@mcp-guardian/server 0.3.0

package/dist/utils/logger.js

@@ -0,0 +1,35 @@
+import chalk from 'chalk';
+export var LogLevel;
+(function (LogLevel) {
+    LogLevel[LogLevel["DEBUG"] = 0] = "DEBUG";
+    LogLevel[LogLevel["INFO"] = 1] = "INFO";
+    LogLevel[LogLevel["WARN"] = 2] = "WARN";
+    LogLevel[LogLevel["ERROR"] = 3] = "ERROR";
+})(LogLevel || (LogLevel = {}));
+const rawLevel = process.env.LOG_LEVEL?.toUpperCase();
+const LOG_LEVEL = (rawLevel !== undefined && rawLevel in LogLevel)
+    ? LogLevel[rawLevel]
+    : LogLevel.INFO;
+export class Logger {
+    static debug(msg) {
+        if (LOG_LEVEL <= LogLevel.DEBUG) {
+            console.error(chalk.gray(`[DEBUG] ${msg}`));
+        }
+    }
+    static info(msg) {
+        if (LOG_LEVEL <= LogLevel.INFO) {
+            console.error(chalk.blue(`[INFO] ${msg}`));
+        }
+    }
+    static warn(msg) {
+        if (LOG_LEVEL <= LogLevel.WARN) {
+            console.error(chalk.yellow(`[WARN] ${msg}`));
+        }
+    }
+    static error(msg) {
+        if (LOG_LEVEL <= LogLevel.ERROR) {
+            console.error(chalk.red(`[ERROR] ${msg}`));
+        }
+    }
+}
+//# sourceMappingURL=logger.js.map

package/dist/utils/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,CAAN,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,yCAAS,CAAA;IACT,uCAAQ,CAAA;IACR,uCAAQ,CAAA;IACR,yCAAS,CAAA;AACX,CAAC,EALW,QAAQ,KAAR,QAAQ,QAKnB;AAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC;AACtD,MAAM,SAAS,GAAa,CAAC,QAAQ,KAAK,SAAS,IAAI,QAAQ,IAAI,QAAQ,CAAC;IAC1E,CAAC,CAAC,QAAQ,CAAC,QAAiC,CAAC;IAC7C,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;AAElB,MAAM,OAAO,MAAM;IACjB,MAAM,CAAC,KAAK,CAAC,GAAW;QACtB,IAAI,SAAS,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAW;QACrB,IAAI,SAAS,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,MAAM,CAAC,IAAI,CAAC,GAAW;QACrB,IAAI,SAAS,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,GAAW;QACtB,IAAI,SAAS,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;CACF"}

package/dist/utils/mcp-client.d.ts

@@ -0,0 +1,33 @@
+import { McpServerConfig } from '../types.js';
+export interface McpProbeResult {
+    success: boolean;
+    toolCount?: number;
+    toolNames?: string[];
+    authRequired: boolean;
+    latencyMs: number;
+    serverVersion?: string;
+    error?: string;
+}
+export declare class McpClient {
+    private static HANDSHAKE_TIMEOUT_MS;
+    private static SSE_TIMEOUT_MS;
+    static probe(server: McpServerConfig): Promise<McpProbeResult>;
+    /**
+     * Full stdio JSON-RPC handshake: initialize → initialized → tools/list.
+     */
+    private static probeStdio;
+    /**
+     * Full MCP-over-SSE handshake:
+     * 1. GET SSE endpoint → parse sessionId from event stream
+     * 2. POST initialize to /message?sessionId=...
+     * 3. POST tools/list to /message?sessionId=...
+     * Returns actual tool count from server — no hardcoded values.
+     */
+    private static probeSse;
+    /**
+     * GET the SSE endpoint, parse the event stream for a sessionId.
+     */
+    private static getSessionId;
+    private static postJson;
+}
+//# sourceMappingURL=mcp-client.d.ts.map

package/dist/utils/mcp-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-client.d.ts","sourceRoot":"","sources":["../../src/utils/mcp-client.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG9C,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAS;IAC5C,OAAO,CAAC,MAAM,CAAC,cAAc,CAAS;WAEzB,KAAK,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IASpE;;OAEG;mBACkB,UAAU;IA0D/B;;;;;;OAMG;mBACkB,QAAQ;IAuC7B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,YAAY;IAwB3B,OAAO,CAAC,MAAM,CAAC,QAAQ;CAmBxB"}

package/dist/utils/mcp-client.js

@@ -0,0 +1,182 @@
+import { spawn } from 'child_process';
+import { createInterface } from 'readline';
+import { randomUUID } from 'crypto';
+import http from 'http';
+import https from 'https';
+import { Logger } from './logger.js';
+export class McpClient {
+    static HANDSHAKE_TIMEOUT_MS = 15000;
+    static SSE_TIMEOUT_MS = 15000;
+    static async probe(server) {
+        if (server.transport === 'stdio' && server.command) {
+            return McpClient.probeStdio(server);
+        }
+        else if (server.url) {
+            return McpClient.probeSse(server);
+        }
+        return { success: false, authRequired: false, latencyMs: 0, error: 'No command or URL provided' };
+    }
+    /**
+     * Full stdio JSON-RPC handshake: initialize → initialized → tools/list.
+     */
+    static async probeStdio(server) {
+        const start = Date.now();
+        const cmd = server.command;
+        const args = server.args || [];
+        const env = { ...process.env, ...(server.env || {}) };
+        return new Promise((resolve) => {
+            let child;
+            try {
+                child = spawn(cmd, args, { env, stdio: ['pipe', 'pipe', 'pipe'] });
+            }
+            catch (err) {
+                return resolve({ success: false, authRequired: false, latencyMs: Date.now() - start, error: `Spawn failed: ${err?.message}` });
+            }
+            const timeout = setTimeout(() => { try {
+                child.kill();
+            }
+            catch { } resolve({ success: false, authRequired: false, latencyMs: Date.now() - start, error: 'Handshake timeout' }); }, McpClient.HANDSHAKE_TIMEOUT_MS);
+            let handled = false;
+            const done = (r) => { if (handled)
+                return; handled = true; clearTimeout(timeout); try {
+                child.kill();
+            }
+            catch { } resolve(r); };
+            const rl = createInterface({ input: child.stdout });
+            let authRequired = false, toolCount, toolNames, serverVersion;
+            let initId, listId;
+            initId = randomUUID();
+            child.stdin.write(JSON.stringify({ jsonrpc: '2.0', id: initId, method: 'initialize', params: { protocolVersion: '2024-11-05', capabilities: {}, clientInfo: { name: 'mcp-guardian', version: '0.3.0' } } }) + '\n');
+            rl.on('line', (line) => {
+                try {
+                    const msg = JSON.parse(line.trim());
+                    if (msg.id === initId) {
+                        if (msg.error) {
+                            authRequired = msg.error.code === -32000 || (typeof msg.error.message === 'string' && /auth/i.test(msg.error.message));
+                            serverVersion = undefined;
+                            child.stdin.write(JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized' }) + '\n');
+                            listId = randomUUID();
+                            child.stdin.write(JSON.stringify({ jsonrpc: '2.0', id: listId, method: 'tools/list' }) + '\n');
+                        }
+                        else {
+                            serverVersion = msg.result?.protocolVersion || msg.result?.serverInfo?.version;
+                            child.stdin.write(JSON.stringify({ jsonrpc: '2.0', method: 'notifications/initialized' }) + '\n');
+                            listId = randomUUID();
+                            child.stdin.write(JSON.stringify({ jsonrpc: '2.0', id: listId, method: 'tools/list' }) + '\n');
+                        }
+                        return;
+                    }
+                    if (msg.id === listId && msg.result?.tools) {
+                        const tools = Array.isArray(msg.result.tools) ? msg.result.tools : [];
+                        toolCount = tools.length;
+                        toolNames = tools.map((t) => t.name || 'unnamed');
+                        done({ success: true, toolCount, toolNames, authRequired, latencyMs: Date.now() - start, serverVersion });
+                    }
+                }
+                catch { }
+            });
+            child.stderr?.on('data', (data) => Logger.debug(`[${server.name} stderr] ${data.toString().trim().substring(0, 200)}`));
+            child.on('error', (err) => done({ success: false, authRequired, latencyMs: Date.now() - start, error: err.message }));
+            child.on('close', (code) => {
+                if (!handled)
+                    done(toolCount !== undefined ? { success: true, toolCount, toolNames, authRequired, latencyMs: Date.now() - start, serverVersion } : { success: false, authRequired, latencyMs: Date.now() - start, error: `Process exited with code ${code}` });
+            });
+        });
+    }
+    /**
+     * Full MCP-over-SSE handshake:
+     * 1. GET SSE endpoint → parse sessionId from event stream
+     * 2. POST initialize to /message?sessionId=...
+     * 3. POST tools/list to /message?sessionId=...
+     * Returns actual tool count from server — no hardcoded values.
+     */
+    static async probeSse(server) {
+        const start = Date.now();
+        if (!server.url)
+            return { success: false, authRequired: false, latencyMs: 0, error: 'No URL provided' };
+        const parsed = new URL(server.url);
+        const isHttps = parsed.protocol === 'https:';
+        const httpModule = isHttps ? https : http;
+        const timeout = McpClient.SSE_TIMEOUT_MS;
+        // Step 1: GET SSE endpoint for session ID
+        const sessionId = await McpClient.getSessionId(parsed, httpModule, timeout);
+        if (!sessionId) {
+            return { success: false, authRequired: false, latencyMs: Date.now() - start, error: 'Failed to obtain SSE session ID' };
+        }
+        // Step 2: POST initialize
+        const messageBase = new URL(server.url);
+        messageBase.pathname = messageBase.pathname.replace(/\/$/, '') + '/message';
+        messageBase.searchParams.set('sessionId', sessionId);
+        const initId = randomUUID();
+        const initBody = { jsonrpc: '2.0', id: initId, method: 'initialize', params: { protocolVersion: '2024-11-05', capabilities: {}, clientInfo: { name: 'mcp-guardian', version: '0.3.0' } } };
+        const initResp = await McpClient.postJson(messageBase, initBody, httpModule, timeout);
+        if (!initResp || initResp.error) {
+            return { success: false, authRequired: initResp?.error?.code === -32001 || /auth/i.test(initResp?.error?.message || ''), latencyMs: Date.now() - start, error: initResp?.error?.message || 'Initialize failed' };
+        }
+        // Step 3: POST initialized notification
+        await McpClient.postJson(messageBase, { jsonrpc: '2.0', method: 'notifications/initialized' }, httpModule, timeout).catch(() => { });
+        // Step 4: POST tools/list
+        const listId = randomUUID();
+        const listResp = await McpClient.postJson(messageBase, { jsonrpc: '2.0', id: listId, method: 'tools/list' }, httpModule, timeout);
+        if (listResp?.result?.tools) {
+            const tools = Array.isArray(listResp.result.tools) ? listResp.result.tools : [];
+            return { success: true, toolCount: tools.length, toolNames: tools.map((t) => t.name || 'unnamed'), authRequired: false, latencyMs: Date.now() - start };
+        }
+        return { success: false, authRequired: false, latencyMs: Date.now() - start, error: listResp?.error?.message || 'tools/list did not return tools' };
+    }
+    /**
+     * GET the SSE endpoint, parse the event stream for a sessionId.
+     */
+    static getSessionId(parsedUrl, httpModule, timeoutMs) {
+        return new Promise((resolve) => {
+            const req = httpModule.get(parsedUrl, { timeout: timeoutMs }, (res) => {
+                let data = '';
+                res.on('data', (chunk) => data += chunk.toString());
+                res.on('end', () => {
+                    const lines = data.split('\n');
+                    let currentEvent = null;
+                    for (const line of lines) {
+                        if (line.startsWith('event: '))
+                            currentEvent = line.slice(7).trim();
+                        else if (line.startsWith('data: ') && currentEvent === 'endpoint') {
+                            const m = line.slice(6).match(/sessionId=([^&\s]+)/);
+                            if (m) {
+                                resolve(m[1]);
+                                return;
+                            }
+                        }
+                    }
+                    resolve(null);
+                });
+            });
+            req.on('timeout', () => { req.destroy(); resolve(null); });
+            req.on('error', () => resolve(null));
+            req.end();
+        });
+    }
+    static postJson(url, body, httpModule, timeoutMs) {
+        const bodyString = JSON.stringify(body);
+        return new Promise((resolve, reject) => {
+            const req = httpModule.request({
+                hostname: url.hostname, port: url.port || (url.protocol === 'https:' ? 443 : 80),
+                path: url.pathname + url.search, method: 'POST',
+                headers: { 'Content-Type': 'application/json', 'Content-Length': String(Buffer.byteLength(bodyString)) },
+                timeout: timeoutMs,
+            }, (res) => {
+                let data = '';
+                res.on('data', (chunk) => data += chunk.toString());
+                res.on('end', () => { try {
+                    resolve(JSON.parse(data));
+                }
+                catch {
+                    resolve(null);
+                } });
+            });
+            req.on('timeout', () => { req.destroy(); reject(new Error('Timeout')); });
+            req.on('error', reject);
+            req.write(bodyString);
+            req.end();
+        });
+    }
+}
+//# sourceMappingURL=mcp-client.js.map

package/dist/utils/mcp-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-client.js","sourceRoot":"","sources":["../../src/utils/mcp-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAgB,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAYrC,MAAM,OAAO,SAAS;IACZ,MAAM,CAAC,oBAAoB,GAAG,KAAK,CAAC;IACpC,MAAM,CAAC,cAAc,GAAG,KAAK,CAAC;IAEtC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAuB;QACxC,IAAI,MAAM,CAAC,SAAS,KAAK,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnD,OAAO,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC;IACpG,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,MAAuB;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,MAAM,CAAC,OAAQ,CAAC;QAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC;QAEtD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,KAAmB,CAAC;YACxB,IAAI,CAAC;gBACH,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;YACrE,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,OAAO,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,iBAAiB,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;YACjI,CAAC;YACD,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,oBAAoB,CAAC,CAAC;YAClN,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,MAAM,IAAI,GAAG,CAAC,CAAiB,EAAE,EAAE,GAAG,IAAI,OAAO;gBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/I,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,MAAO,EAAE,CAAC,CAAC;YACrD,IAAI,YAAY,GAAG,KAAK,EAAE,SAA6B,EAAE,SAA+B,EAAE,aAAiC,CAAC;YAC5H,IAAI,MAAc,EAAE,MAAc,CAAC;YAEnC,MAAM,GAAG,UAAU,EAAE,CAAC;YACtB,KAAK,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YAErN,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBAC7B,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;oBACpC,IAAI,GAAG,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;wBACtB,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;4BACd,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,IAAI,CAAC,OAAO,GAAG,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;4BACvH,aAAa,GAAG,SAAS,CAAC;4BAC1B,KAAK,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;4BACnG,MAAM,GAAG,UAAU,EAAE,CAAC;4BACtB,KAAK,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;wBAClG,CAAC;6BAAM,CAAC;4BACN,aAAa,GAAG,GAAG,CAAC,MAAM,EAAE,eAAe,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC;4BAC/E,KAAK,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;4BACnG,MAAM,GAAG,UAAU,EAAE,CAAC;4BACtB,KAAK,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;wBAClG,CAAC;wBACD,OAAO;oBACT,CAAC;oBACD,IAAI,GAAG,CAAC,EAAE,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;wBAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;wBACtE,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC;wBACzB,SAAS,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC;wBACvD,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC;oBAC5G,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,YAAY,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAChI,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACtH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACzB,IAAI,CAAC,OAAO;oBAAE,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,4BAA4B,IAAI,EAAE,EAAE,CAAC,CAAC;YACjQ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAuB;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,MAAM,CAAC,GAAG;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;QACxG,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;QAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,cAAc,CAAC;QAEzC,0CAA0C;QAC1C,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAC5E,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC;QAC1H,CAAC;QAED,0BAA0B;QAC1B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACxC,WAAW,CAAC,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,UAAU,CAAC;QAC5E,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;QAErD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC3L,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QACtF,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,IAAI,mBAAmB,EAAE,CAAC;QACnN,CAAC;QAED,wCAAwC;QACxC,MAAM,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEpI,0BAA0B;QAC1B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAClI,IAAI,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,SAAS,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC;QAC/J,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,IAAI,iCAAiC,EAAE,CAAC;IACtJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CAAC,SAAc,EAAE,UAAsC,EAAE,SAAiB;QACnG,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE;gBACpE,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;oBACjB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC/B,IAAI,YAAY,GAAkB,IAAI,CAAC;oBACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;wBACzB,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;4BAAE,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;6BAC/D,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,YAAY,KAAK,UAAU,EAAE,CAAC;4BAClE,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;4BACrD,IAAI,CAAC,EAAE,CAAC;gCAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gCAAC,OAAO;4BAAC,CAAC;wBACnC,CAAC;oBACH,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,CAAC;gBAChB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3D,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACrC,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,MAAM,CAAC,QAAQ,CAAC,GAAQ,EAAE,IAAS,EAAE,UAAsC,EAAE,SAAiB;QACpG,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACxC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,GAAG,GAAG,UAAU,CAAC,OAAO,CAAC;gBAC7B,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChF,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM;gBAC/C,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE;gBACxG,OAAO,EAAE,SAAS;aACnB,EAAE,CAAC,GAAG,EAAE,EAAE;gBACT,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACvF,CAAC,CAAC,CAAC;YACH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC1E,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACxB,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACtB,GAAG,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC"}

package/dist/utils/rate-limiter.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Token-bucket rate limiter for external API calls.
+ * Prevents exceeding API rate limits for OSV.dev, NVD, etc.
+ */
+export declare class RateLimiter {
+    private maxTokens;
+    private intervalMs;
+    private tokens;
+    private lastRefill;
+    private queue;
+    private processing;
+    constructor(maxPerInterval: number, intervalMs: number);
+    /**
+     * Wait until a token is available, then consume it.
+     * Returns immediately if a token is available.
+     */
+    acquire(): Promise<void>;
+    private refill;
+    private processQueue;
+    /**
+     * Get current available tokens (for debugging).
+     */
+    get availableTokens(): number;
+}
+/**
+ * Pre-configured rate limiters for external APIs.
+ */
+export declare const osvLimiter: RateLimiter;
+export declare const nvdLimiter: RateLimiter;
+export declare const nvdApiKeyLimiter: RateLimiter;
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/utils/rate-limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.d.ts","sourceRoot":"","sources":["../../src/utils/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,KAAK,CAAoE;IACjF,OAAO,CAAC,UAAU,CAAS;gBAEf,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM;IAOtD;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAgB9B,OAAO,CAAC,MAAM;IAcd,OAAO,CAAC,YAAY;IAgBpB;;OAEG;IACH,IAAI,eAAe,IAAI,MAAM,CAG5B;CACF;AAED;;GAEG;AACH,eAAO,MAAM,UAAU,aAA4B,CAAC;AACpD,eAAO,MAAM,UAAU,aAA4B,CAAC;AACpD,eAAO,MAAM,gBAAgB,aAA6B,CAAC"}

package/dist/utils/rate-limiter.js

@@ -0,0 +1,74 @@
+/**
+ * Token-bucket rate limiter for external API calls.
+ * Prevents exceeding API rate limits for OSV.dev, NVD, etc.
+ */
+export class RateLimiter {
+    maxTokens;
+    intervalMs;
+    tokens;
+    lastRefill;
+    queue = [];
+    processing = false;
+    constructor(maxPerInterval, intervalMs) {
+        this.maxTokens = maxPerInterval;
+        this.intervalMs = intervalMs;
+        this.tokens = maxPerInterval;
+        this.lastRefill = Date.now();
+    }
+    /**
+     * Wait until a token is available, then consume it.
+     * Returns immediately if a token is available.
+     */
+    async acquire() {
+        this.refill();
+        if (this.tokens > 0) {
+            this.tokens--;
+            return;
+        }
+        // Queue the request
+        return new Promise((resolve, reject) => {
+            this.queue.push({ resolve, reject });
+            if (!this.processing) {
+                this.processQueue();
+            }
+        });
+    }
+    refill() {
+        const now = Date.now();
+        const elapsed = now - this.lastRefill;
+        const refillIntervals = Math.floor(elapsed / this.intervalMs);
+        if (refillIntervals > 0) {
+            this.tokens = Math.min(this.maxTokens, this.tokens + refillIntervals * this.maxTokens);
+            this.lastRefill += refillIntervals * this.intervalMs;
+        }
+    }
+    processQueue() {
+        this.processing = true;
+        const interval = setInterval(() => {
+            this.refill();
+            while (this.tokens > 0 && this.queue.length > 0) {
+                const req = this.queue.shift();
+                this.tokens--;
+                req.resolve();
+            }
+            if (this.queue.length === 0) {
+                clearInterval(interval);
+                this.processing = false;
+            }
+        }, Math.max(this.intervalMs / this.maxTokens, 50));
+    }
+    /**
+     * Get current available tokens (for debugging).
+     */
+    get availableTokens() {
+        this.refill();
+        return this.tokens;
+    }
+}
+/**
+ * Pre-configured rate limiters for external APIs.
+ */
+export const osvLimiter = new RateLimiter(50, 1000); // 50 req/s (OSV.dev allows burst)
+export const nvdLimiter = new RateLimiter(5, 60000); // 5 req/min (NVD without API key)
+export const nvdApiKeyLimiter = new RateLimiter(20, 60000); // 20 req/min (NVD with API key)
+//# sourceMappingURL=rate-limiter.js.map

package/dist/utils/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/utils/rate-limiter.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,OAAO,WAAW;IACd,SAAS,CAAS;IAClB,UAAU,CAAS;IACnB,MAAM,CAAS;IACf,UAAU,CAAS;IACnB,KAAK,GAAiE,EAAE,CAAC;IACzE,UAAU,GAAG,KAAK,CAAC;IAE3B,YAAY,cAAsB,EAAE,UAAkB;QACpD,IAAI,CAAC,SAAS,GAAG,cAAc,CAAC;QAChC,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,EAAE,CAAC;YACd,OAAO;QACT,CAAC;QAED,oBAAoB;QACpB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,MAAM;QACZ,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;QACtC,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAE9D,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CACpB,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,MAAM,GAAG,eAAe,GAAG,IAAI,CAAC,SAAS,CAC/C,CAAC;YACF,IAAI,CAAC,UAAU,IAAI,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC;QACvD,CAAC;IACH,CAAC;IAEO,YAAY;QAClB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,EAAE;YAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACd,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,EAAG,CAAC;gBAChC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACd,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,CAAC;YACD,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5B,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;YAC1B,CAAC;QACH,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,IAAI,eAAe;QACjB,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,WAAW,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAG,kCAAkC;AACzF,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,WAAW,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAI,kCAAkC;AAC1F,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,WAAW,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,gCAAgC"}

package/dist/utils/scoring.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Shared scoring utility used by both index.ts (MCP server) and cli.ts (CLI).
+ */
+export declare function calculateOverallScore(security: {
+    score: number;
+}[], health: {
+    successRate: number;
+}[]): number;
+//# sourceMappingURL=scoring.d.ts.map

package/dist/utils/scoring.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoring.d.ts","sourceRoot":"","sources":["../../src/utils/scoring.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,EAAE,EAC7B,MAAM,EAAE;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,EAAE,GAChC,MAAM,CAWR"}

package/dist/utils/scoring.js

@@ -0,0 +1,19 @@
+/**
+ * Shared scoring utility used by both index.ts (MCP server) and cli.ts (CLI).
+ */
+export function calculateOverallScore(security, health) {
+    if (security.length === 0 && health.length === 0)
+        return 0;
+    const secAvg = security.length > 0
+        ? security.reduce((sum, s) => sum + s.score, 0) / security.length
+        : 0;
+    const healthAvg = health.length > 0
+        ? health.reduce((sum, h) => sum + h.successRate * 100, 0) / health.length
+        : 0;
+    if (security.length === 0)
+        return Math.round(healthAvg);
+    if (health.length === 0)
+        return Math.round(secAvg);
+    return Math.round((secAvg + healthAvg) / 2);
+}
+//# sourceMappingURL=scoring.js.map

package/dist/utils/scoring.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoring.js","sourceRoot":"","sources":["../../src/utils/scoring.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAA6B,EAC7B,MAAiC;IAEjC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAC3D,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC;QAChC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM;QACjE,CAAC,CAAC,CAAC,CAAC;IACN,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM;QACzE,CAAC,CAAC,CAAC,CAAC;IACN,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACxD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACnD,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;AAC9C,CAAC"}

package/dist/utils/tls-checker.d.ts

@@ -0,0 +1,13 @@
+export interface TlsCheckResult {
+    valid: boolean;
+    daysUntilExpiry: number;
+    issuer?: string;
+    subject?: string;
+    protocol?: string;
+}
+/**
+ * Check TLS certificate validity for a given HTTPS URL.
+ * Returns validity status, days until expiry, and certificate details.
+ */
+export declare function checkTlsCert(url: string): Promise<TlsCheckResult>;
+//# sourceMappingURL=tls-checker.d.ts.map

package/dist/utils/tls-checker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls-checker.d.ts","sourceRoot":"","sources":["../../src/utils/tls-checker.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,OAAO,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAiEvE"}

package/dist/utils/tls-checker.js

@@ -0,0 +1,62 @@
+import https from 'https';
+import { URL } from 'url';
+import { Logger } from './logger.js';
+/**
+ * Check TLS certificate validity for a given HTTPS URL.
+ * Returns validity status, days until expiry, and certificate details.
+ */
+export async function checkTlsCert(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        return { valid: false, daysUntilExpiry: 0 };
+    }
+    if (parsed.protocol !== 'https:') {
+        return { valid: true, daysUntilExpiry: Infinity, protocol: parsed.protocol };
+    }
+    return new Promise((resolve) => {
+        const req = https.request({
+            hostname: parsed.hostname,
+            port: 443,
+            method: 'HEAD',
+            timeout: 5000,
+            rejectUnauthorized: false, // We want to inspect the cert, not fail
+        }, (res) => {
+            const socket = res.socket;
+            const cert = socket?.getPeerCertificate?.();
+            if (!cert || Object.keys(cert).length === 0) {
+                resolve({ valid: false, daysUntilExpiry: 0 });
+                return;
+            }
+            const validFrom = cert.valid_from ? new Date(cert.valid_from) : null;
+            const validTo = cert.valid_to ? new Date(cert.valid_to) : null;
+            const now = Date.now();
+            // Check if certificate is currently valid
+            const isValid = validFrom && validTo
+                ? now >= validFrom.getTime() && now <= validTo.getTime()
+                : true;
+            const days = validTo
+                ? Math.floor((validTo.getTime() - now) / (1000 * 60 * 60 * 24))
+                : 0;
+            resolve({
+                valid: isValid,
+                daysUntilExpiry: days,
+                issuer: cert.issuer?.O || cert.issuer?.CN,
+                subject: cert.subject?.CN,
+                protocol: 'TLS',
+            });
+        });
+        req.on('error', (err) => {
+            Logger.debug(`TLS check failed for ${parsed.hostname}: ${err.message}`);
+            resolve({ valid: false, daysUntilExpiry: 0 });
+        });
+        req.on('timeout', () => {
+            req.destroy();
+            resolve({ valid: false, daysUntilExpiry: 0 });
+        });
+        req.end();
+    });
+}
+//# sourceMappingURL=tls-checker.js.map

package/dist/utils/tls-checker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tls-checker.js","sourceRoot":"","sources":["../../src/utils/tls-checker.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAUrC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,GAAW;IAC5C,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC;IAC9C,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;IAC/E,CAAC;IAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CACvB;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,IAAI;YACb,kBAAkB,EAAE,KAAK,EAAE,wCAAwC;SACpE,EACD,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,MAAM,GAAG,GAAG,CAAC,MAAa,CAAC;YACjC,MAAM,IAAI,GAAG,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAAC;YAE5C,IAAI,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC,CAAC;gBAC9C,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACrE,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YAC/D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAEvB,0CAA0C;YAC1C,MAAM,OAAO,GAAG,SAAS,IAAI,OAAO;gBAClC,CAAC,CAAC,GAAG,IAAI,SAAS,CAAC,OAAO,EAAE,IAAI,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE;gBACxD,CAAC,CAAC,IAAI,CAAC;YAET,MAAM,IAAI,GAAG,OAAO;gBAClB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC/D,CAAC,CAAC,CAAC,CAAC;YAEN,OAAO,CAAC;gBACN,KAAK,EAAE,OAAO;gBACd,eAAe,EAAE,IAAI;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE;gBACzC,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,EAAE;gBACzB,QAAQ,EAAE,KAAK;aAChB,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACtB,MAAM,CAAC,KAAK,CAAC,wBAAwB,MAAM,CAAC,QAAQ,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxE,OAAO,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,OAAO,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,EAAE,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/utils/token-counter.d.ts

@@ -0,0 +1,7 @@
+export declare class TokenCounter {
+    private encoding;
+    constructor(model?: string);
+    count(text: string): number;
+    free(): void;
+}
+//# sourceMappingURL=token-counter.d.ts.map

package/dist/utils/token-counter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-counter.d.ts","sourceRoot":"","sources":["../../src/utils/token-counter.ts"],"names":[],"mappings":"AAEA,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAkC;gBAEtC,KAAK,GAAE,MAAiB;IAMpC,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM;IAI3B,IAAI,IAAI,IAAI;CAGb"}

package/dist/utils/token-counter.js

@@ -0,0 +1,16 @@
+import { get_encoding } from 'tiktoken';
+export class TokenCounter {
+    encoding;
+    constructor(model = 'gpt-4o') {
+        // o200k_base is the encoding used by gpt-4o and gpt-4o-mini
+        const encodingName = 'o200k_base';
+        this.encoding = get_encoding(encodingName);
+    }
+    count(text) {
+        return this.encoding.encode(text).length;
+    }
+    free() {
+        this.encoding.free();
+    }
+}
+//# sourceMappingURL=token-counter.js.map

package/dist/utils/token-counter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-counter.js","sourceRoot":"","sources":["../../src/utils/token-counter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAoB,MAAM,UAAU,CAAC;AAE1D,MAAM,OAAO,YAAY;IACf,QAAQ,CAAkC;IAElD,YAAY,QAAgB,QAAQ;QAClC,4DAA4D;QAC5D,MAAM,YAAY,GAAqB,YAAY,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,IAAY;QAChB,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;IAC3C,CAAC;IAED,IAAI;QACF,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;CACF"}

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "@mcp-guardian/server",
+  "version": "0.3.0",
+  "description": "Security, cost, and health audit for MCP infrastructure",
+  "type": "module",
+  "files": ["dist"],
+  "main": "./dist/index.js",
+  "bin": {
+    "mcp-guardian": "./dist/cli.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": "github:rudraneel93/mcp-guardian",
+  "bugs": "https://github.com/rudraneel93/mcp-guardian/issues",
+  "homepage": "https://github.com/rudraneel93/mcp-guardian#readme",
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "security",
+    "audit",
+    "cost",
+    "health",
+    "observability",
+    "agent-ai",
+    "cli"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "tsx watch src/index.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit",
+    "prepublishOnly": "npm run build && npm test"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "tiktoken": "^1.0.15",
+    "sql.js": "^1.11.0",
+    "axios": "^1.7.0",
+    "commander": "^12.0.0",
+    "chalk": "^5.3.0",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.4.0",
+    "tsx": "^4.7.0",
+    "vitest": "^1.6.0"
+  }
+}