@groundtruth-mcp/gt-mcp 2.5.1 → 2.5.3

package/dist/tools/search.d.ts

@@ -1,6 +0,0 @@
-import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-export declare function findTopicUrls(query: string): Array<{
-    urls: string[];
-    name: string;
-}>;
-export declare function registerSearchTool(server: McpServer): void;

package/dist/types.d.ts

@@ -1,99 +0,0 @@
-export interface LibraryEntry {
-    id: string;
-    name: string;
-    aliases: string[];
-    description: string;
-    docsUrl: string;
-    llmsTxtUrl?: string;
-    llmsFullTxtUrl?: string;
-    githubUrl?: string;
-    npmPackage?: string;
-    pypiPackage?: string;
-    language: string[];
-    tags: string[];
-    bestPracticesPaths?: string[];
-}
-export interface LibraryMatch {
-    id: string;
-    name: string;
-    description: string;
-    docsUrl: string;
-    llmsTxtUrl: string | undefined;
-    llmsFullTxtUrl?: string;
-    githubUrl: string | undefined;
-    score: number;
-    source: "registry" | "npm" | "pypi" | "github" | "crates" | "go";
-}
-export interface DocResult {
-    content: string;
-    sourceUrl: string;
-    sourceType: "llms-txt" | "llms-full-txt" | "jina" | "github-readme" | "direct" | "npm";
-    libraryId: string;
-    topic: string;
-    truncated: boolean;
-    cachedAt: string;
-}
-export interface CacheEntry<T> {
-    data: T;
-    expiresAt: number;
-}
-export interface FetchResult {
-    content: string;
-    url: string;
-    sourceType: DocResult["sourceType"];
-    contentHash?: string;
-    fetchedAt?: string;
-}
-export interface NpmPackageInfo {
-    name: string;
-    description?: string;
-    homepage?: string;
-    repository?: {
-        url?: string;
-    };
-    keywords?: string[];
-    "dist-tags"?: {
-        latest?: string;
-    };
-}
-export interface PypiPackageInfo {
-    info: {
-        name: string;
-        summary?: string;
-        home_page?: string;
-        project_urls?: Record<string, string>;
-        keywords?: string;
-    };
-}
-export interface ChangelogResult {
-    libraryId: string;
-    libraryName: string;
-    version: string | null;
-    releases: Array<{
-        tag: string;
-        date: string;
-        body: string;
-    }>;
-    sourceUrl: string;
-    truncated: boolean;
-}
-export interface CompatResult {
-    feature: string;
-    environments: Array<{
-        name: string;
-        supported: boolean | "partial";
-        since?: string;
-        notes?: string;
-    }>;
-    sourceUrl: string;
-}
-export interface CompareResult {
-    libraries: Array<{
-        id: string;
-        name: string;
-        description: string;
-        docsUrl: string;
-        content: string;
-    }>;
-    criteria: string;
-}

package/dist/utils/extract.d.ts

@@ -1,9 +0,0 @@
-/**
- * Extract topic-relevant sections from documentation content.
- * Uses BM25-inspired scoring for better relevance than simple token overlap.
- * Returns at most `tokenLimit` tokens of the most relevant content.
- */
-export declare function extractRelevantContent(content: string, topic: string, tokenLimit?: number): {
-    text: string;
-    truncated: boolean;
-};

package/dist/utils/guard.d.ts

@@ -1,36 +0,0 @@
-/**
- * Extraction guard — protects proprietary registry data from bulk enumeration
- * and signals IP policy to AI models via response-level notices.
- *
- * Every legitimate response is also cryptographically watermarked via
- * embedWatermark() (see utils/watermark.ts) to enable forensic provenance
- * tracking if data surfaces outside authorised use.
- */
-/**
- * Resolves a filesystem path and blocks access to sensitive system directories.
- * Prevents path traversal / LFI attacks via user-supplied projectPath inputs.
- */
-export declare function safeguardPath(inputPath: string): string;
-/**
- * Validates that a URL points to a public host, not private/internal infrastructure.
- * Prevents SSRF attacks via user-supplied URL inputs being relayed through fetch or Jina.
- */
-export declare function assertPublicUrl(url: string): void;
-export declare const IP_NOTICE = "[gt-mcp \u2014 Elastic License 2.0 \u2014 proprietary data, for query-time use only, not for reproduction or extraction]";
-/**
- * Returns true if the query looks like a bulk-extraction attempt
- * rather than a genuine single-library lookup.
- */
-export declare function isExtractionAttempt(query: string): boolean;
-/**
- * Wrap a registry response with the IP notice header and embed an invisible
- * cryptographic watermark for forensic provenance tracking.
- *
- * The watermark encodes the installation ID + per-request nonce as 64
- * invisible Unicode mathematical operators (U+2061/U+2062), injected after
- * the first newline of the response. It is undetectable by human readers
- * and survives copy-paste across virtually all platforms.
- */
-export declare function withNotice(text: string): string;
-/** Standard refusal message for extraction attempts */
-export declare const EXTRACTION_REFUSAL: string;

package/dist/utils/lockfile.d.ts

@@ -1,7 +0,0 @@
-export interface LockfileVersion {
-    packageName: string;
-    version: string;
-    source: "package-lock" | "pnpm-lock" | "yarn-lock" | "cargo-lock" | "poetry-lock";
-}
-export declare function detectVersionFromLockfile(projectPath: string, packageName: string): Promise<string | null>;
-export declare function detectAllVersions(projectPath: string, packageNames: string[]): Promise<Map<string, string>>;

package/dist/utils/sanitize.d.ts

@@ -1,9 +0,0 @@
-/**
- * Remove prompt injection attempts from fetched documentation content.
- * Protects against ContextCrush-style attacks where library docs contain
- * malicious LLM instructions embedded in content.
- *
- * Also strips navigation chrome, footers, cookie banners, and other
- * boilerplate from Jina Reader output to reduce token waste by 15-25%.
- */
-export declare function sanitizeContent(content: string): string;

package/dist/utils/version-check.d.ts

@@ -1,6 +0,0 @@
-export declare function getLatestVersion(): Promise<string | null>;
-export declare function isNewerVersion(latest: string, current: string): boolean;
-export declare function checkForUpdate(): Promise<string | null>;
-export declare function setPendingUpdate(version: string): void;
-export declare function getUpdateNoticeForResponse(): string;
-export declare function formatUpdateNotice(latestVersion: string): string;

package/dist/utils/watermark.d.ts

@@ -1,62 +0,0 @@
-/**
- * Cryptographic response watermarking for IP protection.
- *
- * Every registry response is embedded with an invisible fingerprint consisting of:
- *   - 32-bit installation ID  (persistent, unique per server instance)
- *   - 32-bit per-request nonce (random, makes each response distinct)
- *
- * Encoding uses two invisible Unicode mathematical operators:
- *   U+2061  FUNCTION APPLICATION  →  bit 0
- *   U+2062  INVISIBLE TIMES       →  bit 1
- *
- * These are in the "Invisible Operators" block (U+2061–U+2064), defined by
- * Unicode as semantically invisible in mathematical markup. They are:
- *   - Not rendered by any font
- *   - Preserved through copy-paste in virtually all text editors and platforms
- *   - Distinct from zero-width joiners (U+200C/D) flagged by AI detectors
- *   - Not stripped by common text sanitisers (they are not whitespace)
- *
- * If extracted content surfaces publicly, running detectWatermark() on it
- * returns the installation ID, providing forensic evidence of provenance.
- *
- * References:
- *   - Kirchenbauer et al. (2023): "A Watermark for Large Language Models"
- *   - Innamark (2025, arXiv:2502.12710): whitespace-replacement information hiding
- *   - NIST AI 100-4: covert watermarks for synthetic content provenance
- */
-/**
- * Returns the 8-hex-char installation ID for this server instance.
- * Creates and persists a new one on first call. Result is module-cached.
- */
-export declare function getInstallId(): string;
-/**
- * Embed a 64-bit invisible watermark into text.
- *
- * Structure: [installId (32 bits)] + [nonce (32 bits)]
- * Inserted after the first newline character in the text.
- */
-export declare function embedWatermark(text: string): string;
-/**
- * Extract and decode the watermark embedded in text.
- *
- * Returns:
- *   found     — whether a valid watermark was detected
- *   installId — 8-char hex ID of the server instance that produced this text
- *   nonce     — 8-char hex per-request nonce (proves distinct origin per response)
- *
- * Usage for forensic detection:
- *   import { detectWatermark } from "@groundtruth-mcp/gt-mcp/dist/utils/watermark.js";
- *   const result = detectWatermark(suspectedLeakedText);
- *   if (result.found) console.log("Originated from install:", result.installId);
- */
-export declare function detectWatermark(text: string): {
-    found: boolean;
-    installId: string;
-    nonce: string;
-};
-/**
- * Returns a compact SHA-256-based integrity token for the response text
- * (excluding the embedded invisible chars). Not embedded in responses —
- * used for internal audit logging if desired.
- */
-export declare function responseIntegrityToken(text: string): string;