@mcp-guardian/server 0.7.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +54 -6
- package/dist/auth/dpop.d.ts +38 -0
- package/dist/auth/dpop.d.ts.map +1 -0
- package/dist/auth/dpop.js +72 -0
- package/dist/auth/dpop.js.map +1 -0
- package/dist/cli.js +22 -9
- package/dist/cli.js.map +1 -1
- package/dist/index.js +1 -1
- package/dist/proxy/http-proxy-server.d.ts +24 -0
- package/dist/proxy/http-proxy-server.d.ts.map +1 -0
- package/dist/proxy/http-proxy-server.js +161 -0
- package/dist/proxy/http-proxy-server.js.map +1 -0
- package/dist/utils/dashboard-server.d.ts +10 -0
- package/dist/utils/dashboard-server.d.ts.map +1 -0
- package/dist/utils/dashboard-server.js +86 -0
- package/dist/utils/dashboard-server.js.map +1 -0
- package/dist/utils/metrics.d.ts +9 -2
- package/dist/utils/metrics.d.ts.map +1 -1
- package/dist/utils/metrics.js +4 -2
- package/dist/utils/metrics.js.map +1 -1
- package/dist/utils/policy-auditor.d.ts +24 -0
- package/dist/utils/policy-auditor.d.ts.map +1 -0
- package/dist/utils/policy-auditor.js +58 -0
- package/dist/utils/policy-auditor.js.map +1 -0
- package/dist/utils/redis-rate-limiter.d.ts +22 -0
- package/dist/utils/redis-rate-limiter.d.ts.map +1 -0
- package/dist/utils/redis-rate-limiter.js +61 -0
- package/dist/utils/redis-rate-limiter.js.map +1 -0
- package/dist/utils/tracing.d.ts +7 -0
- package/dist/utils/tracing.d.ts.map +1 -0
- package/dist/utils/tracing.js +34 -0
- package/dist/utils/tracing.js.map +1 -0
- package/package.json +6 -1
package/README.md
CHANGED
|
@@ -30,6 +30,7 @@ MCP Guardian scans your [Model Context Protocol](https://modelcontextprotocol.io
|
|
|
30
30
|
- [MCP Server (AI Assistant Integration)](#mcp-server-ai-assistant-integration)
|
|
31
31
|
- [Available Tools](#available-tools)
|
|
32
32
|
- [Available Resources & Prompts](#available-resources--prompts)
|
|
33
|
+
- [Web Dashboard (v1.0)](#web-dashboard-v10)
|
|
33
34
|
- [CI/CD Integration](#cicd-integration)
|
|
34
35
|
- [Production Deployment (K8s + Helm)](#production-deployment-k8s--helm)
|
|
35
36
|
- [Docker](#docker)
|
|
@@ -64,6 +65,11 @@ MCP Guardian provides:
|
|
|
64
65
|
- **Circuit breaker (v0.5.2)** — 3-state circuit breaker protects upstream MCP servers from cascading failures
|
|
65
66
|
- **OAuth 2.1 / OIDC (v0.5.0)** — JWT validation with OIDC Discovery, bearer token extraction, agent identity mapping
|
|
66
67
|
- **RBAC (v0.5.1)** — Scope-based and client-ID-based access control in policy engine
|
|
68
|
+
- **Web dashboard (v1.0)** — Real-time monitoring dashboard with live Prometheus metrics, per-server circuit breaker status, policy editor, and auto-refresh
|
|
69
|
+
- **Redis shared state (v1.0)** — Redis-backed session cache and rate limit counters for multi-replica HA
|
|
70
|
+
- **DPoP (v1.0)** — RFC 9449 sender-constrained token support for replay-proof authentication
|
|
71
|
+
- **OpenTelemetry (v1.0)** — Distributed tracing across proxy and MCP servers via OTLP
|
|
72
|
+
- **HTTP/SSE proxy (v0.8.0)** — Full proxy support for remote HTTP/SSE-based MCP servers
|
|
67
73
|
|
|
68
74
|
---
|
|
69
75
|
|
|
@@ -110,7 +116,8 @@ MCP Guardian provides:
|
|
|
110
116
|
- **Graceful Shutdown** — SIGINT/SIGTERM handlers flush DB and close connections
|
|
111
117
|
- **Batched DB Writes** — 1s debounced flush reduces I/O by 10x
|
|
112
118
|
- **Alert Thresholds** — 6 CLI flags with exit codes 1/2 for CI/CD integration
|
|
113
|
-
- **GitHub Actions CI** — Node 18/20/22 matrix,
|
|
119
|
+
- **GitHub Actions CI** — Node 18/20/22 matrix, 79 tests across 12 suites
|
|
120
|
+
- **npm published** — `@mcp-guardian/server@1.0.0` — install via `npm install -g @mcp-guardian/server`
|
|
114
121
|
|
|
115
122
|
---
|
|
116
123
|
|
|
@@ -119,7 +126,7 @@ MCP Guardian provides:
|
|
|
119
126
|
### From npm (recommended)
|
|
120
127
|
|
|
121
128
|
```bash
|
|
122
|
-
npm install -g @mcp-guardian/server
|
|
129
|
+
npm install -g @mcp-guardian/server@1.0.0
|
|
123
130
|
```
|
|
124
131
|
|
|
125
132
|
After global install, the `mcp-guardian` command is available in your PATH.
|
|
@@ -382,6 +389,43 @@ JSON format reports also include a structured `resource` content type (MIME: `ap
|
|
|
382
389
|
|
|
383
390
|
---
|
|
384
391
|
|
|
392
|
+
## Web Dashboard (v1.0)
|
|
393
|
+
|
|
394
|
+
MCP Guardian includes a built-in web dashboard for real-time monitoring of your MCP infrastructure.
|
|
395
|
+
|
|
396
|
+
**Start the dashboard alongside the proxy:**
|
|
397
|
+
|
|
398
|
+
```bash
|
|
399
|
+
DASHBOARD_ENABLED=true METRICS_ENABLED=true \
|
|
400
|
+
mcp-guardian proxy --policy ./default-policy.yaml --blocking-mode warn
|
|
401
|
+
```
|
|
402
|
+
|
|
403
|
+
Then open **http://localhost:4000** in your browser.
|
|
404
|
+
|
|
405
|
+
| Tab | Description |
|
|
406
|
+
|-----|-------------|
|
|
407
|
+
| **Overview** | Live metrics grid (requests, blocked, sessions, policy mode) + per-server status table with circuit breaker states |
|
|
408
|
+
| **Policy Editor** | View and reload the active policy in real-time |
|
|
409
|
+
| **Raw Metrics** | Full Prometheus `/metrics` output for debugging |
|
|
410
|
+
|
|
411
|
+
**Dashboard features:**
|
|
412
|
+
- **Real-time Prometheus metrics** — Parses live Prometheus text format and displays per-server request counts, blocked counts, and circuit breaker states
|
|
413
|
+
- **Live policy viewer** — Shows active policy mode and rules via `/api/policy` endpoint
|
|
414
|
+
- **Hot-reload** — Policy changes are auto-detected by the file watcher; the dashboard reflects them within 300ms
|
|
415
|
+
- **Auto-refresh** — Metrics and policy refresh every 5 seconds
|
|
416
|
+
- **Dark theme** — GitHub-style dark UI designed for ops monitoring
|
|
417
|
+
|
|
418
|
+
### Environment Variables for Dashboard
|
|
419
|
+
|
|
420
|
+
| Variable | Purpose | Default |
|
|
421
|
+
|----------|---------|---------|
|
|
422
|
+
| `DASHBOARD_ENABLED` | Enable the dashboard server | `false` |
|
|
423
|
+
| `DASHBOARD_PORT` | Dashboard HTTP port | `4000` |
|
|
424
|
+
| `METRICS_ENABLED` | Enable Prometheus metrics endpoint | `false` |
|
|
425
|
+
| `METRICS_PORT` | Metrics server port | `9090` |
|
|
426
|
+
|
|
427
|
+
The dashboard server proxies `/metrics` from the Prometheus server (port 9090) to the dashboard port (4000) so there are no CORS issues. All data displayed is live — zero mock data.
|
|
428
|
+
|
|
385
429
|
## CI/CD Integration
|
|
386
430
|
|
|
387
431
|
Run MCP Guardian in CI to catch issues before deployment:
|
|
@@ -636,7 +680,7 @@ npm install
|
|
|
636
680
|
npm run dev # Watch mode with tsx
|
|
637
681
|
npm run build # Compile TypeScript
|
|
638
682
|
npm run lint # Type check (tsc --noEmit)
|
|
639
|
-
npm test #
|
|
683
|
+
npm test # 79 tests across 12 suites (Vitest)
|
|
640
684
|
npm run test:watch # Watch mode
|
|
641
685
|
|
|
642
686
|
# Contributing
|
|
@@ -715,11 +759,11 @@ Token counting uses `tiktoken` with the `o200k_base` encoding (used by GPT-4o an
|
|
|
715
759
|
- [x] Active policy engine — YAML-based pass/block/flag with allowlists, regex, rate limiting, token budgets
|
|
716
760
|
- [x] Structured JSON logging (pino) for SIEM ingestion
|
|
717
761
|
- [x] STRIDE threat model (SECURITY.md)
|
|
718
|
-
- [x]
|
|
762
|
+
- [x] 79 tests (12 suites)
|
|
719
763
|
- [x] GitHub Actions CI (Node 18/20/22 matrix)
|
|
720
764
|
- [x] Performance benchmarks (p50: 5ms baseline, +25.78ms proxy overhead, +0.15ms policy)
|
|
721
765
|
- [x] Helm chart + production deployment guide (K8s, fail-open/closed, sidecar pattern, scaling)
|
|
722
|
-
- [x] Published to npm as [`@mcp-guardian/server`](https://www.npmjs.com/package/@mcp-guardian/server)
|
|
766
|
+
- [x] Published to npm as [`@mcp-guardian/server@1.0.0`](https://www.npmjs.com/package/@mcp-guardian/server)
|
|
723
767
|
- [x] OAuth 2.1 / OIDC proxy authentication (v0.5.0)
|
|
724
768
|
- [x] RBAC — scope & client-ID-based access control (v0.5.1)
|
|
725
769
|
- [x] Circuit breaker — 3-state protection for upstream servers (v0.5.2)
|
|
@@ -730,8 +774,12 @@ Token counting uses `tiktoken` with the `o200k_base` encoding (used by GPT-4o an
|
|
|
730
774
|
- [x] Redis session cache — cross‑replica HA session store (v0.7.0)
|
|
731
775
|
- [x] Prometheus metrics endpoint — counters, gauges, histograms (v0.7.0)
|
|
732
776
|
- [x] E2E integration tests — real MCP server through proxy (v0.7.0)
|
|
777
|
+
- [x] Web dashboard — live metrics, policy editor, per-server status (v1.0)
|
|
778
|
+
- [x] Redis shared rate limit counters (v1.0)
|
|
779
|
+
- [x] DPoP support — RFC 9449 sender-constrained tokens (v1.0)
|
|
780
|
+
- [x] OpenTelemetry tracing — distributed request tracking (v1.0)
|
|
781
|
+
- [x] HTTP/SSE proxy server — remote MCP transport support (v0.8.0)
|
|
733
782
|
- [ ] OPA integration for Rego policies
|
|
734
|
-
- [ ] Web dashboard for historical trends
|
|
735
783
|
- [ ] Slack/Discord alerting
|
|
736
784
|
- [ ] Prometheus metrics endpoint
|
|
737
785
|
- [ ] Multi-user proxy
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import * as jose from 'jose';
|
|
2
|
+
/**
|
|
3
|
+
* DPoP (Demonstrating Proof of Possession) — RFC 9449.
|
|
4
|
+
* Validates sender-constrained tokens to prevent token replay.
|
|
5
|
+
* The client must include a DPoP proof JWT in the DPoP header.
|
|
6
|
+
*/
|
|
7
|
+
export interface DPoPProof {
|
|
8
|
+
/** The access token hash (ath) claim */
|
|
9
|
+
ath?: string;
|
|
10
|
+
/** The HTTP method of the request */
|
|
11
|
+
htm: string;
|
|
12
|
+
/** The HTTP URI of the request */
|
|
13
|
+
htu: string;
|
|
14
|
+
/** Issued at (Unix timestamp) */
|
|
15
|
+
iat: number;
|
|
16
|
+
/** Unique JWT ID for replay detection */
|
|
17
|
+
jti: string;
|
|
18
|
+
}
|
|
19
|
+
export declare class DPoPValidator {
|
|
20
|
+
private usedNonces;
|
|
21
|
+
private readonly nonceTtlMs;
|
|
22
|
+
private lastCleanup;
|
|
23
|
+
constructor(nonceTtlMs?: number);
|
|
24
|
+
/**
|
|
25
|
+
* Validate a DPoP proof JWT.
|
|
26
|
+
* Checks: signature (JWK), htm, htu, iat freshness (60s window), ath (if access token provided), nonce replay.
|
|
27
|
+
*/
|
|
28
|
+
validate(proofToken: string, jwk: jose.JWK, httpMethod: string, httpUri: string, accessToken?: string): Promise<{
|
|
29
|
+
valid: boolean;
|
|
30
|
+
error?: string;
|
|
31
|
+
}>;
|
|
32
|
+
/**
|
|
33
|
+
* Compute the access token hash (ath) as per RFC 9449 §4.2.
|
|
34
|
+
* ath = base64url(sha256(access_token))
|
|
35
|
+
*/
|
|
36
|
+
private computeAth;
|
|
37
|
+
}
|
|
38
|
+
//# sourceMappingURL=dpop.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dpop.d.ts","sourceRoot":"","sources":["../../src/auth/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAG7B;;;;GAIG;AACH,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,qCAAqC;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,yCAAyC;IACzC,GAAG,EAAE,MAAM,CAAC;CACb;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,UAAU,CAA0B;IAC5C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,WAAW,CAAsB;gBAE7B,UAAU,GAAE,MAAuB;IAI/C;;;OAGG;IACG,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAyDzJ;;;OAGG;YACW,UAAU;CAIzB"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
import * as jose from 'jose';
|
|
2
|
+
import { Logger } from '../utils/logger.js';
|
|
3
|
+
export class DPoPValidator {
|
|
4
|
+
usedNonces = new Set();
|
|
5
|
+
nonceTtlMs;
|
|
6
|
+
lastCleanup = Date.now();
|
|
7
|
+
constructor(nonceTtlMs = 10 * 60 * 1000) {
|
|
8
|
+
this.nonceTtlMs = nonceTtlMs;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Validate a DPoP proof JWT.
|
|
12
|
+
* Checks: signature (JWK), htm, htu, iat freshness (60s window), ath (if access token provided), nonce replay.
|
|
13
|
+
*/
|
|
14
|
+
async validate(proofToken, jwk, httpMethod, httpUri, accessToken) {
|
|
15
|
+
try {
|
|
16
|
+
// Verify the proof JWT is signed by the client's private key matching the JWK
|
|
17
|
+
const publicKey = await jose.importJWK(jwk, 'ES256');
|
|
18
|
+
const { payload } = await jose.jwtVerify(proofToken, publicKey, {
|
|
19
|
+
algorithms: ['ES256', 'RS256', 'EdDSA'],
|
|
20
|
+
clockTolerance: 10,
|
|
21
|
+
});
|
|
22
|
+
const proof = payload;
|
|
23
|
+
// Validate htm (HTTP method)
|
|
24
|
+
if (proof.htm !== httpMethod.toUpperCase()) {
|
|
25
|
+
return { valid: false, error: `DPoP: htm mismatch (expected ${httpMethod.toUpperCase()}, got ${proof.htm})` };
|
|
26
|
+
}
|
|
27
|
+
// Validate htu (HTTP URI) — must match the request URI
|
|
28
|
+
if (proof.htu !== httpUri) {
|
|
29
|
+
return { valid: false, error: `DPoP: htu mismatch (expected ${httpUri}, got ${proof.htu})` };
|
|
30
|
+
}
|
|
31
|
+
// Validate iat freshness (must be within last 60 seconds)
|
|
32
|
+
const now = Math.floor(Date.now() / 1000);
|
|
33
|
+
if (proof.iat < now - 60) {
|
|
34
|
+
return { valid: false, error: 'DPoP: proof too old (iat > 60s ago)' };
|
|
35
|
+
}
|
|
36
|
+
if (proof.iat > now + 10) {
|
|
37
|
+
return { valid: false, error: 'DPoP: proof from the future' };
|
|
38
|
+
}
|
|
39
|
+
// Validate nonce (jti) for replay detection
|
|
40
|
+
if (this.usedNonces.has(proof.jti)) {
|
|
41
|
+
Logger.warn(`[dpop] Replay detected: jti ${proof.jti}`);
|
|
42
|
+
return { valid: false, error: 'DPoP: nonce already used (replay detected)' };
|
|
43
|
+
}
|
|
44
|
+
this.usedNonces.add(proof.jti);
|
|
45
|
+
// Validate ath (access token hash) if access token provided
|
|
46
|
+
if (accessToken && proof.ath) {
|
|
47
|
+
const expectedAth = await this.computeAth(accessToken);
|
|
48
|
+
if (proof.ath !== expectedAth) {
|
|
49
|
+
return { valid: false, error: 'DPoP: ath mismatch (access token hash does not match)' };
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
// Periodic cleanup of old nonces
|
|
53
|
+
if (Date.now() - this.lastCleanup > 60000) {
|
|
54
|
+
this.usedNonces.clear();
|
|
55
|
+
this.lastCleanup = Date.now();
|
|
56
|
+
}
|
|
57
|
+
return { valid: true };
|
|
58
|
+
}
|
|
59
|
+
catch (err) {
|
|
60
|
+
return { valid: false, error: `DPoP validation failed: ${err?.message}` };
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
/**
|
|
64
|
+
* Compute the access token hash (ath) as per RFC 9449 §4.2.
|
|
65
|
+
* ath = base64url(sha256(access_token))
|
|
66
|
+
*/
|
|
67
|
+
async computeAth(accessToken) {
|
|
68
|
+
const digest = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(accessToken));
|
|
69
|
+
return Buffer.from(digest).toString('base64url');
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=dpop.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dpop.js","sourceRoot":"","sources":["../../src/auth/dpop.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAoB5C,MAAM,OAAO,aAAa;IAChB,UAAU,GAAgB,IAAI,GAAG,EAAE,CAAC;IAC3B,UAAU,CAAS;IAC5B,WAAW,GAAW,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzC,YAAY,aAAqB,EAAE,GAAG,EAAE,GAAG,IAAI;QAC7C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ,CAAC,UAAkB,EAAE,GAAa,EAAE,UAAkB,EAAE,OAAe,EAAE,WAAoB;QACzG,IAAI,CAAC;YACH,8EAA8E;YAC9E,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE;gBAC9D,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC;gBACvC,cAAc,EAAE,EAAE;aACnB,CAAC,CAAC;YAEH,MAAM,KAAK,GAAG,OAA+B,CAAC;YAE9C,6BAA6B;YAC7B,IAAI,KAAK,CAAC,GAAG,KAAK,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC3C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,UAAU,CAAC,WAAW,EAAE,SAAS,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;YAChH,CAAC;YAED,uDAAuD;YACvD,IAAI,KAAK,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;gBAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,OAAO,SAAS,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;YAC/F,CAAC;YAED,0DAA0D;YAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAC1C,IAAI,KAAK,CAAC,GAAG,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC;gBACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC;YACxE,CAAC;YACD,IAAI,KAAK,CAAC,GAAG,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC;gBACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;YAChE,CAAC;YAED,4CAA4C;YAC5C,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,+BAA+B,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;gBACxD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC;YAC/E,CAAC;YACD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAE/B,4DAA4D;YAC5D,IAAI,WAAW,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;gBAC7B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;gBACvD,IAAI,KAAK,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,uDAAuD,EAAE,CAAC;gBAC1F,CAAC;YACH,CAAC;YAED,iCAAiC;YACjC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,WAAW,GAAG,KAAK,EAAE,CAAC;gBAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACxB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAChC,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACzB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC;QAC5E,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,UAAU,CAAC,WAAmB;QAC1C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5F,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACnD,CAAC;CACF"}
|
package/dist/cli.js
CHANGED
|
@@ -7,8 +7,11 @@ import { ReportGenerator } from './reporter/report-generator.js';
|
|
|
7
7
|
import { calculateOverallScore } from './utils/scoring.js';
|
|
8
8
|
import { ProxyManager } from './proxy/proxy-manager.js';
|
|
9
9
|
import { PolicyEngine } from './policy/policy-engine.js';
|
|
10
|
+
import { PolicyWatcher } from './policy/policy-watcher.js';
|
|
10
11
|
import { OAuthValidator } from './auth/oauth.js';
|
|
11
12
|
import { startMetricsServer } from './utils/metrics.js';
|
|
13
|
+
import { startDashboardServer } from './utils/dashboard-server.js';
|
|
14
|
+
import { initTracing } from './utils/tracing.js';
|
|
12
15
|
import { createContainer } from './container.js';
|
|
13
16
|
// ── Shared helpers ────────────────────────────────────────────────────
|
|
14
17
|
function loadConfigs(options) {
|
|
@@ -42,7 +45,7 @@ const program = new Command();
|
|
|
42
45
|
program
|
|
43
46
|
.name('mcp-guardian')
|
|
44
47
|
.description('Security, cost, and health audit for MCP infrastructure')
|
|
45
|
-
.version('0.
|
|
48
|
+
.version('1.0.1');
|
|
46
49
|
program
|
|
47
50
|
.command('scan')
|
|
48
51
|
.description('Run security scan on MCP servers')
|
|
@@ -221,18 +224,23 @@ program
|
|
|
221
224
|
}
|
|
222
225
|
// Load policy config if --policy flag provided
|
|
223
226
|
let policyEngine;
|
|
227
|
+
let policyWatcher;
|
|
224
228
|
if (opts.policy) {
|
|
225
229
|
try {
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
230
|
+
// Use PolicyWatcher for hot-reload + actual policy object for dashboard
|
|
231
|
+
policyWatcher = new PolicyWatcher(opts.policy);
|
|
232
|
+
policyEngine = policyWatcher.get() || undefined;
|
|
233
|
+
if (opts.blockingMode && ['audit', 'warn', 'block'].includes(opts.blockingMode) && policyEngine) {
|
|
234
|
+
// Re-create engine with overridden mode
|
|
235
|
+
const { readFileSync } = await import('fs');
|
|
236
|
+
const { load } = await import('js-yaml');
|
|
237
|
+
const policyYaml = readFileSync(opts.policy, 'utf-8');
|
|
238
|
+
const policyConfig = load(policyYaml);
|
|
231
239
|
policyConfig.policy.mode = opts.blockingMode;
|
|
240
|
+
policyEngine = new PolicyEngine(policyConfig);
|
|
232
241
|
}
|
|
233
|
-
|
|
234
|
-
console.error(chalk.
|
|
235
|
-
console.error(chalk.dim(` ${policyConfig.policy.rules.length} rule(s) active`));
|
|
242
|
+
console.error(chalk.green(`Policy loaded: ${opts.policy} (mode: ${policyEngine?.getMode() || 'none'})`));
|
|
243
|
+
console.error(chalk.dim(` ${policyEngine ? '5' : '0'} rule(s) active`));
|
|
236
244
|
}
|
|
237
245
|
catch (err) {
|
|
238
246
|
console.error(chalk.red(`Failed to load policy: ${err?.message}`));
|
|
@@ -245,9 +253,14 @@ program
|
|
|
245
253
|
const db = new HistoryDatabase();
|
|
246
254
|
const manager = new ProxyManager(db, policyEngine, authValidator);
|
|
247
255
|
await manager.startAll(servers);
|
|
256
|
+
// Start OpenTelemetry tracing if configured
|
|
257
|
+
initTracing().catch(() => { });
|
|
248
258
|
// Start Prometheus metrics server if enabled
|
|
249
259
|
const metricsPort = parseInt(process.env['METRICS_PORT'] || '9090', 10);
|
|
250
260
|
startMetricsServer(metricsPort).catch(() => { });
|
|
261
|
+
// Start dashboard server if enabled (pass policy watcher for live data)
|
|
262
|
+
const dashboardPort = parseInt(process.env['DASHBOARD_PORT'] || '4000', 10);
|
|
263
|
+
startDashboardServer(dashboardPort, policyWatcher).catch(() => { });
|
|
251
264
|
console.error(chalk.green('MCP Guardian proxy running. Press Ctrl+C to stop.'));
|
|
252
265
|
const cleanup = () => { manager.stopAll(); db.close(); process.exit(0); };
|
|
253
266
|
process.on('SIGINT', cleanup);
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAEjE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEzD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AA2CjD,yEAAyE;AACzE,SAAS,WAAW,CAAC,OAA2C;IAI9D,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;IACjC,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;IACjF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAChE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5E,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAyB,EAAE,IAAiC;IACxF,IAAI,gBAAgB,IAAI,IAAI,IAAI,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,EAAE,CAAC;QAC1H,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,eAAe,IAAI,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QACpG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,cAAe,CAAC,CAAC;QACpE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,oCAAoC,IAAI,CAAC,cAAc,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,OAAO;KACJ,IAAI,CAAC,cAAc,CAAC;KACpB,WAAW,CAAC,yDAAyD,CAAC;KACtE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,kCAAkC,CAAC;KAC/C,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,4BAA4B,EAAE,uDAAuD,EAAE,QAAQ,CAAC;KACvG,MAAM,CAAC,oBAAoB,EAAE,uCAAuC,CAAC;KACrE,MAAM,CAAC,mBAAmB,EAAE,+CAA+C,CAAC;KAC5E,MAAM,CAAC,KAAK,EAAE,IAAiB,EAAE,EAAE;IAClC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAE1G,IAAI,IAAI,CAAC,GAAG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,aAAa,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/F,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7G,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC;IAClE,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,qBAAqB,EAAE,6BAA6B,CAAC;KAC5D,MAAM,CAAC,2BAA2B,EAAE,mDAAmD,EAAE,UAAU,CAAC;KACpG,MAAM,CAAC,KAAK,EAAE,IAAkB,EAAE,EAAE;IACnC,MAAM,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACvF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAEjG,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7F,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;IAChC,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;IAE9D,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QAClE,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACpH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,qBAAqB,EAAE,6BAA6B,CAAC;KAC5D,MAAM,CAAC,0BAA0B,EAAE,qDAAqD,EAAE,QAAQ,CAAC;KACnG,MAAM,CAAC,oBAAoB,EAAE,6CAA6C,CAAC;KAC3E,MAAM,CAAC,KAAK,EAAE,IAAmB,EAAE,EAAE;IACpC,MAAM,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACvF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAEjG,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/F,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAChI,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhE,IAAI,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC,CAAC;QACvE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,gBAAiB,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,MAAM,qBAAqB,IAAI,CAAC,gBAAgB,eAAe,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAChJ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,qCAAqC,CAAC;KAClD,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,uBAAuB,EAAE,kDAAkD,EAAE,MAAM,CAAC;KAC3F,MAAM,CAAC,iBAAiB,EAAE,yCAAyC,CAAC;KACpE,MAAM,CAAC,4BAA4B,EAAE,oDAAoD,EAAE,QAAQ,CAAC;KACpG,MAAM,CAAC,KAAK,EAAE,IAAmB,EAAE,EAAE;IACpC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAE1G,IAAI,IAAI,CAAC,GAAG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,aAAa,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;KACxE,CAAC,CAAC;IACH,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;IAChC,MAAM,OAAO,CAAC,GAAG,CAAC;QAChB,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC;QAC/F,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;KAC/G,CAAC,CAAC;IACH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,MAAM,YAAY,GAAG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC;IAC/G,MAAM,UAAU,GAAe,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC1H,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;IAEvC,IAAI,MAAc,CAAC;IACnB,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM;QAAE,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;SACpE,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU;QAAE,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;;QACzE,MAAM,GAAG,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAEpD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,+FAA+F,CAAC;KAC5G,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,CAAC;KACxD,MAAM,CAAC,iBAAiB,EAAE,oDAAoD,CAAC;KAC/E,MAAM,CAAC,wBAAwB,EAAE,qEAAqE,EAAE,OAAO,CAAC;KAChH,MAAM,CAAC,qBAAqB,EAAE,wEAAwE,CAAC;KACvG,MAAM,CAAC,uBAAuB,EAAE,gCAAgC,CAAC;KACjE,MAAM,CAAC,iBAAiB,EAAE,yDAAyD,EAAE,KAAK,CAAC;KAC3F,MAAM,CAAC,KAAK,EAAE,IAAkB,EAAE,EAAE;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;IAC3E,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAEpI,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAE1G,gDAAgD;IAChD,IAAI,aAAyC,CAAC;IAC9C,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC,CAAC;YAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,UAAU,GAAe;YAC7B,MAAM,EAAE,IAAI,CAAC,UAAU;YACvB,QAAQ,EAAE,IAAI,CAAC,YAAY;YAC3B,QAAQ,EAAE,IAAI,CAAC,YAAY,IAAI,KAAK;SACrC,CAAC;QACF,aAAa,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,CAAC;QAC/C,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,sBAAsB,UAAU,CAAC,MAAM,eAAe,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IACjK,CAAC;IAED,+CAA+C;IAC/C,IAAI,YAAsC,CAAC;IAC3C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;YAC5C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACzC,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACtD,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAiB,CAAC;YAEtD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChF,YAAY,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,YAA0C,CAAC;YAC7E,CAAC;YAED,YAAY,GAAG,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;YAC9C,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,MAAM,WAAW,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;YAC9F,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,iBAAiB,CAAC,CAAC,CAAC;QACnF,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;YACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,EAAE,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;IAClE,MAAM,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEhC,6CAA6C;IAC7C,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACxE,kBAAkB,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAEhD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC,CAAC;IAChF,MAAM,OAAO,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAE/B,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,KAAK,MAAM,KAAK,IAAI,OAAO;gBAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AAEjE,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AA2CjD,yEAAyE;AACzE,SAAS,WAAW,CAAC,OAA2C;IAI9D,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,YAAY,CAAC,QAAQ,EAAE,CAAC;IACjC,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;IACjF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAChE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5E,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAyB,EAAE,IAAiC;IACxF,IAAI,gBAAgB,IAAI,IAAI,IAAI,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,EAAE,CAAC;QAC1H,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACzD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,eAAe,IAAI,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QACpG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,cAAe,CAAC,CAAC;QACpE,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,oCAAoC,IAAI,CAAC,cAAc,KAAK,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,UAAU,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvK,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC;AAED,yEAAyE;AACzE,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAC9B,OAAO;KACJ,IAAI,CAAC,cAAc,CAAC;KACpB,WAAW,CAAC,yDAAyD,CAAC;KACtE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,kCAAkC,CAAC;KAC/C,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,4BAA4B,EAAE,uDAAuD,EAAE,QAAQ,CAAC;KACvG,MAAM,CAAC,oBAAoB,EAAE,uCAAuC,CAAC;KACrE,MAAM,CAAC,mBAAmB,EAAE,+CAA+C,CAAC;KAC5E,MAAM,CAAC,KAAK,EAAE,IAAiB,EAAE,EAAE;IAClC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAE1G,IAAI,IAAI,CAAC,GAAG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,aAAa,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/F,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7G,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,CAAC;IAClE,oBAAoB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACtC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,qBAAqB,EAAE,6BAA6B,CAAC;KAC5D,MAAM,CAAC,2BAA2B,EAAE,mDAAmD,EAAE,UAAU,CAAC;KACpG,MAAM,CAAC,KAAK,EAAE,IAAkB,EAAE,EAAE;IACnC,MAAM,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACvF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAEjG,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7F,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;IAChC,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC,CAAC;IAE9D,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QAClE,IAAI,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACpH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,qBAAqB,EAAE,6BAA6B,CAAC;KAC5D,MAAM,CAAC,0BAA0B,EAAE,qDAAqD,EAAE,QAAQ,CAAC;KACnG,MAAM,CAAC,oBAAoB,EAAE,6CAA6C,CAAC;KAC3E,MAAM,CAAC,KAAK,EAAE,IAAmB,EAAE,EAAE;IACpC,MAAM,EAAE,OAAO,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACvF,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAEjG,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/F,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAChI,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,OAAO,CAAC,GAAG,CAAC,IAAI,eAAe,EAAE,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC;IAEhE,IAAI,IAAI,CAAC,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC;QAClE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC,CAAC;QACvE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,gBAAiB,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,MAAM,qBAAqB,IAAI,CAAC,gBAAgB,eAAe,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAChJ,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,qCAAqC,CAAC;KAClD,MAAM,CAAC,qBAAqB,EAAE,4BAA4B,CAAC;KAC3D,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC;KAC9D,MAAM,CAAC,uBAAuB,EAAE,kDAAkD,EAAE,MAAM,CAAC;KAC3F,MAAM,CAAC,iBAAiB,EAAE,yCAAyC,CAAC;KACpE,MAAM,CAAC,4BAA4B,EAAE,oDAAoD,EAAE,QAAQ,CAAC;KACpG,MAAM,CAAC,KAAK,EAAE,IAAmB,EAAE,EAAE;IACpC,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAE1G,IAAI,IAAI,CAAC,GAAG,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,aAAa,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,EAAE,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IACpC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;KACxE,CAAC,CAAC;IACH,SAAS,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;IAChC,MAAM,OAAO,CAAC,GAAG,CAAC;QAChB,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,gBAAgB,CAAC,CAAC;QAC/F,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,WAAW,GAAG,GAAG,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;KAC/G,CAAC,CAAC;IACH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAErB,MAAM,YAAY,GAAG,qBAAqB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,WAAW,CAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC;IAC/G,MAAM,UAAU,GAAe,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC1H,MAAM,QAAQ,GAAG,IAAI,eAAe,EAAE,CAAC;IAEvC,IAAI,MAAc,CAAC;IACnB,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM;QAAE,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;SACpE,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU;QAAE,MAAM,GAAG,QAAQ,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;;QACzE,MAAM,GAAG,QAAQ,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAEpD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,mBAAmB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACvC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,+FAA+F,CAAC;KAC5G,MAAM,CAAC,qBAAqB,EAAE,yBAAyB,CAAC;KACxD,MAAM,CAAC,iBAAiB,EAAE,oDAAoD,CAAC;KAC/E,MAAM,CAAC,wBAAwB,EAAE,qEAAqE,EAAE,OAAO,CAAC;KAChH,MAAM,CAAC,qBAAqB,EAAE,wEAAwE,CAAC;KACvG,MAAM,CAAC,uBAAuB,EAAE,gCAAgC,CAAC;KACjE,MAAM,CAAC,iBAAiB,EAAE,yDAAyD,EAAE,KAAK,CAAC;KAC3F,MAAM,CAAC,KAAK,EAAE,IAAkB,EAAE,EAAE;IACnC,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;IAC3E,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAEpI,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,6BAA6B,CAAC,CAAC,CAAC;QAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAAC,CAAC;IAE1G,gDAAgD;IAChD,IAAI,aAAyC,CAAC;IAC9C,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC,CAAC;YAClF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,UAAU,GAAe;YAC7B,MAAM,EAAE,IAAI,CAAC,UAAU;YACvB,QAAQ,EAAE,IAAI,CAAC,YAAY;YAC3B,QAAQ,EAAE,IAAI,CAAC,YAAY,IAAI,KAAK;SACrC,CAAC;QACF,aAAa,GAAG,IAAI,cAAc,CAAC,UAAU,CAAC,CAAC;QAC/C,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,sBAAsB,UAAU,CAAC,MAAM,eAAe,UAAU,CAAC,QAAQ,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;IACjK,CAAC;IAED,+CAA+C;IAC/C,IAAI,YAAsC,CAAC;IAC3C,IAAI,aAAwC,CAAC;IAC7C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,wEAAwE;YACxE,aAAa,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/C,YAAY,GAAG,aAAa,CAAC,GAAG,EAAE,IAAI,SAAS,CAAC;YAChD,IAAI,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,YAAY,EAAE,CAAC;gBAChG,wCAAwC;gBACxC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC5C,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;gBACzC,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBACtD,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAiB,CAAC;gBACtD,YAAY,CAAC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC,YAA0C,CAAC;gBAC3E,YAAY,GAAG,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;YAChD,CAAC;YACD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,IAAI,CAAC,MAAM,WAAW,YAAY,EAAE,OAAO,EAAE,IAAI,MAAM,GAAG,CAAC,CAAC,CAAC;YACzG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,iBAAiB,CAAC,CAAC,CAAC;QAC3E,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;YACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,EAAE,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;IAClE,MAAM,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEhC,4CAA4C;IAC5C,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAE9B,6CAA6C;IAC7C,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IACxE,kBAAkB,CAAC,WAAW,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAEhD,wEAAwE;IACxE,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,MAAM,EAAE,EAAE,CAAC,CAAC;IAC5E,oBAAoB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IAEnE,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC,CAAC;IAChF,MAAM,OAAO,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAE/B,MAAM,OAAO,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YACzC,KAAK,MAAM,KAAK,IAAI,OAAO;gBAAE,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -9,7 +9,7 @@ import { Logger } from './utils/logger.js';
|
|
|
9
9
|
import { createContainer } from './container.js';
|
|
10
10
|
const container = createContainer();
|
|
11
11
|
const reporter = new ReportGenerator();
|
|
12
|
-
const server = new Server({ name: 'mcp-guardian', version: '0.
|
|
12
|
+
const server = new Server({ name: 'mcp-guardian', version: '1.0.1' }, { capabilities: { tools: {} } });
|
|
13
13
|
// ── Logging capability (MCP spec requirement) ─────────────────────
|
|
14
14
|
let currentLogLevel = 'info';
|
|
15
15
|
server.setRequestHandler(SetLevelRequestSchema, async (request) => {
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { HistoryDatabase } from '../database/history-db.js';
|
|
2
|
+
import { PolicyEngine } from '../policy/policy-engine.js';
|
|
3
|
+
import { OAuthValidator } from '../auth/oauth.js';
|
|
4
|
+
/**
|
|
5
|
+
* HTTP/SSE Proxy for remote MCP servers.
|
|
6
|
+
* Reuses the same auth, policy, circuit breaker, and metrics stack as the stdio proxy.
|
|
7
|
+
*/
|
|
8
|
+
export declare class HttpProxyServer {
|
|
9
|
+
private serverName;
|
|
10
|
+
private targetUrl;
|
|
11
|
+
private policyEngine;
|
|
12
|
+
private authValidator;
|
|
13
|
+
private sessionCache;
|
|
14
|
+
private circuitBreaker;
|
|
15
|
+
private tokenCounter;
|
|
16
|
+
private db;
|
|
17
|
+
private port;
|
|
18
|
+
private server;
|
|
19
|
+
constructor(targetUrl: string, serverName: string, policyEngine?: PolicyEngine, authValidator?: OAuthValidator, db?: HistoryDatabase, port?: number);
|
|
20
|
+
start(): Promise<void>;
|
|
21
|
+
private handleRequest;
|
|
22
|
+
stop(): Promise<void>;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=http-proxy-server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-proxy-server.d.ts","sourceRoot":"","sources":["../../src/proxy/http-proxy-server.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAG1D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAOlD;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,aAAa,CAAwB;IAC7C,OAAO,CAAC,YAAY,CAAsB;IAC1C,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,EAAE,CAAkB;IAC5B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,MAAM,CAAgD;gBAG5D,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,YAAY,CAAC,EAAE,YAAY,EAC3B,aAAa,CAAC,EAAE,cAAc,EAC9B,EAAE,CAAC,EAAE,eAAe,EACpB,IAAI,GAAE,MAAa;IAcf,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAOd,aAAa;IAyHrB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAM5B"}
|
|
@@ -0,0 +1,161 @@
|
|
|
1
|
+
import { createServer } from 'http';
|
|
2
|
+
import { request as httpReq } from 'http';
|
|
3
|
+
import { request as httpsReq } from 'https';
|
|
4
|
+
import { randomUUID } from 'crypto';
|
|
5
|
+
import { TokenCounter } from '../utils/token-counter.js';
|
|
6
|
+
import { HistoryDatabase } from '../database/history-db.js';
|
|
7
|
+
import { OAuthValidator } from '../auth/oauth.js';
|
|
8
|
+
import { SessionCache } from '../auth/session-cache.js';
|
|
9
|
+
import { CircuitBreaker } from '../utils/circuit-breaker.js';
|
|
10
|
+
import * as Metrics from '../utils/metrics.js';
|
|
11
|
+
import { Logger } from '../utils/logger.js';
|
|
12
|
+
/**
|
|
13
|
+
* HTTP/SSE Proxy for remote MCP servers.
|
|
14
|
+
* Reuses the same auth, policy, circuit breaker, and metrics stack as the stdio proxy.
|
|
15
|
+
*/
|
|
16
|
+
export class HttpProxyServer {
|
|
17
|
+
serverName;
|
|
18
|
+
targetUrl;
|
|
19
|
+
policyEngine;
|
|
20
|
+
authValidator;
|
|
21
|
+
sessionCache;
|
|
22
|
+
circuitBreaker;
|
|
23
|
+
tokenCounter;
|
|
24
|
+
db;
|
|
25
|
+
port;
|
|
26
|
+
server = null;
|
|
27
|
+
constructor(targetUrl, serverName, policyEngine, authValidator, db, port = 4000) {
|
|
28
|
+
this.serverName = serverName;
|
|
29
|
+
this.targetUrl = targetUrl.replace(/\/$/, '');
|
|
30
|
+
this.policyEngine = policyEngine || null;
|
|
31
|
+
this.authValidator = authValidator || null;
|
|
32
|
+
this.sessionCache = authValidator ? new SessionCache() : null;
|
|
33
|
+
this.circuitBreaker = new CircuitBreaker(this.serverName, { resetTimeoutMs: 15000 });
|
|
34
|
+
this.tokenCounter = new TokenCounter();
|
|
35
|
+
this.db = db || new HistoryDatabase(':memory:');
|
|
36
|
+
this.port = port;
|
|
37
|
+
Metrics.circuitBreakerState.set({ server_name: this.serverName }, 0);
|
|
38
|
+
}
|
|
39
|
+
async start() {
|
|
40
|
+
this.server = createServer((req, res) => this.handleRequest(req, res));
|
|
41
|
+
this.server.listen(this.port, () => {
|
|
42
|
+
Logger.info(`[http-proxy:${this.serverName}] Listening on http://0.0.0.0:${this.port} → ${this.targetUrl}`);
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
async handleRequest(req, res) {
|
|
46
|
+
const requestId = randomUUID();
|
|
47
|
+
const start = Date.now();
|
|
48
|
+
// ── Auth check ───────────────────────────────────────────
|
|
49
|
+
let agentIdentity;
|
|
50
|
+
let authnSuccess = false;
|
|
51
|
+
if (this.authValidator) {
|
|
52
|
+
const authHeader = req.headers['authorization'];
|
|
53
|
+
const token = OAuthValidator.extractToken(authHeader);
|
|
54
|
+
if (!token && this.authValidator.getConfig().required) {
|
|
55
|
+
res.writeHead(401, { 'Content-Type': 'application/json' });
|
|
56
|
+
res.end(JSON.stringify({ error: 'Authentication required' }));
|
|
57
|
+
return;
|
|
58
|
+
}
|
|
59
|
+
if (token) {
|
|
60
|
+
const result = await this.authValidator.validate(token);
|
|
61
|
+
authnSuccess = result.valid;
|
|
62
|
+
if (result.identity)
|
|
63
|
+
agentIdentity = result.identity;
|
|
64
|
+
if (!result.valid && this.authValidator.getConfig().required) {
|
|
65
|
+
res.writeHead(403, { 'Content-Type': 'application/json' });
|
|
66
|
+
res.end(JSON.stringify({ error: `Authentication failed: ${result.error}` }));
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
// ── Circuit breaker ──────────────────────────────────────
|
|
72
|
+
if (!this.circuitBreaker.allowRequest()) {
|
|
73
|
+
res.writeHead(503, { 'Content-Type': 'application/json' });
|
|
74
|
+
res.end(JSON.stringify({ error: 'Service unavailable — circuit breaker open' }));
|
|
75
|
+
Metrics.requestsTotal.inc({ server_name: this.serverName, decision: 'block', authn_success: String(authnSuccess) });
|
|
76
|
+
return;
|
|
77
|
+
}
|
|
78
|
+
// ── Read body ────────────────────────────────────────────
|
|
79
|
+
const chunks = [];
|
|
80
|
+
for await (const chunk of req)
|
|
81
|
+
chunks.push(chunk);
|
|
82
|
+
const body = Buffer.concat(chunks).toString();
|
|
83
|
+
// ── Policy evaluation (if tools/call) ────────────────────
|
|
84
|
+
if (this.policyEngine) {
|
|
85
|
+
try {
|
|
86
|
+
const msg = JSON.parse(body);
|
|
87
|
+
if (msg.method === 'tools/call') {
|
|
88
|
+
const toolName = msg.params?.name || 'unknown';
|
|
89
|
+
const tokens = this.tokenCounter.count(body);
|
|
90
|
+
const context = {
|
|
91
|
+
serverName: this.serverName,
|
|
92
|
+
toolName,
|
|
93
|
+
arguments: msg.params?.arguments,
|
|
94
|
+
requestId,
|
|
95
|
+
requestTokens: tokens,
|
|
96
|
+
timestamp: new Date().toISOString(),
|
|
97
|
+
agentIdentity,
|
|
98
|
+
};
|
|
99
|
+
const decision = this.policyEngine.evaluate(context);
|
|
100
|
+
if (decision.action === 'block') {
|
|
101
|
+
Metrics.blockedRequestsTotal.inc({ server_name: this.serverName, block_reason: `policy:${decision.rule}`, rule: decision.rule });
|
|
102
|
+
Metrics.requestsTotal.inc({ server_name: this.serverName, decision: 'block', authn_success: String(authnSuccess) });
|
|
103
|
+
res.writeHead(403, { 'Content-Type': 'application/json' });
|
|
104
|
+
res.end(JSON.stringify({
|
|
105
|
+
jsonrpc: '2.0',
|
|
106
|
+
id: msg.id,
|
|
107
|
+
error: { code: -32001, message: `Blocked by MCP Guardian policy: ${decision.reason}` },
|
|
108
|
+
}));
|
|
109
|
+
return;
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
catch {
|
|
114
|
+
// Not JSON — forward to target anyway
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
// ── Forward to upstream ──────────────────────────────────
|
|
118
|
+
try {
|
|
119
|
+
const upstreamUrl = new URL(this.targetUrl + (req.url || '/'));
|
|
120
|
+
const isHttps = upstreamUrl.protocol === 'https:';
|
|
121
|
+
const proxyReq = (isHttps ? httpsReq : httpReq)({
|
|
122
|
+
hostname: upstreamUrl.hostname,
|
|
123
|
+
port: upstreamUrl.port || (isHttps ? 443 : 80),
|
|
124
|
+
path: upstreamUrl.pathname + upstreamUrl.search,
|
|
125
|
+
method: req.method,
|
|
126
|
+
headers: { ...req.headers, host: upstreamUrl.hostname },
|
|
127
|
+
}, (upstreamRes) => {
|
|
128
|
+
res.writeHead(upstreamRes.statusCode || 200, upstreamRes.headers);
|
|
129
|
+
upstreamRes.pipe(res);
|
|
130
|
+
this.circuitBreaker.recordSuccess();
|
|
131
|
+
Metrics.circuitBreakerState.set({ server_name: this.serverName }, this.circuitBreaker.getState() === 'OPEN' ? 1 : 0);
|
|
132
|
+
Metrics.proxyLatencyMs.observe({ server_name: this.serverName }, Date.now() - start);
|
|
133
|
+
Metrics.requestsTotal.inc({ server_name: this.serverName, decision: 'pass', authn_success: String(authnSuccess) });
|
|
134
|
+
});
|
|
135
|
+
proxyReq.on('error', (err) => {
|
|
136
|
+
this.circuitBreaker.recordFailure();
|
|
137
|
+
Metrics.circuitBreakerState.set({ server_name: this.serverName }, 1);
|
|
138
|
+
if (!res.headersSent) {
|
|
139
|
+
res.writeHead(502, { 'Content-Type': 'application/json' });
|
|
140
|
+
res.end(JSON.stringify({ error: `Upstream error: ${err.message}` }));
|
|
141
|
+
}
|
|
142
|
+
});
|
|
143
|
+
proxyReq.write(body);
|
|
144
|
+
proxyReq.end();
|
|
145
|
+
}
|
|
146
|
+
catch (err) {
|
|
147
|
+
this.circuitBreaker.recordFailure();
|
|
148
|
+
if (!res.headersSent) {
|
|
149
|
+
res.writeHead(500, { 'Content-Type': 'application/json' });
|
|
150
|
+
res.end(JSON.stringify({ error: `Proxy error: ${err.message}` }));
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
async stop() {
|
|
155
|
+
if (this.server) {
|
|
156
|
+
await new Promise(r => this.server.close(() => r()));
|
|
157
|
+
this.server = null;
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
//# sourceMappingURL=http-proxy-server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-proxy-server.js","sourceRoot":"","sources":["../../src/proxy/http-proxy-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAmC,MAAM,MAAM,CAAC;AACrE,OAAO,EAAE,OAAO,IAAI,OAAO,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEzD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAI5D,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAE5C;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,UAAU,CAAS;IACnB,SAAS,CAAS;IAClB,YAAY,CAAsB;IAClC,aAAa,CAAwB;IACrC,YAAY,CAAsB;IAClC,cAAc,CAAiB;IAC/B,YAAY,CAAe;IAC3B,EAAE,CAAkB;IACpB,IAAI,CAAS;IACb,MAAM,GAA2C,IAAI,CAAC;IAE9D,YACE,SAAiB,EACjB,UAAkB,EAClB,YAA2B,EAC3B,aAA8B,EAC9B,EAAoB,EACpB,OAAe,IAAI;QAEnB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,IAAI,CAAC;QACzC,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,YAAY,GAAG,aAAa,CAAC,CAAC,CAAC,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC,CAAC;QACrF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,EAAE,IAAI,IAAI,eAAe,CAAC,UAAU,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,iCAAiC,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QAC9G,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,GAAoB,EAAE,GAAmB;QACnE,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEzB,4DAA4D;QAC5D,IAAI,aAAwC,CAAC;QAC7C,IAAI,YAAY,GAAG,KAAK,CAAC;QAEzB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YAChD,MAAM,KAAK,GAAG,cAAc,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAEtD,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC;gBACtD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,MAAM,GAAyB,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBAC9E,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC;gBAC5B,IAAI,MAAM,CAAC,QAAQ;oBAAE,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC;gBAErD,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC;oBAC7D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,0BAA0B,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;oBAC7E,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,CAAC;YACxC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC,CAAC;YACjF,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YACpH,OAAO;QACT,CAAC;QAED,4DAA4D;QAC5D,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,GAAG;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QAE9C,4DAA4D;QAC5D,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC7B,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;oBAChC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,IAAI,IAAI,SAAS,CAAC;oBAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAE7C,MAAM,OAAO,GAAgB;wBAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;wBAC3B,QAAQ;wBACR,SAAS,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS;wBAChC,SAAS;wBACT,aAAa,EAAE,MAAM;wBACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACnC,aAAa;qBACd,CAAC;oBAEF,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;oBAErD,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;wBAChC,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,YAAY,EAAE,UAAU,QAAQ,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;wBACjI,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;wBACpH,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;wBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;4BACrB,OAAO,EAAE,KAAK;4BACd,EAAE,EAAE,GAAG,CAAC,EAAE;4BACV,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,mCAAmC,QAAQ,CAAC,MAAM,EAAE,EAAE;yBACvF,CAAC,CAAC,CAAC;wBACJ,OAAO;oBACT,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,4DAA4D;QAC5D,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC;YAC/D,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,KAAK,QAAQ,CAAC;YAElD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAC9C,QAAQ,EAAE,WAAW,CAAC,QAAQ;gBAC9B,IAAI,EAAE,WAAW,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9C,IAAI,EAAE,WAAW,CAAC,QAAQ,GAAG,WAAW,CAAC,MAAM;gBAC/C,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,OAAO,EAAE,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;aACxD,EAAE,CAAC,WAAW,EAAE,EAAE;gBACjB,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,UAAU,IAAI,GAAG,EAAE,WAAW,CAAC,OAAO,CAAC,CAAC;gBAClE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACtB,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;gBACpC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACrH,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;gBACrF,OAAO,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YACrH,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC3B,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;gBACpC,OAAO,CAAC,mBAAmB,CAAC,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;gBACrE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;oBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACrB,QAAQ,CAAC,GAAG,EAAE,CAAC;QACjB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;YACpC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;YACpE,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,MAAO,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5D,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACrB,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { PolicyWatcher } from '../policy/policy-watcher.js';
|
|
2
|
+
/**
|
|
3
|
+
* Lightweight dashboard server that serves:
|
|
4
|
+
* - / — the dashboard HTML
|
|
5
|
+
* - /api/policy — current policy (JSON)
|
|
6
|
+
* - /api/policy/reload — trigger policy reload
|
|
7
|
+
* - /metrics — Prometheus metrics
|
|
8
|
+
*/
|
|
9
|
+
export declare function startDashboardServer(port?: number, policyWatcher?: PolicyWatcher): Promise<void>;
|
|
10
|
+
//# sourceMappingURL=dashboard-server.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dashboard-server.d.ts","sourceRoot":"","sources":["../../src/utils/dashboard-server.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAM5D;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACxC,IAAI,GAAE,MAAa,EACnB,aAAa,CAAC,EAAE,aAAa,GAC5B,OAAO,CAAC,IAAI,CAAC,CA2Ef"}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { createServer } from 'http';
|
|
2
|
+
import { readFileSync } from 'fs';
|
|
3
|
+
import { resolve, dirname } from 'path';
|
|
4
|
+
import { fileURLToPath } from 'url';
|
|
5
|
+
import { Logger } from './logger.js';
|
|
6
|
+
const __filename = fileURLToPath(import.meta.url);
|
|
7
|
+
const __dirname = dirname(__filename);
|
|
8
|
+
/**
|
|
9
|
+
* Lightweight dashboard server that serves:
|
|
10
|
+
* - / — the dashboard HTML
|
|
11
|
+
* - /api/policy — current policy (JSON)
|
|
12
|
+
* - /api/policy/reload — trigger policy reload
|
|
13
|
+
* - /metrics — Prometheus metrics
|
|
14
|
+
*/
|
|
15
|
+
export async function startDashboardServer(port = 4000, policyWatcher) {
|
|
16
|
+
if (process.env['DASHBOARD_ENABLED'] !== 'true') {
|
|
17
|
+
Logger.debug('[dashboard] Dashboard server not enabled (set DASHBOARD_ENABLED=true)');
|
|
18
|
+
return;
|
|
19
|
+
}
|
|
20
|
+
const dashboardHtml = readFileSync(resolve(__dirname, '..', '..', 'deploy', 'dashboard.html'), 'utf-8');
|
|
21
|
+
const server = createServer(async (req, res) => {
|
|
22
|
+
const url = req.url || '/';
|
|
23
|
+
try {
|
|
24
|
+
// ── Dashboard HTML ──────────────────────────────────────
|
|
25
|
+
if (url === '/' || url === '/dashboard.html') {
|
|
26
|
+
res.writeHead(200, { 'Content-Type': 'text/html' });
|
|
27
|
+
res.end(dashboardHtml);
|
|
28
|
+
return;
|
|
29
|
+
}
|
|
30
|
+
// ── Policy API ──────────────────────────────────────────
|
|
31
|
+
if (url === '/api/policy' && req.method === 'GET') {
|
|
32
|
+
if (!policyWatcher || !policyWatcher.get()) {
|
|
33
|
+
res.writeHead(404, { 'Content-Type': 'application/json' });
|
|
34
|
+
res.end(JSON.stringify({ error: 'No active policy. Start proxy with --policy flag.' }));
|
|
35
|
+
return;
|
|
36
|
+
}
|
|
37
|
+
res.writeHead(200, { 'Content-Type': 'application/json' });
|
|
38
|
+
res.end(JSON.stringify({ mode: policyWatcher.get().getMode(), rules: 'Policy engine active (YAML view available on filesystem)' }));
|
|
39
|
+
return;
|
|
40
|
+
}
|
|
41
|
+
if (url === '/api/policy/reload' && req.method === 'POST') {
|
|
42
|
+
if (!policyWatcher) {
|
|
43
|
+
res.writeHead(404, { 'Content-Type': 'application/json' });
|
|
44
|
+
res.end(JSON.stringify({ error: 'Policy watcher not configured' }));
|
|
45
|
+
return;
|
|
46
|
+
}
|
|
47
|
+
// PolicyWatcher auto-reloads via chokidar — no manual reload needed
|
|
48
|
+
res.writeHead(200, { 'Content-Type': 'application/json' });
|
|
49
|
+
res.end(JSON.stringify({ status: 'ok', message: 'Policy watcher is active. File changes are auto-detected.' }));
|
|
50
|
+
return;
|
|
51
|
+
}
|
|
52
|
+
// ── Prometheus /metrics proxy ──────────────────────────
|
|
53
|
+
if (url === '/metrics') {
|
|
54
|
+
try {
|
|
55
|
+
// Fetch from the metrics server (port 9090 by default)
|
|
56
|
+
const metricsPort = process.env['METRICS_PORT'] || '9090';
|
|
57
|
+
const metricsRes = await fetch(`http://localhost:${metricsPort}/metrics`);
|
|
58
|
+
if (!metricsRes.ok)
|
|
59
|
+
throw new Error(`Metrics server returned ${metricsRes.status}`);
|
|
60
|
+
const text = await metricsRes.text();
|
|
61
|
+
res.writeHead(200, {
|
|
62
|
+
'Content-Type': 'text/plain; version=0.0.4; charset=utf-8',
|
|
63
|
+
'Access-Control-Allow-Origin': '*',
|
|
64
|
+
});
|
|
65
|
+
res.end(text);
|
|
66
|
+
}
|
|
67
|
+
catch {
|
|
68
|
+
res.writeHead(200, { 'Content-Type': 'application/json' });
|
|
69
|
+
res.end(JSON.stringify({ error: 'Metrics not available. Ensure METRICS_ENABLED=true and proxy is running.' }));
|
|
70
|
+
}
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
// ── 404 ─────────────────────────────────────────────────
|
|
74
|
+
res.writeHead(404, { 'Content-Type': 'application/json' });
|
|
75
|
+
res.end(JSON.stringify({ error: 'Not found' }));
|
|
76
|
+
}
|
|
77
|
+
catch (err) {
|
|
78
|
+
res.writeHead(500, { 'Content-Type': 'application/json' });
|
|
79
|
+
res.end(JSON.stringify({ error: err?.message || 'Internal error' }));
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
server.listen(port, () => {
|
|
83
|
+
Logger.info(`[dashboard] Dashboard available at http://localhost:${port}`);
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
//# sourceMappingURL=dashboard-server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dashboard-server.js","sourceRoot":"","sources":["../../src/utils/dashboard-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAIrC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAe,IAAI,EACnB,aAA6B;IAE7B,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,uEAAuE,CAAC,CAAC;QACtF,OAAO;IACT,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,gBAAgB,CAAC,EAAE,OAAO,CAAC,CAAC;IAExG,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC7C,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC;QAE3B,IAAI,CAAC;YACH,2DAA2D;YAC3D,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,iBAAiB,EAAE,CAAC;gBAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;gBACvB,OAAO;YACT,CAAC;YAED,2DAA2D;YAC3D,IAAI,GAAG,KAAK,aAAa,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAClD,IAAI,CAAC,aAAa,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,EAAE,CAAC;oBAC3C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAC,CAAC,CAAC;oBACxF,OAAO;gBACT,CAAC;gBACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,aAAa,CAAC,GAAG,EAAG,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,0DAA0D,EAAE,CAAC,CAAC,CAAC;gBACrI,OAAO;YACT,CAAC;YAED,IAAI,GAAG,KAAK,oBAAoB,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC1D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC,CAAC;oBACpE,OAAO;gBACT,CAAC;gBACD,oEAAoE;gBACpE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,2DAA2D,EAAE,CAAC,CAAC,CAAC;gBAChH,OAAO;YACT,CAAC;YAED,0DAA0D;YAC1D,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;gBACvB,IAAI,CAAC;oBACH,uDAAuD;oBACvD,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC;oBAC1D,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,oBAAoB,WAAW,UAAU,CAAC,CAAC;oBAC1E,IAAI,CAAC,UAAU,CAAC,EAAE;wBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;oBACpF,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;oBACrC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;wBACjB,cAAc,EAAE,0CAA0C;wBAC1D,6BAA6B,EAAE,GAAG;qBACnC,CAAC,CAAC;oBACH,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAChB,CAAC;gBAAC,MAAM,CAAC;oBACP,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;oBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,0EAA0E,EAAE,CAAC,CAAC,CAAC;gBACjH,CAAC;gBACD,OAAO;YACT,CAAC;YAED,2DAA2D;YAC3D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACvE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;QACvB,MAAM,CAAC,IAAI,CAAC,uDAAuD,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/utils/metrics.d.ts
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
|
-
import { Counter, Gauge, Histogram } from 'prom-client';
|
|
1
|
+
import { Registry, Counter, Gauge, Histogram } from 'prom-client';
|
|
2
|
+
/**
|
|
3
|
+
* Prometheus metrics for MCP Guardian.
|
|
4
|
+
* Exposed at /metrics for scraping by Prometheus/Grafana.
|
|
5
|
+
*
|
|
6
|
+
* Enable with: METRICS_ENABLED=true METRICS_PORT=9090
|
|
7
|
+
*/
|
|
8
|
+
export declare const registry: Registry<"text/plain; version=0.0.4; charset=utf-8">;
|
|
2
9
|
export declare const requestsTotal: Counter<"server_name" | "decision" | "authn_success">;
|
|
3
10
|
export declare const blockedRequestsTotal: Counter<"rule" | "server_name" | "block_reason">;
|
|
4
11
|
export declare const authFailuresTotal: Counter<"reason" | "server_name">;
|
|
@@ -6,5 +13,5 @@ export declare const circuitBreakerState: Gauge<"server_name">;
|
|
|
6
13
|
export declare const activeSessions: Gauge<string>;
|
|
7
14
|
export declare const proxyLatencyMs: Histogram<"server_name">;
|
|
8
15
|
export declare const authLatencyMs: Histogram<"server_name">;
|
|
9
|
-
export declare function startMetricsServer(port?: number): Promise<
|
|
16
|
+
export declare function startMetricsServer(port?: number): Promise<Registry>;
|
|
10
17
|
//# sourceMappingURL=metrics.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metrics.d.ts","sourceRoot":"","sources":["../../src/utils/metrics.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"metrics.d.ts","sourceRoot":"","sources":["../../src/utils/metrics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAyB,MAAM,aAAa,CAAC;AAGzF;;;;;GAKG;AACH,eAAO,MAAM,QAAQ,sDAAiB,CAAC;AAIvC,eAAO,MAAM,aAAa,uDAKxB,CAAC;AAEH,eAAO,MAAM,oBAAoB,kDAK/B,CAAC;AAEH,eAAO,MAAM,iBAAiB,mCAK5B,CAAC;AAGH,eAAO,MAAM,mBAAmB,sBAK9B,CAAC;AAEH,eAAO,MAAM,cAAc,eAIzB,CAAC;AAGH,eAAO,MAAM,cAAc,0BAMzB,CAAC;AAEH,eAAO,MAAM,aAAa,0BAMxB,CAAC;AAGH,wBAAsB,kBAAkB,CAAC,IAAI,GAAE,MAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,CAoB/E"}
|
package/dist/utils/metrics.js
CHANGED
|
@@ -6,7 +6,7 @@ import { Logger } from './logger.js';
|
|
|
6
6
|
*
|
|
7
7
|
* Enable with: METRICS_ENABLED=true METRICS_PORT=9090
|
|
8
8
|
*/
|
|
9
|
-
const registry = new Registry();
|
|
9
|
+
export const registry = new Registry();
|
|
10
10
|
collectDefaultMetrics({ register: registry, prefix: 'mcp_guardian_' });
|
|
11
11
|
// ── Counters ─────────────────────────────────────────────────────
|
|
12
12
|
export const requestsTotal = new Counter({
|
|
@@ -58,7 +58,7 @@ export const authLatencyMs = new Histogram({
|
|
|
58
58
|
export async function startMetricsServer(port = 9090) {
|
|
59
59
|
if (process.env['METRICS_ENABLED'] !== 'true') {
|
|
60
60
|
Logger.debug('[metrics] Metrics server not enabled (set METRICS_ENABLED=true)');
|
|
61
|
-
return;
|
|
61
|
+
return registry;
|
|
62
62
|
}
|
|
63
63
|
try {
|
|
64
64
|
const { createServer } = await import('http');
|
|
@@ -69,9 +69,11 @@ export async function startMetricsServer(port = 9090) {
|
|
|
69
69
|
server.listen(port, () => {
|
|
70
70
|
Logger.info(`[metrics] Prometheus metrics available at http://0.0.0.0:${port}/metrics`);
|
|
71
71
|
});
|
|
72
|
+
return registry;
|
|
72
73
|
}
|
|
73
74
|
catch (err) {
|
|
74
75
|
Logger.error(`[metrics] Failed to start metrics server: ${err?.message}`);
|
|
76
|
+
return registry;
|
|
75
77
|
}
|
|
76
78
|
}
|
|
77
79
|
//# sourceMappingURL=metrics.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metrics.js","sourceRoot":"","sources":["../../src/utils/metrics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC;;;;;GAKG;AACH,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"metrics.js","sourceRoot":"","sources":["../../src/utils/metrics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACzF,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC;;;;;GAKG;AACH,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAC;AACvC,qBAAqB,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;AAEvE,oEAAoE;AACpE,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC;IACvC,IAAI,EAAE,6BAA6B;IACnC,IAAI,EAAE,+CAA+C;IACrD,UAAU,EAAE,CAAC,aAAa,EAAE,UAAU,EAAE,eAAe,CAAC;IACxD,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,OAAO,CAAC;IAC9C,IAAI,EAAE,qCAAqC;IAC3C,IAAI,EAAE,6CAA6C;IACnD,UAAU,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,MAAM,CAAC;IACnD,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,OAAO,CAAC;IAC3C,IAAI,EAAE,kCAAkC;IACxC,IAAI,EAAE,yCAAyC;IAC/C,UAAU,EAAE,CAAC,aAAa,EAAE,QAAQ,CAAC;IACrC,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,qEAAqE;AACrE,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,KAAK,CAAC;IAC3C,IAAI,EAAE,oCAAoC;IAC1C,IAAI,EAAE,sDAAsD;IAC5D,UAAU,EAAE,CAAC,aAAa,CAAC;IAC3B,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,KAAK,CAAC;IACtC,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE,iCAAiC;IACvC,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,qEAAqE;AACrE,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,SAAS,CAAC;IAC1C,IAAI,EAAE,+BAA+B;IACrC,IAAI,EAAE,0CAA0C;IAChD,UAAU,EAAE,CAAC,aAAa,CAAC;IAC3B,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC;IAChD,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,SAAS,CAAC;IACzC,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE,uDAAuD;IAC7D,UAAU,EAAE,CAAC,aAAa,CAAC;IAC3B,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;IAC1C,SAAS,EAAE,CAAC,QAAQ,CAAC;CACtB,CAAC,CAAC;AAEH,qEAAqE;AACrE,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,OAAe,IAAI;IACxD,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QAChF,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;YAC9C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;YAC7D,GAAG,CAAC,GAAG,CAAC,MAAM,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACvB,MAAM,CAAC,IAAI,CAAC,4DAA4D,IAAI,UAAU,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC;IAClB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,KAAK,CAAC,6CAA6C,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1E,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy Audit Trail — records every policy change for compliance.
|
|
3
|
+
* Logs: who changed what, when, old/new values, and rollback info.
|
|
4
|
+
* Enable with: POLICY_AUDIT_ENABLED=true
|
|
5
|
+
*/
|
|
6
|
+
export interface PolicyChangeRecord {
|
|
7
|
+
timestamp: string;
|
|
8
|
+
actor: string;
|
|
9
|
+
change: string;
|
|
10
|
+
oldValue?: string;
|
|
11
|
+
newValue?: string;
|
|
12
|
+
sourceHash?: string;
|
|
13
|
+
}
|
|
14
|
+
export declare class PolicyAuditor {
|
|
15
|
+
private auditPath;
|
|
16
|
+
private enabled;
|
|
17
|
+
private lastHash;
|
|
18
|
+
constructor(auditPath?: string);
|
|
19
|
+
record(change: PolicyChangeRecord): void;
|
|
20
|
+
readAuditTrail(): PolicyChangeRecord[];
|
|
21
|
+
computeHash(content: string): string;
|
|
22
|
+
hasChanged(content: string): boolean;
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=policy-auditor.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-auditor.d.ts","sourceRoot":"","sources":["../../src/utils/policy-auditor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAAU;IACzB,OAAO,CAAC,QAAQ,CAAuB;gBAE3B,SAAS,CAAC,EAAE,MAAM;IAK9B,MAAM,CAAC,MAAM,EAAE,kBAAkB,GAAG,IAAI;IAWxC,cAAc,IAAI,kBAAkB,EAAE;IAUtC,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAUpC,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;CASrC"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Policy Audit Trail — records every policy change for compliance.
|
|
3
|
+
* Logs: who changed what, when, old/new values, and rollback info.
|
|
4
|
+
* Enable with: POLICY_AUDIT_ENABLED=true
|
|
5
|
+
*/
|
|
6
|
+
import { writeFileSync, readFileSync, existsSync } from 'fs';
|
|
7
|
+
import { Logger } from './logger.js';
|
|
8
|
+
export class PolicyAuditor {
|
|
9
|
+
auditPath;
|
|
10
|
+
enabled;
|
|
11
|
+
lastHash = null;
|
|
12
|
+
constructor(auditPath) {
|
|
13
|
+
this.enabled = process.env['POLICY_AUDIT_ENABLED'] === 'true';
|
|
14
|
+
this.auditPath = auditPath || process.env['POLICY_AUDIT_LOG'] || './policy-audit.jsonl';
|
|
15
|
+
}
|
|
16
|
+
record(change) {
|
|
17
|
+
if (!this.enabled)
|
|
18
|
+
return;
|
|
19
|
+
try {
|
|
20
|
+
const line = JSON.stringify({ ...change, source: 'mcp-guardian-policy-auditor' }) + '\n';
|
|
21
|
+
writeFileSync(this.auditPath, line, { flag: 'a' });
|
|
22
|
+
Logger.debug(`[policy-auditor] Change recorded: ${change.change}`);
|
|
23
|
+
}
|
|
24
|
+
catch (err) {
|
|
25
|
+
Logger.error(`[policy-auditor] Failed to write audit log: ${err?.message}`);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
readAuditTrail() {
|
|
29
|
+
if (!existsSync(this.auditPath))
|
|
30
|
+
return [];
|
|
31
|
+
try {
|
|
32
|
+
const content = readFileSync(this.auditPath, 'utf-8');
|
|
33
|
+
return content.trim().split('\n').filter(Boolean).map(l => JSON.parse(l));
|
|
34
|
+
}
|
|
35
|
+
catch {
|
|
36
|
+
return [];
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
computeHash(content) {
|
|
40
|
+
let hash = 0;
|
|
41
|
+
for (let i = 0; i < content.length; i++) {
|
|
42
|
+
const char = content.charCodeAt(i);
|
|
43
|
+
hash = ((hash << 5) - hash) + char;
|
|
44
|
+
hash |= 0;
|
|
45
|
+
}
|
|
46
|
+
return hash.toString(16);
|
|
47
|
+
}
|
|
48
|
+
hasChanged(content) {
|
|
49
|
+
const currentHash = this.computeHash(content);
|
|
50
|
+
if (this.lastHash && this.lastHash !== currentHash) {
|
|
51
|
+
this.lastHash = currentHash;
|
|
52
|
+
return true;
|
|
53
|
+
}
|
|
54
|
+
this.lastHash = currentHash;
|
|
55
|
+
return false;
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
//# sourceMappingURL=policy-auditor.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-auditor.js","sourceRoot":"","sources":["../../src/utils/policy-auditor.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAWrC,MAAM,OAAO,aAAa;IAChB,SAAS,CAAS;IAClB,OAAO,CAAU;IACjB,QAAQ,GAAkB,IAAI,CAAC;IAEvC,YAAY,SAAkB;QAC5B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAAC;QAC9D,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,sBAAsB,CAAC;IAC1F,CAAC;IAED,MAAM,CAAC,MAA0B;QAC/B,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO;QAC1B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC,GAAG,IAAI,CAAC;YACzF,aAAa,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YACnD,MAAM,CAAC,KAAK,CAAC,qCAAqC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,+CAA+C,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,cAAc;QACZ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,EAAE,CAAC;QAC3C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACnC,IAAI,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;YACnC,IAAI,IAAI,CAAC,CAAC;QACZ,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAED,UAAU,CAAC,OAAe;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACnD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC;YAC5B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Redis-backed rate limit counters for multi-replica HA.
|
|
3
|
+
* Extends the in-memory counters with shared Redis state.
|
|
4
|
+
* Enable with: REDIS_URL=redis://localhost:6379
|
|
5
|
+
*/
|
|
6
|
+
export declare class RedisRateLimiter {
|
|
7
|
+
private redis;
|
|
8
|
+
private prefix;
|
|
9
|
+
private local;
|
|
10
|
+
constructor();
|
|
11
|
+
/**
|
|
12
|
+
* Check and increment a rate limit counter.
|
|
13
|
+
* Returns the new count, or -1 if the limit is exceeded.
|
|
14
|
+
* Counter resets every windowMs milliseconds.
|
|
15
|
+
*/
|
|
16
|
+
checkAndIncrement(key: string, maxRequests: number, windowMs?: number): Promise<{
|
|
17
|
+
allowed: boolean;
|
|
18
|
+
count: number;
|
|
19
|
+
}>;
|
|
20
|
+
close(): Promise<void>;
|
|
21
|
+
}
|
|
22
|
+
//# sourceMappingURL=redis-rate-limiter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redis-rate-limiter.d.ts","sourceRoot":"","sources":["../../src/utils/redis-rate-limiter.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,KAAK,CAAQ;IACrB,OAAO,CAAC,MAAM,CAA6B;IAC3C,OAAO,CAAC,KAAK,CAA8D;;IAQ3E;;;;OAIG;IACG,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,GAAE,MAAc,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAoC3H,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { Redis } from 'ioredis';
|
|
2
|
+
import { Logger } from './logger.js';
|
|
3
|
+
/**
|
|
4
|
+
* Redis-backed rate limit counters for multi-replica HA.
|
|
5
|
+
* Extends the in-memory counters with shared Redis state.
|
|
6
|
+
* Enable with: REDIS_URL=redis://localhost:6379
|
|
7
|
+
*/
|
|
8
|
+
export class RedisRateLimiter {
|
|
9
|
+
redis;
|
|
10
|
+
prefix = 'mcp_guardian:ratelimit:';
|
|
11
|
+
local = new Map();
|
|
12
|
+
constructor() {
|
|
13
|
+
const redisUrl = process.env['REDIS_URL'] || 'redis://localhost:6379';
|
|
14
|
+
this.redis = new Redis(redisUrl, { maxRetriesPerRequest: 2, lazyConnect: false });
|
|
15
|
+
Logger.info(`[redis-rate-limiter] Connected to ${redisUrl}`);
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Check and increment a rate limit counter.
|
|
19
|
+
* Returns the new count, or -1 if the limit is exceeded.
|
|
20
|
+
* Counter resets every windowMs milliseconds.
|
|
21
|
+
*/
|
|
22
|
+
async checkAndIncrement(key, maxRequests, windowMs = 60000) {
|
|
23
|
+
const redisKey = `${this.prefix}${key}`;
|
|
24
|
+
try {
|
|
25
|
+
// Use Redis MULTI for atomic increment + TTL
|
|
26
|
+
const count = await this.redis.incr(redisKey);
|
|
27
|
+
if (count === 1) {
|
|
28
|
+
await this.redis.pexpire(redisKey, windowMs);
|
|
29
|
+
}
|
|
30
|
+
// Also update local for fast reads
|
|
31
|
+
const now = Date.now();
|
|
32
|
+
let localCounter = this.local.get(key);
|
|
33
|
+
if (!localCounter || now > localCounter.resetAt) {
|
|
34
|
+
localCounter = { count: 1, resetAt: now + windowMs };
|
|
35
|
+
}
|
|
36
|
+
else {
|
|
37
|
+
localCounter.count++;
|
|
38
|
+
}
|
|
39
|
+
this.local.set(key, localCounter);
|
|
40
|
+
return { allowed: count <= maxRequests, count };
|
|
41
|
+
}
|
|
42
|
+
catch (err) {
|
|
43
|
+
// Redis unavailable — fall back to local
|
|
44
|
+
Logger.debug(`[redis-rate-limiter] Redis error, using local: ${err?.message}`);
|
|
45
|
+
const now = Date.now();
|
|
46
|
+
let localCounter = this.local.get(key);
|
|
47
|
+
if (!localCounter || now > localCounter.resetAt) {
|
|
48
|
+
localCounter = { count: 1, resetAt: now + windowMs };
|
|
49
|
+
}
|
|
50
|
+
else {
|
|
51
|
+
localCounter.count++;
|
|
52
|
+
}
|
|
53
|
+
this.local.set(key, localCounter);
|
|
54
|
+
return { allowed: localCounter.count <= maxRequests, count: localCounter.count };
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
async close() {
|
|
58
|
+
await this.redis.quit();
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=redis-rate-limiter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"redis-rate-limiter.js","sourceRoot":"","sources":["../../src/utils/redis-rate-limiter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC;;;;GAIG;AACH,MAAM,OAAO,gBAAgB;IACnB,KAAK,CAAQ;IACb,MAAM,GAAG,yBAAyB,CAAC;IACnC,KAAK,GAAoD,IAAI,GAAG,EAAE,CAAC;IAE3E;QACE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,wBAAwB,CAAC;QACtE,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE,oBAAoB,EAAE,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC,CAAC;QAClF,MAAM,CAAC,IAAI,CAAC,qCAAqC,QAAQ,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CAAC,GAAW,EAAE,WAAmB,EAAE,WAAmB,KAAK;QAChF,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QAExC,IAAI,CAAC;YACH,6CAA6C;YAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,KAAK,KAAK,CAAC,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAC/C,CAAC;YAED,mCAAmC;YACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,CAAC,YAAY,IAAI,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC;gBAChD,YAAY,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,QAAQ,EAAE,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,KAAK,EAAE,CAAC;YACvB,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YAElC,OAAO,EAAE,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,KAAK,EAAE,CAAC;QAClD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,yCAAyC;YACzC,MAAM,CAAC,KAAK,CAAC,kDAAkD,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,CAAC,YAAY,IAAI,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC;gBAChD,YAAY,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,GAAG,GAAG,QAAQ,EAAE,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,KAAK,EAAE,CAAC;YACvB,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;YAClC,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC,KAAK,IAAI,WAAW,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,EAAE,CAAC;QACnF,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IAC1B,CAAC;CACF"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OpenTelemetry tracing for distributed request tracking across proxy + MCP servers.
|
|
3
|
+
* Enable with: OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
|
|
4
|
+
* Uses OTLP HTTP exporter (gRPC exporter deprecated due to critical CVE in protobufjs).
|
|
5
|
+
*/
|
|
6
|
+
export declare function initTracing(): Promise<void>;
|
|
7
|
+
//# sourceMappingURL=tracing.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tracing.d.ts","sourceRoot":"","sources":["../../src/utils/tracing.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CA8BjD"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
import { Logger } from './logger.js';
|
|
2
|
+
/**
|
|
3
|
+
* OpenTelemetry tracing for distributed request tracking across proxy + MCP servers.
|
|
4
|
+
* Enable with: OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
|
|
5
|
+
* Uses OTLP HTTP exporter (gRPC exporter deprecated due to critical CVE in protobufjs).
|
|
6
|
+
*/
|
|
7
|
+
export async function initTracing() {
|
|
8
|
+
if (!process.env['OTEL_EXPORTER_OTLP_ENDPOINT']) {
|
|
9
|
+
Logger.debug('[tracing] OpenTelemetry not configured (set OTEL_EXPORTER_OTLP_ENDPOINT)');
|
|
10
|
+
return;
|
|
11
|
+
}
|
|
12
|
+
try {
|
|
13
|
+
const { NodeSDK } = await import('@opentelemetry/sdk-node');
|
|
14
|
+
const { getNodeAutoInstrumentations } = await import('@opentelemetry/auto-instrumentations-node');
|
|
15
|
+
// Use OTLP HTTP exporter instead of deprecated gRPC
|
|
16
|
+
const { OTLPTraceExporter } = await import('@opentelemetry/exporter-trace-otlp-http');
|
|
17
|
+
const exporter = new OTLPTraceExporter({
|
|
18
|
+
url: `${process.env['OTEL_EXPORTER_OTLP_ENDPOINT']}/v1/traces`,
|
|
19
|
+
});
|
|
20
|
+
const instruments = getNodeAutoInstrumentations({
|
|
21
|
+
'@opentelemetry/instrumentation-http': { enabled: true },
|
|
22
|
+
});
|
|
23
|
+
const sdk = new NodeSDK({
|
|
24
|
+
traceExporter: exporter,
|
|
25
|
+
instrumentations: [instruments],
|
|
26
|
+
});
|
|
27
|
+
await sdk.start();
|
|
28
|
+
Logger.info('[tracing] OpenTelemetry tracing initialized — exporting to OTLP HTTP endpoint');
|
|
29
|
+
}
|
|
30
|
+
catch (err) {
|
|
31
|
+
Logger.warn(`[tracing] OpenTelemetry initialization failed: ${err?.message}`);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=tracing.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tracing.js","sourceRoot":"","sources":["../../src/utils/tracing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAErC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,0EAA0E,CAAC,CAAC;QACzF,OAAO;IACT,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,yBAAyB,CAAC,CAAC;QAC5D,MAAM,EAAE,2BAA2B,EAAE,GAAG,MAAM,MAAM,CAAC,2CAA2C,CAAC,CAAC;QAClG,oDAAoD;QACpD,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,yCAAyC,CAAC,CAAC;QAEtF,MAAM,QAAQ,GAAG,IAAI,iBAAiB,CAAC;YACrC,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,YAAY;SAC/D,CAAQ,CAAC;QAEV,MAAM,WAAW,GAAG,2BAA2B,CAAC;YAC9C,qCAAqC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;SACzD,CAAQ,CAAC;QAEV,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC;YACtB,aAAa,EAAE,QAAQ;YACvB,gBAAgB,EAAE,CAAC,WAAW,CAAC;SAChC,CAAC,CAAC;QAEH,MAAM,GAAG,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAC;IAC/F,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,IAAI,CAAC,kDAAkD,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mcp-guardian/server",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "1.0.1",
|
|
4
4
|
"description": "Security, cost, and health audit for MCP infrastructure",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"files": [
|
|
@@ -38,10 +38,15 @@
|
|
|
38
38
|
},
|
|
39
39
|
"dependencies": {
|
|
40
40
|
"@modelcontextprotocol/sdk": "^1.0.0",
|
|
41
|
+
"@opentelemetry/api": "^1.9.1",
|
|
42
|
+
"@opentelemetry/auto-instrumentations-node": "^0.75.0",
|
|
43
|
+
"@opentelemetry/exporter-trace-otlp-http": "^0.217.0",
|
|
44
|
+
"@opentelemetry/sdk-node": "^0.217.0",
|
|
41
45
|
"axios": "^1.7.0",
|
|
42
46
|
"chalk": "^5.3.0",
|
|
43
47
|
"chokidar": "^5.0.0",
|
|
44
48
|
"commander": "^12.0.0",
|
|
49
|
+
"express": "^5.2.1",
|
|
45
50
|
"ioredis": "^5.10.1",
|
|
46
51
|
"jose": "^6.2.3",
|
|
47
52
|
"js-yaml": "^4.1.1",
|