@mcp-guardian/server 0.3.0 → 0.5.0

package/dist/database/postgres-db.js

@@ -0,0 +1,118 @@
+/**
+ * PostgreSQL implementation of IDatabase for horizontal scaling.
+ * Uses connection pool for production workloads.
+ * Enable with: DB_TYPE=postgres DATABASE_URL=postgresql://user:pass@host:5432/db
+ */
+import { Pool } from 'pg';
+import { Logger } from '../utils/logger.js';
+export class PostgresDatabase {
+    pool;
+    initialized = false;
+    connectionString;
+    constructor() {
+        this.connectionString = process.env['DATABASE_URL'] || 'postgresql://localhost:5432/mcp_guardian';
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        this.pool = new Pool({
+            connectionString: this.connectionString,
+            max: 10,
+            idleTimeoutMillis: 30000,
+        });
+        const client = await this.pool.connect();
+        try {
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS security_scans (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          score INTEGER NOT NULL,
+          cve_count INTEGER NOT NULL DEFAULT 0,
+          details JSONB
+        )
+      `);
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS cost_records (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          tokens_used INTEGER NOT NULL,
+          cost_usd REAL NOT NULL
+        )
+      `);
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS health_checks (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          latency_ms INTEGER NOT NULL,
+          success INTEGER NOT NULL,
+          tool_count INTEGER NOT NULL
+        )
+      `);
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS call_records (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          tool_name TEXT NOT NULL,
+          request_tokens INTEGER NOT NULL DEFAULT 0,
+          response_tokens INTEGER NOT NULL DEFAULT 0,
+          total_tokens INTEGER NOT NULL DEFAULT 0,
+          duration_ms INTEGER NOT NULL DEFAULT 0
+        )
+      `);
+            await client.query('CREATE INDEX IF NOT EXISTS idx_security_server ON security_scans(server_name)');
+            await client.query('CREATE INDEX IF NOT EXISTS idx_cost_server ON cost_records(server_name)');
+            await client.query('CREATE INDEX IF NOT EXISTS idx_health_server ON health_checks(server_name)');
+            await client.query('CREATE INDEX IF NOT EXISTS idx_call_server ON call_records(server_name)');
+            this.initialized = true;
+            Logger.info('PostgreSQL database initialized');
+        }
+        finally {
+            client.release();
+        }
+    }
+    async getRecentSuccessRate(serverName) {
+        const result = await this.pool.query('SELECT AVG(success) as avg FROM health_checks WHERE server_name = $1 ORDER BY timestamp DESC LIMIT 10', [serverName]);
+        if (result.rows.length > 0 && result.rows[0].avg !== null) {
+            return Number(result.rows[0].avg);
+        }
+        return 1;
+    }
+    async addSecurityScan(serverName, score, cveCount, details) {
+        await this.pool.query('INSERT INTO security_scans (server_name, score, cve_count, details) VALUES ($1, $2, $3, $4)', [serverName, score, cveCount, JSON.stringify(details)]);
+    }
+    async addCostRecord(serverName, tokens, cost) {
+        await this.pool.query('INSERT INTO cost_records (server_name, tokens_used, cost_usd) VALUES ($1, $2, $3)', [serverName, tokens, cost]);
+    }
+    async addHealthCheck(serverName, latency, success, toolCount) {
+        await this.pool.query('INSERT INTO health_checks (server_name, latency_ms, success, tool_count) VALUES ($1, $2, $3, $4)', [serverName, latency, success ? 1 : 0, toolCount]);
+    }
+    async addCallRecord(record) {
+        await this.pool.query('INSERT INTO call_records (server_name, tool_name, request_tokens, response_tokens, total_tokens, duration_ms) VALUES ($1, $2, $3, $4, $5, $6)', [record.serverName, record.toolName, record.requestTokens, record.responseTokens, record.totalTokens, record.durationMs]);
+    }
+    async getCallRecordsForServer(serverName) {
+        const result = await this.pool.query('SELECT server_name, tool_name, request_tokens, response_tokens, total_tokens, duration_ms, timestamp::text FROM call_records WHERE server_name = $1', [serverName]);
+        return result.rows.map((row) => ({
+            serverName: row.server_name,
+            toolName: row.tool_name,
+            requestTokens: row.request_tokens,
+            responseTokens: row.response_tokens,
+            totalTokens: row.total_tokens,
+            durationMs: row.duration_ms,
+            timestamp: row.timestamp,
+        }));
+    }
+    async flush() {
+        // PostgreSQL auto-commits — no flush needed
+    }
+    async close() {
+        if (this.pool) {
+            await this.pool.end();
+            this.initialized = false;
+        }
+    }
+}
+//# sourceMappingURL=postgres-db.js.map

package/dist/database/postgres-db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgres-db.js","sourceRoot":"","sources":["../../src/database/postgres-db.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAG1B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,OAAO,gBAAgB;IACnB,IAAI,CAAQ;IACZ,WAAW,GAAG,KAAK,CAAC;IACpB,gBAAgB,CAAS;IAEjC;QACE,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0CAA0C,CAAC;IACpG,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC;YACnB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,GAAG,EAAE,EAAE;YACP,iBAAiB,EAAE,KAAK;SACzB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;;OASlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;OAQlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;;OASlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;OAWlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC,+EAA+E,CAAC,CAAC;YACpG,MAAM,MAAM,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC9F,MAAM,MAAM,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;YACjG,MAAM,MAAM,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAE9F,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,UAAkB;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,uGAAuG,EACvG,CAAC,UAAU,CAAC,CACb,CAAC;QACF,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YAC1D,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,UAAkB,EAAE,KAAa,EAAE,QAAgB,EAAE,OAAgB;QACzF,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,6FAA6F,EAC7F,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,UAAkB,EAAE,MAAc,EAAE,IAAY;QAClE,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,mFAAmF,EACnF,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,CAC3B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,UAAkB,EAAE,OAAe,EAAE,OAAgB,EAAE,SAAiB;QAC3F,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,kGAAkG,EAClG,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAClD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAuB;QACzC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,+IAA+I,EAC/I,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,CACzH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,qJAAqJ,EACrJ,CAAC,UAAU,CAAC,CACb,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;YACpC,UAAU,EAAE,GAAG,CAAC,WAAW;YAC3B,QAAQ,EAAE,GAAG,CAAC,SAAS;YACvB,aAAa,EAAE,GAAG,CAAC,cAAc;YACjC,cAAc,EAAE,GAAG,CAAC,eAAe;YACnC,WAAW,EAAE,GAAG,CAAC,YAAY;YAC7B,UAAU,EAAE,GAAG,CAAC,WAAW;YAC3B,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,KAAK;QACT,4CAA4C;IAC9C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;CACF"}

package/dist/index.js

@@ -9,7 +9,7 @@ import { Logger } from './utils/logger.js';
 import { createContainer } from './container.js';
 const container = createContainer();
 const reporter = new ReportGenerator();
-const server = new Server({ name: 'mcp-guardian', version: '0.3.0' }, { capabilities: { tools: {} } });
+const server = new Server({ name: 'mcp-guardian', version: '0.5.0' }, { capabilities: { tools: {} } });
 // ── Logging capability (MCP spec requirement) ─────────────────────
 let currentLogLevel = 'info';
 server.setRequestHandler(SetLevelRequestSchema, async (request) => {

package/dist/policy/policy-engine.d.ts

@@ -0,0 +1,19 @@
+import { PolicyConfig, PolicyDecision, CallContext, PolicyMode } from './policy-types.js';
+/**
+ * Policy Engine — evaluates every intercepted tools/call against configured rules.
+ * Supports three modes: audit (passive), warn (flag only), block (active enforcement).
+ */
+export declare class PolicyEngine {
+    private rules;
+    private mode;
+    private callCounters;
+    constructor(config: PolicyConfig);
+    /**
+     * Evaluate a tools/call request and return a decision.
+     */
+    evaluate(context: CallContext): PolicyDecision;
+    private evaluateRule;
+    private resolveAction;
+    getMode(): PolicyMode;
+}
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/policy/policy-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW,EAAgB,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAGxG;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAkC;IAC/C,OAAO,CAAC,IAAI,CAAa;IACzB,OAAO,CAAC,YAAY,CAA8D;gBAEtE,MAAM,EAAE,YAAY;IAKhC;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,WAAW,GAAG,cAAc;IAU9C,OAAO,CAAC,YAAY;IAqDpB,OAAO,CAAC,aAAa;IAMrB,OAAO,IAAI,UAAU;CAGtB"}

package/dist/policy/policy-engine.js

@@ -0,0 +1,87 @@
+import { Logger } from '../utils/logger.js';
+/**
+ * Policy Engine — evaluates every intercepted tools/call against configured rules.
+ * Supports three modes: audit (passive), warn (flag only), block (active enforcement).
+ */
+export class PolicyEngine {
+    rules;
+    mode;
+    callCounters = new Map();
+    constructor(config) {
+        this.rules = config.policy.rules;
+        this.mode = config.policy.mode;
+    }
+    /**
+     * Evaluate a tools/call request and return a decision.
+     */
+    evaluate(context) {
+        for (const rule of this.rules) {
+            const decision = this.evaluateRule(rule, context);
+            if (decision)
+                return decision;
+        }
+        // Default: pass
+        return { action: 'pass', rule: 'default', reason: 'No policy rules matched' };
+    }
+    evaluateRule(rule, ctx) {
+        // Tool allowlist/denylist
+        if (rule.tools) {
+            if (rule.tools.allow && rule.tools.allow.length > 0) {
+                if (!rule.tools.allow.includes(ctx.toolName)) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Tool '${ctx.toolName}' not in allowlist: [${rule.tools.allow.join(', ')}]` };
+                }
+            }
+            if (rule.tools.deny && rule.tools.deny.length > 0) {
+                if (rule.tools.deny.includes(ctx.toolName)) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Tool '${ctx.toolName}' is explicitly denied` };
+                }
+            }
+        }
+        // Malicious pattern detection
+        if (rule.patterns) {
+            const argsStr = ctx.arguments ? JSON.stringify(ctx.arguments) : '';
+            for (const pattern of rule.patterns) {
+                try {
+                    if (new RegExp(pattern).test(argsStr)) {
+                        return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Argument pattern '${pattern}' matched in tool call` };
+                    }
+                }
+                catch {
+                    Logger.warn(`Policy: invalid regex pattern in rule '${rule.name}': ${pattern}`);
+                }
+            }
+        }
+        // Max tokens per call
+        if (rule.maxTokens && ctx.requestTokens > rule.maxTokens) {
+            return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Token count ${ctx.requestTokens} exceeds max ${rule.maxTokens}` };
+        }
+        // Rate limiting
+        if (rule.maxCallsPerMinute) {
+            const key = `${ctx.serverName}:${ctx.toolName}`;
+            const now = Date.now();
+            let counter = this.callCounters.get(key);
+            if (!counter || now > counter.resetAt) {
+                counter = { count: 1, resetAt: now + 60000 };
+                this.callCounters.set(key, counter);
+            }
+            else {
+                counter.count++;
+                if (counter.count > rule.maxCallsPerMinute) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Rate limit exceeded: ${counter.count}/${rule.maxCallsPerMinute} calls per minute` };
+                }
+            }
+        }
+        return null;
+    }
+    resolveAction(ruleAction) {
+        if (this.mode === 'audit')
+            return 'pass';
+        if (this.mode === 'warn' && ruleAction === 'block')
+            return 'flag';
+        return ruleAction;
+    }
+    getMode() {
+        return this.mode;
+    }
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/policy/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../src/policy/policy-engine.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;GAGG;AACH,MAAM,OAAO,YAAY;IACf,KAAK,CAAkC;IACvC,IAAI,CAAa;IACjB,YAAY,GAAoD,IAAI,GAAG,EAAE,CAAC;IAElF,YAAY,MAAoB;QAC9B,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAoB;QAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;QAED,gBAAgB;QAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAChF,CAAC;IAEO,YAAY,CAAC,IAA6C,EAAE,GAAgB;QAClF,0BAA0B;QAC1B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAG,CAAC,QAAQ,wBAAwB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC3J,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAG,CAAC,QAAQ,wBAAwB,EAAE,CAAC;gBAC7H,CAAC;YACH,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACtC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,qBAAqB,OAAO,wBAAwB,EAAE,CAAC;oBACpI,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,CAAC,0CAA0C,IAAI,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACzD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,eAAe,GAAG,CAAC,aAAa,gBAAgB,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QAChJ,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;gBACtC,OAAO,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,KAAK,EAAE,CAAC;gBAC7C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,EAAE,CAAC;gBAChB,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC3C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,iBAAiB,mBAAmB,EAAE,CAAC;gBAClK,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,aAAa,CAAC,UAAwB;QAC5C,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;YAAE,OAAO,MAAM,CAAC;QACzC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,UAAU,KAAK,OAAO;YAAE,OAAO,MAAM,CAAC;QAClE,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;CACF"}

package/dist/policy/policy-types.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Policy types for the MCP Guardian active blocking engine.
+ */
+export type PolicyAction = 'pass' | 'block' | 'flag';
+export type PolicyMode = 'audit' | 'warn' | 'block';
+export interface PolicyRule {
+    name: string;
+    description?: string;
+    action: PolicyAction;
+    /** Tool name allowlist — if specified, only these tools are permitted */
+    tools?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    /** Regex patterns for blocking malicious tool arguments */
+    patterns?: string[];
+    /** Max tokens per call */
+    maxTokens?: number;
+    /** Max calls per minute per server */
+    maxCallsPerMinute?: number;
+}
+export interface PolicyConfig {
+    version: string;
+    policy: {
+        mode: PolicyMode;
+        rules: PolicyRule[];
+    };
+}
+export interface PolicyDecision {
+    action: PolicyAction;
+    rule: string;
+    reason: string;
+}
+export interface CallContext {
+    serverName: string;
+    toolName: string;
+    arguments?: Record<string, unknown>;
+    requestId: string | number;
+    requestTokens: number;
+    timestamp: string;
+}
+//# sourceMappingURL=policy-types.d.ts.map

package/dist/policy/policy-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-types.d.ts","sourceRoot":"","sources":["../../src/policy/policy-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,YAAY,CAAC;IACrB,yEAAyE;IACzE,KAAK,CAAC,EAAE;QACN,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;IACF,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE;QACN,IAAI,EAAE,UAAU,CAAC;QACjB,KAAK,EAAE,UAAU,EAAE,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/policy/policy-types.js

@@ -0,0 +1,5 @@
+/**
+ * Policy types for the MCP Guardian active blocking engine.
+ */
+export {};
+//# sourceMappingURL=policy-types.js.map

package/dist/policy/policy-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-types.js","sourceRoot":"","sources":["../../src/policy/policy-types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/policy/policy-watcher.d.ts

@@ -0,0 +1,24 @@
+import { PolicyEngine } from './policy-engine.js';
+/**
+ * Hot-reloadable policy engine wrapper.
+ * Watches a YAML policy file for changes and atomically swaps the active policy.
+ * In-flight requests continue using the old policy; new requests use the updated one.
+ */
+export declare class PolicyWatcher {
+    private current;
+    private watcher;
+    private policyPath;
+    constructor(policyPath: string);
+    private loadPolicy;
+    private startWatching;
+    /**
+     * Get the current (active) policy engine.
+     * This is always the latest loaded version.
+     */
+    get(): PolicyEngine | null;
+    /**
+     * Stop watching and clean up.
+     */
+    close(): void;
+}
+//# sourceMappingURL=policy-watcher.d.ts.map

package/dist/policy/policy-watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-watcher.d.ts","sourceRoot":"","sources":["../../src/policy/policy-watcher.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD;;;;GAIG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,UAAU,CAAS;gBAEf,UAAU,EAAE,MAAM;IAM9B,OAAO,CAAC,UAAU;IAgBlB,OAAO,CAAC,aAAa;IAmBrB;;;OAGG;IACH,GAAG,IAAI,YAAY,GAAG,IAAI;IAI1B;;OAEG;IACH,KAAK,IAAI,IAAI;CAMd"}

package/dist/policy/policy-watcher.js

@@ -0,0 +1,68 @@
+import { watch } from 'chokidar';
+import { readFileSync } from 'fs';
+import { load } from 'js-yaml';
+import { PolicyEngine } from './policy-engine.js';
+import { Logger } from '../utils/logger.js';
+/**
+ * Hot-reloadable policy engine wrapper.
+ * Watches a YAML policy file for changes and atomically swaps the active policy.
+ * In-flight requests continue using the old policy; new requests use the updated one.
+ */
+export class PolicyWatcher {
+    current = null;
+    watcher = null;
+    policyPath;
+    constructor(policyPath) {
+        this.policyPath = policyPath;
+        this.loadPolicy();
+        this.startWatching();
+    }
+    loadPolicy() {
+        try {
+            const yaml = readFileSync(this.policyPath, 'utf-8');
+            const config = load(yaml);
+            const oldMode = this.current?.getMode();
+            this.current = new PolicyEngine(config);
+            Logger.info(`[policy-watcher] Policy loaded (mode: ${config.policy.mode}, rules: ${config.policy.rules.length})${oldMode && oldMode !== config.policy.mode ? ` (mode changed from ${oldMode})` : ''}`);
+        }
+        catch (err) {
+            Logger.error(`[policy-watcher] Failed to load policy: ${err?.message}`);
+            // Don't replace the current policy on parse failure
+            if (!this.current) {
+                throw err; // No existing policy — must fail
+            }
+        }
+    }
+    startWatching() {
+        this.watcher = watch(this.policyPath, {
+            persistent: true,
+            ignoreInitial: true,
+            awaitWriteFinish: { stabilityThreshold: 300, pollInterval: 100 },
+        });
+        this.watcher.on('change', () => {
+            Logger.info(`[policy-watcher] Policy file changed, reloading...`);
+            this.loadPolicy();
+        });
+        this.watcher.on('error', (err) => {
+            Logger.error(`[policy-watcher] Watch error: ${err?.message || String(err)}`);
+        });
+        Logger.info(`[policy-watcher] Watching ${this.policyPath} for changes`);
+    }
+    /**
+     * Get the current (active) policy engine.
+     * This is always the latest loaded version.
+     */
+    get() {
+        return this.current;
+    }
+    /**
+     * Stop watching and clean up.
+     */
+    close() {
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
+        }
+    }
+}
+//# sourceMappingURL=policy-watcher.js.map

package/dist/policy/policy-watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-watcher.js","sourceRoot":"","sources":["../../src/policy/policy-watcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAa,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAE/B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;;GAIG;AACH,MAAM,OAAO,aAAa;IAChB,OAAO,GAAwB,IAAI,CAAC;IACpC,OAAO,GAAqB,IAAI,CAAC;IACjC,UAAU,CAAS;IAE3B,YAAY,UAAkB;QAC5B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC;IAEO,UAAU;QAChB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAiB,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,yCAAyC,MAAM,CAAC,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,OAAO,IAAI,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzM,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,2CAA2C,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YACxE,oDAAoD;YACpD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,GAAG,CAAC,CAAC,iCAAiC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE;YACpC,UAAU,EAAE,IAAI;YAChB,aAAa,EAAE,IAAI;YACnB,gBAAgB,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE;SACjE,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAQ,EAAE,EAAE;YACpC,MAAM,CAAC,KAAK,CAAC,iCAAiC,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,6BAA6B,IAAI,CAAC,UAAU,cAAc,CAAC,CAAC;IAC1E,CAAC;IAED;;;OAGG;IACH,GAAG;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;CACF"}

package/dist/policy/shell-tokenizer.d.ts

@@ -0,0 +1,92 @@
+/**
+ * Shell Command Tokenizer & Semantic Analyzer
+ *
+ * Parses tool argument strings into tokenized AST nodes for semantic
+ * security analysis. Goes beyond regex pattern matching by understanding
+ * shell grammar: pipelines, redirects, command substitutions, logical chains.
+ *
+ * This is the semantic detection layer that addresses the architectural
+ * limitation of regex-only detection. Instead of pattern-matching "$(rm -rf /)"
+ * we parse it as a CommandSubstitution AST node and then analyze the inner
+ * command semantically.
+ */
+export declare enum TokenType {
+    WORD = "WORD",
+    STRING = "STRING",
+    VARIABLE = "VARIABLE",
+    COMMAND_SUBSTITUTION = "COMMAND_SUBSTITUTION",
+    BACKTICK_SUBSTITUTION = "BACKTICK_SUBSTITUTION",
+    PIPE = "PIPE",
+    REDIRECT = "REDIRECT",
+    SEMICOLON = "SEMICOLON",
+    AND_IF = "AND_IF",// &&
+    OR_IF = "OR_IF",// ||
+    BACKGROUND = "BACKGROUND",
+    SUBSHELL = "SUBSHELL"
+}
+export interface Token {
+    type: TokenType;
+    value: string;
+    /** Start position in original string */
+    start: number;
+    /** End position in original string */
+    end: number;
+    /** For compound tokens (substitution, subshell), nested tokens */
+    children?: Token[];
+}
+export interface ShellAST {
+    /** Top-level commands (separated by ;, &&, ||, &) */
+    commands: Token[];
+    /** Whether the input contained potentially dangerous constructs */
+    warnings: string[];
+}
+/**
+ * Dangerous command categories for semantic analysis.
+ */
+export interface CommandRisk {
+    /** High risk: command substitution present */
+    hasCommandSubstitution: boolean;
+    /** High risk: pipe chains present */
+    hasPipes: boolean;
+    /** Medium risk: redirect operators present */
+    hasRedirects: boolean;
+    /** Medium risk: logical chain operators */
+    hasLogicalChains: boolean;
+    /** Dangerous commands detected in tokenized words */
+    dangerousCommands: string[];
+    /** Shell metacharacters found */
+    shellMetacharacters: string[];
+}
+/**
+ * ShellTokenizer parses shell-like input into an AST without executing anything.
+ * It's a security analyzer, not a full POSIX shell parser — focus is on detecting
+ * execution patterns that signal malicious intent.
+ */
+export declare class ShellTokenizer {
+    private readonly DANGEROUS_COMMANDS;
+    /**
+     * Tokenize a string that may contain shell syntax.
+     */
+    tokenize(input: string): ShellAST;
+    /**
+     * Parse the next token starting at position pos.
+     */
+    private nextToken;
+    /**
+     * Parse a delimited token like $(...), ${...}, `...`, (...).
+     * Recursively tokenizes inner content.
+     */
+    private parseDelimited;
+    /**
+     * Analyze a token for risk.
+     */
+    analyzeRisk(tokens: Token[]): CommandRisk;
+    /**
+     * Full semantic analysis: tokenize + assess risk.
+     */
+    analyze(input: string): {
+        ast: ShellAST;
+        risk: CommandRisk;
+    };
+}
+//# sourceMappingURL=shell-tokenizer.d.ts.map

package/dist/policy/shell-tokenizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-tokenizer.d.ts","sourceRoot":"","sources":["../../src/policy/shell-tokenizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,oBAAY,SAAS;IACnB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,oBAAoB,yBAAyB;IAC7C,qBAAqB,0BAA0B;IAC/C,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,SAAS,cAAc;IACvB,MAAM,WAAW,CAAM,KAAK;IAC5B,KAAK,UAAU,CAAQ,KAAK;IAC5B,UAAU,eAAe;IACzB,QAAQ,aAAa;CACtB;AAED,MAAM,WAAW,KAAK;IACpB,IAAI,EAAE,SAAS,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,sCAAsC;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,kEAAkE;IAClE,QAAQ,CAAC,EAAE,KAAK,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,QAAQ;IACvB,qDAAqD;IACrD,QAAQ,EAAE,KAAK,EAAE,CAAC;IAClB,mEAAmE;IACnE,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,8CAA8C;IAC9C,sBAAsB,EAAE,OAAO,CAAC;IAChC,qCAAqC;IACrC,QAAQ,EAAE,OAAO,CAAC;IAClB,8CAA8C;IAC9C,YAAY,EAAE,OAAO,CAAC;IACtB,2CAA2C;IAC3C,gBAAgB,EAAE,OAAO,CAAC;IAC1B,qDAAqD;IACrD,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,iCAAiC;IACjC,mBAAmB,EAAE,MAAM,EAAE,CAAC;CAC/B;AAED;;;;GAIG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAShC;IAEH;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,QAAQ;IA6BjC;;OAEG;IACH,OAAO,CAAC,SAAS;IA2IjB;;;OAGG;IACH,OAAO,CAAC,cAAc;IA0CtB;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,WAAW;IAoDzC;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,GAAG,EAAE,QAAQ,CAAC;QAAC,IAAI,EAAE,WAAW,CAAA;KAAE;CAK7D"}