@mcptoolshop/file-forge 0.2.1 → 1.0.0

package/build/security/sandbox.js

@@ -0,0 +1,231 @@
+/**
+ * MCP File Forge - Sandbox Security Layer
+ *
+ * Path validation and access control for file operations.
+ */
+import * as path from 'node:path';
+import * as fs from 'node:fs/promises';
+import { minimatch } from 'minimatch';
+/**
+ * Sandbox manager for validating and controlling file access.
+ */
+export class Sandbox {
+    config;
+    resolvedAllowedPaths = [];
+    initialized = false;
+    constructor(config = {}) {
+        this.config = {
+            allowed_paths: config.allowed_paths ?? ['.'],
+            denied_paths: config.denied_paths,
+            follow_symlinks: config.follow_symlinks ?? false,
+            max_file_size: config.max_file_size ?? 104857600, // 100MB
+            max_depth: config.max_depth ?? 20,
+        };
+    }
+    /**
+     * Initialize the sandbox by resolving all allowed paths to absolute paths.
+     */
+    async initialize() {
+        if (this.initialized)
+            return;
+        this.resolvedAllowedPaths = await Promise.all(this.config.allowed_paths.map(async (p) => {
+            const resolved = path.resolve(p);
+            // Verify the path exists
+            try {
+                await fs.access(resolved);
+                return resolved;
+            }
+            catch {
+                // Path doesn't exist yet, but we'll still allow it
+                return resolved;
+            }
+        }));
+        this.initialized = true;
+    }
+    /**
+     * Check if a path is within the allowed sandbox paths.
+     */
+    isPathAllowed(targetPath) {
+        const resolved = path.resolve(targetPath);
+        const normalized = path.normalize(resolved);
+        // Check if path is within any allowed path
+        const isWithinAllowed = this.resolvedAllowedPaths.some((allowedPath) => {
+            const normalizedAllowed = path.normalize(allowedPath);
+            return (normalized === normalizedAllowed ||
+                normalized.startsWith(normalizedAllowed + path.sep));
+        });
+        if (!isWithinAllowed) {
+            return false;
+        }
+        // Check if path matches any denied pattern
+        if (this.config.denied_paths) {
+            for (const pattern of this.config.denied_paths) {
+                if (minimatch(normalized, pattern, { dot: true, nocase: true })) {
+                    return false;
+                }
+                // Also check relative path
+                const relativePath = path.relative(process.cwd(), normalized);
+                if (minimatch(relativePath, pattern, { dot: true, nocase: true })) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+    /**
+     * Validate a path and return error if not allowed.
+     */
+    async validatePath(targetPath) {
+        await this.initialize();
+        const resolved = path.resolve(targetPath);
+        // Check path traversal attempts
+        if (this.hasPathTraversal(targetPath)) {
+            return {
+                code: 'PATH_OUTSIDE_SANDBOX',
+                message: 'Path traversal detected',
+                details: {
+                    path: targetPath,
+                },
+            };
+        }
+        // Check if path is allowed
+        if (!this.isPathAllowed(resolved)) {
+            return {
+                code: 'PATH_OUTSIDE_SANDBOX',
+                message: `Path is outside allowed directories`,
+                details: {
+                    path: resolved,
+                    allowed_paths: this.resolvedAllowedPaths,
+                },
+            };
+        }
+        // Check symlinks if not allowed
+        if (!this.config.follow_symlinks) {
+            try {
+                const lstat = await fs.lstat(resolved);
+                if (lstat.isSymbolicLink()) {
+                    const realPath = await fs.realpath(resolved);
+                    if (!this.isPathAllowed(realPath)) {
+                        return {
+                            code: 'PATH_OUTSIDE_SANDBOX',
+                            message: 'Symlink points outside allowed directories',
+                            details: {
+                                symlink: resolved,
+                                target: realPath,
+                            },
+                        };
+                    }
+                }
+            }
+            catch {
+                // File doesn't exist yet, which is OK for write operations
+            }
+        }
+        return null;
+    }
+    /**
+     * Check if a path contains traversal attempts.
+     */
+    hasPathTraversal(targetPath) {
+        const normalized = path.normalize(targetPath);
+        const parts = normalized.split(path.sep);
+        // Check for .. that would escape
+        let depth = 0;
+        for (const part of parts) {
+            if (part === '..') {
+                depth--;
+                if (depth < 0)
+                    return true;
+            }
+            else if (part && part !== '.') {
+                depth++;
+            }
+        }
+        return false;
+    }
+    /**
+     * Validate file size against limits.
+     */
+    validateFileSize(size) {
+        if (size > this.config.max_file_size) {
+            return {
+                code: 'FILE_TOO_LARGE',
+                message: `File size ${size} bytes exceeds limit of ${this.config.max_file_size} bytes`,
+                details: {
+                    size,
+                    limit: this.config.max_file_size,
+                },
+            };
+        }
+        return null;
+    }
+    /**
+     * Validate recursion depth.
+     */
+    validateDepth(depth) {
+        if (depth > this.config.max_depth) {
+            return {
+                code: 'DEPTH_EXCEEDED',
+                message: `Recursion depth ${depth} exceeds limit of ${this.config.max_depth}`,
+                details: {
+                    depth,
+                    limit: this.config.max_depth,
+                },
+            };
+        }
+        return null;
+    }
+    /**
+     * Get the current configuration.
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Get resolved allowed paths.
+     */
+    getAllowedPaths() {
+        return [...this.resolvedAllowedPaths];
+    }
+    /**
+     * Update configuration at runtime.
+     */
+    updateConfig(config) {
+        if (config.allowed_paths) {
+            this.config.allowed_paths = config.allowed_paths;
+            this.initialized = false; // Force re-initialization
+        }
+        if (config.denied_paths !== undefined) {
+            this.config.denied_paths = config.denied_paths;
+        }
+        if (config.follow_symlinks !== undefined) {
+            this.config.follow_symlinks = config.follow_symlinks;
+        }
+        if (config.max_file_size !== undefined) {
+            this.config.max_file_size = config.max_file_size;
+        }
+        if (config.max_depth !== undefined) {
+            this.config.max_depth = config.max_depth;
+        }
+    }
+}
+/**
+ * Global sandbox instance.
+ */
+let globalSandbox = null;
+/**
+ * Get or create the global sandbox instance.
+ */
+export function getSandbox(config) {
+    if (!globalSandbox) {
+        globalSandbox = new Sandbox(config);
+    }
+    return globalSandbox;
+}
+/**
+ * Reset the global sandbox (useful for testing).
+ */
+export function resetSandbox() {
+    globalSandbox = null;
+}
+//# sourceMappingURL=sandbox.js.map

package/build/security/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC;;GAEG;AACH,MAAM,OAAO,OAAO;IACV,MAAM,CAAgB;IACtB,oBAAoB,GAAa,EAAE,CAAC;IACpC,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,SAAiC,EAAE;QAC7C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,CAAC,GAAG,CAAC;YAC5C,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,eAAe,EAAE,MAAM,CAAC,eAAe,IAAI,KAAK;YAChD,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,SAAS,EAAE,QAAQ;YAC1D,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;SAClC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,IAAI,CAAC,oBAAoB,GAAG,MAAM,OAAO,CAAC,GAAG,CAC3C,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACjC,yBAAyB;YACzB,IAAI,CAAC;gBACH,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBAC1B,OAAO,QAAQ,CAAC;YAClB,CAAC;YAAC,MAAM,CAAC;gBACP,mDAAmD;gBACnD,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QAEF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,UAAkB;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAE5C,2CAA2C;QAC3C,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,EAAE;YACrE,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;YACtD,OAAO,CACL,UAAU,KAAK,iBAAiB;gBAChC,UAAU,CAAC,UAAU,CAAC,iBAAiB,GAAG,IAAI,CAAC,GAAG,CAAC,CACpD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC7B,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBAC/C,IAAI,SAAS,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;oBAChE,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,2BAA2B;gBAC3B,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;gBAC9D,IAAI,SAAS,CAAC,YAAY,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;oBAClE,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,UAAkB;QACnC,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE1C,gCAAgC;QAChC,IAAI,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,yBAAyB;gBAClC,OAAO,EAAE;oBACP,IAAI,EAAE,UAAU;iBACjB;aACF,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,qCAAqC;gBAC9C,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,aAAa,EAAE,IAAI,CAAC,oBAAoB;iBACzC;aACF,CAAC;QACJ,CAAC;QAED,gCAAgC;QAChC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,KAAK,CAAC,cAAc,EAAE,EAAE,CAAC;oBAC3B,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;oBAC7C,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,OAAO;4BACL,IAAI,EAAE,sBAAsB;4BAC5B,OAAO,EAAE,4CAA4C;4BACrD,OAAO,EAAE;gCACP,OAAO,EAAE,QAAQ;gCACjB,MAAM,EAAE,QAAQ;6BACjB;yBACF,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,2DAA2D;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,UAAkB;QACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEzC,iCAAiC;QACjC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;gBAClB,KAAK,EAAE,CAAC;gBACR,IAAI,KAAK,GAAG,CAAC;oBAAE,OAAO,IAAI,CAAC;YAC7B,CAAC;iBAAM,IAAI,IAAI,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAChC,KAAK,EAAE,CAAC;YACV,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,IAAY;QAC3B,IAAI,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YACrC,OAAO;gBACL,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,aAAa,IAAI,2BAA2B,IAAI,CAAC,MAAM,CAAC,aAAa,QAAQ;gBACtF,OAAO,EAAE;oBACP,IAAI;oBACJ,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;iBACjC;aACF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAa;QACzB,IAAI,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YAClC,OAAO;gBACL,IAAI,EAAE,gBAAgB;gBACtB,OAAO,EAAE,mBAAmB,KAAK,qBAAqB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;gBAC7E,OAAO,EAAE;oBACP,KAAK;oBACL,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBAC7B;aACF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,OAAO,CAAC,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAA8B;QACzC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;YACjD,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC,0BAA0B;QACtD,CAAC;QACD,IAAI,MAAM,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;QACjD,CAAC;QACD,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QACvD,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QACnD,CAAC;QACD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QAC3C,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,IAAI,aAAa,GAAmB,IAAI,CAAC;AAEzC;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,MAA+B;IACxD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,aAAa,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,aAAa,GAAG,IAAI,CAAC;AACvB,CAAC"}

package/build/server.d.ts

@@ -0,0 +1,32 @@
+/**
+ * MCP File Forge - Server Implementation
+ *
+ * Dual-mode MCP server: STDIO (local) or HTTP (deployed).
+ * Set PORT env var to enable HTTP mode for remote deployment.
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+/**
+ * Create and configure the MCP server instance.
+ */
+export declare function createServer(): McpServer;
+/**
+ * Create STDIO transport for local usage.
+ */
+export declare function createStdioTransport(): StdioServerTransport;
+/**
+ * Create a sandbox server instance for Smithery scanning.
+ *
+ * This allows Smithery to discover tools/resources without
+ * real configuration or credentials. Used during `smithery mcp publish`.
+ */
+export declare function createSandboxServer(): McpServer;
+/**
+ * Start the MCP server.
+ *
+ * Mode selection:
+ * - PORT env var set → HTTP mode (for Fly.io / remote deployment)
+ * - No PORT → STDIO mode (for local Claude Desktop / CLI usage)
+ */
+export declare function startServer(): Promise<void>;
+//# sourceMappingURL=server.d.ts.map

package/build/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAcjF;;GAEG;AACH,wBAAgB,YAAY,IAAI,SAAS,CAcxC;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,oBAAoB,CAE3D;AAqGD;;;;;GAKG;AACH,wBAAgB,mBAAmB,IAAI,SAAS,CAE/C;AAED;;;;;;GAMG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CA6BjD"}

package/build/server.js

@@ -0,0 +1,171 @@
+/**
+ * MCP File Forge - Server Implementation
+ *
+ * Dual-mode MCP server: STDIO (local) or HTTP (deployed).
+ * Set PORT env var to enable HTTP mode for remote deployment.
+ */
+import { randomUUID } from 'node:crypto';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { registerReadTools } from './tools/read.js';
+import { registerWriteTools } from './tools/write.js';
+import { registerSearchTools } from './tools/search.js';
+import { registerMetadataTools } from './tools/metadata.js';
+import { registerScaffoldTools } from './tools/scaffold.js';
+import { loadConfig } from './config/index.js';
+import { getSandbox, enableReadOnlyMode } from './security/index.js';
+// Server metadata
+const SERVER_NAME = 'mcp-file-forge';
+const SERVER_VERSION = '0.2.0';
+/**
+ * Create and configure the MCP server instance.
+ */
+export function createServer() {
+    const server = new McpServer({
+        name: SERVER_NAME,
+        version: SERVER_VERSION,
+    });
+    // Register all tools
+    registerReadTools(server);
+    registerWriteTools(server);
+    registerSearchTools(server);
+    registerMetadataTools(server);
+    registerScaffoldTools(server);
+    return server;
+}
+/**
+ * Create STDIO transport for local usage.
+ */
+export function createStdioTransport() {
+    return new StdioServerTransport();
+}
+/**
+ * Start the MCP server in STDIO mode (local).
+ */
+async function startStdioServer(server) {
+    const transport = createStdioTransport();
+    console.error(`[${SERVER_NAME}] Transport: stdio`);
+    await server.connect(transport);
+    console.error(`[${SERVER_NAME}] Server connected and ready (stdio)`);
+}
+/**
+ * Start the MCP server in HTTP mode (deployed).
+ *
+ * Uses StreamableHTTPServerTransport with stateful sessions.
+ * Each client gets its own transport + server instance per session.
+ */
+async function startHttpServer(_server, port) {
+    // Dynamic import to keep express optional for stdio-only usage
+    const { default: express } = await import('express');
+    const app = express();
+    app.use(express.json());
+    // Health check for Fly.io / load balancers
+    app.get('/health', (_req, res) => {
+        res.json({ status: 'ok', server: SERVER_NAME, version: SERVER_VERSION });
+    });
+    // Session management: map sessionId → transport
+    const sessions = new Map();
+    // Handle MCP protocol requests (POST /mcp)
+    app.post('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        let transport;
+        if (sessionId && sessions.has(sessionId)) {
+            // Existing session
+            transport = sessions.get(sessionId);
+        }
+        else if (!sessionId) {
+            // New session — create transport + connect a fresh server
+            transport = new StreamableHTTPServerTransport({
+                sessionIdGenerator: () => randomUUID(),
+                onsessioninitialized: (id) => {
+                    sessions.set(id, transport);
+                    console.error(`[${SERVER_NAME}] Session created: ${id}`);
+                },
+            });
+            transport.onclose = () => {
+                const sid = transport.sessionId;
+                if (sid) {
+                    sessions.delete(sid);
+                    console.error(`[${SERVER_NAME}] Session closed: ${sid}`);
+                }
+            };
+            // Each session gets its own server instance with all tools
+            const sessionServer = createServer();
+            await sessionServer.connect(transport);
+        }
+        else {
+            // Invalid session ID
+            res.status(404).json({ error: 'Session not found' });
+            return;
+        }
+        await transport.handleRequest(req, res, req.body);
+    });
+    // Handle SSE streams (GET /mcp)
+    app.get('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        if (!sessionId || !sessions.has(sessionId)) {
+            res.status(404).json({ error: 'Session not found' });
+            return;
+        }
+        const transport = sessions.get(sessionId);
+        await transport.handleRequest(req, res);
+    });
+    // Handle session termination (DELETE /mcp)
+    app.delete('/mcp', async (req, res) => {
+        const sessionId = req.headers['mcp-session-id'];
+        if (!sessionId || !sessions.has(sessionId)) {
+            res.status(404).json({ error: 'Session not found' });
+            return;
+        }
+        const transport = sessions.get(sessionId);
+        await transport.handleRequest(req, res);
+    });
+    app.listen(port, '0.0.0.0', () => {
+        console.error(`[${SERVER_NAME}] Transport: HTTP (Streamable)`);
+        console.error(`[${SERVER_NAME}] Listening on http://0.0.0.0:${port}/mcp`);
+        console.error(`[${SERVER_NAME}] Health check: http://0.0.0.0:${port}/health`);
+    });
+}
+/**
+ * Create a sandbox server instance for Smithery scanning.
+ *
+ * This allows Smithery to discover tools/resources without
+ * real configuration or credentials. Used during `smithery mcp publish`.
+ */
+export function createSandboxServer() {
+    return createServer();
+}
+/**
+ * Start the MCP server.
+ *
+ * Mode selection:
+ * - PORT env var set → HTTP mode (for Fly.io / remote deployment)
+ * - No PORT → STDIO mode (for local Claude Desktop / CLI usage)
+ */
+export async function startServer() {
+    // Load configuration
+    const config = await loadConfig();
+    // Initialize sandbox with config
+    const sandbox = getSandbox(config.sandbox);
+    await sandbox.initialize();
+    // Enable read-only mode if configured
+    if (config.read_only) {
+        enableReadOnlyMode();
+        console.error(`[${SERVER_NAME}] Running in read-only mode`);
+    }
+    // Create server
+    const server = createServer();
+    // Log to stderr (stdout is reserved for MCP protocol in stdio mode)
+    console.error(`[${SERVER_NAME}] Starting server v${SERVER_VERSION}...`);
+    console.error(`[${SERVER_NAME}] Allowed paths: ${sandbox.getAllowedPaths().join(', ')}`);
+    // Select transport based on PORT env var
+    const port = process.env.PORT ? parseInt(process.env.PORT, 10) : undefined;
+    if (port) {
+        await startHttpServer(server, port);
+    }
+    else {
+        await startStdioServer(server);
+    }
+}
+//# sourceMappingURL=server.js.map

package/build/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAErE,kBAAkB;AAClB,MAAM,WAAW,GAAG,gBAAgB,CAAC;AACrC,MAAM,cAAc,GAAG,OAAO,CAAC;AAE/B;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,cAAc;KACxB,CAAC,CAAC;IAEH,qBAAqB;IACrB,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC1B,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC5B,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC9B,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAE9B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,IAAI,oBAAoB,EAAE,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,gBAAgB,CAAC,MAAiB;IAC/C,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;IACzC,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,oBAAoB,CAAC,CAAC;IACnD,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,sCAAsC,CAAC,CAAC;AACvE,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,eAAe,CAAC,OAAkB,EAAE,IAAY;IAC7D,+DAA+D;IAC/D,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;IAErD,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAExB,2CAA2C;IAC3C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAChD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAyC,CAAC;IAElE,2CAA2C;IAC3C,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QAEtE,IAAI,SAAwC,CAAC;QAE7C,IAAI,SAAS,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,mBAAmB;YACnB,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;QACvC,CAAC;aAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACtB,0DAA0D;YAC1D,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAC5C,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBACtC,oBAAoB,EAAE,CAAC,EAAE,EAAE,EAAE;oBAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;oBAC5B,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,sBAAsB,EAAE,EAAE,CAAC,CAAC;gBAC3D,CAAC;aACF,CAAC,CAAC;YAEH,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;gBACvB,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;gBAChC,IAAI,GAAG,EAAE,CAAC;oBACR,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;oBACrB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,qBAAqB,GAAG,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC,CAAC;YAEF,2DAA2D;YAC3D,MAAM,aAAa,GAAG,YAAY,EAAE,CAAC;YACrC,MAAM,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,qBAAqB;YACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAChC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QACD,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;QAC3C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,2CAA2C;IAC3C,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QACpC,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;QACtE,IAAI,CAAC,SAAS,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QACD,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAE,CAAC;QAC3C,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;QAC/B,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,gCAAgC,CAAC,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,iCAAiC,IAAI,MAAM,CAAC,CAAC;QAC1E,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,kCAAkC,IAAI,SAAS,CAAC,CAAC;IAChF,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,YAAY,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW;IAC/B,qBAAqB;IACrB,MAAM,MAAM,GAAG,MAAM,UAAU,EAAE,CAAC;IAElC,iCAAiC;IACjC,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAE3B,sCAAsC;IACtC,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,kBAAkB,EAAE,CAAC;QACrB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,6BAA6B,CAAC,CAAC;IAC9D,CAAC;IAED,gBAAgB;IAChB,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAE9B,oEAAoE;IACpE,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,sBAAsB,cAAc,KAAK,CAAC,CAAC;IACxE,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,oBAAoB,OAAO,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEzF,yCAAyC;IACzC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAE3E,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,MAAM,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;AACH,CAAC"}

package/build/tools/metadata.d.ts

@@ -0,0 +1,11 @@
+/**
+ * MCP File Forge - File Metadata Tools
+ *
+ * Tools for getting file statistics and checking existence.
+ */
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+/**
+ * Register file metadata tools with the MCP server.
+ */
+export declare function registerMetadataTools(server: McpServer): void;
+//# sourceMappingURL=metadata.d.ts.map

package/build/tools/metadata.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metadata.d.ts","sourceRoot":"","sources":["../../src/tools/metadata.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA+apE;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAqD7D"}