@icoretech/warden-mcp 0.1.0

package/dist/sdk/patch.js

@@ -0,0 +1,34 @@
+// src/sdk/patch.ts
+export function applyItemPatch(item, patch) {
+    const out = JSON.parse(JSON.stringify(item));
+    if (patch.name !== undefined)
+        out.name = patch.name;
+    if (patch.notes !== undefined)
+        out.notes = patch.notes;
+    if (patch.favorite !== undefined)
+        out.favorite = patch.favorite;
+    if (patch.folderId !== undefined)
+        out.folderId = patch.folderId;
+    if (patch.collectionIds !== undefined)
+        out.collectionIds = patch.collectionIds;
+    if (patch.login) {
+        const login = (out.login && typeof out.login === 'object' ? out.login : {});
+        if (patch.login.username !== undefined)
+            login.username = patch.login.username;
+        if (patch.login.password !== undefined)
+            login.password = patch.login.password;
+        if (patch.login.totp !== undefined)
+            login.totp = patch.login.totp;
+        if (patch.login.uris !== undefined)
+            login.uris = patch.login.uris;
+        out.login = login;
+    }
+    if (patch.fields !== undefined) {
+        out.fields = patch.fields.map((f) => ({
+            name: f.name,
+            value: f.value,
+            type: f.hidden ? 1 : 0,
+        }));
+    }
+    return out;
+}

package/dist/sdk/redact.js

@@ -0,0 +1,76 @@
+// src/sdk/redact.ts
+export const REDACTED = '[REDACTED]';
+function deepClone(obj) {
+    return JSON.parse(JSON.stringify(obj));
+}
+function redactFields(fields) {
+    return fields.map((f) => {
+        if (!f || typeof f !== 'object')
+            return f;
+        const rec = { ...f };
+        const name = typeof rec.name === 'string' ? rec.name : '';
+        const hidden = rec.hidden === true || rec.type === 1;
+        // Always redact the SSH private key field, even if hidden is false.
+        const force = name === 'private_key';
+        if ((hidden || force) && typeof rec.value === 'string') {
+            rec.value = REDACTED;
+        }
+        return rec;
+    });
+}
+export function redactItem(item) {
+    if (!item || typeof item !== 'object')
+        return item;
+    const clone = deepClone(item);
+    // login.password / login.totp
+    if (clone.login && typeof clone.login === 'object') {
+        const login = clone.login;
+        if (typeof login.password === 'string')
+            login.password = REDACTED;
+        if (typeof login.totp === 'string')
+            login.totp = REDACTED;
+    }
+    // passwordHistory[].password
+    if (Array.isArray(clone.passwordHistory)) {
+        clone.passwordHistory = clone.passwordHistory.map((h) => {
+            if (!h || typeof h !== 'object')
+                return h;
+            const rec = { ...h };
+            if (typeof rec.password === 'string')
+                rec.password = REDACTED;
+            return rec;
+        });
+    }
+    // card.number / card.code
+    if (clone.card && typeof clone.card === 'object') {
+        const card = clone.card;
+        if (typeof card.number === 'string')
+            card.number = REDACTED;
+        if (typeof card.code === 'string')
+            card.code = REDACTED;
+    }
+    // identity fields that are typically sensitive
+    if (clone.identity && typeof clone.identity === 'object') {
+        const identity = clone.identity;
+        for (const k of ['ssn', 'passportNumber', 'licenseNumber']) {
+            if (typeof identity[k] === 'string')
+                identity[k] = REDACTED;
+        }
+    }
+    // top-level fields
+    if (Array.isArray(clone.fields)) {
+        clone.fields = redactFields(clone.fields);
+    }
+    // attachments often include a signed download URL token; redact it by default.
+    if (Array.isArray(clone.attachments)) {
+        clone.attachments = clone.attachments.map((a) => {
+            if (!a || typeof a !== 'object')
+                return a;
+            const rec = { ...a };
+            if (typeof rec.url === 'string')
+                rec.url = REDACTED;
+            return rec;
+        });
+    }
+    return clone;
+}

package/dist/sdk/types.js

@@ -0,0 +1,2 @@
+// src/sdk/types.ts
+export {};

package/dist/sdk/usernameGenerator.js

@@ -0,0 +1,142 @@
+import { randomInt } from 'node:crypto';
+const DEFAULT_DEPS = {
+    randInt: (max) => randomInt(max),
+};
+const ONSETS = [
+    'b',
+    'c',
+    'd',
+    'f',
+    'g',
+    'h',
+    'j',
+    'k',
+    'l',
+    'm',
+    'n',
+    'p',
+    'r',
+    's',
+    't',
+    'v',
+    'w',
+    'z',
+    'br',
+    'cr',
+    'dr',
+    'fr',
+    'gr',
+    'pr',
+    'tr',
+    'ch',
+    'sh',
+    'st',
+    'sl',
+    'pl',
+];
+const VOWELS = [
+    'a',
+    'e',
+    'i',
+    'o',
+    'u',
+    'ae',
+    'ai',
+    'ea',
+    'ee',
+    'ie',
+    'oa',
+    'oo',
+    'ou',
+];
+const CODAS = [
+    '',
+    'n',
+    'r',
+    's',
+    't',
+    'l',
+    'm',
+    'nd',
+    'st',
+    'rt',
+    'ng',
+];
+function titleCase(s) {
+    if (!s)
+        return s;
+    const first = s.charAt(0);
+    return first.toUpperCase() + s.slice(1);
+}
+function randomWord(opts, deps) {
+    // "Word-like" usernames without pulling a large word list dependency.
+    // Produces a pronounceable-ish token such as "cravon" or "Plenast7".
+    for (let i = 0; i < 12; i++) {
+        const syllables = 2 + deps.randInt(2); // 2-3
+        let s = '';
+        for (let j = 0; j < syllables; j++) {
+            s += ONSETS[deps.randInt(ONSETS.length)] ?? 'k';
+            s += VOWELS[deps.randInt(VOWELS.length)] ?? 'a';
+            const coda = CODAS[deps.randInt(CODAS.length)] ?? '';
+            // Avoid overly long tokens by preferring empty coda on earlier syllables.
+            s += j === syllables - 1 ? coda : coda.length > 1 ? '' : coda;
+        }
+        if (s.length < 4 || s.length > 18)
+            continue;
+        if (opts.capitalize)
+            s = titleCase(s);
+        if (opts.includeNumber)
+            s += String(deps.randInt(10));
+        return s;
+    }
+    // Fallback: still deterministic with deps.randInt in tests.
+    const fallback = `user${deps.randInt(1_000_000)}`;
+    return opts.capitalize ? titleCase(fallback) : fallback;
+}
+function parseEmail(email) {
+    const trimmed = email.trim();
+    const at = trimmed.indexOf('@');
+    if (at <= 0 || at === trimmed.length - 1) {
+        throw new Error('Invalid email address');
+    }
+    const local = trimmed.slice(0, at);
+    const domain = trimmed.slice(at + 1);
+    return { local, domain };
+}
+function normalizeDomain(domain) {
+    const d = domain.trim().replace(/^@+/, '');
+    if (!d || d.includes(' ') || d.includes('/')) {
+        throw new Error('Invalid domain');
+    }
+    return d;
+}
+export function generateUsername(input = {}, deps) {
+    const d = { ...DEFAULT_DEPS, ...deps };
+    const type = input.type ?? 'random_word';
+    if (type === 'forwarded_email_alias') {
+        // Bitwarden UI can generate email aliases via provider integrations (e.g.
+        // SimpleLogin/AnonAddy/etc). The `bw` CLI doesn't expose this today.
+        throw new Error('forwarded_email_alias is not supported');
+    }
+    const word = randomWord({ capitalize: input.capitalize, includeNumber: input.includeNumber }, d);
+    if (type === 'random_word')
+        return word;
+    if (type === 'plus_addressed_email') {
+        if (!input.email) {
+            throw new Error('email is required for plus_addressed_email');
+        }
+        const { local, domain } = parseEmail(input.email);
+        const baseLocal = local.split('+')[0] ?? local;
+        return `${baseLocal}+${word}@${domain}`;
+    }
+    if (type === 'catch_all_email') {
+        if (!input.domain) {
+            throw new Error('domain is required for catch_all_email');
+        }
+        const domain = normalizeDomain(input.domain);
+        return `${word}@${domain}`;
+    }
+    // Exhaustive check.
+    const _never = type;
+    return _never;
+}

package/dist/server.js

@@ -0,0 +1,22 @@
+// src/server.ts
+import { parseArgs } from 'node:util';
+import { createKeychainApp } from './app.js';
+import { runStdioTransport } from './transports/stdio.js';
+const { values } = parseArgs({
+    options: {
+        stdio: { type: 'boolean', default: false },
+        http: { type: 'boolean', default: false },
+    },
+    strict: false,
+});
+const useStdio = values.stdio === true || process.env.WARDEN_MCP_STDIO === 'true';
+if (useStdio) {
+    await runStdioTransport();
+}
+else {
+    const PORT = Number.parseInt(process.env.PORT ?? '3005', 10);
+    const app = createKeychainApp();
+    app.listen(PORT, () => {
+        console.log(`[warden-mcp] listening on http://localhost:${PORT}/sse`);
+    });
+}