@heossi/qnsi-mcp 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +8 -0
- package/README.md +183 -0
- package/dist/api-client.d.ts +36 -0
- package/dist/api-client.d.ts.map +1 -0
- package/dist/api-client.js +75 -0
- package/dist/api-client.js.map +1 -0
- package/dist/index.d.ts +24 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +117 -0
- package/dist/index.js.map +1 -0
- package/dist/session.d.ts +34 -0
- package/dist/session.d.ts.map +1 -0
- package/dist/session.js +82 -0
- package/dist/session.js.map +1 -0
- package/dist/tools.d.ts +89 -0
- package/dist/tools.d.ts.map +1 -0
- package/dist/tools.js +189 -0
- package/dist/tools.js.map +1 -0
- package/package.json +93 -0
package/LICENSE
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
# QNSP Licensing
|
|
2
|
+
|
|
3
|
+
This repository is **multi-licensed**.
|
|
4
|
+
|
|
5
|
+
- Source code under `packages/*` and selected `apps/*` directories is licensed **per package**. Refer to the `LICENSE` file inside each package directory.
|
|
6
|
+
- Public SDK packages (those with `publishConfig.access: "public"`) are licensed under the **Apache License 2.0**.
|
|
7
|
+
- Core platform packages (including `apps/ai-orchestrator` and `packages/kms`, and `packages/liboqs-native`) are licensed under the **Business Source License 1.1** with a Change License of **GPL-2.0-or-later**.
|
|
8
|
+
- Materials under `docs/patent-ip-candidates` are **Proprietary**.
|
package/README.md
ADDED
|
@@ -0,0 +1,183 @@
|
|
|
1
|
+
# @heossi/qnsi-mcp
|
|
2
|
+
|
|
3
|
+
[](https://www.npmjs.com/package/@heossi/qnsi-mcp)
|
|
4
|
+
[](https://www.npmjs.com/package/@heossi/qnsi-mcp)
|
|
5
|
+
[](./LICENSE)
|
|
6
|
+
|
|
7
|
+
**Official QNSP Model Context Protocol server** — give Claude, Cursor, Windsurf,
|
|
8
|
+
and any MCP-compatible agent first-class access to a production post-quantum
|
|
9
|
+
cryptography platform: FIPS 203 / 204 / 205 key management, a quantum-safe
|
|
10
|
+
vault, a cryptographic bill of materials (CBOM), searchable encrypted storage,
|
|
11
|
+
and immutable audit trails — tenant-scoped and tier-gated end-to-end.
|
|
12
|
+
|
|
13
|
+
> **Free tier available.** Get an API key at
|
|
14
|
+
> <https://cloud.qnsp.cuilabs.io/signup?src=mcp> — no credit card.
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## Why install this?
|
|
19
|
+
|
|
20
|
+
Your agent can now:
|
|
21
|
+
|
|
22
|
+
- Generate and rotate NIST-standardised PQC keys (ML-KEM, ML-DSA, SLH-DSA, Falcon).
|
|
23
|
+
- Store secrets in a quantum-safe vault with per-tenant envelope encryption.
|
|
24
|
+
- Scan your infrastructure's cryptographic posture (CBOM) and score PQC readiness.
|
|
25
|
+
- Query an immutable, hash-chained audit log for any tenant action.
|
|
26
|
+
- Run searchable symmetric-encryption (SSE-X) queries over encrypted documents.
|
|
27
|
+
- Report tenant tier, quota, and billing status without leaving the chat.
|
|
28
|
+
|
|
29
|
+
Every call is tenant-scoped, entitlement-enforced on the server, and billable
|
|
30
|
+
against your QNSP plan.
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
|
|
34
|
+
## Install
|
|
35
|
+
|
|
36
|
+
### Claude Desktop
|
|
37
|
+
|
|
38
|
+
Add to `~/Library/Application Support/Claude/claude_desktop_config.json`
|
|
39
|
+
(macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
|
|
40
|
+
|
|
41
|
+
```json
|
|
42
|
+
{
|
|
43
|
+
"mcpServers": {
|
|
44
|
+
"qnsp": {
|
|
45
|
+
"command": "npx",
|
|
46
|
+
"args": ["-y", "@heossi/qnsi-mcp"],
|
|
47
|
+
"env": {
|
|
48
|
+
"QNSP_API_KEY": "qnsp_pqc_api_..."
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
}
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
### Cursor
|
|
56
|
+
|
|
57
|
+
Add to `~/.cursor/mcp.json`:
|
|
58
|
+
|
|
59
|
+
```json
|
|
60
|
+
{
|
|
61
|
+
"mcpServers": {
|
|
62
|
+
"qnsp": {
|
|
63
|
+
"command": "npx",
|
|
64
|
+
"args": ["-y", "@heossi/qnsi-mcp"],
|
|
65
|
+
"env": { "QNSP_API_KEY": "qnsp_pqc_api_..." }
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
### Windsurf
|
|
72
|
+
|
|
73
|
+
Add to `~/.codeium/windsurf/mcp_config.json`:
|
|
74
|
+
|
|
75
|
+
```json
|
|
76
|
+
{
|
|
77
|
+
"mcpServers": {
|
|
78
|
+
"qnsp": {
|
|
79
|
+
"command": "npx",
|
|
80
|
+
"args": ["-y", "@heossi/qnsi-mcp"],
|
|
81
|
+
"env": { "QNSP_API_KEY": "qnsp_pqc_api_..." }
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
### VS Code (GitHub Copilot / Continue)
|
|
88
|
+
|
|
89
|
+
Add to `.vscode/mcp.json` (workspace) or the user-level MCP config:
|
|
90
|
+
|
|
91
|
+
```json
|
|
92
|
+
{
|
|
93
|
+
"servers": {
|
|
94
|
+
"qnsp": {
|
|
95
|
+
"type": "stdio",
|
|
96
|
+
"command": "npx",
|
|
97
|
+
"args": ["-y", "@heossi/qnsi-mcp"],
|
|
98
|
+
"env": { "QNSP_API_KEY": "qnsp_pqc_api_..." }
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
### CLI (any MCP client)
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
npm install -g @heossi/qnsi-mcp
|
|
108
|
+
export QNSP_API_KEY="qnsp_pqc_api_..."
|
|
109
|
+
qnsp-mcp
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
---
|
|
113
|
+
|
|
114
|
+
## Tools exposed
|
|
115
|
+
|
|
116
|
+
All tools are registered with the `qnsp_` namespace prefix so they never
|
|
117
|
+
collide with tools from other MCP servers an agent may have enabled.
|
|
118
|
+
|
|
119
|
+
| Tool | Description | Tier |
|
|
120
|
+
|---|---|---|
|
|
121
|
+
| `qnsp_kms_generate_key` | Generate a PQC keypair (ML-KEM, ML-DSA, SLH-DSA, Falcon). | Dev+ |
|
|
122
|
+
| `qnsp_kms_list_keys` | List keys in the current tenant. | Dev+ |
|
|
123
|
+
| `qnsp_kms_get_key` | Retrieve a key's public metadata. | Dev+ |
|
|
124
|
+
| `qnsp_kms_rotate_key` | Rotate a key; previous version retained for verification. | Dev+ |
|
|
125
|
+
| `qnsp_vault_create_secret` | Store a secret under PQC envelope encryption. | Pro+ |
|
|
126
|
+
| `qnsp_vault_get_secret` | Retrieve a vault secret. | Pro+ |
|
|
127
|
+
| `qnsp_vault_list_secrets` | List secrets in the tenant. | Pro+ |
|
|
128
|
+
| `qnsp_crypto_scan` | Trigger a cryptographic discovery job (CBOM). | Dev+ |
|
|
129
|
+
| `qnsp_crypto_inventory` | List recent inventory jobs and results. | Dev+ |
|
|
130
|
+
| `qnsp_crypto_readiness` | PQC-readiness scorecard for the tenant. | Dev+ |
|
|
131
|
+
| `qnsp_audit_query` | Query the immutable, hash-chained audit log. | Dev+ |
|
|
132
|
+
| `qnsp_search_query` | Searchable symmetric-encryption (SSE-X) query. | Business+ |
|
|
133
|
+
| `qnsp_tenant_info` | Show current tenant configuration. | Dev+ |
|
|
134
|
+
| `qnsp_billing_status` | Show tier, limits, and upgrade URL. | Any |
|
|
135
|
+
| `qnsp_platform_health` | Platform liveness and regional posture. | Any |
|
|
136
|
+
|
|
137
|
+
If your tier does not include a feature, the tool returns a clear upgrade
|
|
138
|
+
message with a deep link to <https://cloud.qnsp.cuilabs.io/billing>.
|
|
139
|
+
|
|
140
|
+
---
|
|
141
|
+
|
|
142
|
+
## Configuration
|
|
143
|
+
|
|
144
|
+
| Env var | Required | Default | Purpose |
|
|
145
|
+
|---|---|---|---|
|
|
146
|
+
| `QNSP_API_KEY` | yes | — | Tenant-scoped API key. Create one at <https://cloud.qnsp.cuilabs.io/api-keys>. |
|
|
147
|
+
| `QNSP_PLATFORM_URL` | no | `https://api.qnsp.cuilabs.io` | Point at a staging or self-hosted edge gateway. |
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## How it works
|
|
152
|
+
|
|
153
|
+
On start, the server calls `@heossi/qnsi-sdk-activation` to resolve the API key into a
|
|
154
|
+
tenant, tier, and feature-flag set. Every tool invocation is:
|
|
155
|
+
|
|
156
|
+
1. **Gated client-side** by the resolved tier (fails fast with a human-readable
|
|
157
|
+
upgrade prompt instead of a raw 402/403).
|
|
158
|
+
2. **Enforced server-side** by the QNSP edge gateway and PDP — the client-side
|
|
159
|
+
gate is a UX optimization, not the security boundary.
|
|
160
|
+
3. **Audited** as an immutable hash-chained event in the QNSP audit log.
|
|
161
|
+
|
|
162
|
+
No data is cached locally; every call is a round-trip to your tenant.
|
|
163
|
+
|
|
164
|
+
---
|
|
165
|
+
|
|
166
|
+
## Security
|
|
167
|
+
|
|
168
|
+
- API keys are transmitted over TLS 1.3 (hybrid-PQC negotiation where
|
|
169
|
+
supported) to `api.qnsp.cuilabs.io` and never logged.
|
|
170
|
+
- Tool output is JSON — the server never embeds raw secret material into
|
|
171
|
+
natural-language responses unless the tool semantics require it.
|
|
172
|
+
- Report vulnerabilities to <security@cuilabs.io>.
|
|
173
|
+
|
|
174
|
+
---
|
|
175
|
+
|
|
176
|
+
## Links
|
|
177
|
+
|
|
178
|
+
- **Docs:** <https://docs.qnsp.cuilabs.io/sdk/mcp-server>
|
|
179
|
+
- **Cloud console:** <https://cloud.qnsp.cuilabs.io>
|
|
180
|
+
- **Pricing:** <https://qnsp.cuilabs.io/pricing>
|
|
181
|
+
- **Issues:** <https://github.com/heossi-hq/qnsp-public/issues>
|
|
182
|
+
|
|
183
|
+
Apache-2.0 © HEOSSI (PTE.) LTD.
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QNSP API Client
|
|
3
|
+
*
|
|
4
|
+
* Thin HTTP client for calling QNSP platform APIs through the edge gateway.
|
|
5
|
+
* All requests include the API key as Bearer token and tenant ID header.
|
|
6
|
+
* The edge gateway handles entitlement enforcement, quota checks, and PQC signing.
|
|
7
|
+
*/
|
|
8
|
+
export interface ApiClientConfig {
|
|
9
|
+
readonly baseUrl: string;
|
|
10
|
+
readonly apiKey: string;
|
|
11
|
+
readonly tenantId: string;
|
|
12
|
+
readonly timeoutMs?: number;
|
|
13
|
+
}
|
|
14
|
+
export interface ApiResponse<T = unknown> {
|
|
15
|
+
readonly ok: boolean;
|
|
16
|
+
readonly status: number;
|
|
17
|
+
readonly data: T;
|
|
18
|
+
}
|
|
19
|
+
export declare class ApiClient {
|
|
20
|
+
private readonly baseUrl;
|
|
21
|
+
private readonly apiKey;
|
|
22
|
+
private readonly tenantId;
|
|
23
|
+
private readonly timeoutMs;
|
|
24
|
+
constructor(config: ApiClientConfig);
|
|
25
|
+
get<T = unknown>(path: string): Promise<ApiResponse<T>>;
|
|
26
|
+
post<T = unknown>(path: string, body?: unknown): Promise<ApiResponse<T>>;
|
|
27
|
+
patch<T = unknown>(path: string, body?: unknown): Promise<ApiResponse<T>>;
|
|
28
|
+
del<T = unknown>(path: string): Promise<ApiResponse<T>>;
|
|
29
|
+
private request;
|
|
30
|
+
}
|
|
31
|
+
export declare class QnspApiError extends Error {
|
|
32
|
+
readonly statusCode: number;
|
|
33
|
+
readonly body: unknown;
|
|
34
|
+
constructor(message: string, statusCode: number, body: unknown);
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=api-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-client.d.ts","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW,CAAC,CAAC,GAAG,OAAO;IACvC,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CACjB;AAED,qBAAa,SAAS;IACrB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,MAAM,EAAE,eAAe;IAO7B,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAIvD,IAAI,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAIxE,KAAK,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAIzE,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;YAI/C,OAAO;CAoCrB;AAED,qBAAa,YAAa,SAAQ,KAAK;IACtC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;gBAEX,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO;CAM9D"}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QNSP API Client
|
|
3
|
+
*
|
|
4
|
+
* Thin HTTP client for calling QNSP platform APIs through the edge gateway.
|
|
5
|
+
* All requests include the API key as Bearer token and tenant ID header.
|
|
6
|
+
* The edge gateway handles entitlement enforcement, quota checks, and PQC signing.
|
|
7
|
+
*/
|
|
8
|
+
const DEFAULT_TIMEOUT_MS = 15_000;
|
|
9
|
+
export class ApiClient {
|
|
10
|
+
baseUrl;
|
|
11
|
+
apiKey;
|
|
12
|
+
tenantId;
|
|
13
|
+
timeoutMs;
|
|
14
|
+
constructor(config) {
|
|
15
|
+
this.baseUrl = config.baseUrl.replace(/\/$/, "");
|
|
16
|
+
this.apiKey = config.apiKey;
|
|
17
|
+
this.tenantId = config.tenantId;
|
|
18
|
+
this.timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
19
|
+
}
|
|
20
|
+
async get(path) {
|
|
21
|
+
return this.request("GET", path);
|
|
22
|
+
}
|
|
23
|
+
async post(path, body) {
|
|
24
|
+
return this.request("POST", path, body);
|
|
25
|
+
}
|
|
26
|
+
async patch(path, body) {
|
|
27
|
+
return this.request("PATCH", path, body);
|
|
28
|
+
}
|
|
29
|
+
async del(path) {
|
|
30
|
+
return this.request("DELETE", path);
|
|
31
|
+
}
|
|
32
|
+
async request(method, path, body) {
|
|
33
|
+
const url = `${this.baseUrl}${path}`;
|
|
34
|
+
const headers = {
|
|
35
|
+
authorization: `Bearer ${this.apiKey}`,
|
|
36
|
+
"x-qnsp-tenant": this.tenantId,
|
|
37
|
+
"x-qnsp-tenant-id": this.tenantId,
|
|
38
|
+
"x-tenant-id": this.tenantId,
|
|
39
|
+
"content-type": "application/json",
|
|
40
|
+
"user-agent": "qnsp-mcp-server/0.1.0",
|
|
41
|
+
};
|
|
42
|
+
const response = await fetch(url, {
|
|
43
|
+
method,
|
|
44
|
+
headers,
|
|
45
|
+
...(body !== undefined ? { body: JSON.stringify(body) } : {}),
|
|
46
|
+
signal: AbortSignal.timeout(this.timeoutMs),
|
|
47
|
+
});
|
|
48
|
+
const text = await response.text();
|
|
49
|
+
let data;
|
|
50
|
+
try {
|
|
51
|
+
data = JSON.parse(text);
|
|
52
|
+
}
|
|
53
|
+
catch {
|
|
54
|
+
data = text;
|
|
55
|
+
}
|
|
56
|
+
if (!response.ok) {
|
|
57
|
+
const msg = typeof data === "object" && data !== null && "message" in data
|
|
58
|
+
? String(data["message"])
|
|
59
|
+
: `HTTP ${response.status}`;
|
|
60
|
+
throw new QnspApiError(msg, response.status, data);
|
|
61
|
+
}
|
|
62
|
+
return { ok: true, status: response.status, data };
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
export class QnspApiError extends Error {
|
|
66
|
+
statusCode;
|
|
67
|
+
body;
|
|
68
|
+
constructor(message, statusCode, body) {
|
|
69
|
+
super(message);
|
|
70
|
+
this.name = "QnspApiError";
|
|
71
|
+
this.statusCode = statusCode;
|
|
72
|
+
this.body = body;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
//# sourceMappingURL=api-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAelC,MAAM,OAAO,SAAS;IACJ,OAAO,CAAS;IAChB,MAAM,CAAS;IACf,QAAQ,CAAS;IACjB,SAAS,CAAS;IAEnC,YAAY,MAAuB;QAClC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAChC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,kBAAkB,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,GAAG,CAAc,IAAY;QAClC,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,IAAI,CAAc,IAAY,EAAE,IAAc;QACnD,OAAO,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK,CAAc,IAAY,EAAE,IAAc;QACpD,OAAO,IAAI,CAAC,OAAO,CAAI,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,GAAG,CAAc,IAAY;QAClC,OAAO,IAAI,CAAC,OAAO,CAAI,QAAQ,EAAE,IAAI,CAAC,CAAC;IACxC,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACpE,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QACrC,MAAM,OAAO,GAA2B;YACvC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;YACtC,eAAe,EAAE,IAAI,CAAC,QAAQ;YAC9B,kBAAkB,EAAE,IAAI,CAAC,QAAQ;YACjC,aAAa,EAAE,IAAI,CAAC,QAAQ;YAC5B,cAAc,EAAE,kBAAkB;YAClC,YAAY,EAAE,uBAAuB;SACrC,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YACjC,MAAM;YACN,OAAO;YACP,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;SAC3C,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,IAAO,CAAC;QACZ,IAAI,CAAC;YACJ,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACR,IAAI,GAAG,IAAoB,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,GAAG,GACR,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,SAAS,IAAI,IAAI;gBAC7D,CAAC,CAAC,MAAM,CAAE,IAAgC,CAAC,SAAS,CAAC,CAAC;gBACtD,CAAC,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC9B,MAAM,IAAI,YAAY,CAAC,GAAG,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC;IACpD,CAAC;CACD;AAED,MAAM,OAAO,YAAa,SAAQ,KAAK;IAC7B,UAAU,CAAS;IACnB,IAAI,CAAU;IAEvB,YAAY,OAAe,EAAE,UAAkB,EAAE,IAAa;QAC7D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IAClB,CAAC;CACD"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* QNSP MCP Server
|
|
4
|
+
*
|
|
5
|
+
* Post-quantum cryptography tools for AI assistants.
|
|
6
|
+
* Connects to the QNSP platform via edge gateway, authenticates with an API key,
|
|
7
|
+
* and exposes tier-gated tools for KMS, Vault, Crypto Inventory, Audit, Search,
|
|
8
|
+
* and platform management.
|
|
9
|
+
*
|
|
10
|
+
* Usage (stdio):
|
|
11
|
+
* QNSP_API_KEY=your-key qnsp-mcp
|
|
12
|
+
*
|
|
13
|
+
* Configuration:
|
|
14
|
+
* QNSP_API_KEY — Required. Get one at https://cloud.qnsp.cuilabs.io/api-keys
|
|
15
|
+
* QNSP_PLATFORM_URL — Optional. Defaults to https://api.qnsp.cuilabs.io
|
|
16
|
+
*/
|
|
17
|
+
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
18
|
+
/**
|
|
19
|
+
* Smithery sandbox server for capability scanning.
|
|
20
|
+
* Returns a server with all tools registered using a no-op context
|
|
21
|
+
* so Smithery can discover tool definitions without real credentials.
|
|
22
|
+
*/
|
|
23
|
+
export declare function createSandboxServer(): McpServer;
|
|
24
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAmHpE;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,SAAS,CAuB/C"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* QNSP MCP Server
|
|
4
|
+
*
|
|
5
|
+
* Post-quantum cryptography tools for AI assistants.
|
|
6
|
+
* Connects to the QNSP platform via edge gateway, authenticates with an API key,
|
|
7
|
+
* and exposes tier-gated tools for KMS, Vault, Crypto Inventory, Audit, Search,
|
|
8
|
+
* and platform management.
|
|
9
|
+
*
|
|
10
|
+
* Usage (stdio):
|
|
11
|
+
* QNSP_API_KEY=your-key qnsp-mcp
|
|
12
|
+
*
|
|
13
|
+
* Configuration:
|
|
14
|
+
* QNSP_API_KEY — Required. Get one at https://cloud.qnsp.cuilabs.io/api-keys
|
|
15
|
+
* QNSP_PLATFORM_URL — Optional. Defaults to https://api.qnsp.cuilabs.io
|
|
16
|
+
*/
|
|
17
|
+
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
18
|
+
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
|
|
19
|
+
import { ApiClient } from "./api-client.js";
|
|
20
|
+
import { SessionManager } from "./session.js";
|
|
21
|
+
import * as tools from "./tools.js";
|
|
22
|
+
const PACKAGE_VERSION = "0.1.0";
|
|
23
|
+
function registerTools(server, ctx) {
|
|
24
|
+
server.tool("qnsp_kms_generate_key", "Generate a new post-quantum cryptographic key pair. Supports ML-KEM (Kyber), ML-DSA (Dilithium), Falcon, SPHINCS+, and the full 93-algorithm QNSP PQC catalog.", {
|
|
25
|
+
algorithm: tools.kmsGenerateKeySchema.shape.algorithm,
|
|
26
|
+
label: tools.kmsGenerateKeySchema.shape.label,
|
|
27
|
+
metadata: tools.kmsGenerateKeySchema.shape.metadata,
|
|
28
|
+
}, async (input) => tools.kmsGenerateKey(ctx, tools.kmsGenerateKeySchema.parse(input)));
|
|
29
|
+
server.tool("qnsp_kms_list_keys", "List PQC keys in your tenant's key store.", { limit: tools.kmsListKeysSchema.shape.limit }, async (input) => tools.kmsListKeys(ctx, tools.kmsListKeysSchema.parse(input)));
|
|
30
|
+
server.tool("qnsp_kms_get_key", "Get details of a specific PQC key by ID.", { keyId: tools.kmsGetKeySchema.shape.keyId }, async (input) => tools.kmsGetKey(ctx, tools.kmsGetKeySchema.parse(input)));
|
|
31
|
+
server.tool("qnsp_kms_rotate_key", "Rotate a PQC key — generates a new version while preserving the key ID.", { keyId: tools.kmsRotateKeySchema.shape.keyId }, async (input) => tools.kmsRotateKey(ctx, tools.kmsRotateKeySchema.parse(input)));
|
|
32
|
+
server.tool("qnsp_vault_create_secret", "Store a secret in the quantum-safe encrypted vault.", {
|
|
33
|
+
name: tools.vaultCreateSecretSchema.shape.name,
|
|
34
|
+
value: tools.vaultCreateSecretSchema.shape.value,
|
|
35
|
+
metadata: tools.vaultCreateSecretSchema.shape.metadata,
|
|
36
|
+
}, async (input) => tools.vaultCreateSecret(ctx, tools.vaultCreateSecretSchema.parse(input)));
|
|
37
|
+
server.tool("qnsp_vault_get_secret", "Retrieve a secret from the quantum-safe vault by ID.", { secretId: tools.vaultGetSecretSchema.shape.secretId }, async (input) => tools.vaultGetSecret(ctx, tools.vaultGetSecretSchema.parse(input)));
|
|
38
|
+
server.tool("qnsp_vault_list_secrets", "List secrets in the quantum-safe vault.", { limit: tools.vaultListSecretsSchema.shape.limit }, async (input) => tools.vaultListSecrets(ctx, tools.vaultListSecretsSchema.parse(input)));
|
|
39
|
+
server.tool("qnsp_crypto_scan", "Run a cryptographic inventory scan (CBOM). Discovers all PQC and classical crypto assets.", { scope: tools.cryptoScanSchema.shape.scope }, async (input) => tools.cryptoScan(ctx, tools.cryptoScanSchema.parse(input)));
|
|
40
|
+
server.tool("qnsp_crypto_inventory", "List cryptographic assets in the inventory (Cryptographic Bill of Materials).", { limit: tools.cryptoInventorySchema.shape.limit }, async (input) => tools.cryptoInventory(ctx, tools.cryptoInventorySchema.parse(input)));
|
|
41
|
+
server.tool("qnsp_crypto_readiness", "Check post-quantum readiness status — identifies vulnerable algorithms and migration paths.", {}, async (input) => tools.cryptoReadiness(ctx, tools.cryptoReadinessSchema.parse(input)));
|
|
42
|
+
server.tool("qnsp_audit_query", "Query the immutable audit trail. Filter by topic, source service, or time range.", {
|
|
43
|
+
topic: tools.auditQuerySchema.shape.topic,
|
|
44
|
+
sourceService: tools.auditQuerySchema.shape.sourceService,
|
|
45
|
+
limit: tools.auditQuerySchema.shape.limit,
|
|
46
|
+
}, async (input) => tools.auditQuery(ctx, tools.auditQuerySchema.parse(input)));
|
|
47
|
+
server.tool("qnsp_search_query", "Search encrypted documents using SSE-X (Server-Side Encryption with eXtended PQC). Requires dev-pro tier or higher.", { query: tools.searchQuerySchema.shape.query, limit: tools.searchQuerySchema.shape.limit }, async (input) => tools.searchQuery(ctx, tools.searchQuerySchema.parse(input)));
|
|
48
|
+
server.tool("qnsp_tenant_info", "Get your tenant information — plan, region, crypto policy, and metadata.", {}, async (input) => tools.tenantInfo(ctx, tools.tenantInfoSchema.parse(input)));
|
|
49
|
+
server.tool("qnsp_billing_status", "Check your current billing tier, feature limits, and upgrade options.", {}, async (input) => tools.billingStatus(ctx, tools.billingStatusSchema.parse(input)));
|
|
50
|
+
server.tool("qnsp_platform_health", "Check QNSP platform health status across all services.", {}, async (input) => tools.platformHealth(ctx, tools.platformHealthSchema.parse(input)));
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Smithery sandbox server for capability scanning.
|
|
54
|
+
* Returns a server with all tools registered using a no-op context
|
|
55
|
+
* so Smithery can discover tool definitions without real credentials.
|
|
56
|
+
*/
|
|
57
|
+
export function createSandboxServer() {
|
|
58
|
+
const noopApi = new ApiClient({
|
|
59
|
+
baseUrl: "https://api.qnsp.cuilabs.io",
|
|
60
|
+
apiKey: "sandbox",
|
|
61
|
+
tenantId: "sandbox",
|
|
62
|
+
});
|
|
63
|
+
const sandboxGate = {
|
|
64
|
+
hasFeature: () => true,
|
|
65
|
+
tier: "sandbox",
|
|
66
|
+
tenantId: "sandbox",
|
|
67
|
+
limits: {
|
|
68
|
+
storageGB: 0,
|
|
69
|
+
apiCalls: 0,
|
|
70
|
+
enclavesEnabled: true,
|
|
71
|
+
aiTrainingEnabled: true,
|
|
72
|
+
aiInferenceEnabled: true,
|
|
73
|
+
sseEnabled: true,
|
|
74
|
+
vaultEnabled: true,
|
|
75
|
+
},
|
|
76
|
+
};
|
|
77
|
+
const server = new McpServer({ name: "qnsp", version: PACKAGE_VERSION });
|
|
78
|
+
registerTools(server, { api: noopApi, gate: sandboxGate });
|
|
79
|
+
return server;
|
|
80
|
+
}
|
|
81
|
+
function getRequiredEnv(name) {
|
|
82
|
+
const value = process.env[name];
|
|
83
|
+
if (!value || value.length === 0) {
|
|
84
|
+
process.stderr.write(`Error: ${name} is required. Get your free API key at https://cloud.qnsp.cuilabs.io/api-keys\n`);
|
|
85
|
+
process.exit(1);
|
|
86
|
+
}
|
|
87
|
+
return value;
|
|
88
|
+
}
|
|
89
|
+
async function main() {
|
|
90
|
+
const apiKey = getRequiredEnv("QNSP_API_KEY");
|
|
91
|
+
const platformUrl = process.env["QNSP_PLATFORM_URL"] ?? "https://api.qnsp.cuilabs.io";
|
|
92
|
+
// Activate SDK session — resolves API key → tenant ID → tier → limits
|
|
93
|
+
const session = new SessionManager({ apiKey, platformUrl });
|
|
94
|
+
const gate = await session.activate();
|
|
95
|
+
// Create API client for edge gateway calls
|
|
96
|
+
const api = new ApiClient({
|
|
97
|
+
baseUrl: platformUrl,
|
|
98
|
+
apiKey,
|
|
99
|
+
tenantId: gate.tenantId,
|
|
100
|
+
});
|
|
101
|
+
const ctx = { api, gate };
|
|
102
|
+
const server = new McpServer({ name: "qnsp", version: PACKAGE_VERSION });
|
|
103
|
+
registerTools(server, ctx);
|
|
104
|
+
// Start stdio transport
|
|
105
|
+
const transport = new StdioServerTransport();
|
|
106
|
+
await server.connect(transport);
|
|
107
|
+
}
|
|
108
|
+
// Only run the stdio server when QNSP_API_KEY is set.
|
|
109
|
+
// When Smithery imports this module for capability scanning, it calls
|
|
110
|
+
// createSandboxServer() instead — no API key needed for tool discovery.
|
|
111
|
+
if (process.env["QNSP_API_KEY"]) {
|
|
112
|
+
main().catch((error) => {
|
|
113
|
+
process.stderr.write(`QNSP MCP Server fatal error: ${error instanceof Error ? error.message : String(error)}\n`);
|
|
114
|
+
process.exit(1);
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAE9C,OAAO,KAAK,KAAK,MAAM,YAAY,CAAC;AAEpC,MAAM,eAAe,GAAG,OAAO,CAAC;AAEhC,SAAS,aAAa,CAAC,MAAiB,EAAE,GAAgB;IACzD,MAAM,CAAC,IAAI,CACV,uBAAuB,EACvB,gKAAgK,EAChK;QACC,SAAS,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS;QACrD,KAAK,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,KAAK;QAC7C,QAAQ,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,QAAQ;KACnD,EACD,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACnF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,oBAAoB,EACpB,2CAA2C,EAC3C,EAAE,KAAK,EAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,KAAK,EAAE,EAC9C,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAC7E,CAAC;IACF,MAAM,CAAC,IAAI,CACV,kBAAkB,EAClB,0CAA0C,EAC1C,EAAE,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,KAAK,EAAE,EAC5C,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACzE,CAAC;IACF,MAAM,CAAC,IAAI,CACV,qBAAqB,EACrB,yEAAyE,EACzE,EAAE,KAAK,EAAE,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,KAAK,EAAE,EAC/C,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,GAAG,EAAE,KAAK,CAAC,kBAAkB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAC/E,CAAC;IACF,MAAM,CAAC,IAAI,CACV,0BAA0B,EAC1B,qDAAqD,EACrD;QACC,IAAI,EAAE,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,IAAI;QAC9C,KAAK,EAAE,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,KAAK;QAChD,QAAQ,EAAE,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,QAAQ;KACtD,EACD,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,uBAAuB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACzF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,uBAAuB,EACvB,sDAAsD,EACtD,EAAE,QAAQ,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,QAAQ,EAAE,EACvD,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACnF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,yBAAyB,EACzB,yCAAyC,EACzC,EAAE,KAAK,EAAE,KAAK,CAAC,sBAAsB,CAAC,KAAK,CAAC,KAAK,EAAE,EACnD,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,sBAAsB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACvF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,kBAAkB,EAClB,2FAA2F,EAC3F,EAAE,KAAK,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,EAAE,EAC7C,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAC3E,CAAC;IACF,MAAM,CAAC,IAAI,CACV,uBAAuB,EACvB,+EAA+E,EAC/E,EAAE,KAAK,EAAE,KAAK,CAAC,qBAAqB,CAAC,KAAK,CAAC,KAAK,EAAE,EAClD,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,EAAE,KAAK,CAAC,qBAAqB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACrF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,uBAAuB,EACvB,6FAA6F,EAC7F,EAAE,EACF,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,GAAG,EAAE,KAAK,CAAC,qBAAqB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACrF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,kBAAkB,EAClB,kFAAkF,EAClF;QACC,KAAK,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK;QACzC,aAAa,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,aAAa;QACzD,KAAK,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK;KACzC,EACD,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAC3E,CAAC;IACF,MAAM,CAAC,IAAI,CACV,mBAAmB,EACnB,qHAAqH,EACrH,EAAE,KAAK,EAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,KAAK,EAAE,EAC1F,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,EAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAC7E,CAAC;IACF,MAAM,CAAC,IAAI,CACV,kBAAkB,EAClB,0EAA0E,EAC1E,EAAE,EACF,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAC3E,CAAC;IACF,MAAM,CAAC,IAAI,CACV,qBAAqB,EACrB,uEAAuE,EACvE,EAAE,EACF,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACjF,CAAC;IACF,MAAM,CAAC,IAAI,CACV,sBAAsB,EACtB,wDAAwD,EACxD,EAAE,EACF,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,oBAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CACnF,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IAClC,MAAM,OAAO,GAAG,IAAI,SAAS,CAAC;QAC7B,OAAO,EAAE,6BAA6B;QACtC,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE,SAAS;KACnB,CAAC,CAAC;IACH,MAAM,WAAW,GAAG;QACnB,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI;QACtB,IAAI,EAAE,SAAkB;QACxB,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE;YACP,SAAS,EAAE,CAAC;YACZ,QAAQ,EAAE,CAAC;YACX,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,IAAI;YACvB,kBAAkB,EAAE,IAAI;YACxB,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,IAAI;SAClB;KACD,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;IACzE,aAAa,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;IAC3D,OAAO,MAAM,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,UAAU,IAAI,iFAAiF,CAC/F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,KAAK,UAAU,IAAI;IAClB,MAAM,MAAM,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IAC9C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,6BAA6B,CAAC;IAEtF,sEAAsE;IACtE,MAAM,OAAO,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IAC5D,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;IAEtC,2CAA2C;IAC3C,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC;QACzB,OAAO,EAAE,WAAW;QACpB,MAAM;QACN,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACvB,CAAC,CAAC;IAEH,MAAM,GAAG,GAAgB,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC;IACzE,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE3B,wBAAwB;IACxB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AACjC,CAAC;AAED,sDAAsD;AACtD,sEAAsE;AACtE,wEAAwE;AACxE,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;IACjC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CACnB,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAC1F,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QNSP MCP Session Manager
|
|
3
|
+
*
|
|
4
|
+
* Handles SDK activation (API key → tenant ID → tier → limits) and provides
|
|
5
|
+
* tier-gated access checks for MCP tools. All tier limits are resolved from billing-service
|
|
6
|
+
* via the SDK activation endpoint at runtime.
|
|
7
|
+
*/
|
|
8
|
+
import { type SdkActivationResponse } from "@heossi/qnsi/activation";
|
|
9
|
+
export interface SessionConfig {
|
|
10
|
+
readonly apiKey: string;
|
|
11
|
+
readonly platformUrl?: string;
|
|
12
|
+
}
|
|
13
|
+
export interface TierGate {
|
|
14
|
+
/** Check if a boolean feature is enabled for the current tier */
|
|
15
|
+
hasFeature(feature: "enclavesEnabled" | "aiTrainingEnabled" | "aiInferenceEnabled" | "sseEnabled" | "vaultEnabled"): boolean;
|
|
16
|
+
/** Get the current tier name */
|
|
17
|
+
readonly tier: string;
|
|
18
|
+
/** Get the tenant ID */
|
|
19
|
+
readonly tenantId: string;
|
|
20
|
+
/** Get the raw limits from billing-service */
|
|
21
|
+
readonly limits: SdkActivationResponse["limits"];
|
|
22
|
+
}
|
|
23
|
+
export declare class SessionManager {
|
|
24
|
+
private readonly apiKey;
|
|
25
|
+
private readonly platformUrl;
|
|
26
|
+
private activation;
|
|
27
|
+
constructor(config: SessionConfig);
|
|
28
|
+
activate(): Promise<TierGate>;
|
|
29
|
+
getTierGate(): TierGate;
|
|
30
|
+
get tenantId(): string;
|
|
31
|
+
get tier(): string;
|
|
32
|
+
get isActivated(): boolean;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=session.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAAe,KAAK,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAqBlF,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,QAAQ;IACxB,iEAAiE;IACjE,UAAU,CACT,OAAO,EACJ,iBAAiB,GACjB,mBAAmB,GACnB,oBAAoB,GACpB,YAAY,GACZ,cAAc,GACf,OAAO,CAAC;IACX,gCAAgC;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,wBAAwB;IACxB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,8CAA8C;IAC9C,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,QAAQ,CAAC,CAAC;CACjD;AAED,qBAAa,cAAc;IAC1B,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,UAAU,CAAsC;gBAE5C,MAAM,EAAE,aAAa;IAK3B,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC;IAWnC,WAAW,IAAI,QAAQ;IAsBvB,IAAI,QAAQ,IAAI,MAAM,CAKrB;IAED,IAAI,IAAI,IAAI,MAAM,CAKjB;IAED,IAAI,WAAW,IAAI,OAAO,CAEzB;CACD"}
|
package/dist/session.js
ADDED
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QNSP MCP Session Manager
|
|
3
|
+
*
|
|
4
|
+
* Handles SDK activation (API key → tenant ID → tier → limits) and provides
|
|
5
|
+
* tier-gated access checks for MCP tools. All tier limits are resolved from billing-service
|
|
6
|
+
* via the SDK activation endpoint at runtime.
|
|
7
|
+
*/
|
|
8
|
+
import { readFileSync } from "node:fs";
|
|
9
|
+
import { dirname, join } from "node:path";
|
|
10
|
+
import { fileURLToPath } from "node:url";
|
|
11
|
+
import { activateSdk } from "@heossi/qnsi/activation";
|
|
12
|
+
const DEFAULT_PLATFORM_URL = "https://api.qnsp.cuilabs.io";
|
|
13
|
+
// Resolve own version from package.json so activation telemetry tracks the
|
|
14
|
+
// actual published version of @heossi/qnsi-mcp, not an inline literal that
|
|
15
|
+
// drifts every release. The compiled module lives at dist/session.js, so the
|
|
16
|
+
// package.json is one directory up from dist/.
|
|
17
|
+
function readOwnVersion() {
|
|
18
|
+
try {
|
|
19
|
+
const here = dirname(fileURLToPath(import.meta.url));
|
|
20
|
+
const pkgPath = join(here, "..", "package.json");
|
|
21
|
+
const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
|
|
22
|
+
return pkg.version ?? "0.0.0";
|
|
23
|
+
}
|
|
24
|
+
catch {
|
|
25
|
+
return "0.0.0";
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
const SDK_VERSION = readOwnVersion();
|
|
29
|
+
export class SessionManager {
|
|
30
|
+
apiKey;
|
|
31
|
+
platformUrl;
|
|
32
|
+
activation = null;
|
|
33
|
+
constructor(config) {
|
|
34
|
+
this.apiKey = config.apiKey;
|
|
35
|
+
this.platformUrl = config.platformUrl ?? DEFAULT_PLATFORM_URL;
|
|
36
|
+
}
|
|
37
|
+
async activate() {
|
|
38
|
+
this.activation = await activateSdk({
|
|
39
|
+
apiKey: this.apiKey,
|
|
40
|
+
sdkId: "mcp-server",
|
|
41
|
+
sdkVersion: SDK_VERSION,
|
|
42
|
+
platformUrl: this.platformUrl,
|
|
43
|
+
});
|
|
44
|
+
return this.getTierGate();
|
|
45
|
+
}
|
|
46
|
+
getTierGate() {
|
|
47
|
+
if (!this.activation) {
|
|
48
|
+
throw new Error("Session not activated. Call activate() first.");
|
|
49
|
+
}
|
|
50
|
+
const activation = this.activation;
|
|
51
|
+
return {
|
|
52
|
+
hasFeature(feature) {
|
|
53
|
+
return activation.limits[feature] === true;
|
|
54
|
+
},
|
|
55
|
+
get tier() {
|
|
56
|
+
return activation.tier;
|
|
57
|
+
},
|
|
58
|
+
get tenantId() {
|
|
59
|
+
return activation.tenantId;
|
|
60
|
+
},
|
|
61
|
+
get limits() {
|
|
62
|
+
return activation.limits;
|
|
63
|
+
},
|
|
64
|
+
};
|
|
65
|
+
}
|
|
66
|
+
get tenantId() {
|
|
67
|
+
if (!this.activation) {
|
|
68
|
+
throw new Error("Session not activated. Call activate() first.");
|
|
69
|
+
}
|
|
70
|
+
return this.activation.tenantId;
|
|
71
|
+
}
|
|
72
|
+
get tier() {
|
|
73
|
+
if (!this.activation) {
|
|
74
|
+
throw new Error("Session not activated. Call activate() first.");
|
|
75
|
+
}
|
|
76
|
+
return this.activation.tier;
|
|
77
|
+
}
|
|
78
|
+
get isActivated() {
|
|
79
|
+
return this.activation !== null;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
//# sourceMappingURL=session.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,WAAW,EAA8B,MAAM,yBAAyB,CAAC;AAElF,MAAM,oBAAoB,GAAG,6BAA6B,CAAC;AAE3D,2EAA2E;AAC3E,2EAA2E;AAC3E,6EAA6E;AAC7E,+CAA+C;AAC/C,SAAS,cAAc;IACtB,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAyB,CAAC;QAC9E,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,OAAO,CAAC;IAChB,CAAC;AACF,CAAC;AAED,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;AAyBrC,MAAM,OAAO,cAAc;IACT,MAAM,CAAS;IACf,WAAW,CAAS;IAC7B,UAAU,GAAiC,IAAI,CAAC;IAExD,YAAY,MAAqB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,oBAAoB,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,QAAQ;QACb,IAAI,CAAC,UAAU,GAAG,MAAM,WAAW,CAAC;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,KAAK,EAAE,YAAY;YACnB,UAAU,EAAE,WAAW;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;SAC7B,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC3B,CAAC;IAED,WAAW;QACV,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;QACnC,OAAO;YACN,UAAU,CAAC,OAAO;gBACjB,OAAO,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,CAAC;YAC5C,CAAC;YACD,IAAI,IAAI;gBACP,OAAO,UAAU,CAAC,IAAI,CAAC;YACxB,CAAC;YACD,IAAI,QAAQ;gBACX,OAAO,UAAU,CAAC,QAAQ,CAAC;YAC5B,CAAC;YACD,IAAI,MAAM;gBACT,OAAO,UAAU,CAAC,MAAM,CAAC;YAC1B,CAAC;SACD,CAAC;IACH,CAAC;IAED,IAAI,QAAQ;QACX,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;IACjC,CAAC;IAED,IAAI,IAAI;QACP,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;IAC7B,CAAC;IAED,IAAI,WAAW;QACd,OAAO,IAAI,CAAC,UAAU,KAAK,IAAI,CAAC;IACjC,CAAC;CACD"}
|
package/dist/tools.d.ts
ADDED
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QNSP MCP Tool Definitions
|
|
3
|
+
*
|
|
4
|
+
* Each tool maps to a QNSP platform API endpoint via the edge gateway.
|
|
5
|
+
* Tools are tier-gated: the session's TierGate checks feature availability
|
|
6
|
+
* before execution. The edge gateway enforces entitlements server-side as well,
|
|
7
|
+
* so client-side checks are a UX optimization (fail fast with a clear message
|
|
8
|
+
* instead of a raw 402/403).
|
|
9
|
+
*/
|
|
10
|
+
import { z } from "zod";
|
|
11
|
+
import type { ApiClient } from "./api-client.js";
|
|
12
|
+
import type { TierGate } from "./session.js";
|
|
13
|
+
export interface ToolContext {
|
|
14
|
+
readonly api: ApiClient;
|
|
15
|
+
readonly gate: TierGate;
|
|
16
|
+
}
|
|
17
|
+
export interface ToolResult {
|
|
18
|
+
readonly content: Array<{
|
|
19
|
+
type: "text";
|
|
20
|
+
text: string;
|
|
21
|
+
}>;
|
|
22
|
+
readonly isError?: boolean;
|
|
23
|
+
readonly [key: string]: unknown;
|
|
24
|
+
}
|
|
25
|
+
export declare const kmsGenerateKeySchema: z.ZodObject<{
|
|
26
|
+
algorithm: z.ZodString;
|
|
27
|
+
label: z.ZodOptional<z.ZodString>;
|
|
28
|
+
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
29
|
+
}, z.core.$strip>;
|
|
30
|
+
export declare function kmsGenerateKey(ctx: ToolContext, input: z.infer<typeof kmsGenerateKeySchema>): Promise<ToolResult>;
|
|
31
|
+
export declare const kmsListKeysSchema: z.ZodObject<{
|
|
32
|
+
limit: z.ZodOptional<z.ZodNumber>;
|
|
33
|
+
}, z.core.$strip>;
|
|
34
|
+
export declare function kmsListKeys(ctx: ToolContext, input: z.infer<typeof kmsListKeysSchema>): Promise<ToolResult>;
|
|
35
|
+
export declare const kmsGetKeySchema: z.ZodObject<{
|
|
36
|
+
keyId: z.ZodString;
|
|
37
|
+
}, z.core.$strip>;
|
|
38
|
+
export declare function kmsGetKey(ctx: ToolContext, input: z.infer<typeof kmsGetKeySchema>): Promise<ToolResult>;
|
|
39
|
+
export declare const kmsRotateKeySchema: z.ZodObject<{
|
|
40
|
+
keyId: z.ZodString;
|
|
41
|
+
}, z.core.$strip>;
|
|
42
|
+
export declare function kmsRotateKey(ctx: ToolContext, input: z.infer<typeof kmsRotateKeySchema>): Promise<ToolResult>;
|
|
43
|
+
export declare const vaultCreateSecretSchema: z.ZodObject<{
|
|
44
|
+
name: z.ZodString;
|
|
45
|
+
value: z.ZodString;
|
|
46
|
+
metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
|
|
47
|
+
}, z.core.$strip>;
|
|
48
|
+
export declare function vaultCreateSecret(ctx: ToolContext, input: z.infer<typeof vaultCreateSecretSchema>): Promise<ToolResult>;
|
|
49
|
+
export declare const vaultGetSecretSchema: z.ZodObject<{
|
|
50
|
+
secretId: z.ZodString;
|
|
51
|
+
}, z.core.$strip>;
|
|
52
|
+
export declare function vaultGetSecret(ctx: ToolContext, input: z.infer<typeof vaultGetSecretSchema>): Promise<ToolResult>;
|
|
53
|
+
export declare const vaultListSecretsSchema: z.ZodObject<{
|
|
54
|
+
limit: z.ZodOptional<z.ZodNumber>;
|
|
55
|
+
}, z.core.$strip>;
|
|
56
|
+
export declare function vaultListSecrets(ctx: ToolContext, input: z.infer<typeof vaultListSecretsSchema>): Promise<ToolResult>;
|
|
57
|
+
export declare const cryptoScanSchema: z.ZodObject<{
|
|
58
|
+
scope: z.ZodOptional<z.ZodEnum<{
|
|
59
|
+
full: "full";
|
|
60
|
+
keys: "keys";
|
|
61
|
+
certificates: "certificates";
|
|
62
|
+
algorithms: "algorithms";
|
|
63
|
+
}>>;
|
|
64
|
+
}, z.core.$strip>;
|
|
65
|
+
export declare function cryptoScan(ctx: ToolContext, input: z.infer<typeof cryptoScanSchema>): Promise<ToolResult>;
|
|
66
|
+
export declare const cryptoInventorySchema: z.ZodObject<{
|
|
67
|
+
limit: z.ZodOptional<z.ZodNumber>;
|
|
68
|
+
}, z.core.$strip>;
|
|
69
|
+
export declare function cryptoInventory(ctx: ToolContext, input: z.infer<typeof cryptoInventorySchema>): Promise<ToolResult>;
|
|
70
|
+
export declare const cryptoReadinessSchema: z.ZodObject<{}, z.core.$strip>;
|
|
71
|
+
export declare function cryptoReadiness(ctx: ToolContext, _input: z.infer<typeof cryptoReadinessSchema>): Promise<ToolResult>;
|
|
72
|
+
export declare const auditQuerySchema: z.ZodObject<{
|
|
73
|
+
topic: z.ZodOptional<z.ZodString>;
|
|
74
|
+
sourceService: z.ZodOptional<z.ZodString>;
|
|
75
|
+
limit: z.ZodOptional<z.ZodNumber>;
|
|
76
|
+
}, z.core.$strip>;
|
|
77
|
+
export declare function auditQuery(ctx: ToolContext, input: z.infer<typeof auditQuerySchema>): Promise<ToolResult>;
|
|
78
|
+
export declare const searchQuerySchema: z.ZodObject<{
|
|
79
|
+
query: z.ZodString;
|
|
80
|
+
limit: z.ZodOptional<z.ZodNumber>;
|
|
81
|
+
}, z.core.$strip>;
|
|
82
|
+
export declare function searchQuery(ctx: ToolContext, input: z.infer<typeof searchQuerySchema>): Promise<ToolResult>;
|
|
83
|
+
export declare const tenantInfoSchema: z.ZodObject<{}, z.core.$strip>;
|
|
84
|
+
export declare function tenantInfo(ctx: ToolContext, _input: z.infer<typeof tenantInfoSchema>): Promise<ToolResult>;
|
|
85
|
+
export declare const billingStatusSchema: z.ZodObject<{}, z.core.$strip>;
|
|
86
|
+
export declare function billingStatus(ctx: ToolContext, _input: z.infer<typeof billingStatusSchema>): Promise<ToolResult>;
|
|
87
|
+
export declare const platformHealthSchema: z.ZodObject<{}, z.core.$strip>;
|
|
88
|
+
export declare function platformHealth(ctx: ToolContext, _input: z.infer<typeof platformHealthSchema>): Promise<ToolResult>;
|
|
89
|
+
//# sourceMappingURL=tools.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAE7C,MAAM,WAAW,WAAW;IAC3B,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;CACxB;AAED,MAAM,WAAW,UAAU;IAC1B,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxD,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;IAC3B,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAChC;AA0BD,eAAO,MAAM,oBAAoB;;;;iBAQ/B,CAAC;AAEH,wBAAsB,cAAc,CACnC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,GACzC,OAAO,CAAC,UAAU,CAAC,CAQrB;AAED,eAAO,MAAM,iBAAiB;;iBAE5B,CAAC;AAEH,wBAAsB,WAAW,CAChC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,GACtC,OAAO,CAAC,UAAU,CAAC,CAMrB;AAED,eAAO,MAAM,eAAe;;iBAE1B,CAAC;AAEH,wBAAsB,SAAS,CAC9B,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,GACpC,OAAO,CAAC,UAAU,CAAC,CAKrB;AAED,eAAO,MAAM,kBAAkB;;iBAE7B,CAAC;AAEH,wBAAsB,YAAY,CACjC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,GACvC,OAAO,CAAC,UAAU,CAAC,CAMrB;AAID,eAAO,MAAM,uBAAuB;;;;iBAIlC,CAAC;AAEH,wBAAsB,iBAAiB,CACtC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,GAC5C,OAAO,CAAC,UAAU,CAAC,CAWrB;AAED,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AAEH,wBAAsB,cAAc,CACnC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,GACzC,OAAO,CAAC,UAAU,CAAC,CAMrB;AAED,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AAEH,wBAAsB,gBAAgB,CACrC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,GAC3C,OAAO,CAAC,UAAU,CAAC,CASrB;AAID,eAAO,MAAM,gBAAgB;;;;;;;iBAK3B,CAAC;AAEH,wBAAsB,UAAU,CAC/B,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,GACrC,OAAO,CAAC,UAAU,CAAC,CAMrB;AAED,eAAO,MAAM,qBAAqB;;iBAEhC,CAAC;AAEH,wBAAsB,eAAe,CACpC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,GAC1C,OAAO,CAAC,UAAU,CAAC,CAMrB;AAED,eAAO,MAAM,qBAAqB,gCAAe,CAAC;AAElD,wBAAsB,eAAe,CACpC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,GAC3C,OAAO,CAAC,UAAU,CAAC,CAGrB;AAID,eAAO,MAAM,gBAAgB;;;;iBAI3B,CAAC;AAEH,wBAAsB,UAAU,CAC/B,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,GACrC,OAAO,CAAC,UAAU,CAAC,CAQrB;AAID,eAAO,MAAM,iBAAiB;;;iBAG5B,CAAC;AAEH,wBAAsB,WAAW,CAChC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,GACtC,OAAO,CAAC,UAAU,CAAC,CAUrB;AAID,eAAO,MAAM,gBAAgB,gCAAe,CAAC;AAE7C,wBAAsB,UAAU,CAC/B,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,GACtC,OAAO,CAAC,UAAU,CAAC,CAGrB;AAED,eAAO,MAAM,mBAAmB,gCAAe,CAAC;AAEhD,wBAAsB,aAAa,CAClC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,GACzC,OAAO,CAAC,UAAU,CAAC,CAOrB;AAID,eAAO,MAAM,oBAAoB,gCAAe,CAAC;AAEjD,wBAAsB,cAAc,CACnC,GAAG,EAAE,WAAW,EAChB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,GAC1C,OAAO,CAAC,UAAU,CAAC,CAGrB"}
|
package/dist/tools.js
ADDED
|
@@ -0,0 +1,189 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* QNSP MCP Tool Definitions
|
|
3
|
+
*
|
|
4
|
+
* Each tool maps to a QNSP platform API endpoint via the edge gateway.
|
|
5
|
+
* Tools are tier-gated: the session's TierGate checks feature availability
|
|
6
|
+
* before execution. The edge gateway enforces entitlements server-side as well,
|
|
7
|
+
* so client-side checks are a UX optimization (fail fast with a clear message
|
|
8
|
+
* instead of a raw 402/403).
|
|
9
|
+
*/
|
|
10
|
+
import { z } from "zod";
|
|
11
|
+
function text(value) {
|
|
12
|
+
return { content: [{ type: "text", text: value }] };
|
|
13
|
+
}
|
|
14
|
+
function json(value) {
|
|
15
|
+
return text(JSON.stringify(value, null, 2));
|
|
16
|
+
}
|
|
17
|
+
function gateError(feature, tier) {
|
|
18
|
+
return {
|
|
19
|
+
content: [
|
|
20
|
+
{
|
|
21
|
+
type: "text",
|
|
22
|
+
text: `This feature requires a higher tier. Current tier: ${tier}. ` +
|
|
23
|
+
`Upgrade at https://cloud.qnsp.cuilabs.io/billing to access ${feature}.`,
|
|
24
|
+
},
|
|
25
|
+
],
|
|
26
|
+
isError: true,
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
// ── KMS Tools ───────────────────────────────────────────────────────────────
|
|
30
|
+
export const kmsGenerateKeySchema = z.object({
|
|
31
|
+
algorithm: z
|
|
32
|
+
.string()
|
|
33
|
+
.describe("PQC algorithm (e.g. kyber-768, dilithium-2, falcon-512). See NIST FIPS 203/204/205."),
|
|
34
|
+
label: z.string().optional().describe("Human-readable key label"),
|
|
35
|
+
metadata: z.record(z.string(), z.string()).optional().describe("Key metadata tags"),
|
|
36
|
+
});
|
|
37
|
+
export async function kmsGenerateKey(ctx, input) {
|
|
38
|
+
const { data } = await ctx.api.post("/proxy/kms/v1/keys", {
|
|
39
|
+
tenantId: ctx.gate.tenantId,
|
|
40
|
+
algorithm: input.algorithm,
|
|
41
|
+
label: input.label ?? `mcp-${Date.now()}`,
|
|
42
|
+
metadata: input.metadata ?? {},
|
|
43
|
+
});
|
|
44
|
+
return json(data);
|
|
45
|
+
}
|
|
46
|
+
export const kmsListKeysSchema = z.object({
|
|
47
|
+
limit: z.number().int().min(1).max(100).optional().describe("Max keys to return (default 20)"),
|
|
48
|
+
});
|
|
49
|
+
export async function kmsListKeys(ctx, input) {
|
|
50
|
+
const limit = input.limit ?? 20;
|
|
51
|
+
const { data } = await ctx.api.get(`/proxy/kms/v1/keys?tenantId=${ctx.gate.tenantId}&limit=${limit}`);
|
|
52
|
+
return json(data);
|
|
53
|
+
}
|
|
54
|
+
export const kmsGetKeySchema = z.object({
|
|
55
|
+
keyId: z.string().describe("Key ID (UUID)"),
|
|
56
|
+
});
|
|
57
|
+
export async function kmsGetKey(ctx, input) {
|
|
58
|
+
const { data } = await ctx.api.get(`/proxy/kms/v1/keys/${input.keyId}?tenantId=${ctx.gate.tenantId}`);
|
|
59
|
+
return json(data);
|
|
60
|
+
}
|
|
61
|
+
export const kmsRotateKeySchema = z.object({
|
|
62
|
+
keyId: z.string().describe("Key ID to rotate"),
|
|
63
|
+
});
|
|
64
|
+
export async function kmsRotateKey(ctx, input) {
|
|
65
|
+
const { data } = await ctx.api.post(`/proxy/kms/v1/keys/${input.keyId}/rotate`, {
|
|
66
|
+
tenantId: ctx.gate.tenantId,
|
|
67
|
+
reason: "MCP rotation",
|
|
68
|
+
});
|
|
69
|
+
return json(data);
|
|
70
|
+
}
|
|
71
|
+
// ── Vault Tools ─────────────────────────────────────────────────────────────
|
|
72
|
+
export const vaultCreateSecretSchema = z.object({
|
|
73
|
+
name: z.string().describe("Secret name (unique within tenant)"),
|
|
74
|
+
value: z.string().describe("Secret value to encrypt and store"),
|
|
75
|
+
metadata: z.record(z.string(), z.string()).optional().describe("Secret metadata"),
|
|
76
|
+
});
|
|
77
|
+
export async function vaultCreateSecret(ctx, input) {
|
|
78
|
+
if (!ctx.gate.hasFeature("vaultEnabled")) {
|
|
79
|
+
return gateError("Quantum-Safe Vault", ctx.gate.tier);
|
|
80
|
+
}
|
|
81
|
+
const { data } = await ctx.api.post("/proxy/vault/v1/secrets", {
|
|
82
|
+
tenantId: ctx.gate.tenantId,
|
|
83
|
+
name: input.name,
|
|
84
|
+
payload: Buffer.from(input.value).toString("base64"),
|
|
85
|
+
metadata: input.metadata ?? {},
|
|
86
|
+
});
|
|
87
|
+
return json(data);
|
|
88
|
+
}
|
|
89
|
+
export const vaultGetSecretSchema = z.object({
|
|
90
|
+
secretId: z.string().describe("Secret ID (UUID)"),
|
|
91
|
+
});
|
|
92
|
+
export async function vaultGetSecret(ctx, input) {
|
|
93
|
+
if (!ctx.gate.hasFeature("vaultEnabled")) {
|
|
94
|
+
return gateError("Quantum-Safe Vault", ctx.gate.tier);
|
|
95
|
+
}
|
|
96
|
+
const { data } = await ctx.api.get(`/proxy/vault/v1/secrets/${input.secretId}`);
|
|
97
|
+
return json(data);
|
|
98
|
+
}
|
|
99
|
+
export const vaultListSecretsSchema = z.object({
|
|
100
|
+
limit: z.number().int().min(1).max(100).optional().describe("Max secrets to return"),
|
|
101
|
+
});
|
|
102
|
+
export async function vaultListSecrets(ctx, input) {
|
|
103
|
+
if (!ctx.gate.hasFeature("vaultEnabled")) {
|
|
104
|
+
return gateError("Quantum-Safe Vault", ctx.gate.tier);
|
|
105
|
+
}
|
|
106
|
+
const limit = input.limit ?? 20;
|
|
107
|
+
const { data } = await ctx.api.get(`/proxy/vault/v1/secrets?tenantId=${ctx.gate.tenantId}&limit=${limit}`);
|
|
108
|
+
return json(data);
|
|
109
|
+
}
|
|
110
|
+
// ── Crypto Inventory (CBOM) Tools ───────────────────────────────────────────
|
|
111
|
+
export const cryptoScanSchema = z.object({
|
|
112
|
+
scope: z
|
|
113
|
+
.enum(["full", "keys", "certificates", "algorithms"])
|
|
114
|
+
.optional()
|
|
115
|
+
.describe("Scan scope (default: full)"),
|
|
116
|
+
});
|
|
117
|
+
export async function cryptoScan(ctx, input) {
|
|
118
|
+
const scope = input.scope ?? "full";
|
|
119
|
+
const { data } = await ctx.api.get(`/proxy/crypto/v1/discovery/jobs?tenantId=${ctx.gate.tenantId}&limit=10&scope=${encodeURIComponent(scope)}`);
|
|
120
|
+
return json(data);
|
|
121
|
+
}
|
|
122
|
+
export const cryptoInventorySchema = z.object({
|
|
123
|
+
limit: z.number().int().min(1).max(100).optional().describe("Max items to return"),
|
|
124
|
+
});
|
|
125
|
+
export async function cryptoInventory(ctx, input) {
|
|
126
|
+
const limit = input.limit ?? 50;
|
|
127
|
+
const { data } = await ctx.api.get(`/proxy/crypto/v1/discovery/jobs?tenantId=${ctx.gate.tenantId}&limit=${limit}`);
|
|
128
|
+
return json(data);
|
|
129
|
+
}
|
|
130
|
+
export const cryptoReadinessSchema = z.object({});
|
|
131
|
+
export async function cryptoReadiness(ctx, _input) {
|
|
132
|
+
const { data } = await ctx.api.get(`/proxy/crypto/v1/readiness?tenantId=${ctx.gate.tenantId}`);
|
|
133
|
+
return json(data);
|
|
134
|
+
}
|
|
135
|
+
// ── Audit Tools ─────────────────────────────────────────────────────────────
|
|
136
|
+
export const auditQuerySchema = z.object({
|
|
137
|
+
topic: z.string().optional().describe("Filter by event topic"),
|
|
138
|
+
sourceService: z.string().optional().describe("Filter by source service"),
|
|
139
|
+
limit: z.number().int().min(1).max(100).optional().describe("Max events to return"),
|
|
140
|
+
});
|
|
141
|
+
export async function auditQuery(ctx, input) {
|
|
142
|
+
const params = new URLSearchParams();
|
|
143
|
+
if (input.topic)
|
|
144
|
+
params.set("topic", input.topic);
|
|
145
|
+
if (input.sourceService)
|
|
146
|
+
params.set("sourceService", input.sourceService);
|
|
147
|
+
params.set("tenantId", ctx.gate.tenantId);
|
|
148
|
+
params.set("limit", String(input.limit ?? 20));
|
|
149
|
+
const { data } = await ctx.api.get(`/proxy/audit/v1/events?${params.toString()}`);
|
|
150
|
+
return json(data);
|
|
151
|
+
}
|
|
152
|
+
// ── Search Tools (SSE-X) ────────────────────────────────────────────────────
|
|
153
|
+
export const searchQuerySchema = z.object({
|
|
154
|
+
query: z.string().describe("Search query text"),
|
|
155
|
+
limit: z.number().int().min(1).max(50).optional().describe("Max results (default 10)"),
|
|
156
|
+
});
|
|
157
|
+
export async function searchQuery(ctx, input) {
|
|
158
|
+
if (!ctx.gate.hasFeature("sseEnabled")) {
|
|
159
|
+
return gateError("Encrypted Search (SSE-X)", ctx.gate.tier);
|
|
160
|
+
}
|
|
161
|
+
const params = new URLSearchParams();
|
|
162
|
+
params.set("tenantId", ctx.gate.tenantId);
|
|
163
|
+
params.set("q", input.query);
|
|
164
|
+
params.set("limit", String(input.limit ?? 10));
|
|
165
|
+
const { data } = await ctx.api.get(`/proxy/search/v1/documents?${params.toString()}`);
|
|
166
|
+
return json(data);
|
|
167
|
+
}
|
|
168
|
+
// ── Tenant & Billing Info Tools ─────────────────────────────────────────────
|
|
169
|
+
export const tenantInfoSchema = z.object({});
|
|
170
|
+
export async function tenantInfo(ctx, _input) {
|
|
171
|
+
const { data } = await ctx.api.get(`/proxy/tenant/v1/tenants/${ctx.gate.tenantId}`);
|
|
172
|
+
return json(data);
|
|
173
|
+
}
|
|
174
|
+
export const billingStatusSchema = z.object({});
|
|
175
|
+
export async function billingStatus(ctx, _input) {
|
|
176
|
+
return json({
|
|
177
|
+
tenantId: ctx.gate.tenantId,
|
|
178
|
+
tier: ctx.gate.tier,
|
|
179
|
+
limits: ctx.gate.limits,
|
|
180
|
+
upgradeUrl: "https://cloud.qnsp.cuilabs.io/billing",
|
|
181
|
+
});
|
|
182
|
+
}
|
|
183
|
+
// ── Health Tools ────────────────────────────────────────────────────────────
|
|
184
|
+
export const platformHealthSchema = z.object({});
|
|
185
|
+
export async function platformHealth(ctx, _input) {
|
|
186
|
+
const { data } = await ctx.api.get("/proxy/health");
|
|
187
|
+
return json(data);
|
|
188
|
+
}
|
|
189
|
+
//# sourceMappingURL=tools.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAexB,SAAS,IAAI,CAAC,KAAa;IAC1B,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,IAAI,CAAC,KAAc;IAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,SAAS,CAAC,OAAe,EAAE,IAAY;IAC/C,OAAO;QACN,OAAO,EAAE;YACR;gBACC,IAAI,EAAE,MAAM;gBACZ,IAAI,EACH,sDAAsD,IAAI,IAAI;oBAC9D,8DAA8D,OAAO,GAAG;aACzE;SACD;QACD,OAAO,EAAE,IAAI;KACb,CAAC;AACH,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,SAAS,EAAE,CAAC;SACV,MAAM,EAAE;SACR,QAAQ,CACR,qFAAqF,CACrF;IACF,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACjE,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;CACnF,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,cAAc,CACnC,GAAgB,EAChB,KAA2C;IAE3C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE;QACzD,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,OAAO,IAAI,CAAC,GAAG,EAAE,EAAE;QACzC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,EAAE;KAC9B,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;CAC9F,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,WAAW,CAChC,GAAgB,EAChB,KAAwC;IAExC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;IAChC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CACjC,+BAA+B,GAAG,CAAC,IAAI,CAAC,QAAQ,UAAU,KAAK,EAAE,CACjE,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC9B,GAAgB,EAChB,KAAsC;IAEtC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CACjC,sBAAsB,KAAK,CAAC,KAAK,aAAa,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,CACjE,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;CAC9C,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,YAAY,CACjC,GAAgB,EAChB,KAAyC;IAEzC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,sBAAsB,KAAK,CAAC,KAAK,SAAS,EAAE;QAC/E,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC3B,MAAM,EAAE,cAAc;KACtB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;IAC/D,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;IAC/D,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;CACjF,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACtC,GAAgB,EAChB,KAA8C;IAE9C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,yBAAyB,EAAE;QAC9D,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC3B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACpD,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,EAAE;KAC9B,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC;CACjD,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,cAAc,CACnC,GAAgB,EAChB,KAA2C;IAE3C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,2BAA2B,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IAChF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;CACpF,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACrC,GAAgB,EAChB,KAA6C;IAE7C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC,oBAAoB,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;IAChC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CACjC,oCAAoC,GAAG,CAAC,IAAI,CAAC,QAAQ,UAAU,KAAK,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,KAAK,EAAE,CAAC;SACN,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;SACpD,QAAQ,EAAE;SACV,QAAQ,CAAC,4BAA4B,CAAC;CACxC,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC/B,GAAgB,EAChB,KAAuC;IAEvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,MAAM,CAAC;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CACjC,4CAA4C,GAAG,CAAC,IAAI,CAAC,QAAQ,mBAAmB,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAC3G,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;CAClF,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,eAAe,CACpC,GAAgB,EAChB,KAA4C;IAE5C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;IAChC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CACjC,4CAA4C,GAAG,CAAC,IAAI,CAAC,QAAQ,UAAU,KAAK,EAAE,CAC9E,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAElD,MAAM,CAAC,KAAK,UAAU,eAAe,CACpC,GAAgB,EAChB,MAA6C;IAE7C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,uCAAuC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC/F,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC9D,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IACzE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,sBAAsB,CAAC;CACnF,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC/B,GAAgB,EAChB,KAAuC;IAEvC,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAClD,IAAI,KAAK,CAAC,aAAa;QAAE,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;IAC1E,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAClF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IAC/C,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;CACtF,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,WAAW,CAChC,GAAgB,EAChB,KAAwC;IAExC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC,0BAA0B,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;IACrC,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,8BAA8B,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACtF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE7C,MAAM,CAAC,KAAK,UAAU,UAAU,CAC/B,GAAgB,EAChB,MAAwC;IAExC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,4BAA4B,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC;AAED,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAEhD,MAAM,CAAC,KAAK,UAAU,aAAa,CAClC,GAAgB,EAChB,MAA2C;IAE3C,OAAO,IAAI,CAAC;QACX,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ;QAC3B,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI;QACnB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM;QACvB,UAAU,EAAE,uCAAuC;KACnD,CAAC,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAEjD,MAAM,CAAC,KAAK,UAAU,cAAc,CACnC,GAAgB,EAChB,MAA4C;IAE5C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACnB,CAAC"}
|
package/package.json
ADDED
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@heossi/qnsi-mcp",
|
|
3
|
+
"version": "0.1.4",
|
|
4
|
+
"description": "QNSP MCP Server: post-quantum cryptography tools for AI assistants. Manage PQC keys, encrypted vault, crypto inventory, and compliance — all tier-gated via QNSP billing.",
|
|
5
|
+
"publishConfig": {
|
|
6
|
+
"access": "public"
|
|
7
|
+
},
|
|
8
|
+
"type": "module",
|
|
9
|
+
"license": "Apache-2.0",
|
|
10
|
+
"engines": {
|
|
11
|
+
"node": ">=22.0.0"
|
|
12
|
+
},
|
|
13
|
+
"files": [
|
|
14
|
+
"dist",
|
|
15
|
+
"README.md",
|
|
16
|
+
"LICENSE"
|
|
17
|
+
],
|
|
18
|
+
"bin": {
|
|
19
|
+
"qnsi-mcp": "./dist/index.js"
|
|
20
|
+
},
|
|
21
|
+
"exports": {
|
|
22
|
+
".": {
|
|
23
|
+
"import": "./dist/index.js",
|
|
24
|
+
"types": "./dist/index.d.ts"
|
|
25
|
+
},
|
|
26
|
+
"./tools": {
|
|
27
|
+
"import": "./dist/tools.js",
|
|
28
|
+
"types": "./dist/tools.d.ts"
|
|
29
|
+
},
|
|
30
|
+
"./session": {
|
|
31
|
+
"import": "./dist/session.js",
|
|
32
|
+
"types": "./dist/session.d.ts"
|
|
33
|
+
},
|
|
34
|
+
"./api-client": {
|
|
35
|
+
"import": "./dist/api-client.js",
|
|
36
|
+
"types": "./dist/api-client.d.ts"
|
|
37
|
+
},
|
|
38
|
+
"./package.json": "./package.json"
|
|
39
|
+
},
|
|
40
|
+
"dependencies": {
|
|
41
|
+
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
42
|
+
"zod": "^4.3.6",
|
|
43
|
+
"@heossi/qnsi": "0.3.2"
|
|
44
|
+
},
|
|
45
|
+
"devDependencies": {
|
|
46
|
+
"@types/node": "^25.5.2",
|
|
47
|
+
"typescript": "^6.0.2",
|
|
48
|
+
"vitest": "4.1.2"
|
|
49
|
+
},
|
|
50
|
+
"keywords": [
|
|
51
|
+
"qnsp",
|
|
52
|
+
"mcp",
|
|
53
|
+
"model-context-protocol",
|
|
54
|
+
"pqc",
|
|
55
|
+
"post-quantum",
|
|
56
|
+
"post-quantum-cryptography",
|
|
57
|
+
"ml-kem",
|
|
58
|
+
"ml-dsa",
|
|
59
|
+
"kyber",
|
|
60
|
+
"dilithium",
|
|
61
|
+
"sphincs",
|
|
62
|
+
"falcon",
|
|
63
|
+
"cryptography",
|
|
64
|
+
"kms",
|
|
65
|
+
"key-management",
|
|
66
|
+
"vault",
|
|
67
|
+
"secrets",
|
|
68
|
+
"audit",
|
|
69
|
+
"quantum-safe",
|
|
70
|
+
"zero-trust",
|
|
71
|
+
"fips-203",
|
|
72
|
+
"fips-204",
|
|
73
|
+
"fips-205",
|
|
74
|
+
"nist",
|
|
75
|
+
"compliance",
|
|
76
|
+
"ai-tools",
|
|
77
|
+
"smithery"
|
|
78
|
+
],
|
|
79
|
+
"repository": {
|
|
80
|
+
"type": "git",
|
|
81
|
+
"url": "https://github.com/heossi-hq/qnsp-public",
|
|
82
|
+
"directory": "packages/mcp-server"
|
|
83
|
+
},
|
|
84
|
+
"homepage": "https://cloud.qnsp.cuilabs.io",
|
|
85
|
+
"bugs": {
|
|
86
|
+
"url": "https://github.com/heossi-hq/qnsp-public/issues"
|
|
87
|
+
},
|
|
88
|
+
"scripts": {
|
|
89
|
+
"build": "tsc --project tsconfig.build.json",
|
|
90
|
+
"lint": "biome check .",
|
|
91
|
+
"test": "vitest run"
|
|
92
|
+
}
|
|
93
|
+
}
|