMvE,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAOpD;AAED,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,OAAO,CAAC;IACf,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;mFAEmF;AACnF,wBAAgB,kBAAkB,CAAC,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,UAAU,CAa/F"}

package/dist/shapes.js

@@ -0,0 +1,42 @@
+/**
+ * Id-shape classification for the resolveCallerId sanity check (M3). Mirrors how the BoLD SDK reads
+ * object ids: numeric (42), uuid/long-hex, or a prefixed id (usr_101). Used by bold_check_resolver to
+ * catch a GROSS shape mismatch between what a resolver returns and the owner-field value.
+ *
+ * IMPORTANT (the anthem): a shape MATCH is necessary but NOT sufficient. usr_101 and usr_999 share a
+ * shape yet are different users. This classifier can only flag an obvious mismatch (e.g. resolver
+ * returns a numeric id while owners are usr_*); it can NEVER assert a resolver is correct. The caller
+ * (the agent + the human) must still confirm the actual value is the caller's own id.
+ */
+const NUMERIC = /^[0-9]+$/;
+const UUID_OR_HEX = /^[0-9a-fA-F-]{6,}$/;
+const PREFIXED = /^[a-zA-Z][a-zA-Z0-9]*(?:_[a-zA-Z0-9]+)+$/;
+export function classifyShape(value) {
+    const v = value.trim();
+    if (NUMERIC.test(v))
+        return "numeric";
+    // A prefixed id (usr_101) must be checked before uuid/hex so it isn't mis-read as hex.
+    if (PREFIXED.test(v))
+        return "prefixed";
+    if (UUID_OR_HEX.test(v))
+        return "uuid-or-hex";
+    return "other";
+}
+/** Compare the shape a resolver returns against a sample owner value. Honest by construction: it
+ *  reports a plausible match or a likely mismatch, and ALWAYS reminds the caller that a shape match
+ *  does not prove the value is correct (only the human/agent can confirm that). */
+export function checkResolverShape(callerIdSample, ownerValueSample) {
+    const callerShape = classifyShape(callerIdSample);
+    const ownerShape = classifyShape(ownerValueSample);
+    const match = callerShape === ownerShape && callerShape !== "other";
+    const base = `Caller id looks like "${callerShape}"; owner field looks like "${ownerShape}".`;
+    const message = match
+        ? `${base} The shapes are consistent. This does NOT prove the resolver: confirm the value it ` +
+            `returns is the SIGNED-IN caller's own id (usr_101 and usr_999 share a shape but are different ` +
+            `users). If you cannot confirm, leave the TODO.`
+        : `${base} The shapes do NOT match, so the resolver is very likely wrong (BoLD would compare ` +
+            `mismatched identities). Re-derive resolveCallerId so it returns the caller id in the owner ` +
+            `field's form, or leave the TODO and ask the user.`;
+    return { match, callerShape, ownerShape, message };
+}
+//# sourceMappingURL=shapes.js.map

package/dist/shapes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shapes.js","sourceRoot":"","sources":["../src/shapes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,MAAM,OAAO,GAAG,UAAU,CAAC;AAC3B,MAAM,WAAW,GAAG,oBAAoB,CAAC;AACzC,MAAM,QAAQ,GAAG,0CAA0C,CAAC;AAE5D,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IACvB,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACtC,uFAAuF;IACvF,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,UAAU,CAAC;IACxC,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,aAAa,CAAC;IAC9C,OAAO,OAAO,CAAC;AACjB,CAAC;AASD;;mFAEmF;AACnF,MAAM,UAAU,kBAAkB,CAAC,cAAsB,EAAE,gBAAwB;IACjF,MAAM,WAAW,GAAG,aAAa,CAAC,cAAc,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,WAAW,KAAK,UAAU,IAAI,WAAW,KAAK,OAAO,CAAC;IACpE,MAAM,IAAI,GAAG,yBAAyB,WAAW,8BAA8B,UAAU,IAAI,CAAC;IAC9F,MAAM,OAAO,GAAG,KAAK;QACnB,CAAC,CAAC,GAAG,IAAI,qFAAqF;YAC5F,gGAAgG;YAChG,gDAAgD;QAClD,CAAC,CAAC,GAAG,IAAI,qFAAqF;YAC5F,6FAA6F;YAC7F,mDAAmD,CAAC;IACxD,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;AACrD,CAAC"}

package/dist/tools.d.ts

@@ -0,0 +1,31 @@
+/**
+ * The MCP tool handlers. Each is a PURE async function over a BoldClient, returning the text the
+ * agent sees. Kept separate from the server wiring so every tool is unit-testable against a stubbed
+ * client (success + 401 + network error + the anthem-honesty of the coverage text), with no editor
+ * and no network.
+ *
+ * THE ANTHEM IN THE MCP: none of these reach a verdict. bold_coverage in particular states plainly
+ * that it reports ONLY routes BoLD has observed and never implies coverage of an unwired route, so
+ * the tool output can never read as a false "all clear".
+ */
+import { type BoldClient } from "./client.ts";
+export interface ToolResult {
+    isError: boolean;
+    text: string;
+}
+export declare function toolConnectApp(client: BoldClient, args: {
+    name: string;
+    base_url: string;
+}): Promise<ToolResult>;
+export declare function toolListMonitors(client: BoldClient): Promise<ToolResult>;
+export declare function toolCoverage(client: BoldClient, args: {
+    monitor_id: string;
+}): Promise<ToolResult>;
+export declare function toolWiringGuide(args: {
+    stack?: string;
+}): ToolResult;
+export declare function toolCheckResolver(args: {
+    caller_id_sample: string;
+    owner_value_sample: string;
+}): ToolResult;
+//# sourceMappingURL=tools.d.ts.map

package/dist/tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAgB,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAI5D,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAaD,wBAAsB,cAAc,CAClC,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACvC,OAAO,CAAC,UAAU,CAAC,CAkBrB;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAkB9E;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GAC3B,OAAO,CAAC,UAAU,CAAC,CA8BrB;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,UAAU,CAGpE;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,GAAG,UAAU,CAKb"}

package/dist/tools.js

@@ -0,0 +1,98 @@
+/**
+ * The MCP tool handlers. Each is a PURE async function over a BoldClient, returning the text the
+ * agent sees. Kept separate from the server wiring so every tool is unit-testable against a stubbed
+ * client (success + 401 + network error + the anthem-honesty of the coverage text), with no editor
+ * and no network.
+ *
+ * THE ANTHEM IN THE MCP: none of these reach a verdict. bold_coverage in particular states plainly
+ * that it reports ONLY routes BoLD has observed and never implies coverage of an unwired route, so
+ * the tool output can never read as a false "all clear".
+ */
+import { BoldApiError } from "./client.js";
+import { wiringGuide } from "./guide.js";
+import { checkResolverShape } from "./shapes.js";
+function ok(text) {
+    return { isError: false, text };
+}
+/** Turn any thrown error into an honest, non-leaking tool error. Never prints the token; a
+ *  BoldApiError carries a safe message, an unexpected error is reported without internals. */
+function fail(e) {
+    if (e instanceof BoldApiError)
+        return { isError: true, text: e.message };
+    return { isError: true, text: `Unexpected error talking to BoLD: ${e.message}` };
+}
+export async function toolConnectApp(client, args) {
+    try {
+        const m = await client.connectApp(args.name, args.base_url);
+        return ok([
+            `Connected "${m.label}" to BoLD (monitor id: ${m.id}).`,
+            "",
+            "Set these two environment variables on the app, then redeploy:",
+            `  BOLD_INGEST_URL=https://api.boldsec.io/api/live/ingest`,
+            `  BOLD_INGEST_KEY=${m.ingest_key}`,
+            "",
+            "This ingest key is shown ONCE and is a secret: put it in the app's env (not in committed",
+            "code). Next, wire the routes (call bold_wiring_guide) and confirm with bold_coverage.",
+        ].join("\n"));
+    }
+    catch (e) {
+        return fail(e);
+    }
+}
+export async function toolListMonitors(client) {
+    try {
+        const monitors = await client.listMonitors();
+        if (monitors.length === 0) {
+            return ok("You have no connected apps yet. Use bold_connect_app to connect one.");
+        }
+        const lines = monitors.map((m) => {
+            const state = !m.active
+                ? "disconnected"
+                : m.events_seen > 0
+                    ? `watching (${m.events_seen} events seen)`
+                    : "waiting for first event";
+            return `- ${m.label} [${m.id}] ${m.base_url} -- ${state}`;
+        });
+        return ok(["Your connected apps:", ...lines].join("\n"));
+    }
+    catch (e) {
+        return fail(e);
+    }
+}
+export async function toolCoverage(client, args) {
+    try {
+        const c = await client.coverage(args.monitor_id);
+        if (c.endpoints_seen === 0) {
+            return ok([
+                "No routes seen yet for this app.",
+                "BoLD can only watch routes it has received a request on, so nothing is covered until",
+                "traffic arrives. THIS IS NOT AN ALL CLEAR: make one authenticated request and check again.",
+            ].join("\n"));
+        }
+        const lines = c.endpoints.map((e) => `- ${e.endpoint}  (${e.hits} hit${e.hits === 1 ? "" : "s"})`);
+        return ok([
+            `BoLD is watching the ${c.endpoints_seen} route${c.endpoints_seen === 1 ? "" : "s"} it has seen traffic on:`,
+            ...lines,
+            "",
+            "It can ONLY speak to these routes. A route BoLD has not observed is NOT covered; never",
+            "assume a route is watched until it appears here.",
+            ...(c.truncated
+                ? ["", "(The per-app record limit was reached; more routes may be in use than listed.)"]
+                : []),
+        ].join("\n"));
+    }
+    catch (e) {
+        return fail(e);
+    }
+}
+export function toolWiringGuide(args) {
+    // Pure text; no network. The anthem rule (leave the TODO if unsure) lives in the guide itself.
+    return ok(wiringGuide(args.stack));
+}
+export function toolCheckResolver(args) {
+    // Pure shape check. NEVER asserts the resolver is correct (a shape match is necessary, not
+    // sufficient); it only catches a gross mismatch and always defers final confirmation to the human.
+    const r = checkResolverShape(args.caller_id_sample, args.owner_value_sample);
+    return ok(r.message);
+}
+//# sourceMappingURL=tools.js.map

package/dist/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,YAAY,EAAmB,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAOjD,SAAS,EAAE,CAAC,IAAY;IACtB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AAClC,CAAC;AAED;8FAC8F;AAC9F,SAAS,IAAI,CAAC,CAAU;IACtB,IAAI,CAAC,YAAY,YAAY;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IACzE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,qCAAsC,CAAW,CAAC,OAAO,EAAE,EAAE,CAAC;AAC9F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,MAAkB,EAClB,IAAwC;IAExC,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5D,OAAO,EAAE,CACP;YACE,cAAc,CAAC,CAAC,KAAK,0BAA0B,CAAC,CAAC,EAAE,IAAI;YACvD,EAAE;YACF,gEAAgE;YAChE,0DAA0D;YAC1D,qBAAqB,CAAC,CAAC,UAAU,EAAE;YACnC,EAAE;YACF,0FAA0F;YAC1F,uFAAuF;SACxF,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,MAAkB;IACvD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC7C,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,CAAC,sEAAsE,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC/B,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM;gBACrB,CAAC,CAAC,cAAc;gBAChB,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC;oBACjB,CAAC,CAAC,aAAa,CAAC,CAAC,WAAW,eAAe;oBAC3C,CAAC,CAAC,yBAAyB,CAAC;YAChC,OAAO,KAAK,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,OAAO,KAAK,EAAE,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,CAAC,CAAC,sBAAsB,EAAE,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAkB,EAClB,IAA4B;IAE5B,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,CAAC,cAAc,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CACP;gBACE,kCAAkC;gBAClC,sFAAsF;gBACtF,4FAA4F;aAC7F,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,CACpE,CAAC;QACF,OAAO,EAAE,CACP;YACE,wBAAwB,CAAC,CAAC,cAAc,SAAS,CAAC,CAAC,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,0BAA0B;YAC5G,GAAG,KAAK;YACR,EAAE;YACF,wFAAwF;YACxF,kDAAkD;YAClD,GAAG,CAAC,CAAC,CAAC,SAAS;gBACb,CAAC,CAAC,CAAC,EAAE,EAAE,gFAAgF,CAAC;gBACxF,CAAC,CAAC,EAAE,CAAC;SACR,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAwB;IACtD,+FAA+F;IAC/F,OAAO,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAGjC;IACC,2FAA2F;IAC3F,mGAAmG;IACnG,MAAM,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC7E,OAAO,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;AACvB,CAAC"}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@boldsec/mcp",
+  "version": "0.1.0",
+  "description": "BoLD MCP server: connect, wire, and verify BoLD live BOLA/IDOR monitoring from your AI editor (Claude, Cursor, Codex). Metadata only; never reaches a verdict.",
+  "type": "module",
+  "bin": {
+    "boldsec-mcp": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "homepage": "https://boldsec.io",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Sahith59/BoLD.git",
+    "directory": "web/sdk/bold-mcp"
+  },
+  "scripts": {
+    "build": "rm -rf dist && tsc -p tsconfig.build.json",
+    "typecheck": "tsc -p tsconfig.json",
+    "test": "node --test src/client.test.ts src/tools.test.ts src/server.test.ts src/shapes.test.ts",
+    "prepublishOnly": "npm run typecheck && npm test && npm run build"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "bola",
+    "idor",
+    "security",
+    "nextjs",
+    "claude",
+    "cursor"
+  ],
+  "license": "UNLICENSED",
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20",
+    "typescript": "^5"
+  }
+}