@guardiojs/guardio 0.0.1

package/README.md

@@ -0,0 +1,213 @@
+# Guardio
+
+A security layer that sits between an MCP client (e.g. Cursor) and an MCP server. It proxies JSON-RPC and lets you **policy-check** and **intervene** on `tools/call` requests before they reach the real server.
+
+## What it does
+
+- **Proxies** stdin/stdout between the client and the real MCP server.
+- **Intercepts** `tools/call` requests and runs them through:
+  1. **Policy plugins** – each can allow, block, or require approval. If any policy returns _blocked_, the call is rejected.
+  2. **Intervention plugins** – each can run side effects (e.g. log, show approval UI). If any returns _reject_, the call is rejected.
+- **Forwards** the call to the real MCP server only when all policies and interventions allow it.
+
+## Install and build
+
+```bash
+pnpm install
+pnpm run build
+```
+
+The CLI is available as `guardio` (or via `pnpm run guardio`).
+
+## Quick start: create Guardio (per MCP server)
+
+Scaffold a directory with a config and a bin you can point your MCP client at:
+
+```bash
+npx create-guardio
+```
+
+You will be prompted for:
+
+- **Guardio directory** – e.g. `./my-security` (created for you).
+- **MCP Server command** – e.g. `node`, `python`.
+- **MCP Server args** – e.g. path to your server script (comma-separated if multiple).
+
+This writes **guardio.config.json** (with `server` and default plugins) and **bin/guardio** in that directory. At the end you’ll see:
+
+```
+Add to MCP client
+
+# Copy/paste the shown command
+
+./my-security/bin/guardio
+```
+
+Add that path to your MCP client config (e.g. Cursor’s `mcp.json`) as the command to run for this MCP server.
+
+## Configuration
+
+Guardio loads a config file either from **current working directory** (when run without `--config`) or from the path given by **`--config`**. It looks for (in order):
+
+- `guardio.config.js`
+- `guardio.config.ts`
+- `guardio.config.json`
+
+The config must have a **plugins** array. It can optionally have **server** (used when you run with `--config`):
+
+- **`server`** – optional. When present and you use `--config`, Guardio uses this instead of argv/env to run the MCP server: **`{ "type": "command", "command": "node", "args": ["path/to/server.js"] }`**.
+
+Each **plugins** entry has:
+
+- **`type`** – `"policy"` or `"intervention"`
+- **`name`** – which plugin to use (e.g. `"default"`, `"regex"`, `"http"`)
+- **`config`** – optional object passed to the plugin
+
+### Example: `guardio.config.json`
+
+```json
+{
+  "server": {
+    "type": "command",
+    "command": "node",
+    "args": ["/path/to/your-mcp-server/index.js"]
+  },
+  "plugins": [
+    {
+      "type": "policy",
+      "name": "regex",
+      "config": {
+        "rules": [
+          {
+            "name": "get_weather",
+            "parameter_name": "location",
+            "regex": "secret|internal|localhost",
+            "flags": "i"
+          }
+        ]
+      }
+    },
+    {
+      "type": "intervention",
+      "name": "http",
+      "config": { "port": 3939, "timeoutMs": 120000 }
+    }
+  ]
+}
+```
+
+When using **`--config /path/to/guardio.config.json`**, the **server** block above is used automatically; you don’t pass the MCP server command on the command line.
+
+## Running Guardio (CLI)
+
+You must tell Guardio **which command to run** for the real MCP server (unless you use `--config` with a config that has **server**). Options:
+
+### 1. Direct arguments
+
+```bash
+guardio node /path/to/your-mcp-server/index.js
+```
+
+### 2. After `--`
+
+```bash
+guardio -- node /path/to/your-mcp-server/index.js
+```
+
+### 3. Environment variables
+
+```bash
+export GUARDIO_COMMAND=node
+export GUARDIO_ARGS=/path/to/your-mcp-server/index.js
+guardio
+```
+
+Or use `MCP_REAL_TOOL_COMMAND` and `MCP_REAL_TOOL_ARGS` (comma-separated) for the same purpose.
+
+### 4. Config file with `--config`
+
+```bash
+guardio --config /path/to/guardio.config.json
+```
+
+If the config contains **server** with **type `"command"`**, that command and args are used; no need to pass them on the command line. The config path is also used to load **plugins**.
+
+Guardio will **spawn** that command and proxy stdin/stdout to it. Make sure a **guardio config** exists (in the current working directory or via `--config`).
+
+## Using with Cursor MCP
+
+Point Cursor’s MCP config to Guardio instead of the real server. Example `.cursor/mcp.json`:
+
+```json
+{
+  "mcpServers": {
+    "my-tool-gated": {
+      "command": "node",
+      "args": [
+        "/path/to/guardio-draft/bin/guardio.mjs",
+        "--",
+        "node",
+        "/path/to/actual-mcp-server/index.js"
+      ]
+    }
+  }
+}
+```
+
+Or use the built-in bin if the package is linked/installed:
+
+```json
+{
+  "mcpServers": {
+    "my-tool-gated": {
+      "command": "guardio",
+      "args": ["--", "node", "/path/to/actual-mcp-server/index.js"]
+    }
+  }
+}
+```
+
+Cursor talks to Guardio; Guardio applies policies and interventions, then talks to your real MCP server.
+
+## Built-in plugins
+
+### Policy plugins
+
+- **`default`** – Block calls by tool name. Config required: `{ blockedTools: ["tool_a", "tool_b"] }`. No default block list.
+- **`regex`** – Blocks based on rules aligned to the tools/call schema. Config:
+  - **`rules`** – array of:
+    - **`name`** – tool name (exact match).
+    - **`parameter_name`** – optional; if set, the regex is applied to this argument’s value; otherwise to the tool name.
+    - **`regex`** – pattern string (if it matches, the call is blocked).
+    - **`flags`** – optional RegExp flags (e.g. `"i"`).
+  - **`debug`** – optional boolean; if `true`, logs evaluation details to stderr.
+
+### Intervention plugins
+
+- **`default`** – No-op. Config: `{}`.
+- **`http`** – Starts an HTTP server and waits for user approve/reject before forwarding. Config:
+  - **`port`** – default `3939`.
+  - **`timeoutMs`** – approval timeout in ms; default `120000`.
+
+## Programmatic API
+
+You can use the core and plugins in code:
+
+```ts
+import { GuardioCore } from "@guardiojs/guardio";
+
+const core = new GuardioCore({
+  command: "node",
+  args: ["/path/to/mcp-server/index.js"],
+  cwd: "/path/to/dir/with/guardio.config.json", // optional
+  configPath: "/path/to/guardio.config.json", // optional
+});
+
+await core.run();
+```
+
+Policy and intervention plugins are loaded from the config file; you can also implement custom plugins and register them with `PluginManager` before running the core.
+
+## License
+
+Apache-2.0

package/bin/guardio.mjs

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import "../dist/cli.js";

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,74 @@
+/**
+ * CLI – parse argv (including --config), build config, run GuardioCore.
+ */
+import { resolve, dirname } from "node:path";
+import { GuardioCore } from "./core/index.js";
+import { loadConfigFromPath } from "./config/index.js";
+const configIdx = process.argv.indexOf("--config");
+const configPathArg = configIdx >= 0 && process.argv[configIdx + 1]
+    ? process.argv[configIdx + 1]
+    : null;
+async function main() {
+    let command;
+    let args;
+    let cwd;
+    let configPath;
+    if (configPathArg) {
+        const resolved = resolve(configPathArg);
+        const config = await loadConfigFromPath(resolved);
+        configPath = resolved;
+        cwd = dirname(resolved);
+        if (config.server?.type === "command") {
+            command = config.server.command;
+            args = config.server.args ?? [];
+        }
+        else {
+            command =
+                process.env.GUARDIO_COMMAND ??
+                    process.env.MCP_REAL_TOOL_COMMAND ??
+                    "node";
+            args = process.env.GUARDIO_ARGS
+                ? process.env.GUARDIO_ARGS.split(",").map((s) => s.trim())
+                : process.env.MCP_REAL_TOOL_ARGS
+                    ? process.env.MCP_REAL_TOOL_ARGS.split(",").map((s) => s.trim())
+                    : ["/path/to/your/actual-mcp-server/index.js"];
+        }
+    }
+    else {
+        const dashDashIdx = process.argv.indexOf("--");
+        const argvAfterDash = dashDashIdx >= 0 ? process.argv.slice(dashDashIdx + 1) : [];
+        const directArgs = dashDashIdx === -1 && process.argv.length >= 3
+            ? process.argv.slice(2)
+            : [];
+        command =
+            argvAfterDash.length > 0
+                ? argvAfterDash[0]
+                : directArgs.length > 0
+                    ? directArgs[0]
+                    : process.env.GUARDIO_COMMAND ??
+                        process.env.MCP_REAL_TOOL_COMMAND ??
+                        "node";
+        args =
+            argvAfterDash.length > 1
+                ? argvAfterDash.slice(1)
+                : directArgs.length > 1
+                    ? directArgs.slice(1)
+                    : process.env.GUARDIO_ARGS
+                        ? process.env.GUARDIO_ARGS.split(",").map((s) => s.trim())
+                        : process.env.MCP_REAL_TOOL_ARGS
+                            ? process.env.MCP_REAL_TOOL_ARGS.split(",").map((s) => s.trim())
+                            : ["/path/to/your/actual-mcp-server/index.js"];
+    }
+    const core = new GuardioCore({
+        command,
+        args,
+        cwd,
+        configPath,
+    });
+    await core.run();
+}
+main().catch((err) => {
+    console.error("Guardio failed to start:", err);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAEvD,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AACnD,MAAM,aAAa,GACjB,SAAS,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CAAC;AAEX,KAAK,UAAU,IAAI;IACjB,IAAI,OAAe,CAAC;IACpB,IAAI,IAAc,CAAC;IACnB,IAAI,GAAuB,CAAC;IAC5B,IAAI,UAA8B,CAAC;IAEnC,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAClD,UAAU,GAAG,QAAQ,CAAC;QACtB,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxB,IAAI,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;YAChC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,OAAO,CAAC,GAAG,CAAC,eAAe;oBAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB;oBACjC,MAAM,CAAC;YACT,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY;gBAC7B,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC1D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB;oBAChC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAChE,CAAC,CAAC,CAAC,0CAA0C,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,aAAa,GACjB,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,MAAM,UAAU,GACd,WAAW,KAAK,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC;YAC5C,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACvB,CAAC,CAAC,EAAE,CAAC;QAET,OAAO;YACL,aAAa,CAAC,MAAM,GAAG,CAAC;gBACtB,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC;gBAClB,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;oBACvB,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;oBACf,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe;wBAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB;wBACjC,MAAM,CAAC;QAEb,IAAI;YACF,aAAa,CAAC,MAAM,GAAG,CAAC;gBACtB,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;gBACxB,CAAC,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;oBACvB,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;oBACrB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY;wBAC1B,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;wBAC1D,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB;4BAChC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;4BAChE,CAAC,CAAC,CAAC,0CAA0C,CAAC,CAAC;IACrD,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC;QAC3B,OAAO;QACP,IAAI;QACJ,GAAG;QACH,UAAU;KACX,CAAC,CAAC;IAEH,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;AACnB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;IAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/config/PluginManager.d.ts

@@ -0,0 +1,40 @@
+import type { GuardioConfig } from "./types.js";
+import type { PolicyPluginInterface } from "../interfaces/PolicyPluginInterface.js";
+import type { InterventionPluginInterface } from "../interfaces/InterventionPluginInterface.js";
+export type PolicyPluginFactory = (config?: Record<string, unknown>) => PolicyPluginInterface;
+export type InterventionPluginFactory = (config?: Record<string, unknown>) => InterventionPluginInterface;
+/**
+ * Loads GuardioConfig from a path. Supports .json (readFile + parse) and .js/.ts (dynamic import).
+ */
+export declare function loadConfigFromPath(configPath: string): Promise<GuardioConfig>;
+export declare class PluginManager {
+    private config;
+    private configPath;
+    private policyPlugins;
+    private interventionPlugins;
+    /**
+     * Register a policy plugin factory by name (e.g. for custom plugins).
+     */
+    registerPolicyPlugin(name: string, factory: PolicyPluginFactory): void;
+    /**
+     * Register an intervention plugin factory by name (e.g. for custom plugins).
+     */
+    registerInterventionPlugin(name: string, factory: InterventionPluginFactory): void;
+    /**
+     * Load config from cwd (or optional path). Idempotent; subsequent calls use cached config if path unchanged.
+     */
+    loadConfig(cwd?: string, configPath?: string): Promise<GuardioConfig>;
+    /**
+     * Get the list of policy plugin instances from the loaded config. Calls loadConfig() if not loaded.
+     */
+    getPolicyPlugins(cwd?: string, configPath?: string): Promise<PolicyPluginInterface[]>;
+    /**
+     * Get a single policy plugin for the core: first from config, or throws if none.
+     */
+    getPolicyPlugin(cwd?: string, configPath?: string): Promise<PolicyPluginInterface>;
+    /**
+     * Get the list of intervention plugin instances from the loaded config. Calls loadConfig() if not loaded.
+     */
+    getInterventionPlugins(cwd?: string, configPath?: string): Promise<InterventionPluginInterface[]>;
+}
+//# sourceMappingURL=PluginManager.d.ts.map

package/dist/config/PluginManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PluginManager.d.ts","sourceRoot":"","sources":["../../src/config/PluginManager.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAiC,MAAM,YAAY,CAAC;AAC/E,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wCAAwC,CAAC;AACpF,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,8CAA8C,CAAC;AAUhG,MAAM,MAAM,mBAAmB,GAAG,CAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC7B,qBAAqB,CAAC;AAE3B,MAAM,MAAM,yBAAyB,GAAG,CACtC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC7B,2BAA2B,CAAC;AA4BjC;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,aAAa,CAAC,CAcxB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,aAAa,CAAwC;IAC7D,OAAO,CAAC,mBAAmB,CAA8C;IAEzE;;OAEG;IACH,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,IAAI;IAItE;;OAEG;IACH,0BAA0B,CACxB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,yBAAyB,GACjC,IAAI;IAKP;;OAEG;IACG,UAAU,CACd,GAAG,GAAE,MAAsB,EAC3B,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,aAAa,CAAC;IAiBzB;;OAEG;IACG,gBAAgB,CACpB,GAAG,GAAE,MAAsB,EAC3B,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,qBAAqB,EAAE,CAAC;IAyBnC;;OAEG;IACG,eAAe,CACnB,GAAG,CAAC,EAAE,MAAM,EACZ,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,qBAAqB,CAAC;IAUjC;;OAEG;IACG,sBAAsB,CAC1B,GAAG,GAAE,MAAsB,EAC3B,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,2BAA2B,EAAE,CAAC;CAwB1C"}

package/dist/config/PluginManager.js

@@ -0,0 +1,130 @@
+import { readFileSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { pathToFileURL } from "node:url";
+import { DefaultPolicyPlugin, RegexPolicyPlugin, } from "../plugins/policy/index.js";
+import { DefaultInterventionPlugin, HttpInterventionPlugin, } from "../plugins/intervention/index.js";
+const policyRegistry = {
+    default: (config) => new DefaultPolicyPlugin(config ?? {}),
+    regex: (config) => new RegexPolicyPlugin(config ?? {}),
+};
+const interventionRegistry = {
+    default: (config) => new DefaultInterventionPlugin(config),
+    http: (config) => new HttpInterventionPlugin(config),
+};
+/**
+ * Resolves path to config file: first .js, then .ts, then .json (from cwd).
+ */
+function getConfigPath(cwd) {
+    const names = [
+        "guardio.config.js",
+        "guardio.config.ts",
+        "guardio.config.json",
+    ];
+    for (const name of names) {
+        const p = join(cwd, name);
+        if (existsSync(p))
+            return p;
+    }
+    return null;
+}
+/**
+ * Loads GuardioConfig from a path. Supports .json (readFile + parse) and .js/.ts (dynamic import).
+ */
+export async function loadConfigFromPath(configPath) {
+    if (configPath.endsWith(".json")) {
+        const raw = readFileSync(configPath, "utf-8");
+        return JSON.parse(raw);
+    }
+    const url = pathToFileURL(configPath).href;
+    const mod = await import(url);
+    const config = mod.default ?? mod;
+    if (!config || typeof config !== "object" || !Array.isArray(config.plugins)) {
+        throw new Error(`Invalid guardio config: expected default export with plugins array (at ${configPath})`);
+    }
+    return config;
+}
+export class PluginManager {
+    config = null;
+    configPath = null;
+    policyPlugins = null;
+    interventionPlugins = null;
+    /**
+     * Register a policy plugin factory by name (e.g. for custom plugins).
+     */
+    registerPolicyPlugin(name, factory) {
+        policyRegistry[name] = factory;
+    }
+    /**
+     * Register an intervention plugin factory by name (e.g. for custom plugins).
+     */
+    registerInterventionPlugin(name, factory) {
+        interventionRegistry[name] =
+            factory;
+    }
+    /**
+     * Load config from cwd (or optional path). Idempotent; subsequent calls use cached config if path unchanged.
+     */
+    async loadConfig(cwd = process.cwd(), configPath) {
+        const path = configPath ?? getConfigPath(cwd);
+        if (!path) {
+            throw new Error(`No guardio config found in ${cwd}. Add guardio.config.js, guardio.config.ts, or guardio.config.json`);
+        }
+        if (this.configPath === path && this.config !== null) {
+            return this.config;
+        }
+        this.configPath = path;
+        this.config = await loadConfigFromPath(path);
+        this.policyPlugins = null;
+        this.interventionPlugins = null;
+        return this.config;
+    }
+    /**
+     * Get the list of policy plugin instances from the loaded config. Calls loadConfig() if not loaded.
+     */
+    async getPolicyPlugins(cwd = process.cwd(), configPath) {
+        await this.loadConfig(cwd, configPath);
+        if (this.policyPlugins !== null)
+            return this.policyPlugins;
+        const plugins = (this.config.plugins ?? []).filter((p) => p.type === "policy");
+        const instances = [];
+        for (const entry of plugins) {
+            const factory = policyRegistry[entry.name];
+            if (!factory) {
+                throw new Error(`Unknown policy plugin name: "${entry.name}". Registered: ${Object.keys(policyRegistry).join(", ")}`);
+            }
+            instances.push(factory(entry.config ?? {}));
+        }
+        this.policyPlugins = instances;
+        return instances;
+    }
+    /**
+     * Get a single policy plugin for the core: first from config, or throws if none.
+     */
+    async getPolicyPlugin(cwd, configPath) {
+        const list = await this.getPolicyPlugins(cwd, configPath);
+        if (list.length === 0) {
+            throw new Error("No policy plugins in config. Add at least one plugin with type 'policy'.");
+        }
+        return list[0];
+    }
+    /**
+     * Get the list of intervention plugin instances from the loaded config. Calls loadConfig() if not loaded.
+     */
+    async getInterventionPlugins(cwd = process.cwd(), configPath) {
+        await this.loadConfig(cwd, configPath);
+        if (this.interventionPlugins !== null)
+            return this.interventionPlugins;
+        const plugins = (this.config.plugins ?? []).filter((p) => p.type === "intervention");
+        const instances = [];
+        for (const entry of plugins) {
+            const factory = interventionRegistry[entry.name];
+            if (!factory) {
+                throw new Error(`Unknown intervention plugin name: "${entry.name}". Registered: ${Object.keys(interventionRegistry).join(", ")}`);
+            }
+            instances.push(factory(entry.config ?? {}));
+        }
+        this.interventionPlugins = instances;
+        return instances;
+    }
+}
+//# sourceMappingURL=PluginManager.js.map

package/dist/config/PluginManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PluginManager.js","sourceRoot":"","sources":["../../src/config/PluginManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,OAAO,EACL,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EACL,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,kCAAkC,CAAC;AAU1C,MAAM,cAAc,GAAwC;IAC1D,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,mBAAmB,CAAC,MAAM,IAAI,EAAE,CAAC;IAC1D,KAAK,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,iBAAiB,CAAC,MAAM,IAAI,EAAE,CAAC;CACvD,CAAC;AAEF,MAAM,oBAAoB,GAA8C;IACtE,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,yBAAyB,CAAC,MAAM,CAAC;IAC1D,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,sBAAsB,CAAC,MAAM,CAAC;CACrD,CAAC;AAEF;;GAEG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,KAAK,GAAG;QACZ,mBAAmB;QACnB,mBAAmB;QACnB,qBAAqB;KACtB,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,UAAkB;IAElB,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACjC,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAC;IAC1C,CAAC;IACD,MAAM,GAAG,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;IAC3C,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC;IAClC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5E,MAAM,IAAI,KAAK,CACb,0EAA0E,UAAU,GAAG,CACxF,CAAC;IACJ,CAAC;IACD,OAAO,MAAuB,CAAC;AACjC,CAAC;AAED,MAAM,OAAO,aAAa;IAChB,MAAM,GAAyB,IAAI,CAAC;IACpC,UAAU,GAAkB,IAAI,CAAC;IACjC,aAAa,GAAmC,IAAI,CAAC;IACrD,mBAAmB,GAAyC,IAAI,CAAC;IAEzE;;OAEG;IACH,oBAAoB,CAAC,IAAY,EAAE,OAA4B;QAC5D,cAAsD,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;IAC1E,CAAC;IAED;;OAEG;IACH,0BAA0B,CACxB,IAAY,EACZ,OAAkC;QAEjC,oBAAkE,CAAC,IAAI,CAAC;YACvE,OAAO,CAAC;IACZ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,MAAc,OAAO,CAAC,GAAG,EAAE,EAC3B,UAAmB;QAEnB,MAAM,IAAI,GAAG,UAAU,IAAI,aAAa,CAAC,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CACb,8BAA8B,GAAG,oEAAoE,CACtG,CAAC;QACJ,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC,MAAM,CAAC;QACrB,CAAC;QACD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAChC,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CACpB,MAAc,OAAO,CAAC,GAAG,EAAE,EAC3B,UAAmB;QAEnB,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,aAAa,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,aAAa,CAAC;QAE3D,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,MAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAC3B,CAAC;QACF,MAAM,SAAS,GAA4B,EAAE,CAAC;QAE9C,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,gCACE,KAAK,CAAC,IACR,kBAAkB,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC3D,CAAC;YACJ,CAAC;YACD,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;QAC/B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,GAAY,EACZ,UAAmB;QAEnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAC1B,MAAc,OAAO,CAAC,GAAG,EAAE,EAC3B,UAAmB;QAEnB,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,mBAAmB,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC,mBAAmB,CAAC;QAEvE,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,MAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,MAAM,CACjD,CAAC,CAAC,EAAsC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CACrE,CAAC;QACF,MAAM,SAAS,GAAkC,EAAE,CAAC;QAEpD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CACb,sCACE,KAAK,CAAC,IACR,kBAAkB,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACjE,CAAC;YACJ,CAAC;YACD,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC,mBAAmB,GAAG,SAAS,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/config/index.d.ts

@@ -0,0 +1,5 @@
+export { PluginManager, loadConfigFromPath } from "./PluginManager.js";
+export type { PolicyPluginFactory } from "./PluginManager.js";
+export type { GuardioConfig, GuardioServerConfig, PolicyPluginConfigEntry, InterventionPluginConfigEntry, PluginConfigEntry, } from "./types.js";
+export type { InterventionPluginFactory } from "./PluginManager.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/config/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACvE,YAAY,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,uBAAuB,EACvB,6BAA6B,EAC7B,iBAAiB,GAClB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/config/index.js

@@ -0,0 +1,2 @@
+export { PluginManager, loadConfigFromPath } from "./PluginManager.js";
+//# sourceMappingURL=index.js.map

package/dist/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/config/types.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Policy plugin entry in guardio config.
+ */
+export interface PolicyPluginConfigEntry {
+    type: "policy";
+    name: string;
+    config?: Record<string, unknown>;
+}
+/**
+ * Intervention plugin entry in guardio config.
+ */
+export interface InterventionPluginConfigEntry {
+    type: "intervention";
+    name: string;
+    config?: Record<string, unknown>;
+}
+/**
+ * Any plugin entry in guardio config.
+ */
+export type PluginConfigEntry = PolicyPluginConfigEntry | InterventionPluginConfigEntry;
+/**
+ * MCP server to proxy to (spawn command).
+ */
+export interface GuardioServerConfig {
+    type: "command";
+    command: string;
+    args: string[];
+}
+/**
+ * Guardio config file shape (default export of guardio.config.ts / .json).
+ */
+export interface GuardioConfig {
+    /** MCP server to proxy to. When present, CLI uses this instead of argv. */
+    server?: GuardioServerConfig;
+    plugins: PluginConfigEntry[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/config/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,QAAQ,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GACzB,uBAAuB,GACvB,6BAA6B,CAAC;AAElC;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,SAAS,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,OAAO,EAAE,iBAAiB,EAAE,CAAC;CAC9B"}

package/dist/config/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/config/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":""}

package/dist/core/GuardioCore.d.ts

@@ -0,0 +1,19 @@
+import type { GuardioCoreConfig } from "./types.js";
+export declare class GuardioCore {
+    private readonly config;
+    private policyPlugins;
+    private interventionPlugins;
+    private child;
+    private appInterface;
+    private toolInterface;
+    private pendingResponseId;
+    private readonly appQueue;
+    constructor(config: GuardioCoreConfig);
+    run(): Promise<void>;
+    private sendErrorResponse;
+    private processAppLine;
+    private drainAppQueue;
+    private attachAppHandler;
+    private attachToolHandler;
+}
+//# sourceMappingURL=GuardioCore.d.ts.map

package/dist/core/GuardioCore.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GuardioCore.d.ts","sourceRoot":"","sources":["../../src/core/GuardioCore.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAIpD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAC3C,OAAO,CAAC,aAAa,CAA+B;IACpD,OAAO,CAAC,mBAAmB,CAAqC;IAEhE,OAAO,CAAC,KAAK,CAAyC;IACtD,OAAO,CAAC,YAAY,CAAmC;IACvD,OAAO,CAAC,aAAa,CAAmC;IAExD,OAAO,CAAC,iBAAiB,CAAgC;IACzD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;gBAE7B,MAAM,EAAE,iBAAiB;IAI/B,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAmC1B,OAAO,CAAC,iBAAiB;YAaX,cAAc;IAgD5B,OAAO,CAAC,aAAa;IAQrB,OAAO,CAAC,gBAAgB;IAUxB,OAAO,CAAC,iBAAiB;CAc1B"}