@mcp-guardian/server 0.3.0 → 0.6.0

package/dist/database/postgres-db.js

@@ -0,0 +1,118 @@
+/**
+ * PostgreSQL implementation of IDatabase for horizontal scaling.
+ * Uses connection pool for production workloads.
+ * Enable with: DB_TYPE=postgres DATABASE_URL=postgresql://user:pass@host:5432/db
+ */
+import { Pool } from 'pg';
+import { Logger } from '../utils/logger.js';
+export class PostgresDatabase {
+    pool;
+    initialized = false;
+    connectionString;
+    constructor() {
+        this.connectionString = process.env['DATABASE_URL'] || 'postgresql://localhost:5432/mcp_guardian';
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        this.pool = new Pool({
+            connectionString: this.connectionString,
+            max: 10,
+            idleTimeoutMillis: 30000,
+        });
+        const client = await this.pool.connect();
+        try {
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS security_scans (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          score INTEGER NOT NULL,
+          cve_count INTEGER NOT NULL DEFAULT 0,
+          details JSONB
+        )
+      `);
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS cost_records (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          tokens_used INTEGER NOT NULL,
+          cost_usd REAL NOT NULL
+        )
+      `);
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS health_checks (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          latency_ms INTEGER NOT NULL,
+          success INTEGER NOT NULL,
+          tool_count INTEGER NOT NULL
+        )
+      `);
+            await client.query(`
+        CREATE TABLE IF NOT EXISTS call_records (
+          id SERIAL PRIMARY KEY,
+          timestamp TIMESTAMPTZ DEFAULT NOW(),
+          server_name TEXT NOT NULL,
+          tool_name TEXT NOT NULL,
+          request_tokens INTEGER NOT NULL DEFAULT 0,
+          response_tokens INTEGER NOT NULL DEFAULT 0,
+          total_tokens INTEGER NOT NULL DEFAULT 0,
+          duration_ms INTEGER NOT NULL DEFAULT 0
+        )
+      `);
+            await client.query('CREATE INDEX IF NOT EXISTS idx_security_server ON security_scans(server_name)');
+            await client.query('CREATE INDEX IF NOT EXISTS idx_cost_server ON cost_records(server_name)');
+            await client.query('CREATE INDEX IF NOT EXISTS idx_health_server ON health_checks(server_name)');
+            await client.query('CREATE INDEX IF NOT EXISTS idx_call_server ON call_records(server_name)');
+            this.initialized = true;
+            Logger.info('PostgreSQL database initialized');
+        }
+        finally {
+            client.release();
+        }
+    }
+    async getRecentSuccessRate(serverName) {
+        const result = await this.pool.query('SELECT AVG(success) as avg FROM health_checks WHERE server_name = $1 ORDER BY timestamp DESC LIMIT 10', [serverName]);
+        if (result.rows.length > 0 && result.rows[0].avg !== null) {
+            return Number(result.rows[0].avg);
+        }
+        return 1;
+    }
+    async addSecurityScan(serverName, score, cveCount, details) {
+        await this.pool.query('INSERT INTO security_scans (server_name, score, cve_count, details) VALUES ($1, $2, $3, $4)', [serverName, score, cveCount, JSON.stringify(details)]);
+    }
+    async addCostRecord(serverName, tokens, cost) {
+        await this.pool.query('INSERT INTO cost_records (server_name, tokens_used, cost_usd) VALUES ($1, $2, $3)', [serverName, tokens, cost]);
+    }
+    async addHealthCheck(serverName, latency, success, toolCount) {
+        await this.pool.query('INSERT INTO health_checks (server_name, latency_ms, success, tool_count) VALUES ($1, $2, $3, $4)', [serverName, latency, success ? 1 : 0, toolCount]);
+    }
+    async addCallRecord(record) {
+        await this.pool.query('INSERT INTO call_records (server_name, tool_name, request_tokens, response_tokens, total_tokens, duration_ms) VALUES ($1, $2, $3, $4, $5, $6)', [record.serverName, record.toolName, record.requestTokens, record.responseTokens, record.totalTokens, record.durationMs]);
+    }
+    async getCallRecordsForServer(serverName) {
+        const result = await this.pool.query('SELECT server_name, tool_name, request_tokens, response_tokens, total_tokens, duration_ms, timestamp::text FROM call_records WHERE server_name = $1', [serverName]);
+        return result.rows.map((row) => ({
+            serverName: row.server_name,
+            toolName: row.tool_name,
+            requestTokens: row.request_tokens,
+            responseTokens: row.response_tokens,
+            totalTokens: row.total_tokens,
+            durationMs: row.duration_ms,
+            timestamp: row.timestamp,
+        }));
+    }
+    async flush() {
+        // PostgreSQL auto-commits — no flush needed
+    }
+    async close() {
+        if (this.pool) {
+            await this.pool.end();
+            this.initialized = false;
+        }
+    }
+}
+//# sourceMappingURL=postgres-db.js.map

package/dist/database/postgres-db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgres-db.js","sourceRoot":"","sources":["../../src/database/postgres-db.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,IAAI,CAAC;AAG1B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,OAAO,gBAAgB;IACnB,IAAI,CAAQ;IACZ,WAAW,GAAG,KAAK,CAAC;IACpB,gBAAgB,CAAS;IAEjC;QACE,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,0CAA0C,CAAC;IACpG,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC;YACnB,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;YACvC,GAAG,EAAE,EAAE;YACP,iBAAiB,EAAE,KAAK;SACzB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;;OASlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;OAQlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;;OASlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;OAWlB,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,KAAK,CAAC,+EAA+E,CAAC,CAAC;YACpG,MAAM,MAAM,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC9F,MAAM,MAAM,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;YACjG,MAAM,MAAM,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAE9F,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;QACjD,CAAC;gBAAS,CAAC;YACT,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,CAAC;IACH,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,UAAkB;QAC3C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,uGAAuG,EACvG,CAAC,UAAU,CAAC,CACb,CAAC;QACF,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YAC1D,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,UAAkB,EAAE,KAAa,EAAE,QAAgB,EAAE,OAAgB;QACzF,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,6FAA6F,EAC7F,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,UAAkB,EAAE,MAAc,EAAE,IAAY;QAClE,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,mFAAmF,EACnF,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,CAC3B,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,UAAkB,EAAE,OAAe,EAAE,OAAgB,EAAE,SAAiB;QAC3F,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,kGAAkG,EAClG,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAClD,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,MAAuB;QACzC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CACnB,+IAA+I,EAC/I,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,UAAU,CAAC,CACzH,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB,CAAC,UAAkB;QAC9C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAClC,qJAAqJ,EACrJ,CAAC,UAAU,CAAC,CACb,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;YACpC,UAAU,EAAE,GAAG,CAAC,WAAW;YAC3B,QAAQ,EAAE,GAAG,CAAC,SAAS;YACvB,aAAa,EAAE,GAAG,CAAC,cAAc;YACjC,cAAc,EAAE,GAAG,CAAC,eAAe;YACnC,WAAW,EAAE,GAAG,CAAC,YAAY;YAC7B,UAAU,EAAE,GAAG,CAAC,WAAW;YAC3B,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC,CAAC,CAAC;IACN,CAAC;IAED,KAAK,CAAC,KAAK;QACT,4CAA4C;IAC9C,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;CACF"}

package/dist/index.js

@@ -9,7 +9,7 @@ import { Logger } from './utils/logger.js';
 import { createContainer } from './container.js';
 const container = createContainer();
 const reporter = new ReportGenerator();
-const server = new Server({ name: 'mcp-guardian', version: '0.3.0' }, { capabilities: { tools: {} } });
+const server = new Server({ name: 'mcp-guardian', version: '0.6.0' }, { capabilities: { tools: {} } });
 // ── Logging capability (MCP spec requirement) ─────────────────────
 let currentLogLevel = 'info';
 server.setRequestHandler(SetLevelRequestSchema, async (request) => {

package/dist/policy/policy-engine.d.ts

@@ -0,0 +1,19 @@
+import { PolicyConfig, PolicyDecision, CallContext, PolicyMode } from './policy-types.js';
+/**
+ * Policy Engine — evaluates every intercepted tools/call against configured rules.
+ * Supports three modes: audit (passive), warn (flag only), block (active enforcement).
+ */
+export declare class PolicyEngine {
+    private rules;
+    private mode;
+    private callCounters;
+    constructor(config: PolicyConfig);
+    /**
+     * Evaluate a tools/call request and return a decision.
+     */
+    evaluate(context: CallContext): PolicyDecision;
+    private evaluateRule;
+    private resolveAction;
+    getMode(): PolicyMode;
+}
+//# sourceMappingURL=policy-engine.d.ts.map

package/dist/policy/policy-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../../src/policy/policy-engine.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,WAAW,EAAgB,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAGxG;;;GAGG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAkC;IAC/C,OAAO,CAAC,IAAI,CAAa;IACzB,OAAO,CAAC,YAAY,CAA8D;gBAEtE,MAAM,EAAE,YAAY;IAKhC;;OAEG;IACH,QAAQ,CAAC,OAAO,EAAE,WAAW,GAAG,cAAc;IAU9C,OAAO,CAAC,YAAY;IA2EpB,OAAO,CAAC,aAAa;IAMrB,OAAO,IAAI,UAAU;CAGtB"}

package/dist/policy/policy-engine.js

@@ -0,0 +1,108 @@
+import { Logger } from '../utils/logger.js';
+/**
+ * Policy Engine — evaluates every intercepted tools/call against configured rules.
+ * Supports three modes: audit (passive), warn (flag only), block (active enforcement).
+ */
+export class PolicyEngine {
+    rules;
+    mode;
+    callCounters = new Map();
+    constructor(config) {
+        this.rules = config.policy.rules;
+        this.mode = config.policy.mode;
+    }
+    /**
+     * Evaluate a tools/call request and return a decision.
+     */
+    evaluate(context) {
+        for (const rule of this.rules) {
+            const decision = this.evaluateRule(rule, context);
+            if (decision)
+                return decision;
+        }
+        // Default: pass
+        return { action: 'pass', rule: 'default', reason: 'No policy rules matched' };
+    }
+    evaluateRule(rule, ctx) {
+        // Tool allowlist/denylist
+        if (rule.tools) {
+            if (rule.tools.allow && rule.tools.allow.length > 0) {
+                if (!rule.tools.allow.includes(ctx.toolName)) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Tool '${ctx.toolName}' not in allowlist: [${rule.tools.allow.join(', ')}]` };
+                }
+            }
+            if (rule.tools.deny && rule.tools.deny.length > 0) {
+                if (rule.tools.deny.includes(ctx.toolName)) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Tool '${ctx.toolName}' is explicitly denied` };
+                }
+            }
+        }
+        // Malicious pattern detection
+        if (rule.patterns) {
+            const argsStr = ctx.arguments ? JSON.stringify(ctx.arguments) : '';
+            for (const pattern of rule.patterns) {
+                try {
+                    if (new RegExp(pattern).test(argsStr)) {
+                        return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Argument pattern '${pattern}' matched in tool call` };
+                    }
+                }
+                catch {
+                    Logger.warn(`Policy: invalid regex pattern in rule '${rule.name}': ${pattern}`);
+                }
+            }
+        }
+        // Max tokens per call
+        if (rule.maxTokens && ctx.requestTokens > rule.maxTokens) {
+            return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Token count ${ctx.requestTokens} exceeds max ${rule.maxTokens}` };
+        }
+        // v0.5.1: RBAC — scope and client_id constraints
+        if (rule.rbac) {
+            const identity = ctx.agentIdentity;
+            if (!identity) {
+                return { action: this.resolveAction(rule.action), rule: rule.name, reason: `RBAC rule '${rule.name}' requires agent identity but none provided` };
+            }
+            if (rule.rbac.scopes && rule.rbac.scopes.length > 0) {
+                const agentScopes = identity.scopes || [];
+                const hasScope = rule.rbac.scopes.some(s => agentScopes.includes(s));
+                if (!hasScope) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Agent '${identity.sub}' missing required scope. Need one of: [${rule.rbac.scopes.join(', ')}], have: [${agentScopes.join(', ') || 'none'}]` };
+                }
+            }
+            if (rule.rbac.clientIds && rule.rbac.clientIds.length > 0) {
+                const clientId = identity.clientId || '';
+                const matches = rule.rbac.clientIds.some(pattern => new RegExp(pattern).test(clientId));
+                if (!matches) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Client ID '${clientId}' not allowed. Allowed patterns: [${rule.rbac.clientIds.join(', ')}]` };
+                }
+            }
+        }
+        // Rate limiting
+        if (rule.maxCallsPerMinute) {
+            const key = `${ctx.serverName}:${ctx.toolName}`;
+            const now = Date.now();
+            let counter = this.callCounters.get(key);
+            if (!counter || now > counter.resetAt) {
+                counter = { count: 1, resetAt: now + 60000 };
+                this.callCounters.set(key, counter);
+            }
+            else {
+                counter.count++;
+                if (counter.count > rule.maxCallsPerMinute) {
+                    return { action: this.resolveAction(rule.action), rule: rule.name, reason: `Rate limit exceeded: ${counter.count}/${rule.maxCallsPerMinute} calls per minute` };
+                }
+            }
+        }
+        return null;
+    }
+    resolveAction(ruleAction) {
+        if (this.mode === 'audit')
+            return 'pass';
+        if (this.mode === 'warn' && ruleAction === 'block')
+            return 'flag';
+        return ruleAction;
+    }
+    getMode() {
+        return this.mode;
+    }
+}
+//# sourceMappingURL=policy-engine.js.map

package/dist/policy/policy-engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../../src/policy/policy-engine.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;GAGG;AACH,MAAM,OAAO,YAAY;IACf,KAAK,CAAkC;IACvC,IAAI,CAAa;IACjB,YAAY,GAAoD,IAAI,GAAG,EAAE,CAAC;IAElF,YAAY,MAAoB;QAC9B,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,OAAoB;QAC3B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;QAED,gBAAgB;QAChB,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,yBAAyB,EAAE,CAAC;IAChF,CAAC;IAEO,YAAY,CAAC,IAA6C,EAAE,GAAgB;QAClF,0BAA0B;QAC1B,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAG,CAAC,QAAQ,wBAAwB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC3J,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClD,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC3C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,GAAG,CAAC,QAAQ,wBAAwB,EAAE,CAAC;gBAC7H,CAAC;YACH,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,OAAO,GAAG,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,IAAI,CAAC;oBACH,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACtC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,qBAAqB,OAAO,wBAAwB,EAAE,CAAC;oBACpI,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,CAAC,IAAI,CAAC,0CAA0C,IAAI,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;gBAClF,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACzD,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,eAAe,GAAG,CAAC,aAAa,gBAAgB,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QAChJ,CAAC;QAED,iDAAiD;QACjD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,QAAQ,GAAG,GAAG,CAAC,aAAa,CAAC;YACnC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,IAAI,CAAC,IAAI,6CAA6C,EAAE,CAAC;YACpJ,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,IAAI,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,UAAU,QAAQ,CAAC,GAAG,2CAA2C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,GAAG,EAAE,CAAC;gBAC5N,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;gBACzC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACxF,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,QAAQ,qCAAqC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC5K,CAAC;YACH,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,CAAC,OAAO,IAAI,GAAG,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;gBACtC,OAAO,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,KAAK,EAAE,CAAC;gBAC7C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,EAAE,CAAC;gBAChB,IAAI,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC3C,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,iBAAiB,mBAAmB,EAAE,CAAC;gBAClK,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,aAAa,CAAC,UAAwB;QAC5C,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO;YAAE,OAAO,MAAM,CAAC;QACzC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,UAAU,KAAK,OAAO;YAAE,OAAO,MAAM,CAAC;QAClE,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;CACF"}

package/dist/policy/policy-types.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Policy types for the MCP Guardian active blocking engine.
+ */
+export type PolicyAction = 'pass' | 'block' | 'flag';
+export type PolicyMode = 'audit' | 'warn' | 'block';
+export interface PolicyRule {
+    name: string;
+    description?: string;
+    action: PolicyAction;
+    /** Tool name allowlist — if specified, only these tools are permitted */
+    tools?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    /** Regex patterns for blocking malicious tool arguments */
+    patterns?: string[];
+    /** Max tokens per call */
+    maxTokens?: number;
+    /** Max calls per minute per server */
+    maxCallsPerMinute?: number;
+    /** v0.5.1: RBAC — scope and client_id constraints */
+    rbac?: {
+        /** Required scopes the agent must have */
+        scopes?: string[];
+        /** Allowed client IDs (regex patterns supported) */
+        clientIds?: string[];
+    };
+}
+export interface PolicyConfig {
+    version: string;
+    policy: {
+        mode: PolicyMode;
+        rules: PolicyRule[];
+    };
+}
+export interface PolicyDecision {
+    action: PolicyAction;
+    rule: string;
+    reason: string;
+}
+export interface CallContext {
+    serverName: string;
+    toolName: string;
+    arguments?: Record<string, unknown>;
+    requestId: string | number;
+    requestTokens: number;
+    timestamp: string;
+    /** v0.5.1: Agent identity from OAuth (for RBAC) */
+    agentIdentity?: import('../auth/auth-types.js').AgentIdentity;
+}
+//# sourceMappingURL=policy-types.d.ts.map

package/dist/policy/policy-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-types.d.ts","sourceRoot":"","sources":["../../src/policy/policy-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,YAAY,CAAC;IACrB,yEAAyE;IACzE,KAAK,CAAC,EAAE;QACN,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;IACF,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,sCAAsC;IACtC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,qDAAqD;IACrD,IAAI,CAAC,EAAE;QACL,0CAA0C;QAC1C,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,oDAAoD;QACpD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE;QACN,IAAI,EAAE,UAAU,CAAC;QACjB,KAAK,EAAE,UAAU,EAAE,CAAC;KACrB,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,YAAY,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,aAAa,CAAC,EAAE,OAAO,uBAAuB,EAAE,aAAa,CAAC;CAC/D"}

package/dist/policy/policy-types.js

@@ -0,0 +1,5 @@
+/**
+ * Policy types for the MCP Guardian active blocking engine.
+ */
+export {};
+//# sourceMappingURL=policy-types.js.map

package/dist/policy/policy-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-types.js","sourceRoot":"","sources":["../../src/policy/policy-types.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/policy/policy-watcher.d.ts

@@ -0,0 +1,24 @@
+import { PolicyEngine } from './policy-engine.js';
+/**
+ * Hot-reloadable policy engine wrapper.
+ * Watches a YAML policy file for changes and atomically swaps the active policy.
+ * In-flight requests continue using the old policy; new requests use the updated one.
+ */
+export declare class PolicyWatcher {
+    private current;
+    private watcher;
+    private policyPath;
+    constructor(policyPath: string);
+    private loadPolicy;
+    private startWatching;
+    /**
+     * Get the current (active) policy engine.
+     * This is always the latest loaded version.
+     */
+    get(): PolicyEngine | null;
+    /**
+     * Stop watching and clean up.
+     */
+    close(): void;
+}
+//# sourceMappingURL=policy-watcher.d.ts.map

package/dist/policy/policy-watcher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-watcher.d.ts","sourceRoot":"","sources":["../../src/policy/policy-watcher.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGlD;;;;GAIG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,OAAO,CAA6B;IAC5C,OAAO,CAAC,OAAO,CAA0B;IACzC,OAAO,CAAC,UAAU,CAAS;gBAEf,UAAU,EAAE,MAAM;IAM9B,OAAO,CAAC,UAAU;IAgBlB,OAAO,CAAC,aAAa;IAmBrB;;;OAGG;IACH,GAAG,IAAI,YAAY,GAAG,IAAI;IAI1B;;OAEG;IACH,KAAK,IAAI,IAAI;CAMd"}

package/dist/policy/policy-watcher.js

@@ -0,0 +1,68 @@
+import { watch } from 'chokidar';
+import { readFileSync } from 'fs';
+import { load } from 'js-yaml';
+import { PolicyEngine } from './policy-engine.js';
+import { Logger } from '../utils/logger.js';
+/**
+ * Hot-reloadable policy engine wrapper.
+ * Watches a YAML policy file for changes and atomically swaps the active policy.
+ * In-flight requests continue using the old policy; new requests use the updated one.
+ */
+export class PolicyWatcher {
+    current = null;
+    watcher = null;
+    policyPath;
+    constructor(policyPath) {
+        this.policyPath = policyPath;
+        this.loadPolicy();
+        this.startWatching();
+    }
+    loadPolicy() {
+        try {
+            const yaml = readFileSync(this.policyPath, 'utf-8');
+            const config = load(yaml);
+            const oldMode = this.current?.getMode();
+            this.current = new PolicyEngine(config);
+            Logger.info(`[policy-watcher] Policy loaded (mode: ${config.policy.mode}, rules: ${config.policy.rules.length})${oldMode && oldMode !== config.policy.mode ? ` (mode changed from ${oldMode})` : ''}`);
+        }
+        catch (err) {
+            Logger.error(`[policy-watcher] Failed to load policy: ${err?.message}`);
+            // Don't replace the current policy on parse failure
+            if (!this.current) {
+                throw err; // No existing policy — must fail
+            }
+        }
+    }
+    startWatching() {
+        this.watcher = watch(this.policyPath, {
+            persistent: true,
+            ignoreInitial: true,
+            awaitWriteFinish: { stabilityThreshold: 300, pollInterval: 100 },
+        });
+        this.watcher.on('change', () => {
+            Logger.info(`[policy-watcher] Policy file changed, reloading...`);
+            this.loadPolicy();
+        });
+        this.watcher.on('error', (err) => {
+            Logger.error(`[policy-watcher] Watch error: ${err?.message || String(err)}`);
+        });
+        Logger.info(`[policy-watcher] Watching ${this.policyPath} for changes`);
+    }
+    /**
+     * Get the current (active) policy engine.
+     * This is always the latest loaded version.
+     */
+    get() {
+        return this.current;
+    }
+    /**
+     * Stop watching and clean up.
+     */
+    close() {
+        if (this.watcher) {
+            this.watcher.close();
+            this.watcher = null;
+        }
+    }
+}
+//# sourceMappingURL=policy-watcher.js.map

package/dist/policy/policy-watcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-watcher.js","sourceRoot":"","sources":["../../src/policy/policy-watcher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAa,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAE/B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;;GAIG;AACH,MAAM,OAAO,aAAa;IAChB,OAAO,GAAwB,IAAI,CAAC;IACpC,OAAO,GAAqB,IAAI,CAAC;IACjC,UAAU,CAAS;IAE3B,YAAY,UAAkB;QAC5B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAClB,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC;IAEO,UAAU;QAChB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAiB,CAAC;YAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;YACxC,MAAM,CAAC,IAAI,CAAC,yCAAyC,MAAM,CAAC,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,OAAO,IAAI,OAAO,KAAK,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,uBAAuB,OAAO,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzM,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,2CAA2C,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YACxE,oDAAoD;YACpD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,GAAG,CAAC,CAAC,iCAAiC;YAC9C,CAAC;QACH,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE;YACpC,UAAU,EAAE,IAAI;YAChB,aAAa,EAAE,IAAI;YACnB,gBAAgB,EAAE,EAAE,kBAAkB,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE;SACjE,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAQ,EAAE,EAAE;YACpC,MAAM,CAAC,KAAK,CAAC,iCAAiC,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,6BAA6B,IAAI,CAAC,UAAU,cAAc,CAAC,CAAC;IAC1E,CAAC;IAED;;;OAGG;IACH,GAAG;QACD,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACrB,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;CACF"}

package/dist/proxy/proxy-manager.d.ts

@@ -1,10 +1,14 @@
 import { HistoryDatabase } from '../database/history-db.js';
 import { McpProxyServer } from './proxy-server.js';
 import { McpServerConfig } from '../types.js';
+import { PolicyEngine } from '../policy/policy-engine.js';
+import { OAuthValidator } from '../auth/oauth.js';
 export declare class ProxyManager {
     private db;
+    private policyEngine?;
+    private authValidator?;
     private proxies;
-    constructor(db: HistoryDatabase);
+    constructor(db: HistoryDatabase, policyEngine?: PolicyEngine | undefined, authValidator?: OAuthValidator | undefined);
     getProxies(): McpProxyServer[];
     startAll(configs: McpServerConfig[]): Promise<void>;
     stopAll(): void;

package/dist/proxy/proxy-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"proxy-manager.d.ts","sourceRoot":"","sources":["../../src/proxy/proxy-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,qBAAa,YAAY;IAGX,OAAO,CAAC,EAAE;IAFtB,OAAO,CAAC,OAAO,CAAwB;gBAEnB,EAAE,EAAE,eAAe;IAEvC,UAAU,IAAI,cAAc,EAAE;IAIxB,QAAQ,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAsBzD,OAAO,IAAI,IAAI;CAOhB"}
+{"version":3,"file":"proxy-manager.d.ts","sourceRoot":"","sources":["../../src/proxy/proxy-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,qBAAa,YAAY;IAIrB,OAAO,CAAC,EAAE;IACV,OAAO,CAAC,YAAY,CAAC;IACrB,OAAO,CAAC,aAAa,CAAC;IALxB,OAAO,CAAC,OAAO,CAAwB;gBAG7B,EAAE,EAAE,eAAe,EACnB,YAAY,CAAC,EAAE,YAAY,YAAA,EAC3B,aAAa,CAAC,EAAE,cAAc,YAAA;IAGxC,UAAU,IAAI,cAAc,EAAE;IAIxB,QAAQ,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BzD,OAAO,IAAI,IAAI;CAOhB"}

package/dist/proxy/proxy-manager.js

@@ -2,9 +2,13 @@ import { McpProxyServer } from './proxy-server.js';
 import { Logger } from '../utils/logger.js';
 export class ProxyManager {
     db;
+    policyEngine;
+    authValidator;
     proxies = [];
-    constructor(db) {
+    constructor(db, policyEngine, authValidator) {
         this.db = db;
+        this.policyEngine = policyEngine;
+        this.authValidator = authValidator;
     }
     getProxies() {
         return this.proxies;
@@ -13,9 +17,14 @@ export class ProxyManager {
         for (const config of configs) {
             if (config.transport === 'stdio' && config.command) {
                 try {
-                    const proxy = new McpProxyServer(config.command, config.args || [], config.env || {}, this.db, config.name);
+                    const proxy = new McpProxyServer(config.command, config.args || [], config.env || {}, this.db, config.name, this.policyEngine, this.authValidator);
                     this.proxies.push(proxy);
-                    Logger.info(`Proxy started for ${config.name} (${config.command})`);
+                    const extras = [];
+                    if (this.policyEngine)
+                        extras.push(`policy: ${this.policyEngine.getMode()}`);
+                    if (this.authValidator)
+                        extras.push('auth: OAuth 2.1');
+                    Logger.info(`Proxy started for ${config.name} (${config.command})${extras.length ? ` [${extras.join(', ')}]` : ''}`);
                 }
                 catch (err) {
                     Logger.error(`Failed to start proxy for ${config.name}: ${err?.message}`);

package/dist/proxy/proxy-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"proxy-manager.js","sourceRoot":"","sources":["../../src/proxy/proxy-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,OAAO,YAAY;IAGH;IAFZ,OAAO,GAAqB,EAAE,CAAC;IAEvC,YAAoB,EAAmB;QAAnB,OAAE,GAAF,EAAE,CAAiB;IAAG,CAAC;IAE3C,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAA0B;QACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnD,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,cAAc,CAC9B,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,IAAI,IAAI,EAAE,EACjB,MAAM,CAAC,GAAG,IAAI,EAAE,EAChB,IAAI,CAAC,EAAE,EACP,MAAM,CAAC,IAAI,CACZ,CAAC;oBACF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACzB,MAAM,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;gBACtE,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,MAAM,CAAC,KAAK,CAAC,6BAA6B,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;iBAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,IAAI,+BAA+B,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;CACF"}
+{"version":3,"file":"proxy-manager.js","sourceRoot":"","sources":["../../src/proxy/proxy-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAI5C,MAAM,OAAO,YAAY;IAIb;IACA;IACA;IALF,OAAO,GAAqB,EAAE,CAAC;IAEvC,YACU,EAAmB,EACnB,YAA2B,EAC3B,aAA8B;QAF9B,OAAE,GAAF,EAAE,CAAiB;QACnB,iBAAY,GAAZ,YAAY,CAAe;QAC3B,kBAAa,GAAb,aAAa,CAAiB;IACrC,CAAC;IAEJ,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAA0B;QACvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnD,IAAI,CAAC;oBACH,MAAM,KAAK,GAAG,IAAI,cAAc,CAC9B,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,IAAI,IAAI,EAAE,EACjB,MAAM,CAAC,GAAG,IAAI,EAAE,EAChB,IAAI,CAAC,EAAE,EACP,MAAM,CAAC,IAAI,EACX,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,aAAa,CACnB,CAAC;oBACF,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACzB,MAAM,MAAM,GAAa,EAAE,CAAC;oBAC5B,IAAI,IAAI,CAAC,YAAY;wBAAE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;oBAC7E,IAAI,IAAI,CAAC,aAAa;wBAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;oBACvD,MAAM,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvH,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,MAAM,CAAC,KAAK,CAAC,6BAA6B,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC5E,CAAC;YACH,CAAC;iBAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;gBACtB,MAAM,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,IAAI,+BAA+B,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;CACF"}

package/dist/proxy/proxy-server.d.ts

@@ -1,7 +1,14 @@
 import { HistoryDatabase } from '../database/history-db.js';
+import { PolicyEngine } from '../policy/policy-engine.js';
+import { OAuthValidator } from '../auth/oauth.js';
 /**
- * MCP Proxy Interceptor — sits between the AI client and an MCP server,
- * capturing every JSON-RPC call's token usage for real cost auditing.
+ * MCP Proxy Interceptor — sits between the AI client and an MCP server.
+ *
+ * v0.4: Integrated PolicyEngine for active blocking of malicious tool calls.
+ * v0.5: OAuth 2.1 JWT validation — validates bearer tokens before policy evaluation.
+ * v0.5.2: Circuit breaker for upstream MCP server failures.
+ * v0.5.2: Per-client rate limiting (keyed by agent sub + tool name).
+ * v0.5.2: Consistent SIEM fields (request_id, proxy_latency_ms, authn_success, authz_allowed).
  */
 export declare class McpProxyServer {
     private child;
@@ -11,16 +18,29 @@ export declare class McpProxyServer {
     private requestStartTime;
     private requestToolName;
     private requestTokens;
+    private requestArguments;
     private serverName;
-    constructor(command: string, args: string[], env: Record<string, string>, db: HistoryDatabase, serverName?: string);
+    private policyEngine;
+    private authValidator;
+    private sessionCache;
+    private circuitBreaker;
+    /** v0.5.2: Per-client rate limit counters (key: agentSub:toolName) */
+    private clientRateCounters;
+    constructor(command: string, args: string[], env: Record<string, string>, db: HistoryDatabase, serverName?: string, policyEngine?: PolicyEngine, authValidator?: OAuthValidator);
     get stdin(): NodeJS.WritableStream | null;
     private setupStdout;
     private setupStderr;
+    private sendError;
     /**
      * Called when the AI client writes a request to be proxied.
-     * Tracks tools/call requests for token counting.
+     * Pipeline: Auth → Circuit Breaker → Policy + RBAC → Forward.
      */
-    handleClientInput(raw: string): void;
+    handleClientInput(raw: string): Promise<void>;
+    /**
+     * Check per-client rate limits against RBAC rules.
+     * Returns block reason string or null.
+     */
+    private checkPerClientRateLimit;
     kill(): void;
 }
 //# sourceMappingURL=proxy-server.d.ts.map

package/dist/proxy/proxy-server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"proxy-server.d.ts","sourceRoot":"","sources":["../../src/proxy/proxy-server.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D;;;GAGG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,EAAE,CAAkB;IAC5B,OAAO,CAAC,gBAAgB,CAAuB;IAC/C,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,aAAa,CAAa;IAClC,OAAO,CAAC,UAAU,CAAS;gBAGzB,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC3B,EAAE,EAAE,eAAe,EACnB,UAAU,CAAC,EAAE,MAAM;IAarB,IAAI,KAAK,IAAI,MAAM,CAAC,cAAc,GAAG,IAAI,CAExC;IAED,OAAO,CAAC,WAAW;IAqCnB,OAAO,CAAC,WAAW;IAMnB;;;OAGG;IACH,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAepC,IAAI,IAAI,IAAI;CAOb"}
+{"version":3,"file":"proxy-server.d.ts","sourceRoot":"","sources":["../../src/proxy/proxy-server.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAE5D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAG1D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAKlD;;;;;;;;GAQG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,EAAE,CAAkB;IAC5B,OAAO,CAAC,gBAAgB,CAAuB;IAC/C,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,eAAe,CAAuB;IAC9C,OAAO,CAAC,aAAa,CAAa;IAClC,OAAO,CAAC,gBAAgB,CAAsC;IAC9D,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,aAAa,CAAwB;IAC7C,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,cAAc,CAAiB;IACvC,sEAAsE;IACtE,OAAO,CAAC,kBAAkB,CAA8D;gBAGtF,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC3B,EAAE,EAAE,eAAe,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,YAAY,CAAC,EAAE,YAAY,EAC3B,aAAa,CAAC,EAAE,cAAc;IAyBhC,IAAI,KAAK,IAAI,MAAM,CAAC,cAAc,GAAG,IAAI,CAExC;IAED,OAAO,CAAC,WAAW;IAoCnB,OAAO,CAAC,WAAW;IAMnB,OAAO,CAAC,SAAS;IASjB;;;OAGG;IACG,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA4MnD;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAY/B,IAAI,IAAI,IAAI;CAOb"}