@guardiojs/guardio 0.0.3 → 0.0.6

package/dist/core/GuardioCore.js

@@ -1,115 +1,216 @@
-import { spawn } from "node:child_process";
-import * as readline from "node:readline";
+import { createRequire } from "node:module";
+import { GuardioAction } from "./types.js";
 import { PluginManager } from "../config/PluginManager.js";
+import { createTransport, createClientTransport, } from "./transports/index.js";
+import { logger } from "../logger.js";
 export class GuardioCore {
     config;
     policyPlugins = [];
     interventionPlugins = [];
-    child = null;
-    appInterface = null;
-    toolInterface = null;
-    pendingResponseId = null;
-    appQueue = [];
+    transport = null;
+    clientTransport = null;
     constructor(config) {
         this.config = config;
     }
     async run() {
+        logger.info("Starting Guardio core");
         const pluginManager = new PluginManager();
         const cwd = this.config.cwd ?? process.cwd();
         this.policyPlugins = await pluginManager.getPolicyPlugins(cwd, this.config.configPath);
-        if (this.policyPlugins.length === 0) {
-            throw new Error("No policy plugins in config. Add at least one plugin with type 'policy'.");
-        }
+        logger.debug({ count: this.policyPlugins.length, names: this.policyPlugins.map((p) => p.name) }, "Policy plugins loaded");
         this.interventionPlugins = await pluginManager.getInterventionPlugins(cwd, this.config.configPath);
-        this.child = spawn(this.config.command, this.config.args, {
-            stdio: ["pipe", "pipe", "inherit"],
+        logger.debug({ count: this.interventionPlugins.length, names: this.interventionPlugins.map((p) => p.name) }, "Intervention plugins loaded");
+        this.clientTransport = createClientTransport(this.config.client, {
+            handlePost: this.config.client?.mode === "http"
+                ? (body) => this.handlePostMessage(body)
+                : undefined,
+        });
+        this.transport = createTransport(this.config.server, {
+            onEndpoint: () => this.clientTransport
+                ?.setRemoteReady?.(),
         });
-        this.appInterface = readline.createInterface({
-            input: process.stdin,
-            terminal: false,
+        this.transport.setResponseHandler((line) => {
+            this.sendToClient(line);
         });
-        this.toolInterface = readline.createInterface({
-            input: this.child.stdout,
-            terminal: false,
+        await this.transport.start();
+        logger.info("Transport started, listening for client messages");
+        this.clientTransport.listen(async (line) => {
+            await this.processAppLine(line);
         });
-        this.attachAppHandler();
-        this.attachToolHandler();
     }
-    sendErrorResponse(id, message) {
-        process.stdout.write(JSON.stringify({
+    sendToClient(message) {
+        this.clientTransport?.send(message);
+    }
+    /** Resolve Guardio package version from package.json when available. */
+    getGuardioVersion() {
+        try {
+            const require = createRequire(import.meta.url);
+            const pkg = require("../../package.json");
+            return pkg.version ?? "0.0.0";
+        }
+        catch {
+            return "0.0.0";
+        }
+    }
+    /**
+     * Build a successful JSON-RPC response for blocked/rejected tool calls.
+     * Returns a result (not error) so AI Agent frameworks don't treat it as a fatal error;
+     * the agent can read the content and _guardio metadata.
+     */
+    buildGuardioBlockedResponse(id, options) {
+        if (id === undefined || id === null) {
+            return "";
+        }
+        const action = options.reason === "blocked"
+            ? GuardioAction.TOOL_BLOCKED
+            : GuardioAction.POLICY_VIOLATION;
+        const policyId = options.policy ?? options.plugin ?? "Guardio";
+        const text = options.reason === "blocked"
+            ? `🚫 [Guardio Security] Access Denied. The tool '${options.toolName}' was blocked by '${policyId}'. Reason: Policy denied the request.`
+            : `🚫 [Guardio Security] Access Denied. The tool '${options.toolName}' was rejected by '${policyId}'. Reason: Intervention plugin denied the request.`;
+        const result = {
+            content: [{ type: "text", text }],
+            isError: true,
+            _guardio: {
+                version: this.getGuardioVersion(),
+                requestId: id,
+                timestamp: new Date().toISOString(),
+                policyId,
+                action,
+            },
+        };
+        return JSON.stringify({
             jsonrpc: "2.0",
             id,
-            error: { code: -32000, message },
-        }) + "\n");
+            result,
+        });
     }
-    async processAppLine(line) {
+    /**
+     * Handle POST /messages (HTTP client): run policy/intervention, then forward to remote.
+     */
+    async handlePostMessage(body) {
+        const url = this.transport?.getRemotePostUrl?.();
+        logger.debug({
+            guardioDebug: "incoming",
+            bodyLength: body.length,
+            bodyRaw: body,
+            upstreamUrl: url ?? null,
+        }, "POST /messages: incoming request");
+        if (!url) {
+            logger.warn("POST /messages: remote MCP not ready");
+            return { status: 503, body: "Remote MCP not ready" };
+        }
         try {
-            const request = JSON.parse(line);
+            const request = JSON.parse(body);
             if (request.method === "tools/call") {
                 const toolName = request.params?.name ?? "(unknown)";
                 const args = request.params?.arguments;
-                const context = { toolName, args };
+                logger.debug({ toolName, requestId: request.id, args }, "Evaluating tools/call (HTTP)");
                 for (const policy of this.policyPlugins) {
-                    const result = policy.evaluate(context);
+                    logger.debug({ toolName, policy: policy.name, args }, "Evaluating tools/call (HTTP)");
+                    const result = policy.evaluate({ toolName, args });
                     if (result === "blocked") {
-                        console.error(`[SECURITY] Blocked attempt to call: ${toolName} (policy: ${policy.name})`);
-                        this.sendErrorResponse(request.id, "Security Layer: Call Rejected");
-                        this.drainAppQueue();
-                        return;
+                        logger.warn({ toolName, policy: policy.name }, "Call blocked by policy");
+                        const body = this.buildGuardioBlockedResponse(request.id, {
+                            toolName,
+                            reason: "blocked",
+                            policy: policy.name,
+                        });
+                        if (body)
+                            this.sendToClient(body);
+                        return { status: 200, body };
+                    }
+                    else {
+                        logger.debug({ toolName, policy: policy.name, result }, "Call allowed by policy");
                     }
                 }
-                if (this.interventionPlugins.length > 0) {
-                    const interventionContext = { toolName, args };
-                    for (const plugin of this.interventionPlugins) {
-                        const actResult = await Promise.resolve(plugin.act(interventionContext));
-                        if (actResult === false) {
-                            this.sendErrorResponse(request.id, `Call to ${toolName} was rejected by intervention plugin ${plugin.name}`);
-                            this.drainAppQueue();
-                            return;
-                        }
+                for (const plugin of this.interventionPlugins) {
+                    const actResult = await Promise.resolve(plugin.act({ toolName, args }));
+                    if (actResult === false) {
+                        logger.warn({ toolName, plugin: plugin.name }, "Call rejected by intervention plugin");
+                        const body = this.buildGuardioBlockedResponse(request.id, {
+                            toolName,
+                            reason: "rejected",
+                            plugin: plugin.name,
+                        });
+                        if (body)
+                            this.sendToClient(body);
+                        return { status: 200, body };
                     }
                 }
-                this.pendingResponseId = request.id ?? null;
-                this.child.stdin?.write(line + "\n");
-                return;
             }
-            this.child.stdin?.write(line + "\n");
+            logger.debug({
+                guardioDebug: "upstream_request",
+                url: String(url),
+                headers: { "Content-Type": "application/json" },
+                bodyForwarded: body,
+            }, "Forwarding POST to remote MCP");
+            const response = await fetch(url, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body,
+            });
+            const text = await response.text();
+            logger.debug({
+                guardioDebug: "upstream_response",
+                status: response.status,
+                responseBody: text,
+                requestId: request.id,
+            }, "Remote MCP response");
+            return { status: response.status, body: text };
         }
-        catch {
-            this.child.stdin?.write(line + "\n");
+        catch (err) {
+            logger.error({ err }, "Forward POST failed");
+            return { status: 500, body: "Proxy Error" };
         }
     }
-    drainAppQueue() {
-        this.pendingResponseId = null;
-        while (this.appQueue.length > 0) {
-            const line = this.appQueue.shift();
-            if (line !== undefined)
-                this.processAppLine(line);
-        }
+    sendBlockedResponse(id, options) {
+        const body = this.buildGuardioBlockedResponse(id, options);
+        if (body)
+            this.sendToClient(body);
     }
-    attachAppHandler() {
-        this.appInterface.on("line", async (line) => {
-            if (this.pendingResponseId !== null) {
-                this.appQueue.push(line);
-                return;
-            }
-            await this.processAppLine(line);
-        });
-    }
-    attachToolHandler() {
-        this.toolInterface.on("line", (line) => {
-            process.stdout.write(line + "\n");
-            if (this.pendingResponseId !== null) {
-                try {
-                    const response = JSON.parse(line);
-                    if (response.id === this.pendingResponseId)
-                        this.drainAppQueue();
+    /**
+     * Process one line from client (stdio or from queue): run plugins, then forward to MCP.
+     */
+    async processAppLine(line) {
+        try {
+            const request = JSON.parse(line);
+            if (request.method === "tools/call") {
+                logger.debug({ guardioDebug: "stdio_tools_call", lineLength: line.length, lineRaw: line }, "Stdio: incoming tools/call");
+                const toolName = request.params?.name ?? "(unknown)";
+                const args = request.params?.arguments;
+                logger.debug({ toolName, requestId: request.id }, "Evaluating tools/call (stdio)");
+                for (const policy of this.policyPlugins) {
+                    const result = policy.evaluate({ toolName, args });
+                    if (result === "blocked") {
+                        logger.warn({ toolName, policy: policy.name }, "Call blocked by policy");
+                        this.sendBlockedResponse(request.id, {
+                            toolName,
+                            reason: "blocked",
+                            policy: policy.name,
+                        });
+                        return;
+                    }
                 }
-                catch {
-                    // not JSON or no id – keep waiting
+                for (const plugin of this.interventionPlugins) {
+                    const actResult = await Promise.resolve(plugin.act({ toolName, args }));
+                    if (actResult === false) {
+                        logger.warn({ toolName, plugin: plugin.name }, "Call rejected by intervention plugin");
+                        this.sendBlockedResponse(request.id, {
+                            toolName,
+                            reason: "rejected",
+                            plugin: plugin.name,
+                        });
+                        return;
+                    }
                 }
             }
-        });
+            await this.transport.send(line);
+        }
+        catch (err) {
+            logger.debug({ err }, "Failed to parse line as JSON-RPC, forwarding as-is");
+            await this.transport.send(line);
+        }
     }
 }
 //# sourceMappingURL=GuardioCore.js.map

package/dist/core/GuardioCore.js.map

@@ -1 +1 @@
-{"version":3,"file":"GuardioCore.js","sourceRoot":"","sources":["../../src/core/GuardioCore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAK1C,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D,MAAM,OAAO,WAAW;IACL,MAAM,CAAoB;IACnC,aAAa,GAA4B,EAAE,CAAC;IAC5C,mBAAmB,GAAkC,EAAE,CAAC;IAExD,KAAK,GAAoC,IAAI,CAAC;IAC9C,YAAY,GAA8B,IAAI,CAAC;IAC/C,aAAa,GAA8B,IAAI,CAAC;IAEhD,iBAAiB,GAA2B,IAAI,CAAC;IACxC,QAAQ,GAAa,EAAE,CAAC;IAEzC,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,GAAG;QACP,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,MAAM,aAAa,CAAC,gBAAgB,CACvD,GAAG,EACH,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QACF,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CACb,0EAA0E,CAC3E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,mBAAmB,GAAG,MAAM,aAAa,CAAC,sBAAsB,CACnE,GAAG,EACH,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QAEF,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;YACxD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;SACnC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC,eAAe,CAAC;YAC3C,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,eAAe,CAAC;YAC5C,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,MAAO;YACzB,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,iBAAiB,EAAE,CAAC;IAC3B,CAAC;IAEO,iBAAiB,CACvB,EAA+B,EAC/B,OAAe;QAEf,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,IAAI,CAAC,SAAS,CAAC;YACb,OAAO,EAAE,KAAK;YACd,EAAE;YACF,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE;SACjC,CAAC,GAAG,IAAI,CACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;YAEnD,IAAI,OAAO,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,WAAW,CAAC;gBACrD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBACvC,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACnC,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBACxC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBACzB,OAAO,CAAC,KAAK,CACX,uCAAuC,QAAQ,aAAa,MAAM,CAAC,IAAI,GAAG,CAC3E,CAAC;wBACF,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,EAAE,EAAE,+BAA+B,CAAC,CAAC;wBACpE,IAAI,CAAC,aAAa,EAAE,CAAC;wBACrB,OAAO;oBACT,CAAC;gBACH,CAAC;gBAED,IAAI,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxC,MAAM,mBAAmB,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;oBAC/C,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;wBAC9C,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CACrC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAChC,CAAC;wBACF,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;4BACxB,IAAI,CAAC,iBAAiB,CACpB,OAAO,CAAC,EAAE,EACV,WAAW,QAAQ,wCAAwC,MAAM,CAAC,IAAI,EAAE,CACzE,CAAC;4BACF,IAAI,CAAC,aAAa,EAAE,CAAC;4BACrB,OAAO;wBACT,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC;gBAC5C,IAAI,CAAC,KAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;gBACtC,OAAO;YACT,CAAC;YAED,IAAI,CAAC,KAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,KAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAC9B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACnC,IAAI,IAAI,KAAK,SAAS;gBAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,gBAAgB;QACtB,IAAI,CAAC,YAAa,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE;YACnD,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YACD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,iBAAiB;QACvB,IAAI,CAAC,aAAc,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;YAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YAElC,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoB,CAAC;oBACrD,IAAI,QAAQ,CAAC,EAAE,KAAK,IAAI,CAAC,iBAAiB;wBAAE,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnE,CAAC;gBAAC,MAAM,CAAC;oBACP,mCAAmC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}
+{"version":3,"file":"GuardioCore.js","sourceRoot":"","sources":["../../src/core/GuardioCore.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAK5C,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EACL,eAAe,EACf,qBAAqB,GAGtB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,MAAM,OAAO,WAAW;IACL,MAAM,CAAoB;IACnC,aAAa,GAA4B,EAAE,CAAC;IAC5C,mBAAmB,GAAkC,EAAE,CAAC;IAExD,SAAS,GAAwB,IAAI,CAAC;IACtC,eAAe,GAA2B,IAAI,CAAC;IAEvD,YAAY,MAAyB;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,GAAG;QACP,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACrC,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,MAAM,aAAa,CAAC,gBAAgB,CACvD,GAAG,EACH,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QACF,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAClF,uBAAuB,CACxB,CAAC;QACF,IAAI,CAAC,mBAAmB,GAAG,MAAM,aAAa,CAAC,sBAAsB,CACnE,GAAG,EACH,IAAI,CAAC,MAAM,CAAC,UAAU,CACvB,CAAC;QACF,MAAM,CAAC,KAAK,CACV,EAAE,KAAK,EAAE,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAC9F,6BAA6B,CAC9B,CAAC;QAEF,IAAI,CAAC,eAAe,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YAC/D,UAAU,EACR,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,KAAK,MAAM;gBACjC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;gBACxC,CAAC,CAAC,SAAS;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;YACnD,UAAU,EAAE,GAAG,EAAE,CACd,IAAI,CAAC,eAAmD;gBACvD,EAAE,cAAc,EAAE,EAAE;SACzB,CAAC,CAAC;QAEH,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC,IAAY,EAAE,EAAE;YACjD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAEhE,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,IAAY,EAAE,EAAE;YACjD,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,OAAe;QAClC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,wEAAwE;IAChE,iBAAiB;QACvB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAyB,CAAC;YAClE,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,2BAA2B,CACjC,EAA+B,EAC/B,OAKC;QAED,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,MAAM,GACV,OAAO,CAAC,MAAM,KAAK,SAAS;YAC1B,CAAC,CAAC,aAAa,CAAC,YAAY;YAC5B,CAAC,CAAC,aAAa,CAAC,gBAAgB,CAAC;QACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC;QAC/D,MAAM,IAAI,GACR,OAAO,CAAC,MAAM,KAAK,SAAS;YAC1B,CAAC,CAAC,kDAAkD,OAAO,CAAC,QAAQ,qBAAqB,QAAQ,uCAAuC;YACxI,CAAC,CAAC,kDAAkD,OAAO,CAAC,QAAQ,sBAAsB,QAAQ,oDAAoD,CAAC;QAE3J,MAAM,MAAM,GAAyB;YACnC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;YACjC,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI,CAAC,iBAAiB,EAAE;gBACjC,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,QAAQ;gBACR,MAAM;aACP;SACF,CAAC;QAEF,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE,KAAK;YACd,EAAE;YACF,MAAM;SACP,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CACrB,IAAY;QAEZ,MAAM,GAAG,GACP,IAAI,CAAC,SACN,EAAE,gBAAgB,EAAE,EAAE,CAAC;QAExB,MAAM,CAAC,KAAK,CACV;YACE,YAAY,EAAE,UAAU;YACxB,UAAU,EAAE,IAAI,CAAC,MAAM;YACvB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,GAAG,IAAI,IAAI;SACzB,EACD,kCAAkC,CACnC,CAAC;QAEF,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACpD,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,sBAAsB,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;YACnD,IAAI,OAAO,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,WAAW,CAAC;gBACrD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBACvC,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,8BAA8B,CAAC,CAAC;gBACxF,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxC,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,8BAA8B,CAAC,CAAC;oBACtF,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;oBACnD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBACzB,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,wBAAwB,CAAC,CAAC;wBACzE,MAAM,IAAI,GAAG,IAAI,CAAC,2BAA2B,CAAC,OAAO,CAAC,EAAE,EAAE;4BACxD,QAAQ;4BACR,MAAM,EAAE,SAAS;4BACjB,MAAM,EAAE,MAAM,CAAC,IAAI;yBACpB,CAAC,CAAC;wBACH,IAAI,IAAI;4BAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;wBAClC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;oBAC/B,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,wBAAwB,CAAC,CAAC;oBACpF,CAAC;gBACH,CAAC;gBACD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBAC9C,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CACrC,MAAM,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAC/B,CAAC;oBACF,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,sCAAsC,CAAC,CAAC;wBACvF,MAAM,IAAI,GAAG,IAAI,CAAC,2BAA2B,CAAC,OAAO,CAAC,EAAE,EAAE;4BACxD,QAAQ;4BACR,MAAM,EAAE,UAAU;4BAClB,MAAM,EAAE,MAAM,CAAC,IAAI;yBACpB,CAAC,CAAC;wBACH,IAAI,IAAI;4BAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;wBAClC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;oBAC/B,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,CAAC,KAAK,CACV;gBACE,YAAY,EAAE,kBAAkB;gBAChC,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC;gBAChB,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,aAAa,EAAE,IAAI;aACpB,EACD,+BAA+B,CAChC,CAAC;YAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI;aACL,CAAC,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,MAAM,CAAC,KAAK,CACV;gBACE,YAAY,EAAE,mBAAmB;gBACjC,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,YAAY,EAAE,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,EAAE;aACtB,EACD,qBAAqB,CACtB,CAAC;YAEF,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,qBAAqB,CAAC,CAAC;YAC7C,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;QAC9C,CAAC;IACH,CAAC;IAEO,mBAAmB,CACzB,EAA+B,EAC/B,OAKC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,2BAA2B,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC3D,IAAI,IAAI;YAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,cAAc,CAAC,IAAY;QACvC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;YAEnD,IAAI,OAAO,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBACpC,MAAM,CAAC,KAAK,CACV,EAAE,YAAY,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,EAC5E,4BAA4B,CAC7B,CAAC;gBACF,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,WAAW,CAAC;gBACrD,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,EAAE,SAAS,CAAC;gBACvC,MAAM,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,+BAA+B,CAAC,CAAC;gBACnF,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;oBACxC,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;oBACnD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;wBACzB,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,wBAAwB,CAAC,CAAC;wBACzE,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,EAAE;4BACnC,QAAQ;4BACR,MAAM,EAAE,SAAS;4BACjB,MAAM,EAAE,MAAM,CAAC,IAAI;yBACpB,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;gBACD,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;oBAC9C,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CACrC,MAAM,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAC/B,CAAC;oBACF,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;wBACxB,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,sCAAsC,CAAC,CAAC;wBACvF,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,EAAE;4BACnC,QAAQ;4BACR,MAAM,EAAE,UAAU;4BAClB,MAAM,EAAE,MAAM,CAAC,IAAI;yBACpB,CAAC,CAAC;wBACH,OAAO;oBACT,CAAC;gBACH,CAAC;YACH,CAAC;YAED,MAAM,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,oDAAoD,CAAC,CAAC;YAC5E,MAAM,IAAI,CAAC,SAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;CACF"}

package/dist/core/GuardioErrorCodes.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Guardio error code ranges (JSON-RPC error.code):
+ * -32100 to -32199: Guardio Core Errors (gateway-level issues)
+ * -32200 to -32299: Guardio Policy Errors (policy enforcement)
+ * -32300 to -32399: Guardio Auth/RBAC Errors (authentication & authorization)
+ * -32400 to -32499: Guardio Validation Errors (input/parameter validation)
+ * -32500 to -32599: Guardio Rate Limiting & Quota Errors
+ * -32600 to -32699: Guardio Audit & Compliance Errors
+ * -32700 to -32799: Reserved for future Guardio features
+ */
+/** Guardio Core Errors (-32100 to -32199) */
+export declare const GuardioCoreError: {
+    readonly GUARDIO_INTERNAL_ERROR: -32100;
+    readonly GUARDIO_CONFIGURATION_ERROR: -32101;
+    readonly GUARDIO_TIMEOUT: -32102;
+    readonly GUARDIO_CIRCUIT_BREAKER_OPEN: -32103;
+    readonly GUARDIO_UPSTREAM_UNAVAILABLE: -32104;
+    readonly GUARDIO_UNKNOWN_ERROR: -32110;
+};
+/** Guardio Policy Errors (-32200 to -32299) */
+export declare const GuardioPolicyError: {
+    readonly POLICY_VIOLATION: -32200;
+    readonly POLICY_NOT_FOUND: -32201;
+    readonly POLICY_EVALUATION_FAILED: -32202;
+    readonly TOOL_BLOCKED: -32210;
+    readonly TOOL_NOT_FOUND: -32211;
+    readonly TOOL_DEPRECATED: -32212;
+    readonly TOOL_MAINTENANCE: -32213;
+    readonly PARAMETER_BLOCKED: -32220;
+    readonly PARAMETER_PATTERN_VIOLATION: -32221;
+    readonly PARAMETER_VALUE_RESTRICTED: -32222;
+    readonly SENSITIVE_DATA_DETECTED: -32223;
+    readonly CONTEXT_VIOLATION: -32230;
+    readonly TIME_WINDOW_VIOLATION: -32231;
+    readonly GEOGRAPHIC_RESTRICTION: -32232;
+    readonly ENVIRONMENT_MISMATCH: -32233;
+    readonly TOOL_COMBINATION_BLOCKED: -32240;
+    readonly PARAMETER_COMBINATION_BLOCKED: -32241;
+};
+/** Human-readable error type names for error.data.error.type */
+export declare const GuardioErrorTypeName: Record<number, string>;
+//# sourceMappingURL=GuardioErrorCodes.d.ts.map

package/dist/core/GuardioErrorCodes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GuardioErrorCodes.d.ts","sourceRoot":"","sources":["../../src/core/GuardioErrorCodes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,6CAA6C;AAC7C,eAAO,MAAM,gBAAgB;;;;;;;CAOnB,CAAC;AAEX,+CAA+C;AAC/C,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;CA2BrB,CAAC;AAEX,gEAAgE;AAChE,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAyBvD,CAAC"}

package/dist/core/GuardioErrorCodes.js

@@ -0,0 +1,71 @@
+/**
+ * Guardio error code ranges (JSON-RPC error.code):
+ * -32100 to -32199: Guardio Core Errors (gateway-level issues)
+ * -32200 to -32299: Guardio Policy Errors (policy enforcement)
+ * -32300 to -32399: Guardio Auth/RBAC Errors (authentication & authorization)
+ * -32400 to -32499: Guardio Validation Errors (input/parameter validation)
+ * -32500 to -32599: Guardio Rate Limiting & Quota Errors
+ * -32600 to -32699: Guardio Audit & Compliance Errors
+ * -32700 to -32799: Reserved for future Guardio features
+ */
+/** Guardio Core Errors (-32100 to -32199) */
+export const GuardioCoreError = {
+    GUARDIO_INTERNAL_ERROR: -32100,
+    GUARDIO_CONFIGURATION_ERROR: -32101,
+    GUARDIO_TIMEOUT: -32102,
+    GUARDIO_CIRCUIT_BREAKER_OPEN: -32103,
+    GUARDIO_UPSTREAM_UNAVAILABLE: -32104,
+    GUARDIO_UNKNOWN_ERROR: -32110,
+};
+/** Guardio Policy Errors (-32200 to -32299) */
+export const GuardioPolicyError = {
+    // Generic policy errors
+    POLICY_VIOLATION: -32200,
+    POLICY_NOT_FOUND: -32201,
+    POLICY_EVALUATION_FAILED: -32202,
+    // Tool-level policies
+    TOOL_BLOCKED: -32210,
+    TOOL_NOT_FOUND: -32211,
+    TOOL_DEPRECATED: -32212,
+    TOOL_MAINTENANCE: -32213,
+    // Parameter-level policies
+    PARAMETER_BLOCKED: -32220,
+    PARAMETER_PATTERN_VIOLATION: -32221,
+    PARAMETER_VALUE_RESTRICTED: -32222,
+    SENSITIVE_DATA_DETECTED: -32223,
+    // Contextual policies
+    CONTEXT_VIOLATION: -32230,
+    TIME_WINDOW_VIOLATION: -32231,
+    GEOGRAPHIC_RESTRICTION: -32232,
+    ENVIRONMENT_MISMATCH: -32233,
+    // Combination policies
+    TOOL_COMBINATION_BLOCKED: -32240,
+    PARAMETER_COMBINATION_BLOCKED: -32241,
+};
+/** Human-readable error type names for error.data.error.type */
+export const GuardioErrorTypeName = {
+    [GuardioCoreError.GUARDIO_INTERNAL_ERROR]: "GUARDIO_INTERNAL_ERROR",
+    [GuardioCoreError.GUARDIO_CONFIGURATION_ERROR]: "GUARDIO_CONFIGURATION_ERROR",
+    [GuardioCoreError.GUARDIO_TIMEOUT]: "GUARDIO_TIMEOUT",
+    [GuardioCoreError.GUARDIO_CIRCUIT_BREAKER_OPEN]: "GUARDIO_CIRCUIT_BREAKER_OPEN",
+    [GuardioCoreError.GUARDIO_UPSTREAM_UNAVAILABLE]: "GUARDIO_UPSTREAM_UNAVAILABLE",
+    [GuardioCoreError.GUARDIO_UNKNOWN_ERROR]: "GUARDIO_UNKNOWN_ERROR",
+    [GuardioPolicyError.POLICY_VIOLATION]: "POLICY_VIOLATION",
+    [GuardioPolicyError.POLICY_NOT_FOUND]: "POLICY_NOT_FOUND",
+    [GuardioPolicyError.POLICY_EVALUATION_FAILED]: "POLICY_EVALUATION_FAILED",
+    [GuardioPolicyError.TOOL_BLOCKED]: "TOOL_BLOCKED",
+    [GuardioPolicyError.TOOL_NOT_FOUND]: "TOOL_NOT_FOUND",
+    [GuardioPolicyError.TOOL_DEPRECATED]: "TOOL_DEPRECATED",
+    [GuardioPolicyError.TOOL_MAINTENANCE]: "TOOL_MAINTENANCE",
+    [GuardioPolicyError.PARAMETER_BLOCKED]: "PARAMETER_BLOCKED",
+    [GuardioPolicyError.PARAMETER_PATTERN_VIOLATION]: "PARAMETER_PATTERN_VIOLATION",
+    [GuardioPolicyError.PARAMETER_VALUE_RESTRICTED]: "PARAMETER_VALUE_RESTRICTED",
+    [GuardioPolicyError.SENSITIVE_DATA_DETECTED]: "SENSITIVE_DATA_DETECTED",
+    [GuardioPolicyError.CONTEXT_VIOLATION]: "CONTEXT_VIOLATION",
+    [GuardioPolicyError.TIME_WINDOW_VIOLATION]: "TIME_WINDOW_VIOLATION",
+    [GuardioPolicyError.GEOGRAPHIC_RESTRICTION]: "GEOGRAPHIC_RESTRICTION",
+    [GuardioPolicyError.ENVIRONMENT_MISMATCH]: "ENVIRONMENT_MISMATCH",
+    [GuardioPolicyError.TOOL_COMBINATION_BLOCKED]: "TOOL_COMBINATION_BLOCKED",
+    [GuardioPolicyError.PARAMETER_COMBINATION_BLOCKED]: "PARAMETER_COMBINATION_BLOCKED",
+};
+//# sourceMappingURL=GuardioErrorCodes.js.map

package/dist/core/GuardioErrorCodes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GuardioErrorCodes.js","sourceRoot":"","sources":["../../src/core/GuardioErrorCodes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,6CAA6C;AAC7C,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,sBAAsB,EAAE,CAAC,KAAK;IAC9B,2BAA2B,EAAE,CAAC,KAAK;IACnC,eAAe,EAAE,CAAC,KAAK;IACvB,4BAA4B,EAAE,CAAC,KAAK;IACpC,4BAA4B,EAAE,CAAC,KAAK;IACpC,qBAAqB,EAAE,CAAC,KAAK;CACrB,CAAC;AAEX,+CAA+C;AAC/C,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,wBAAwB;IACxB,gBAAgB,EAAE,CAAC,KAAK;IACxB,gBAAgB,EAAE,CAAC,KAAK;IACxB,wBAAwB,EAAE,CAAC,KAAK;IAEhC,sBAAsB;IACtB,YAAY,EAAE,CAAC,KAAK;IACpB,cAAc,EAAE,CAAC,KAAK;IACtB,eAAe,EAAE,CAAC,KAAK;IACvB,gBAAgB,EAAE,CAAC,KAAK;IAExB,2BAA2B;IAC3B,iBAAiB,EAAE,CAAC,KAAK;IACzB,2BAA2B,EAAE,CAAC,KAAK;IACnC,0BAA0B,EAAE,CAAC,KAAK;IAClC,uBAAuB,EAAE,CAAC,KAAK;IAE/B,sBAAsB;IACtB,iBAAiB,EAAE,CAAC,KAAK;IACzB,qBAAqB,EAAE,CAAC,KAAK;IAC7B,sBAAsB,EAAE,CAAC,KAAK;IAC9B,oBAAoB,EAAE,CAAC,KAAK;IAE5B,uBAAuB;IACvB,wBAAwB,EAAE,CAAC,KAAK;IAChC,6BAA6B,EAAE,CAAC,KAAK;CAC7B,CAAC;AAEX,gEAAgE;AAChE,MAAM,CAAC,MAAM,oBAAoB,GAA2B;IAC1D,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,EAAE,wBAAwB;IACnE,CAAC,gBAAgB,CAAC,2BAA2B,CAAC,EAAE,6BAA6B;IAC7E,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAAE,iBAAiB;IACrD,CAAC,gBAAgB,CAAC,4BAA4B,CAAC,EAAE,8BAA8B;IAC/E,CAAC,gBAAgB,CAAC,4BAA4B,CAAC,EAAE,8BAA8B;IAC/E,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,EAAE,uBAAuB;IAEjE,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,kBAAkB;IACzD,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,kBAAkB;IACzD,CAAC,kBAAkB,CAAC,wBAAwB,CAAC,EAAE,0BAA0B;IACzE,CAAC,kBAAkB,CAAC,YAAY,CAAC,EAAE,cAAc;IACjD,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,gBAAgB;IACrD,CAAC,kBAAkB,CAAC,eAAe,CAAC,EAAE,iBAAiB;IACvD,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,EAAE,kBAAkB;IACzD,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,mBAAmB;IAC3D,CAAC,kBAAkB,CAAC,2BAA2B,CAAC,EAAE,6BAA6B;IAC/E,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,EAAE,4BAA4B;IAC7E,CAAC,kBAAkB,CAAC,uBAAuB,CAAC,EAAE,yBAAyB;IACvE,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,mBAAmB;IAC3D,CAAC,kBAAkB,CAAC,qBAAqB,CAAC,EAAE,uBAAuB;IACnE,CAAC,kBAAkB,CAAC,sBAAsB,CAAC,EAAE,wBAAwB;IACrE,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,EAAE,sBAAsB;IACjE,CAAC,kBAAkB,CAAC,wBAAwB,CAAC,EAAE,0BAA0B;IACzE,CAAC,kBAAkB,CAAC,6BAA6B,CAAC,EAAE,+BAA+B;CACpF,CAAC"}

package/dist/core/transports/create-client-transport.d.ts

@@ -0,0 +1,14 @@
+import type { GuardioClientConfig } from "../../config/types.js";
+import type { ClientTransport } from "./types.js";
+export interface CreateClientTransportOptions {
+    /** For url server: handle POST /messages (run policy + fetch to remote, return status + body). */
+    handlePost?: (body: string) => Promise<{
+        status: number;
+        body: string;
+    }>;
+}
+/**
+ * Creates a ClientTransport from config. Default is stdio when client is omitted.
+ */
+export declare function createClientTransport(clientConfig?: GuardioClientConfig | null, options?: CreateClientTransportOptions): ClientTransport;
+//# sourceMappingURL=create-client-transport.d.ts.map

package/dist/core/transports/create-client-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-client-transport.d.ts","sourceRoot":"","sources":["../../../src/core/transports/create-client-transport.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAOlD,MAAM,WAAW,4BAA4B;IAC3C,kGAAkG;IAClG,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,MAAM,KACT,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,YAAY,CAAC,EAAE,mBAAmB,GAAG,IAAI,EACzC,OAAO,CAAC,EAAE,4BAA4B,GACrC,eAAe,CAUjB"}

package/dist/core/transports/create-client-transport.js

@@ -0,0 +1,19 @@
+import { StdioClientTransport } from "./stdio-client.js";
+import { HttpClientTransport } from "./http-client.js";
+import { logger } from "../../logger.js";
+const DEFAULT_CLIENT = { mode: "http" };
+/**
+ * Creates a ClientTransport from config. Default is stdio when client is omitted.
+ */
+export function createClientTransport(clientConfig, options) {
+    const client = clientConfig ?? DEFAULT_CLIENT;
+    if (client.mode === "http") {
+        const port = client.port ?? 8080;
+        const host = client.host;
+        logger.debug({ port, host }, "Creating HTTP client transport");
+        return new HttpClientTransport({ port, host, handlePost: options?.handlePost });
+    }
+    logger.debug("Creating stdio client transport");
+    return new StdioClientTransport();
+}
+//# sourceMappingURL=create-client-transport.js.map

package/dist/core/transports/create-client-transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-client-transport.js","sourceRoot":"","sources":["../../../src/core/transports/create-client-transport.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,cAAc,GAAwB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAS7D;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,YAAyC,EACzC,OAAsC;IAEtC,MAAM,MAAM,GAAG,YAAY,IAAI,cAAc,CAAC;IAC9C,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,IAAI,CAAC;QACjC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACzB,MAAM,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,gCAAgC,CAAC,CAAC;QAC/D,OAAO,IAAI,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,MAAM,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAChD,OAAO,IAAI,oBAAoB,EAAE,CAAC;AACpC,CAAC"}

package/dist/core/transports/http-client.d.ts

@@ -0,0 +1,27 @@
+import type { ClientTransport } from "./types.js";
+/**
+ * Client transport matching guardio-simple: GET /sse (SSE stream), POST /messages (forward to remote).
+ * GET /health for liveness/readiness. Supports multiple Cursor clients; broadcasts endpoint and messages to all.
+ */
+export declare class HttpClientTransport implements ClientTransport {
+    private fastify;
+    private onMessageHandler;
+    private readonly port;
+    private readonly host;
+    private readonly activeClients;
+    private remoteReady;
+    private readonly handlePost?;
+    constructor(options: {
+        port: number;
+        host?: string;
+        handlePost?: (body: string) => Promise<{
+            status: number;
+            body: string;
+        }>;
+    });
+    setRemoteReady(): void;
+    private broadcast;
+    listen(onMessage: (line: string) => Promise<void>): void;
+    send(message: string): void;
+}
+//# sourceMappingURL=http-client.d.ts.map

package/dist/core/transports/http-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client.d.ts","sourceRoot":"","sources":["../../../src/core/transports/http-client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAOlD;;;GAGG;AACH,qBAAa,mBAAoB,YAAW,eAAe;IACzD,OAAO,CAAC,OAAO,CAAwC;IACvD,OAAO,CAAC,gBAAgB,CAAkD;IAC1E,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAA6B;IAC3D,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAEmB;gBAEnC,OAAO,EAAE;QACnB,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,MAAM,KACT,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KAChD;IAMD,cAAc,IAAI,IAAI;IAKtB,OAAO,CAAC,SAAS;IAMjB,MAAM,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI;IA6DxD,IAAI,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;CAG5B"}

package/dist/core/transports/http-client.js

@@ -0,0 +1,86 @@
+import Fastify from "fastify";
+import { logger } from "../../logger.js";
+const SSE_PATH = "/sse";
+const MESSAGES_PATH = "/messages";
+const HEALTH_PATH = "/health";
+/**
+ * Client transport matching guardio-simple: GET /sse (SSE stream), POST /messages (forward to remote).
+ * GET /health for liveness/readiness. Supports multiple Cursor clients; broadcasts endpoint and messages to all.
+ */
+export class HttpClientTransport {
+    fastify = null;
+    onMessageHandler = null;
+    port;
+    host;
+    activeClients = new Set();
+    remoteReady = false;
+    handlePost;
+    constructor(options) {
+        this.port = options.port;
+        this.host = options.host ?? "127.0.0.1";
+        this.handlePost = options.handlePost;
+    }
+    setRemoteReady() {
+        this.remoteReady = true;
+        this.broadcast("event: endpoint\ndata: /messages\n\n");
+    }
+    broadcast(data) {
+        for (const client of this.activeClients) {
+            if (!client.writableEnded)
+                client.write(data);
+        }
+    }
+    listen(onMessage) {
+        this.onMessageHandler = onMessage;
+        const app = Fastify({ logger: false });
+        // Keep raw body for POST /messages so we can forward the exact JSON-RPC string
+        app.addContentTypeParser("application/json", { parseAs: "string" }, (_req, body, done) => done(null, body));
+        app.get(HEALTH_PATH, async (_request, reply) => {
+            return reply.status(200).send({ status: "ok" });
+        });
+        app.get(SSE_PATH, async (request, reply) => {
+            reply.hijack();
+            const res = reply.raw;
+            res.writeHead(200, {
+                "Content-Type": "text/event-stream",
+                "Cache-Control": "no-cache",
+                Connection: "keep-alive",
+            });
+            this.activeClients.add(res);
+            logger.debug({ activeClients: this.activeClients.size }, "SSE client connected");
+            if (this.remoteReady) {
+                res.write("event: endpoint\ndata: /messages\n\n");
+            }
+            request.raw.on("close", () => {
+                this.activeClients.delete(res);
+                logger.debug({ activeClients: this.activeClients.size }, "SSE client disconnected");
+            });
+        });
+        app.post(MESSAGES_PATH, async (request, reply) => {
+            const body = typeof request.body === "string" ? request.body : "";
+            if (this.handlePost) {
+                try {
+                    const result = await this.handlePost(body);
+                    return reply.status(result.status).type("application/json").send(result.body);
+                }
+                catch (err) {
+                    logger.error({ err }, "POST /messages failed");
+                    return reply.status(500).type("text/plain").send("Proxy Error");
+                }
+            }
+            return reply.status(503).type("text/plain").send("Remote MCP not ready");
+        });
+        this.fastify = app;
+        app.listen({ port: this.port, host: this.host }, (err) => {
+            if (err) {
+                logger.error({ err }, "HTTP server listen failed");
+                return;
+            }
+            logger.info({ url: `http://${this.host}:${this.port}`, ssePath: SSE_PATH, healthPath: HEALTH_PATH }, "Proxy running; add SSE URL to Cursor");
+        });
+    }
+    send(message) {
+        this.broadcast(`data: ${message}\n\n`);
+    }
+}
+//# sourceMappingURL=http-client.js.map

package/dist/core/transports/http-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client.js","sourceRoot":"","sources":["../../../src/core/transports/http-client.ts"],"names":[],"mappings":"AACA,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,QAAQ,GAAG,MAAM,CAAC;AACxB,MAAM,aAAa,GAAG,WAAW,CAAC;AAClC,MAAM,WAAW,GAAG,SAAS,CAAC;AAE9B;;;GAGG;AACH,MAAM,OAAO,mBAAmB;IACtB,OAAO,GAAmC,IAAI,CAAC;IAC/C,gBAAgB,GAA6C,IAAI,CAAC;IACzD,IAAI,CAAS;IACb,IAAI,CAAS;IACb,aAAa,GAAG,IAAI,GAAG,EAAkB,CAAC;IACnD,WAAW,GAAG,KAAK,CAAC;IACX,UAAU,CAEoB;IAE/C,YAAY,OAMX;QACC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QACzB,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;QACxC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACvC,CAAC;IAED,cAAc;QACZ,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,SAAS,CAAC,sCAAsC,CAAC,CAAC;IACzD,CAAC;IAEO,SAAS,CAAC,IAAY;QAC5B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,aAAa;gBAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAED,MAAM,CAAC,SAA0C;QAC/C,IAAI,CAAC,gBAAgB,GAAG,SAAS,CAAC;QAClC,MAAM,GAAG,GAAG,OAAO,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAEvC,+EAA+E;QAC/E,GAAG,CAAC,oBAAoB,CACtB,kBAAkB,EAClB,EAAE,OAAO,EAAE,QAAQ,EAAE,EACrB,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,IAAc,CAAC,CACjD,CAAC;QAEF,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE;YAC7C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;YACzC,KAAK,CAAC,MAAM,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;YACtB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;gBACjB,cAAc,EAAE,mBAAmB;gBACnC,eAAe,EAAE,UAAU;gBAC3B,UAAU,EAAE,YAAY;aACzB,CAAC,CAAC;YACH,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,CAAC,KAAK,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,sBAAsB,CAAC,CAAC;YACjF,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YACpD,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBAC3B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC/B,MAAM,CAAC,KAAK,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,yBAAyB,CAAC,CAAC;YACtF,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;YAC/C,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;oBAC3C,OAAO,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAChF,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uBAAuB,CAAC,CAAC;oBAC/C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;gBAClE,CAAC;YACH,CAAC;YACD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC;QACnB,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;YACvD,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,2BAA2B,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CACT,EAAE,GAAG,EAAE,UAAU,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,WAAW,EAAE,EACvF,sCAAsC,CACvC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,OAAe;QAClB,IAAI,CAAC,SAAS,CAAC,SAAS,OAAO,MAAM,CAAC,CAAC;IACzC,CAAC;CACF"}