@guardion/guardion 0.2.0 → 0.4.0

package/dist/core/mcp/transport/stdio.cjs

@@ -0,0 +1,60 @@
+'use strict';
+/**
+ * stdio transport: the host launches us in place of the real server and speaks
+ * newline-delimited JSON-RPC over our stdin/stdout; we spawn the real server and
+ * relay over its stdin/stdout. This is the default, universal interposer mode.
+ *
+ *   client (host)  ⇄  process.stdin / process.stdout
+ *   server (real)  ⇄  child.stdin   / child.stdout
+ *
+ * Channel contract (shared by every transport):
+ *   sendClient(obj) — emit toward the host
+ *   sendServer(obj) — emit toward the real server
+ *   start({ onClient, onServer }) — begin relaying parsed messages; unparseable
+ *      lines are forwarded verbatim (opaque) so we never corrupt the stream
+ *   close()
+ */
+const { spawn } = require('child_process');
+const J = require('../jsonrpc.cjs');
+
+function createStdioChannel(opts) {
+  const { target, env, onExit, log = () => {} } = opts;
+  if (!Array.isArray(target) || target.length === 0) {
+    throw new Error('stdio transport requires a target command after --');
+  }
+  const child = spawn(target[0], target.slice(1), { stdio: ['pipe', 'pipe', 'inherit'], env: env || process.env });
+  child.on('error', (e) => { log(`spawn error: ${e.message}`); process.exit(1); });
+  child.on('exit', (code) => { if (onExit) onExit(code); });
+
+  function sendClient(obj) { process.stdout.write(J.serialize(obj) + '\n'); }
+  function sendServer(obj) { try { child.stdin.write(J.serialize(obj) + '\n'); } catch { /* server gone */ } }
+  function sendServerRaw(line) { try { child.stdin.write(line + '\n'); } catch { /* server gone */ } }
+  function sendClientRaw(line) { process.stdout.write(line + '\n'); }
+
+  function start(handlers) {
+    const inF = new J.LineFramer();
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', (d) => {
+      for (const line of inF.push(d)) {
+        const msg = J.parse(line);
+        if (msg) Promise.resolve(handlers.onClient(msg)).catch(() => {});
+        else sendServerRaw(line);                // opaque → pass through
+      }
+    });
+    const outF = new J.LineFramer();
+    child.stdout.setEncoding('utf8');
+    child.stdout.on('data', (d) => {
+      for (const line of outF.push(d)) {
+        const msg = J.parse(line);
+        if (msg) Promise.resolve(handlers.onServer(msg)).catch(() => {});
+        else sendClientRaw(line);                // opaque → pass through
+      }
+    });
+  }
+
+  function close() { try { child.kill(); } catch { /* ignore */ } }
+
+  return { sendClient, sendServer, start, close, child };
+}
+
+module.exports = { createStdioChannel };

package/dist/core/mcp-interpose.cjs

@@ -0,0 +1,141 @@
+#!/usr/bin/env node
+'use strict';
+/**
+ * Guardion MCP interposer (Layer 2, AGT MCP-Security-Gateway-1.0 contract).
+ *
+ * A UNIVERSAL, host-agnostic way to scan every MCP message for ANY agent app that
+ * uses MCP servers (Claude Desktop, ChatGPT Desktop, Cursor, Cline, Windsurf, …).
+ * It relays JSON-RPC both ways and delegates ALL detection to Guard (POST /v1/guard)
+ * — we never re-implement detection here.
+ *
+ *   stdio (default):   node mcp-interpose.cjs --server <name> -- <cmd> <args...>
+ *   http_forward:      node mcp-interpose.cjs --server <name> --url https://host/mcp
+ *   http_input:        node mcp-interpose.cjs --server <name> --listen 8900 -- <cmd>
+ *   http_reverse:      node mcp-interpose.cjs --server <name> --listen 8900 --url https://host/mcp
+ *   sse_bridge:        node mcp-interpose.cjs --server <name> --transport sse_bridge --url https://host/sse
+ *
+ * Scanned (delegated to Guard):
+ *   • tools/call · resources/read · prompts/get  request  → INPUT  (PreTool)
+ *   • their results                               → OUTPUT (PostTool): deny ⇒ error,
+ *                                                    correction ⇒ in-proxy redaction
+ *   • sampling/createMessage (server-initiated)   → INPUT  (host LLM feed)
+ *   • tools/list result → integrity AT CONNECT: rug-pull (local fingerprint drift)
+ *     strips changed tools; a Guard deny refuses the poisoned server
+ *
+ * Zero external deps (node builtins only). Fail-OPEN by default; never blocks the
+ * transport on its own errors. Enforcement gated by config.enforce (default off).
+ */
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+
+const { createGuardClient } = require('./mcp/guard-client.cjs');
+const { createInterceptor } = require('./mcp/interceptor.cjs');
+const { selectTransport, TRANSPORTS } = require('./mcp/transport/index.cjs');
+let fingerprint = null;
+try { fingerprint = require('./fingerprint.cjs'); } catch { /* pin optional */ }
+
+function log(msg) { process.stderr.write(`[guardion] mcp-interpose: ${msg}\n`); }
+
+// ── argv parsing: flags before `--`, target command after ────────────────────
+const argv = process.argv.slice(2);
+const dd = argv.indexOf('--');
+const flags = argv.slice(0, dd === -1 ? argv.length : dd);
+const target = dd === -1 ? [] : argv.slice(dd + 1);
+
+function flagVal(name) { const i = flags.indexOf(name); return i >= 0 ? (flags[i + 1] || '') : ''; }
+function flagAll(name) { const out = []; for (let i = 0; i < flags.length; i++) if (flags[i] === name) out.push(flags[i + 1] || ''); return out; }
+
+const serverName = flagVal('--server');
+const upstreamUrl = flagVal('--url');
+const listenSpec = flagVal('--listen');
+const headerArgs = flagAll('--header');   // 'Authorization: Bearer x'
+
+// transport: explicit flag, else inferred from --url / --listen / target.
+function inferTransport() {
+  const explicit = flagVal('--transport');
+  if (explicit) return explicit;
+  if (upstreamUrl && listenSpec) return 'http_reverse';
+  if (upstreamUrl) return 'http_forward';
+  if (listenSpec && target.length) return 'http_input';
+  return 'stdio';
+}
+const transportKind = inferTransport();
+if (!TRANSPORTS.has(transportKind)) { log(`unknown --transport ${transportKind}`); process.exit(1); }
+
+// ── config / token (same resolution as the hook) ─────────────────────────────
+function loadConfig() {
+  try { return JSON.parse(fs.readFileSync(path.join(os.homedir(), '.guardion', 'config.json'), 'utf8')); } catch { return {}; }
+}
+const cfg = loadConfig();
+const API_URL = process.env.GUARDION_API_URL || cfg.api_url || 'https://api.guardion.ai';
+// --policy flag > env > config. Lets `guardion mcp --policy x` target a policy per server.
+const POLICY = flagVal('--policy') || process.env.GUARDION_POLICY || cfg.policy || undefined;
+const APPLICATION = cfg.application || 'mcp-interpose';
+const TIMEOUT = (cfg.hooks && cfg.hooks.timeout_ms) || 3000;
+
+// Mode resolution: an explicit `--mode` (or GUARDION_MODE / cfg.mode) is the single knob
+// the `guardion mcp` command sets; it OVERRIDES the individual env flags.
+//   dlp     → anonymize via corrections, never block      (default)
+//   enforce → block on a deny verdict + anonymize
+//   monitor → observe-only, fire-and-forget (no modification)
+const MODE = (flagVal('--mode') || process.env.GUARDION_MODE || cfg.mode || '').toLowerCase();
+let ENFORCE = cfg.enforce === true || process.env.GUARDION_ENFORCE === 'true';
+let DLP = cfg.dlp === true || process.env.GUARDION_DLP === 'true';
+if (MODE === 'dlp') { DLP = true; ENFORCE = false; }
+else if (MODE === 'enforce') { ENFORCE = true; }
+else if (MODE === 'monitor' || MODE === 'observe') { DLP = false; ENFORCE = false; }
+const FAIL_CLOSED = cfg.fail_closed === true || process.env.GUARDION_FAIL_CLOSED === 'true';
+const INTEGRITY = cfg.integrity !== false;   // default on (tool-list integrity at connect)
+const REDACT = cfg.redact !== false;         // default on (in-proxy redaction)
+
+function resolveToken() {
+  if (process.env.GUARDION_TOKEN) return process.env.GUARDION_TOKEN.trim();
+  for (const p of ['/etc/guardion/token', path.join(os.homedir(), '.guardion', 'token')]) {
+    try { const t = fs.readFileSync(p, 'utf8').trim(); if (t) return t; } catch { /* absent */ }
+  }
+  return '';
+}
+const TOKEN = resolveToken();
+
+function parseHeaders(items) {
+  const h = {};
+  for (const it of items) { const i = it.indexOf(':'); if (i > 0) h[it.slice(0, i).trim()] = it.slice(i + 1).trim(); }
+  return h;
+}
+function parseListen(spec) {
+  if (!spec) return { host: '127.0.0.1', port: 0 };
+  const i = spec.lastIndexOf(':');
+  if (i > 0) return { host: spec.slice(0, i), port: parseInt(spec.slice(i + 1), 10) || 0 };
+  return { host: '127.0.0.1', port: parseInt(spec, 10) || 0 };
+}
+
+// ── wire guard client + interceptor + transport ──────────────────────────────
+const guard = createGuardClient({
+  apiUrl: API_URL, token: TOKEN, policy: POLICY, application: APPLICATION,
+  timeout: TIMEOUT, failClosed: FAIL_CLOSED,
+});
+
+const listen = parseListen(listenSpec);
+let channel;
+try {
+  channel = selectTransport(transportKind, {
+    target, env: process.env, url: upstreamUrl, headers: parseHeaders(headerArgs),
+    timeout: 30000, port: listen.port, host: listen.host, mcpPath: '/',
+    onExit: (code) => process.exit(code == null ? 0 : code), log,
+  });
+} catch (e) { log(e.message); process.exit(1); }
+
+const interceptor = createInterceptor({
+  guard, enforce: ENFORCE, dlp: DLP, integrity: INTEGRITY, redact: REDACT,
+  fingerprint, pinPath: path.join(os.homedir(), '.guardion', 'fingerprints.json'),
+  serverName, log,
+  sendClient: channel.sendClient, sendServer: channel.sendServer,
+});
+
+Promise.resolve(channel.start({ onClient: interceptor.onClient, onServer: interceptor.onServer })).catch((e) => { log(`start error: ${e && e.message}`); });
+
+// stdio-host transports without a child exit when the host closes stdin.
+if (transportKind === 'http_forward' || transportKind === 'sse_bridge') {
+  process.stdin.on('end', () => process.exit(0));
+}

package/dist/core/mcp-protect.d.ts

@@ -0,0 +1,69 @@
+export interface McpServerCfg {
+    command?: string;
+    args?: string[];
+    env?: Record<string, string>;
+    url?: string;
+    type?: string;
+    headers?: Record<string, string>;
+    [k: string]: unknown;
+}
+/** npm package that ships the `guardion mcp` wrapper (used in the injected npx prefix). */
+export declare const NPX_PKG = "@guardion/guardion";
+/** Absolute path to the interposer script (lives beside this core module; dist mirrors source). */
+export declare function interposerPath(): string;
+/** Known agent-app MCP config locations (existing ones are acted on). */
+export declare function knownAppConfigs(home?: string, cwd?: string): Array<{
+    app: string;
+    path: string;
+}>;
+/** The key under which a given config object holds its MCP servers. */
+export declare function serversKey(obj: any): 'mcpServers' | 'servers' | null;
+/** True if a server entry is already pointing at our wrapper (idempotency). Detects
+ *  both the npx form (`npx -y @guardion/guardion mcp …`) and the local node form. */
+export declare function isWrapped(cfg: McpServerCfg, interposer?: string): boolean;
+/** Pick the interposer transport for a URL server: legacy SSE vs streamable HTTP. */
+export declare function urlTransport(cfg: McpServerCfg): 'sse_bridge' | 'http_forward';
+export interface WrapOpts {
+    /** DLP mode baked into the prefix: dlp (default) | enforce | monitor */
+    mode?: string;
+    /** Optional policy slug for this server */
+    policy?: string;
+    /** Dev: inject `node <abs>/mcp-interpose.cjs` instead of the npx form */
+    local?: boolean;
+    nodeBin?: string;
+    interposer?: string;
+}
+/** Wrap one MCP server config so the host launches `guardion mcp` + the real server.
+ *  By default the prefix is the npx form (`npx -y @guardion/guardion mcp …`) so no
+ *  global install is needed; `--local` injects the repo's interposer directly. stdio
+ *  servers keep the `-- cmd args` form; URL servers bridge over http_forward / sse_bridge
+ *  so they get the same governance instead of being skipped. */
+export declare function wrapServer(name: string, original: McpServerCfg, opts?: WrapOpts): McpServerCfg;
+export interface RewriteResult {
+    obj: any;
+    wrapped: string[];
+    skipped: string[];
+}
+/** Pure: rewrite all MCP servers in a parsed config object. Both stdio (command)
+ *  and URL (http/sse) servers are wrapped — URL servers bridge through the
+ *  interposer over http_forward / sse_bridge. Idempotent. */
+export declare function rewriteServers(obj: any, opts?: WrapOpts): RewriteResult;
+/** Restore a config object: unwrap any interposer-wrapped servers back to original. */
+export declare function unwrapServers(obj: any, interposer?: string): RewriteResult;
+export interface ProtectFileResult {
+    app: string;
+    path: string;
+    wrapped: string[];
+    skipped: string[];
+    error?: string;
+}
+/** Protect a single config file (backup + rewrite). Best-effort; never throws. */
+export declare function protectFile(app: string, file: string, dryRun?: boolean, opts?: WrapOpts): ProtectFileResult;
+/** Revert a single config file from its backup (or unwrap in place). */
+export declare function revertFile(app: string, file: string): ProtectFileResult;
+/** Protect (or --revert) every discovered agent-app MCP config. */
+export declare function protectAll(opts?: {
+    revert?: boolean;
+    dryRun?: boolean;
+} & WrapOpts): ProtectFileResult[];
+//# sourceMappingURL=mcp-protect.d.ts.map

package/dist/core/mcp-protect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-protect.d.ts","sourceRoot":"","sources":["../../core/mcp-protect.ts"],"names":[],"mappings":"AAWA,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CACtB;AAED,2FAA2F;AAC3F,eAAO,MAAM,OAAO,uBAAuB,CAAC;AAE5C,mGAAmG;AACnG,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAED,yEAAyE;AACzE,wBAAgB,eAAe,CAAC,IAAI,SAAe,EAAE,GAAG,SAAgB,GAAG,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAY9G;AAED,uEAAuE;AACvE,wBAAgB,UAAU,CAAC,GAAG,EAAE,GAAG,GAAG,YAAY,GAAG,SAAS,GAAG,IAAI,CAIpE;AAED;qFACqF;AACrF,wBAAgB,SAAS,CAAC,GAAG,EAAE,YAAY,EAAE,UAAU,SAAmB,GAAG,OAAO,CAKnF;AAED,qFAAqF;AACrF,wBAAgB,YAAY,CAAC,GAAG,EAAE,YAAY,GAAG,YAAY,GAAG,cAAc,CAK7E;AAUD,MAAM,WAAW,QAAQ;IACvB,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,2CAA2C;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;gEAIgE;AAChE,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,GAAE,QAAa,GAAG,YAAY,CAalG;AAED,MAAM,WAAW,aAAa;IAAG,GAAG,EAAE,GAAG,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE;AAEjF;;6DAE6D;AAC7D,wBAAgB,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,GAAE,QAAa,GAAG,aAAa,CAc3E;AAED,uFAAuF;AACvF,wBAAgB,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,UAAU,SAAmB,GAAG,aAAa,CA+BpF;AAID,MAAM,WAAW,iBAAiB;IAAG,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE;AAEtH,kFAAkF;AAClF,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,UAAQ,EAAE,IAAI,GAAE,QAAa,GAAG,iBAAiB,CAa7G;AAED,wEAAwE;AACxE,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,iBAAiB,CAevE;AAED,mEAAmE;AACnE,wBAAgB,UAAU,CACxB,IAAI,GAAE;IAAE,MAAM,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,QAAa,GAC3D,iBAAiB,EAAE,CAIrB"}

package/dist/core/mcp-protect.js

@@ -0,0 +1,205 @@
+// `guardion mcp-protect` — universal MCP interposition install. Discovers the MCP
+// config of every agent app on this machine (Claude Desktop, ChatGPT Desktop,
+// Cursor, Cline, Windsurf, VS Code, Claude Code, project .mcp.json) and rewrites
+// each stdio MCP server so the host launches the Guardion interposer
+// (hooks/mcp-interpose.cjs) wrapping the real server — so every MCP tool
+// input/output is scanned for ANY host, no per-app hook required.
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+/** npm package that ships the `guardion mcp` wrapper (used in the injected npx prefix). */
+export const NPX_PKG = '@guardion/guardion';
+/** Absolute path to the interposer script (lives beside this core module; dist mirrors source). */
+export function interposerPath() {
+    return path.resolve(path.dirname(fileURLToPath(import.meta.url)), 'mcp-interpose.cjs');
+}
+/** Known agent-app MCP config locations (existing ones are acted on). */
+export function knownAppConfigs(home = os.homedir(), cwd = process.cwd()) {
+    const appSup = path.join(home, 'Library', 'Application Support'); // macOS
+    return [
+        { app: 'Claude Desktop', path: path.join(appSup, 'Claude', 'claude_desktop_config.json') },
+        { app: 'ChatGPT Desktop', path: path.join(appSup, 'ChatGPT', 'mcp.json') },
+        { app: 'Cursor', path: path.join(home, '.cursor', 'mcp.json') },
+        { app: 'Windsurf', path: path.join(home, '.codeium', 'windsurf', 'mcp_config.json') },
+        { app: 'Cline', path: path.join(appSup, 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json') },
+        { app: 'Claude Code', path: path.join(home, '.claude.json') },
+        { app: 'VS Code (project)', path: path.join(cwd, '.vscode', 'mcp.json') },
+        { app: 'Project .mcp.json', path: path.join(cwd, '.mcp.json') },
+    ];
+}
+/** The key under which a given config object holds its MCP servers. */
+export function serversKey(obj) {
+    if (obj && typeof obj.mcpServers === 'object')
+        return 'mcpServers';
+    if (obj && typeof obj.servers === 'object')
+        return 'servers';
+    return null;
+}
+/** True if a server entry is already pointing at our wrapper (idempotency). Detects
+ *  both the npx form (`npx -y @guardion/guardion mcp …`) and the local node form. */
+export function isWrapped(cfg, interposer = interposerPath()) {
+    if (!cfg || !Array.isArray(cfg.args))
+        return false;
+    return cfg.args.includes(interposer)
+        || cfg.args.includes(NPX_PKG)
+        || cfg.args.some((a) => typeof a === 'string' && a.endsWith('mcp-interpose.cjs'));
+}
+/** Pick the interposer transport for a URL server: legacy SSE vs streamable HTTP. */
+export function urlTransport(cfg) {
+    const t = String(cfg.type || '').toLowerCase();
+    const url = String(cfg.url || '');
+    if (t === 'sse' || /\/sse(\b|\/|\?|$)/.test(url))
+        return 'sse_bridge';
+    return 'http_forward';
+}
+/** Header config (object) → repeated `--header 'K: V'` interposer flags. */
+function headerFlags(headers) {
+    if (!headers || typeof headers !== 'object')
+        return [];
+    const out = [];
+    for (const [k, v] of Object.entries(headers))
+        out.push('--header', `${k}: ${v}`);
+    return out;
+}
+/** Wrap one MCP server config so the host launches `guardion mcp` + the real server.
+ *  By default the prefix is the npx form (`npx -y @guardion/guardion mcp …`) so no
+ *  global install is needed; `--local` injects the repo's interposer directly. stdio
+ *  servers keep the `-- cmd args` form; URL servers bridge over http_forward / sse_bridge
+ *  so they get the same governance instead of being skipped. */
+export function wrapServer(name, original, opts = {}) {
+    const mode = opts.mode || 'dlp';
+    const wrapArgs = ['--mode', mode, '--server', name];
+    if (opts.policy)
+        wrapArgs.push('--policy', opts.policy);
+    if (original.url) {
+        wrapArgs.push('--transport', urlTransport(original), '--url', String(original.url), ...headerFlags(original.headers));
+    }
+    else {
+        wrapArgs.push('--', original.command, ...(original.args || []));
+    }
+    const launch = opts.local
+        ? { command: opts.nodeBin || process.execPath, args: [opts.interposer || interposerPath(), ...wrapArgs] }
+        : { command: 'npx', args: ['-y', NPX_PKG, 'mcp', ...wrapArgs] };
+    return { ...launch, ...(original.env ? { env: original.env } : {}) };
+}
+/** Pure: rewrite all MCP servers in a parsed config object. Both stdio (command)
+ *  and URL (http/sse) servers are wrapped — URL servers bridge through the
+ *  interposer over http_forward / sse_bridge. Idempotent. */
+export function rewriteServers(obj, opts = {}) {
+    const key = serversKey(obj);
+    const wrapped = [];
+    const skipped = [];
+    if (!key)
+        return { obj, wrapped, skipped };
+    const servers = obj[key];
+    const out = {};
+    for (const [name, cfg] of Object.entries(servers)) {
+        if (!cfg || typeof cfg !== 'object') {
+            out[name] = cfg;
+            continue;
+        }
+        if (isWrapped(cfg)) {
+            out[name] = cfg;
+            continue;
+        } // already protected
+        if (!cfg.command && !cfg.url) {
+            out[name] = cfg;
+            skipped.push(name);
+            continue;
+        }
+        out[name] = wrapServer(name, cfg, opts);
+        wrapped.push(name);
+    }
+    return { obj: { ...obj, [key]: out }, wrapped, skipped };
+}
+/** Restore a config object: unwrap any interposer-wrapped servers back to original. */
+export function unwrapServers(obj, interposer = interposerPath()) {
+    const key = serversKey(obj);
+    const wrapped = [];
+    const skipped = [];
+    if (!key)
+        return { obj, wrapped, skipped };
+    const servers = obj[key];
+    const out = {};
+    for (const [name, cfg] of Object.entries(servers)) {
+        if (isWrapped(cfg, interposer)) {
+            const a = cfg.args || [];
+            const urlIdx = a.indexOf('--url');
+            if (urlIdx >= 0) { // URL server (http_forward / sse_bridge)
+                const tIdx = a.indexOf('--transport');
+                const kind = tIdx >= 0 ? a[tIdx + 1] : 'http_forward';
+                const headers = {};
+                for (let j = 0; j < a.length - 1; j++) {
+                    if (a[j] === '--header') {
+                        const h = a[j + 1];
+                        const c = h.indexOf(':');
+                        if (c > 0)
+                            headers[h.slice(0, c).trim()] = h.slice(c + 1).trim();
+                    }
+                }
+                out[name] = {
+                    type: kind === 'sse_bridge' ? 'sse' : 'http', url: a[urlIdx + 1],
+                    ...(Object.keys(headers).length ? { headers } : {}),
+                    ...(cfg.env ? { env: cfg.env } : {}),
+                };
+            }
+            else { // stdio server
+                const i = a.indexOf('--');
+                const realArgs = i >= 0 ? a.slice(i + 1) : [];
+                out[name] = { command: realArgs[0], ...(realArgs.length > 1 ? { args: realArgs.slice(1) } : {}), ...(cfg.env ? { env: cfg.env } : {}) };
+            }
+            wrapped.push(name);
+        }
+        else {
+            out[name] = cfg;
+        }
+    }
+    return { obj: { ...obj, [key]: out }, wrapped, skipped };
+}
+const BACKUP = '.guardion.bak';
+/** Protect a single config file (backup + rewrite). Best-effort; never throws. */
+export function protectFile(app, file, dryRun = false, opts = {}) {
+    try {
+        if (!fs.existsSync(file))
+            return { app, path: file, wrapped: [], skipped: [], error: 'not found' };
+        const obj = JSON.parse(fs.readFileSync(file, 'utf8'));
+        const { obj: next, wrapped, skipped } = rewriteServers(obj, opts);
+        if (wrapped.length && !dryRun) {
+            if (!fs.existsSync(file + BACKUP))
+                fs.copyFileSync(file, file + BACKUP);
+            fs.writeFileSync(file, JSON.stringify(next, null, 2) + '\n');
+        }
+        return { app, path: file, wrapped, skipped };
+    }
+    catch (e) {
+        return { app, path: file, wrapped: [], skipped: [], error: e.message };
+    }
+}
+/** Revert a single config file from its backup (or unwrap in place). */
+export function revertFile(app, file) {
+    try {
+        if (fs.existsSync(file + BACKUP)) {
+            fs.copyFileSync(file + BACKUP, file);
+            fs.unlinkSync(file + BACKUP);
+            return { app, path: file, wrapped: ['(restored from backup)'], skipped: [] };
+        }
+        if (!fs.existsSync(file))
+            return { app, path: file, wrapped: [], skipped: [], error: 'not found' };
+        const obj = JSON.parse(fs.readFileSync(file, 'utf8'));
+        const { obj: next, wrapped } = unwrapServers(obj);
+        if (wrapped.length)
+            fs.writeFileSync(file, JSON.stringify(next, null, 2) + '\n');
+        return { app, path: file, wrapped, skipped: [] };
+    }
+    catch (e) {
+        return { app, path: file, wrapped: [], skipped: [], error: e.message };
+    }
+}
+/** Protect (or --revert) every discovered agent-app MCP config. */
+export function protectAll(opts = {}) {
+    return knownAppConfigs()
+        .filter((c) => fs.existsSync(c.path))
+        .map((c) => (opts.revert ? revertFile(c.app, c.path) : protectFile(c.app, c.path, opts.dryRun, opts)));
+}
+//# sourceMappingURL=mcp-protect.js.map

package/dist/core/mcp-protect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-protect.js","sourceRoot":"","sources":["../../core/mcp-protect.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,8EAA8E;AAC9E,iFAAiF;AACjF,qEAAqE;AACrE,yEAAyE;AACzE,kEAAkE;AAClE,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAQzC,2FAA2F;AAC3F,MAAM,CAAC,MAAM,OAAO,GAAG,oBAAoB,CAAC;AAE5C,mGAAmG;AACnG,MAAM,UAAU,cAAc;IAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;AACzF,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,eAAe,CAAC,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC,CAAC,QAAQ;IAC1E,OAAO;QACL,EAAE,GAAG,EAAE,gBAAgB,EAAG,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,4BAA4B,CAAC,EAAE;QAC3F,EAAE,GAAG,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;QAC1E,EAAE,GAAG,EAAE,QAAQ,EAAW,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;QACxE,EAAE,GAAG,EAAE,UAAU,EAAS,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,iBAAiB,CAAC,EAAE;QAC5F,EAAE,GAAG,EAAE,OAAO,EAAY,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,wBAAwB,EAAE,UAAU,EAAE,yBAAyB,CAAC,EAAE;QACrJ,EAAE,GAAG,EAAE,aAAa,EAAM,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE;QACjE,EAAE,GAAG,EAAE,mBAAmB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;QACzE,EAAE,GAAG,EAAE,mBAAmB,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE;KAChE,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,UAAU,CAAC,GAAQ;IACjC,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,YAAY,CAAC;IACnE,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC7D,OAAO,IAAI,CAAC;AACd,CAAC;AAED;qFACqF;AACrF,MAAM,UAAU,SAAS,CAAC,GAAiB,EAAE,UAAU,GAAG,cAAc,EAAE;IACxE,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACnD,OAAO,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;WAC/B,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;WAC1B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AACtF,CAAC;AAED,qFAAqF;AACrF,MAAM,UAAU,YAAY,CAAC,GAAiB;IAC5C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,KAAK,IAAI,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,YAAY,CAAC;IACtE,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,4EAA4E;AAC5E,SAAS,WAAW,CAAC,OAAgC;IACnD,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACvD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;QAAE,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACjF,OAAO,GAAG,CAAC;AACb,CAAC;AAaD;;;;gEAIgE;AAChE,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,QAAsB,EAAE,OAAiB,EAAE;IAClF,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,KAAK,CAAC;IAChC,MAAM,QAAQ,GAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;IAC9D,IAAI,IAAI,CAAC,MAAM;QAAE,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC;QACjB,QAAQ,CAAC,IAAI,CAAC,aAAa,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,GAAG,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACxH,CAAC;SAAM,CAAC;QACN,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,OAAiB,EAAE,GAAG,CAAE,QAAQ,CAAC,IAAiB,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK;QACvB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC,UAAU,IAAI,cAAc,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE;QACzG,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;IAClE,OAAO,EAAE,GAAG,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;AACvE,CAAC;AAID;;6DAE6D;AAC7D,MAAM,UAAU,cAAc,CAAC,GAAQ,EAAE,OAAiB,EAAE;IAC1D,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,OAAO,GAAa,EAAE,CAAC;IAAC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAiC,CAAC;IACzD,MAAM,GAAG,GAAiC,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;YAAC,SAAS;QAAC,CAAC;QACnE,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;YAAC,SAAS;QAAC,CAAC,CAAC,oBAAoB;QACvE,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;YAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAAC,SAAS;QAAC,CAAC;QAChF,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACxC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC3D,CAAC;AAED,uFAAuF;AACvF,MAAM,UAAU,aAAa,CAAC,GAAQ,EAAE,UAAU,GAAG,cAAc,EAAE;IACnE,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,OAAO,GAAa,EAAE,CAAC;IAAC,MAAM,OAAO,GAAa,EAAE,CAAC;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAiC,CAAC;IACzD,MAAM,GAAG,GAAiC,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,IAAI,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,GAAI,GAAG,CAAC,IAAiB,IAAI,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,MAAM,IAAI,CAAC,EAAE,CAAC,CAAmC,yCAAyC;gBAC5F,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBACtC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC;gBACtD,MAAM,OAAO,GAA2B,EAAE,CAAC;gBAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBACtC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;wBAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;wBAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;wBAAC,IAAI,CAAC,GAAG,CAAC;4BAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAAC,CAAC;gBAC9I,CAAC;gBACD,GAAG,CAAC,IAAI,CAAC,GAAG;oBACV,IAAI,EAAE,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;oBAChE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACnD,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrC,CAAC;YACJ,CAAC;iBAAM,CAAC,CAA6C,eAAe;gBAClE,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC1B,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9C,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;YAC1I,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;aAAM,CAAC;YAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAC,CAAC;IAC7B,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,EAAE,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC3D,CAAC;AAED,MAAM,MAAM,GAAG,eAAe,CAAC;AAI/B,kFAAkF;AAClF,MAAM,UAAU,WAAW,CAAC,GAAW,EAAE,IAAY,EAAE,MAAM,GAAG,KAAK,EAAE,OAAiB,EAAE;IACxF,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;QACnG,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QACtD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClE,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,GAAG,MAAM,CAAC;gBAAE,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAAC,CAAC;YACxE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAC/C,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IACzE,CAAC;AACH,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,UAAU,CAAC,GAAW,EAAE,IAAY;IAClD,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC;YACjC,EAAE,CAAC,YAAY,CAAC,IAAI,GAAG,MAAM,EAAE,IAAI,CAAC,CAAC;YACrC,EAAE,CAAC,UAAU,CAAC,IAAI,GAAG,MAAM,CAAC,CAAC;YAC7B,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,wBAAwB,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;QACnG,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QACtD,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,OAAO,CAAC,MAAM;YAAE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACjF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACnD,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IACzE,CAAC;AACH,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,UAAU,CACxB,OAA0D,EAAE;IAE5D,OAAO,eAAe,EAAE;SACrB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;SACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3G,CAAC"}

package/dist/core/mcp-scan.d.ts

@@ -0,0 +1,40 @@
+import { type ScannedTool } from './inventory.js';
+export interface McpServerConfig {
+    type?: string;
+    command?: string;
+    args?: string[];
+    env?: Record<string, string>;
+    url?: string;
+    headers?: Record<string, string>;
+}
+interface McpTool {
+    name: string;
+    description?: string;
+    inputSchema?: any;
+}
+/** Read configured MCP servers (name → raw config) from settings.json / .mcp.json. */
+export declare function discoverMcpServers(cwd: string): Record<string, McpServerConfig>;
+/** JSON-Schema inputSchema → our {name,type,description} param list (for schema_hash). */
+export declare function inputSchemaToParams(schema: any): Array<{
+    name: string;
+    type?: string;
+    description?: string;
+}>;
+/** stdio MCP client: spawn the server, handshake, tools/list. Never throws. */
+export declare function fetchToolsStdio(cfg: McpServerConfig, timeoutMs?: number): Promise<McpTool[]>;
+/** http (Streamable HTTP) MCP client — best-effort JSON; handles SSE-wrapped replies. */
+export declare function fetchToolsHttp(cfg: McpServerConfig, timeoutMs?: number): Promise<McpTool[]>;
+export interface McpScanResult {
+    server: string;
+    tools: ScannedTool[];
+    error?: string;
+}
+/** Connect to every configured MCP server and collect its live tools as ScannedTool[]. */
+export declare function mcpScan(cwd: string, timeoutMs?: number): Promise<McpScanResult[]>;
+/** Fingerprint+pin (P1) and submit the live tools to Guard for poisoning/rug-pull. */
+export declare function submitMcpScan(apiUrl: string, token: string, results: McpScanResult[], policy?: string, application?: string): Promise<{
+    status: number;
+    count: number;
+}>;
+export {};
+//# sourceMappingURL=mcp-scan.d.ts.map

package/dist/core/mcp-scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-scan.d.ts","sourceRoot":"","sources":["../../core/mcp-scan.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,KAAK,WAAW,EAAiC,MAAM,gBAAgB,CAAC;AAEjF,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,UAAU,OAAO;IAAG,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,GAAG,CAAA;CAAE;AAE3E,sFAAsF;AACtF,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAmB/E;AAED,0FAA0F;AAC1F,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAO7G;AASD,+EAA+E;AAC/E,wBAAgB,eAAe,CAAC,GAAG,EAAE,eAAe,EAAE,SAAS,SAAO,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAkC1F;AAED,yFAAyF;AACzF,wBAAgB,cAAc,CAAC,GAAG,EAAE,eAAe,EAAE,SAAS,SAAO,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CA0CzF;AAQD,MAAM,WAAW,aAAa;IAAG,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,WAAW,EAAE,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE;AAEvF,0FAA0F;AAC1F,wBAAsB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,SAAO,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAiBrF;AAED,sFAAsF;AACtF,wBAAsB,aAAa,CACjC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAC7F,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAK5C"}