@mcp-guardian/server 0.3.0

package/dist/scanners/secret-scanner.js

@@ -0,0 +1,72 @@
+/**
+ * Regex patterns for detecting hardcoded secrets in config values.
+ */
+const SECRET_PATTERNS = [
+    {
+        type: 'api_key',
+        regex: /(?:api[_-]?key|apikey)\s*[:=]\s*['"]?([A-Za-z0-9_\-]{20,})['"]?/i,
+    },
+    {
+        type: 'token',
+        regex: /(?:token|auth|bearer)\s*[:=]\s*['"]?([A-Za-z0-9_\-.]{20,})['"]?/i,
+    },
+    {
+        type: 'private_key',
+        regex: /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----/,
+    },
+    {
+        type: 'password',
+        regex: /(?:password|passwd|pwd)\s*[:=]\s*['"]?([^'"\s]{8,})['"]?/i,
+    },
+    {
+        type: 'github_token',
+        regex: /gh[pousr]_[A-Za-z0-9_]{36,}/,
+    },
+    {
+        type: 'openai_key',
+        regex: /sk-[A-Za-z0-9]{32,}/,
+    },
+];
+/**
+ * Scans MCP server configs for hardcoded secrets in environment variables
+ * and command-line arguments.
+ */
+export class SecretScanner {
+    /**
+     * Scan a server config for hardcoded secrets.
+     */
+    scan(server) {
+        const findings = [];
+        // Scan environment variable values
+        if (server.env) {
+            for (const [key, value] of Object.entries(server.env)) {
+                if (typeof value !== 'string')
+                    continue;
+                for (const pattern of SECRET_PATTERNS) {
+                    if (pattern.regex.test(value)) {
+                        findings.push({
+                            type: pattern.type,
+                            location: `env:${key}`,
+                            severity: pattern.type === 'private_key' ? 'HIGH' : 'MEDIUM',
+                        });
+                    }
+                }
+            }
+        }
+        // Scan command-line arguments (might contain inline keys)
+        if (server.args && server.args.length > 0) {
+            const cmdline = server.args.join(' ');
+            for (const pattern of SECRET_PATTERNS) {
+                if (pattern.regex.test(cmdline)) {
+                    findings.push({
+                        type: pattern.type,
+                        location: 'command_args',
+                        severity: 'HIGH',
+                    });
+                }
+            }
+        }
+        return findings;
+    }
+}
+//# sourceMappingURL=secret-scanner.js.map

package/dist/scanners/secret-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-scanner.js","sourceRoot":"","sources":["../../src/scanners/secret-scanner.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,eAAe,GAAsC;IACzD;QACE,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,kEAAkE;KAC1E;IACD;QACE,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,kEAAkE;KAC1E;IACD;QACE,IAAI,EAAE,aAAa;QACnB,KAAK,EAAE,0CAA0C;KAClD;IACD;QACE,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,2DAA2D;KACnE;IACD;QACE,IAAI,EAAE,cAAc;QACpB,KAAK,EAAE,6BAA6B;KACrC;IACD;QACE,IAAI,EAAE,YAAY;QAClB,KAAK,EAAE,qBAAqB;KAC7B;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,aAAa;IACxB;;OAEG;IACH,IAAI,CAAC,MAAuB;QAC1B,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,mCAAmC;QACnC,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,IAAI,OAAO,KAAK,KAAK,QAAQ;oBAAE,SAAS;gBACxC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;oBACtC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;wBAC9B,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,OAAO,CAAC,IAAI;4BAClB,QAAQ,EAAE,OAAO,GAAG,EAAE;4BACtB,QAAQ,EAAE,OAAO,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;yBAC7D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,0DAA0D;QAC1D,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACtC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAChC,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,OAAO,CAAC,IAAI;wBAClB,QAAQ,EAAE,cAAc;wBACxB,QAAQ,EAAE,MAAM;qBACjB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/dist/scanners/typo-squat-detector.d.ts

@@ -0,0 +1,14 @@
+import { TypoSquatResult } from '../types.js';
+/**
+ * Detects typo-squatting by comparing package names against known
+ * official packages using Levenshtein distance.
+ */
+export declare class TypoSquatDetector {
+    /**
+     * Check a server name against known official packages.
+     * Returns suspicious matches (Levenshtein distance 1-2).
+     */
+    detect(serverName: string): TypoSquatResult[];
+    private levenshteinDistance;
+}
+//# sourceMappingURL=typo-squat-detector.d.ts.map

package/dist/scanners/typo-squat-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typo-squat-detector.d.ts","sourceRoot":"","sources":["../../src/scanners/typo-squat-detector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAiC9C;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B;;;OAGG;IACH,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,eAAe,EAAE;IAuB7C,OAAO,CAAC,mBAAmB;CA2B5B"}

package/dist/scanners/typo-squat-detector.js

@@ -0,0 +1,82 @@
+/**
+ * Known official MCP server packages (subset of awesome-mcp-servers).
+ * In production, this could be fetched from a registry.
+ */
+const OFFICIAL_PACKAGES = [
+    '@modelcontextprotocol/server-filesystem',
+    '@modelcontextprotocol/server-github',
+    '@modelcontextprotocol/server-gitlab',
+    '@modelcontextprotocol/server-postgres',
+    '@modelcontextprotocol/server-sqlite',
+    '@modelcontextprotocol/server-memory',
+    '@modelcontextprotocol/server-puppeteer',
+    '@modelcontextprotocol/server-brave-search',
+    '@modelcontextprotocol/server-fetch',
+    '@modelcontextprotocol/server-everything',
+    '@modelcontextprotocol/server-sequential-thinking',
+    '@modelcontextprotocol/server-time',
+    'mcp-server-brave-search',
+    'mcp-server-puppeteer',
+    'mcp-server-filesystem',
+    'server-filesystem',
+    'server-github',
+    'server-postgres',
+    'server-sqlite',
+    'server-memory',
+    'server-puppeteer',
+    'server-brave-search',
+    'server-fetch',
+    'server-sequential-thinking',
+];
+/**
+ * Detects typo-squatting by comparing package names against known
+ * official packages using Levenshtein distance.
+ */
+export class TypoSquatDetector {
+    /**
+     * Check a server name against known official packages.
+     * Returns suspicious matches (Levenshtein distance 1-2).
+     */
+    detect(serverName) {
+        if (!serverName)
+            return [];
+        const results = [];
+        const normalized = serverName.toLowerCase().trim();
+        for (const official of OFFICIAL_PACKAGES) {
+            const officialNorm = official.toLowerCase().trim();
+            const distance = this.levenshteinDistance(normalized, officialNorm);
+            // Flag very close matches (distance 1-2) that aren't exact matches
+            if (distance > 0 && distance <= 2) {
+                results.push({
+                    suspiciousName: serverName,
+                    similarityTo: official,
+                    distance,
+                });
+            }
+        }
+        return results;
+    }
+    levenshteinDistance(a, b) {
+        const m = a.length;
+        const n = b.length;
+        // Create two rows for memory efficiency
+        let prev = new Array(n + 1);
+        let curr = new Array(n + 1);
+        for (let j = 0; j <= n; j++) {
+            prev[j] = j;
+        }
+        for (let i = 1; i <= m; i++) {
+            curr[0] = i;
+            for (let j = 1; j <= n; j++) {
+                const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+                curr[j] = Math.min(prev[j] + 1, // deletion
+                curr[j - 1] + 1, // insertion
+                prev[j - 1] + cost // substitution
+                );
+            }
+            [prev, curr] = [curr, prev];
+        }
+        return prev[n];
+    }
+}
+//# sourceMappingURL=typo-squat-detector.js.map

package/dist/scanners/typo-squat-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"typo-squat-detector.js","sourceRoot":"","sources":["../../src/scanners/typo-squat-detector.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,iBAAiB,GAAa;IAClC,yCAAyC;IACzC,qCAAqC;IACrC,qCAAqC;IACrC,uCAAuC;IACvC,qCAAqC;IACrC,qCAAqC;IACrC,wCAAwC;IACxC,2CAA2C;IAC3C,oCAAoC;IACpC,yCAAyC;IACzC,kDAAkD;IAClD,mCAAmC;IACnC,yBAAyB;IACzB,sBAAsB;IACtB,uBAAuB;IACvB,mBAAmB;IACnB,eAAe;IACf,iBAAiB;IACjB,eAAe;IACf,eAAe;IACf,kBAAkB;IAClB,qBAAqB;IACrB,cAAc;IACd,4BAA4B;CAC7B,CAAC;AAEF;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAC5B;;;OAGG;IACH,MAAM,CAAC,UAAkB;QACvB,IAAI,CAAC,UAAU;YAAE,OAAO,EAAE,CAAC;QAE3B,MAAM,OAAO,GAAsB,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAEnD,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YAEpE,mEAAmE;YACnE,IAAI,QAAQ,GAAG,CAAC,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,CAAC,IAAI,CAAC;oBACX,cAAc,EAAE,UAAU;oBAC1B,YAAY,EAAE,QAAQ;oBACtB,QAAQ;iBACT,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,mBAAmB,CAAC,CAAS,EAAE,CAAS;QAC9C,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QACnB,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;QAEnB,wCAAwC;QACxC,IAAI,IAAI,GAAG,IAAI,KAAK,CAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QACpC,IAAI,IAAI,GAAG,IAAI,KAAK,CAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QAEpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACd,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC5B,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3C,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAChB,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,EAAQ,WAAW;gBAC9B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,EAAI,YAAY;gBAC/B,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,eAAe;iBACnC,CAAC;YACJ,CAAC;YACD,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;CACF"}

package/dist/services/cost-auditor.d.ts

@@ -0,0 +1,14 @@
+import { CostReport, McpServerConfig } from '../types.js';
+import { PricingClient } from '../clients/pricing-client.js';
+import { HistoryDatabase } from '../database/history-db.js';
+export declare class CostAuditor {
+    private tokenCounter;
+    private pricing;
+    private db;
+    constructor(pricingClient?: PricingClient, db?: HistoryDatabase);
+    auditServer(server: McpServerConfig): Promise<CostReport>;
+    private buildReportFromRecords;
+    countTokens(text: string): number;
+    dispose(): void;
+}
+//# sourceMappingURL=cost-auditor.d.ts.map

package/dist/services/cost-auditor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-auditor.d.ts","sourceRoot":"","sources":["../../src/services/cost-auditor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAY,eAAe,EAAmB,MAAM,aAAa,CAAC;AAErF,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,qBAAa,WAAW;IACtB,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,EAAE,CAA8B;gBAE5B,aAAa,CAAC,EAAE,aAAa,EAAE,EAAE,CAAC,EAAE,eAAe;IAMzD,WAAW,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC;IAmC/D,OAAO,CAAC,sBAAsB;IA4C9B,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAIjC,OAAO,IAAI,IAAI;CAGhB"}

package/dist/services/cost-auditor.js

@@ -0,0 +1,90 @@
+import { TokenCounter } from '../utils/token-counter.js';
+import { PricingClient } from '../clients/pricing-client.js';
+import { Logger } from '../utils/logger.js';
+export class CostAuditor {
+    tokenCounter;
+    pricing;
+    db;
+    constructor(pricingClient, db) {
+        this.tokenCounter = new TokenCounter();
+        this.pricing = pricingClient || new PricingClient();
+        this.db = db;
+    }
+    async auditServer(server) {
+        if (!this.db) {
+            return {
+                serverName: server.name,
+                tokensUsed: 0,
+                inputTokens: 0,
+                outputTokens: 0,
+                estimatedCostUSD: 0,
+                pricingModel: 'unknown',
+                toolBreakdown: [],
+                note: 'Database not available. Ensure the proxy has been configured.',
+            };
+        }
+        try {
+            const records = await this.db.getCallRecordsForServer(server.name);
+            if (records.length > 0) {
+                return this.buildReportFromRecords(server.name, records);
+            }
+        }
+        catch (err) {
+            Logger.debug(`Cost audit: DB read failed for ${server.name}: ${err?.message}`);
+        }
+        return {
+            serverName: server.name,
+            tokensUsed: 0,
+            inputTokens: 0,
+            outputTokens: 0,
+            estimatedCostUSD: 0,
+            pricingModel: 'unknown',
+            toolBreakdown: [],
+            note: 'No recorded call data. Use `mcp-guardian proxy` to capture real token usage.',
+        };
+    }
+    buildReportFromRecords(serverName, records) {
+        const pricingModel = 'gpt-4o';
+        const toolMap = new Map();
+        for (const r of records) {
+            const existing = toolMap.get(r.toolName) || { inputTokens: 0, outputTokens: 0, calls: 0 };
+            existing.inputTokens += r.requestTokens;
+            existing.outputTokens += r.responseTokens;
+            existing.calls += 1;
+            toolMap.set(r.toolName, existing);
+        }
+        const breakdown = [];
+        let totalInput = 0;
+        let totalOutput = 0;
+        for (const [toolName, data] of toolMap) {
+            const totalTokens = data.inputTokens + data.outputTokens;
+            const cost = this.pricing.calculateCost(data.inputTokens, pricingModel, false) +
+                this.pricing.calculateCost(data.outputTokens, pricingModel, true);
+            breakdown.push({
+                toolName,
+                tokens: totalTokens,
+                calls: data.calls,
+                cost: Math.round(cost * 10000) / 10000,
+            });
+            totalInput += data.inputTokens;
+            totalOutput += data.outputTokens;
+        }
+        const totalCost = breakdown.reduce((sum, t) => sum + t.cost, 0);
+        return {
+            serverName,
+            tokensUsed: totalInput + totalOutput,
+            inputTokens: totalInput,
+            outputTokens: totalOutput,
+            estimatedCostUSD: Math.round(totalCost * 10000) / 10000,
+            pricingModel,
+            toolBreakdown: breakdown,
+        };
+    }
+    countTokens(text) {
+        return this.tokenCounter.count(text);
+    }
+    dispose() {
+        this.tokenCounter.free();
+    }
+}
+//# sourceMappingURL=cost-auditor.js.map

package/dist/services/cost-auditor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cost-auditor.js","sourceRoot":"","sources":["../../src/services/cost-auditor.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAE7D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C,MAAM,OAAO,WAAW;IACd,YAAY,CAAe;IAC3B,OAAO,CAAgB;IACvB,EAAE,CAA8B;IAExC,YAAY,aAA6B,EAAE,EAAoB;QAC7D,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,CAAC,OAAO,GAAG,aAAa,IAAI,IAAI,aAAa,EAAE,CAAC;QACpD,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAuB;QACvC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,OAAO;gBACL,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,UAAU,EAAE,CAAC;gBACb,WAAW,EAAE,CAAC;gBACd,YAAY,EAAE,CAAC;gBACf,gBAAgB,EAAE,CAAC;gBACnB,YAAY,EAAE,SAAS;gBACvB,aAAa,EAAE,EAAE;gBACjB,IAAI,EAAE,+DAA+D;aACtE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,uBAAuB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACnE,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC,sBAAsB,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,kCAAkC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,UAAU,EAAE,CAAC;YACb,WAAW,EAAE,CAAC;YACd,YAAY,EAAE,CAAC;YACf,gBAAgB,EAAE,CAAC;YACnB,YAAY,EAAE,SAAS;YACvB,aAAa,EAAE,EAAE;YACjB,IAAI,EAAE,8EAA8E;SACrF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,UAAkB,EAAE,OAA0B;QAC3E,MAAM,YAAY,GAAG,QAAQ,CAAC;QAC9B,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwE,CAAC;QAEhG,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;YAC1F,QAAQ,CAAC,WAAW,IAAI,CAAC,CAAC,aAAa,CAAC;YACxC,QAAQ,CAAC,YAAY,IAAI,CAAC,CAAC,cAAc,CAAC;YAC1C,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,SAAS,GAAe,EAAE,CAAC;QACjC,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,OAAO,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;YACzD,MAAM,IAAI,GACR,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,EAAE,KAAK,CAAC;gBACjE,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC;YAEpE,SAAS,CAAC,IAAI,CAAC;gBACb,QAAQ;gBACR,MAAM,EAAE,WAAW;gBACnB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,GAAG,KAAK;aACvC,CAAC,CAAC;YACH,UAAU,IAAI,IAAI,CAAC,WAAW,CAAC;YAC/B,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACnC,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAChE,OAAO;YACL,UAAU;YACV,UAAU,EAAE,UAAU,GAAG,WAAW;YACpC,WAAW,EAAE,UAAU;YACvB,YAAY,EAAE,WAAW;YACzB,gBAAgB,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,KAAK,CAAC,GAAG,KAAK;YACvD,YAAY;YACZ,aAAa,EAAE,SAAS;SACzB,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,IAAY;QACtB,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC;IAED,OAAO;QACL,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;IAC3B,CAAC;CACF"}

package/dist/services/health-monitor.d.ts

@@ -0,0 +1,8 @@
+import { McpServerConfig, HealthReport } from '../types.js';
+import { HistoryDatabase } from '../database/history-db.js';
+export declare class HealthMonitor {
+    private db;
+    constructor(db: HistoryDatabase);
+    checkServer(server: McpServerConfig): Promise<HealthReport>;
+}
+//# sourceMappingURL=health-monitor.d.ts.map

package/dist/services/health-monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health-monitor.d.ts","sourceRoot":"","sources":["../../src/services/health-monitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAG5D,qBAAa,aAAa;IACxB,OAAO,CAAC,EAAE,CAAkB;gBAEhB,EAAE,EAAE,eAAe;IAIzB,WAAW,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;CA+ClE"}

package/dist/services/health-monitor.js

@@ -0,0 +1,51 @@
+import { McpClient } from '../utils/mcp-client.js';
+export class HealthMonitor {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async checkServer(server) {
+        const start = Date.now();
+        const probe = await McpClient.probe(server);
+        const latency = probe.latencyMs || (Date.now() - start);
+        const historicalRate = await this.db.getRecentSuccessRate(server.name);
+        const successRate = probe.success
+            ? Math.max(historicalRate, 0.5)
+            : Math.min(historicalRate, 0.3);
+        const toolCount = probe.toolCount ?? 0;
+        const overloadWarning = toolCount > 15;
+        const contextPressure = toolCount > 10 ? 0.7 : toolCount > 5 ? 0.4 : 0.2;
+        const recs = [];
+        if (overloadWarning) {
+            recs.push(`Reduce number of tools (currently ${toolCount}) to avoid agent confusion — consider grouping into named subtools`);
+        }
+        if (toolCount > 20) {
+            recs.push('Consider splitting into multiple smaller servers for better reliability');
+        }
+        if (!probe.success && probe.authRequired) {
+            recs.push('Server requires authentication — ensure credentials are configured');
+        }
+        if (!probe.success && probe.error) {
+            recs.push(`Probe failed: ${probe.error}`);
+        }
+        if (latency > 2000) {
+            recs.push(`Server response is slow (${latency}ms) — check network connectivity or server implementation`);
+        }
+        if (latency > 5000) {
+            recs.push(`Server response is extremely slow (${latency}ms) — consider optimizing startup or using a faster transport`);
+        }
+        if (recs.length === 0) {
+            recs.push('Server appears healthy');
+        }
+        return {
+            serverName: server.name,
+            latencyMs: latency,
+            successRate: Math.round(successRate * 100) / 100,
+            contextPressure: Math.round(contextPressure * 100) / 100,
+            toolCount,
+            overloadWarning,
+            recommendations: recs,
+        };
+    }
+}
+//# sourceMappingURL=health-monitor.js.map

package/dist/services/health-monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health-monitor.js","sourceRoot":"","sources":["../../src/services/health-monitor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAkB,MAAM,wBAAwB,CAAC;AAEnE,MAAM,OAAO,aAAa;IAChB,EAAE,CAAkB;IAE5B,YAAY,EAAmB;QAC7B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;IACf,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,MAAuB;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,KAAK,GAAmB,MAAM,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,KAAK,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAExD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,EAAE,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACvE,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO;YAC/B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC;YAC/B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;QAElC,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC;QACvC,MAAM,eAAe,GAAG,SAAS,GAAG,EAAE,CAAC;QACvC,MAAM,eAAe,GAAG,SAAS,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QAEzE,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,IAAI,CAAC,qCAAqC,SAAS,oEAAoE,CAAC,CAAC;QAChI,CAAC;QACD,IAAI,SAAS,GAAG,EAAE,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;QACvF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAClC,IAAI,CAAC,IAAI,CAAC,iBAAiB,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,4BAA4B,OAAO,2DAA2D,CAAC,CAAC;QAC5G,CAAC;QACD,IAAI,OAAO,GAAG,IAAI,EAAE,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,sCAAsC,OAAO,+DAA+D,CAAC,CAAC;QAC1H,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QACtC,CAAC;QAED,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,SAAS,EAAE,OAAO;YAClB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,GAAG,CAAC,GAAG,GAAG;YAChD,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,GAAG,GAAG,CAAC,GAAG,GAAG;YACxD,SAAS;YACT,eAAe;YACf,eAAe,EAAE,IAAI;SACtB,CAAC;IACJ,CAAC;CACF"}

package/dist/services/security-scanner.d.ts

@@ -0,0 +1,20 @@
+import { SecurityReport, McpServerConfig } from '../types.js';
+import { CveChecker } from '../scanners/cve-checker.js';
+import { AuthProber } from '../scanners/auth-prober.js';
+import { TypoSquatDetector } from '../scanners/typo-squat-detector.js';
+import { SecretScanner } from '../scanners/secret-scanner.js';
+import { CommandValidator } from '../scanners/command-validator.js';
+/**
+ * Orchestrates all security scanning for a single MCP server.
+ * Runs CVE checks, auth probing, typo-squat detection, and secret scanning in parallel.
+ */
+export declare class SecurityScanner {
+    private cveChecker;
+    private authProber;
+    private typoDetector;
+    private secretScanner;
+    private cmdValidator;
+    constructor(cveChecker?: CveChecker, authProber?: AuthProber, typoDetector?: TypoSquatDetector, secretScanner?: SecretScanner, cmdValidator?: CommandValidator);
+    scanServer(server: McpServerConfig): Promise<SecurityReport>;
+}
+//# sourceMappingURL=security-scanner.d.ts.map

package/dist/services/security-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-scanner.d.ts","sourceRoot":"","sources":["../../src/services/security-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,eAAe,EAA0D,MAAM,aAAa,CAAC;AACtH,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAEpE;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAoB;IACxC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,YAAY,CAAmB;gBAGrC,UAAU,CAAC,EAAE,UAAU,EACvB,UAAU,CAAC,EAAE,UAAU,EACvB,YAAY,CAAC,EAAE,iBAAiB,EAChC,aAAa,CAAC,EAAE,aAAa,EAC7B,YAAY,CAAC,EAAE,gBAAgB;IAS3B,UAAU,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;CAqBnE"}

package/dist/services/security-scanner.js

@@ -0,0 +1,92 @@
+import { CveChecker } from '../scanners/cve-checker.js';
+import { AuthProber } from '../scanners/auth-prober.js';
+import { TypoSquatDetector } from '../scanners/typo-squat-detector.js';
+import { SecretScanner } from '../scanners/secret-scanner.js';
+import { CommandValidator } from '../scanners/command-validator.js';
+/**
+ * Orchestrates all security scanning for a single MCP server.
+ * Runs CVE checks, auth probing, typo-squat detection, and secret scanning in parallel.
+ */
+export class SecurityScanner {
+    cveChecker;
+    authProber;
+    typoDetector;
+    secretScanner;
+    cmdValidator;
+    constructor(cveChecker, authProber, typoDetector, secretScanner, cmdValidator) {
+        this.cveChecker = cveChecker || new CveChecker();
+        this.authProber = authProber || new AuthProber();
+        this.typoDetector = typoDetector || new TypoSquatDetector();
+        this.secretScanner = secretScanner || new SecretScanner();
+        this.cmdValidator = cmdValidator || new CommandValidator();
+    }
+    async scanServer(server) {
+        const [cves, auth, typos, secrets, cmdWarnings] = await Promise.all([
+            this.cveChecker.check(server.packageName || server.name, server.version),
+            Promise.resolve(this.authProber.probe(server)),
+            Promise.resolve(this.typoDetector.detect(server.name)),
+            Promise.resolve(this.secretScanner.scan(server)),
+            Promise.resolve(this.cmdValidator.validate(server)),
+        ]);
+        const score = calculateSecurityScore(cves, auth, typos, secrets, cmdWarnings);
+        const recommendations = generateRecommendations(cves, auth, typos, secrets, cmdWarnings);
+        return {
+            serverName: server.name,
+            cves,
+            authStatus: auth,
+            typoSquatRisk: typos,
+            secretsFound: secrets,
+            score,
+            recommendations,
+        };
+    }
+}
+function calculateSecurityScore(cves, auth, typos, secrets, cmdWarnings) {
+    let score = 100;
+    if (cves.some((c) => c.severity === 'CRITICAL'))
+        score -= 40;
+    if (cves.some((c) => c.severity === 'HIGH'))
+        score -= 20;
+    if (cves.some((c) => c.severity === 'MEDIUM'))
+        score -= 10;
+    if (!auth.hasAuthentication)
+        score -= 20;
+    if (!auth.isTransportEncrypted)
+        score -= 10;
+    if (typos.length > 0)
+        score -= 30;
+    if (secrets.length > 0)
+        score -= 15;
+    if (cmdWarnings.some((w) => w.severity === 'HIGH'))
+        score -= 25;
+    if (cmdWarnings.some((w) => w.severity === 'MEDIUM'))
+        score -= 10;
+    return Math.max(0, score);
+}
+function generateRecommendations(cves, auth, typos, secrets, cmdWarnings) {
+    const recs = [];
+    if (cves.length > 0) {
+        const criticalCount = cves.filter((c) => c.severity === 'CRITICAL').length;
+        const highCount = cves.filter((c) => c.severity === 'HIGH').length;
+        recs.push(`Update to fix ${cves.length} known vulnerabilities${criticalCount > 0 ? ` (${criticalCount} critical)` : ''}${highCount > 0 ? `, ${highCount} high` : ''}`);
+        const fixedCves = cves.filter((c) => c.fixedVersion);
+        if (fixedCves.length > 0) {
+            recs.push(`CVE(s) with available fixes: ${fixedCves.map((c) => `${c.id} → v${c.fixedVersion}`).join(', ')}`);
+        }
+    }
+    if (!auth.hasAuthentication)
+        recs.push('Add authentication headers or API keys to prevent unauthorized access');
+    if (!auth.isTransportEncrypted)
+        recs.push('Use HTTPS or secure transport for remote servers');
+    if (typos.length > 0)
+        recs.push(`Verify package name against official registry — possible typo-squatting: ${typos.map((t) => t.similarityTo).join(', ')}`);
+    if (secrets.length > 0)
+        recs.push(`Remove ${secrets.length} hardcoded secret(s) from tool definitions — use environment variable references instead`);
+    for (const w of cmdWarnings) {
+        recs.push(`[${w.severity}] ${w.field}: ${w.issue}`);
+    }
+    if (recs.length === 0)
+        recs.push('No security issues found');
+    return recs;
+}
+//# sourceMappingURL=security-scanner.js.map

package/dist/services/security-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-scanner.js","sourceRoot":"","sources":["../../src/services/security-scanner.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAC9D,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AAEpE;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,UAAU,CAAa;IACvB,UAAU,CAAa;IACvB,YAAY,CAAoB;IAChC,aAAa,CAAgB;IAC7B,YAAY,CAAmB;IAEvC,YACE,UAAuB,EACvB,UAAuB,EACvB,YAAgC,EAChC,aAA6B,EAC7B,YAA+B;QAE/B,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,IAAI,UAAU,EAAE,CAAC;QACjD,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,IAAI,UAAU,EAAE,CAAC;QACjD,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,iBAAiB,EAAE,CAAC;QAC5D,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,IAAI,aAAa,EAAE,CAAC;QAC1D,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,gBAAgB,EAAE,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAuB;QACtC,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAClE,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,IAAI,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC;YACxE,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC9C,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACtD,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAChD,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;SACpD,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,sBAAsB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;QAC9E,MAAM,eAAe,GAAG,uBAAuB,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;QACzF,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,IAAI;YACvB,IAAI;YACJ,UAAU,EAAE,IAAI;YAChB,aAAa,EAAE,KAAK;YACpB,YAAY,EAAE,OAAO;YACrB,KAAK;YACL,eAAe;SAChB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,sBAAsB,CAC7B,IAAkB,EAClB,IAAgB,EAChB,KAAwB,EACxB,OAAwB,EACxB,WAAwE;IAExE,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAC7D,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IACzD,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAC3D,IAAI,CAAC,IAAI,CAAC,iBAAiB;QAAE,KAAK,IAAI,EAAE,CAAC;IACzC,IAAI,CAAC,IAAI,CAAC,oBAAoB;QAAE,KAAK,IAAI,EAAE,CAAC;IAC5C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAClC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IACpC,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAChE,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAAE,KAAK,IAAI,EAAE,CAAC;IAClE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,uBAAuB,CAC9B,IAAkB,EAClB,IAAgB,EAChB,KAAwB,EACxB,OAAwB,EACxB,WAAwE;IAExE,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACnE,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,CAAC,MAAM,yBAAyB,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,aAAa,YAAY,CAAC,CAAC,CAAC,EAAE,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,SAAS,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvK,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QACrD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,gCAAgC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC/G,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,iBAAiB;QAAE,IAAI,CAAC,IAAI,CAAC,uEAAuE,CAAC,CAAC;IAChH,IAAI,CAAC,IAAI,CAAC,oBAAoB;QAAE,IAAI,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAC9F,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,4EAA4E,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3J,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,MAAM,0FAA0F,CAAC,CAAC;IACtJ,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,IAAI,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC7D,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,86 @@
+export interface McpServerConfig {
+    name: string;
+    command?: string;
+    args?: string[];
+    env?: Record<string, string>;
+    url?: string;
+    transport: 'stdio' | 'sse';
+    packageName?: string;
+    version?: string;
+}
+export interface SecurityReport {
+    serverName: string;
+    cves: CveFinding[];
+    authStatus: AuthStatus;
+    typoSquatRisk: TypoSquatResult[];
+    secretsFound: SecretFinding[];
+    score: number;
+    recommendations: string[];
+}
+export interface CveFinding {
+    id: string;
+    severity: 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
+    summary: string;
+    fixedVersion?: string;
+}
+export interface AuthStatus {
+    hasAuthentication: boolean;
+    method?: string;
+    isTransportEncrypted: boolean;
+}
+export interface TypoSquatResult {
+    suspiciousName: string;
+    similarityTo: string;
+    distance: number;
+}
+export interface SecretFinding {
+    type: string;
+    location: string;
+    severity: 'HIGH' | 'MEDIUM';
+}
+export interface CostReport {
+    serverName: string;
+    tokensUsed: number;
+    inputTokens: number;
+    outputTokens: number;
+    estimatedCostUSD: number;
+    pricingModel: string;
+    toolBreakdown: ToolCost[];
+    note?: string;
+}
+export interface ToolCost {
+    toolName: string;
+    tokens: number;
+    calls: number;
+    cost: number;
+}
+export interface HealthReport {
+    serverName: string;
+    latencyMs: number;
+    successRate: number;
+    contextPressure: number;
+    toolCount: number;
+    overloadWarning: boolean;
+    recommendations: string[];
+}
+export interface FullReport {
+    timestamp: string;
+    configPath: string;
+    security: SecurityReport[];
+    costs: CostReport[];
+    health: HealthReport[];
+    overallScore: number;
+}
+/**
+ * Recorded by the MCP proxy interceptor for real cost tracking.
+ */
+export interface ProxyCallRecord {
+    serverName: string;
+    toolName: string;
+    requestTokens: number;
+    responseTokens: number;
+    totalTokens: number;
+    durationMs: number;
+    timestamp: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,GAAG,KAAK,CAAC;IAE3B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,UAAU,EAAE,UAAU,CAAC;IACvB,aAAa,EAAE,eAAe,EAAE,CAAC;IACjC,YAAY,EAAE,aAAa,EAAE,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oBAAoB,EAAE,OAAO,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,QAAQ,CAAC;CAC7B;AAED,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,QAAQ,EAAE,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,MAAM,EAAE,YAAY,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/dist/utils/logger.d.ts

@@ -0,0 +1,13 @@
+export declare enum LogLevel {
+    DEBUG = 0,
+    INFO = 1,
+    WARN = 2,
+    ERROR = 3
+}
+export declare class Logger {
+    static debug(msg: string): void;
+    static info(msg: string): void;
+    static warn(msg: string): void;
+    static error(msg: string): void;
+}
+//# sourceMappingURL=logger.d.ts.map

package/dist/utils/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAEA,oBAAY,QAAQ;IAClB,KAAK,IAAI;IACT,IAAI,IAAI;IACR,IAAI,IAAI;IACR,KAAK,IAAI;CACV;AAOD,qBAAa,MAAM;IACjB,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAM/B,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAM9B,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAM9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;CAKhC"}