@cyanheads/whois-mcp-server 0.1.1

package/dist/mcp-server/tools/definitions/whois-check-availability.tool.js

@@ -0,0 +1,102 @@
+/**
+ * @fileoverview whois_check_availability tool — domain availability check via RDAP 404 semantics.
+ * @module mcp-server/tools/definitions/whois-check-availability.tool
+ */
+import { tool, z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+import { getRdapService } from '../../../services/rdap/rdap-service.js';
+import { isValidFqdn } from './_fqdn.js';
+export const whoisCheckAvailability = tool('whois_check_availability', {
+    title: 'Domain Availability Check',
+    description: 'Check whether a domain name is registered or available for registration. RDAP 404 = available — ' +
+        'this is the RDAP spec behavior, modeled as data (available: true) not an error. Returns available: false ' +
+        'with registrar and expiry_date when the domain is registered. When the TLD has no RDAP coverage, returns ' +
+        'available: null with rdap_coverage: false — availability cannot be determined. Designed for "can I register X" ' +
+        'and bulk name sweeps. For the full registration record use whois_lookup_domain.',
+    annotations: { readOnlyHint: true, idempotentHint: true, openWorldHint: true },
+    input: z.object({
+        domain: z
+            .string()
+            .describe('Fully qualified domain name to check (e.g., "myfuturename.com"). ' +
+            'Must be a valid FQDN — labels separated by dots.'),
+    }),
+    output: z.object({
+        domain: z.string().describe('Normalized domain name checked.'),
+        available: z
+            .boolean()
+            .nullable()
+            .describe('True = available for registration (RDAP 404). False = registered. ' +
+            'Null = rdap_coverage is false — cannot determine availability for this TLD.'),
+        rdap_coverage: z.boolean().describe('True when a RDAP server was found for this TLD.'),
+        registrar: z.string().optional().describe('Registrar name when available: false.'),
+        expiry_date: z.string().optional().describe('Expiry date when available: false.'),
+    }),
+    errors: [
+        {
+            reason: 'invalid_domain',
+            code: JsonRpcErrorCode.InvalidParams,
+            when: 'Input is not a valid FQDN.',
+            recovery: 'Provide a valid fully-qualified domain name like "example.com" or "sub.example.org".',
+        },
+        {
+            reason: 'rdap_no_coverage',
+            code: JsonRpcErrorCode.NotFound,
+            when: 'TLD has no RDAP server — available is null, cannot determine registration status.',
+            recovery: 'This TLD has no RDAP coverage; availability cannot be determined programmatically.',
+        },
+    ],
+    async handler(input, ctx) {
+        if (!isValidFqdn(input.domain)) {
+            throw ctx.fail('invalid_domain', `"${input.domain}" is not a valid FQDN.`, {
+                ...ctx.recoveryFor('invalid_domain'),
+            });
+        }
+        ctx.log.info('RDAP availability check', { domain: input.domain });
+        const result = await getRdapService().checkAvailability(input.domain, ctx);
+        if (result.available === null) {
+            // No RDAP coverage — surface as data, not an error
+            return {
+                domain: input.domain.toLowerCase(),
+                available: null,
+                rdap_coverage: false,
+            };
+        }
+        if (result.available === true) {
+            return {
+                domain: input.domain.toLowerCase(),
+                available: true,
+                rdap_coverage: true,
+            };
+        }
+        // Registered
+        return {
+            domain: result.record.domain,
+            available: false,
+            rdap_coverage: true,
+            registrar: result.record.registrar,
+            expiry_date: result.record.expiry_date,
+        };
+    },
+    format: (result) => {
+        const lines = [];
+        lines.push(`# Domain: ${result.domain}`);
+        if (result.available === null) {
+            lines.push(`**Available:** Unknown (no RDAP coverage for this TLD)`);
+            lines.push(`**RDAP Coverage:** No`);
+        }
+        else if (result.available === true) {
+            lines.push(`**Available:** Yes — not currently registered`);
+            lines.push(`**RDAP Coverage:** Yes`);
+        }
+        else {
+            lines.push(`**Available:** No — registered`);
+            lines.push(`**RDAP Coverage:** Yes`);
+        }
+        if (result.registrar)
+            lines.push(`**Registrar:** ${result.registrar}`);
+        if (result.expiry_date)
+            lines.push(`**Expires:** ${result.expiry_date}`);
+        return [{ type: 'text', text: lines.join('\n') }];
+    },
+});
+//# sourceMappingURL=whois-check-availability.tool.js.map

package/dist/mcp-server/tools/definitions/whois-check-availability.tool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whois-check-availability.tool.js","sourceRoot":"","sources":["../../../../src/mcp-server/tools/definitions/whois-check-availability.tool.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,CAAC,0BAA0B,EAAE;IACrE,KAAK,EAAE,2BAA2B;IAClC,WAAW,EACT,kGAAkG;QAClG,2GAA2G;QAC3G,2GAA2G;QAC3G,iHAAiH;QACjH,iFAAiF;IACnF,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;IAE9E,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACd,MAAM,EAAE,CAAC;aACN,MAAM,EAAE;aACR,QAAQ,CACP,mEAAmE;YACjE,kDAAkD,CACrD;KACJ,CAAC;IAEF,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;QAC9D,SAAS,EAAE,CAAC;aACT,OAAO,EAAE;aACT,QAAQ,EAAE;aACV,QAAQ,CACP,oEAAoE;YAClE,6EAA6E,CAChF;QACH,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;QACtF,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uCAAuC,CAAC;QAClF,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;KAClF,CAAC;IAEF,MAAM,EAAE;QACN;YACE,MAAM,EAAE,gBAAgB;YACxB,IAAI,EAAE,gBAAgB,CAAC,aAAa;YACpC,IAAI,EAAE,4BAA4B;YAClC,QAAQ,EACN,sFAAsF;SACzF;QACD;YACE,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,gBAAgB,CAAC,QAAQ;YAC/B,IAAI,EAAE,mFAAmF;YACzF,QAAQ,EACN,oFAAoF;SACvF;KACF;IAED,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG;QACtB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,KAAK,CAAC,MAAM,wBAAwB,EAAE;gBACzE,GAAG,GAAG,CAAC,WAAW,CAAC,gBAAgB,CAAC;aACrC,CAAC,CAAC;QACL,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC,iBAAiB,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAE3E,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC9B,mDAAmD;YACnD,OAAO;gBACL,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE;gBAClC,SAAS,EAAE,IAAI;gBACf,aAAa,EAAE,KAAK;aACrB,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC9B,OAAO;gBACL,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE;gBAClC,SAAS,EAAE,IAAI;gBACf,aAAa,EAAE,IAAI;aACpB,CAAC;QACJ,CAAC;QAED,aAAa;QACb,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;YAC5B,SAAS,EAAE,KAAK;YAChB,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS;YAClC,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW;SACvC,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;QACjB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAEzC,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACrE,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,MAAM,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YACrC,KAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAC5D,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YAC7C,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,MAAM,CAAC,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QACvE,IAAI,MAAM,CAAC,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;QAEzE,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;CACF,CAAC,CAAC"}

package/dist/mcp-server/tools/definitions/whois-get-dns.tool.d.ts

@@ -0,0 +1,49 @@
+/**
+ * @fileoverview whois_get_dns tool — multi-type DNS record lookup via DNS-over-HTTPS.
+ * @module mcp-server/tools/definitions/whois-get-dns.tool
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+export declare const whoisGetDns: import("@cyanheads/mcp-ts-core").ToolDefinition<z.ZodObject<{
+    domain: z.ZodString;
+    types: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+        A: "A";
+        AAAA: "AAAA";
+        MX: "MX";
+        TXT: "TXT";
+        NS: "NS";
+        CNAME: "CNAME";
+        SOA: "SOA";
+        CAA: "CAA";
+        PTR: "PTR";
+    }>>>;
+}, z.core.$strip>, z.ZodObject<{
+    domain: z.ZodString;
+    nxdomain: z.ZodBoolean;
+    records: z.ZodArray<z.ZodObject<{
+        type: z.ZodEnum<{
+            A: "A";
+            AAAA: "AAAA";
+            MX: "MX";
+            TXT: "TXT";
+            NS: "NS";
+            CNAME: "CNAME";
+            SOA: "SOA";
+            CAA: "CAA";
+            PTR: "PTR";
+        }>;
+        name: z.ZodString;
+        ttl: z.ZodNumber;
+        data: z.ZodString;
+    }, z.core.$strip>>;
+    source: z.ZodEnum<{
+        cloudflare: "cloudflare";
+        google: "google";
+    }>;
+}, z.core.$strip>, readonly [{
+    readonly reason: "invalid_domain";
+    readonly code: JsonRpcErrorCode.InvalidParams;
+    readonly when: "Input is not a valid FQDN.";
+    readonly recovery: "Provide a valid fully-qualified domain name like \"example.com\" or \"sub.example.org\".";
+}], undefined>;
+//# sourceMappingURL=whois-get-dns.tool.d.ts.map

package/dist/mcp-server/tools/definitions/whois-get-dns.tool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"whois-get-dns.tool.d.ts","sourceRoot":"","sources":["../../../../src/mcp-server/tools/definitions/whois-get-dns.tool.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAQ,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAOjE,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAgHtB,CAAC"}

package/dist/mcp-server/tools/definitions/whois-get-dns.tool.js

@@ -0,0 +1,97 @@
+/**
+ * @fileoverview whois_get_dns tool — multi-type DNS record lookup via DNS-over-HTTPS.
+ * @module mcp-server/tools/definitions/whois-get-dns.tool
+ */
+import { tool, z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+import { getDohService } from '../../../services/doh/doh-service.js';
+import { isValidFqdn } from './_fqdn.js';
+const DNS_RECORD_TYPES = ['A', 'AAAA', 'MX', 'TXT', 'NS', 'CNAME', 'SOA', 'CAA', 'PTR'];
+export const whoisGetDns = tool('whois_get_dns', {
+    title: 'DNS Record Lookup',
+    description: 'Fetch DNS records for a domain via DNS-over-HTTPS. Uses Cloudflare 1.1.1.1 as primary resolver ' +
+        'with Google 8.8.8.8 as fallback (and primary for CAA records, since Cloudflare returns raw hex ' +
+        'wire format for those). Supports A, AAAA, MX, TXT, NS, CNAME, SOA, CAA, PTR. Multiple types ' +
+        'are fetched in parallel. NXDOMAIN is returned as nxdomain: true in the result, not as an error — ' +
+        'it means the domain does not exist in DNS.',
+    annotations: { readOnlyHint: true, idempotentHint: true, openWorldHint: true },
+    input: z.object({
+        domain: z
+            .string()
+            .describe('Fully qualified domain name or hostname to query (e.g., "github.com", "mail.example.com").'),
+        types: z
+            .array(z.enum(DNS_RECORD_TYPES).describe('A DNS record type to fetch.'))
+            .default(['A', 'AAAA', 'MX', 'TXT', 'NS'])
+            .describe('DNS record types to fetch. Defaults to [A, AAAA, MX, TXT, NS]. ' +
+            'Specify more types to expand coverage (e.g., add CAA to check certificate authority authorization).'),
+    }),
+    output: z.object({
+        domain: z.string().describe('Domain queried.'),
+        nxdomain: z
+            .boolean()
+            .describe('True when the domain does not exist in DNS (NXDOMAIN / Status 3). ' +
+            'Records will be empty. This is a valid data signal, not an error.'),
+        records: z
+            .array(z
+            .object({
+            type: z.enum(DNS_RECORD_TYPES).describe('DNS record type.'),
+            name: z.string().describe('Record owner name.'),
+            ttl: z.number().describe('Time-to-live in seconds.'),
+            data: z.string().describe('Record data (IP address, hostname, text, etc.).'),
+        })
+            .describe('A single DNS resource record.'))
+            .describe('DNS records returned for the requested types.'),
+        source: z
+            .enum(['cloudflare', 'google'])
+            .describe('The DoH resolver that provided results (cloudflare = primary, google = fallback or CAA).'),
+    }),
+    errors: [
+        {
+            reason: 'invalid_domain',
+            code: JsonRpcErrorCode.InvalidParams,
+            when: 'Input is not a valid FQDN.',
+            recovery: 'Provide a valid fully-qualified domain name like "example.com" or "sub.example.org".',
+        },
+    ],
+    async handler(input, ctx) {
+        if (!isValidFqdn(input.domain)) {
+            throw ctx.fail('invalid_domain', `"${input.domain}" is not a valid FQDN.`, {
+                ...ctx.recoveryFor('invalid_domain'),
+            });
+        }
+        ctx.log.info('DNS lookup via DoH', { domain: input.domain, types: input.types });
+        const result = await getDohService().lookup(input.domain, input.types, ctx);
+        return {
+            domain: result.domain,
+            nxdomain: result.nxdomain,
+            records: result.records,
+            source: result.source,
+        };
+    },
+    format: (result) => {
+        const lines = [];
+        lines.push(`# DNS Records: ${result.domain}`);
+        lines.push(`**Source:** ${result.source}`);
+        lines.push(`**NXDOMAIN:** ${result.nxdomain === true ? 'Yes — domain does not exist in DNS' : 'No'}`);
+        // Group records by type and render all fields (name, ttl, data)
+        const byType = new Map();
+        for (const rec of result.records) {
+            const list = byType.get(rec.type) ?? [];
+            list.push(rec);
+            byType.set(rec.type, list);
+        }
+        for (const [type, recs] of byType) {
+            lines.push(`\n## ${type}`);
+            for (const rec of recs) {
+                // TXT records are attacker-controlled free-text and must be fenced to prevent prompt injection
+                const data = type === 'TXT' ? `\`${rec.data}\`` : rec.data;
+                lines.push(`- **${data}** | name: ${rec.name} | TTL: ${rec.ttl}s`);
+            }
+        }
+        if (result.records.length === 0 && result.nxdomain !== true) {
+            lines.push('\nNo records found for the requested types.');
+        }
+        return [{ type: 'text', text: lines.join('\n') }];
+    },
+});
+//# sourceMappingURL=whois-get-dns.tool.js.map

package/dist/mcp-server/tools/definitions/whois-get-dns.tool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whois-get-dns.tool.js","sourceRoot":"","sources":["../../../../src/mcp-server/tools/definitions/whois-get-dns.tool.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAU,CAAC;AAEjG,MAAM,CAAC,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE;IAC/C,KAAK,EAAE,mBAAmB;IAC1B,WAAW,EACT,iGAAiG;QACjG,iGAAiG;QACjG,8FAA8F;QAC9F,mGAAmG;QACnG,4CAA4C;IAC9C,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE;IAE9E,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;QACd,MAAM,EAAE,CAAC;aACN,MAAM,EAAE;aACR,QAAQ,CACP,4FAA4F,CAC7F;QACH,KAAK,EAAE,CAAC;aACL,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;aACvE,OAAO,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;aACzC,QAAQ,CACP,iEAAiE;YAC/D,qGAAqG,CACxG;KACJ,CAAC;IAEF,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;QAC9C,QAAQ,EAAE,CAAC;aACR,OAAO,EAAE;aACT,QAAQ,CACP,oEAAoE;YAClE,mEAAmE,CACtE;QACH,OAAO,EAAE,CAAC;aACP,KAAK,CACJ,CAAC;aACE,MAAM,CAAC;YACN,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YAC3D,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oBAAoB,CAAC;YAC/C,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACpD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;SAC7E,CAAC;aACD,QAAQ,CAAC,+BAA+B,CAAC,CAC7C;aACA,QAAQ,CAAC,+CAA+C,CAAC;QAC5D,MAAM,EAAE,CAAC;aACN,IAAI,CAAC,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;aAC9B,QAAQ,CACP,0FAA0F,CAC3F;KACJ,CAAC;IAEF,MAAM,EAAE;QACN;YACE,MAAM,EAAE,gBAAgB;YACxB,IAAI,EAAE,gBAAgB,CAAC,aAAa;YACpC,IAAI,EAAE,4BAA4B;YAClC,QAAQ,EACN,sFAAsF;SACzF;KACF;IAED,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG;QACtB,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,KAAK,CAAC,MAAM,wBAAwB,EAAE;gBACzE,GAAG,GAAG,CAAC,WAAW,CAAC,gBAAgB,CAAC;aACrC,CAAC,CAAC;QACL,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAEjF,MAAM,MAAM,GAAG,MAAM,aAAa,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,KAAwB,EAAE,GAAG,CAAC,CAAC;QAE/F,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE;QACjB,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9C,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CACR,iBAAiB,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,oCAAoC,CAAC,CAAC,CAAC,IAAI,EAAE,CAC1F,CAAC;QAEF,gEAAgE;QAChE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAiC,CAAC;QACxD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACxC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACf,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7B,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;YAC3B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,+FAA+F;gBAC/F,MAAM,IAAI,GAAG,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;gBAC3D,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,cAAc,GAAG,CAAC,IAAI,WAAW,GAAG,CAAC,GAAG,GAAG,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;YAC5D,KAAK,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;CACF,CAAC,CAAC"}

package/dist/mcp-server/tools/definitions/whois-get-dossier.tool.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @fileoverview whois_get_dossier tool — one-call domain triage combining RDAP + DNS in parallel.
+ * @module mcp-server/tools/definitions/whois-get-dossier.tool
+ */
+import { z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode } from '@cyanheads/mcp-ts-core/errors';
+export declare const whoisGetDossier: import("@cyanheads/mcp-ts-core").ToolDefinition<z.ZodObject<{
+    domain: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+    domain: z.ZodString;
+    rdap_coverage: z.ZodNullable<z.ZodBoolean>;
+    registered: z.ZodNullable<z.ZodBoolean>;
+    registrar: z.ZodOptional<z.ZodString>;
+    created_date: z.ZodOptional<z.ZodString>;
+    expiry_date: z.ZodOptional<z.ZodString>;
+    age_days: z.ZodNullable<z.ZodNumber>;
+    dnssec_signed: z.ZodNullable<z.ZodBoolean>;
+    privacy_redacted: z.ZodNullable<z.ZodBoolean>;
+    status: z.ZodArray<z.ZodString>;
+    nameservers: z.ZodArray<z.ZodString>;
+    a_records: z.ZodArray<z.ZodString>;
+    mx_records: z.ZodArray<z.ZodString>;
+    ns_records: z.ZodArray<z.ZodString>;
+    txt_records: z.ZodArray<z.ZodString>;
+    dns_nxdomain: z.ZodNullable<z.ZodBoolean>;
+    ns_provider: z.ZodNullable<z.ZodString>;
+    mx_provider: z.ZodNullable<z.ZodString>;
+    rdap_source_error: z.ZodOptional<z.ZodString>;
+    dns_source_error: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, readonly [{
+    readonly reason: "invalid_domain";
+    readonly code: JsonRpcErrorCode.InvalidParams;
+    readonly when: "Input is not a valid FQDN.";
+    readonly recovery: "Provide a valid fully-qualified domain name like \"example.com\" or \"sub.example.org\".";
+}, {
+    readonly reason: "both_legs_failed";
+    readonly code: JsonRpcErrorCode.ServiceUnavailable;
+    readonly when: "Both RDAP and DoH legs failed — no data could be retrieved.";
+    readonly recovery: "Both RDAP and DNS services are unavailable. Retry in a few minutes or check network connectivity.";
+}], undefined>;
+//# sourceMappingURL=whois-get-dossier.tool.d.ts.map

package/dist/mcp-server/tools/definitions/whois-get-dossier.tool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"whois-get-dossier.tool.d.ts","sourceRoot":"","sources":["../../../../src/mcp-server/tools/definitions/whois-get-dossier.tool.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAQ,CAAC,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAY,MAAM,+BAA+B,CAAC;AAyE3E,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAiR1B,CAAC"}

package/dist/mcp-server/tools/definitions/whois-get-dossier.tool.js

@@ -0,0 +1,332 @@
+/**
+ * @fileoverview whois_get_dossier tool — one-call domain triage combining RDAP + DNS in parallel.
+ * @module mcp-server/tools/definitions/whois-get-dossier.tool
+ */
+import { tool, z } from '@cyanheads/mcp-ts-core';
+import { JsonRpcErrorCode, McpError } from '@cyanheads/mcp-ts-core/errors';
+import { getDohService } from '../../../services/doh/doh-service.js';
+import { getRdapService } from '../../../services/rdap/rdap-service.js';
+import { isValidFqdn } from './_fqdn.js';
+/** True when the error is a typed domain_not_found from rdap-service */
+function isDomainNotFound(err) {
+    return (err instanceof McpError &&
+        typeof err.data?.reason === 'string' &&
+        err.data.reason === 'domain_not_found');
+}
+/** Infer NS provider from the first NS record data (e.g., ns1.cloudflare.com → cloudflare) */
+function inferNsProvider(nsRecords) {
+    if (nsRecords.length === 0)
+        return;
+    const ns = (nsRecords[0]?.data ?? '').toLowerCase().replace(/\.$/, '');
+    // Common providers
+    if (ns.includes('cloudflare'))
+        return 'Cloudflare';
+    if (ns.includes('awsdns') || ns.includes('amazonaws'))
+        return 'AWS Route 53';
+    if (ns.includes('google'))
+        return 'Google Cloud DNS';
+    if (ns.includes('azure-dns') || ns.includes('microsoftdns'))
+        return 'Azure DNS';
+    if (ns.includes('namebrightdns') || ns.includes('namebright'))
+        return 'NameBright';
+    if (ns.includes('nsone') || ns.includes('ns1.com'))
+        return 'NS1';
+    if (ns.includes('dnsimple'))
+        return 'DNSimple';
+    if (ns.includes('domaincontrol'))
+        return 'GoDaddy';
+    if (ns.includes('name.com'))
+        return 'Name.com';
+    if (ns.includes('registrar-servers'))
+        return 'Namecheap';
+    // Fall back to the second-level domain of the NS server
+    const parts = ns.split('.');
+    if (parts.length >= 2)
+        return parts[parts.length - 2];
+    return;
+}
+/** Infer MX provider from the first MX record data */
+function inferMxProvider(mxRecords) {
+    if (mxRecords.length === 0)
+        return;
+    const mx = (mxRecords[0]?.data ?? '').toLowerCase().replace(/\.$/, '');
+    if (mx.includes('google') || mx.includes('googlemail') || mx.includes('aspmx'))
+        return 'Google Workspace';
+    if (mx.includes('outlook') ||
+        mx.includes('microsoft') ||
+        mx.includes('office365') ||
+        mx.includes('protection.outlook'))
+        return 'Microsoft 365';
+    if (mx.includes('mxroute'))
+        return 'MXroute';
+    if (mx.includes('mailchannels'))
+        return 'MailChannels';
+    if (mx.includes('amazonses') || mx.includes('amazonaws'))
+        return 'Amazon SES';
+    if (mx.includes('fastmail'))
+        return 'Fastmail';
+    if (mx.includes('protonmail'))
+        return 'ProtonMail';
+    if (mx.includes('zoho'))
+        return 'Zoho Mail';
+    if (mx.includes('sendgrid'))
+        return 'SendGrid';
+    if (mx.includes('mailgun'))
+        return 'Mailgun';
+    // Fall back to second-level domain
+    const parts = mx.split('.');
+    if (parts.length >= 2)
+        return parts[parts.length - 2];
+    return;
+}
+/** Compute domain age in days from creation date string */
+function ageDaysFromCreated(createdDate) {
+    if (!createdDate)
+        return;
+    const created = new Date(createdDate);
+    if (Number.isNaN(created.getTime()))
+        return;
+    const diffMs = Date.now() - created.getTime();
+    return Math.floor(diffMs / (1000 * 60 * 60 * 24));
+}
+export const whoisGetDossier = tool('whois_get_dossier', {
+    title: 'Domain Dossier',
+    description: 'One-call domain triage: fetches registration record (RDAP) and DNS records (A, MX, NS, TXT) in ' +
+        'parallel, returning a single normalized record with factual signals — domain age in days, ' +
+        'privacy-redacted flag, registrar, NS provider inferred from NS records, mail provider inferred ' +
+        'from MX records. No synthesized scores — factual signals only. Partial results are surfaced when ' +
+        'one leg fails (registration or DNS marked with source_error); only when both legs fail does the ' +
+        'tool throw both_legs_failed. For the full registration record use whois_lookup_domain. For DNS ' +
+        'types beyond A/MX/NS/TXT (e.g., CNAME, CAA, SOA) use whois_get_dns.',
+    annotations: { readOnlyHint: true, idempotentHint: true, openWorldHint: true },
+    input: z.object({
+        domain: z
+            .string()
+            .describe('Fully qualified domain name for the triage (e.g., "github.com"). Must be a valid FQDN.'),
+    }),
+    output: z.object({
+        domain: z.string().describe('Normalized domain name.'),
+        // Registration section
+        rdap_coverage: z
+            .boolean()
+            .nullable()
+            .describe('True = RDAP server found. False = no RDAP coverage. Null = RDAP leg failed (source_error set).'),
+        registered: z
+            .boolean()
+            .nullable()
+            .describe('True when the domain has a registration record. False = RDAP 404 (not registered). ' +
+            'Null when RDAP leg failed.'),
+        registrar: z.string().optional().describe('Registrar name from registration record.'),
+        created_date: z.string().optional().describe('ISO 8601 registration creation date.'),
+        expiry_date: z.string().optional().describe('ISO 8601 registration expiry date.'),
+        age_days: z
+            .number()
+            .nullable()
+            .describe('Domain age in days since creation_date. Null when created_date is unavailable.'),
+        dnssec_signed: z
+            .boolean()
+            .nullable()
+            .describe('True when delegation-signed. Null when RDAP leg unavailable.'),
+        privacy_redacted: z
+            .boolean()
+            .nullable()
+            .describe('True when registrant contact info is privacy-redacted. Null when RDAP leg unavailable.'),
+        status: z.array(z.string()).describe('EPP status codes. Empty when RDAP leg failed.'),
+        nameservers: z
+            .array(z.string())
+            .describe('Authoritative nameservers. Empty when RDAP leg failed.'),
+        // DNS section
+        a_records: z
+            .array(z.string())
+            .describe('IPv4 addresses (A records). Empty when DNS leg failed or NXDOMAIN.'),
+        mx_records: z
+            .array(z.string())
+            .describe('Mail exchange hostnames (MX data). Empty when DNS leg failed or NXDOMAIN.'),
+        ns_records: z
+            .array(z.string())
+            .describe('DNS nameservers from live DNS (NS data). Empty when DNS leg failed or NXDOMAIN.'),
+        txt_records: z
+            .array(z.string())
+            .describe('TXT record values (SPF, DKIM hints, etc.). Empty when DNS leg failed or NXDOMAIN.'),
+        dns_nxdomain: z
+            .boolean()
+            .nullable()
+            .describe('True when DNS says domain does not exist (NXDOMAIN). Null when DNS leg failed.'),
+        // Inferred signals
+        ns_provider: z
+            .string()
+            .nullable()
+            .describe('DNS provider inferred from NS record (e.g., "Cloudflare", "AWS Route 53"). Null when unknown or DNS leg failed.'),
+        mx_provider: z
+            .string()
+            .nullable()
+            .describe('Mail provider inferred from MX record (e.g., "Google Workspace", "Microsoft 365"). Null when no MX or DNS leg failed.'),
+        // Error signals
+        rdap_source_error: z
+            .string()
+            .optional()
+            .describe('Error message from the RDAP leg when it failed. Omitted on success.'),
+        dns_source_error: z
+            .string()
+            .optional()
+            .describe('Error message from the DNS leg when it failed. Omitted on success.'),
+    }),
+    errors: [
+        {
+            reason: 'invalid_domain',
+            code: JsonRpcErrorCode.InvalidParams,
+            when: 'Input is not a valid FQDN.',
+            recovery: 'Provide a valid fully-qualified domain name like "example.com" or "sub.example.org".',
+        },
+        {
+            reason: 'both_legs_failed',
+            code: JsonRpcErrorCode.ServiceUnavailable,
+            when: 'Both RDAP and DoH legs failed — no data could be retrieved.',
+            recovery: 'Both RDAP and DNS services are unavailable. Retry in a few minutes or check network connectivity.',
+        },
+    ],
+    async handler(input, ctx) {
+        if (!isValidFqdn(input.domain)) {
+            throw ctx.fail('invalid_domain', `"${input.domain}" is not a valid FQDN.`, {
+                ...ctx.recoveryFor('invalid_domain'),
+            });
+        }
+        ctx.log.info('Domain dossier lookup', { domain: input.domain });
+        // Fan out RDAP and DNS lookups in parallel
+        const [rdapSettled, dnsSettled] = await Promise.allSettled([
+            getRdapService().lookupDomain(input.domain, ctx),
+            getDohService().lookup(input.domain, ['A', 'MX', 'NS', 'TXT'], ctx),
+        ]);
+        const rdapOk = rdapSettled.status === 'fulfilled';
+        const dnsOk = dnsSettled.status === 'fulfilled';
+        // domain_not_found is a valid data signal (RDAP 404 = not registered), not a leg failure
+        const rdapNotFound = rdapSettled.status === 'rejected' && isDomainNotFound(rdapSettled.reason);
+        if (!rdapOk && !rdapNotFound && !dnsOk) {
+            throw ctx.fail('both_legs_failed', 'Both RDAP and DNS lookups failed — no data available.', {
+                rdap_error: rdapSettled.status === 'rejected' ? String(rdapSettled.reason) : undefined,
+                dns_error: dnsSettled.status === 'rejected' ? String(dnsSettled.reason) : undefined,
+                ...ctx.recoveryFor('both_legs_failed'),
+            });
+        }
+        // Build result from available legs
+        let reg;
+        let rdapSourceError;
+        if (rdapOk) {
+            reg = rdapSettled.value;
+        }
+        else if (!rdapNotFound) {
+            rdapSourceError =
+                rdapSettled.reason instanceof Error
+                    ? rdapSettled.reason.message
+                    : String(rdapSettled.reason);
+        }
+        let dnsRecords = [];
+        let dnsNxdomain = null;
+        let dnsSourceError;
+        if (dnsOk) {
+            dnsRecords = dnsSettled.value.records;
+            dnsNxdomain = dnsSettled.value.nxdomain;
+        }
+        else {
+            dnsSourceError =
+                dnsSettled.reason instanceof Error ? dnsSettled.reason.message : String(dnsSettled.reason);
+        }
+        const nsRecords = dnsRecords.filter((r) => r.type === 'NS');
+        const mxRecords = dnsRecords.filter((r) => r.type === 'MX');
+        const aRecords = dnsRecords.filter((r) => r.type === 'A');
+        const txtRecords = dnsRecords.filter((r) => r.type === 'TXT');
+        const ageDays = reg ? (ageDaysFromCreated(reg.created_date) ?? null) : null;
+        const nsProvider = dnsOk ? (inferNsProvider(nsRecords) ?? null) : null;
+        const mxProvider = dnsOk ? (inferMxProvider(mxRecords) ?? null) : null;
+        // registered:
+        //   true  — RDAP returned a record (domain exists)
+        //   false — RDAP returned 404 (domain_not_found = not registered)
+        //   null  — RDAP leg errored for another reason, or rdap_coverage: false
+        const registered = rdapNotFound
+            ? false
+            : rdapOk && reg
+                ? reg.rdap_coverage
+                    ? true
+                    : null
+                : null;
+        return {
+            domain: input.domain.toLowerCase(),
+            // rdapNotFound means RDAP server was reachable (coverage: true) but domain doesn't exist
+            rdap_coverage: rdapNotFound ? true : rdapOk ? (reg?.rdap_coverage ?? null) : null,
+            registered,
+            registrar: reg?.registrar,
+            created_date: reg?.created_date,
+            expiry_date: reg?.expiry_date,
+            age_days: ageDays,
+            dnssec_signed: rdapOk ? (reg?.dnssec_signed ?? null) : null,
+            privacy_redacted: rdapOk ? (reg?.registrant_redacted ?? null) : null,
+            status: reg?.status ?? [],
+            nameservers: reg?.nameservers ?? [],
+            a_records: aRecords.map((r) => r.data),
+            mx_records: mxRecords.map((r) => r.data.replace(/\.$/, '')),
+            ns_records: nsRecords.map((r) => r.data.replace(/\.$/, '')),
+            txt_records: txtRecords.map((r) => r.data),
+            dns_nxdomain: dnsNxdomain,
+            ns_provider: nsProvider,
+            mx_provider: mxProvider,
+            ...(rdapSourceError ? { rdap_source_error: rdapSourceError } : {}),
+            ...(dnsSourceError ? { dns_source_error: dnsSourceError } : {}),
+        };
+    },
+    format: (result) => {
+        const lines = [];
+        lines.push(`# Domain Dossier: ${result.domain}`);
+        // Registration section
+        lines.push('\n## Registration');
+        if (result.rdap_coverage === null) {
+            lines.push(`**RDAP:** Failed`);
+        }
+        else if (!result.rdap_coverage) {
+            lines.push('**RDAP Coverage:** None — TLD has no RDAP server');
+        }
+        else {
+            lines.push(`**Registered:** ${result.registered ? 'Yes' : result.registered === false ? 'No' : 'Unknown'}`);
+            if (result.created_date)
+                lines.push(`**Created:** ${result.created_date}`);
+            if (result.expiry_date)
+                lines.push(`**Expires:** ${result.expiry_date}`);
+            if (result.age_days !== null)
+                lines.push(`**Age:** ${result.age_days} days`);
+            lines.push(`**DNSSEC:** ${result.dnssec_signed ? 'Signed' : result.dnssec_signed === false ? 'Not signed' : 'Unknown'}`);
+            lines.push(`**Privacy Redacted:** ${result.privacy_redacted ? 'Yes' : result.privacy_redacted === false ? 'No' : 'Unknown'}`);
+            if (result.status.length > 0)
+                lines.push(`**Status:** ${result.status.join(', ')}`);
+            if (result.nameservers.length > 0)
+                lines.push(`**Nameservers (RDAP):** ${result.nameservers.join(', ')}`);
+        }
+        if (result.registrar)
+            lines.push(`**Registrar:** ${result.registrar}`);
+        if (result.rdap_source_error)
+            lines.push(`**RDAP Error:** ${result.rdap_source_error}`);
+        // DNS section
+        lines.push('\n## DNS');
+        if (result.dns_source_error) {
+            lines.push(`**DNS:** Failed — ${result.dns_source_error}`);
+        }
+        else if (result.dns_nxdomain) {
+            lines.push('**NXDOMAIN:** Domain does not exist in DNS.');
+        }
+        if (result.a_records.length > 0)
+            lines.push(`**A:** ${result.a_records.join(', ')}`);
+        if (result.ns_records.length > 0)
+            lines.push(`**NS:** ${result.ns_records.join(', ')}`);
+        if (result.mx_records.length > 0)
+            lines.push(`**MX:** ${result.mx_records.join(', ')}`);
+        if (result.txt_records.length > 0) {
+            // TXT records are attacker-controlled free-text; backtick-fence each value to prevent prompt injection
+            const fenced = result.txt_records.slice(0, 3).map((v) => `\`${v}\``);
+            lines.push(`**TXT:** ${fenced.join(' | ')}`);
+        }
+        // Inferred signals
+        lines.push('\n## Signals');
+        lines.push(`**NS Provider:** ${result.ns_provider ?? 'Unknown'}`);
+        lines.push(`**Mail Provider:** ${result.mx_provider ?? 'None / Unknown'}`);
+        return [{ type: 'text', text: lines.join('\n') }];
+    },
+});
+//# sourceMappingURL=whois-get-dossier.tool.js.map