@hasna/mcps 0.0.13 → 0.0.15

package/dist/index.js

@@ -9451,6 +9451,85 @@ var init_config2 = __esm(() => {
   DB_PATH = process.env.HASNA_MCPS_DB_PATH ?? process.env.MCPS_DB_PATH ?? join5(MCPS_DIR, "registry.db");
 });
 
+// src/lib/provider-profile-seeds.ts
+var DEFAULT_PROVIDER_PROFILE_SEEDS;
+var init_provider_profile_seeds = __esm(() => {
+  DEFAULT_PROVIDER_PROFILE_SEEDS = [
+    {
+      id: "notion",
+      displayName: "Notion",
+      description: "Connect a Notion workspace so agents can search, read, create, and update workspace content.",
+      endpoint: "https://mcp.notion.com/mcp",
+      transport: "streamable-http",
+      fallbackEndpoints: [
+        {
+          transport: "sse",
+          url: "https://mcp.notion.com/sse",
+          notes: "Fallback for clients that do not support Streamable HTTP."
+        }
+      ],
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.0",
+        pkce: true,
+        dynamicClientRegistration: true,
+        bearerToken: "none",
+        notes: "Remote Notion MCP uses OAuth with PKCE. Bearer-token authentication is only appropriate for self-hosted/local fallback deployments."
+      },
+      tokenMode: "workspace",
+      installFallback: {
+        command: "npx",
+        args: ["-y", "mcp-remote", "https://mcp.notion.com/sse", "--transport", "sse-only"],
+        packageName: "mcp-remote",
+        url: "https://mcp.notion.com/sse"
+      },
+      docsUrl: "https://developers.notion.com/guides/mcp/build-mcp-client",
+      safety: {
+        requiresApproval: true,
+        dataClasses: ["workspace_content", "pages", "databases", "comments"],
+        notes: "Connected agents operate with the authorizing user's workspace access. Human confirmation is recommended for write-capable workflows."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://developers.notion.com/guides/mcp/build-mcp-client",
+        verifiedAt: "2026-05-10"
+      }
+    },
+    {
+      id: "linear",
+      displayName: "Linear",
+      description: "Connect Linear so agents can find, create, and update issues, projects, comments, and related workspace objects.",
+      endpoint: "https://mcp.linear.app/mcp",
+      transport: "streamable-http",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.1",
+        dynamicClientRegistration: true,
+        bearerToken: "optional",
+        notes: "Linear supports interactive OAuth 2.1 with dynamic client registration and optional Authorization: Bearer tokens for OAuth tokens or API keys."
+      },
+      tokenMode: "workspace",
+      installFallback: {
+        command: "npx",
+        args: ["-y", "mcp-remote", "https://mcp.linear.app/mcp"],
+        packageName: "mcp-remote",
+        url: "https://mcp.linear.app/mcp"
+      },
+      docsUrl: "https://linear.app/docs/mcp",
+      safety: {
+        requiresApproval: true,
+        dataClasses: ["issues", "projects", "comments", "teams", "users"],
+        notes: "Linear tools can create and update workspace objects, so write actions should be policy-gated by the platform."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://linear.app/docs/mcp",
+        verifiedAt: "2026-05-10"
+      }
+    }
+  ];
+});
+
 // src/lib/db.ts
 import { mkdirSync as mkdirSync5 } from "fs";
 function getDb() {
@@ -9536,6 +9615,50 @@ function getDb() {
         ('github-mcp-topic', 'GitHub MCP Topic', 'github-topic', 'https://api.github.com/search/repositories', 'GitHub repositories tagged with mcp-server topic')
     `);
   }
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS provider_profiles (
+      id TEXT PRIMARY KEY,
+      display_name TEXT NOT NULL,
+      description TEXT,
+      endpoint TEXT,
+      transport TEXT NOT NULL,
+      fallback_endpoints TEXT NOT NULL DEFAULT '[]',
+      auth_type TEXT NOT NULL,
+      auth_metadata TEXT NOT NULL DEFAULT '{}',
+      scopes TEXT NOT NULL DEFAULT '[]',
+      token_mode TEXT NOT NULL DEFAULT 'none',
+      install_fallback TEXT NOT NULL DEFAULT '{}',
+      docs_url TEXT,
+      safety TEXT NOT NULL DEFAULT '{}',
+      provenance TEXT NOT NULL DEFAULT '{"source":"manual"}',
+      enabled INTEGER NOT NULL DEFAULT 1,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )
+  `);
+  try {
+    db.exec("ALTER TABLE provider_profiles ADD COLUMN fallback_endpoints TEXT NOT NULL DEFAULT '[]'");
+  } catch {}
+  try {
+    db.exec("ALTER TABLE provider_profiles ADD COLUMN auth_metadata TEXT NOT NULL DEFAULT '{}'");
+  } catch {}
+  db.exec("CREATE INDEX IF NOT EXISTS idx_provider_profiles_enabled ON provider_profiles(enabled)");
+  const providerProfileCount = db.query("SELECT COUNT(*) as c FROM provider_profiles").get().c;
+  if (providerProfileCount === 0) {
+    const insertProviderProfile = db.prepare(`
+      INSERT OR IGNORE INTO provider_profiles (
+        id, display_name, description, endpoint, transport, fallback_endpoints,
+        auth_type, auth_metadata, scopes, token_mode, install_fallback,
+        docs_url, safety, provenance, enabled
+      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `);
+    const run = db.transaction(() => {
+      for (const profile of DEFAULT_PROVIDER_PROFILE_SEEDS) {
+        insertProviderProfile.run(profile.id, profile.displayName, profile.description ?? null, profile.endpoint ?? null, profile.transport, JSON.stringify(profile.fallbackEndpoints ?? []), profile.authType, JSON.stringify(profile.authMetadata ?? {}), JSON.stringify(profile.scopes ?? []), profile.tokenMode ?? "none", JSON.stringify(profile.installFallback ?? null), profile.docsUrl ?? null, JSON.stringify(profile.safety ?? {}), JSON.stringify(profile.provenance), profile.enabled === false ? 0 : 1);
+      }
+    });
+    run();
+  }
   db.exec(`
     CREATE TABLE IF NOT EXISTS feedback (
       id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
@@ -9560,6 +9683,7 @@ var db = null, _adapter = null;
 var init_db = __esm(() => {
   init_dist();
   init_config2();
+  init_provider_profile_seeds();
 });
 
 // node_modules/ajv/dist/compile/codegen/code.js
@@ -25118,6 +25242,185 @@ class StreamableHTTPClientTransport {
 // src/lib/proxy.ts
 init_config2();
 init_db();
+
+// src/lib/local-command-consent.ts
+class LocalCommandConsentError extends Error {
+  review;
+  constructor(message, review) {
+    super(message);
+    this.name = "LocalCommandConsentError";
+    this.review = review;
+  }
+}
+var SHELL_COMMANDS = new Set(["bash", "sh", "zsh", "fish", "cmd", "cmd.exe", "powershell", "powershell.exe", "pwsh"]);
+var DESTRUCTIVE_COMMANDS = new Set([
+  "rm",
+  "dd",
+  "mkfs",
+  "shutdown",
+  "reboot",
+  "poweroff",
+  "halt",
+  "killall",
+  "pkill"
+]);
+var SHELL_EVAL_FLAGS = new Set(["-c", "/c", "-Command", "-command", "-EncodedCommand", "-encodedcommand"]);
+var SECRET_FLAG_PATTERN = /(?:^|[-_])(api[-_]?key|token|secret|password|passwd|credential|auth|private[-_]?key)(?:$|[-_])/i;
+var SECRET_KEY_PATTERN = /(?:^|[_-])(api[_-]?key|token|secret|password|passwd|credential|auth|private[_-]?key)(?:$|[_-])/i;
+var SECRET_VALUE_PATTERN = /^(sk_(?:live|test)_[A-Za-z0-9_]+|ghp_[A-Za-z0-9_]+|github_pat_[A-Za-z0-9_]+|xox[baprs]-[A-Za-z0-9-]+|AIza[A-Za-z0-9_-]{20,}|eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)$/;
+var SHELL_META_PATTERN = /[;&|`<>]|\$\(/;
+function commandBase(command) {
+  return command.trim().split(/[\\/]/).pop()?.toLowerCase() || command.trim().toLowerCase();
+}
+function normalizeArgs(args) {
+  return (args ?? []).map((arg) => String(arg));
+}
+function isSecretKey(key) {
+  return SECRET_KEY_PATTERN.test(key) || SECRET_FLAG_PATTERN.test(key);
+}
+function isSecretValue(value) {
+  return SECRET_VALUE_PATTERN.test(value.trim());
+}
+function isSecretAssignment(arg) {
+  const eqIdx = arg.indexOf("=");
+  if (eqIdx <= 0)
+    return false;
+  const key = arg.slice(0, eqIdx);
+  const value = arg.slice(eqIdx + 1);
+  return isSecretKey(key) || isSecretValue(value);
+}
+function isSecretArg(args, index) {
+  const arg = args[index] ?? "";
+  const previous = args[index - 1] ?? "";
+  return isSecretAssignment(arg) || isSecretValue(arg) || SECRET_FLAG_PATTERN.test(previous);
+}
+function quoteArg(value) {
+  return JSON.stringify(value);
+}
+function displayCommand(command, args) {
+  return [quoteArg(command), ...args.map((arg, index) => quoteArg(isSecretArg(args, index) ? "<redacted>" : arg))].join(" ");
+}
+function pushRisk(risks, risk) {
+  if (risks.some((existing) => existing.code === risk.code && existing.evidence === risk.evidence))
+    return;
+  risks.push(risk);
+}
+function inspectRisks(command, args, env) {
+  const risks = [];
+  const base = commandBase(command);
+  const joined = [command, ...args].join(" ");
+  if (SHELL_COMMANDS.has(base)) {
+    pushRisk(risks, {
+      code: "shell_interpreter",
+      severity: "warning",
+      message: "Command launches a shell interpreter.",
+      evidence: base
+    });
+    if (args.some((arg) => SHELL_EVAL_FLAGS.has(arg))) {
+      pushRisk(risks, {
+        code: "shell_eval",
+        severity: "danger",
+        message: "Shell command evaluates an inline script.",
+        evidence: base
+      });
+    }
+  }
+  if (base === "sudo") {
+    pushRisk(risks, {
+      code: "privilege_escalation",
+      severity: "danger",
+      message: "Command requests elevated privileges.",
+      evidence: base
+    });
+  }
+  if (DESTRUCTIVE_COMMANDS.has(base) || /\brm\s+-[^\s]*[rf][^\s]*\b/.test(joined) || /--no-preserve-root\b/.test(joined)) {
+    pushRisk(risks, {
+      code: "destructive_command",
+      severity: "danger",
+      message: "Command includes a destructive system operation.",
+      evidence: base
+    });
+  }
+  if (/\b(curl|wget)\b[\s\S]*\|[\s\S]*\b(sh|bash|zsh|fish)\b/.test(joined)) {
+    pushRisk(risks, {
+      code: "download_pipe_shell",
+      severity: "danger",
+      message: "Command downloads remote content and pipes it to a shell."
+    });
+  }
+  if ([command, ...args].some((part) => SHELL_META_PATTERN.test(part))) {
+    pushRisk(risks, {
+      code: "shell_metacharacters",
+      severity: "warning",
+      message: "Command or arguments contain shell metacharacters."
+    });
+  }
+  if (args.some((arg, index) => isSecretArg(args, index))) {
+    pushRisk(risks, {
+      code: "inline_secret",
+      severity: "danger",
+      message: "Command arguments appear to contain inline secret material."
+    });
+  }
+  const secretEnvKeys = Object.keys(env).filter(isSecretKey).sort();
+  if (secretEnvKeys.length > 0) {
+    pushRisk(risks, {
+      code: "secret_env",
+      severity: "warning",
+      message: "Environment contains secret-like keys; values are redacted from consent output.",
+      evidence: secretEnvKeys.join(", ")
+    });
+  }
+  return risks;
+}
+function inspectLocalCommand(input) {
+  const args = normalizeArgs(input.args);
+  const env = input.env ?? {};
+  const transport = input.transport ?? "stdio";
+  const risks = inspectRisks(input.command, args, env);
+  return {
+    requiresConsent: transport === "stdio",
+    operation: input.operation ?? "launch",
+    command: input.command,
+    args,
+    displayCommand: displayCommand(input.command, args),
+    envKeys: Object.keys(env).sort(),
+    risks,
+    hasDangerousRisk: risks.some((risk) => risk.severity === "danger")
+  };
+}
+function formatLocalCommandReview(review) {
+  const lines = [
+    `Command: ${review.displayCommand}`,
+    review.envKeys.length > 0 ? `Env keys: ${review.envKeys.join(", ")}` : "Env keys: <none>"
+  ];
+  if (review.risks.length > 0) {
+    lines.push("Risks:");
+    for (const risk of review.risks) {
+      lines.push(`- ${risk.severity}: ${risk.code} - ${risk.message}${risk.evidence ? ` (${risk.evidence})` : ""}`);
+    }
+  } else {
+    lines.push("Risks: none detected");
+  }
+  return lines.join(`
+`);
+}
+function assertLocalCommandConsent(input, consent = {}) {
+  const review = inspectLocalCommand(input);
+  if (!review.requiresConsent)
+    return review;
+  if (consent.approved !== true) {
+    throw new LocalCommandConsentError(`local stdio command approval is required before ${review.operation}.
+${formatLocalCommandReview(review)}`, review);
+  }
+  if (review.hasDangerousRisk && consent.allowRisky !== true) {
+    throw new LocalCommandConsentError(`risky command approval is required before ${review.operation}.
+${formatLocalCommandReview(review)}`, review);
+  }
+  return review;
+}
+
+// src/lib/proxy.ts
 var connections = new Map;
 var inflightConnections = new Map;
 function buildEnv(extra) {
@@ -25143,7 +25446,7 @@ function requireUrl(entry) {
     throw new Error(`Server "${entry.id}" has an invalid URL: ${entry.url}`);
   }
 }
-async function connectToServer(entry) {
+async function connectToServer(entry, options = {}) {
   if (connections.has(entry.id)) {
     return connections.get(entry.id);
   }
@@ -25159,6 +25462,13 @@ async function connectToServer(entry) {
         if (!entry.command?.trim()) {
           throw new Error(`Server "${entry.id}" is missing a command`);
         }
+        assertLocalCommandConsent({
+          command: entry.command,
+          args: entry.args,
+          env: entry.env,
+          transport: entry.transport,
+          operation: "launch"
+        }, options.localCommandConsent);
         transport = new StdioClientTransport({
           command: entry.command,
           args: entry.args,
@@ -25294,13 +25604,28 @@ async function refreshTools(id) {
 }
 
 // src/lib/doctor.ts
-async function diagnoseServer(server) {
+async function diagnoseServer(server, options = {}) {
   const checks3 = [];
+  let hasLocalConsent = true;
   if (server.transport === "stdio") {
+    try {
+      assertLocalCommandConsent({
+        command: server.command,
+        args: server.args,
+        env: server.env,
+        transport: server.transport,
+        operation: "diagnose"
+      }, options.localCommandConsent);
+    } catch (err) {
+      hasLocalConsent = false;
+      checks3.push({ name: "local command consent", pass: false, message: err.message });
+    }
     try {
       const path = execFileSync("which", [server.command], { stdio: "pipe" }).toString().trim();
       let version2 = "";
       try {
+        if (!hasLocalConsent)
+          throw new Error("local stdio command approval is required before version probing");
         version2 = execFileSync(server.command, ["--version"], { stdio: "pipe" }).toString().trim().split(`
 `)[0];
       } catch {}
@@ -25331,10 +25656,10 @@ async function diagnoseServer(server) {
       checks3.push({ name: "URL reachable", pass: false, message: `unreachable: ${err.message}` });
     }
   }
-  if (server.enabled) {
+  if (server.enabled && hasLocalConsent) {
     try {
       await Promise.race([
-        connectToServer(server),
+        connectToServer(server, { localCommandConsent: options.localCommandConsent }),
         new Promise((_, reject) => setTimeout(() => reject(new Error("timeout after 10s")), 1e4))
       ]);
       await disconnectServer(server.id);
@@ -25342,8 +25667,10 @@ async function diagnoseServer(server) {
     } catch (err) {
       checks3.push({ name: "connect & list tools", pass: false, message: err.message });
     }
-  } else {
+  } else if (!server.enabled) {
     checks3.push({ name: "connect & list tools", pass: true, message: "skipped (server disabled)" });
+  } else {
+    checks3.push({ name: "connect & list tools", pass: false, message: "skipped until local stdio command is approved" });
   }
   return {
     server,
@@ -25383,7 +25710,7 @@ async function getRegistryServer(id) {
   const all = entries.map(parseRegistryEntry);
   return all.find((s) => s.id === id) || null;
 }
-async function installFromRegistry(id) {
+async function installFromRegistry(id, options = {}) {
   const server = await getRegistryServer(id);
   if (!server) {
     throw new Error(`Server "${id}" not found in registry`);
@@ -25403,6 +25730,13 @@ async function installFromRegistry(id) {
       transport = pkg.transport.type;
     }
   }
+  assertLocalCommandConsent({
+    command,
+    args,
+    transport,
+    env: {},
+    operation: "register"
+  }, options.localCommandConsent);
   return addServer({
     name: server.name,
     description: server.description,
@@ -25425,6 +25759,250 @@ async function listAwesomeServers() {
 // src/index.ts
 init_sources();
 
+// src/lib/provider-profiles.ts
+init_db();
+init_provider_profile_seeds();
+var TRANSPORTS = new Set(["stdio", "sse", "streamable-http"]);
+var AUTH_TYPES = new Set(["none", "oauth2", "api_key", "bearer_token", "custom"]);
+var TOKEN_MODES = new Set(["none", "user", "workspace", "service"]);
+var BEARER_TOKEN_MODES = new Set(["none", "optional", "required"]);
+var PROVENANCE_SOURCES = new Set(["curated", "official-registry", "npm", "github", "manual"]);
+function safeJsonParse2(value, fallback) {
+  if (typeof value !== "string")
+    return fallback;
+  try {
+    return JSON.parse(value);
+  } catch {
+    return fallback;
+  }
+}
+function normalizeString(value) {
+  const trimmed = value?.trim();
+  return trimmed ? trimmed : null;
+}
+function normalizeId(id) {
+  const normalized = id.trim().toLowerCase();
+  if (!/^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/.test(normalized)) {
+    throw new Error("Provider profile id must be lowercase kebab-case");
+  }
+  return normalized;
+}
+function normalizeScopes(scopes) {
+  const seen = new Set;
+  const normalized = [];
+  for (const scope of scopes ?? []) {
+    const trimmed = scope.trim();
+    if (!trimmed || seen.has(trimmed))
+      continue;
+    seen.add(trimmed);
+    normalized.push(trimmed);
+  }
+  return normalized;
+}
+function assertKnown(value, allowed, label) {
+  if (!allowed.has(value))
+    throw new Error(`Unknown provider profile ${label}: ${value}`);
+  return value;
+}
+function normalizeProvenance(provenance) {
+  const source = assertKnown(provenance.source, PROVENANCE_SOURCES, "provenance source");
+  return {
+    source,
+    sourceUrl: normalizeString(provenance.sourceUrl) ?? undefined,
+    repositoryUrl: normalizeString(provenance.repositoryUrl) ?? undefined,
+    packageName: normalizeString(provenance.packageName) ?? undefined,
+    verifiedAt: normalizeString(provenance.verifiedAt) ?? undefined
+  };
+}
+function normalizeInstallFallback(fallback) {
+  if (!fallback)
+    return null;
+  const normalized = {
+    command: normalizeString(fallback.command) ?? undefined,
+    args: Array.isArray(fallback.args) ? fallback.args.map((arg) => arg.trim()).filter(Boolean) : undefined,
+    env: fallback.env && Object.keys(fallback.env).length > 0 ? fallback.env : undefined,
+    packageName: normalizeString(fallback.packageName) ?? undefined,
+    registryId: normalizeString(fallback.registryId) ?? undefined,
+    url: normalizeString(fallback.url) ?? undefined
+  };
+  return Object.values(normalized).some((value) => value !== undefined) ? normalized : null;
+}
+function normalizeFallbackEndpoints(fallbacks) {
+  const seen = new Set;
+  const normalized = [];
+  for (const fallback of fallbacks ?? []) {
+    const transport = assertKnown(fallback.transport, TRANSPORTS, "fallback transport");
+    const url2 = normalizeString(fallback.url);
+    if (!url2)
+      continue;
+    const key = `${transport}:${url2}`;
+    if (seen.has(key))
+      continue;
+    seen.add(key);
+    normalized.push({
+      transport,
+      url: url2,
+      notes: normalizeString(fallback.notes) ?? undefined
+    });
+  }
+  return normalized;
+}
+function normalizeAuthMetadata(authMetadata) {
+  const bearerToken = authMetadata?.bearerToken ? assertKnown(authMetadata.bearerToken, BEARER_TOKEN_MODES, "bearer token mode") : undefined;
+  return {
+    oauthVersion: authMetadata?.oauthVersion,
+    pkce: authMetadata?.pkce,
+    dynamicClientRegistration: authMetadata?.dynamicClientRegistration,
+    bearerToken,
+    notes: normalizeString(authMetadata?.notes) ?? undefined
+  };
+}
+function parseRow2(row) {
+  const installFallback = safeJsonParse2(row.install_fallback, null);
+  return {
+    id: row.id,
+    displayName: row.display_name,
+    description: row.description || null,
+    endpoint: row.endpoint || null,
+    transport: row.transport,
+    fallbackEndpoints: safeJsonParse2(row.fallback_endpoints, []),
+    authType: row.auth_type,
+    authMetadata: safeJsonParse2(row.auth_metadata, {}),
+    scopes: safeJsonParse2(row.scopes, []),
+    tokenMode: row.token_mode,
+    installFallback,
+    docsUrl: row.docs_url || null,
+    safety: safeJsonParse2(row.safety, {}),
+    provenance: safeJsonParse2(row.provenance, { source: "manual" }),
+    enabled: row.enabled === 1 || row.enabled === true,
+    created_at: row.created_at,
+    updated_at: row.updated_at
+  };
+}
+function upsertProviderProfile(opts) {
+  const db2 = getDb();
+  const id = normalizeId(opts.id);
+  const displayName = normalizeString(opts.displayName);
+  if (!displayName)
+    throw new Error("Provider profile displayName is required");
+  const transport = assertKnown(opts.transport, TRANSPORTS, "transport");
+  const fallbackEndpoints = normalizeFallbackEndpoints(opts.fallbackEndpoints);
+  const authType = assertKnown(opts.authType, AUTH_TYPES, "auth type");
+  const authMetadata = normalizeAuthMetadata(opts.authMetadata);
+  const tokenMode = assertKnown(opts.tokenMode ?? "none", TOKEN_MODES, "token mode");
+  const scopes = normalizeScopes(opts.scopes);
+  const installFallback = normalizeInstallFallback(opts.installFallback);
+  const provenance = normalizeProvenance(opts.provenance);
+  const safety = opts.safety ?? {};
+  const enabled = opts.enabled === false ? 0 : 1;
+  const row = db2.prepare(`INSERT INTO provider_profiles (
+         id, display_name, description, endpoint, transport, fallback_endpoints, auth_type, auth_metadata, scopes,
+         token_mode, install_fallback, docs_url, safety, provenance, enabled
+       )
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+       ON CONFLICT(id) DO UPDATE SET
+         display_name = excluded.display_name,
+         description = excluded.description,
+         endpoint = excluded.endpoint,
+         transport = excluded.transport,
+         fallback_endpoints = excluded.fallback_endpoints,
+         auth_type = excluded.auth_type,
+         auth_metadata = excluded.auth_metadata,
+         scopes = excluded.scopes,
+         token_mode = excluded.token_mode,
+         install_fallback = excluded.install_fallback,
+         docs_url = excluded.docs_url,
+         safety = excluded.safety,
+         provenance = excluded.provenance,
+         enabled = excluded.enabled,
+         updated_at = datetime('now')
+       RETURNING *`).get(id, displayName, normalizeString(opts.description), normalizeString(opts.endpoint), transport, JSON.stringify(fallbackEndpoints), authType, JSON.stringify(authMetadata), JSON.stringify(scopes), tokenMode, JSON.stringify(installFallback), normalizeString(opts.docsUrl), JSON.stringify(safety), JSON.stringify(provenance), enabled);
+  return parseRow2(row);
+}
+function listProviderProfiles(options = {}) {
+  const db2 = getDb();
+  const sql = options.enabledOnly ? "SELECT * FROM provider_profiles WHERE enabled = 1 ORDER BY display_name" : "SELECT * FROM provider_profiles ORDER BY display_name";
+  return db2.prepare(sql).all().map(parseRow2);
+}
+function searchProviderProfiles(query, options = {}) {
+  const normalizedQuery = query.trim().toLowerCase();
+  if (!normalizedQuery)
+    return listProviderProfiles(options);
+  return listProviderProfiles(options).filter((profile) => {
+    const searchable = [
+      profile.id,
+      profile.displayName,
+      profile.description ?? "",
+      profile.endpoint ?? "",
+      profile.docsUrl ?? "",
+      profile.provenance.sourceUrl ?? "",
+      profile.provenance.packageName ?? ""
+    ].join(`
+`).toLowerCase();
+    return searchable.includes(normalizedQuery);
+  });
+}
+function getProviderProfile(id) {
+  const db2 = getDb();
+  const row = db2.prepare("SELECT * FROM provider_profiles WHERE id = ?").get(normalizeId(id));
+  return row ? parseRow2(row) : null;
+}
+function removeProviderProfile(id) {
+  const db2 = getDb();
+  db2.prepare("DELETE FROM provider_profiles WHERE id = ?").run(normalizeId(id));
+}
+function enableProviderProfile(id) {
+  return setProviderProfileEnabled(id, true);
+}
+function disableProviderProfile(id) {
+  return setProviderProfileEnabled(id, false);
+}
+function seedDefaultProviderProfiles() {
+  return DEFAULT_PROVIDER_PROFILE_SEEDS.map((profile) => upsertProviderProfile(profile));
+}
+function installProviderProfile(id, options = {}) {
+  const profile = getProviderProfile(id);
+  if (!profile)
+    throw new Error(`Provider profile "${id}" not found`);
+  if (!profile.enabled)
+    throw new Error(`Provider profile "${id}" is disabled`);
+  const fallback = profile.installFallback;
+  const useFallback = options.useFallback || !profile.endpoint;
+  const command = useFallback ? fallback?.command : fallback?.command ?? "npx";
+  const args = useFallback ? fallback?.args ?? [] : fallback?.args ?? [];
+  if (!command) {
+    throw new Error(`Provider profile "${id}" does not define an install fallback command`);
+  }
+  assertLocalCommandConsent({
+    command,
+    args,
+    env: fallback?.env ?? {},
+    transport: useFallback ? "stdio" : profile.transport,
+    operation: "register"
+  }, options.localCommandConsent);
+  return addServer({
+    name: options.name ?? profile.displayName,
+    description: profile.description ?? undefined,
+    command,
+    args,
+    env: fallback?.env,
+    transport: useFallback ? "stdio" : profile.transport,
+    url: useFallback ? fallback?.url : profile.endpoint ?? undefined,
+    source: "provider-profile"
+  });
+}
+function setProviderProfileEnabled(id, enabled) {
+  const db2 = getDb();
+  const row = db2.prepare("UPDATE provider_profiles SET enabled = ?, updated_at = datetime('now') WHERE id = ? RETURNING *").get(enabled ? 1 : 0, normalizeId(id));
+  if (!row) {
+    throw new Error(`Provider profile "${id}" not found`);
+  }
+  return parseRow2(row);
+}
+
+// src/index.ts
+init_provider_profile_seeds();
+
 // src/lib/install.ts
 import { execFileSync as execFileSync2 } from "child_process";
 import { existsSync as existsSync7, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync7 } from "fs";
@@ -25496,7 +26074,22 @@ function installToGemini(entry) {
     return { agent: "gemini", success: false, error: err.message };
   }
 }
-function installToAgents(entry, targets = ["claude", "codex", "gemini"]) {
+function installToAgents(entry, targets = ["claude", "codex", "gemini"], options = {}) {
+  try {
+    assertLocalCommandConsent({
+      command: entry.command,
+      args: entry.args,
+      env: entry.env,
+      transport: entry.transport,
+      operation: "install"
+    }, options.localCommandConsent);
+  } catch (err) {
+    return targets.map((target) => ({
+      agent: target,
+      success: false,
+      error: err.message
+    }));
+  }
   return targets.map((target) => {
     if (target === "claude")
       return installToClaude(entry);
@@ -25510,7 +26103,7 @@ function installToAgents(entry, targets = ["claude", "codex", "gemini"]) {
 // src/lib/machines.ts
 init_db();
 import { userInfo } from "os";
-function parseRow2(row) {
+function parseRow3(row) {
   return {
     id: row.id,
     name: row.name,
@@ -25553,12 +26146,12 @@ function toSqlBool(value, fallback = true) {
 function listMachines() {
   const db2 = getDb();
   const rows = db2.prepare("SELECT * FROM machines ORDER BY name ASC").all();
-  return rows.map(parseRow2);
+  return rows.map(parseRow3);
 }
 function getMachine(id) {
   const db2 = getDb();
   const row = db2.prepare("SELECT * FROM machines WHERE id = ?").get(id);
-  return row ? parseRow2(row) : null;
+  return row ? parseRow3(row) : null;
 }
 function addMachine(opts) {
   const db2 = getDb();
@@ -25573,7 +26166,7 @@ function addMachine(opts) {
         id, name, host, username, port, platform, arch, bun_path, npm_path, installer, ssh_key_path, enabled
       ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
       RETURNING *`).get(id, name, host, normalizeText(opts.username) ?? resolveDefaultUser(), opts.port ?? 22, opts.platform ?? "unknown", opts.arch ?? "unknown", normalizeText(opts.bun_path) ?? null, normalizeText(opts.npm_path) ?? null, opts.installer ?? "auto", normalizeText(opts.ssh_key_path) ?? null, toSqlBool(opts.enabled, true));
-  return parseRow2(row);
+  return parseRow3(row);
 }
 function upsertMachine(opts) {
   const db2 = getDb();
@@ -25601,7 +26194,7 @@ function upsertMachine(opts) {
         enabled = excluded.enabled,
         updated_at = datetime('now')
       RETURNING *`).get(id, name, host, normalizeText(opts.username) ?? resolveDefaultUser(), opts.port ?? 22, opts.platform ?? "unknown", opts.arch ?? "unknown", normalizeText(opts.bun_path) ?? null, normalizeText(opts.npm_path) ?? null, opts.installer ?? "auto", normalizeText(opts.ssh_key_path) ?? null, toSqlBool(opts.enabled, true));
-  return parseRow2(row);
+  return parseRow3(row);
 }
 function updateMachine(id, updates) {
   const db2 = getDb();
@@ -25664,7 +26257,7 @@ function updateMachine(id, updates) {
   const row = db2.prepare(`UPDATE machines SET ${sets.join(", ")} WHERE id = ? RETURNING *`).get(...values);
   if (!row)
     throw new Error(`Machine "${id}" not found`);
-  return parseRow2(row);
+  return parseRow3(row);
 }
 function removeMachine(id) {
   const db2 = getDb();
@@ -26431,49 +27024,63 @@ function readPackageVersion(moduleUrl, fallback = FALLBACK_VERSION) {
 // src/index.ts
 init_db();
 export {
+  upsertProviderProfile,
   upsertMachine,
   updateServer,
   updateMachine,
   unsetServerEnv,
   setServerEnv,
+  seedDefaultProviderProfiles,
   seedDefaultMachines,
   searchRegistry,
+  searchProviderProfiles,
   runFleetInstall,
   runFleetHealthCheck,
   removeSource,
   removeServer,
+  removeProviderProfile,
   removeMachine,
   refreshTools,
   readPackageVersion,
   listSources,
   listServers,
+  listProviderProfiles,
   listMachines,
   listHasnaMcpCatalog,
   listAwesomeServers,
   listAllTools,
   installToAgents,
+  installProviderProfile,
   installFromRegistry,
+  inspectLocalCommand,
   getToolCounts,
   getSource,
   getServer,
   getRegistryServer,
+  getProviderProfile,
   getMachine,
   getDb,
   getCachedTools,
+  formatLocalCommandReview,
   findServers,
   enableSource,
   enableServer,
+  enableProviderProfile,
   disconnectServer,
   disconnectAll,
   disableSource,
   disableServer,
+  disableProviderProfile,
   diagnoseServer,
   connectToServer,
   closeDb,
   cloneServer,
   callTool,
+  assertLocalCommandConsent,
   addSource,
   addServer,
   addMachine,
+  LocalCommandConsentError,
+  DEFAULT_PROVIDER_PROFILE_SEEDS,
   DEFAULT_MACHINE_SEEDS
 };