@mcptoolshop/file-forge 0.2.1 → 1.0.0

package/README.md

@@ -1,7 +1,7 @@
-<p align="center">
-  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
-</p>
-
+<p align="center">
+  <a href="README.ja.md">日本語</a> | <a href="README.zh.md">中文</a> | <a href="README.es.md">Español</a> | <a href="README.fr.md">Français</a> | <a href="README.hi.md">हिन्दी</a> | <a href="README.it.md">Italiano</a> | <a href="README.pt-BR.md">Português (BR)</a>
+</p>
+
 <p align="center"><img src="https://raw.githubusercontent.com/mcp-tool-shop-org/brand/main/logos/mcp-file-forge/readme.png" alt="MCP File Forge" width="400"></p>
 
 <p align="center">
@@ -232,10 +232,38 @@ npm run lint
 
 ---
 
+## Security & Data Scope
+
+MCP File Forge is an **MCP server** providing sandboxed file operations for AI agents.
+
+- **Data accessed:** Files within explicitly allowed directories only. Config files, template directories
+- **Data NOT accessed:** No cloud sync. No telemetry. No analytics. No data outside sandbox
+- **Network:** stdio transport only — no network listeners. No egress
+- **No telemetry** is collected or sent
+
+Full policy: [SECURITY.md](SECURITY.md)
+
+---
+
+## Scorecard
+
+| Category | Score |
+|----------|-------|
+| A. Security | 10/10 |
+| B. Error Handling | 10/10 |
+| C. Operator Docs | 10/10 |
+| D. Shipping Hygiene | 10/10 |
+| E. Identity (soft) | 10/10 |
+| **Overall** | **50/50** |
+
+---
+
 ## License
 
 [MIT](LICENSE)
 
 ---
 
-Built by <a href="https://mcp-tool-shop.github.io/">MCP Tool Shop</a>
+<p align="center">
+  Built by <a href="https://mcp-tool-shop.github.io/">MCP Tool Shop</a>
+</p>

package/build/config/index.d.ts

@@ -0,0 +1,29 @@
+/**
+ * MCP File Forge - Configuration Module
+ *
+ * Handles loading and merging configuration from multiple sources.
+ */
+import type { ServerConfig } from '../types.js';
+/**
+ * Load and merge configuration from all sources.
+ *
+ * Priority (highest to lowest):
+ * 1. CLI arguments (not implemented yet)
+ * 2. Environment variables
+ * 3. Config file
+ * 4. Built-in defaults
+ */
+export declare function loadConfig(): Promise<ServerConfig>;
+/**
+ * Get the current configuration.
+ */
+export declare function getConfig(): ServerConfig;
+/**
+ * Reset configuration (useful for testing).
+ */
+export declare function resetConfig(): void;
+/**
+ * Get default configuration.
+ */
+export declare function getDefaultConfig(): ServerConfig;
+//# sourceMappingURL=index.d.ts.map

package/build/config/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,YAAY,EAA4C,MAAM,aAAa,CAAC;AA4L1F;;;;;;;;GAQG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,YAAY,CAAC,CA+BxD;AAED;;GAEG;AACH,wBAAgB,SAAS,IAAI,YAAY,CAKxC;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,IAAI,CAElC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,YAAY,CAE/C"}

package/build/config/index.js

@@ -0,0 +1,229 @@
+/**
+ * MCP File Forge - Configuration Module
+ *
+ * Handles loading and merging configuration from multiple sources.
+ */
+import * as fs from 'node:fs/promises';
+import * as path from 'node:path';
+import { ServerConfigSchema } from '../types.js';
+/**
+ * Default configuration values.
+ */
+const DEFAULT_CONFIG = {
+    sandbox: {
+        allowed_paths: ['.'],
+        denied_paths: ['**/node_modules/**', '**/.git/**'],
+        follow_symlinks: false,
+        max_file_size: 104857600, // 100MB
+        max_depth: 20,
+    },
+    templates: {
+        paths: ['./templates'],
+    },
+    logging: {
+        level: 'info',
+    },
+    read_only: false,
+};
+/**
+ * Environment variable prefix.
+ */
+const ENV_PREFIX = 'MCP_FILE_FORGE_';
+/**
+ * Parse a comma-separated string into an array.
+ */
+function parseCSV(value) {
+    return value
+        .split(',')
+        .map((s) => s.trim())
+        .filter((s) => s.length > 0);
+}
+/**
+ * Parse environment variables into partial config.
+ */
+function parseEnvironment() {
+    const config = {};
+    const sandbox = {};
+    const templates = {};
+    const logging = {};
+    // Read-only mode
+    const readOnly = process.env[`${ENV_PREFIX}READ_ONLY`];
+    if (readOnly !== undefined) {
+        config.read_only = readOnly.toLowerCase() === 'true';
+    }
+    // Sandbox settings
+    const allowedPaths = process.env[`${ENV_PREFIX}ALLOWED_PATHS`];
+    if (allowedPaths) {
+        sandbox.allowed_paths = parseCSV(allowedPaths);
+    }
+    const deniedPaths = process.env[`${ENV_PREFIX}DENIED_PATHS`];
+    if (deniedPaths) {
+        sandbox.denied_paths = parseCSV(deniedPaths);
+    }
+    const followSymlinks = process.env[`${ENV_PREFIX}FOLLOW_SYMLINKS`];
+    if (followSymlinks !== undefined) {
+        sandbox.follow_symlinks = followSymlinks.toLowerCase() === 'true';
+    }
+    const maxFileSize = process.env[`${ENV_PREFIX}MAX_FILE_SIZE`];
+    if (maxFileSize) {
+        const parsed = parseInt(maxFileSize, 10);
+        if (!isNaN(parsed)) {
+            sandbox.max_file_size = parsed;
+        }
+    }
+    const maxDepth = process.env[`${ENV_PREFIX}MAX_DEPTH`];
+    if (maxDepth) {
+        const parsed = parseInt(maxDepth, 10);
+        if (!isNaN(parsed)) {
+            sandbox.max_depth = parsed;
+        }
+    }
+    // Template settings
+    const templatePaths = process.env[`${ENV_PREFIX}TEMPLATE_PATHS`];
+    if (templatePaths) {
+        templates.paths = parseCSV(templatePaths);
+    }
+    // Logging settings
+    const logLevel = process.env[`${ENV_PREFIX}LOG_LEVEL`];
+    if (logLevel) {
+        const level = logLevel.toLowerCase();
+        if (['error', 'warn', 'info', 'debug'].includes(level)) {
+            logging.level = level;
+        }
+    }
+    const logFile = process.env[`${ENV_PREFIX}LOG_FILE`];
+    if (logFile) {
+        logging.file = logFile;
+    }
+    // Merge partial configs
+    if (Object.keys(sandbox).length > 0) {
+        config.sandbox = sandbox;
+    }
+    if (Object.keys(templates).length > 0) {
+        config.templates = templates;
+    }
+    if (Object.keys(logging).length > 0) {
+        config.logging = logging;
+    }
+    return config;
+}
+/**
+ * Load configuration from a JSON file.
+ */
+async function loadConfigFile(configPath) {
+    try {
+        const content = await fs.readFile(configPath, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        // Config file doesn't exist or is invalid
+        return {};
+    }
+}
+/**
+ * Deep merge two configuration objects.
+ */
+function mergeConfig(base, override) {
+    return {
+        sandbox: {
+            ...base.sandbox,
+            ...override.sandbox,
+        },
+        templates: {
+            ...base.templates,
+            ...override.templates,
+        },
+        logging: {
+            ...base.logging,
+            ...override.logging,
+        },
+        read_only: override.read_only ?? base.read_only,
+    };
+}
+/**
+ * Find config file in current directory or parent directories.
+ */
+async function findConfigFile() {
+    const configNames = ['mcp-file-forge.json', '.mcp-file-forge.json'];
+    let currentDir = process.cwd();
+    // Search up to 5 levels
+    for (let i = 0; i < 5; i++) {
+        for (const name of configNames) {
+            const configPath = path.join(currentDir, name);
+            try {
+                await fs.access(configPath);
+                return configPath;
+            }
+            catch {
+                // File doesn't exist, continue
+            }
+        }
+        const parentDir = path.dirname(currentDir);
+        if (parentDir === currentDir)
+            break;
+        currentDir = parentDir;
+    }
+    return null;
+}
+/**
+ * Global configuration instance.
+ */
+let globalConfig = null;
+/**
+ * Load and merge configuration from all sources.
+ *
+ * Priority (highest to lowest):
+ * 1. CLI arguments (not implemented yet)
+ * 2. Environment variables
+ * 3. Config file
+ * 4. Built-in defaults
+ */
+export async function loadConfig() {
+    if (globalConfig) {
+        return globalConfig;
+    }
+    // Start with defaults
+    let config = { ...DEFAULT_CONFIG };
+    // Load config file if found
+    const configPath = await findConfigFile();
+    if (configPath) {
+        const fileConfig = await loadConfigFile(configPath);
+        config = mergeConfig(config, fileConfig);
+        console.error(`[config] Loaded config from ${configPath}`);
+    }
+    // Apply environment variables (higher priority)
+    const envConfig = parseEnvironment();
+    config = mergeConfig(config, envConfig);
+    // Validate the final config
+    const result = ServerConfigSchema.safeParse(config);
+    if (!result.success) {
+        console.error('[config] Warning: Invalid configuration, using defaults');
+        console.error(result.error.issues);
+        globalConfig = DEFAULT_CONFIG;
+        return DEFAULT_CONFIG;
+    }
+    globalConfig = result.data;
+    return result.data;
+}
+/**
+ * Get the current configuration.
+ */
+export function getConfig() {
+    if (!globalConfig) {
+        throw new Error('Configuration not loaded. Call loadConfig() first.');
+    }
+    return globalConfig;
+}
+/**
+ * Reset configuration (useful for testing).
+ */
+export function resetConfig() {
+    globalConfig = null;
+}
+/**
+ * Get default configuration.
+ */
+export function getDefaultConfig() {
+    return { ...DEFAULT_CONFIG };
+}
+//# sourceMappingURL=index.js.map

package/build/config/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/config/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAEjD;;GAEG;AACH,MAAM,cAAc,GAAiB;IACnC,OAAO,EAAE;QACP,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,YAAY,EAAE,CAAC,oBAAoB,EAAE,YAAY,CAAC;QAClD,eAAe,EAAE,KAAK;QACtB,aAAa,EAAE,SAAS,EAAE,QAAQ;QAClC,SAAS,EAAE,EAAE;KACd;IACD,SAAS,EAAE;QACT,KAAK,EAAE,CAAC,aAAa,CAAC;KACvB;IACD,OAAO,EAAE;QACP,KAAK,EAAE,MAAM;KACd;IACD,SAAS,EAAE,KAAK;CACjB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,GAAG,iBAAiB,CAAC;AAErC;;GAEG;AACH,SAAS,QAAQ,CAAC,KAAa;IAC7B,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB;IACvB,MAAM,MAAM,GAA0B,EAAE,CAAC;IACzC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,MAAM,OAAO,GAAuB,EAAE,CAAC;IAEvC,iBAAiB;IACjB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,WAAW,CAAC,CAAC;IACvD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,SAAS,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IACvD,CAAC;IAED,mBAAmB;IACnB,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,eAAe,CAAC,CAAC;IAC/D,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,cAAc,CAAC,CAAC;IAC7D,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,YAAY,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,iBAAiB,CAAC,CAAC;IACnE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,CAAC,eAAe,GAAG,cAAc,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC;IACpE,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,eAAe,CAAC,CAAC;IAC9D,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YACnB,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC;QACjC,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,WAAW,CAAC,CAAC;IACvD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YACnB,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,gBAAgB,CAAC,CAAC;IACjE,IAAI,aAAa,EAAE,CAAC;QAClB,SAAS,CAAC,KAAK,GAAG,QAAQ,CAAC,aAAa,CAAC,CAAC;IAC5C,CAAC;IAED,mBAAmB;IACnB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,WAAW,CAAC,CAAC;IACvD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;QACrC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACvD,OAAO,CAAC,KAAK,GAAG,KAA4C,CAAC;QAC/D,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,UAAU,UAAU,CAAC,CAAC;IACrD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,GAAG,OAAwB,CAAC;IAC5C,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,CAAC,SAAS,GAAG,SAA2B,CAAC;IACjD,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,CAAC,OAAO,GAAG,OAAoB,CAAC;IACxC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,UAAkB;IAC9C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACvD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAA0B,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,IAAkB,EAClB,QAA+B;IAE/B,OAAO;QACL,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,OAAO;YACf,GAAG,QAAQ,CAAC,OAAO;SACpB;QACD,SAAS,EAAE;YACT,GAAG,IAAI,CAAC,SAAS;YACjB,GAAG,QAAQ,CAAC,SAAS;SACtB;QACD,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,OAAO;YACf,GAAG,QAAQ,CAAC,OAAO;SACpB;QACD,SAAS,EAAE,QAAQ,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;KAChD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc;IAC3B,MAAM,WAAW,GAAG,CAAC,qBAAqB,EAAE,sBAAsB,CAAC,CAAC;IACpE,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAE/B,wBAAwB;IACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC5B,OAAO,UAAU,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,+BAA+B;YACjC,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,SAAS,KAAK,UAAU;YAAE,MAAM;QACpC,UAAU,GAAG,SAAS,CAAC;IACzB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,IAAI,YAAY,GAAwB,IAAI,CAAC;AAE7C;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,CAAC;IAEnC,4BAA4B;IAC5B,MAAM,UAAU,GAAG,MAAM,cAAc,EAAE,CAAC;IAC1C,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,UAAU,CAAC,CAAC;QACpD,MAAM,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;QACzC,OAAO,CAAC,KAAK,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,gDAAgD;IAChD,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,MAAM,GAAG,WAAW,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAExC,4BAA4B;IAC5B,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;QACzE,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnC,YAAY,GAAG,cAAc,CAAC;QAC9B,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;AAC/B,CAAC"}

package/build/index.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+/**
+ * MCP File Forge - Entry Point
+ *
+ * A Model Context Protocol server for secure file operations
+ * and project scaffolding.
+ */
+export { createSandboxServer } from './server.js';
+//# sourceMappingURL=index.d.ts.map

package/build/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAKH,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC"}

package/build/index.js

@@ -0,0 +1,25 @@
+#!/usr/bin/env node
+/**
+ * MCP File Forge - Entry Point
+ *
+ * A Model Context Protocol server for secure file operations
+ * and project scaffolding.
+ */
+import { startServer } from './server.js';
+// Re-export for Smithery scanning
+export { createSandboxServer } from './server.js';
+// Handle uncaught errors
+process.on('uncaughtException', (error) => {
+    console.error('[mcp-file-forge] Uncaught exception:', error);
+    process.exit(1);
+});
+process.on('unhandledRejection', (reason) => {
+    console.error('[mcp-file-forge] Unhandled rejection:', reason);
+    process.exit(1);
+});
+// Start the server
+startServer().catch((error) => {
+    console.error('[mcp-file-forge] Fatal error:', error);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,kCAAkC;AAClC,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAElD,yBAAyB;AACzB,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,KAAK,EAAE,EAAE;IACxC,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,MAAM,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,mBAAmB;AACnB,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IAC5B,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;IACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/build/security/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * MCP File Forge - Security Module
+ *
+ * Exports all security-related functionality.
+ */
+export { Sandbox, getSandbox, resetSandbox } from './sandbox.js';
+export { enableReadOnlyMode, disableReadOnlyMode, isReadOnlyMode, validateWriteAllowed, WRITE_TOOLS, isWriteTool, } from './read-only.js';
+//# sourceMappingURL=index.d.ts.map

package/build/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,oBAAoB,EACpB,WAAW,EACX,WAAW,GACZ,MAAM,gBAAgB,CAAC"}

package/build/security/index.js

@@ -0,0 +1,8 @@
+/**
+ * MCP File Forge - Security Module
+ *
+ * Exports all security-related functionality.
+ */
+export { Sandbox, getSandbox, resetSandbox } from './sandbox.js';
+export { enableReadOnlyMode, disableReadOnlyMode, isReadOnlyMode, validateWriteAllowed, WRITE_TOOLS, isWriteTool, } from './read-only.js';
+//# sourceMappingURL=index.js.map

package/build/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,oBAAoB,EACpB,WAAW,EACX,WAAW,GACZ,MAAM,gBAAgB,CAAC"}

package/build/security/read-only.d.ts

@@ -0,0 +1,32 @@
+/**
+ * MCP File Forge - Read-Only Mode
+ *
+ * Controls whether write operations are allowed.
+ */
+import type { FileForgeError } from '../types.js';
+/**
+ * Enable read-only mode (disables all write operations).
+ */
+export declare function enableReadOnlyMode(): void;
+/**
+ * Disable read-only mode (allows write operations).
+ */
+export declare function disableReadOnlyMode(): void;
+/**
+ * Check if read-only mode is enabled.
+ */
+export declare function isReadOnlyMode(): boolean;
+/**
+ * Validate that a write operation is allowed.
+ * Returns an error if in read-only mode.
+ */
+export declare function validateWriteAllowed(): FileForgeError | null;
+/**
+ * List of tool names that require write access.
+ */
+export declare const WRITE_TOOLS: readonly ["write_file", "create_directory", "copy_file", "move_file", "delete_file", "scaffold_project"];
+/**
+ * Check if a tool requires write access.
+ */
+export declare function isWriteTool(toolName: string): boolean;
+//# sourceMappingURL=read-only.d.ts.map

package/build/security/read-only.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-only.d.ts","sourceRoot":"","sources":["../../src/security/read-only.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAOlD;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAEzC;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,OAAO,CAExC;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,cAAc,GAAG,IAAI,CAY5D;AAED;;GAEG;AACH,eAAO,MAAM,WAAW,0GAOd,CAAC;AAEX;;GAEG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAErD"}

package/build/security/read-only.js

@@ -0,0 +1,62 @@
+/**
+ * MCP File Forge - Read-Only Mode
+ *
+ * Controls whether write operations are allowed.
+ */
+/**
+ * Global read-only state.
+ */
+let readOnlyMode = false;
+/**
+ * Enable read-only mode (disables all write operations).
+ */
+export function enableReadOnlyMode() {
+    readOnlyMode = true;
+}
+/**
+ * Disable read-only mode (allows write operations).
+ */
+export function disableReadOnlyMode() {
+    readOnlyMode = false;
+}
+/**
+ * Check if read-only mode is enabled.
+ */
+export function isReadOnlyMode() {
+    return readOnlyMode;
+}
+/**
+ * Validate that a write operation is allowed.
+ * Returns an error if in read-only mode.
+ */
+export function validateWriteAllowed() {
+    if (readOnlyMode) {
+        return {
+            code: 'WRITE_DISABLED',
+            message: 'Write operations are disabled in read-only mode',
+            details: {
+                mode: 'read-only',
+                hint: 'Set MCP_FILE_FORGE_READ_ONLY=false to enable write operations',
+            },
+        };
+    }
+    return null;
+}
+/**
+ * List of tool names that require write access.
+ */
+export const WRITE_TOOLS = [
+    'write_file',
+    'create_directory',
+    'copy_file',
+    'move_file',
+    'delete_file',
+    'scaffold_project',
+];
+/**
+ * Check if a tool requires write access.
+ */
+export function isWriteTool(toolName) {
+    return WRITE_TOOLS.includes(toolName);
+}
+//# sourceMappingURL=read-only.js.map

package/build/security/read-only.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-only.js","sourceRoot":"","sources":["../../src/security/read-only.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,IAAI,YAAY,GAAG,KAAK,CAAC;AAEzB;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,YAAY,GAAG,KAAK,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,iDAAiD;YAC1D,OAAO,EAAE;gBACP,IAAI,EAAE,WAAW;gBACjB,IAAI,EAAE,+DAA+D;aACtE;SACF,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,YAAY;IACZ,kBAAkB;IAClB,WAAW;IACX,WAAW;IACX,aAAa;IACb,kBAAkB;CACV,CAAC;AAEX;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,OAAO,WAAW,CAAC,QAAQ,CAAC,QAAwC,CAAC,CAAC;AACxE,CAAC"}

package/build/security/sandbox.d.ts

@@ -0,0 +1,60 @@
+/**
+ * MCP File Forge - Sandbox Security Layer
+ *
+ * Path validation and access control for file operations.
+ */
+import type { SandboxConfig, FileForgeError } from '../types.js';
+/**
+ * Sandbox manager for validating and controlling file access.
+ */
+export declare class Sandbox {
+    private config;
+    private resolvedAllowedPaths;
+    private initialized;
+    constructor(config?: Partial<SandboxConfig>);
+    /**
+     * Initialize the sandbox by resolving all allowed paths to absolute paths.
+     */
+    initialize(): Promise<void>;
+    /**
+     * Check if a path is within the allowed sandbox paths.
+     */
+    isPathAllowed(targetPath: string): boolean;
+    /**
+     * Validate a path and return error if not allowed.
+     */
+    validatePath(targetPath: string): Promise<FileForgeError | null>;
+    /**
+     * Check if a path contains traversal attempts.
+     */
+    private hasPathTraversal;
+    /**
+     * Validate file size against limits.
+     */
+    validateFileSize(size: number): FileForgeError | null;
+    /**
+     * Validate recursion depth.
+     */
+    validateDepth(depth: number): FileForgeError | null;
+    /**
+     * Get the current configuration.
+     */
+    getConfig(): SandboxConfig;
+    /**
+     * Get resolved allowed paths.
+     */
+    getAllowedPaths(): string[];
+    /**
+     * Update configuration at runtime.
+     */
+    updateConfig(config: Partial<SandboxConfig>): void;
+}
+/**
+ * Get or create the global sandbox instance.
+ */
+export declare function getSandbox(config?: Partial<SandboxConfig>): Sandbox;
+/**
+ * Reset the global sandbox (useful for testing).
+ */
+export declare function resetSandbox(): void;
+//# sourceMappingURL=sandbox.d.ts.map

package/build/security/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAEjE;;GAEG;AACH,qBAAa,OAAO;IAClB,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,oBAAoB,CAAgB;IAC5C,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,GAAE,OAAO,CAAC,aAAa,CAAM;IAU/C;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAoBjC;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAkC1C;;OAEG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAqDtE;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAkBxB;;OAEG;IACH,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAcrD;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IAcnD;;OAEG;IACH,SAAS,IAAI,aAAa;IAI1B;;OAEG;IACH,eAAe,IAAI,MAAM,EAAE;IAI3B;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI;CAkBnD;AAOD;;GAEG;AACH,wBAAgB,UAAU,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,OAAO,CAKnE;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,IAAI,CAEnC"}