@jacobmolz/mcpguard 0.1.0

package/dist/cli.js

@@ -0,0 +1,3771 @@
+#!/usr/bin/env node
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/constants.ts
+import { homedir } from "os";
+import { join } from "path";
+var DEFAULT_HOME, DEFAULT_SOCKET_PATH, DEFAULT_PID_FILE, DEFAULT_DAEMON_KEY_PATH, DEFAULT_DB_PATH, DEFAULT_DASHBOARD_PORT, DAEMON_KEY_BYTES, AUTH_TIMEOUT, MAX_MESSAGE_SIZE, DEFAULT_EXTENDS_CACHE_DIR, EXTENDS_FETCH_TIMEOUT, CONFIG_RELOAD_DEBOUNCE, OAUTH_TOKEN_DIR, OAUTH_TOKEN_FILE_MODE, OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_TIMEOUT;
+var init_constants = __esm({
+  "src/constants.ts"() {
+    "use strict";
+    DEFAULT_HOME = join(homedir(), ".config", "mcp-guard");
+    DEFAULT_SOCKET_PATH = join(DEFAULT_HOME, "daemon.sock");
+    DEFAULT_PID_FILE = join(DEFAULT_HOME, "daemon.pid");
+    DEFAULT_DAEMON_KEY_PATH = join(DEFAULT_HOME, "daemon.key");
+    DEFAULT_DB_PATH = join(DEFAULT_HOME, "mcp-guard.db");
+    DEFAULT_DASHBOARD_PORT = 9777;
+    DAEMON_KEY_BYTES = 32;
+    AUTH_TIMEOUT = 5e3;
+    MAX_MESSAGE_SIZE = 4 * 1024 * 1024;
+    DEFAULT_EXTENDS_CACHE_DIR = "extends-cache";
+    EXTENDS_FETCH_TIMEOUT = 1e4;
+    CONFIG_RELOAD_DEBOUNCE = 250;
+    OAUTH_TOKEN_DIR = "oauth-tokens";
+    OAUTH_TOKEN_FILE_MODE = 384;
+    OAUTH_CALLBACK_PORT = 8399;
+    OAUTH_CALLBACK_TIMEOUT = 12e4;
+  }
+});
+
+// src/config/schema.ts
+import { z } from "zod";
+var permissionsSchema, rateLimitSchema, policySchema, serverSchema, daemonSchema, claimsToRolesSchema, oauthSchema, authSchema, interceptorConfigSchema, piiActionSchema, piiTypeActionsSchema, customPiiTypeSchema, piiSchema, auditSchema, extendsSchema, configSchema;
+var init_schema = __esm({
+  "src/config/schema.ts"() {
+    "use strict";
+    init_constants();
+    permissionsSchema = z.object({
+      allowed_tools: z.array(z.string()).optional(),
+      denied_tools: z.array(z.string()).default([]),
+      allowed_resources: z.array(z.string()).optional(),
+      denied_resources: z.array(z.string()).default([])
+    }).default({});
+    rateLimitSchema = z.object({
+      requests_per_minute: z.number().min(1).optional(),
+      requests_per_hour: z.number().min(1).optional(),
+      tool_limits: z.record(z.string(), z.object({
+        requests_per_minute: z.number().min(1).optional()
+      })).default({})
+    }).default({});
+    policySchema = z.object({
+      permissions: permissionsSchema,
+      rate_limit: rateLimitSchema,
+      sampling: z.object({
+        enabled: z.boolean().default(false),
+        max_tokens: z.number().min(1).optional(),
+        rate_limit: z.number().min(1).optional(),
+        audit: z.enum(["basic", "verbose"]).default("basic")
+      }).default({}),
+      locked: z.boolean().default(false)
+    }).default({});
+    serverSchema = z.object({
+      command: z.string().optional(),
+      args: z.array(z.string()).default([]),
+      env: z.record(z.string()).default({}),
+      url: z.string().url().optional(),
+      transport: z.enum(["stdio", "sse", "streamable-http"]).default("stdio"),
+      /** Bearer token for authenticating MCP-Guard to the upstream HTTP server.
+       *  Use env var interpolation for security: upstream_auth_token: "${MCP_AUTH_TOKEN}" */
+      upstream_auth_token: z.string().optional(),
+      policy: policySchema
+    });
+    daemonSchema = z.object({
+      socket_path: z.string().default(DEFAULT_SOCKET_PATH),
+      home: z.string().default(DEFAULT_HOME),
+      shutdown_timeout: z.number().min(1).default(30),
+      log_level: z.enum(["debug", "info", "warn", "error"]).default("info"),
+      dashboard_port: z.number().min(0).max(65535).default(DEFAULT_DASHBOARD_PORT),
+      encryption: z.object({
+        enabled: z.boolean().default(false)
+      }).default({})
+    });
+    claimsToRolesSchema = z.object({
+      claim_name: z.string().default("roles"),
+      mapping: z.record(z.string(), z.array(z.string())).default({})
+    }).default({});
+    oauthSchema = z.object({
+      issuer: z.string().url(),
+      jwks_uri: z.string().url().optional(),
+      audience: z.string().optional(),
+      client_id: z.string(),
+      client_secret: z.string().optional(),
+      scopes: z.array(z.string()).default(["openid", "profile"]),
+      claims_to_roles: claimsToRolesSchema,
+      clock_tolerance_seconds: z.number().min(0).max(300).default(30)
+    });
+    authSchema = z.object({
+      mode: z.enum(["os", "api_key", "oauth"]).default("os"),
+      api_keys: z.record(z.string(), z.object({
+        roles: z.array(z.string()).default(["default"])
+      })).default({}),
+      oauth: oauthSchema.optional(),
+      roles: z.record(z.string(), z.object({
+        permissions: permissionsSchema,
+        rate_limit: rateLimitSchema
+      })).default({})
+    }).default({}).refine((auth) => {
+      if (auth.mode === "oauth" && !auth.oauth) {
+        return false;
+      }
+      return true;
+    }, { message: 'auth.oauth config required when mode is "oauth"' });
+    interceptorConfigSchema = z.object({
+      timeout: z.number().min(1).default(10),
+      timeout_action: z.enum(["block"]).default("block")
+    }).default({});
+    piiActionSchema = z.enum(["block", "redact", "warn"]);
+    piiTypeActionsSchema = z.object({
+      request: piiActionSchema.default("redact"),
+      response: piiActionSchema.default("warn")
+    });
+    customPiiTypeSchema = z.object({
+      label: z.string(),
+      patterns: z.array(z.object({ regex: z.string() })).min(1),
+      actions: piiTypeActionsSchema
+    });
+    piiSchema = z.object({
+      enabled: z.boolean().default(true),
+      confidence_threshold: z.number().min(0).max(1).default(0.8),
+      actions: z.record(z.string(), piiTypeActionsSchema).default({
+        email: { request: "redact", response: "warn" },
+        phone: { request: "redact", response: "warn" },
+        ssn: { request: "block", response: "redact" },
+        credit_card: { request: "block", response: "redact" },
+        aws_key: { request: "redact", response: "redact" },
+        github_token: { request: "redact", response: "redact" }
+      }),
+      custom_types: z.record(z.string(), customPiiTypeSchema).default({})
+    }).default({});
+    auditSchema = z.object({
+      enabled: z.boolean().default(true),
+      stdout: z.boolean().default(true),
+      retention_days: z.number().min(1).default(90)
+    }).default({});
+    extendsSchema = z.object({
+      url: z.string().url().refine((url) => {
+        const parsed = new URL(url);
+        if (parsed.protocol === "https:") return true;
+        if (parsed.protocol === "http:") {
+          const host = parsed.hostname;
+          return host === "127.0.0.1" || host === "localhost" || host === "::1";
+        }
+        return false;
+      }, "extends URL must use HTTPS (HTTP allowed only for loopback addresses)"),
+      sha256: z.string().regex(/^[a-f0-9]{64}$/i, "SHA-256 hash must be 64 hex characters")
+    });
+    configSchema = z.object({
+      extends: extendsSchema.optional(),
+      servers: z.record(z.string(), serverSchema),
+      daemon: daemonSchema.default({}),
+      auth: authSchema,
+      interceptors: interceptorConfigSchema,
+      pii: piiSchema,
+      audit: auditSchema
+    });
+  }
+});
+
+// src/errors.ts
+var McpGuardError, ConfigError, AuthError, StorageError, BridgeError, DashboardError, OAuthError;
+var init_errors = __esm({
+  "src/errors.ts"() {
+    "use strict";
+    McpGuardError = class extends Error {
+      constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = this.constructor.name;
+      }
+      code;
+    };
+    ConfigError = class extends McpGuardError {
+      constructor(message) {
+        super(message, "CONFIG_ERROR");
+      }
+    };
+    AuthError = class extends McpGuardError {
+      constructor(message) {
+        super(message, "AUTH_ERROR");
+      }
+    };
+    StorageError = class extends McpGuardError {
+      constructor(message) {
+        super(message, "STORAGE_ERROR");
+      }
+    };
+    BridgeError = class extends McpGuardError {
+      constructor(message) {
+        super(message, "BRIDGE_ERROR");
+      }
+    };
+    DashboardError = class extends McpGuardError {
+      constructor(message) {
+        super(message, "DASHBOARD_ERROR");
+      }
+    };
+    OAuthError = class extends McpGuardError {
+      constructor(message) {
+        super(message, "OAUTH_ERROR");
+      }
+    };
+  }
+});
+
+// src/config/fetcher.ts
+import { readFile, writeFile, mkdir } from "fs/promises";
+import { join as join2 } from "path";
+import { createHash } from "crypto";
+function computeSha256(content) {
+  return createHash("sha256").update(content, "utf-8").digest("hex");
+}
+async function fetchBaseConfig(url, expectedSha256, cacheDir) {
+  const cacheFile = join2(cacheDir, `${expectedSha256}.yaml`);
+  let fetchError;
+  try {
+    const response = await fetch(url, {
+      signal: AbortSignal.timeout(EXTENDS_FETCH_TIMEOUT)
+    });
+    if (!response.ok) {
+      throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+    }
+    const yaml3 = await response.text();
+    const actualHash = computeSha256(yaml3);
+    if (actualHash.toLowerCase() !== expectedSha256.toLowerCase()) {
+      throw new ConfigError(
+        `Base config SHA-256 mismatch \u2014 expected ${expectedSha256}, got ${actualHash}. The remote config at ${url} may have been tampered with or updated without a hash change.`
+      );
+    }
+    await mkdir(cacheDir, { recursive: true, mode: 448 });
+    await writeFile(cacheFile, yaml3, { mode: 384 });
+    return { yaml: yaml3, fromCache: false };
+  } catch (err) {
+    if (err instanceof ConfigError) {
+      throw err;
+    }
+    fetchError = err;
+  }
+  let cachedYaml;
+  try {
+    cachedYaml = await readFile(cacheFile, "utf-8");
+  } catch {
+    throw new ConfigError(
+      `Failed to fetch base config from ${url} (${fetchError?.message}) and no cached copy exists. Cannot start without a verified base config.`
+    );
+  }
+  const cachedHash = computeSha256(cachedYaml);
+  if (cachedHash.toLowerCase() !== expectedSha256.toLowerCase()) {
+    throw new ConfigError(
+      `Cached base config has invalid SHA-256 \u2014 expected ${expectedSha256}, got ${cachedHash}. Cache may be corrupted.`
+    );
+  }
+  return { yaml: cachedYaml, fromCache: true };
+}
+var init_fetcher = __esm({
+  "src/config/fetcher.ts"() {
+    "use strict";
+    init_errors();
+    init_constants();
+  }
+});
+
+// src/config/merger.ts
+function mergeConfigs(base, personal) {
+  return {
+    // extends is consumed during loading — not carried forward
+    servers: mergeServers(base, personal),
+    // Base wins for daemon, auth — personal cannot change these
+    daemon: base.daemon,
+    auth: base.auth,
+    // Stricter interceptor timeout
+    interceptors: {
+      timeout: Math.min(base.interceptors.timeout, personal.interceptors.timeout),
+      timeout_action: base.interceptors.timeout_action
+    },
+    pii: mergePii(base.pii, personal.pii),
+    audit: base.audit
+  };
+}
+function mergeServers(base, personal) {
+  const merged = {};
+  for (const [name, baseServer] of Object.entries(base.servers)) {
+    const personalServer = personal.servers[name];
+    if (!personalServer) {
+      merged[name] = baseServer;
+      continue;
+    }
+    if (baseServer.policy.locked) {
+      merged[name] = baseServer;
+      continue;
+    }
+    merged[name] = {
+      // Server connection config from base (personal cannot change transport/command)
+      command: baseServer.command,
+      args: baseServer.args,
+      env: baseServer.env,
+      url: baseServer.url,
+      transport: baseServer.transport,
+      upstream_auth_token: baseServer.upstream_auth_token,
+      policy: mergePolicy(baseServer.policy, personalServer.policy)
+    };
+  }
+  for (const [name, personalServer] of Object.entries(personal.servers)) {
+    if (!(name in base.servers)) {
+      merged[name] = personalServer;
+    }
+  }
+  return merged;
+}
+function mergePolicy(base, personal) {
+  return {
+    permissions: {
+      // Intersection — only tools in BOTH lists survive
+      allowed_tools: intersectLists(
+        base.permissions.allowed_tools,
+        personal.permissions.allowed_tools
+      ),
+      // Union — all denials from both apply
+      denied_tools: unionLists(base.permissions.denied_tools, personal.permissions.denied_tools),
+      // Same for resources
+      allowed_resources: intersectLists(
+        base.permissions.allowed_resources,
+        personal.permissions.allowed_resources
+      ),
+      denied_resources: unionLists(base.permissions.denied_resources, personal.permissions.denied_resources)
+    },
+    rate_limit: {
+      // Stricter (lower) value wins
+      requests_per_minute: minOptional(
+        base.rate_limit.requests_per_minute,
+        personal.rate_limit.requests_per_minute
+      ),
+      requests_per_hour: minOptional(
+        base.rate_limit.requests_per_hour,
+        personal.rate_limit.requests_per_hour
+      ),
+      tool_limits: mergeToolLimits(base.rate_limit.tool_limits, personal.rate_limit.tool_limits)
+    },
+    sampling: {
+      // AND — both must enable for sampling to work
+      enabled: base.sampling.enabled && personal.sampling.enabled,
+      max_tokens: minOptional(base.sampling.max_tokens, personal.sampling.max_tokens),
+      rate_limit: minOptional(base.sampling.rate_limit, personal.sampling.rate_limit),
+      // Stricter audit level wins (verbose > basic)
+      audit: base.sampling.audit === "verbose" || personal.sampling.audit === "verbose" ? "verbose" : "basic"
+    },
+    locked: base.locked
+  };
+}
+function mergePii(base, personal) {
+  return {
+    // Base wins — personal cannot toggle PII scanning on or off
+    enabled: base.enabled,
+    // Lower threshold = more sensitive = stricter. Personal cannot raise it.
+    confidence_threshold: Math.min(base.confidence_threshold, personal.confidence_threshold),
+    // PII actions: personal can escalate (warn→block), cannot relax (block→warn)
+    actions: mergePiiActions(base.actions, personal.actions),
+    // Custom types: additive — personal can add, cannot remove base types
+    custom_types: mergePiiCustomTypes(base.custom_types, personal.custom_types)
+  };
+}
+function mergePiiActions(base, personal) {
+  const merged = { ...base };
+  for (const [type, personalAction] of Object.entries(personal)) {
+    const baseAction = base[type];
+    if (!baseAction) {
+      merged[type] = personalAction;
+      continue;
+    }
+    merged[type] = {
+      request: stricterAction(baseAction.request, personalAction.request),
+      response: stricterAction(baseAction.response, personalAction.response)
+    };
+  }
+  return merged;
+}
+function mergePiiCustomTypes(base, personal) {
+  const merged = { ...base };
+  for (const [name, personalType] of Object.entries(personal)) {
+    const baseType = base[name];
+    if (!baseType) {
+      merged[name] = personalType;
+      continue;
+    }
+    merged[name] = {
+      label: baseType.label,
+      // Union patterns: all base patterns preserved, personal can add more
+      patterns: [
+        ...baseType.patterns,
+        ...personalType.patterns.filter(
+          (pp) => !baseType.patterns.some((bp) => bp.regex === pp.regex)
+        )
+      ],
+      // Actions: take the stricter of base vs personal per direction
+      actions: {
+        request: stricterAction(baseType.actions.request, personalType.actions.request),
+        response: stricterAction(baseType.actions.response, personalType.actions.response)
+      }
+    };
+  }
+  return merged;
+}
+function stricterAction(base, personal) {
+  const baseSeverity = PII_ACTION_SEVERITY[base] ?? 0;
+  const personalSeverity = PII_ACTION_SEVERITY[personal] ?? 0;
+  return personalSeverity >= baseSeverity ? personal : base;
+}
+function intersectLists(base, personal) {
+  if (base === void 0) return personal;
+  if (personal === void 0) return base;
+  const baseSet = new Set(base);
+  return personal.filter((item) => baseSet.has(item));
+}
+function unionLists(base, personal) {
+  return [.../* @__PURE__ */ new Set([...base, ...personal])];
+}
+function minOptional(a, b) {
+  if (a === void 0) return b;
+  if (b === void 0) return a;
+  return Math.min(a, b);
+}
+function mergeToolLimits(base, personal) {
+  const merged = { ...base };
+  for (const [tool, personalLimit] of Object.entries(personal)) {
+    const baseLimit = base[tool];
+    if (!baseLimit) {
+      merged[tool] = personalLimit;
+      continue;
+    }
+    merged[tool] = {
+      requests_per_minute: minOptional(
+        baseLimit.requests_per_minute,
+        personalLimit.requests_per_minute
+      )
+    };
+  }
+  return merged;
+}
+var PII_ACTION_SEVERITY;
+var init_merger = __esm({
+  "src/config/merger.ts"() {
+    "use strict";
+    PII_ACTION_SEVERITY = {
+      warn: 0,
+      redact: 1,
+      block: 2
+    };
+  }
+});
+
+// src/config/loader.ts
+var loader_exports = {};
+__export(loader_exports, {
+  loadConfig: () => loadConfig,
+  reloadConfig: () => reloadConfig
+});
+import { readFile as readFile2 } from "fs/promises";
+import { join as join3 } from "path";
+import yaml from "js-yaml";
+function interpolateEnvVars(content) {
+  return content.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+    const value = process.env[varName];
+    if (value === void 0) {
+      throw new ConfigError(`Unresolved environment variable: \${${varName}}`);
+    }
+    return value;
+  });
+}
+function parseAndValidate(content, source) {
+  const interpolated = interpolateEnvVars(content);
+  const raw = yaml.load(interpolated);
+  const result = configSchema.safeParse(raw);
+  if (!result.success) {
+    const issues = result.error.issues.map((i) => `  ${i.path.join(".")}: ${i.message}`).join("\n");
+    throw new ConfigError(`Invalid config (${source}):
+${issues}`);
+  }
+  return result.data;
+}
+async function loadConfig(configPath) {
+  const path = configPath ?? process.env["MCP_GUARD_CONFIG"] ?? "mcp-guard.yaml";
+  let content;
+  try {
+    content = await readFile2(path, "utf-8");
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+      throw new ConfigError(`Config file not found: ${path}`);
+    }
+    throw new ConfigError(`Failed to read config file: ${path} \u2014 ${String(err)}`);
+  }
+  const personalConfig = parseAndValidate(content, path);
+  if (personalConfig.extends) {
+    const cacheDir = join3(personalConfig.daemon.home, DEFAULT_EXTENDS_CACHE_DIR);
+    const { yaml: baseYaml } = await fetchBaseConfig(
+      personalConfig.extends.url,
+      personalConfig.extends.sha256,
+      cacheDir
+    );
+    const baseConfig = parseAndValidate(baseYaml, personalConfig.extends.url);
+    const merged = mergeConfigs(baseConfig, personalConfig);
+    return Object.freeze(merged);
+  }
+  return Object.freeze(personalConfig);
+}
+async function reloadConfig(configPath) {
+  const path = configPath;
+  let content;
+  try {
+    content = await readFile2(path, "utf-8");
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+      throw new ConfigError(`Config file not found: ${path}`);
+    }
+    throw new ConfigError(`Failed to read config file: ${path} \u2014 ${String(err)}`);
+  }
+  const personalConfig = parseAndValidate(content, path);
+  if (personalConfig.extends) {
+    const sha256 = personalConfig.extends.sha256;
+    if (cachedBase && cachedBase.sha256 === sha256) {
+      const merged2 = mergeConfigs(cachedBase.config, personalConfig);
+      return Object.freeze(merged2);
+    }
+    const cacheDir = join3(personalConfig.daemon.home, DEFAULT_EXTENDS_CACHE_DIR);
+    const { yaml: baseYaml } = await fetchBaseConfig(
+      personalConfig.extends.url,
+      sha256,
+      cacheDir
+    );
+    const baseConfig = parseAndValidate(baseYaml, personalConfig.extends.url);
+    cachedBase = { sha256, config: baseConfig };
+    const merged = mergeConfigs(baseConfig, personalConfig);
+    return Object.freeze(merged);
+  }
+  cachedBase = void 0;
+  return Object.freeze(personalConfig);
+}
+var cachedBase;
+var init_loader = __esm({
+  "src/config/loader.ts"() {
+    "use strict";
+    init_schema();
+    init_errors();
+    init_fetcher();
+    init_merger();
+    init_constants();
+  }
+});
+
+// src/cli.ts
+init_loader();
+import { Command } from "commander";
+import { readFile as readFile6, unlink as unlink3 } from "fs/promises";
+import { join as join10 } from "path";
+
+// src/daemon/index.ts
+import { mkdir as mkdir3, writeFile as writeFile4 } from "fs/promises";
+import { join as join6 } from "path";
+
+// src/identity/daemon-key.ts
+init_errors();
+init_constants();
+import { randomBytes, timingSafeEqual } from "crypto";
+import { readFile as readFile3, writeFile as writeFile2, mkdir as mkdir2, stat, chmod } from "fs/promises";
+import { dirname } from "path";
+async function ensureDaemonKey(keyPath) {
+  const path = keyPath ?? DEFAULT_DAEMON_KEY_PATH;
+  try {
+    const stats = await stat(path);
+    const mode = stats.mode & 511;
+    if (mode !== 384) {
+      throw new AuthError(
+        `Daemon key has insecure permissions: ${mode.toString(8)} (expected 600): ${path}`
+      );
+    }
+    return await readFile3(path);
+  } catch (err) {
+    if (err instanceof AuthError) throw err;
+    const errCode = err.code;
+    if (errCode !== "ENOENT") {
+      throw new AuthError(`Failed to read daemon key: ${err}`);
+    }
+  }
+  const dir = dirname(path);
+  await mkdir2(dir, { recursive: true, mode: 448 });
+  const key = randomBytes(DAEMON_KEY_BYTES);
+  await writeFile2(path, key, { mode: 384 });
+  return key;
+}
+async function readDaemonKey(keyPath) {
+  const path = keyPath ?? DEFAULT_DAEMON_KEY_PATH;
+  try {
+    const stats = await stat(path);
+    const mode = stats.mode & 511;
+    if (mode !== 384) {
+      throw new AuthError(
+        `Daemon key has insecure permissions: ${mode.toString(8)} (expected 600): ${path}`
+      );
+    }
+    return await readFile3(path);
+  } catch (err) {
+    if (err instanceof AuthError) throw err;
+    throw new AuthError(`Daemon key not found: ${path}`);
+  }
+}
+function verifyDaemonKey(presented, expected) {
+  if (presented.length !== expected.length) {
+    return false;
+  }
+  return timingSafeEqual(presented, expected);
+}
+
+// src/storage/sqlite.ts
+init_errors();
+import Database from "better-sqlite3-multiple-ciphers";
+import { chmodSync } from "fs";
+import { hkdfSync } from "crypto";
+function deriveDbEncryptionKey(daemonKey) {
+  const derived = hkdfSync("sha256", daemonKey, "mcp-guard", "mcp-guard-db-encryption", 32);
+  return Buffer.from(derived).toString("hex");
+}
+function openDatabase(options) {
+  try {
+    const db = new Database(options.path);
+    if (options.encryptionKey) {
+      if (!/^[a-f0-9]+$/i.test(options.encryptionKey)) {
+        throw new StorageError("Encryption key must be hex-encoded");
+      }
+      db.pragma(`key="x'${options.encryptionKey}'"`);
+    }
+    db.pragma("journal_mode = WAL");
+    db.pragma("busy_timeout = 5000");
+    db.pragma("foreign_keys = ON");
+    if (options.path !== ":memory:") {
+      chmodSync(options.path, 384);
+    }
+    return db;
+  } catch (err) {
+    throw new StorageError(`Failed to open database: ${options.path} \u2014 ${String(err)}`);
+  }
+}
+function checkpointWal(db) {
+  try {
+    db.pragma("wal_checkpoint(TRUNCATE)");
+  } catch (err) {
+    throw new StorageError(`WAL checkpoint failed: ${String(err)}`);
+  }
+}
+
+// src/storage/migrations.ts
+init_errors();
+var migrations = [
+  {
+    name: "001-schema-migrations",
+    up(db) {
+      db.exec(`
+        CREATE TABLE IF NOT EXISTS schema_migrations (
+          name TEXT PRIMARY KEY,
+          applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+        )
+      `);
+    }
+  },
+  {
+    name: "002-daemon-state",
+    up(db) {
+      db.exec(`
+        CREATE TABLE IF NOT EXISTS daemon_state (
+          key TEXT PRIMARY KEY,
+          value TEXT NOT NULL,
+          updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+        )
+      `);
+    }
+  },
+  {
+    name: "003-audit-logs",
+    up(db) {
+      db.exec(`
+        CREATE TABLE audit_logs (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          timestamp TEXT NOT NULL DEFAULT (datetime('now')),
+          bridge_id TEXT NOT NULL,
+          server TEXT NOT NULL,
+          method TEXT NOT NULL,
+          direction TEXT NOT NULL CHECK(direction IN ('request', 'response')),
+          identity_uid INTEGER NOT NULL,
+          identity_username TEXT NOT NULL,
+          identity_roles TEXT NOT NULL,
+          tool_or_resource TEXT,
+          params_summary TEXT,
+          interceptor_decisions TEXT NOT NULL,
+          allowed INTEGER NOT NULL,
+          blocked_by TEXT,
+          block_reason TEXT,
+          latency_ms REAL,
+          created_at TEXT NOT NULL DEFAULT (datetime('now'))
+        );
+
+        CREATE INDEX idx_audit_server ON audit_logs(server);
+        CREATE INDEX idx_audit_timestamp ON audit_logs(timestamp);
+        CREATE INDEX idx_audit_method ON audit_logs(method);
+        CREATE INDEX idx_audit_identity ON audit_logs(identity_username);
+      `);
+    }
+  },
+  {
+    name: "004-rate-limits",
+    up(db) {
+      db.exec(`
+        CREATE TABLE rate_limits (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          key TEXT NOT NULL UNIQUE,
+          tokens REAL NOT NULL,
+          max_tokens REAL NOT NULL,
+          refill_rate REAL NOT NULL,
+          last_refill TEXT NOT NULL DEFAULT (datetime('now')),
+          created_at TEXT NOT NULL DEFAULT (datetime('now')),
+          updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+        )
+      `);
+    }
+  }
+];
+function runMigrations(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS schema_migrations (
+      name TEXT PRIMARY KEY,
+      applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+    )
+  `);
+  const applied = new Set(
+    db.prepare("SELECT name FROM schema_migrations").all().map((row) => row.name)
+  );
+  for (const migration of migrations) {
+    if (applied.has(migration.name)) {
+      continue;
+    }
+    const transaction = db.transaction(() => {
+      migration.up(db);
+      db.prepare("INSERT INTO schema_migrations (name) VALUES (?)").run(migration.name);
+    });
+    try {
+      transaction();
+    } catch (err) {
+      throw new StorageError(`Migration '${migration.name}' failed: ${String(err)}`);
+    }
+  }
+}
+
+// src/daemon/socket-server.ts
+import { createServer } from "net";
+import { randomUUID } from "crypto";
+import { unlinkSync } from "fs";
+import { chmodSync as chmodSync2 } from "fs";
+
+// src/identity/os-identity.ts
+init_errors();
+import koffi from "koffi";
+var getPeerCredentialsFn;
+function initMacOS() {
+  const lib = koffi.load("libc.dylib");
+  const getpeereid = lib.func("int getpeereid(int, _Out_ uint32_t *, _Out_ uint32_t *)");
+  const getsockopt = lib.func(
+    "int getsockopt(int, int, int, _Out_ uint8_t *, _Inout_ uint32_t *)"
+  );
+  return (socketFd) => {
+    const uidBuf = [0];
+    const gidBuf = [0];
+    const rc = getpeereid(socketFd, uidBuf, gidBuf);
+    if (rc !== 0) {
+      throw new AuthError(`getpeereid failed with rc=${rc}`);
+    }
+    const pidBuf = Buffer.alloc(4);
+    const lenBuf = [4];
+    const pidRc = getsockopt(socketFd, 0, 2, pidBuf, lenBuf);
+    const pid = pidRc === 0 ? pidBuf.readUInt32LE(0) : void 0;
+    return { uid: uidBuf[0], gid: gidBuf[0], pid };
+  };
+}
+function initLinux() {
+  const lib = koffi.load("libc.so.6");
+  koffi.struct("ucred", {
+    pid: "int",
+    uid: "uint32_t",
+    gid: "uint32_t"
+  });
+  const getsockopt = lib.func("int getsockopt(int, int, int, _Out_ ucred *, _Inout_ uint32_t *)");
+  return (socketFd) => {
+    const cred = { pid: 0, uid: 0, gid: 0 };
+    const lenBuf = [12];
+    const rc = getsockopt(socketFd, 1, 17, cred, lenBuf);
+    if (rc !== 0) {
+      throw new AuthError(`getsockopt SO_PEERCRED failed with rc=${rc}`);
+    }
+    return { uid: cred.uid, gid: cred.gid, pid: cred.pid };
+  };
+}
+function getPeerCredentials(socketFd) {
+  if (!getPeerCredentialsFn) {
+    if (process.platform === "darwin") {
+      getPeerCredentialsFn = initMacOS();
+    } else if (process.platform === "linux") {
+      getPeerCredentialsFn = initLinux();
+    } else {
+      throw new AuthError(`Unsupported platform for peer credentials: ${process.platform}`);
+    }
+  }
+  return getPeerCredentialsFn(socketFd);
+}
+function verifyPeerIsCurrentUser(creds) {
+  if (!process.getuid) {
+    throw new AuthError("process.getuid not available on this platform");
+  }
+  return creds.uid === process.getuid();
+}
+
+// src/daemon/socket-server.ts
+init_constants();
+function writeFramed(socket, data) {
+  const json = JSON.stringify(data);
+  const payload = Buffer.from(json, "utf-8");
+  const header = Buffer.alloc(4);
+  header.writeUInt32BE(payload.length, 0);
+  socket.write(Buffer.concat([header, payload]));
+}
+function createFrameParser(onMessage) {
+  let buffer = Buffer.alloc(0);
+  return (chunk) => {
+    buffer = Buffer.concat([buffer, chunk]);
+    while (buffer.length >= 4) {
+      const length = buffer.readUInt32BE(0);
+      if (length > MAX_MESSAGE_SIZE) {
+        buffer = Buffer.alloc(0);
+        return;
+      }
+      if (buffer.length < 4 + length) {
+        break;
+      }
+      const json = buffer.subarray(4, 4 + length).toString("utf-8");
+      buffer = buffer.subarray(4 + length);
+      try {
+        onMessage(JSON.parse(json));
+      } catch {
+      }
+    }
+  };
+}
+function createSocketServer(options) {
+  const { socketPath, daemonKey, onConnection, logger: logger2 } = options;
+  const connections = /* @__PURE__ */ new Map();
+  let server;
+  function handleSocket(socket) {
+    let authenticated = false;
+    let connId;
+    const messageHandlers = [];
+    const authTimer = setTimeout(() => {
+      if (!authenticated) {
+        logger2.warn("Connection auth timeout \u2014 closing");
+        socket.destroy();
+      }
+    }, AUTH_TIMEOUT);
+    const parser = createFrameParser((data) => {
+      const msg = data;
+      if (!authenticated) {
+        if (msg.type !== "auth") {
+          socket.destroy();
+          return;
+        }
+        const presented = Buffer.from(msg.key, "hex");
+        if (!verifyDaemonKey(presented, daemonKey)) {
+          writeFramed(socket, { type: "auth_fail", reason: "Invalid daemon key" });
+          socket.destroy();
+          return;
+        }
+        try {
+          const fd = socket._handle?.fd;
+          if (fd !== void 0) {
+            const creds = getPeerCredentials(fd);
+            if (!verifyPeerIsCurrentUser(creds)) {
+              writeFramed(socket, { type: "auth_fail", reason: "UID mismatch" });
+              socket.destroy();
+              return;
+            }
+            connId = randomUUID();
+            authenticated = true;
+            clearTimeout(authTimer);
+            const conn = {
+              id: connId,
+              uid: creds.uid,
+              pid: creds.pid,
+              send: (message) => {
+                if (!socket.destroyed) writeFramed(socket, message);
+              },
+              onMessage: (handler) => messageHandlers.push(handler),
+              close: () => socket.destroy()
+            };
+            connections.set(connId, conn);
+            writeFramed(socket, { type: "auth_ok" });
+            logger2.info("Bridge authenticated", { bridge: connId, uid: creds.uid, pid: creds.pid });
+            onConnection(conn);
+          } else {
+            writeFramed(socket, { type: "auth_fail", reason: "Cannot verify peer credentials" });
+            socket.destroy();
+          }
+        } catch (err) {
+          logger2.error("Peer credential check failed", { error: String(err) });
+          writeFramed(socket, { type: "auth_fail", reason: "Credential check failed" });
+          socket.destroy();
+        }
+        return;
+      }
+      for (const handler of messageHandlers) {
+        handler(msg);
+      }
+    });
+    socket.on("data", parser);
+    socket.on("close", () => {
+      clearTimeout(authTimer);
+      if (connId) {
+        connections.delete(connId);
+        logger2.info("Bridge disconnected", { bridge: connId });
+      }
+    });
+    socket.on("error", (err) => {
+      logger2.error("Socket error", { bridge: connId, error: String(err) });
+    });
+  }
+  return {
+    async listen() {
+      try {
+        unlinkSync(socketPath);
+      } catch {
+      }
+      server = createServer(handleSocket);
+      return new Promise((resolve, reject) => {
+        server.on("error", reject);
+        server.listen(socketPath, () => {
+          chmodSync2(socketPath, 384);
+          logger2.info("Socket server listening", { path: socketPath });
+          resolve();
+        });
+      });
+    },
+    async close() {
+      for (const conn of connections.values()) {
+        conn.send({ type: "shutdown", reason: "daemon stopping" });
+        conn.close();
+      }
+      connections.clear();
+      return new Promise((resolve) => {
+        if (!server) {
+          resolve();
+          return;
+        }
+        server.close(() => {
+          try {
+            unlinkSync(socketPath);
+          } catch {
+          }
+          resolve();
+        });
+      });
+    },
+    getConnections() {
+      return Array.from(connections.values());
+    }
+  };
+}
+
+// src/proxy/mcp-client.ts
+import { Client } from "@modelcontextprotocol/sdk/client";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+async function createUpstreamClient(name, config, logger2, options) {
+  let status = "disconnected";
+  const client = new Client({
+    name: `mcp-guard-upstream-${name}`,
+    version: "0.1.0"
+  });
+  const upstream = {
+    name,
+    client,
+    get status() {
+      return status;
+    },
+    async connect() {
+      status = "connecting";
+      try {
+        let transport;
+        if (config.transport === "sse" || config.transport === "streamable-http") {
+          if (!config.url) {
+            throw new Error(`Server '${name}' has transport '${config.transport}' but no url specified`);
+          }
+          const url = new URL(config.url);
+          const headers = {};
+          if (options?.authToken) {
+            headers["Authorization"] = `Bearer ${options.authToken}`;
+          }
+          logger2.info("Connecting to upstream server", { server: name, transport: config.transport, url: config.url });
+          if (config.transport === "sse") {
+            transport = new SSEClientTransport(url, {
+              requestInit: { headers }
+            });
+          } else {
+            transport = new StreamableHTTPClientTransport(url, {
+              requestInit: { headers }
+            });
+          }
+          transport.onclose = () => {
+            status = "disconnected";
+            logger2.info("Upstream server disconnected", { server: name });
+          };
+          transport.onerror = (err) => {
+            status = "error";
+            logger2.error("Upstream server error", { server: name, error: String(err) });
+          };
+        } else {
+          const command = config.command;
+          if (!command) {
+            throw new Error(`Server '${name}' has transport 'stdio' but no command specified`);
+          }
+          logger2.info("Connecting to upstream server", { server: name, command });
+          transport = new StdioClientTransport({
+            command,
+            args: config.args,
+            env: { ...process.env, ...config.env }
+          });
+          transport.onclose = () => {
+            status = "disconnected";
+            logger2.info("Upstream server disconnected", { server: name });
+          };
+          transport.onerror = (err) => {
+            status = "error";
+            logger2.error("Upstream server error", { server: name, error: String(err) });
+          };
+        }
+        await client.connect(transport);
+        status = "connected";
+        logger2.info("Connected to upstream server", { server: name });
+      } catch (err) {
+        status = "error";
+        logger2.error("Failed to connect to upstream server", {
+          server: name,
+          error: String(err)
+        });
+        throw err;
+      }
+    },
+    async disconnect() {
+      try {
+        await client.close();
+      } catch {
+      }
+      status = "disconnected";
+      logger2.info("Disconnected from upstream server", { server: name });
+    }
+  };
+  return upstream;
+}
+
+// src/daemon/server-manager.ts
+function createServerManager(config, logger2) {
+  const clients = /* @__PURE__ */ new Map();
+  return {
+    async startAll() {
+      const entries = Object.entries(config.servers);
+      logger2.info("Starting upstream servers", { count: entries.length });
+      const results = await Promise.allSettled(
+        entries.map(async ([name, serverConfig]) => {
+          const client = await createUpstreamClient(name, serverConfig, logger2, {
+            authToken: serverConfig.upstream_auth_token
+          });
+          clients.set(name, client);
+          await client.connect();
+        })
+      );
+      for (let i = 0; i < results.length; i++) {
+        const result = results[i];
+        if (result.status === "rejected") {
+          logger2.error("Failed to start server", {
+            server: entries[i][0],
+            error: String(result.reason)
+          });
+        }
+      }
+    },
+    async stopAll() {
+      logger2.info("Stopping all upstream servers", { count: clients.size });
+      const promises = Array.from(clients.values()).map((c) => c.disconnect());
+      await Promise.allSettled(promises);
+      clients.clear();
+    },
+    getClient(serverName) {
+      return clients.get(serverName);
+    },
+    getStatus() {
+      const status = /* @__PURE__ */ new Map();
+      for (const [name, client] of clients) {
+        status.set(name, client.status);
+      }
+      return status;
+    }
+  };
+}
+
+// src/proxy/mcp-server.ts
+function createProxyServer(upstreamClients, logger2) {
+  async function handleMessage(message, serverName) {
+    const upstream = upstreamClients.get(serverName);
+    if (!upstream) {
+      return {
+        jsonrpc: "2.0",
+        id: message.id,
+        error: { code: -32600, message: `Unknown server: ${serverName}` }
+      };
+    }
+    if (upstream.status !== "connected") {
+      return {
+        jsonrpc: "2.0",
+        id: message.id,
+        error: { code: -32603, message: `Server '${serverName}' is not connected` }
+      };
+    }
+    const { method, params, id } = message;
+    if (!method) {
+      return {
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32600, message: "Missing method in request" }
+      };
+    }
+    try {
+      const result = await routeMethod(upstream, method, params);
+      return { jsonrpc: "2.0", id, result };
+    } catch (err) {
+      logger2.error("Upstream request failed", {
+        server: serverName,
+        method,
+        error: String(err)
+      });
+      return {
+        jsonrpc: "2.0",
+        id,
+        error: { code: -32603, message: `Upstream error: ${String(err)}` }
+      };
+    }
+  }
+  return { handleMessage };
+}
+async function routeMethod(upstream, method, params) {
+  const client = upstream.client;
+  switch (method) {
+    case "tools/list":
+      return await client.listTools(params);
+    case "tools/call":
+      return await client.callTool(params);
+    case "resources/list":
+      return await client.listResources(params);
+    case "resources/read":
+      return await client.readResource(params);
+    case "resources/list_templates":
+      return await client.listResourceTemplates(
+        params
+      );
+    case "prompts/list":
+      return await client.listPrompts(params);
+    case "prompts/get":
+      return await client.getPrompt(params);
+    default:
+      if (method.startsWith("notifications/")) {
+        await client.notification({ method, params });
+        return void 0;
+      }
+      throw new Error(`Method not found: ${method}`);
+  }
+}
+
+// src/daemon/shutdown.ts
+import { unlink } from "fs/promises";
+function registerShutdownHandlers(context) {
+  let shutdownPromise;
+  async function shutdown(signal) {
+    const { socketServer, serverManager, db, pidFile, logger: logger2, onBeforeShutdown } = context;
+    logger2.info("Shutdown initiated", { signal });
+    try {
+      if (onBeforeShutdown) {
+        try {
+          await onBeforeShutdown();
+        } catch (err) {
+          logger2.warn("Pre-shutdown hook failed", { error: String(err) });
+        }
+      }
+      await socketServer.close();
+      logger2.info("Socket server closed");
+      await serverManager.stopAll();
+      logger2.info("Upstream servers disconnected");
+      try {
+        checkpointWal(db);
+        db.close();
+        logger2.info("Database closed");
+      } catch {
+      }
+      try {
+        await unlink(pidFile);
+      } catch {
+      }
+      logger2.info("Shutdown complete");
+    } catch (err) {
+      logger2.error("Shutdown error", { error: String(err) });
+      throw err;
+    }
+  }
+  function triggerShutdown(signal) {
+    if (!shutdownPromise) {
+      shutdownPromise = shutdown(signal);
+    }
+    return shutdownPromise;
+  }
+  function signalHandler(signal) {
+    const timer = setTimeout(() => {
+      context.logger.warn("Shutdown timeout exceeded \u2014 forcing exit", { signal });
+      process.exit(1);
+    }, context.timeout);
+    triggerShutdown(signal).then(() => {
+      clearTimeout(timer);
+      process.exit(0);
+    }).catch(() => {
+      clearTimeout(timer);
+      process.exit(1);
+    });
+  }
+  process.once("SIGTERM", () => signalHandler("SIGTERM"));
+  process.once("SIGINT", () => signalHandler("SIGINT"));
+  return {
+    shutdown(signal) {
+      return triggerShutdown(signal ?? "programmatic");
+    }
+  };
+}
+
+// src/logger.ts
+var LEVEL_ORDER = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+function getLogLevel() {
+  const env = process.env["MCP_GUARD_LOG_LEVEL"]?.toLowerCase();
+  if (env && env in LEVEL_ORDER) {
+    return env;
+  }
+  return "info";
+}
+function createLogger(defaultContext) {
+  const minLevel = getLogLevel();
+  function log(level, message, extra) {
+    if (LEVEL_ORDER[level] < LEVEL_ORDER[minLevel]) {
+      return;
+    }
+    const entry = {
+      level,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      ...defaultContext,
+      message,
+      ...extra
+    };
+    process.stderr.write(JSON.stringify(entry) + "\n");
+  }
+  return {
+    debug: (message, extra) => log("debug", message, extra),
+    info: (message, extra) => log("info", message, extra),
+    warn: (message, extra) => log("warn", message, extra),
+    error: (message, extra) => log("error", message, extra)
+  };
+}
+
+// src/interceptors/pipeline.ts
+function createPipeline(options) {
+  const { interceptors, timeout, logger: logger2 } = options;
+  async function execute(ctx) {
+    const decisions = [];
+    let currentParams = ctx.message.params;
+    for (const interceptor of interceptors) {
+      const start = Date.now();
+      let decision;
+      const timer = createTimeout(timeout, interceptor.name);
+      try {
+        decision = await Promise.race([
+          interceptor.execute(ctx),
+          timer.promise
+        ]);
+      } catch (err) {
+        timer.clear();
+        const durationMs2 = Date.now() - start;
+        const reason = String(err);
+        logger2.error("Interceptor failed", {
+          interceptor: interceptor.name,
+          error: reason,
+          durationMs: durationMs2
+        });
+        const blockDecision = {
+          action: "BLOCK",
+          reason: `Interceptor '${interceptor.name}' failed: ${reason}`
+        };
+        decisions.push({
+          interceptor: interceptor.name,
+          decision: blockDecision,
+          durationMs: durationMs2
+        });
+        return {
+          allowed: false,
+          decisions,
+          finalParams: currentParams
+        };
+      }
+      timer.clear();
+      const durationMs = Date.now() - start;
+      if (decision.action === "MODIFY") {
+        const mutatedProtected = "method" in decision.params && decision.params["method"] !== ctx.message.method || "name" in decision.params && decision.params["name"] !== currentParams?.["name"] || "uri" in decision.params && decision.params["uri"] !== currentParams?.["uri"];
+        if (mutatedProtected) {
+          logger2.error("Interceptor attempted to modify protected fields", {
+            interceptor: interceptor.name
+          });
+          const blockDecision = {
+            action: "BLOCK",
+            reason: `Interceptor '${interceptor.name}' attempted to modify protected fields`
+          };
+          decisions.push({
+            interceptor: interceptor.name,
+            decision: blockDecision,
+            durationMs
+          });
+          return {
+            allowed: false,
+            decisions,
+            finalParams: currentParams
+          };
+        }
+        currentParams = { ...currentParams, ...decision.params };
+        ctx = { ...ctx, message: { ...ctx.message, params: currentParams } };
+        const authMode = decision.metadata?.["authMode"];
+        if (authMode && decision.metadata?.["roles"]) {
+          const roles = decision.metadata["roles"];
+          if (authMode === "oauth") {
+            ctx = {
+              ...ctx,
+              identity: {
+                ...ctx.identity,
+                roles,
+                username: decision.metadata["oauthSubject"] ?? ctx.identity.username,
+                authMode: "oauth",
+                oauthSubject: decision.metadata["oauthSubject"]
+              }
+            };
+          } else if (authMode === "api_key") {
+            ctx = {
+              ...ctx,
+              identity: {
+                ...ctx.identity,
+                roles,
+                authMode: "api_key"
+              }
+            };
+          }
+        }
+      }
+      decisions.push({
+        interceptor: interceptor.name,
+        decision,
+        durationMs
+      });
+      if (decision.action === "BLOCK") {
+        return {
+          allowed: false,
+          decisions,
+          finalParams: currentParams
+        };
+      }
+    }
+    return {
+      allowed: true,
+      decisions,
+      finalParams: currentParams,
+      resolvedIdentity: ctx.identity
+    };
+  }
+  return { execute };
+}
+function createTimeout(ms, name) {
+  let timerId;
+  const promise = new Promise((_, reject) => {
+    timerId = setTimeout(() => reject(new Error(`Interceptor '${name}' timed out after ${ms}ms`)), ms);
+  });
+  promise.catch(() => {
+  });
+  return {
+    promise,
+    clear: () => clearTimeout(timerId)
+  };
+}
+
+// src/interceptors/auth.ts
+import { timingSafeEqual as timingSafeEqual2, createHash as createHash2 } from "crypto";
+
+// src/identity/token-validator.ts
+init_errors();
+import { createRemoteJWKSet, jwtVerify } from "jose";
+async function discoverJwksUri(issuer) {
+  const discoveryUrl = `${issuer.replace(/\/$/, "")}/.well-known/openid-configuration`;
+  try {
+    const response = await fetch(discoveryUrl);
+    if (response.ok) {
+      const metadata = await response.json();
+      if (metadata.jwks_uri && typeof metadata.jwks_uri === "string") {
+        return metadata.jwks_uri;
+      }
+    }
+  } catch {
+  }
+  return `${issuer.replace(/\/$/, "")}/.well-known/jwks.json`;
+}
+async function createTokenValidator(config) {
+  const jwksUri = config.jwks_uri ?? await discoverJwksUri(config.issuer);
+  const jwks = createRemoteJWKSet(new URL(jwksUri));
+  return {
+    async validate(token) {
+      try {
+        const audience = config.audience ?? config.client_id;
+        const { payload } = await jwtVerify(token, jwks, {
+          issuer: config.issuer,
+          audience,
+          clockTolerance: config.clock_tolerance_seconds
+        });
+        if (!payload.sub) {
+          throw new OAuthError('JWT missing required "sub" claim');
+        }
+        return {
+          valid: true,
+          claims: payload,
+          subject: payload.sub
+        };
+      } catch (err) {
+        if (err instanceof OAuthError) {
+          throw err;
+        }
+        throw new OAuthError(`JWT validation failed: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
+  };
+}
+
+// src/identity/roles.ts
+import { userInfo } from "os";
+function resolveOAuthIdentity(claims, config) {
+  const sub = typeof claims["sub"] === "string" ? claims["sub"] : "oauth-user";
+  const oauthConfig = config.auth.oauth;
+  if (!oauthConfig) {
+    return { uid: -1, username: sub, roles: [], authMode: "oauth", oauthSubject: sub };
+  }
+  const claimName = oauthConfig.claims_to_roles.claim_name;
+  const claimValue = claims[claimName];
+  const mapping = oauthConfig.claims_to_roles.mapping;
+  const claimValues = Array.isArray(claimValue) ? claimValue.filter((v) => typeof v === "string") : typeof claimValue === "string" ? [claimValue] : [];
+  const roles = [];
+  for (const value of claimValues) {
+    const mapped = mapping[value];
+    if (mapped) {
+      roles.push(...mapped);
+    }
+  }
+  const uniqueRoles = [...new Set(roles)];
+  return {
+    uid: -1,
+    username: sub,
+    roles: uniqueRoles,
+    authMode: "oauth",
+    oauthSubject: sub
+  };
+}
+function resolveIdentity(uid, pid, config) {
+  const username = resolveUsername(uid);
+  const roles = resolveRoles(username, config);
+  return { uid, pid, username, roles };
+}
+function resolveUsername(uid) {
+  try {
+    const info = userInfo();
+    if (info.uid === uid) {
+      return info.username;
+    }
+  } catch {
+  }
+  return `uid:${uid}`;
+}
+function resolveRoles(username, config) {
+  const matchedRoles = [];
+  for (const roleName of Object.keys(config.auth.roles)) {
+    if (roleName === username) {
+      matchedRoles.push(roleName);
+    }
+  }
+  return matchedRoles.length > 0 ? matchedRoles : ["default"];
+}
+
+// src/interceptors/auth.ts
+init_errors();
+function createAuthInterceptor(config) {
+  const hashedKeys = /* @__PURE__ */ new Map();
+  for (const [key, keyConfig] of Object.entries(config.auth.api_keys)) {
+    const hash = createHash2("sha256").update(key).digest("hex");
+    hashedKeys.set(hash, keyConfig);
+  }
+  let tokenValidator;
+  let tokenValidatorPromise;
+  if (config.auth.mode === "oauth" && config.auth.oauth) {
+    tokenValidatorPromise = createTokenValidator(config.auth.oauth);
+  }
+  return {
+    name: "auth",
+    async execute(ctx) {
+      if (config.auth.mode === "os") {
+        return validateOsIdentity(ctx);
+      }
+      if (config.auth.mode === "oauth") {
+        if (!tokenValidatorPromise) {
+          return { action: "BLOCK", reason: "OAuth configured but token validator not initialized", code: "OAUTH_INTERNAL" };
+        }
+        if (!tokenValidator) {
+          tokenValidator = await tokenValidatorPromise;
+        }
+        return validateOAuthToken(ctx, tokenValidator, config);
+      }
+      return validateApiKey(ctx, hashedKeys);
+    }
+  };
+}
+function validateOsIdentity(ctx) {
+  if (!ctx.identity) {
+    return { action: "BLOCK", reason: "No identity resolved", code: "AUTH_MISSING" };
+  }
+  if (!ctx.identity.username) {
+    return { action: "BLOCK", reason: "Identity has no username", code: "AUTH_INVALID" };
+  }
+  if (!ctx.identity.roles || ctx.identity.roles.length === 0) {
+    return { action: "BLOCK", reason: "Identity has no roles", code: "AUTH_NO_ROLES" };
+  }
+  return { action: "PASS" };
+}
+function validateApiKey(ctx, hashedKeys) {
+  const apiKey = ctx.message.params?.["_api_key"];
+  if (!apiKey) {
+    return { action: "BLOCK", reason: "API key required but not provided", code: "AUTH_MISSING" };
+  }
+  const presentedHash = createHash2("sha256").update(apiKey).digest();
+  let matchedRoles;
+  for (const [storedHash, keyConfig] of hashedKeys) {
+    const storedBuf = Buffer.from(storedHash, "hex");
+    if (presentedHash.length === storedBuf.length && timingSafeEqual2(presentedHash, storedBuf)) {
+      matchedRoles = keyConfig.roles;
+      break;
+    }
+  }
+  if (!matchedRoles) {
+    return { action: "BLOCK", reason: "Invalid API key", code: "AUTH_INVALID" };
+  }
+  const { _api_key: _, ...cleanParams } = ctx.message.params ?? {};
+  return {
+    action: "MODIFY",
+    params: cleanParams,
+    metadata: {
+      authMode: "api_key",
+      roles: matchedRoles
+    }
+  };
+}
+async function validateOAuthToken(ctx, tokenValidator, config) {
+  const bearerToken = ctx.message.params?.["_bearer_token"];
+  if (!bearerToken) {
+    return { action: "BLOCK", reason: "OAuth token required but not provided", code: "OAUTH_TOKEN_MISSING" };
+  }
+  try {
+    const result = await tokenValidator.validate(bearerToken);
+    const identity = resolveOAuthIdentity(result.claims, config);
+    if (!identity.roles || identity.roles.length === 0) {
+      return { action: "BLOCK", reason: "OAuth token has no mapped roles", code: "OAUTH_NO_ROLES" };
+    }
+    const { _bearer_token: _, ...cleanParams } = ctx.message.params ?? {};
+    return {
+      action: "MODIFY",
+      params: cleanParams,
+      metadata: {
+        oauthSubject: result.subject,
+        roles: identity.roles,
+        authMode: "oauth"
+      }
+    };
+  } catch (err) {
+    const safeReason = err instanceof OAuthError ? sanitizeOAuthError(err.message) : "OAuth token validation failed";
+    return { action: "BLOCK", reason: safeReason, code: "OAUTH_INVALID_TOKEN" };
+  }
+}
+function sanitizeOAuthError(message) {
+  return message.replace(/eyJ[A-Za-z0-9_-]{20,}/g, "[redacted]").replace(/[A-Za-z0-9_-]{40,}/g, "[redacted]");
+}
+
+// src/interceptors/effective-policy.ts
+function resolveEffectivePermissions(serverPermissions, identity, config) {
+  const allowedToolsLists = [];
+  const allowedResourcesLists = [];
+  if (serverPermissions.allowed_tools) {
+    allowedToolsLists.push(serverPermissions.allowed_tools);
+  }
+  if (serverPermissions.allowed_resources) {
+    allowedResourcesLists.push(serverPermissions.allowed_resources);
+  }
+  let deniedTools = [...serverPermissions.denied_tools];
+  let deniedResources = [...serverPermissions.denied_resources];
+  for (const role of identity.roles) {
+    const roleConfig = config.auth.roles[role];
+    if (!roleConfig) continue;
+    const rolePerms = roleConfig.permissions;
+    deniedTools = [.../* @__PURE__ */ new Set([...deniedTools, ...rolePerms.denied_tools])];
+    deniedResources = [.../* @__PURE__ */ new Set([...deniedResources, ...rolePerms.denied_resources])];
+    if (rolePerms.allowed_tools) {
+      allowedToolsLists.push(rolePerms.allowed_tools);
+    }
+    if (rolePerms.allowed_resources) {
+      allowedResourcesLists.push(rolePerms.allowed_resources);
+    }
+  }
+  return {
+    allowed_tools_lists: allowedToolsLists,
+    denied_tools: deniedTools,
+    allowed_resources_lists: allowedResourcesLists,
+    denied_resources: deniedResources
+  };
+}
+function resolveEffectiveRateLimit(serverRateLimit, identity, config) {
+  const effective = {
+    requests_per_minute: serverRateLimit.requests_per_minute,
+    requests_per_hour: serverRateLimit.requests_per_hour,
+    tool_limits: { ...serverRateLimit.tool_limits }
+  };
+  for (const role of identity.roles) {
+    const roleConfig = config.auth.roles[role];
+    if (!roleConfig) continue;
+    const roleLimit = roleConfig.rate_limit;
+    if (roleLimit.requests_per_minute) {
+      effective.requests_per_minute = effective.requests_per_minute ? Math.min(effective.requests_per_minute, roleLimit.requests_per_minute) : roleLimit.requests_per_minute;
+    }
+    if (roleLimit.requests_per_hour) {
+      effective.requests_per_hour = effective.requests_per_hour ? Math.min(effective.requests_per_hour, roleLimit.requests_per_hour) : roleLimit.requests_per_hour;
+    }
+    for (const [toolName, toolLimit] of Object.entries(roleLimit.tool_limits)) {
+      const existing = effective.tool_limits[toolName];
+      if (!existing) {
+        effective.tool_limits[toolName] = { ...toolLimit };
+      } else if (toolLimit.requests_per_minute) {
+        existing.requests_per_minute = existing.requests_per_minute ? Math.min(existing.requests_per_minute, toolLimit.requests_per_minute) : toolLimit.requests_per_minute;
+      }
+    }
+  }
+  return effective;
+}
+
+// src/interceptors/rate-limit.ts
+function createRateLimitInterceptor(store, config) {
+  return {
+    name: "rate-limit",
+    async execute(ctx) {
+      const serverConfig = config.servers[ctx.server];
+      if (!serverConfig) {
+        return { action: "PASS" };
+      }
+      const rateConfig = resolveEffectiveRateLimit(
+        serverConfig.policy.rate_limit,
+        ctx.identity,
+        config
+      );
+      if (rateConfig.requests_per_minute) {
+        const key = `server:${ctx.server}:${ctx.identity.username}:rpm`;
+        const allowed = store.tryConsume(key, {
+          maxTokens: rateConfig.requests_per_minute,
+          refillRate: rateConfig.requests_per_minute / 60
+          // tokens per second
+        });
+        if (!allowed) {
+          return {
+            action: "BLOCK",
+            reason: "Rate limit exceeded (requests per minute)",
+            code: "RATE_LIMITED"
+          };
+        }
+      }
+      if (rateConfig.requests_per_hour) {
+        const key = `server:${ctx.server}:${ctx.identity.username}:rph`;
+        const allowed = store.tryConsume(key, {
+          maxTokens: rateConfig.requests_per_hour,
+          refillRate: rateConfig.requests_per_hour / 3600
+          // tokens per second
+        });
+        if (!allowed) {
+          return {
+            action: "BLOCK",
+            reason: "Rate limit exceeded (requests per hour)",
+            code: "RATE_LIMITED"
+          };
+        }
+      }
+      if (ctx.message.method === "tools/call") {
+        const toolName = ctx.message.params?.["name"];
+        if (toolName && rateConfig.tool_limits[toolName]) {
+          const toolLimit = rateConfig.tool_limits[toolName];
+          if (toolLimit.requests_per_minute) {
+            const key = `tool:${ctx.server}:${ctx.identity.username}:${toolName}:rpm`;
+            const allowed = store.tryConsume(key, {
+              maxTokens: toolLimit.requests_per_minute,
+              refillRate: toolLimit.requests_per_minute / 60
+            });
+            if (!allowed) {
+              return {
+                action: "BLOCK",
+                reason: `Rate limit exceeded for tool '${toolName}'`,
+                code: "RATE_LIMITED"
+              };
+            }
+          }
+        }
+      }
+      return { action: "PASS" };
+    }
+  };
+}
+
+// src/interceptors/permissions.ts
+var MAX_MATCH_INPUT_LENGTH = 1024;
+var patternCache = /* @__PURE__ */ new Map();
+function createPermissionInterceptor(config) {
+  for (const serverConfig of Object.values(config.servers)) {
+    const allPatterns = [
+      ...serverConfig.policy.permissions.denied_tools,
+      ...serverConfig.policy.permissions.allowed_tools ?? [],
+      ...serverConfig.policy.permissions.denied_resources,
+      ...serverConfig.policy.permissions.allowed_resources ?? []
+    ];
+    for (const pattern of allPatterns) {
+      if (!patternCache.has(pattern)) {
+        const compiled = compilePattern(pattern);
+        if (compiled) patternCache.set(pattern, compiled);
+      }
+    }
+  }
+  return {
+    name: "permissions",
+    async execute(ctx) {
+      const serverConfig = config.servers[ctx.server];
+      if (!serverConfig) {
+        return { action: "PASS" };
+      }
+      const permissions = resolveEffectivePermissions(
+        serverConfig.policy.permissions,
+        ctx.identity,
+        config
+      );
+      if (ctx.message.method === "tools/call") {
+        const toolName = ctx.message.params?.["name"];
+        if (!toolName) {
+          return { action: "BLOCK", reason: "tools/call missing required tool name", code: "MALFORMED_REQUEST" };
+        }
+        if (matchesAny(toolName, permissions.denied_tools)) {
+          return {
+            action: "BLOCK",
+            reason: `Tool '${toolName}' is denied`,
+            code: "PERMISSION_DENIED"
+          };
+        }
+        for (const allowList of permissions.allowed_tools_lists) {
+          if (!matchesAny(toolName, allowList)) {
+            return {
+              action: "BLOCK",
+              reason: `Tool '${toolName}' is not in allowed list`,
+              code: "PERMISSION_DENIED"
+            };
+          }
+        }
+        return { action: "PASS" };
+      }
+      if (ctx.message.method === "resources/read") {
+        const uri = ctx.message.params?.["uri"];
+        if (!uri) {
+          return { action: "BLOCK", reason: "resources/read missing required URI", code: "MALFORMED_REQUEST" };
+        }
+        if (matchesAny(uri, permissions.denied_resources)) {
+          return {
+            action: "BLOCK",
+            reason: `Resource '${uri}' is denied`,
+            code: "PERMISSION_DENIED"
+          };
+        }
+        for (const allowList of permissions.allowed_resources_lists) {
+          if (!matchesAny(uri, allowList)) {
+            return {
+              action: "BLOCK",
+              reason: `Resource '${uri}' is not in allowed list`,
+              code: "PERMISSION_DENIED"
+            };
+          }
+        }
+        return { action: "PASS" };
+      }
+      return { action: "PASS" };
+    }
+  };
+}
+function matchesAny(value, patterns) {
+  return patterns.some((pattern) => matchesPattern(value, pattern));
+}
+function matchesPattern(value, pattern) {
+  if (pattern.startsWith("^") || pattern.includes("*")) {
+    if (value.length > MAX_MATCH_INPUT_LENGTH) {
+      return false;
+    }
+    const compiled = patternCache.get(pattern) ?? compileAndCache(pattern);
+    return compiled ? compiled.test(value) : false;
+  }
+  return value === pattern;
+}
+function compilePattern(pattern) {
+  try {
+    if (pattern.startsWith("^")) {
+      return new RegExp(pattern);
+    }
+    if (pattern.includes("*")) {
+      const regexStr = "^" + pattern.replace(/[.+?{}()|[\]\\]/g, "\\$&").replace(/\*/g, "[^/]*") + "$";
+      return new RegExp(regexStr);
+    }
+  } catch {
+  }
+  return null;
+}
+function compileAndCache(pattern) {
+  const compiled = compilePattern(pattern);
+  if (compiled) patternCache.set(pattern, compiled);
+  return compiled;
+}
+
+// src/interceptors/sampling-guard.ts
+function createSamplingGuardInterceptor(config) {
+  return {
+    name: "sampling-guard",
+    async execute(ctx) {
+      if (ctx.message.method !== "sampling/createMessage") {
+        return { action: "PASS" };
+      }
+      const serverConfig = config.servers[ctx.server];
+      if (!serverConfig) {
+        return {
+          action: "BLOCK",
+          reason: `Sampling is disabled for unknown server "${ctx.server}"`,
+          code: "SAMPLING_DISABLED"
+        };
+      }
+      if (!serverConfig.policy.sampling.enabled) {
+        return {
+          action: "BLOCK",
+          reason: `Sampling is disabled for server "${ctx.server}"`,
+          code: "SAMPLING_DISABLED"
+        };
+      }
+      return { action: "PASS" };
+    }
+  };
+}
+
+// src/pii/redactor.ts
+function redactString(content, matches) {
+  if (matches.length === 0) return content;
+  const sorted = [...matches].sort((a, b) => a.start - b.start);
+  const nonOverlapping = [];
+  let lastEnd = -1;
+  for (const m of sorted) {
+    if (m.start >= lastEnd) {
+      nonOverlapping.push(m);
+      lastEnd = m.end;
+    }
+  }
+  let result = content;
+  for (let i = nonOverlapping.length - 1; i >= 0; i--) {
+    const m = nonOverlapping[i];
+    const marker = `[REDACTED:${m.type}]`;
+    result = result.slice(0, m.start) + marker + result.slice(m.end);
+  }
+  return result;
+}
+function scanAndRedact(value, detect, shouldRedact) {
+  const allMatches = [];
+  function walk(val, path) {
+    if (typeof val === "string") {
+      const matches = detect(val);
+      for (const m of matches) {
+        allMatches.push({ type: m.type, confidence: m.confidence, start: m.start, end: m.end, path });
+      }
+      if (shouldRedact && matches.length > 0) {
+        return redactString(val, matches);
+      }
+      return val;
+    }
+    if (Array.isArray(val)) {
+      return val.map((item, i) => walk(item, path ? `${path}[${i}]` : `[${i}]`));
+    }
+    if (val !== null && typeof val === "object") {
+      const result = {};
+      for (const [key, child] of Object.entries(val)) {
+        result[key] = walk(child, path ? `${path}.${key}` : key);
+      }
+      return result;
+    }
+    return val;
+  }
+  const redacted = walk(value, "");
+  return { matches: allMatches, redacted };
+}
+
+// src/interceptors/pii-detect.ts
+var MAX_SCAN_BYTES = 1048576;
+var ACTION_SEVERITY = {
+  warn: 0,
+  redact: 1,
+  block: 2
+};
+function createPiiInterceptor(registry, config) {
+  const actionMap = { ...config.pii.actions };
+  for (const [typeName, customType] of Object.entries(config.pii.custom_types)) {
+    actionMap[typeName] = customType.actions;
+  }
+  return {
+    name: "pii-detect",
+    async execute(ctx) {
+      if (!config.pii.enabled) {
+        return { action: "PASS" };
+      }
+      const params = ctx.message.params;
+      if (!params) {
+        return { action: "PASS" };
+      }
+      const serialized = JSON.stringify(params);
+      if (serialized.length > MAX_SCAN_BYTES) {
+        return {
+          action: "BLOCK",
+          reason: "Content exceeds 1MB PII scan limit \u2014 blocked uninspected",
+          code: "PII_CONTENT_TOO_LARGE"
+        };
+      }
+      const direction = ctx.direction;
+      const detectFn = (content) => registry.scan(content, { direction, server: ctx.server });
+      let scanResult;
+      try {
+        scanResult = scanAndRedact(params, detectFn, false);
+      } catch (err) {
+        return {
+          action: "BLOCK",
+          reason: `PII detector error: ${String(err)}`,
+          code: "PII_DETECTOR_ERROR"
+        };
+      }
+      if (scanResult.matches.length === 0) {
+        return { action: "PASS" };
+      }
+      let strictestAction = "warn";
+      const detections = [];
+      for (const match of scanResult.matches) {
+        const typeActions = actionMap[match.type];
+        const action = typeActions ? typeActions[direction] : direction === "request" ? "redact" : "warn";
+        detections.push({ type: match.type, action });
+        if (ACTION_SEVERITY[action] > ACTION_SEVERITY[strictestAction]) {
+          strictestAction = action;
+        }
+      }
+      const metadata = {
+        piiDetections: detections
+      };
+      if (strictestAction === "block") {
+        const detectedTypes = [...new Set(detections.map((d) => d.type))].join(", ");
+        return {
+          action: "BLOCK",
+          reason: `PII detected (${detectedTypes}) \u2014 blocked by ${direction} policy`,
+          code: "PII_BLOCKED",
+          metadata
+        };
+      }
+      if (strictestAction === "redact") {
+        let redactResult;
+        try {
+          redactResult = scanAndRedact(params, detectFn, true);
+        } catch (err) {
+          return {
+            action: "BLOCK",
+            reason: `PII redaction error: ${String(err)}`,
+            code: "PII_DETECTOR_ERROR"
+          };
+        }
+        const redactedParams = { ...redactResult.redacted };
+        delete redactedParams["name"];
+        delete redactedParams["method"];
+        delete redactedParams["uri"];
+        return {
+          action: "MODIFY",
+          params: redactedParams,
+          metadata
+        };
+      }
+      return { action: "PASS", metadata };
+    }
+  };
+}
+
+// src/pii/regex-detector.ts
+var MAX_CONTENT_LENGTH = 65536;
+function luhnCheck(digits) {
+  const cleaned = digits.replace(/\D/g, "");
+  if (cleaned.length === 0) return false;
+  let sum = 0;
+  let alternate = false;
+  for (let i = cleaned.length - 1; i >= 0; i--) {
+    let n = parseInt(cleaned[i], 10);
+    if (alternate) {
+      n *= 2;
+      if (n > 9) n -= 9;
+    }
+    sum += n;
+    alternate = !alternate;
+  }
+  return sum % 10 === 0;
+}
+var PATTERNS = [
+  {
+    type: "email",
+    regex: /\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}\b/g,
+    confidence: 0.9
+  },
+  {
+    type: "phone",
+    regex: /(?:\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/g,
+    confidence: 0.8,
+    validate: (match) => {
+      const digits = match.replace(/\D/g, "");
+      return digits.length >= 10 && digits.length <= 15;
+    }
+  },
+  {
+    type: "ssn",
+    regex: /\b(?!000|666|9\d{2})\d{3}-(?!00)\d{2}-(?!0000)\d{4}\b/g,
+    confidence: 0.95
+  },
+  {
+    type: "credit_card",
+    // Matches common card prefixes: Visa (4), Mastercard (5[1-5], 2[2-7]),
+    // Amex (3[47]), Discover (6011, 65, 644-649)
+    regex: /\b(?:4\d{3}|5[1-5]\d{2}|2[2-7]\d{2}|3[47]\d{2}|6(?:011|5\d{2}|4[4-9]\d))[- ]?\d{4}[- ]?\d{4}[- ]?\d{1,7}\b/g,
+    confidence: 0.95,
+    validate: (match) => {
+      const digits = match.replace(/\D/g, "");
+      return digits.length >= 13 && digits.length <= 19 && luhnCheck(digits);
+    }
+  },
+  {
+    type: "aws_key",
+    regex: /\bAKIA[0-9A-Z]{16}\b/g,
+    confidence: 0.95
+  },
+  {
+    type: "github_token",
+    regex: /\b(?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36}\b/g,
+    confidence: 0.95
+  }
+];
+function createRegexDetector() {
+  return {
+    name: "regex",
+    detect(content, _ctx) {
+      if (!content || content.length === 0) return [];
+      const scanContent = content.length > MAX_CONTENT_LENGTH ? content.slice(0, MAX_CONTENT_LENGTH) : content;
+      const matches = [];
+      for (const pattern of PATTERNS) {
+        pattern.regex.lastIndex = 0;
+        let match;
+        while ((match = pattern.regex.exec(scanContent)) !== null) {
+          const value = match[0];
+          if (pattern.validate && !pattern.validate(value)) {
+            continue;
+          }
+          matches.push({
+            type: pattern.type,
+            value,
+            confidence: pattern.confidence,
+            start: match.index,
+            end: match.index + value.length
+          });
+        }
+      }
+      matches.sort((a, b) => a.start - b.start);
+      return matches;
+    }
+  };
+}
+
+// src/pii/registry.ts
+var logger = createLogger({ component: "pii-registry" });
+function createPIIRegistry(config) {
+  const detectors = [createRegexDetector()];
+  for (const [typeName, customType] of Object.entries(config.custom_types)) {
+    const compiledPatterns = [];
+    for (const pattern of customType.patterns) {
+      try {
+        compiledPatterns.push(new RegExp(pattern.regex, "g"));
+      } catch {
+        logger.warn("Invalid custom PII regex, skipping", {
+          type: typeName,
+          regex: pattern.regex
+        });
+      }
+    }
+    if (compiledPatterns.length > 0) {
+      detectors.push({
+        name: `custom:${typeName}`,
+        detect(content, _ctx) {
+          const matches = [];
+          for (const regex of compiledPatterns) {
+            regex.lastIndex = 0;
+            let match;
+            while ((match = regex.exec(content)) !== null) {
+              matches.push({
+                type: typeName,
+                value: match[0],
+                confidence: 0.85,
+                start: match.index,
+                end: match.index + match[0].length
+              });
+            }
+          }
+          return matches;
+        }
+      });
+    }
+  }
+  const confidenceThreshold = config.confidence_threshold;
+  return {
+    scan(content, ctx) {
+      if (!content || content.length === 0) return [];
+      const scanContent = content.length > MAX_CONTENT_LENGTH ? content.slice(0, MAX_CONTENT_LENGTH) : content;
+      const allMatches = [];
+      for (const detector of detectors) {
+        const matches = detector.detect(scanContent, ctx);
+        allMatches.push(...matches);
+      }
+      const filtered = allMatches.filter((m) => m.confidence >= confidenceThreshold);
+      filtered.sort((a, b) => a.start - b.start);
+      const deduped = [];
+      for (const m of filtered) {
+        const overlapping = deduped.findIndex(
+          (existing) => m.start < existing.end && m.end > existing.start
+        );
+        if (overlapping === -1) {
+          deduped.push(m);
+        } else if (m.confidence >= deduped[overlapping].confidence) {
+          deduped[overlapping] = m;
+        }
+      }
+      return deduped;
+    }
+  };
+}
+
+// src/storage/rate-limit-store.ts
+function createRateLimitStore(db) {
+  const upsertStmt = db.prepare(`
+    INSERT INTO rate_limits (key, tokens, max_tokens, refill_rate, last_refill, updated_at)
+    VALUES (?, ?, ?, ?, datetime('now'), datetime('now'))
+    ON CONFLICT(key) DO UPDATE SET
+      tokens = excluded.tokens,
+      max_tokens = excluded.max_tokens,
+      refill_rate = excluded.refill_rate,
+      last_refill = excluded.last_refill,
+      updated_at = excluded.updated_at
+  `);
+  const updateTokensStmt = db.prepare(`
+    UPDATE rate_limits SET tokens = ?, updated_at = datetime('now') WHERE key = ?
+  `);
+  const selectStmt = db.prepare(`
+    SELECT tokens, max_tokens, refill_rate, last_refill
+    FROM rate_limits WHERE key = ?
+  `);
+  const deleteStmt = db.prepare(`
+    DELETE FROM rate_limits WHERE updated_at < ?
+  `);
+  const tryConsumeTransaction = db.transaction(
+    (key, config) => {
+      const row = selectStmt.get(key);
+      if (!row) {
+        upsertStmt.run(key, config.maxTokens - 1, config.maxTokens, config.refillRate);
+        return true;
+      }
+      const lastRefill = (/* @__PURE__ */ new Date(row.last_refill + "Z")).getTime();
+      const now = Date.now();
+      const elapsedSeconds = (now - lastRefill) / 1e3;
+      const effectiveMax = Math.min(row.max_tokens, config.maxTokens);
+      const refilled = Math.min(
+        effectiveMax,
+        row.tokens + elapsedSeconds * config.refillRate
+      );
+      if (refilled < 1) {
+        updateTokensStmt.run(refilled, key);
+        return false;
+      }
+      upsertStmt.run(key, refilled - 1, config.maxTokens, config.refillRate);
+      return true;
+    }
+  );
+  return {
+    tryConsume(key, config) {
+      return tryConsumeTransaction(key, config);
+    },
+    getRemaining(key) {
+      const row = selectStmt.get(key);
+      if (!row) return null;
+      const lastRefill = (/* @__PURE__ */ new Date(row.last_refill + "Z")).getTime();
+      const now = Date.now();
+      const elapsedSeconds = (now - lastRefill) / 1e3;
+      return Math.min(row.max_tokens, row.tokens + elapsedSeconds * row.refill_rate);
+    },
+    cleanup(olderThan) {
+      deleteStmt.run(olderThan.toISOString());
+    }
+  };
+}
+
+// src/audit/store.ts
+function createAuditStore(db) {
+  const insertStmt = db.prepare(`
+    INSERT INTO audit_logs (
+      bridge_id, server, method, direction,
+      identity_uid, identity_username, identity_roles,
+      tool_or_resource, params_summary,
+      interceptor_decisions, allowed, blocked_by, block_reason, latency_ms
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+  const cleanupStmt = db.prepare(`
+    DELETE FROM audit_logs WHERE timestamp < datetime('now', ?)
+  `);
+  return {
+    write(entry) {
+      const blockedDecision = entry.pipelineResult.decisions.find(
+        (d) => d.decision.action === "BLOCK"
+      );
+      insertStmt.run(
+        entry.bridgeId,
+        entry.server,
+        entry.method,
+        entry.direction,
+        entry.identity.uid,
+        entry.identity.username,
+        JSON.stringify(entry.identity.roles),
+        entry.toolOrResource ?? null,
+        entry.paramsSummary ?? null,
+        JSON.stringify(
+          entry.pipelineResult.decisions.map((d) => ({
+            name: d.interceptor,
+            action: d.decision.action,
+            reason: d.decision.action === "BLOCK" ? d.decision.reason : void 0,
+            metadata: d.decision.metadata,
+            durationMs: d.durationMs
+          }))
+        ),
+        entry.pipelineResult.allowed ? 1 : 0,
+        blockedDecision?.interceptor ?? null,
+        blockedDecision?.decision.action === "BLOCK" ? blockedDecision.decision.reason : null,
+        entry.latencyMs ?? null
+      );
+    },
+    query(filters) {
+      const conditions = [];
+      const params = [];
+      if (filters.server) {
+        conditions.push("server = ?");
+        params.push(filters.server);
+      }
+      if (filters.user) {
+        conditions.push("identity_username = ?");
+        params.push(filters.user);
+      }
+      if (filters.method) {
+        conditions.push("method = ?");
+        params.push(filters.method);
+      }
+      if (filters.type === "allow") {
+        conditions.push("allowed = 1");
+      } else if (filters.type === "block") {
+        conditions.push("allowed = 0");
+      }
+      if (filters.last) {
+        const modifier = parseTimeModifier(filters.last);
+        if (modifier) {
+          conditions.push("timestamp >= datetime('now', ?)");
+          params.push(modifier);
+        }
+      }
+      const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+      const limit = filters.limit ?? 100;
+      const sql = `SELECT * FROM audit_logs ${where} ORDER BY timestamp DESC LIMIT ?`;
+      params.push(limit);
+      return db.prepare(sql).all(...params);
+    },
+    cleanup(olderThanDays) {
+      const days = Math.max(1, Math.abs(olderThanDays));
+      const result = cleanupStmt.run(`-${days} days`);
+      return result.changes;
+    }
+  };
+}
+function parseTimeModifier(duration) {
+  const match = duration.match(/^(\d+)(m|h|d)$/);
+  if (!match) return null;
+  const value = parseInt(match[1], 10);
+  const unit = match[2];
+  switch (unit) {
+    case "m":
+      return `-${value} minutes`;
+    case "h":
+      return `-${value} hours`;
+    case "d":
+      return `-${value} days`;
+    default:
+      return null;
+  }
+}
+
+// src/audit/stdout-logger.ts
+function formatAuditEntry(entry) {
+  const blockedDecision = entry.pipelineResult.decisions.find(
+    (d) => d.decision.action === "BLOCK"
+  );
+  return JSON.stringify({
+    type: "audit",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    server: entry.server,
+    method: entry.method,
+    direction: entry.direction,
+    identity: entry.identity.username,
+    roles: entry.identity.roles,
+    allowed: entry.pipelineResult.allowed,
+    blocked_by: blockedDecision?.interceptor ?? null,
+    block_reason: blockedDecision?.decision.action === "BLOCK" ? blockedDecision.decision.reason : null,
+    tool_or_resource: entry.toolOrResource ?? null,
+    latency_ms: entry.latencyMs ?? null
+  });
+}
+
+// src/audit/tap.ts
+function createAuditTap(store, logger2, config) {
+  let lastWriteTime = null;
+  return {
+    record(entry) {
+      if (!config.audit.enabled) {
+        return;
+      }
+      try {
+        store.write(entry);
+        lastWriteTime = (/* @__PURE__ */ new Date()).toISOString();
+      } catch (err) {
+        logger2.error("Audit store write failed", { error: String(err) });
+      }
+      if (config.audit.stdout) {
+        try {
+          process.stdout.write(formatAuditEntry(entry) + "\n");
+        } catch (err) {
+          logger2.error("Audit stdout write failed", { error: String(err) });
+        }
+      }
+    },
+    getLastWriteTime() {
+      return lastWriteTime;
+    }
+  };
+}
+
+// src/proxy/capability-filter.ts
+function filterCapabilities(capabilities, serverConfig) {
+  if (!serverConfig.policy.sampling.enabled && "sampling" in capabilities) {
+    const { sampling: _, ...rest } = capabilities;
+    return rest;
+  }
+  return capabilities;
+}
+function filterToolsList(tools, serverConfig, identity, config) {
+  const permissions = resolveEffectivePermissions(serverConfig.policy.permissions, identity, config);
+  return tools.filter((tool) => {
+    if (matchesAny(tool.name, permissions.denied_tools)) {
+      return false;
+    }
+    for (const allowList of permissions.allowed_tools_lists) {
+      if (!matchesAny(tool.name, allowList)) {
+        return false;
+      }
+    }
+    return true;
+  });
+}
+function filterResourcesList(resources, serverConfig, identity, config) {
+  const permissions = resolveEffectivePermissions(serverConfig.policy.permissions, identity, config);
+  return resources.filter((resource) => {
+    if (matchesAny(resource.uri, permissions.denied_resources)) {
+      return false;
+    }
+    for (const allowList of permissions.allowed_resources_lists) {
+      if (!matchesAny(resource.uri, allowList)) {
+        return false;
+      }
+    }
+    return true;
+  });
+}
+
+// src/config/watcher.ts
+init_loader();
+init_constants();
+import { watch } from "fs";
+function createConfigWatcher(configPath, onChange, logger2, currentConfig) {
+  let oldConfig = currentConfig;
+  let debounceTimer;
+  let watcher;
+  try {
+    watcher = watch(configPath, { persistent: false }, (_eventType) => {
+      if (debounceTimer) {
+        clearTimeout(debounceTimer);
+      }
+      debounceTimer = setTimeout(async () => {
+        try {
+          const newConfig = await reloadConfig(configPath);
+          const previousConfig = oldConfig;
+          oldConfig = newConfig;
+          onChange(newConfig, previousConfig);
+          logger2.info("Config reloaded successfully");
+        } catch (err) {
+          logger2.warn("Config reload failed \u2014 keeping previous config", {
+            error: String(err)
+          });
+        }
+      }, CONFIG_RELOAD_DEBOUNCE);
+    });
+  } catch (err) {
+    logger2.error("Failed to watch config file \u2014 hot reload disabled", { error: String(err), path: configPath });
+    return { stop() {
+    } };
+  }
+  return {
+    stop() {
+      if (debounceTimer) {
+        clearTimeout(debounceTimer);
+      }
+      watcher.close();
+    }
+  };
+}
+
+// src/dashboard/server.ts
+import { createServer as createServer2 } from "http";
+import { randomBytes as randomBytes2, timingSafeEqual as timingSafeEqual3 } from "crypto";
+import { writeFile as writeFile3 } from "fs/promises";
+import { join as join5 } from "path";
+
+// src/dashboard/health.ts
+import { readFileSync } from "fs";
+import { join as join4, dirname as dirname2 } from "path";
+import { fileURLToPath } from "url";
+function loadVersion() {
+  let dir = dirname2(fileURLToPath(import.meta.url));
+  for (let i = 0; i < 5; i++) {
+    try {
+      const content = readFileSync(join4(dir, "package.json"), "utf-8");
+      const pkg = JSON.parse(content);
+      if (pkg.version) return pkg.version;
+    } catch {
+    }
+    dir = dirname2(dir);
+  }
+  return "0.0.0";
+}
+var VERSION = loadVersion();
+function buildHealthResponse(ctx) {
+  const serverStatuses = ctx.getServerStatuses();
+  const dbHealthy = ctx.isDatabaseHealthy();
+  const servers = {};
+  for (const [name, status2] of serverStatuses) {
+    servers[name] = status2;
+  }
+  const serverValues = [...serverStatuses.values()];
+  const allConnected = serverValues.length > 0 && serverValues.every((s) => s === "connected");
+  const noneConnected = serverValues.length === 0 || serverValues.every((s) => s !== "connected");
+  let status;
+  if (!dbHealthy || noneConnected) {
+    status = "unhealthy";
+  } else if (allConnected) {
+    status = "healthy";
+  } else {
+    status = "degraded";
+  }
+  return {
+    status,
+    uptime_seconds: Math.floor((Date.now() - ctx.startTime) / 1e3),
+    servers,
+    bridges: ctx.getBridgeCount(),
+    database: dbHealthy ? "ok" : "error",
+    last_audit_write: ctx.getLastAuditWrite(),
+    version: VERSION
+  };
+}
+
+// src/dashboard/server.ts
+init_errors();
+function createDashboardServer(options) {
+  const { port, healthContext, logger: logger2 } = options;
+  const authToken = options.authToken ?? randomBytes2(32).toString("hex");
+  const authTokenBuffer = Buffer.from(authToken, "utf-8");
+  const server = createServer2(async (req, res) => {
+    const url = new URL(req.url ?? "/", `http://127.0.0.1:${port}`);
+    if (url.pathname === "/healthz" && req.method === "GET") {
+      const health = buildHealthResponse(healthContext);
+      const statusCode = health.status === "unhealthy" ? 503 : 200;
+      res.writeHead(statusCode, { "Content-Type": "application/json" });
+      res.end(JSON.stringify(health));
+      return;
+    }
+    if (url.pathname === "/api/status" && req.method === "GET") {
+      if (!verifyBearerToken(req.headers.authorization, authTokenBuffer)) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unauthorized" }));
+        return;
+      }
+      const health = buildHealthResponse(healthContext);
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify(health));
+      return;
+    }
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({ error: "Not found" }));
+  });
+  return {
+    async listen() {
+      await new Promise((resolve, reject) => {
+        server.on("error", (err) => {
+          reject(new DashboardError(`Dashboard server failed to start: ${err.message}`));
+        });
+        server.listen(port, "127.0.0.1", () => {
+          logger2.info("Dashboard server started", { port });
+          resolve();
+        });
+      });
+      if (options.home) {
+        const actualPort = String(server.address() && typeof server.address() === "object" ? server.address().port : port);
+        const tokenPath = join5(options.home, "dashboard.token");
+        const portPath = join5(options.home, "dashboard.port");
+        await writeFile3(tokenPath, authToken, { mode: 384 });
+        await writeFile3(portPath, actualPort, { mode: 384 });
+      }
+    },
+    async close() {
+      await new Promise((resolve, reject) => {
+        server.close((err) => {
+          if (err) {
+            reject(new DashboardError(`Dashboard server close failed: ${err.message}`));
+          } else {
+            logger2.info("Dashboard server closed");
+            resolve();
+          }
+        });
+      });
+    },
+    getAuthToken() {
+      return authToken;
+    },
+    getPort() {
+      const addr = server.address();
+      if (addr && typeof addr === "object") {
+        return addr.port;
+      }
+      return port;
+    }
+  };
+}
+function verifyBearerToken(authHeader, expectedTokenBuffer) {
+  if (!authHeader?.startsWith("Bearer ")) {
+    return false;
+  }
+  const provided = Buffer.from(authHeader.slice(7), "utf-8");
+  if (provided.length !== expectedTokenBuffer.length) {
+    return false;
+  }
+  return timingSafeEqual3(provided, expectedTokenBuffer);
+}
+
+// src/daemon/index.ts
+async function startDaemon(config, configPath) {
+  const logger2 = createLogger({
+    component: "daemon"
+  });
+  const home = config.daemon.home;
+  const keyPath = join6(home, "daemon.key");
+  const pidFile = join6(home, "daemon.pid");
+  const dbPath = join6(home, "mcp-guard.db");
+  await mkdir3(home, { recursive: true, mode: 448 });
+  logger2.info("Home directory ready", { path: home });
+  const daemonKey = await ensureDaemonKey(keyPath);
+  logger2.info("Daemon key ready");
+  await writeFile4(pidFile, String(process.pid), { mode: 384 });
+  logger2.info("PID file written", { pid: process.pid, path: pidFile });
+  const dbOptions = { path: dbPath };
+  if (config.daemon.encryption.enabled) {
+    dbOptions.encryptionKey = deriveDbEncryptionKey(daemonKey);
+    logger2.info("Database encryption enabled");
+  }
+  const db = openDatabase(dbOptions);
+  runMigrations(db);
+  logger2.info("Database ready", { path: dbPath });
+  const serverManager = createServerManager(config, logger2);
+  await serverManager.startAll();
+  const upstreamClients = /* @__PURE__ */ new Map();
+  for (const name of Object.keys(config.servers)) {
+    const client = serverManager.getClient(name);
+    if (client) {
+      upstreamClients.set(name, client);
+    }
+  }
+  const proxyServer = createProxyServer(upstreamClients, logger2);
+  const rateLimitStore = createRateLimitStore(db);
+  const auditStore = createAuditStore(db);
+  const auditTap = createAuditTap(auditStore, logger2, config);
+  let currentConfig = config;
+  function buildPipelines(cfg) {
+    const registry = createPIIRegistry(cfg.pii);
+    return {
+      pipeline: createPipeline({
+        interceptors: [
+          createAuthInterceptor(cfg),
+          createRateLimitInterceptor(rateLimitStore, cfg),
+          createPermissionInterceptor(cfg),
+          createSamplingGuardInterceptor(cfg),
+          createPiiInterceptor(registry, cfg)
+        ],
+        timeout: cfg.interceptors.timeout * 1e3,
+        logger: logger2
+      }),
+      responsePipeline: createPipeline({
+        interceptors: [createPiiInterceptor(registry, cfg)],
+        timeout: cfg.interceptors.timeout * 1e3,
+        logger: logger2
+      })
+    };
+  }
+  let { pipeline: currentPipeline, responsePipeline: currentResponsePipeline } = buildPipelines(config);
+  logger2.info("Interceptor pipeline ready", {
+    interceptors: ["auth", "rate-limit", "permissions", "sampling-guard", "pii-detect"],
+    timeout: config.interceptors.timeout
+  });
+  const socketServer = createSocketServer({
+    socketPath: config.daemon.socket_path,
+    daemonKey,
+    logger: logger2,
+    onConnection: (conn) => {
+      conn.onMessage(async (msg) => {
+        if (msg.type === "mcp") {
+          const identity = resolveIdentity(conn.uid, conn.pid, currentConfig);
+          const method = msg.data.method ?? "unknown";
+          const startTime = Date.now();
+          try {
+            const ctx = {
+              message: { method, params: msg.data.params },
+              server: msg.server,
+              identity,
+              direction: "request",
+              metadata: { bridgeId: conn.id, timestamp: Date.now() }
+            };
+            const pipelineResult = await currentPipeline.execute(ctx);
+            const latencyMs = Date.now() - startTime;
+            const effectiveIdentity = pipelineResult.resolvedIdentity ?? identity;
+            auditTap.record({
+              bridgeId: conn.id,
+              server: msg.server,
+              method,
+              direction: "request",
+              identity: effectiveIdentity,
+              toolOrResource: extractToolOrResource(msg.data),
+              pipelineResult,
+              latencyMs
+            });
+            if (!pipelineResult.allowed) {
+              const blockReason = pipelineResult.decisions.find(
+                (d) => d.decision.action === "BLOCK"
+              );
+              conn.send({
+                type: "mcp",
+                data: {
+                  jsonrpc: "2.0",
+                  id: msg.data.id,
+                  error: {
+                    code: -32600,
+                    message: blockReason?.decision.action === "BLOCK" ? blockReason.decision.reason : "Blocked by security policy"
+                  }
+                }
+              });
+              return;
+            }
+            const upstreamMsg = pipelineResult.finalParams ? { ...msg.data, params: pipelineResult.finalParams } : msg.data;
+            const response = await proxyServer.handleMessage(upstreamMsg, msg.server);
+            const responseContent = response.result ?? response.error;
+            if (responseContent) {
+              const responseCtx = {
+                message: { method, params: responseContent },
+                server: msg.server,
+                identity: effectiveIdentity,
+                direction: "response",
+                metadata: { bridgeId: conn.id, timestamp: Date.now() }
+              };
+              const responseResult = await currentResponsePipeline.execute(responseCtx);
+              auditTap.record({
+                bridgeId: conn.id,
+                server: msg.server,
+                method,
+                direction: "response",
+                identity: effectiveIdentity,
+                toolOrResource: extractToolOrResource(msg.data),
+                pipelineResult: responseResult,
+                latencyMs: Date.now() - startTime
+              });
+              if (!responseResult.allowed) {
+                conn.send({
+                  type: "mcp",
+                  data: {
+                    jsonrpc: "2.0",
+                    id: msg.data.id,
+                    error: { code: -32600, message: "Response blocked by PII policy" }
+                  }
+                });
+                return;
+              }
+              if (responseResult.finalParams) {
+                if (response.result) {
+                  response.result = responseResult.finalParams;
+                } else if (response.error) {
+                  const redacted = responseResult.finalParams;
+                  if (typeof redacted["message"] === "string") {
+                    response.error.message = redacted["message"];
+                  }
+                  if ("data" in redacted) {
+                    response.error.data = redacted["data"];
+                  }
+                }
+              }
+            }
+            if (msg.data.method === "initialize" && response.result) {
+              const result = response.result;
+              const serverConfig = currentConfig.servers[msg.server];
+              if (result.capabilities && serverConfig) {
+                result.capabilities = filterCapabilities(result.capabilities, serverConfig);
+              }
+            }
+            if (msg.data.method === "tools/list" && response.result) {
+              const result = response.result;
+              const serverConfig = currentConfig.servers[msg.server];
+              if (result.tools && serverConfig) {
+                result.tools = filterToolsList(result.tools, serverConfig, effectiveIdentity, currentConfig);
+              }
+            }
+            if (msg.data.method === "resources/list" && response.result) {
+              const result = response.result;
+              const serverConfig = currentConfig.servers[msg.server];
+              if (result.resources && serverConfig) {
+                result.resources = filterResourcesList(result.resources, serverConfig, effectiveIdentity, currentConfig);
+              }
+            }
+            conn.send({ type: "mcp", data: response });
+          } catch (err) {
+            const latencyMs = Date.now() - startTime;
+            logger2.error("Message handler failed", { error: String(err), method });
+            auditTap.record({
+              bridgeId: conn.id,
+              server: msg.server,
+              method,
+              direction: "request",
+              identity,
+              toolOrResource: extractToolOrResource(msg.data),
+              pipelineResult: {
+                allowed: false,
+                decisions: [{
+                  interceptor: "internal",
+                  decision: { action: "BLOCK", reason: `Internal error: ${String(err)}` },
+                  durationMs: latencyMs
+                }]
+              },
+              latencyMs
+            });
+            conn.send({
+              type: "mcp",
+              data: {
+                jsonrpc: "2.0",
+                id: msg.data.id,
+                error: { code: -32603, message: "Internal error" }
+              }
+            });
+          }
+        }
+      });
+    }
+  });
+  await socketServer.listen();
+  const dashboardServer = createDashboardServer({
+    port: config.daemon.dashboard_port,
+    healthContext: {
+      startTime: Date.now(),
+      getServerStatuses: () => serverManager.getStatus(),
+      getBridgeCount: () => socketServer.getConnections().length,
+      isDatabaseHealthy: () => {
+        try {
+          db.pragma("integrity_check");
+          return true;
+        } catch {
+          return false;
+        }
+      },
+      getLastAuditWrite: () => auditTap.getLastWriteTime()
+    },
+    logger: logger2,
+    home
+  });
+  await dashboardServer.listen();
+  let configWatcher;
+  if (configPath) {
+    configWatcher = createConfigWatcher(
+      configPath,
+      (newConfig, oldConfig) => {
+        for (const name of Object.keys(newConfig.servers)) {
+          const oldServer = oldConfig.servers[name];
+          const newServer = newConfig.servers[name];
+          if (!oldServer) {
+            logger2.warn("New server added in config \u2014 requires daemon restart to take effect", { server: name });
+            continue;
+          }
+          if (oldServer.command !== newServer.command || oldServer.url !== newServer.url || oldServer.transport !== newServer.transport || JSON.stringify(oldServer.args) !== JSON.stringify(newServer.args) || JSON.stringify(oldServer.env) !== JSON.stringify(newServer.env)) {
+            logger2.warn("Server definition changed \u2014 requires daemon restart to take effect", { server: name });
+          }
+        }
+        for (const name of Object.keys(oldConfig.servers)) {
+          if (!newConfig.servers[name]) {
+            logger2.warn("Server removed in config \u2014 requires daemon restart to take effect", { server: name });
+          }
+        }
+        logger2.info("Config reloaded, rebuilding pipeline");
+        const rebuilt = buildPipelines(newConfig);
+        currentPipeline = rebuilt.pipeline;
+        currentResponsePipeline = rebuilt.responsePipeline;
+        currentConfig = newConfig;
+      },
+      logger2,
+      config
+    );
+    logger2.info("Config watcher started", { path: configPath });
+  }
+  const shutdownHandle = registerShutdownHandlers({
+    socketServer,
+    serverManager,
+    db,
+    pidFile,
+    timeout: config.daemon.shutdown_timeout * 1e3,
+    logger: logger2,
+    onBeforeShutdown: async () => {
+      configWatcher?.stop();
+      await dashboardServer.close();
+    }
+  });
+  logger2.info("Daemon started", {
+    socket: config.daemon.socket_path,
+    servers: Object.keys(config.servers),
+    pid: process.pid,
+    dashboard: config.daemon.dashboard_port
+  });
+  return {
+    shutdown() {
+      return shutdownHandle.shutdown();
+    },
+    getDashboardPort() {
+      return dashboardServer.getPort();
+    },
+    getDashboardToken() {
+      return dashboardServer.getAuthToken();
+    }
+  };
+}
+function extractToolOrResource(data) {
+  if (data.method === "tools/call") {
+    return data.params?.["name"];
+  }
+  if (data.method === "resources/read") {
+    return data.params?.["uri"];
+  }
+  return void 0;
+}
+
+// src/bridge/index.ts
+import { connect as connect2 } from "net";
+
+// src/bridge/auth.ts
+init_errors();
+init_constants();
+function writeFramed2(socket, data) {
+  const json = JSON.stringify(data);
+  const payload = Buffer.from(json, "utf-8");
+  const header = Buffer.alloc(4);
+  header.writeUInt32BE(payload.length, 0);
+  socket.write(Buffer.concat([header, payload]));
+}
+function readFramed(socket, timeout) {
+  return new Promise((resolve, reject) => {
+    let buffer = Buffer.alloc(0);
+    const timer = setTimeout(() => {
+      cleanup();
+      reject(new AuthError("Auth response timeout"));
+    }, timeout);
+    function onData(chunk) {
+      buffer = Buffer.concat([buffer, chunk]);
+      if (buffer.length >= 4) {
+        const length = buffer.readUInt32BE(0);
+        if (buffer.length >= 4 + length) {
+          cleanup();
+          const json = buffer.subarray(4, 4 + length).toString("utf-8");
+          try {
+            resolve(JSON.parse(json));
+          } catch {
+            reject(new AuthError("Invalid auth response"));
+          }
+        }
+      }
+    }
+    function onError(err) {
+      cleanup();
+      reject(new AuthError(`Socket error during auth: ${err.message}`));
+    }
+    function cleanup() {
+      clearTimeout(timer);
+      socket.removeListener("data", onData);
+      socket.removeListener("error", onError);
+    }
+    socket.on("data", onData);
+    socket.on("error", onError);
+  });
+}
+async function authenticateToDaemon(socket, keyPath) {
+  const key = await readDaemonKey(keyPath);
+  writeFramed2(socket, { type: "auth", key: key.toString("hex") });
+  const response = await readFramed(socket, AUTH_TIMEOUT);
+  if (response.type !== "auth_ok") {
+    const reason = response.reason ?? "Unknown auth failure";
+    throw new AuthError(`Daemon auth failed: ${reason}`);
+  }
+}
+
+// src/daemon/auto-start.ts
+init_constants();
+init_errors();
+import { connect } from "net";
+import { fork } from "child_process";
+import { fileURLToPath as fileURLToPath2 } from "url";
+import { dirname as dirname3, join as join7 } from "path";
+async function isDaemonRunning(socketPath) {
+  const path = socketPath ?? DEFAULT_SOCKET_PATH;
+  return new Promise((resolve) => {
+    const socket = connect(path);
+    const timeout = setTimeout(() => {
+      socket.destroy();
+      resolve(false);
+    }, 1e3);
+    socket.on("connect", () => {
+      clearTimeout(timeout);
+      socket.destroy();
+      resolve(true);
+    });
+    socket.on("error", () => {
+      clearTimeout(timeout);
+      resolve(false);
+    });
+  });
+}
+async function autoStartDaemon(configPath, socketPath) {
+  const thisFile = fileURLToPath2(import.meta.url);
+  const cliPath = join7(dirname3(thisFile), "..", "cli.js");
+  const args = ["start", "--daemon"];
+  if (configPath) {
+    args.push("--config", configPath);
+  }
+  const child = fork(cliPath, args, {
+    detached: true,
+    stdio: "ignore"
+  });
+  child.unref();
+  const maxWait = 3e3;
+  const interval = 100;
+  let waited = 0;
+  while (waited < maxWait) {
+    await new Promise((r) => setTimeout(r, interval));
+    waited += interval;
+    if (await isDaemonRunning(socketPath)) {
+      return;
+    }
+  }
+  throw new BridgeError("Daemon failed to start within timeout");
+}
+
+// src/bridge/index.ts
+init_constants();
+init_errors();
+
+// src/identity/token-store.ts
+init_constants();
+init_errors();
+import { readFile as readFile4, writeFile as writeFile5, unlink as unlink2, readdir, mkdir as mkdir4, chmod as chmod2 } from "fs/promises";
+import { join as join8 } from "path";
+function createTokenStore(home) {
+  const tokenDir = join8(home, OAUTH_TOKEN_DIR);
+  async function ensureDir() {
+    await mkdir4(tokenDir, { recursive: true, mode: 448 });
+  }
+  function tokenPath(name) {
+    const safeName = name.replace(/[^a-zA-Z0-9_-]/g, "_");
+    return join8(tokenDir, `${safeName}.json`);
+  }
+  return {
+    async save(name, token) {
+      await ensureDir();
+      const path = tokenPath(name);
+      await writeFile5(path, JSON.stringify(token), { mode: OAUTH_TOKEN_FILE_MODE });
+      await chmod2(path, OAUTH_TOKEN_FILE_MODE);
+    },
+    async load(name) {
+      const path = tokenPath(name);
+      try {
+        const data = await readFile4(path, "utf-8");
+        return JSON.parse(data);
+      } catch (err) {
+        if (err.code === "ENOENT") {
+          return null;
+        }
+        throw new OAuthError(`Failed to read token: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    },
+    async remove(name) {
+      const path = tokenPath(name);
+      try {
+        await unlink2(path);
+      } catch (err) {
+        if (err.code === "ENOENT") {
+          return;
+        }
+        throw new OAuthError(`Failed to remove token: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    },
+    async list() {
+      try {
+        const files = await readdir(tokenDir);
+        return files.filter((f) => f.endsWith(".json")).map((f) => f.replace(/\.json$/, ""));
+      } catch (err) {
+        if (err.code === "ENOENT") {
+          return [];
+        }
+        throw new OAuthError(`Failed to list tokens: ${err instanceof Error ? err.message : String(err)}`);
+      }
+    }
+  };
+}
+
+// src/bridge/index.ts
+async function startBridge(serverName, configPath, options) {
+  const socketPath = options?.socketPath ?? DEFAULT_SOCKET_PATH;
+  const keyPath = options?.keyPath ?? DEFAULT_DAEMON_KEY_PATH;
+  const home = options?.home ?? DEFAULT_HOME;
+  let bearerToken;
+  try {
+    const { loadConfig: loadConfig2 } = await Promise.resolve().then(() => (init_loader(), loader_exports));
+    const bridgeConfig = await loadConfig2(configPath);
+    if (bridgeConfig.auth.mode === "oauth") {
+      const tokenStore = createTokenStore(home);
+      const stored = await tokenStore.load(serverName) ?? await tokenStore.load("default");
+      if (stored) {
+        const now = Math.floor(Date.now() / 1e3);
+        if (stored.expires_at > now) {
+          bearerToken = stored.access_token;
+        } else {
+          process.stderr.write("OAuth token expired \u2014 run `mcp-guard auth login` to refresh\n");
+        }
+      }
+    }
+  } catch {
+  }
+  if (!await isDaemonRunning(socketPath)) {
+    await autoStartDaemon(configPath, socketPath);
+  }
+  const socket = connect2(socketPath);
+  await new Promise((resolve, reject) => {
+    socket.on("connect", resolve);
+    socket.on("error", (err) => reject(new BridgeError(`Cannot connect to daemon: ${err.message}`)));
+  });
+  await authenticateToDaemon(socket, keyPath);
+  let stdinBuffer = Buffer.alloc(0);
+  process.stdin.on("data", (chunk) => {
+    stdinBuffer = Buffer.concat([stdinBuffer, chunk]);
+    while (true) {
+      const newline = stdinBuffer.indexOf(10);
+      if (newline === -1) break;
+      const line = stdinBuffer.subarray(0, newline).toString("utf-8").trim();
+      stdinBuffer = stdinBuffer.subarray(newline + 1);
+      if (line.length === 0) continue;
+      try {
+        const data = JSON.parse(line);
+        if (bearerToken && data.params) {
+          data.params = { ...data.params, _bearer_token: bearerToken };
+        } else if (bearerToken && !data.params) {
+          data.params = { _bearer_token: bearerToken };
+        }
+        const msg = JSON.stringify({ type: "mcp", server: serverName, data });
+        const payload = Buffer.from(msg, "utf-8");
+        const header = Buffer.alloc(4);
+        header.writeUInt32BE(payload.length, 0);
+        socket.write(Buffer.concat([header, payload]));
+      } catch {
+      }
+    }
+  });
+  let socketBuffer = Buffer.alloc(0);
+  socket.on("data", (chunk) => {
+    socketBuffer = Buffer.concat([socketBuffer, chunk]);
+    while (socketBuffer.length >= 4) {
+      const length = socketBuffer.readUInt32BE(0);
+      if (length > MAX_MESSAGE_SIZE) {
+        socketBuffer = Buffer.alloc(0);
+        return;
+      }
+      if (socketBuffer.length < 4 + length) break;
+      const json = socketBuffer.subarray(4, 4 + length).toString("utf-8");
+      socketBuffer = socketBuffer.subarray(4 + length);
+      try {
+        const msg = JSON.parse(json);
+        if (msg.type === "mcp" && msg.data) {
+          process.stdout.write(JSON.stringify(msg.data) + "\n");
+        } else if (msg.type === "shutdown") {
+          process.exit(1);
+        } else if (msg.type === "error") {
+          process.stderr.write(`Daemon error: ${JSON.stringify(msg)}
+`);
+        }
+      } catch {
+      }
+    }
+  });
+  process.stdin.on("end", () => {
+    socket.destroy();
+    process.exit(0);
+  });
+  socket.on("close", () => {
+    process.exit(1);
+  });
+  socket.on("error", (err) => {
+    process.stderr.write(`Bridge socket error: ${err.message}
+`);
+    process.exit(1);
+  });
+}
+
+// src/audit/query.ts
+function queryAuditLogs(db, filters) {
+  const store = createAuditStore(db);
+  return store.query(filters);
+}
+function formatAuditRow(row) {
+  const status = row.allowed ? "\x1B[32mALLOW\x1B[0m" : "\x1B[31mBLOCK\x1B[0m";
+  const blockInfo = row.blocked_by ? ` [${row.blocked_by}: ${row.block_reason}]` : "";
+  const tool = row.tool_or_resource ? ` \u2192 ${row.tool_or_resource}` : "";
+  const latency = row.latency_ms !== null ? ` (${row.latency_ms.toFixed(1)}ms)` : "";
+  return `${row.timestamp} ${status} ${row.identity_username}@${row.server} ${row.method}${tool}${blockInfo}${latency}`;
+}
+
+// src/identity/oauth-flow.ts
+init_constants();
+init_errors();
+import * as oauth from "oauth4webapi";
+import { createServer as createServer3 } from "http";
+async function executeOAuthFlow(options) {
+  const callbackPort = options.callbackPort ?? OAUTH_CALLBACK_PORT;
+  const redirectUri = `http://127.0.0.1:${callbackPort}/callback`;
+  const issuerUrl = new URL(options.issuer);
+  const discoveryResponse = await oauth.discoveryRequest(issuerUrl);
+  const authServer = await oauth.processDiscoveryResponse(issuerUrl, discoveryResponse);
+  if (!authServer.authorization_endpoint) {
+    throw new OAuthError("OAuth provider missing authorization_endpoint");
+  }
+  if (!authServer.token_endpoint) {
+    throw new OAuthError("OAuth provider missing token_endpoint");
+  }
+  const codeVerifier = oauth.generateRandomCodeVerifier();
+  const codeChallenge = await oauth.calculatePKCECodeChallenge(codeVerifier);
+  const authUrl = new URL(authServer.authorization_endpoint);
+  authUrl.searchParams.set("client_id", options.clientId);
+  authUrl.searchParams.set("redirect_uri", redirectUri);
+  authUrl.searchParams.set("response_type", "code");
+  authUrl.searchParams.set("scope", options.scopes.join(" "));
+  authUrl.searchParams.set("code_challenge", codeChallenge);
+  authUrl.searchParams.set("code_challenge_method", "S256");
+  const state = oauth.generateRandomState();
+  authUrl.searchParams.set("state", state);
+  const callbackParams = await waitForCallback(callbackPort, authUrl.toString());
+  const client = { client_id: options.clientId };
+  const validatedParams = oauth.validateAuthResponse(authServer, client, callbackParams, state);
+  const clientAuth = options.clientSecret ? oauth.ClientSecretPost(options.clientSecret) : oauth.None();
+  const tokenResponse = await oauth.authorizationCodeGrantRequest(
+    authServer,
+    client,
+    clientAuth,
+    validatedParams,
+    redirectUri,
+    codeVerifier
+  );
+  const result = await oauth.processAuthorizationCodeResponse(authServer, client, tokenResponse);
+  const expiresIn = result.expires_in ?? 3600;
+  const expiresAt = Math.floor(Date.now() / 1e3) + expiresIn;
+  return {
+    access_token: result.access_token,
+    refresh_token: result.refresh_token,
+    id_token: result.id_token,
+    expires_at: expiresAt,
+    scope: result.scope ?? options.scopes.join(" ")
+  };
+}
+async function waitForCallback(port, authUrl) {
+  return new Promise((resolve, reject) => {
+    const server = createServer3((req, res) => {
+      const url = new URL(req.url ?? "/", `http://127.0.0.1:${port}`);
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end("Not found");
+        return;
+      }
+      const error = url.searchParams.get("error");
+      if (error) {
+        const desc = url.searchParams.get("error_description") ?? error;
+        res.writeHead(200, { "Content-Type": "text/html" });
+        res.end("<html><body><h1>Authentication Failed</h1><p>You can close this window.</p></body></html>");
+        clearTimeout(timeout);
+        server.close();
+        reject(new OAuthError(`OAuth authorization failed: ${desc}`));
+        return;
+      }
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end("<html><body><h1>Authentication Successful</h1><p>You can close this window.</p></body></html>");
+      clearTimeout(timeout);
+      server.close();
+      resolve(url.searchParams);
+    });
+    server.listen(port, "127.0.0.1", () => {
+      openBrowser(authUrl).catch(() => {
+        console.log(`
+Open this URL in your browser to authenticate:
+
+  ${authUrl}
+`);
+      });
+    });
+    const timeout = setTimeout(() => {
+      server.close();
+      reject(new OAuthError("OAuth flow timed out \u2014 no authorization callback received"));
+    }, OAUTH_CALLBACK_TIMEOUT);
+  });
+}
+async function openBrowser(url) {
+  const { execFile } = await import("child_process");
+  const { promisify } = await import("util");
+  const execFileAsync = promisify(execFile);
+  const platform2 = process.platform;
+  if (platform2 === "darwin") {
+    await execFileAsync("open", [url]);
+  } else if (platform2 === "linux") {
+    await execFileAsync("xdg-open", [url]);
+  } else if (platform2 === "win32") {
+    await execFileAsync("cmd", ["/c", "start", "", url]);
+  } else {
+    throw new Error(`Unsupported platform: ${platform2}`);
+  }
+}
+
+// src/cli/init.ts
+init_schema();
+import { readFile as readFile5, writeFile as writeFile6, access } from "fs/promises";
+import { join as join9 } from "path";
+import { homedir as homedir2, platform } from "os";
+import yaml2 from "js-yaml";
+function getClientConfigs() {
+  const home = homedir2();
+  const os = platform();
+  const configs = [];
+  if (os === "darwin") {
+    configs.push({
+      name: "claude-desktop",
+      paths: [join9(home, "Library/Application Support/Claude/claude_desktop_config.json")],
+      serverKey: "mcpServers"
+    });
+  } else if (os === "win32") {
+    const appData = process.env.APPDATA ?? join9(home, "AppData/Roaming");
+    configs.push({
+      name: "claude-desktop",
+      paths: [join9(appData, "Claude/claude_desktop_config.json")],
+      serverKey: "mcpServers"
+    });
+  }
+  configs.push({
+    name: "claude-code",
+    paths: [
+      join9(home, ".claude.json"),
+      join9(home, ".config/claude/settings.json")
+    ],
+    serverKey: "mcpServers"
+  });
+  configs.push({
+    name: "cursor",
+    paths: [
+      join9(home, ".cursor/mcp.json"),
+      join9(home, ".config/cursor/mcp.json")
+    ],
+    serverKey: "mcpServers"
+  });
+  configs.push({
+    name: "vscode",
+    paths: [
+      join9(home, ".vscode/mcp.json")
+    ],
+    serverKey: "servers"
+  });
+  configs.push({
+    name: "windsurf",
+    paths: [
+      join9(home, ".codeium/windsurf/mcp_config.json")
+    ],
+    serverKey: "mcpServers"
+  });
+  return configs;
+}
+async function fileExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function extractServers(data, serverKey, source) {
+  const serversObj = data[serverKey];
+  if (!serversObj || typeof serversObj !== "object") return [];
+  const servers = [];
+  for (const [name, config] of Object.entries(serversObj)) {
+    if (!config || typeof config !== "object") continue;
+    const command = typeof config.command === "string" ? config.command : void 0;
+    if (!command) continue;
+    const args = Array.isArray(config.args) ? config.args.filter((a) => typeof a === "string") : [];
+    const env = {};
+    if (config.env && typeof config.env === "object") {
+      for (const [k, v] of Object.entries(config.env)) {
+        if (typeof v === "string") {
+          env[k] = `\${${k}}`;
+        }
+      }
+    }
+    servers.push({ name, command, args, env, source });
+  }
+  return servers;
+}
+function deduplicateServers(servers) {
+  const seen = /* @__PURE__ */ new Map();
+  for (const server of servers) {
+    const envKey = Object.keys(server.env).sort().join(",");
+    const key = `${server.command}:${server.args.join(",")}:${envKey}`;
+    if (!seen.has(key)) {
+      seen.set(key, server);
+    }
+  }
+  return [...seen.values()];
+}
+function generateConfig(servers) {
+  const serversObj = {};
+  for (const server of servers) {
+    const entry = {
+      transport: "stdio",
+      command: server.command,
+      args: server.args
+    };
+    if (Object.keys(server.env).length > 0) {
+      entry.env = server.env;
+    }
+    serversObj[server.name] = entry;
+  }
+  const config = {
+    servers: serversObj,
+    daemon: {
+      log_level: "info"
+    }
+  };
+  return yaml2.dump(config, { lineWidth: 120, quotingType: '"', forceQuotes: false });
+}
+function generateInstructions(servers) {
+  const lines = [
+    "",
+    "To use MCP-Guard, update your MCP client config to route servers through the proxy:",
+    ""
+  ];
+  const serverNames = [...new Set(servers.map((s) => s.name))];
+  for (const name of serverNames) {
+    lines.push(`  "${name}": {`);
+    lines.push(`    "command": "mcp-guard",`);
+    lines.push(`    "args": ["connect", "--server", "${name}"]`);
+    lines.push(`  }`);
+    lines.push("");
+  }
+  lines.push("The daemon auto-starts on first connection.");
+  return lines.join("\n");
+}
+async function runInit(opts) {
+  const clientConfigs = getClientConfigs();
+  const toScan = opts.client ? clientConfigs.filter((c) => c.name === opts.client) : clientConfigs;
+  if (opts.client && toScan.length === 0) {
+    const validClients = clientConfigs.map((c) => c.name).join(", ");
+    console.error(`Unknown client: ${opts.client}. Valid clients: ${validClients}`);
+    process.exit(1);
+  }
+  const allServers = [];
+  for (const client of toScan) {
+    for (const configPath of client.paths) {
+      if (!await fileExists(configPath)) continue;
+      try {
+        const content = await readFile5(configPath, "utf-8");
+        const data = JSON.parse(content);
+        const servers = extractServers(data, client.serverKey, client.name);
+        if (servers.length > 0) {
+          console.log(`Found ${servers.length} server(s) in ${client.name} (${configPath})`);
+          allServers.push(...servers);
+        }
+      } catch (err) {
+        console.warn(`Skipping ${configPath}: ${err instanceof SyntaxError ? "invalid JSON" : err}`);
+      }
+    }
+  }
+  if (allServers.length === 0) {
+    console.log("No MCP server configurations found.");
+    console.log("");
+    console.log("Looked in:");
+    for (const client of toScan) {
+      for (const p of client.paths) {
+        console.log(`  ${client.name}: ${p}`);
+      }
+    }
+    console.log("");
+    console.log("You can create a config manually \u2014 see mcp-guard.example.yaml");
+    return;
+  }
+  const deduplicated = deduplicateServers(allServers);
+  const yamlContent = generateConfig(deduplicated);
+  const parsed = yaml2.load(yamlContent);
+  const validation = configSchema.safeParse(parsed);
+  if (!validation.success) {
+    console.error("Generated config failed validation (this is a bug):");
+    for (const issue of validation.error.issues) {
+      console.error(`  ${issue.path.join(".")}: ${issue.message}`);
+    }
+    process.exit(1);
+  }
+  if (opts.dryRun) {
+    console.log("---");
+    process.stdout.write(yamlContent);
+  } else {
+    await writeFile6(opts.output, yamlContent, "utf-8");
+    console.log(`Config written to ${opts.output}`);
+  }
+  console.log(generateInstructions(deduplicated));
+}
+function registerInitCommand(program2) {
+  program2.command("init").description("Generate mcp-guard.yaml from existing MCP client configs").option("-o, --output <path>", "Output path", "mcp-guard.yaml").option("--dry-run", "Print config to stdout instead of writing").option("--client <name>", "Only scan a specific client (claude-desktop, claude-code, cursor, vscode, windsurf)").action(async (opts) => {
+    try {
+      await runInit(opts);
+    } catch (err) {
+      console.error(`Failed to initialize: ${err}`);
+      process.exit(1);
+    }
+  });
+}
+
+// src/cli.ts
+var program = new Command().name("mcp-guard").description("Security proxy for MCP servers").version("0.1.0");
+program.command("start").description("Start the MCP-Guard daemon").option("-c, --config <path>", "Path to config file").option("-d, --daemon", "Run in background (detached)").action(async (opts) => {
+  if (opts.daemon) {
+    const { fork: fork2 } = await import("child_process");
+    const child = fork2(process.argv[1], ["start", "--config", opts.config ?? "mcp-guard.yaml"], {
+      detached: true,
+      stdio: "ignore"
+    });
+    child.unref();
+    console.log(`Daemon started (PID: ${child.pid})`);
+    process.exit(0);
+  }
+  try {
+    const config = await loadConfig(opts.config);
+    await startDaemon(config, opts.config);
+  } catch (err) {
+    console.error(`Failed to start daemon: ${err}`);
+    process.exit(1);
+  }
+});
+program.command("stop").description("Stop the running daemon").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const pidFile = join10(config.daemon.home, "daemon.pid");
+    const pidStr = await readFile6(pidFile, "utf-8");
+    const pid = parseInt(pidStr.trim(), 10);
+    process.kill(pid, "SIGTERM");
+    console.log(`Sent SIGTERM to daemon (PID: ${pid})`);
+    const maxWait = 1e4;
+    const interval = 200;
+    let waited = 0;
+    while (waited < maxWait) {
+      await new Promise((r) => setTimeout(r, interval));
+      waited += interval;
+      try {
+        process.kill(pid, 0);
+      } catch {
+        console.log("Daemon stopped");
+        return;
+      }
+    }
+    console.log("Daemon did not stop in time \u2014 sending SIGKILL");
+    process.kill(pid, "SIGKILL");
+    try {
+      await unlink3(pidFile);
+    } catch {
+    }
+  } catch (err) {
+    const code = err.code;
+    if (code === "ENOENT") {
+      console.log("Daemon is not running (no PID file)");
+    } else if (code === "ESRCH") {
+      console.log("Daemon process not found \u2014 cleaning up stale PID file");
+    } else {
+      console.error(`Failed to stop daemon: ${err}`);
+      process.exit(1);
+    }
+  }
+});
+program.command("connect").description("Start a bridge to proxy an MCP server through the daemon").requiredOption("-s, --server <name>", "Server name from config").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    await startBridge(opts.server, opts.config, {
+      socketPath: config.daemon.socket_path,
+      keyPath: join10(config.daemon.home, "daemon.key"),
+      home: config.daemon.home
+    });
+  } catch (err) {
+    console.error(`Bridge failed: ${err}`);
+    process.exit(1);
+  }
+});
+program.command("status").description("Show daemon status").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  const config = await loadConfig(opts.config);
+  const running = await isDaemonRunning(config.daemon.socket_path);
+  if (running) {
+    try {
+      const pidFile = join10(config.daemon.home, "daemon.pid");
+      const pidStr = await readFile6(pidFile, "utf-8");
+      console.log(`Daemon is running (PID: ${pidStr.trim()})`);
+    } catch {
+      console.log("Daemon is running");
+    }
+  } else {
+    console.log("Daemon is not running");
+  }
+});
+program.command("health").description("Check daemon health (exit 0 if healthy, 1 if not)").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  const config = await loadConfig(opts.config);
+  try {
+    const portPath = join10(config.daemon.home, "dashboard.port");
+    let dashboardPort = config.daemon.dashboard_port;
+    try {
+      const portStr = await readFile6(portPath, "utf-8");
+      dashboardPort = parseInt(portStr.trim(), 10);
+    } catch {
+    }
+    const res = await fetch(`http://127.0.0.1:${dashboardPort}/healthz`);
+    const health = await res.json();
+    console.log(JSON.stringify(health, null, 2));
+    process.exit(health.status === "healthy" ? 0 : 1);
+  } catch {
+    const running = await isDaemonRunning(config.daemon.socket_path);
+    if (running) {
+      console.log("Daemon is running (health endpoint unavailable)");
+      process.exit(0);
+    }
+    console.log("Daemon is not running");
+    process.exit(1);
+  }
+});
+program.command("dashboard-token").description("Display the dashboard auth token").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  const config = await loadConfig(opts.config);
+  const tokenPath = join10(config.daemon.home, "dashboard.token");
+  try {
+    const token = await readFile6(tokenPath, "utf-8");
+    console.log(token.trim());
+  } catch {
+    console.log("No dashboard token found \u2014 start the daemon first");
+    process.exit(1);
+  }
+});
+program.command("validate").description("Validate config file").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    await loadConfig(opts.config);
+    console.log("Config is valid");
+  } catch (err) {
+    console.error(`Config validation failed: ${err}`);
+    process.exit(1);
+  }
+});
+program.command("logs").description("Query audit logs").option("-c, --config <path>", "Path to config file").option("-s, --server <name>", "Filter by server name").option("--last <duration>", "Time range (e.g., 1h, 24h, 7d)").option("-u, --user <name>", "Filter by username").option("-m, --method <method>", "Filter by MCP method").option("-t, --type <type>", "Filter by type (allow/block)").option("-l, --limit <count>", "Maximum results", "100").action(
+  async (opts) => {
+    let db;
+    try {
+      const config = await loadConfig(opts.config);
+      const dbPath = join10(config.daemon.home, "mcp-guard.db");
+      const dbOptions = { path: dbPath };
+      if (config.daemon.encryption.enabled) {
+        const keyPath = join10(config.daemon.home, "daemon.key");
+        try {
+          const daemonKey = await readDaemonKey(keyPath);
+          dbOptions.encryptionKey = deriveDbEncryptionKey(daemonKey);
+        } catch {
+          console.error("Cannot read daemon key for encrypted database \u2014 is the daemon running?");
+          process.exit(1);
+        }
+      }
+      db = openDatabase(dbOptions);
+      const parsedLimit = parseInt(opts.limit, 10);
+      const limit = Number.isNaN(parsedLimit) || parsedLimit < 1 ? 100 : Math.min(parsedLimit, 1e4);
+      const rows = queryAuditLogs(db, {
+        server: opts.server,
+        last: opts.last,
+        user: opts.user,
+        method: opts.method,
+        type: opts.type,
+        limit
+      });
+      if (rows.length === 0) {
+        console.log("No audit log entries found");
+      } else {
+        for (const row of rows) {
+          console.log(formatAuditRow(row));
+        }
+        console.log(`
+${rows.length} entries`);
+      }
+    } catch (err) {
+      const code = err.code;
+      if (code === "SQLITE_CANTOPEN" || code === "ENOENT") {
+        console.log("No audit database found \u2014 is the daemon running?");
+      } else {
+        console.error(`Failed to query logs: ${err}`);
+        process.exit(1);
+      }
+    } finally {
+      db?.close();
+    }
+  }
+);
+var authCmd = program.command("auth").description("Manage OAuth authentication");
+authCmd.command("login").description("Authenticate with the configured OAuth provider").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    if (config.auth.mode !== "oauth" || !config.auth.oauth) {
+      console.error('OAuth is not configured (auth.mode must be "oauth")');
+      process.exit(1);
+    }
+    const result = await executeOAuthFlow({
+      issuer: config.auth.oauth.issuer,
+      clientId: config.auth.oauth.client_id,
+      clientSecret: config.auth.oauth.client_secret,
+      scopes: config.auth.oauth.scopes
+    });
+    const store = createTokenStore(config.daemon.home);
+    await store.save("default", {
+      access_token: result.access_token,
+      refresh_token: result.refresh_token,
+      id_token: result.id_token,
+      expires_at: result.expires_at,
+      scope: result.scope
+    });
+    console.log("Authentication successful \u2014 token stored");
+  } catch (err) {
+    console.error(`Authentication failed: ${err}`);
+    process.exit(1);
+  }
+});
+authCmd.command("status").description("Show current OAuth token status").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const store = createTokenStore(config.daemon.home);
+    const token = await store.load("default");
+    if (!token) {
+      console.log("Not authenticated \u2014 run `mcp-guard auth login`");
+      return;
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    const expired = token.expires_at < now;
+    const remaining = token.expires_at - now;
+    console.log(`Status: ${expired ? "EXPIRED" : "Valid"}`);
+    if (!expired) {
+      console.log(`Expires in: ${Math.floor(remaining / 60)} minutes`);
+    }
+    console.log(`Scope: ${token.scope}`);
+    try {
+      const parts = token.access_token.split(".");
+      if (parts.length === 3) {
+        const payload = JSON.parse(Buffer.from(parts[1], "base64url").toString());
+        console.log(`Subject: ${payload.sub ?? "unknown"}`);
+      }
+    } catch {
+    }
+  } catch (err) {
+    console.error(`Failed to check status: ${err}`);
+    process.exit(1);
+  }
+});
+authCmd.command("logout").description("Remove stored OAuth tokens").option("-c, --config <path>", "Path to config file").action(async (opts) => {
+  try {
+    const config = await loadConfig(opts.config);
+    const store = createTokenStore(config.daemon.home);
+    await store.remove("default");
+    console.log("Logged out \u2014 tokens removed");
+  } catch (err) {
+    console.error(`Failed to logout: ${err}`);
+    process.exit(1);
+  }
+});
+registerInitCommand(program);
+program.parse();
+//# sourceMappingURL=cli.js.map