npm - @mgsoftwarebv/mg-dashboard-mcp - Versions diffs - 6.3.0 → 6.4.0 - Mend

@mgsoftwarebv/mg-dashboard-mcp 6.3.0 → 6.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -7,6 +7,8 @@ import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { ListToolsRequestSchema, CallToolRequestSchema, isInitializeRequest, ListPromptsRequestSchema, GetPromptRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, ListResourceTemplatesRequestSchema, SubscribeRequestSchema, UnsubscribeRequestSchema, ListToolsResultSchema, CallToolResultSchema, ListPromptsResultSchema, GetPromptResultSchema, ListResourcesResultSchema, ReadResourceResultSchema, ListResourceTemplatesResultSchema, EmptyResultSchema } from '@modelcontextprotocol/sdk/types.js';
+import { createServer as createServer$1 } from 'net';
+import { Client } from 'ssh2';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
 import { createServer } from 'http';
 import { randomUUID, createHash, randomBytes, createDecipheriv, createCipheriv } from 'crypto';
@@ -15,7 +17,6 @@ import { drizzle } from 'drizzle-orm/postgres-js';
 import postgres from 'postgres';
 import { readFile, mkdtemp, writeFile, rm } from 'fs/promises';
 import { tmpdir } from 'os';
-import { Client } from 'ssh2';
 import { HeadObjectCommand, S3Client, ListObjectsV2Command, DeleteObjectsCommand, DeleteObjectCommand, CreateMultipartUploadCommand, UploadPartCommand, CompleteMultipartUploadCommand, AbortMultipartUploadCommand, PutObjectCommand, GetObjectCommand, CopyObjectCommand } from '@aws-sdk/client-s3';
 var __defProp = Object.defineProperty;
@@ -272,6 +273,181 @@ var init_proxy_mode = __esm({
   "src/proxy-mode.ts"() {
   }
 });
+// src/db-ssh-tunnel.ts
+var db_ssh_tunnel_exports = {};
+__export(db_ssh_tunnel_exports, {
+  fetchRemoteEnvValue: () => fetchRemoteEnvValue,
+  openDbSshTunnel: () => openDbSshTunnel
+});
+function expandHome2(path) {
+  if (!path.startsWith("~")) return path;
+  const home = process.env.HOME || process.env.USERPROFILE || "";
+  return join(home, path.slice(1));
+}
+function resolvePrivateKeyPath(input) {
+  const candidate = expandHome2(input);
+  const stripped = candidate.endsWith(".pub") ? candidate.slice(0, -4) : candidate;
+  if (existsSync(stripped) && statSync(stripped).isFile()) return stripped;
+  throw new Error(
+    `SSH private key not found at ${stripped}. The --db-ssh-tunnel flag needs the private key (not just .pub) to open the tunnel.`
+  );
+}
+function parseSshTarget(target) {
+  const at = target.indexOf("@");
+  if (at === -1) {
+    throw new Error(`--db-ssh-tunnel must be in the form user@host[:port], got: ${target}`);
+  }
+  const username = target.slice(0, at);
+  const hostPart = target.slice(at + 1);
+  const colon = hostPart.lastIndexOf(":");
+  if (colon === -1) return { username, host: hostPart, port: 22 };
+  const port = Number(hostPart.slice(colon + 1));
+  if (!Number.isFinite(port) || port < 1 || port > 65535) {
+    throw new Error(`Invalid SSH port in --db-ssh-tunnel: ${hostPart.slice(colon + 1)}`);
+  }
+  return { username, host: hostPart.slice(0, colon), port };
+}
+function rewriteUrl(originalUrl, localPort) {
+  const parsed = new URL(originalUrl);
+  parsed.hostname = "127.0.0.1";
+  parsed.port = String(localPort);
+  return parsed.toString();
+}
+async function connectSsh(opts) {
+  return await new Promise((resolve, reject) => {
+    const conn = new Client();
+    const onError = (err) => {
+      conn.removeAllListeners();
+      reject(err);
+    };
+    conn.once("ready", () => {
+      conn.removeListener("error", onError);
+      resolve(conn);
+    });
+    conn.once("error", onError);
+    conn.connect({
+      host: opts.host,
+      port: opts.port,
+      username: opts.username,
+      privateKey: opts.privateKey,
+      keepaliveInterval: opts.keepaliveIntervalMs,
+      keepaliveCountMax: 3,
+      readyTimeout: 2e4
+    });
+  });
+}
+function execOverSsh(conn, cmd) {
+  return new Promise((resolve, reject) => {
+    conn.exec(cmd, (err, stream) => {
+      if (err) {
+        reject(err);
+        return;
+      }
+      let stdout = "";
+      let stderr = "";
+      stream.on("data", (chunk) => {
+        stdout += chunk.toString("utf8");
+      });
+      stream.stderr.on("data", (chunk) => {
+        stderr += chunk.toString("utf8");
+      });
+      stream.on("close", (code) => {
+        resolve({ stdout, stderr, code: code ?? -1 });
+      });
+    });
+  });
+}
+function parseEnvValue(content, key) {
+  const re = new RegExp(`^${key}\\s*=\\s*(.*)$`, "m");
+  const m = content.match(re);
+  if (!m || !m[1]) return void 0;
+  let value = m[1].trim();
+  if (value.length >= 2 && (value[0] === '"' || value[0] === "'") && value[value.length - 1] === value[0]) {
+    value = value.slice(1, -1);
+  }
+  return value;
+}
+async function fetchRemoteEnvValue(options) {
+  const { username, host, port } = parseSshTarget(options.sshTarget);
+  const privateKeyPath = resolvePrivateKeyPath(options.sshKeyPath);
+  const privateKey = readFileSync(privateKeyPath);
+  const keepaliveIntervalMs = options.keepaliveIntervalMs ?? 3e4;
+  const envKey = options.envKey ?? "DATABASE_PRIMARY_URL";
+  const conn = await connectSsh({ host, port, username, privateKey, keepaliveIntervalMs });
+  try {
+    const safePath = options.remoteEnvPath.replace(/'/g, "'\\''");
+    const result = await execOverSsh(conn, `cat -- '${safePath}'`);
+    if (result.code !== 0) {
+      throw new Error(
+        `remote cat ${options.remoteEnvPath} failed (exit ${result.code}): ${result.stderr.trim()}`
+      );
+    }
+    const value = parseEnvValue(result.stdout, envKey);
+    if (!value) {
+      throw new Error(`${envKey} not found in ${options.remoteEnvPath}`);
+    }
+    return value;
+  } finally {
+    conn.end();
+  }
+}
+async function openDbSshTunnel(options) {
+  const { username, host, port } = parseSshTarget(options.sshTarget);
+  const privateKeyPath = resolvePrivateKeyPath(options.sshKeyPath);
+  const privateKey = readFileSync(privateKeyPath);
+  const keepaliveIntervalMs = options.keepaliveIntervalMs ?? 3e4;
+  const parsedDbUrl = new URL(options.databaseUrl);
+  const remoteHost = parsedDbUrl.hostname;
+  const remotePort = Number(parsedDbUrl.port || "5432");
+  const conn = await connectSsh({ host, port, username, privateKey, keepaliveIntervalMs });
+  conn.on("error", (err) => {
+    console.error(`[mcp][db-ssh-tunnel] ssh connection error: ${err.message}`);
+  });
+  conn.on("close", () => {
+    console.error("[mcp][db-ssh-tunnel] ssh connection closed; MCP will exit so Cursor can respawn it");
+    process.exit(1);
+  });
+  const server2 = createServer$1((local) => {
+    conn.forwardOut("127.0.0.1", 0, remoteHost, remotePort, (err, stream) => {
+      if (err) {
+        console.error(`[mcp][db-ssh-tunnel] forwardOut failed: ${err.message}`);
+        local.destroy(err);
+        return;
+      }
+      local.on("error", () => stream.destroy());
+      stream.on("error", () => local.destroy());
+      local.pipe(stream).pipe(local);
+    });
+  });
+  const localPort = await new Promise((resolve, reject) => {
+    server2.once("error", reject);
+    server2.listen(0, "127.0.0.1", () => {
+      const addr = server2.address();
+      if (!addr || typeof addr === "string") {
+        reject(new Error("Failed to bind local tunnel listener"));
+        return;
+      }
+      resolve(addr.port);
+    });
+  });
+  const rewrittenDatabaseUrl = rewriteUrl(options.databaseUrl, localPort);
+  console.error(
+    `[mcp][db-ssh-tunnel] forwarding 127.0.0.1:${localPort} -> ${remoteHost}:${remotePort} via ssh ${username}@${host}:${port}`
+  );
+  return {
+    rewrittenDatabaseUrl,
+    localPort,
+    async close() {
+      await new Promise((resolve) => server2.close(() => resolve()));
+      conn.end();
+    }
+  };
+}
+var init_db_ssh_tunnel = __esm({
+  "src/db-ssh-tunnel.ts"() {
+  }
+});
 var connectionConfig = {
   prepare: false,
   idle_timeout: 20,
@@ -1979,19 +2155,42 @@ var sshKeyPath = getArg2("ssh-key") || process.env.MG_DASHBOARD_SSH_KEY;
 var databaseUrl = getArg2("database-url") || process.env.DATABASE_PRIMARY_POOLER_URL || process.env.DATABASE_PRIMARY_URL;
 var encryptionKey = getArg2("encryption-key") || process.env.ENCRYPTION_KEY;
 var mijnhostApiKey = getArg2("mijnhost-api-key") || process.env.MIJNHOST_API_KEY;
+var dbSshTunnel = getArg2("db-ssh-tunnel") || process.env.MG_DASHBOARD_DB_SSH_TUNNEL;
+var dbRemoteEnvFile = getArg2("db-remote-env-file") || process.env.MG_DASHBOARD_DB_REMOTE_ENV_FILE;
+var dbRemoteEnvKey = getArg2("db-remote-env-key") || process.env.MG_DASHBOARD_DB_REMOTE_ENV_KEY || "DATABASE_PRIMARY_URL";
 var httpMode = args.includes("--http");
 var httpPort = Number(getArg2("port")) || 3100;
 if (!apiKey || !sshKeyPath) {
   console.error("Authentication required. Use both --api-key=dk_xxx and --ssh-key=PATH (path to your SSH private or public key), or set MG_DASHBOARD_API_KEY and MG_DASHBOARD_SSH_KEY.");
   process.exit(1);
 }
+if (dbRemoteEnvFile && !dbSshTunnel) {
+  console.error("--db-remote-env-file requires --db-ssh-tunnel (the same SSH connection is used to read the env value).");
+  process.exit(1);
+}
+if (dbRemoteEnvFile) {
+  const { fetchRemoteEnvValue: fetchRemoteEnvValue2 } = await Promise.resolve().then(() => (init_db_ssh_tunnel(), db_ssh_tunnel_exports));
+  databaseUrl = await fetchRemoteEnvValue2({
+    sshTarget: dbSshTunnel,
+    sshKeyPath,
+    remoteEnvPath: dbRemoteEnvFile,
+    envKey: dbRemoteEnvKey
+  });
+}
 if (!databaseUrl) {
-  console.error("Database URL required. Use --database-url=postgres://... or set DATABASE_PRIMARY_URL (or DATABASE_PRIMARY_POOLER_URL).");
+  console.error("Database URL required. Provide one of:\n  --database-url=postgres://...\n  --db-remote-env-file=/path/.env (combined with --db-ssh-tunnel)\n  DATABASE_PRIMARY_URL or DATABASE_PRIMARY_POOLER_URL env var");
   process.exit(1);
 }
-if (!process.env.DATABASE_PRIMARY_URL && !process.env.DATABASE_PRIMARY_POOLER_URL) {
-  process.env.DATABASE_PRIMARY_URL = databaseUrl;
+if (dbSshTunnel) {
+  const { openDbSshTunnel: openDbSshTunnel2 } = await Promise.resolve().then(() => (init_db_ssh_tunnel(), db_ssh_tunnel_exports));
+  const tunnel = await openDbSshTunnel2({ sshTarget: dbSshTunnel, sshKeyPath, databaseUrl });
+  databaseUrl = tunnel.rewrittenDatabaseUrl;
+  process.on("exit", () => {
+    void tunnel.close();
+  });
 }
+process.env.DATABASE_PRIMARY_URL = databaseUrl;
+process.env.DATABASE_PRIMARY_POOLER_URL = databaseUrl;
 var db = getDb();
 var RateLimiter = class {
   buckets = /* @__PURE__ */ new Map();
@@ -2079,7 +2278,6 @@ async function writeAuditLog(entry) {
 var MODULE_KEYS = [
   "users",
   "ssh_servers",
-  "supabase",
   "wiki",
   "ci_cd",
   "domains",
@@ -2088,7 +2286,7 @@ var MODULE_KEYS = [
 ];
 var FULL_PERMISSIONS = {
   modules: Object.fromEntries(MODULE_KEYS.map((k) => [k, true])),
-  resources: { ssh_servers: ["*"], supabase_instances: ["*"] }
+  resources: { ssh_servers: ["*"] }
 };
 function parsePermissions(raw) {
   if (!raw || typeof raw !== "object") return null;
@@ -2105,8 +2303,7 @@ function resolvePermissions(roleName, roleDefaults, userOverrides) {
     modules[key] = userVal !== void 0 ? userVal : roleVal !== void 0 ? roleVal : false;
   }
   const resources = {
-    ssh_servers: overrides?.resources?.ssh_servers ?? base?.resources?.ssh_servers ?? [],
-    supabase_instances: overrides?.resources?.supabase_instances ?? base?.resources?.supabase_instances ?? []
+    ssh_servers: overrides?.resources?.ssh_servers ?? base?.resources?.ssh_servers ?? []
   };
   return { modules, resources };
 }