@darkiceinteractive/mcp-conductor 2.0.0-alpha.1 → 3.0.0-beta.1

package/dist/utils/tokenize.d.ts

@@ -0,0 +1,55 @@
+/**
+ * PII Tokenization — Workstream X4 (Agent J)
+ *
+ * Strips sensitive values from MCP tool responses *before* they enter
+ * the Deno sandbox or Claude's context. Each detected value is replaced
+ * with a stable token (e.g. `[EMAIL_1]`). A per-execution reverse map
+ * lets sandbox code call `mcp.detokenize(token)` to recover the original
+ * value for outbound MCP calls.
+ *
+ * Design:
+ * - Built-in matchers only this sprint (email, phone, SSN, CC/Luhn,
+ *   IBAN, IPv4/v6). Inline-regex matchers are deferred to the follow-up.
+ * - The reverse map is passed to `generateSandboxCode` and embedded in
+ *   the sandbox preamble as a frozen object. It is NOT persisted and
+ *   cannot outlive the `execute_code` call that created it.
+ * - Tokenization is deterministic within a call: the same value always
+ *   gets the same token (idempotent within one tokenize() invocation via
+ *   the `seen` map).
+ *
+ * @module utils/tokenize
+ */
+export type BuiltinMatcherName = 'email' | 'phone' | 'ssn' | 'credit_card' | 'iban' | 'ipv4' | 'ipv6';
+export type RedactMatcher = BuiltinMatcherName | string;
+export interface TokenizeResult {
+    /** The redacted value (tokens replace original sensitive data) */
+    redacted: unknown;
+    /**
+     * Reverse map from token → original value.
+     * Scoped to one `execute_code` call; never persisted.
+     */
+    reverseMap: Record<string, string>;
+}
+/**
+ * Tokenize PII in `value` according to the requested `matchers`.
+ *
+ * - Walks nested objects and arrays recursively.
+ * - String values are scanned for all active matchers.
+ * - Object keys are NOT tokenized (only values).
+ * - If the same literal appears twice it receives the same token
+ *   (idempotent within one call).
+ *
+ * @param value   The data returned by an MCP tool.
+ * @param matchers Array of built-in matcher names (e.g. `['email','phone']`).
+ *   Unknown names are silently ignored (future-proof for inline-regex extension).
+ * @returns `{ redacted, reverseMap }` where `reverseMap[token] = original`.
+ */
+export declare function tokenize(value: unknown, matchers: ReadonlyArray<RedactMatcher>): TokenizeResult;
+/**
+ * Given a reverse map and a token string, return the original value.
+ * Returns `undefined` if the token is not in the map.
+ *
+ * Used in the sandbox preamble to implement `mcp.detokenize(token)`.
+ */
+export declare function detokenize(token: string, reverseMap: Readonly<Record<string, string>>): string | undefined;
+//# sourceMappingURL=tokenize.d.ts.map

package/dist/utils/tokenize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenize.d.ts","sourceRoot":"","sources":["../../src/utils/tokenize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAMH,MAAM,MAAM,kBAAkB,GAC1B,OAAO,GACP,OAAO,GACP,KAAK,GACL,aAAa,GACb,MAAM,GACN,MAAM,GACN,MAAM,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,kBAAkB,GAAG,MAAM,CAAC;AAwIxD,MAAM,WAAW,cAAc;IAC7B,kEAAkE;IAClE,QAAQ,EAAE,OAAO,CAAC;IAClB;;;OAGG;IACH,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,QAAQ,CACtB,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,aAAa,CAAC,aAAa,CAAC,GACrC,cAAc,CA+DhB;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CACxB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,GAC3C,MAAM,GAAG,SAAS,CAEpB"}

package/dist/utils/tokenize.js

@@ -0,0 +1,205 @@
+/**
+ * PII Tokenization — Workstream X4 (Agent J)
+ *
+ * Strips sensitive values from MCP tool responses *before* they enter
+ * the Deno sandbox or Claude's context. Each detected value is replaced
+ * with a stable token (e.g. `[EMAIL_1]`). A per-execution reverse map
+ * lets sandbox code call `mcp.detokenize(token)` to recover the original
+ * value for outbound MCP calls.
+ *
+ * Design:
+ * - Built-in matchers only this sprint (email, phone, SSN, CC/Luhn,
+ *   IBAN, IPv4/v6). Inline-regex matchers are deferred to the follow-up.
+ * - The reverse map is passed to `generateSandboxCode` and embedded in
+ *   the sandbox preamble as a frozen object. It is NOT persisted and
+ *   cannot outlive the `execute_code` call that created it.
+ * - Tokenization is deterministic within a call: the same value always
+ *   gets the same token (idempotent within one tokenize() invocation via
+ *   the `seen` map).
+ *
+ * @module utils/tokenize
+ */
+// ─────────────────────────────────────────────────────────────────────────────
+// Token format
+// ─────────────────────────────────────────────────────────────────────────────
+const TOKEN_LABELS = {
+    email: 'EMAIL',
+    phone: 'PHONE',
+    ssn: 'SSN',
+    credit_card: 'CC',
+    iban: 'IBAN',
+    ipv4: 'IPV4',
+    ipv6: 'IPV6',
+};
+// ─────────────────────────────────────────────────────────────────────────────
+// Luhn algorithm (credit-card validation)
+// ─────────────────────────────────────────────────────────────────────────────
+function luhnCheck(digits) {
+    let sum = 0;
+    let alternate = false;
+    for (let i = digits.length - 1; i >= 0; i--) {
+        let n = parseInt(digits[i], 10);
+        if (alternate) {
+            n *= 2;
+            if (n > 9)
+                n -= 9;
+        }
+        sum += n;
+        alternate = !alternate;
+    }
+    return sum % 10 === 0;
+}
+// ─────────────────────────────────────────────────────────────────────────────
+// IBAN checksum (ISO 13616 mod-97)
+// ─────────────────────────────────────────────────────────────────────────────
+function ibanCheck(raw) {
+    // Move first 4 chars to end and convert letters to digits
+    const rearranged = (raw.slice(4) + raw.slice(0, 4)).toUpperCase();
+    let numeric = '';
+    for (const ch of rearranged) {
+        if (ch >= 'A' && ch <= 'Z') {
+            numeric += (ch.charCodeAt(0) - 55).toString();
+        }
+        else {
+            numeric += ch;
+        }
+    }
+    // BigInt mod-97 (string is too long for Number)
+    let remainder = BigInt(0);
+    for (const ch of numeric) {
+        remainder = (remainder * 10n + BigInt(ch)) % 97n;
+    }
+    return remainder === 1n;
+}
+const BUILTIN_MATCHERS = {
+    // RFC 5322 simplified — local@domain.tld
+    email: {
+        label: TOKEN_LABELS.email,
+        pattern: /[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+/g,
+    },
+    // Loose international: +CC NNN…, (NNN) NNN-NNNN, NNN-NNN-NNNN, etc.
+    // Last group is \d{3,} to cover 3-digit tails (+61 412 345 678) and
+    // 4-digit tails ((555) 867-5309). \+\d{7,15} catches compact international
+    // numbers without separators.
+    phone: {
+        label: TOKEN_LABELS.phone,
+        pattern: /(?:\+\d{1,3}[\s.-])?\(?\d{3}\)?[\s.-]\d{3}[\s.-]\d{3,}|\+\d{7,15}/g,
+    },
+    // SSN: NNN-NN-NNNN or 9-digit run. The 9-digit run is only matched
+    // when preceded/followed by a word boundary so we don't swallow longer IDs.
+    ssn: {
+        label: TOKEN_LABELS.ssn,
+        pattern: /\b\d{3}-\d{2}-\d{4}\b|\b\d{9}\b/g,
+    },
+    // Credit card: 13–19 digits with optional spaces/dashes, Luhn-validated.
+    credit_card: {
+        label: TOKEN_LABELS.credit_card,
+        pattern: /\b(?:\d[ -]?){13,19}\b/g,
+        extractDigits: (m) => m.replace(/[ -]/g, ''),
+        validate: (digits) => digits.length >= 13 && digits.length <= 19 && luhnCheck(digits),
+    },
+    // IBAN: 2-letter country, 2 check digits, 11–30 alphanumeric chars.
+    // Tolerates spaces every 4 chars (SEPA print form).
+    iban: {
+        label: TOKEN_LABELS.iban,
+        pattern: /\b[A-Z]{2}\d{2}(?:[ ]?[A-Z0-9]{4}){2,7}(?:[ ]?[A-Z0-9]{1,4})?\b/gi,
+        extractDigits: (m) => m.replace(/\s/g, ''),
+        validate: (raw) => {
+            const stripped = raw.replace(/\s/g, '');
+            return stripped.length >= 15 && stripped.length <= 34 && ibanCheck(stripped);
+        },
+    },
+    // IPv4: standard dotted-quad with optional CIDR suffix
+    ipv4: {
+        label: TOKEN_LABELS.ipv4,
+        pattern: /\b(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]?\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]?\d)(?:\/\d{1,2})?\b/g,
+    },
+    // IPv6: full, compressed (::), and mixed IPv4/v6 forms
+    ipv6: {
+        label: TOKEN_LABELS.ipv6,
+        pattern: /(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:)*::(?:[0-9a-fA-F]{1,4}:)*[0-9a-fA-F]{1,4}|::(?:[0-9a-fA-F]{1,4}:)*[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:)*::/g,
+    },
+};
+/**
+ * Tokenize PII in `value` according to the requested `matchers`.
+ *
+ * - Walks nested objects and arrays recursively.
+ * - String values are scanned for all active matchers.
+ * - Object keys are NOT tokenized (only values).
+ * - If the same literal appears twice it receives the same token
+ *   (idempotent within one call).
+ *
+ * @param value   The data returned by an MCP tool.
+ * @param matchers Array of built-in matcher names (e.g. `['email','phone']`).
+ *   Unknown names are silently ignored (future-proof for inline-regex extension).
+ * @returns `{ redacted, reverseMap }` where `reverseMap[token] = original`.
+ */
+export function tokenize(value, matchers) {
+    // Build the active spec set once per call.
+    const activeSpecs = [];
+    for (const name of matchers) {
+        if (name in BUILTIN_MATCHERS) {
+            activeSpecs.push(BUILTIN_MATCHERS[name]);
+        }
+        // Unknown names (future inline-regex) are skipped silently.
+    }
+    if (activeSpecs.length === 0) {
+        return { redacted: value, reverseMap: {} };
+    }
+    const counters = {};
+    const seen = new Map(); // originalValue → token
+    const reverseMap = {};
+    function nextToken(label) {
+        counters[label] = (counters[label] ?? 0) + 1;
+        return `[${label}_${counters[label]}]`;
+    }
+    function redactString(input) {
+        let result = input;
+        for (const spec of activeSpecs) {
+            spec.pattern.lastIndex = 0; // reset stateful global regex
+            result = result.replace(spec.pattern, (match) => {
+                // Secondary validation (Luhn, IBAN mod-97)
+                if (spec.validate) {
+                    const digits = spec.extractDigits ? spec.extractDigits(match) : match;
+                    if (!spec.validate(digits))
+                        return match; // not a valid PAN/IBAN — leave it
+                }
+                // Idempotent: same value → same token
+                if (seen.has(match)) {
+                    return seen.get(match);
+                }
+                const token = nextToken(spec.label);
+                seen.set(match, token);
+                reverseMap[token] = match;
+                return token;
+            });
+        }
+        return result;
+    }
+    function walk(node) {
+        if (typeof node === 'string')
+            return redactString(node);
+        if (Array.isArray(node))
+            return node.map(walk);
+        if (node !== null && typeof node === 'object') {
+            const out = {};
+            for (const [k, v] of Object.entries(node)) {
+                out[k] = walk(v);
+            }
+            return out;
+        }
+        return node; // number, boolean, null, undefined — pass through
+    }
+    const redacted = walk(value);
+    return { redacted, reverseMap };
+}
+/**
+ * Given a reverse map and a token string, return the original value.
+ * Returns `undefined` if the token is not in the map.
+ *
+ * Used in the sandbox preamble to implement `mcp.detokenize(token)`.
+ */
+export function detokenize(token, reverseMap) {
+    return reverseMap[token];
+}
+//# sourceMappingURL=tokenize.js.map

package/dist/utils/tokenize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokenize.js","sourceRoot":"","sources":["../../src/utils/tokenize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAiBH,gFAAgF;AAChF,eAAe;AACf,gFAAgF;AAEhF,MAAM,YAAY,GAAuC;IACvD,KAAK,EAAE,OAAO;IACd,KAAK,EAAE,OAAO;IACd,GAAG,EAAE,KAAK;IACV,WAAW,EAAE,IAAI;IACjB,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;IACZ,IAAI,EAAE,MAAM;CACb,CAAC;AAEF,gFAAgF;AAChF,0CAA0C;AAC1C,gFAAgF;AAEhF,SAAS,SAAS,CAAC,MAAc;IAC/B,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAE,EAAE,EAAE,CAAC,CAAC;QACjC,IAAI,SAAS,EAAE,CAAC;YACd,CAAC,IAAI,CAAC,CAAC;YACP,IAAI,CAAC,GAAG,CAAC;gBAAE,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QACD,GAAG,IAAI,CAAC,CAAC;QACT,SAAS,GAAG,CAAC,SAAS,CAAC;IACzB,CAAC;IACD,OAAO,GAAG,GAAG,EAAE,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,gFAAgF;AAChF,mCAAmC;AACnC,gFAAgF;AAEhF,SAAS,SAAS,CAAC,GAAW;IAC5B,0DAA0D;IAC1D,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IAClE,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;QAC5B,IAAI,EAAE,IAAI,GAAG,IAAI,EAAE,IAAI,GAAG,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IACD,gDAAgD;IAChD,IAAI,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC1B,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;QACzB,SAAS,GAAG,CAAC,SAAS,GAAG,GAAG,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;IACnD,CAAC;IACD,OAAO,SAAS,KAAK,EAAE,CAAC;AAC1B,CAAC;AAoBD,MAAM,gBAAgB,GAA4C;IAChE,yCAAyC;IACzC,KAAK,EAAE;QACL,KAAK,EAAE,YAAY,CAAC,KAAK;QACzB,OAAO,EAAE,qIAAqI;KAC/I;IAED,oEAAoE;IACpE,oEAAoE;IACpE,2EAA2E;IAC3E,8BAA8B;IAC9B,KAAK,EAAE;QACL,KAAK,EAAE,YAAY,CAAC,KAAK;QACzB,OAAO,EAAE,oEAAoE;KAC9E;IAED,mEAAmE;IACnE,4EAA4E;IAC5E,GAAG,EAAE;QACH,KAAK,EAAE,YAAY,CAAC,GAAG;QACvB,OAAO,EAAE,kCAAkC;KAC5C;IAED,yEAAyE;IACzE,WAAW,EAAE;QACX,KAAK,EAAE,YAAY,CAAC,WAAW;QAC/B,OAAO,EAAE,yBAAyB;QAClC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,IAAI,SAAS,CAAC,MAAM,CAAC;KACtF;IAED,oEAAoE;IACpE,oDAAoD;IACpD,IAAI,EAAE;QACJ,KAAK,EAAE,YAAY,CAAC,IAAI;QACxB,OAAO,EAAE,mEAAmE;QAC5E,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;QAC1C,QAAQ,EAAE,CAAC,GAAG,EAAE,EAAE;YAChB,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACxC,OAAO,QAAQ,CAAC,MAAM,IAAI,EAAE,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,IAAI,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/E,CAAC;KACF;IAED,uDAAuD;IACvD,IAAI,EAAE;QACJ,KAAK,EAAE,YAAY,CAAC,IAAI;QACxB,OAAO,EAAE,sGAAsG;KAChH;IAED,uDAAuD;IACvD,IAAI,EAAE;QACJ,KAAK,EAAE,YAAY,CAAC,IAAI;QACxB,OAAO,EAAE,4KAA4K;KACtL;CACF,CAAC;AAgBF;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,QAAQ,CACtB,KAAc,EACd,QAAsC;IAEtC,2CAA2C;IAC3C,MAAM,WAAW,GAAkB,EAAE,CAAC;IACtC,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,IAAI,gBAAgB,EAAE,CAAC;YAC7B,WAAW,CAAC,IAAI,CAAC,gBAAgB,CAAC,IAA0B,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,4DAA4D;IAC9D,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,MAAM,IAAI,GAAwB,IAAI,GAAG,EAAE,CAAC,CAAC,wBAAwB;IACrE,MAAM,UAAU,GAA2B,EAAE,CAAC;IAE9C,SAAS,SAAS,CAAC,KAAa;QAC9B,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC7C,OAAO,IAAI,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;IACzC,CAAC;IAED,SAAS,YAAY,CAAC,KAAa;QACjC,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,8BAA8B;YAC1D,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC9C,2CAA2C;gBAC3C,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAClB,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;oBACtE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;wBAAE,OAAO,KAAK,CAAC,CAAC,kCAAkC;gBAC9E,CAAC;gBAED,sCAAsC;gBACtC,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;gBAC1B,CAAC;gBAED,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACpC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;gBACvB,UAAU,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;gBAC1B,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,SAAS,IAAI,CAAC,IAAa;QACzB,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC9C,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAA+B,CAAC,EAAE,CAAC;gBACrE,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,IAAI,CAAC,CAAC,kDAAkD;IACjE,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;AAClC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,UAAU,CACxB,KAAa,EACb,UAA4C;IAE5C,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/version.d.ts

@@ -1,4 +1,4 @@
-export declare const VERSION = "2.0.0-alpha.1";
-export declare const BUILD_NUMBER = 3;
-export declare const BUILD_STRING = "2.0.0-alpha.1 (build 3)";
+export declare const VERSION = "3.0.0-beta.1";
+export declare const BUILD_NUMBER = 4;
+export declare const BUILD_STRING = "3.0.0-beta.1 (build 4)";
 //# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,kBAAkB,CAAC;AACvC,eAAO,MAAM,YAAY,IAAI,CAAC;AAC9B,eAAO,MAAM,YAAY,4BAA4B,CAAC"}
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,OAAO,iBAAiB,CAAC;AACtC,eAAO,MAAM,YAAY,IAAI,CAAC;AAC9B,eAAO,MAAM,YAAY,2BAA2B,CAAC"}

package/dist/version.js

@@ -1,4 +1,4 @@
-export const VERSION = '2.0.0-alpha.1';
-export const BUILD_NUMBER = 3;
-export const BUILD_STRING = '2.0.0-alpha.1 (build 3)';
+export const VERSION = '3.0.0-beta.1';
+export const BUILD_NUMBER = 4;
+export const BUILD_STRING = '3.0.0-beta.1 (build 4)';
 //# sourceMappingURL=version.js.map

package/dist/version.js.map

@@ -1 +1 @@
-{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG,eAAe,CAAC;AACvC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC;AAC9B,MAAM,CAAC,MAAM,YAAY,GAAG,yBAAyB,CAAC"}
+{"version":3,"file":"version.js","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,OAAO,GAAG,cAAc,CAAC;AACtC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC;AAC9B,MAAM,CAAC,MAAM,YAAY,GAAG,wBAAwB,CAAC"}

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@darkiceinteractive/mcp-conductor",
-  "version": "2.0.0-alpha.1",
+  "version": "3.0.0-beta.1",
   "description": "MCP server that orchestrates code execution in a sandboxed Deno environment with access to all MCP servers",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
-    "mcp-conductor": "./dist/index.js"
+    "mcp-conductor": "./dist/index.js",
+    "mcp-conductor-cli": "./dist/bin/cli.js"
   },
   "files": [
     "dist",
@@ -62,11 +63,20 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "@inquirer/prompts": "^7.10.1",
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "ajv": "^8.20.0",
+    "cbor-x": "^1.6.4",
     "chalk": "^5.3.0",
     "chokidar": "^3.5.3",
+    "commander": "^12.1.0",
     "conf": "^13.0.1",
     "gray-matter": "^4.0.3",
+    "json-schema-to-typescript": "^15.0.4",
+    "lru-cache": "^11.3.5",
+    "nanoid": "^5.1.11",
+    "p-queue": "^8.1.1",
+    "picocolors": "^1.1.1",
     "uuid": "^10.0.0",
     "zod": "^3.23.8"
   },