@mcp-guardian/server 1.0.1 → 1.3.0

package/dist/utils/payload-normalizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"payload-normalizer.d.ts","sourceRoot":"","sources":["../../src/utils/payload-normalizer.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,UAAU,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,WAAW,EAAE,OAAO,CAAC;IACrB,wCAAwC;IACxC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,6BAA6B;IAC7B,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;GAGG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,QAAQ,SAAI,EAAE,SAAS,SAAY;IAK/C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,mBAAmB;IAmE7C;;OAEG;IACH,OAAO,CAAC,SAAS;IAejB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IASxB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAoB5B;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,aAAa,CAAwC;IAEpE,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAiC/B,OAAO,CAAC,kBAAkB;IAmB1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAQ3B;;;;;;;OAOG;IACH,OAAO,CAAC,cAAc;IAkBtB;;;OAGG;IACH,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,SAAI,GAAG,OAAO;CAqBvD;AAKD,wBAAgB,aAAa,IAAI,iBAAiB,CAKjD"}

package/dist/utils/payload-normalizer.js

@@ -0,0 +1,240 @@
+/**
+ * PayloadNormalizer applies multi-stage normalization to defeat
+ * common evasion techniques targeting regex-based policy engines.
+ */
+export class PayloadNormalizer {
+    maxDepth;
+    maxLength;
+    constructor(maxDepth = 5, maxLength = 1_000_000) {
+        this.maxDepth = maxDepth;
+        this.maxLength = maxLength;
+    }
+    /**
+     * Full normalization pipeline for policy evaluation input.
+     */
+    normalize(input) {
+        const transformations = [];
+        let current = input;
+        let depth = 0;
+        // ── Step 0: Truncate oversized inputs (memory safety) ──
+        if (current.length > this.maxLength) {
+            current = current.slice(0, this.maxLength);
+            transformations.push('truncated');
+        }
+        // ── Step 1: Unicode normalization (NFKC) — collapses homoglyphs ──
+        const unicodeNormalized = current.normalize('NFKC');
+        if (unicodeNormalized !== current) {
+            transformations.push('unicode-nfkc');
+            current = unicodeNormalized;
+        }
+        // ── Step 2: Iterative decode loop (URL, hex, HTML entities) ──
+        while (depth < this.maxDepth) {
+            const before = current;
+            // URL decode (handles %20, %00 null bytes, %2F slashes)
+            current = this.urlDecode(current);
+            // Hex escape decode (\x41, \x00, \x2F)
+            current = this.decodeHexEscapes(current);
+            // Unicode escape decode (\u0041, \U00000041)
+            current = this.decodeUnicodeEscapes(current);
+            // HTML entity decode (<, &#60;, &#x3C;)
+            current = this.decodeHtmlEntities(current);
+            // Double-backslash unwrap (\\. → .)
+            current = this.unwrapDoubleEscapes(current);
+            if (current === before)
+                break;
+            depth++;
+        }
+        if (current !== unicodeNormalized) {
+            transformations.push('decode-loop');
+        }
+        // ── Step 3: Shell normalization ──
+        const shellNormalized = this.shellNormalize(current);
+        if (shellNormalized !== current) {
+            transformations.push('shell-normalize');
+            current = shellNormalized;
+        }
+        // ── Step 4: Whitespace normalization (collapse runs) ──
+        const whitespaceNormalized = current.replace(/\s+/g, ' ').trim();
+        if (whitespaceNormalized !== current) {
+            transformations.push('whitespace');
+            current = whitespaceNormalized;
+        }
+        return {
+            normalized: current,
+            wasModified: transformations.length > 0,
+            transformations,
+            original: input,
+        };
+    }
+    /**
+     * URL decode: %XX → character, handles malformed sequences.
+     */
+    urlDecode(input) {
+        try {
+            return decodeURIComponent(input.replace(/\+/g, ' '));
+        }
+        catch {
+            // Gracefully handle malformed % sequences: replace only valid ones
+            return input.replace(/%([0-9A-Fa-f]{2})/g, (_match, hex) => {
+                try {
+                    return String.fromCharCode(parseInt(hex, 16));
+                }
+                catch {
+                    return _match;
+                }
+            });
+        }
+    }
+    /**
+     * Decode hex escapes: \x41 → 'A', \x00 → null byte detection.
+     */
+    decodeHexEscapes(input) {
+        return input.replace(/\\x([0-9A-Fa-f]{2})/g, (_match, hex) => {
+            const code = parseInt(hex, 16);
+            // Preserve null byte as marker for detection
+            if (code === 0)
+                return '\0';
+            return String.fromCharCode(code);
+        });
+    }
+    /**
+     * Decode unicode escapes: \u0041 → 'A', \U00000041 → 'A'.
+     */
+    decodeUnicodeEscapes(input) {
+        return input
+            .replace(/\\u([0-9A-Fa-f]{4})/g, (_match, hex) => {
+            try {
+                return String.fromCharCode(parseInt(hex, 16));
+            }
+            catch {
+                return _match;
+            }
+        })
+            .replace(/\\U([0-9A-Fa-f]{8})/g, (_match, hex) => {
+            try {
+                const code = parseInt(hex, 16);
+                if (code > 0x10ffff)
+                    return _match; // Invalid unicode
+                return String.fromCodePoint(code);
+            }
+            catch {
+                return _match;
+            }
+        });
+    }
+    /**
+     * Decode HTML entities: < -> <, &#60; -> <, &#x3C; -> <.
+     * Entity map built at runtime to avoid source-level entity decoding issues.
+     */
+    static htmlEntityMap = null;
+    static getHtmlEntityMap() {
+        if (PayloadNormalizer.htmlEntityMap)
+            return PayloadNormalizer.htmlEntityMap;
+        const a = String.fromCharCode(38); // ampersand char
+        const pairs = [
+            [a + 'lt;', '<'],
+            [a + 'gt;', '>'],
+            [a + 'amp;', a],
+            [a + 'quot;', '"'],
+            [a + '#39;', "'"],
+            [a + 'apos;', "'"],
+            [a + 'sol;', '/'],
+            [a + 'bsol;', '\\'],
+            [a + 'colon;', ':'],
+            [a + 'semi;', ';'],
+            [a + 'verbar;', '|'],
+            [a + 'dollar;', '$'],
+            [a + 'lpar;', '('],
+            [a + 'rpar;', ')'],
+            [a + 'lcub;', '{'],
+            [a + 'rcub;', '}'],
+            [a + 'lbrack;', '['],
+            [a + 'rbrack;', ']'],
+        ];
+        PayloadNormalizer.htmlEntityMap = pairs.map(([entity, ch]) => {
+            const escaped = entity.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+            return [new RegExp(escaped, 'g'), ch];
+        });
+        return PayloadNormalizer.htmlEntityMap;
+    }
+    decodeHtmlEntities(input) {
+        let result = input;
+        // Named entities
+        for (const [regex, ch] of PayloadNormalizer.getHtmlEntityMap()) {
+            result = result.replace(regex, ch);
+        }
+        // Numeric decimal entities: &#60;
+        result = result.replace(/&#(\d+);/g, (_match, dec) => {
+            const code = parseInt(dec, 10);
+            return (code > 0 && code < 65536) ? String.fromCharCode(code) : _match;
+        });
+        // Numeric hex entities: &#x3C;
+        result = result.replace(/&#x([0-9A-Fa-f]+);/g, (_match, hex) => {
+            const code = parseInt(hex, 16);
+            return (code > 0 && code < 65536) ? String.fromCharCode(code) : _match;
+        });
+        return result;
+    }
+    /**
+     * Unwrap double escapes: \\. → literal character.
+     */
+    unwrapDoubleEscapes(input) {
+        return input.replace(/\\(.)/g, (_match, char) => {
+            // Only unwrap if the backslash is escaping a non-special char
+            if ('\\$`"\''.includes(char))
+                return _match;
+            return char;
+        });
+    }
+    /**
+     * Shell normalize: collapse common shell obfuscation patterns.
+     *
+     * - $'cmd' → cmd (ANSI-C quoting)
+     * - "c"m"d" → cmd (quote splitting)
+     * - ''cmd'' → cmd (empty quote pairs)
+     * - c\md → cmd (backslash escapes)
+     */
+    shellNormalize(input) {
+        let result = input;
+        // ANSI-C quoting: $'command' → command
+        result = result.replace(/\$'([^']*)'/g, '$1');
+        // Quote splitting: "a""b" → ab, 'a''b' → ab
+        result = result.replace(/["']\s*["']/g, '');
+        // Shell backslash escapes on non-special chars
+        result = result.replace(/\\([^\\$`"'|&;><~#%{}()\[\]])/g, '$1');
+        // Null byte detection (normalized → mark as NUL for policy patterns)
+        result = result.replace(/\0/g, '\\0');
+        return result;
+    }
+    /**
+     * Specifically normalize a JSON string value (tool argument).
+     * Handles nested JSON structures recursively.
+     */
+    normalizeJsonValue(value, depth = 0) {
+        if (depth > 10)
+            return value; // Recursion guard
+        if (typeof value === 'string') {
+            return this.normalize(value).normalized;
+        }
+        if (Array.isArray(value)) {
+            return value.map((item) => this.normalizeJsonValue(item, depth + 1));
+        }
+        if (value !== null && typeof value === 'object') {
+            const result = {};
+            for (const [key, val] of Object.entries(value)) {
+                result[key] = this.normalizeJsonValue(val, depth + 1);
+            }
+            return result;
+        }
+        return value;
+    }
+}
+/** Singleton instance for policy engine integration */
+let defaultInstance = null;
+export function getNormalizer() {
+    if (!defaultInstance) {
+        defaultInstance = new PayloadNormalizer();
+    }
+    return defaultInstance;
+}
+//# sourceMappingURL=payload-normalizer.js.map

package/dist/utils/payload-normalizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"payload-normalizer.js","sourceRoot":"","sources":["../../src/utils/payload-normalizer.ts"],"names":[],"mappings":"AAqBA;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IACX,QAAQ,CAAS;IACjB,SAAS,CAAS;IAEnC,YAAY,QAAQ,GAAG,CAAC,EAAE,SAAS,GAAG,SAAS;QAC7C,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,KAAa;QACrB,MAAM,eAAe,GAAa,EAAE,CAAC;QACrC,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,KAAK,GAAG,CAAC,CAAC;QAEd,0DAA0D;QAC1D,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACpC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3C,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;QAED,oEAAoE;QACpE,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,iBAAiB,KAAK,OAAO,EAAE,CAAC;YAClC,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YACrC,OAAO,GAAG,iBAAiB,CAAC;QAC9B,CAAC;QAED,gEAAgE;QAChE,OAAO,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,OAAO,CAAC;YAEvB,wDAAwD;YACxD,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAElC,uCAAuC;YACvC,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAEzC,6CAA6C;YAC7C,OAAO,GAAG,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAE7C,wCAAwC;YACxC,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAE3C,oCAAoC;YACpC,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAE5C,IAAI,OAAO,KAAK,MAAM;gBAAE,MAAM;YAC9B,KAAK,EAAE,CAAC;QACV,CAAC;QAED,IAAI,OAAO,KAAK,iBAAiB,EAAE,CAAC;YAClC,eAAe,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACtC,CAAC;QAED,oCAAoC;QACpC,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,eAAe,KAAK,OAAO,EAAE,CAAC;YAChC,eAAe,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACxC,OAAO,GAAG,eAAe,CAAC;QAC5B,CAAC;QAED,yDAAyD;QACzD,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACjE,IAAI,oBAAoB,KAAK,OAAO,EAAE,CAAC;YACrC,eAAe,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACnC,OAAO,GAAG,oBAAoB,CAAC;QACjC,CAAC;QAED,OAAO;YACL,UAAU,EAAE,OAAO;YACnB,WAAW,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC;YACvC,eAAe;YACf,QAAQ,EAAE,KAAK;SAChB,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,KAAa;QAC7B,IAAI,CAAC;YACH,OAAO,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;YACnE,OAAO,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;gBACzD,IAAI,CAAC;oBACH,OAAO,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;gBAChD,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,KAAa;QACpC,OAAO,KAAK,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;YAC3D,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC/B,6CAA6C;YAC7C,IAAI,IAAI,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAC5B,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,oBAAoB,CAAC,KAAa;QACxC,OAAO,KAAK;aACT,OAAO,CAAC,sBAAsB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;YAC/C,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC,CAAC;aACD,OAAO,CAAC,sBAAsB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;YAC/C,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC/B,IAAI,IAAI,GAAG,QAAQ;oBAAE,OAAO,MAAM,CAAC,CAAC,kBAAkB;gBACtD,OAAO,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,aAAa,GAAmC,IAAI,CAAC;IAE5D,MAAM,CAAC,gBAAgB;QAC7B,IAAI,iBAAiB,CAAC,aAAa;YAAE,OAAO,iBAAiB,CAAC,aAAa,CAAC;QAE5E,MAAM,CAAC,GAAG,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC,iBAAiB;QACpD,MAAM,KAAK,GAA4B;YACrC,CAAC,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC;YAChB,CAAC,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC;YAChB,CAAC,CAAC,GAAG,MAAM,EAAE,CAAC,CAAC;YACf,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,CAAC;YACjB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,CAAC;YACjB,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,CAAC;YACnB,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,CAAC;YACnB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC;YACpB,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC;YACpB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,CAAC;YAClB,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC;YACpB,CAAC,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC;SACrB,CAAC;QAEF,iBAAiB,CAAC,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,EAAE;YAC3D,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,OAAO,iBAAiB,CAAC,aAAa,CAAC;IACzC,CAAC;IAEO,kBAAkB,CAAC,KAAa;QACtC,IAAI,MAAM,GAAG,KAAK,CAAC;QACnB,iBAAiB;QACjB,KAAK,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,iBAAiB,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC/D,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACrC,CAAC;QACD,kCAAkC;QAClC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;YACnD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACzE,CAAC,CAAC,CAAC;QACH,+BAA+B;QAC/B,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;YAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC/B,OAAO,CAAC,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACzE,CAAC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,KAAa;QACvC,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC9C,8DAA8D;YAC9D,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,OAAO,MAAM,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACK,cAAc,CAAC,KAAa;QAClC,IAAI,MAAM,GAAG,KAAK,CAAC;QAEnB,uCAAuC;QACvC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QAE9C,4CAA4C;QAC5C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAE5C,+CAA+C;QAC/C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,gCAAgC,EAAE,IAAI,CAAC,CAAC;QAEhE,qEAAqE;QACrE,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAEtC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,KAAc,EAAE,KAAK,GAAG,CAAC;QAC1C,IAAI,KAAK,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC,CAAC,kBAAkB;QAEhD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC;QAC1C,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,MAAM,GAA4B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;gBAC1E,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;;AAGH,uDAAuD;AACvD,IAAI,eAAe,GAA6B,IAAI,CAAC;AAErD,MAAM,UAAU,aAAa;IAC3B,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,eAAe,GAAG,IAAI,iBAAiB,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC"}

package/package.json

@@ -1,21 +1,27 @@
 {
   "name": "@mcp-guardian/server",
-  "version": "1.0.1",
+  "version": "1.3.0",
   "description": "Security, cost, and health audit for MCP infrastructure",
   "type": "module",
   "files": [
     "dist"
   ],
-  "main": "./dist/index.js",
   "bin": {
     "mcp-guardian": "./dist/cli.js"
   },
+  "main": "./dist/index.js",
   "engines": {
     "node": ">=18"
   },
-  "repository": "github:rudraneel93/mcp-guardian",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/rudraneel93/mcp-guardian.git"
+  },
   "bugs": "https://github.com/rudraneel93/mcp-guardian/issues",
   "homepage": "https://www.npmjs.com/package/@mcp-guardian/server",
+  "publishConfig": {
+    "access": "public"
+  },
   "keywords": [
     "mcp",
     "model-context-protocol",