npm - @clampd/mcp-proxy - Versions diffs - 0.2.0 - Mend

@clampd/mcp-proxy 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/dist/fleet.js ADDED Viewed

@@ -0,0 +1,274 @@
+/**
+ * Fleet orchestrator — runs multiple MCP proxy instances from a single config.
+ *
+ * Each proxy wraps a different upstream MCP server with a different agent identity,
+ * enabling multi-agent demos showing scope isolation, delegation chains, and
+ * behavioral correlation.
+ *
+ * Usage:
+ *   clampd-mcp-proxy --fleet-config fleet.json
+ *
+ * Config:
+ *   {
+ *     "gateway": "http://ag-gateway:8080",
+ *     "apiKey": "ag_test_acme_demo_2026",
+ *     "secret": "ags_...",
+ *     "dashboardPort": 3000,
+ *     "agents": [
+ *       { "name": "Data Analyst", "agentId": "...", "port": 3003, "upstream": "...", "color": "#3b82f6" },
+ *       { "name": "DevOps Bot",   "agentId": "...", "port": 3004, "upstream": "...", "color": "#22c55e" },
+ *       { "name": "DB Admin",     "agentId": "...", "port": 3005, "upstream": "...", "color": "#f59e0b" }
+ *     ]
+ *   }
+ */
+import { createServer } from "node:http";
+import { readFileSync } from "node:fs";
+import { startProxy } from "./proxy.js";
+import { log, setVerbose } from "./logger.js";
+// ── Fleet State ───────────────────────────────────────────────────────
+const fleetEvents = [];
+const MAX_FLEET_EVENTS = 2000;
+const fleetSubscribers = new Set();
+function pushFleetEvent(event) {
+    fleetEvents.push(event);
+    if (fleetEvents.length > MAX_FLEET_EVENTS) {
+        fleetEvents.shift();
+    }
+    const payload = `data: ${JSON.stringify(event)}\n\n`;
+    for (const res of fleetSubscribers) {
+        try {
+            res.write(payload);
+        }
+        catch {
+            fleetSubscribers.delete(res);
+        }
+    }
+}
+// ── Start Fleet ───────────────────────────────────────────────────────
+export async function startFleet(configPath) {
+    const raw = readFileSync(configPath, "utf-8");
+    const config = JSON.parse(raw);
+    if (config.verbose)
+        setVerbose(true);
+    log("info", "");
+    log("info", "=== Clampd MCP Fleet ===");
+    log("info", `Agents: ${config.agents.length}`);
+    log("info", `Dashboard: http://localhost:${config.dashboardPort}/`);
+    log("info", "");
+    // Build color map
+    const defaultColors = ["#3b82f6", "#22c55e", "#f59e0b", "#ef4444", "#8b5cf6", "#ec4899", "#06b6d4", "#84cc16"];
+    const colorMap = new Map();
+    config.agents.forEach((a, i) => {
+        colorMap.set(a.agentId, a.color ?? defaultColors[i % defaultColors.length]);
+    });
+    // Start each proxy instance
+    for (const agent of config.agents) {
+        const opts = {
+            upstreamCommand: agent.upstream,
+            gatewayUrl: config.gateway,
+            apiKey: config.apiKey,
+            agentId: agent.agentId,
+            port: agent.port,
+            secret: agent.secret ?? config.secret,
+            dryRun: config.dryRun ?? false,
+            verbose: config.verbose ?? false,
+            scanInputEnabled: agent.scanInput ?? true,
+            scanOutputEnabled: agent.scanOutput ?? true,
+            checkResponse: agent.checkResponse ?? false,
+            demoPanel: agent.demoPanel ?? false,
+            agentName: agent.name,
+            onEvent: (event) => {
+                pushFleetEvent({
+                    ...event,
+                    agentName: agent.name,
+                    agentColor: colorMap.get(agent.agentId),
+                    agentId: agent.agentId,
+                });
+            },
+        };
+        try {
+            await startProxy(opts);
+            log("info", `Started agent "${agent.name}" on port ${agent.port} (${agent.agentId.slice(0, 8)}...)`);
+        }
+        catch (err) {
+            log("error", `Failed to start agent "${agent.name}": ${err instanceof Error ? err.message : err}`);
+        }
+    }
+    // Start fleet dashboard server
+    const httpServer = createServer((req, res) => {
+        const url = new URL(req.url ?? "/", `http://localhost:${config.dashboardPort}`);
+        // GET / — Fleet dashboard
+        if (url.pathname === "/" && req.method === "GET") {
+            const html = renderFleetDashboard(fleetEvents, config);
+            res.writeHead(200, { "Content-Type": "text/html; charset=utf-8", "Cache-Control": "no-cache" });
+            res.end(html);
+            return;
+        }
+        // GET /events — Fleet SSE stream
+        if (url.pathname === "/events" && req.method === "GET") {
+            res.writeHead(200, { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", Connection: "keep-alive" });
+            res.write(`data: ${JSON.stringify({ type: "connected", total: fleetEvents.length })}\n\n`);
+            fleetSubscribers.add(res);
+            req.on("close", () => fleetSubscribers.delete(res));
+            return;
+        }
+        // GET /health — Fleet health
+        if (url.pathname === "/health" && req.method === "GET") {
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                status: "ok",
+                mode: "fleet",
+                agents: config.agents.map((a) => ({ name: a.name, agentId: a.agentId, port: a.port })),
+                total_events: fleetEvents.length,
+            }));
+            return;
+        }
+        res.writeHead(404);
+        res.end("Not found");
+    });
+    httpServer.listen(config.dashboardPort, () => {
+        log("info", `Fleet dashboard: http://localhost:${config.dashboardPort}/`);
+        for (const agent of config.agents) {
+            log("info", `  ${agent.name}: http://localhost:${agent.port}/sse (MCP) | http://localhost:${agent.port}/ (dashboard)`);
+        }
+        log("info", "");
+        log("info", "Claude Desktop config — add each agent as a separate MCP server:");
+        log("info", JSON.stringify({
+            mcpServers: Object.fromEntries(config.agents.map((a) => [
+                a.name.toLowerCase().replace(/\s+/g, "-"),
+                { url: `http://localhost:${a.port}/sse` },
+            ])),
+        }, null, 2));
+        log("info", "");
+    });
+}
+// ── Fleet Dashboard Renderer ──────────────────────────────────────────
+function renderFleetDashboard(events, config) {
+    const agentStats = new Map();
+    for (const a of config.agents) {
+        const color = a.color ?? "#888";
+        agentStats.set(a.agentId, { name: a.name, color, total: 0, blocked: 0, flagged: 0, allowed: 0, errors: 0, port: a.port });
+    }
+    for (const e of events) {
+        const stats = agentStats.get(e.agentId ?? "");
+        if (stats) {
+            stats.total++;
+            if (e.status === "blocked")
+                stats.blocked++;
+            else if (e.status === "flagged")
+                stats.flagged++;
+            else if (e.status === "error")
+                stats.errors++;
+            else
+                stats.allowed++;
+        }
+    }
+    // Agent cards
+    const agentCards = Array.from(agentStats.values())
+        .map((s) => `
+      <div style="border:1px solid #222;border-left:3px solid ${s.color};border-radius:6px;padding:12px 16px;min-width:200px">
+        <div style="font-size:14px;font-weight:600;color:${s.color}">${esc(s.name)}</div>
+        <div style="font-size:11px;color:#555;margin-top:2px">Port ${s.port}</div>
+        <div style="display:flex;gap:12px;margin-top:8px;font-size:12px">
+          <span style="color:#22c55e">${s.allowed} ok</span>
+          <span style="color:#ef4444">${s.blocked} blocked</span>
+          <span style="color:#f59e0b">${s.flagged} flagged</span>
+          <span style="color:#6b7280">${s.errors} err</span>
+        </div>
+      </div>`)
+        .join("");
+    // Event rows (last 100)
+    const last100 = events.slice(-100).reverse();
+    const rows = last100.map((e, i) => {
+        const stats = agentStats.get(e.agentId ?? "");
+        const color = stats?.color ?? "#888";
+        const agentName = stats?.name ?? e.agentId ?? "?";
+        const statusColor = e.status === "blocked" ? "#ef4444" : e.status === "flagged" ? "#f59e0b" : e.status === "error" ? "#6b7280" : "#22c55e";
+        const rules = e.matched_rules?.map((r) => `<span style="background:#2d1b69;color:#c4b5fd;padding:1px 5px;border-radius:3px;font-size:10px">${esc(r)}</span>`).join(" ") ?? "";
+        const time = e.timestamp.split("T")[1]?.slice(0, 12) ?? "";
+        return `
+      <tr style="cursor:pointer;border-bottom:1px solid #151515" onclick="toggleDetail(${i})">
+        <td style="padding:6px 10px;font-family:monospace;font-size:11px;color:#666">${esc(time)}</td>
+        <td style="padding:6px 10px"><span style="display:inline-block;width:8px;height:8px;border-radius:50%;background:${color};margin-right:6px"></span><span style="font-size:12px;color:${color}">${esc(agentName)}</span></td>
+        <td style="padding:6px 10px;font-weight:600;font-size:12px">${esc(e.tool)}</td>
+        <td style="padding:6px 10px;font-weight:600;color:${statusColor};font-size:12px">${e.status.toUpperCase()}</td>
+        <td style="padding:6px 10px;font-family:monospace;font-size:11px">${e.risk_score.toFixed(2)}</td>
+        <td style="padding:6px 10px">${rules}</td>
+        <td style="padding:6px 10px;font-family:monospace;font-size:11px">${e.latency_ms}ms</td>
+      </tr>
+      <tr id="detail-${i}" style="display:none">
+        <td colspan="7" style="padding:10px 16px;background:#0d0d14;border-bottom:1px solid #1a1a2e;font-size:12px;color:#888">
+          ${e.reason ? `<div><strong>Reason:</strong> ${esc(e.reason)}</div>` : ""}
+          ${e.reasoning ? `<div><strong>Reasoning:</strong> ${esc(e.reasoning)}</div>` : ""}
+          ${e.session_flags?.length ? `<div><strong>Session Flags:</strong> ${e.session_flags.map((f) => `<span style="background:#422006;color:#fbbf24;padding:1px 5px;border-radius:3px;font-size:10px">${esc(f)}</span>`).join(" ")}</div>` : ""}
+          ${e.scope_granted ? `<div><strong>Scope:</strong> <span style="background:#042f2e;color:#5eead4;padding:1px 5px;border-radius:3px;font-size:10px">${esc(e.scope_granted)}</span></div>` : ""}
+          <div style="margin-top:6px;font-family:monospace;font-size:11px;color:#555;max-height:120px;overflow:auto">${esc(e.params)}</div>
+        </td>
+      </tr>`;
+    }).join("");
+    const total = events.length;
+    const blocked = events.filter((e) => e.status === "blocked").length;
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Clampd Fleet Dashboard</title>
+  <style>
+    * { margin:0; padding:0; box-sizing:border-box; }
+    body { font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif; background:#0a0a0a; color:#e0e0e0; }
+  </style>
+</head>
+<body>
+  <div style="padding:20px 32px;border-bottom:1px solid #222;display:flex;align-items:center;gap:16px;flex-wrap:wrap">
+    <h1 style="font-size:20px;color:#fff">Clampd Fleet</h1>
+    <span style="padding:3px 10px;border-radius:4px;font-size:11px;font-weight:600;background:#1a472a;color:#4ade80">${config.agents.length} AGENTS</span>
+    <span style="font-size:13px;color:#888">${total} calls | ${blocked} blocked | ${total > 0 ? ((blocked / total) * 100).toFixed(1) : "0"}% threat rate</span>
+    <div style="margin-left:auto">
+      <button onclick="location.reload()" style="padding:5px 12px;border:1px solid #333;background:#111;color:#aaa;border-radius:4px;cursor:pointer;font-size:11px">Refresh</button>
+    </div>
+  </div>
+  <div style="display:flex;gap:12px;padding:16px 32px;border-bottom:1px solid #222;flex-wrap:wrap;overflow-x:auto">
+    ${agentCards}
+  </div>
+  <div style="max-height:600px;overflow-y:auto">
+    <table style="width:100%;border-collapse:collapse;font-size:13px">
+      <thead>
+        <tr style="background:#111;position:sticky;top:0;z-index:1">
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Time</th>
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Agent</th>
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Tool</th>
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Status</th>
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Risk</th>
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Rules</th>
+          <th style="text-align:left;padding:7px 10px;color:#666;font-size:10px;text-transform:uppercase">Latency</th>
+        </tr>
+      </thead>
+      <tbody>
+        ${rows || '<tr><td colspan="7" style="padding:48px;text-align:center;color:#333">No events yet. Connect Claude Desktop to the agent SSE endpoints.</td></tr>'}
+      </tbody>
+    </table>
+  </div>
+  <script>
+    const evtSource = new EventSource('/events');
+    let newCount = 0;
+    evtSource.onmessage = function() {
+      newCount++;
+      const btn = document.querySelector('button');
+      if (btn) btn.textContent = 'Refresh (' + newCount + ' new)';
+    };
+    function toggleDetail(idx) {
+      const el = document.getElementById('detail-' + idx);
+      if (el) el.style.display = el.style.display === 'none' ? 'table-row' : 'none';
+    }
+  </script>
+</body>
+</html>`;
+}
+function esc(s) {
+    return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+//# sourceMappingURL=fleet.js.map

package/dist/fleet.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"fleet.js","sourceRoot":"","sources":["../src/fleet.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,UAAU,EAAqB,MAAM,YAAY,CAAC;AAE3D,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAmC9C,yEAAyE;AAEzE,MAAM,WAAW,GAAiB,EAAE,CAAC;AACrC,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEnD,SAAS,cAAc,CAAC,KAAiB;IACvC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxB,IAAI,WAAW,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAC1C,WAAW,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IACD,MAAM,OAAO,GAAG,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC;IACrD,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB;IACjD,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAgB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,MAAM,CAAC,OAAO;QAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IAErC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChB,GAAG,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC;IACxC,GAAG,CAAC,MAAM,EAAE,WAAW,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/C,GAAG,CAAC,MAAM,EAAE,+BAA+B,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;IACpE,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAEhB,kBAAkB;IAClB,MAAM,aAAa,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAC/G,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC7B,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,IAAI,aAAa,CAAC,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CAAC;IAEH,4BAA4B;IAC5B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,IAAI,GAAiB;YACzB,eAAe,EAAE,KAAK,CAAC,QAAQ;YAC/B,UAAU,EAAE,MAAM,CAAC,OAAO;YAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM;YACrC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,KAAK;YAC9B,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,KAAK;YAChC,gBAAgB,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;YACzC,iBAAiB,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;YAC3C,aAAa,EAAE,KAAK,CAAC,aAAa,IAAI,KAAK;YAC3C,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,KAAK;YACnC,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBACjB,cAAc,CAAC;oBACb,GAAG,KAAK;oBACR,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,UAAU,EAAE,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC;oBACvC,OAAO,EAAE,KAAK,CAAC,OAAO;iBACvB,CAAC,CAAC;YACL,CAAC;SACF,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,IAAI,CAAC,CAAC;YACvB,GAAG,CAAC,MAAM,EAAE,kBAAkB,KAAK,CAAC,IAAI,aAAa,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACvG,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,GAAG,CAAC,OAAO,EAAE,0BAA0B,KAAK,CAAC,IAAI,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACrG,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;QAC5E,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC;QAEhF,0BAA0B;QAC1B,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACjD,MAAM,IAAI,GAAG,oBAAoB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACvD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC,CAAC;YAChG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACd,OAAO;QACT,CAAC;QAED,iCAAiC;QACjC,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACvD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,mBAAmB,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC,CAAC;YACnH,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;YAC3F,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC1B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,6BAA6B;QAC7B,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACvD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;gBACrB,MAAM,EAAE,IAAI;gBACZ,IAAI,EAAE,OAAO;gBACb,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBACtF,YAAY,EAAE,WAAW,CAAC,MAAM;aACjC,CAAC,CAAC,CAAC;YACJ,OAAO;QACT,CAAC;QAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3C,GAAG,CAAC,MAAM,EAAE,qCAAqC,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC;QAC1E,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClC,GAAG,CAAC,MAAM,EAAE,KAAK,KAAK,CAAC,IAAI,sBAAsB,KAAK,CAAC,IAAI,iCAAiC,KAAK,CAAC,IAAI,eAAe,CAAC,CAAC;QACzH,CAAC;QACD,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAChB,GAAG,CAAC,MAAM,EAAE,kEAAkE,CAAC,CAAC;QAChF,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC;YACzB,UAAU,EAAE,MAAM,CAAC,WAAW,CAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACvB,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;gBACzC,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC,IAAI,MAAM,EAAE;aAC1C,CAAC,CACH;SACF,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yEAAyE;AAEzE,SAAS,oBAAoB,CAAC,MAAoB,EAAE,MAAmB;IACrE,MAAM,UAAU,GAAG,IAAI,GAAG,EAA2I,CAAC;IAEtK,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,IAAI,MAAM,CAAC;QAChC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC5H,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC9C,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,KAAK,EAAE,CAAC;YACd,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS;gBAAE,KAAK,CAAC,OAAO,EAAE,CAAC;iBACvC,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS;gBAAE,KAAK,CAAC,OAAO,EAAE,CAAC;iBAC5C,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO;gBAAE,KAAK,CAAC,MAAM,EAAE,CAAC;;gBACzC,KAAK,CAAC,OAAO,EAAE,CAAC;QACvB,CAAC;IACH,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gEACgD,CAAC,CAAC,KAAK;2DACZ,CAAC,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;qEACb,CAAC,CAAC,IAAI;;wCAEnC,CAAC,CAAC,OAAO;wCACT,CAAC,CAAC,OAAO;wCACT,CAAC,CAAC,OAAO;wCACT,CAAC,CAAC,MAAM;;aAEnC,CAAC;SACT,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,wBAAwB;IACxB,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAChC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,MAAM,CAAC;QACrC,MAAM,SAAS,GAAG,KAAK,EAAE,IAAI,IAAI,CAAC,CAAC,OAAO,IAAI,GAAG,CAAC;QAClD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;QAC3I,MAAM,KAAK,GAAG,CAAC,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mGAAmG,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9K,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QAE3D,OAAO;yFAC8E,CAAC;uFACH,GAAG,CAAC,IAAI,CAAC;2HAC2B,KAAK,+DAA+D,KAAK,KAAK,GAAG,CAAC,SAAS,CAAC;sEACjJ,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;4DACrB,WAAW,oBAAoB,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE;4EACrC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;uCAC5D,KAAK;4EACgC,CAAC,CAAC,UAAU;;uBAEjE,CAAC;;YAEZ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,iCAAiC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YACtE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,oCAAoC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC/E,CAAC,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC,CAAC,wCAAwC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mGAAmG,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YACvO,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,gIAAgI,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE;uHAC/E,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;;YAExH,CAAC;IACX,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;IAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IAEpE,OAAO;;;;;;;;;;;;;;uHAc8G,MAAM,CAAC,MAAM,CAAC,MAAM;8CAC7F,KAAK,YAAY,OAAO,cAAc,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG;;;;;;;MAOpI,UAAU;;;;;;;;;;;;;;;;;UAiBN,IAAI,IAAI,mJAAmJ;;;;;;;;;;;;;;;;;;;QAmB7J,CAAC;AACT,CAAC;AAED,SAAS,GAAG,CAAC,CAAS;IACpB,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;AACtG,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+/**
+ * Clampd MCP Proxy — standalone proxy that wraps any MCP server with
+ * Clampd's full security pipeline.
+ *
+ * Users connect Claude Desktop (or any MCP client) to this proxy via SSE.
+ * The proxy intercepts every tool call, classifies it through ag-gateway,
+ * and only forwards allowed calls to the upstream MCP server.
+ *
+ * Usage:
+ *   clampd-mcp-proxy \
+ *     --upstream "npx -y @modelcontextprotocol/server-filesystem /tmp" \
+ *     --gateway http://localhost:8080 \
+ *     --api-key ag_test_acme_demo_2026 \
+ *     --agent-id b0000001-0000-0000-0000-000000000001 \
+ *     --port 3003
+ *
+ * Claude Desktop config (mcpServers):
+ *   {
+ *     "filesystem": {
+ *       "url": "http://localhost:3003/sse"
+ *     }
+ *   }
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;GAsBG"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,173 @@
+#!/usr/bin/env node
+/**
+ * Clampd MCP Proxy — standalone proxy that wraps any MCP server with
+ * Clampd's full security pipeline.
+ *
+ * Users connect Claude Desktop (or any MCP client) to this proxy via SSE.
+ * The proxy intercepts every tool call, classifies it through ag-gateway,
+ * and only forwards allowed calls to the upstream MCP server.
+ *
+ * Usage:
+ *   clampd-mcp-proxy \
+ *     --upstream "npx -y @modelcontextprotocol/server-filesystem /tmp" \
+ *     --gateway http://localhost:8080 \
+ *     --api-key ag_test_acme_demo_2026 \
+ *     --agent-id b0000001-0000-0000-0000-000000000001 \
+ *     --port 3003
+ *
+ * Claude Desktop config (mcpServers):
+ *   {
+ *     "filesystem": {
+ *       "url": "http://localhost:3003/sse"
+ *     }
+ *   }
+ */
+import { parseArgs } from "node:util";
+import { startProxy } from "./proxy.js";
+import { startFleet } from "./fleet.js";
+// ── CLI argument parsing ──────────────────────────────────────────────
+function parseCli() {
+    const { values } = parseArgs({
+        options: {
+            upstream: { type: "string", short: "u" },
+            gateway: { type: "string", short: "g" },
+            "api-key": { type: "string", short: "k" },
+            "agent-id": { type: "string", short: "a" },
+            port: { type: "string", short: "p" },
+            secret: { type: "string", short: "s" },
+            "dry-run": { type: "boolean", default: false },
+            "scan-input": { type: "boolean", default: false },
+            "scan-output": { type: "boolean", default: false },
+            "check-response": { type: "boolean", default: false },
+            "demo-panel": { type: "boolean", default: false },
+            "fleet-config": { type: "string" },
+            verbose: { type: "boolean", short: "v", default: false },
+            help: { type: "boolean", short: "h", default: false },
+        },
+        strict: true,
+    });
+    if (values.help) {
+        printUsage();
+        process.exit(0);
+    }
+    // Fleet mode — start multiple proxies from config file
+    if (values["fleet-config"]) {
+        return { fleetConfig: values["fleet-config"], verbose: values.verbose };
+    }
+    // CLI args take priority, then env vars, then defaults
+    const upstream = values.upstream ?? process.env.UPSTREAM_MCP;
+    const gateway = values.gateway ?? process.env.AG_GATEWAY_URL ?? "http://localhost:8080";
+    const apiKey = values["api-key"] ?? process.env.AG_API_KEY ?? "clmpd_demo_key";
+    const agentId = values["agent-id"] ?? process.env.AG_AGENT_ID;
+    const port = values.port ?? process.env.PORT ?? "3003";
+    const secret = values.secret ?? process.env.CLAMPD_AGENT_SECRET ?? process.env.JWT_SECRET;
+    // Feature flags: CLI flag OR env var
+    const scanInput = values["scan-input"] || process.env.CLAMPD_SCAN_INPUT === "true";
+    const scanOutput = values["scan-output"] || process.env.CLAMPD_SCAN_OUTPUT === "true";
+    const checkResponse = values["check-response"] || process.env.CLAMPD_CHECK_RESPONSE === "true";
+    const demoPanel = values["demo-panel"] || process.env.CLAMPD_DEMO_PANEL === "true";
+    if (!upstream) {
+        console.error("Error: --upstream is required (command to spawn the MCP server)");
+        console.error("       Set via --upstream flag or UPSTREAM_MCP env var");
+        printUsage();
+        process.exit(1);
+    }
+    if (!agentId) {
+        console.error("Error: --agent-id is required");
+        console.error("       Set via --agent-id flag or AG_AGENT_ID env var");
+        printUsage();
+        process.exit(1);
+    }
+    return {
+        upstream,
+        gateway,
+        apiKey,
+        agentId,
+        port: parseInt(port, 10),
+        secret,
+        dryRun: values["dry-run"],
+        scanInput,
+        scanOutput,
+        checkResponse,
+        demoPanel,
+        verbose: values.verbose,
+    };
+}
+function printUsage() {
+    console.log(`
+Clampd MCP Proxy — wraps any MCP server with Clampd security
+Usage:
+  clampd-mcp-proxy --upstream <command> --agent-id <uuid> [options]
+Required:
+  --upstream, -u      Command to spawn the upstream MCP server
+                      Example: "npx -y @modelcontextprotocol/server-filesystem /tmp"
+  --agent-id, -a      Clampd agent UUID
+Options:
+  --gateway, -g       Clampd gateway URL (default: http://localhost:8080)
+  --api-key, -k       Clampd API key (default: clmpd_demo_key)
+  --port, -p          Port to listen on (default: 3003)
+  --secret, -s        Signing secret (default: CLAMPD_AGENT_SECRET or JWT_SECRET env var)
+  --dry-run           Classify but never forward (uses /v1/verify)
+  --scan-input        Scan tool arguments for prompt injection / PII / secrets
+  --scan-output       Scan tool responses for PII / secrets leakage
+  --check-response    Validate responses against granted scope token
+  --demo-panel        Show attack demo panel in dashboard
+  --fleet-config      Path to fleet config JSON (multi-agent mode)
+  --verbose, -v       Enable debug logging
+  --help, -h          Show this help
+Environment Variables:
+  UPSTREAM_MCP          Upstream MCP server command
+  AG_GATEWAY_URL        Gateway URL
+  AG_API_KEY            API key
+  AG_AGENT_ID           Agent UUID
+  CLAMPD_AGENT_SECRET   Agent signing secret (ags_...)
+  JWT_SECRET            Global JWT signing secret (fallback)
+  CLAMPD_SCAN_INPUT     Enable input scanning (true/false)
+  CLAMPD_SCAN_OUTPUT    Enable output scanning (true/false)
+  CLAMPD_CHECK_RESPONSE Enable response checking (true/false)
+Claude Desktop config:
+  {
+    "mcpServers": {
+      "filesystem": {
+        "url": "http://localhost:3003/sse"
+      }
+    }
+  }
+`);
+}
+// ── Main ──────────────────────────────────────────────────────────────
+async function main() {
+    const args = parseCli();
+    // Fleet mode: start multiple proxies from config file
+    if ("fleetConfig" in args) {
+        const { setVerbose } = await import("./logger.js");
+        if (args.verbose)
+            setVerbose(true);
+        await startFleet(args.fleetConfig);
+        return;
+    }
+    await startProxy({
+        upstreamCommand: args.upstream,
+        gatewayUrl: args.gateway,
+        apiKey: args.apiKey,
+        agentId: args.agentId,
+        port: args.port,
+        secret: args.secret,
+        dryRun: args.dryRun,
+        scanInputEnabled: args.scanInput,
+        scanOutputEnabled: args.scanOutput,
+        checkResponse: args.checkResponse,
+        demoPanel: args.demoPanel,
+        verbose: args.verbose,
+    });
+}
+main().catch((err) => {
+    console.error("Fatal error:", err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC,yEAAyE;AAEzE,SAAS,QAAQ;IACf,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;QAC3B,OAAO,EAAE;YACP,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACxC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACvC,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACzC,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YAC1C,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACpC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,EAAE;YACtC,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YAC9C,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YACjD,aAAa,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YAClD,gBAAgB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YACrD,YAAY,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;YACjD,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAClC,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;YACxD,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE;SACtD;QACD,MAAM,EAAE,IAAI;KACb,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;QAChB,UAAU,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,uDAAuD;IACvD,IAAI,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,CAAC,cAAc,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAQ,EAAE,CAAC;IAC3E,CAAC;IAED,uDAAuD;IACvD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAC7D,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,uBAAuB,CAAC;IACxF,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,gBAAgB,CAAC;IAC/E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC;IAC9D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC;IACvD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAE1F,qCAAqC;IACrC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;IACnF,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,MAAM,CAAC;IACtF,MAAM,aAAa,GAAG,MAAM,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,MAAM,CAAC;IAC/F,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;IAEnF,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACjF,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACxE,UAAU,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QAC/C,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;QACvE,UAAU,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO;QACL,QAAQ;QACR,OAAO;QACP,MAAM;QACN,OAAO;QACP,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QACxB,MAAM;QACN,MAAM,EAAE,MAAM,CAAC,SAAS,CAAE;QAC1B,SAAS;QACT,UAAU;QACV,aAAa;QACb,SAAS;QACT,OAAO,EAAE,MAAM,CAAC,OAAQ;KACzB,CAAC;AACJ,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4Cb,CAAC,CAAC;AACH,CAAC;AAED,yEAAyE;AAEzE,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IAExB,sDAAsD;IACtD,IAAI,aAAa,IAAI,IAAI,EAAE,CAAC;QAC1B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACnD,IAAI,IAAI,CAAC,OAAO;YAAE,UAAU,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,UAAU,CAAC,IAAI,CAAC,WAAqB,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,MAAM,UAAU,CAAC;QACf,eAAe,EAAE,IAAI,CAAC,QAAQ;QAC9B,UAAU,EAAE,IAAI,CAAC,OAAO;QACxB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,gBAAgB,EAAE,IAAI,CAAC,SAAS;QAChC,iBAAiB,EAAE,IAAI,CAAC,UAAU;QAClC,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC,CAAC;AACL,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/interceptor.d.ts ADDED Viewed

@@ -0,0 +1,92 @@
+/**
+ * Gateway communication — classifies tool calls, scans input/output,
+ * and validates responses through ag-gateway.
+ *
+ * This is the security boundary: every MCP tool call passes through here
+ * before reaching the upstream server.
+ */
+export interface ClassifyResult {
+    /** Whether the tool call is allowed */
+    allowed: boolean;
+    /** Risk score from the 9-stage pipeline (0.0 - 1.0) */
+    risk_score: number;
+    /** Rule IDs that matched (e.g. ["R001", "R006"]) */
+    matched_rules: string[];
+    /** Human-readable denial reason (when blocked) */
+    denial_reason?: string;
+    /** Scope granted by OPA policy */
+    scope_granted?: string;
+    /** Gateway request ID for audit trail */
+    request_id?: string;
+    /** Scope token for response validation */
+    scope_token?: string;
+    /** Gateway processing latency */
+    latency_ms: number;
+    /** Pipeline stages that were degraded */
+    degraded_stages: string[];
+    /** Behavioral session flags */
+    session_flags: string[];
+    /** Intent action: "pass", "flag", or "block" */
+    action?: string;
+    /** Human-readable reasoning from the rules engine */
+    reasoning?: string;
+}
+export interface ScanResult {
+    allowed: boolean;
+    risk_score: number;
+    matched_rules: string[];
+    denial_reason?: string;
+    latency_ms: number;
+    pii_found?: Array<{
+        pii_type: string;
+        count: number;
+    }>;
+    secrets_found?: Array<{
+        secret_type: string;
+        count: number;
+    }>;
+}
+export interface InspectResult {
+    allowed: boolean;
+    risk_score: number;
+    matched_rules: string[];
+    denial_reason?: string;
+    latency_ms: number;
+}
+/** Tool definition from MCP listTools() */
+export interface ToolDef {
+    name: string;
+    description?: string;
+    inputSchema?: Record<string, unknown>;
+}
+/** Compute SHA-256 hex hash of a tool descriptor for rug-pull detection. */
+export declare function computeToolDescriptorHash(tool: ToolDef): string;
+/** Build a lookup map of tool name → descriptor hash. */
+export declare function buildDescriptorMap(tools: ToolDef[]): Map<string, string>;
+export declare function classifyToolCall(gatewayUrl: string, apiKey: string, secret: string, agentId: string, toolName: string, params: Record<string, unknown>, dryRun?: boolean, toolDescriptorHash?: string, authorizedTools?: string[], toolDescription?: string, toolParamsSchema?: string): Promise<ClassifyResult>;
+export declare function scanInput(gatewayUrl: string, apiKey: string, secret: string, agentId: string, text: string): Promise<ScanResult>;
+export declare function scanOutput(gatewayUrl: string, apiKey: string, secret: string, agentId: string, text: string, requestId?: string): Promise<ScanResult>;
+export declare function inspectResponse(gatewayUrl: string, apiKey: string, secret: string, agentId: string, toolName: string, responseData: unknown, requestId?: string, scopeToken?: string): Promise<InspectResult>;
+export interface RegisterToolsResult {
+    registered: number;
+    failed: number;
+    errors: Array<{
+        tool: string;
+        error: string;
+    }>;
+}
+/**
+ * Register discovered tools with the gateway at startup.
+ *
+ * Sends a lightweight `/v1/proxy` call (evaluate-only, target_url="") for
+ * each tool with benign empty params. This triggers the shadow event pipeline
+ * in ag-gateway, which ag-control picks up to auto-capture tool descriptors
+ * into the `tool_descriptors` table. If the org has `auto_trust` enabled,
+ * tools are auto-approved and their scopes synced to Redis — preventing
+ * `tool_not_registered` (422) errors on subsequent real calls.
+ *
+ * Requests run in parallel with a concurrency cap to avoid overwhelming
+ * the gateway. Registration is idempotent (safe to re-run on restart).
+ */
+export declare function registerTools(gatewayUrl: string, apiKey: string, secret: string, agentId: string, tools: ToolDef[], descriptorMap: Map<string, string>): Promise<RegisterToolsResult>;
+//# sourceMappingURL=interceptor.d.ts.map

package/dist/interceptor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"interceptor.d.ts","sourceRoot":"","sources":["../src/interceptor.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,oDAAoD;IACpD,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,kDAAkD;IAClD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kCAAkC;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,yCAAyC;IACzC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,+BAA+B;IAC/B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,gDAAgD;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,KAAK,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACvD,aAAa,CAAC,EAAE,KAAK,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/D;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,2CAA2C;AAC3C,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAID,4EAA4E;AAC5E,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAO/D;AAED,yDAAyD;AACzD,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAMxE;AA2DD,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,MAAM,UAAQ,EACd,kBAAkB,CAAC,EAAE,MAAM,EAC3B,eAAe,CAAC,EAAE,MAAM,EAAE,EAC1B,eAAe,CAAC,EAAE,MAAM,EACxB,gBAAgB,CAAC,EAAE,MAAM,GACxB,OAAO,CAAC,cAAc,CAAC,CAyDzB;AAID,wBAAsB,SAAS,CAC7B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,UAAU,CAAC,CAyBrB;AAID,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EACZ,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,UAAU,CAAC,CA8BrB;AAID,wBAAsB,eAAe,CACnC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,OAAO,EACrB,SAAS,CAAC,EAAE,MAAM,EAClB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,aAAa,CAAC,CAgCxB;AAID,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,OAAO,EAAE,EAChB,aAAa,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACjC,OAAO,CAAC,mBAAmB,CAAC,CA+D9B"}