@oobe-protocol-labs/sap-mcp-server 0.1.0

package/dist/security/tool-permissions.js

@@ -0,0 +1,270 @@
+/**
+ * Tool permissions checker
+ *
+ * Validates if a tool can be executed based on:
+ * - Allowed tools list
+ * - Session permissions
+ * - Mode restrictions
+ */
+import { logger } from '../core/logger.js';
+/**
+ * Tool permission groups for the current SAP MCP tool surface.
+ */
+const TOOL_PERMISSION_GROUPS = {
+    'config:read': [
+        'sap_profile_current',
+        'sap_profile_list',
+        'sap_profile_public_key',
+        'sap_skills_list',
+        'sap_skills_bundle',
+    ],
+    'config:write': [
+        'sap_profile_switch',
+        'sap_skills_install',
+    ],
+    'registry:read': [
+        'sol_get_balance',
+        'sap_decode_transaction',
+        'sap_preview_transaction',
+        'sap_get_agent',
+        'sap_get_agent_stats',
+        'sap_get_global_state',
+        'sap_get_network_overview',
+        'sap_get_agent_profile',
+        'sap_is_agent_active',
+        'sap_discover_agents',
+        'sap_list_agents',
+        'sap_list_all_agents',
+        'sap_find_tools_by_category',
+        'sap_get_tool_category_summary',
+        'sap_fetch_capability_index',
+        'sap_fetch_protocol_index',
+        'sap_fetch_tool_category_index',
+        'sap_fetch_tool',
+        'sap_network_stats',
+        'sap_sns_check_domain',
+        'sap_sns_batch_check_domains',
+        'sap_sns_resolve_domain',
+        'sap_sns_validate_records',
+        'sap_sns_get_domain_records',
+        'sap_sns_get_record',
+        'sap_sns_resolve_wallet',
+        'sap_sns_check_ownership',
+        'sap_sns_get_domain_pda',
+        'sap_sns_get_record_pda',
+    ],
+    'registry:write': [
+        'sap_register_agent',
+        'sap_update_agent',
+        'sap_deactivate_agent',
+        'sap_reactivate_agent',
+        'sap_close_agent',
+        'sap_report_calls',
+        'sap_publish_tool_by_name',
+        'sap_update_tool',
+        'sap_deactivate_tool',
+        'sap_reactivate_tool',
+        'sap_report_tool_invocations',
+    ],
+    'identity:read': [],
+    'identity:write': [],
+    'reputation:read': [
+        'sap_fetch_feedback',
+        'sap_fetch_attestation',
+        'sap_fairscale_score',
+        'sap_fairscale_trust_gate',
+    ],
+    'reputation:write': [
+        'sap_update_reputation_metrics',
+        'sap_give_feedback',
+        'sap_update_feedback',
+        'sap_revoke_feedback',
+        'sap_create_attestation',
+        'sap_revoke_attestation',
+    ],
+    'payments:read': [
+        'sap_x402_estimate_cost',
+        'sap_x402_calculate_cost',
+        'sap_x402_build_payment_headers',
+        'sap_x402_build_headers_from_escrow',
+        'sap_x402_has_escrow',
+        'sap_x402_fetch_escrow',
+        'sap_x402_prepare_payment',
+        'sap_x402_get_balance',
+    ],
+    'payments:write': [
+        'sap_x402_settle',
+        'sap_x402_settle_batch',
+        'sap_create_subscription',
+        'sap_fund_subscription',
+        'sap_cancel_subscription',
+    ],
+    'settlement:read': [
+        'sap_fetch_escrow',
+        'sap_fetch_escrow_v2',
+        'sap_fetch_pending_settlement',
+        'sap_fetch_dispute',
+        'sap_fetch_stake',
+        'sap_fetch_subscription',
+        'sap_next_settlement_index',
+    ],
+    'settlement:write': [
+        'sap_create_escrow',
+        'sap_deposit_escrow',
+        'sap_settle_escrow',
+        'sap_settle_escrow_batch',
+        'sap_withdraw_escrow',
+        'sap_close_escrow',
+        'sap_create_escrow_v2',
+        'sap_deposit_escrow_v2',
+        'sap_settle_escrow_v2',
+        'sap_finalize_settlement_v2',
+        'sap_file_dispute_v2',
+        'sap_withdraw_escrow_v2',
+        'sap_close_escrow_v2',
+        'sap_init_stake',
+        'sap_deposit_stake',
+        'sap_request_unstake',
+        'sap_complete_unstake',
+    ],
+    'memory:read': [
+        'sap_fetch_vault',
+        'sap_fetch_session',
+        'sap_fetch_epoch_page',
+        'sap_session_read_latest',
+        'sap_session_status',
+    ],
+    'memory:write': [
+        'sap_init_vault',
+        'sap_open_vault_session',
+        'sap_inscribe_memory',
+        'sap_compact_inscribe_memory',
+        'sap_session_start',
+    ],
+    'transaction:submit': [
+        'sap_sign_transaction',
+        'sap_submit_signed_transaction',
+        'sap_sns_build_manage_record_transaction',
+        'sap_sns_build_set_primary_domain_transaction',
+        'sap_sns_register_agent_domain',
+    ],
+};
+const TOOL_PERMISSION_MAP = buildToolPermissionMap(TOOL_PERMISSION_GROUPS);
+/**
+ * @name buildToolPermissionMap
+ * @description Builds a lookup map from permission groups while rejecting duplicate tool entries.
+ */
+function buildToolPermissionMap(groups) {
+    const map = new Map();
+    for (const [permission, tools] of Object.entries(groups)) {
+        for (const tool of tools) {
+            if (map.has(tool)) {
+                throw new Error(`Duplicate permission mapping for tool: ${tool}`);
+            }
+            map.set(tool, permission);
+        }
+    }
+    return map;
+}
+/**
+ * Check if tool execution is allowed
+ */
+export function checkToolPermissions(context, toolName, permission) {
+    logger.debug('Checking tool permissions', { toolName, permission });
+    const config = context.config;
+    const session = context.session;
+    // 1. Check if tool is in allowed list
+    if (config.allowedTools !== 'all') {
+        if (!config.allowedTools.includes(toolName)) {
+            return {
+                allowed: false,
+                reason: `Tool '${toolName}' is not in the allowed tools list`,
+            };
+        }
+    }
+    // 2. Check session permissions (if session exists)
+    if (session && permission) {
+        if (!session.permissions.includes(permission)) {
+            return {
+                allowed: false,
+                reason: `Session does not have '${permission}' permission`,
+            };
+        }
+    }
+    // 3. Check mode restrictions
+    const requiresWrite = isWriteOperation(toolName);
+    if (requiresWrite && context.config.mode === 'readonly') {
+        return {
+            allowed: false,
+            reason: `Tool '${toolName}' requires write operations, but server is in readonly mode`,
+        };
+    }
+    // 4. Check tool-specific permission
+    const requiredPermission = TOOL_PERMISSION_MAP.get(toolName);
+    if (requiredPermission && session) {
+        if (!session.permissions.includes(requiredPermission)) {
+            return {
+                allowed: false,
+                reason: `Tool '${toolName}' requires '${requiredPermission}' permission`,
+            };
+        }
+    }
+    logger.debug('Tool permissions check passed', { toolName });
+    return { allowed: true };
+}
+/**
+ * Get required permission for a tool
+ */
+export function getRequiredPermission(toolName) {
+    return TOOL_PERMISSION_MAP.get(toolName);
+}
+/**
+ * Check if tool is a write operation
+ */
+function isWriteOperation(toolName) {
+    const requiredPermission = TOOL_PERMISSION_MAP.get(toolName);
+    if (requiredPermission) {
+        return !requiredPermission.endsWith(':read');
+    }
+    const writePrefixes = [
+        'sap_register',
+        'sap_update',
+        'sap_close',
+        'sap_publish',
+        'sap_submit',
+        'sap_create',
+        'sap_deactivate',
+        'sap_reactivate',
+        'sap_deposit',
+        'sap_withdraw',
+        'sap_settle',
+        'sap_open',
+        'sap_file',
+        'sap_finalize',
+        'sap_give',
+        'sap_revoke',
+        'sap_init',
+        'sap_inscribe',
+        'sap_compact',
+        'sap_session_start',
+        'sap_sns_build',
+        'sap_sns_register',
+    ];
+    return writePrefixes.some(prefix => toolName.startsWith(prefix));
+}
+/**
+ * Get all tools for a permission
+ */
+export function getToolsForPermission(permission) {
+    return Array.from(TOOL_PERMISSION_MAP.entries())
+        .filter(([, perm]) => perm === permission)
+        .map(([name]) => name);
+}
+/**
+ * @name getPermissionMappedTools
+ * @description Returns all tool names with explicit permission mappings for consistency tests.
+ */
+export function getPermissionMappedTools() {
+    return Array.from(TOOL_PERMISSION_MAP.keys());
+}
+//# sourceMappingURL=tool-permissions.js.map

package/dist/security/tool-permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-permissions.js","sourceRoot":"","sources":["../../src/security/tool-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAG3C;;GAEG;AACH,MAAM,sBAAsB,GAA6C;IACvE,aAAa,EAAE;QACb,qBAAqB;QACrB,kBAAkB;QAClB,wBAAwB;QACxB,iBAAiB;QACjB,mBAAmB;KACpB;IACD,cAAc,EAAE;QACd,oBAAoB;QACpB,oBAAoB;KACrB;IACD,eAAe,EAAE;QACf,iBAAiB;QACjB,wBAAwB;QACxB,yBAAyB;QACzB,eAAe;QACf,qBAAqB;QACrB,sBAAsB;QACtB,0BAA0B;QAC1B,uBAAuB;QACvB,qBAAqB;QACrB,qBAAqB;QACrB,iBAAiB;QACjB,qBAAqB;QACrB,4BAA4B;QAC5B,+BAA+B;QAC/B,4BAA4B;QAC5B,0BAA0B;QAC1B,+BAA+B;QAC/B,gBAAgB;QAChB,mBAAmB;QACnB,sBAAsB;QACtB,6BAA6B;QAC7B,wBAAwB;QACxB,0BAA0B;QAC1B,4BAA4B;QAC5B,oBAAoB;QACpB,wBAAwB;QACxB,yBAAyB;QACzB,wBAAwB;QACxB,wBAAwB;KACzB;IACD,gBAAgB,EAAE;QAChB,oBAAoB;QACpB,kBAAkB;QAClB,sBAAsB;QACtB,sBAAsB;QACtB,iBAAiB;QACjB,kBAAkB;QAClB,0BAA0B;QAC1B,iBAAiB;QACjB,qBAAqB;QACrB,qBAAqB;QACrB,6BAA6B;KAC9B;IACD,eAAe,EAAE,EAAE;IACnB,gBAAgB,EAAE,EAAE;IACpB,iBAAiB,EAAE;QACjB,oBAAoB;QACpB,uBAAuB;QACvB,qBAAqB;QACrB,0BAA0B;KAC3B;IACD,kBAAkB,EAAE;QAClB,+BAA+B;QAC/B,mBAAmB;QACnB,qBAAqB;QACrB,qBAAqB;QACrB,wBAAwB;QACxB,wBAAwB;KACzB;IACD,eAAe,EAAE;QACf,wBAAwB;QACxB,yBAAyB;QACzB,gCAAgC;QAChC,oCAAoC;QACpC,qBAAqB;QACrB,uBAAuB;QACvB,0BAA0B;QAC1B,sBAAsB;KACvB;IACD,gBAAgB,EAAE;QAChB,iBAAiB;QACjB,uBAAuB;QACvB,yBAAyB;QACzB,uBAAuB;QACvB,yBAAyB;KAC1B;IACD,iBAAiB,EAAE;QACjB,kBAAkB;QAClB,qBAAqB;QACrB,8BAA8B;QAC9B,mBAAmB;QACnB,iBAAiB;QACjB,wBAAwB;QACxB,2BAA2B;KAC5B;IACD,kBAAkB,EAAE;QAClB,mBAAmB;QACnB,oBAAoB;QACpB,mBAAmB;QACnB,yBAAyB;QACzB,qBAAqB;QACrB,kBAAkB;QAClB,sBAAsB;QACtB,uBAAuB;QACvB,sBAAsB;QACtB,4BAA4B;QAC5B,qBAAqB;QACrB,wBAAwB;QACxB,qBAAqB;QACrB,gBAAgB;QAChB,mBAAmB;QACnB,qBAAqB;QACrB,sBAAsB;KACvB;IACD,aAAa,EAAE;QACb,iBAAiB;QACjB,mBAAmB;QACnB,sBAAsB;QACtB,yBAAyB;QACzB,oBAAoB;KACrB;IACD,cAAc,EAAE;QACd,gBAAgB;QAChB,wBAAwB;QACxB,qBAAqB;QACrB,6BAA6B;QAC7B,mBAAmB;KACpB;IACD,oBAAoB,EAAE;QACpB,sBAAsB;QACtB,+BAA+B;QAC/B,yCAAyC;QACzC,8CAA8C;QAC9C,+BAA+B;KAChC;CACF,CAAC;AAEF,MAAM,mBAAmB,GAAuC,sBAAsB,CAAC,sBAAsB,CAAC,CAAC;AAE/G;;;GAGG;AACH,SAAS,sBAAsB,CAAC,MAAgD;IAC9E,MAAM,GAAG,GAAG,IAAI,GAAG,EAAyB,CAAC;IAC7C,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAA8C,EAAE,CAAC;QACtG,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,EAAE,CAAC,CAAC;YACpE,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAsB,EACtB,QAAgB,EAChB,UAA0B;IAE1B,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;IAEpE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAEhC,sCAAsC;IACtC,IAAI,MAAM,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,QAAQ,oCAAoC;aAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,mDAAmD;IACnD,IAAI,OAAO,IAAI,UAAU,EAAE,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,0BAA0B,UAAU,cAAc;aAC3D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACjD,IAAI,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,SAAS,QAAQ,6DAA6D;SACvF,CAAC;IACJ,CAAC;IAED,oCAAoC;IACpC,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC7D,IAAI,kBAAkB,IAAI,OAAO,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,QAAQ,eAAe,kBAAkB,cAAc;aACzE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,+BAA+B,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE5D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,OAAO,mBAAmB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,kBAAkB,GAAG,mBAAmB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC7D,IAAI,kBAAkB,EAAE,CAAC;QACvB,OAAO,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,aAAa,GAAG;QACpB,cAAc;QACd,YAAY;QACZ,WAAW;QACX,aAAa;QACb,YAAY;QACZ,YAAY;QACZ,gBAAgB;QAChB,gBAAgB;QAChB,aAAa;QACb,cAAc;QACd,YAAY;QACZ,UAAU;QACV,UAAU;QACV,cAAc;QACd,UAAU;QACV,YAAY;QACZ,UAAU;QACV,cAAc;QACd,aAAa;QACb,mBAAmB;QACnB,eAAe;QACf,kBAAkB;KACnB,CAAC;IAEF,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAyB;IAC7D,OAAO,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;SAC7C,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,KAAK,UAAU,CAAC;SACzC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC;AAChD,CAAC"}

package/dist/security/unsafe-action-guard.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Unsafe action guard
+ *
+ * Detects potentially dangerous operations before execution:
+ * - Large value transfers
+ * - Unknown program interactions
+ * - Privilege escalation attempts
+ * - Reentrancy risks
+ * - Sandwich attack patterns
+ */
+import type { SapMcpContext } from '../core/types.js';
+/**
+ * Check if action is unsafe
+ */
+export declare function unsafeActionGuard(context: SapMcpContext, action: string, metadata?: {
+    programId?: string;
+    valueSol?: number;
+    accounts?: string[];
+}): {
+    safe: boolean;
+    reason?: string;
+    riskLevel?: 'low' | 'medium' | 'high' | 'critical';
+};
+/**
+ * Get risk score for action (0-100)
+ */
+export declare function getRiskScore(context: SapMcpContext, action: string, metadata?: Parameters<typeof unsafeActionGuard>[2]): number;
+//# sourceMappingURL=unsafe-action-guard.d.ts.map

package/dist/security/unsafe-action-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unsafe-action-guard.d.ts","sourceRoot":"","sources":["../../src/security/unsafe-action-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AA2CtD;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,aAAa,EACtB,MAAM,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE;IACT,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB,GACA;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAA;CAAE,CAgExF;AA8DD;;GAEG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,aAAa,EACtB,MAAM,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,UAAU,CAAC,OAAO,iBAAiB,CAAC,CAAC,CAAC,CAAC,GACjD,MAAM,CA0BR"}

package/dist/security/unsafe-action-guard.js

@@ -0,0 +1,175 @@
+/**
+ * Unsafe action guard
+ *
+ * Detects potentially dangerous operations before execution:
+ * - Large value transfers
+ * - Unknown program interactions
+ * - Privilege escalation attempts
+ * - Reentrancy risks
+ * - Sandwich attack patterns
+ */
+import { logger } from '../core/logger.js';
+/**
+ * Known safe programs (whitelist)
+ */
+const SAFE_PROGRAMS = new Set([
+    // Solana core
+    '11111111111111111111111111111111', // System Program
+    'TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA', // Token Program
+    'ATokenGPvbdGVxr1b2hvZbsiqW5xWH25efTNsLJA8knL', // Associated Token
+    'ComputeBudget111111111111111111111111111111', // Compute Budget
+    'Sysvar1111111111111111111111111111111111111', // Sysvars
+    // SAP Protocol
+    'SAPpUhsWLJG1FfkGRcXagEDMrMsWGjbky7AyhGpFETZ', // SAP Program
+    // Major DEXs
+    'JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4', // Jupiter
+    '675kPX9MHTjS2zt1qfr1NYHuzeLXfQM9H24wFSUt1Mp8', // Raydium
+    'whirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc', // Whirlpool
+    'CAMMCzo5YL8w4VFF8KVHrK22GGUsp5VTaW7grrKgrWqK', // CAMM
+    // Lending
+    'ALend7Ketfx5bx4qzJ7WuPecYmEv2fTVuH14cD53E95', // Solend
+    'LendQqH9ZH34zB7gH3qo74bViZyK1TjcX4I72k6u8Ym', // MarginFi
+    // NFT
+    'metaqbxxUerdq28cj1RbAWkYQm3ybzjb6a8bt518x1s', // Metaplex
+]);
+/**
+ * Unsafe patterns (blacklist)
+ */
+const UNSAFE_PATTERNS = [
+    'close_account',
+    'set_authority',
+    'approve_all',
+    'revoke_all',
+    'set_data',
+    'upgrade',
+    'close',
+];
+/**
+ * Check if action is unsafe
+ */
+export function unsafeActionGuard(context, action, metadata) {
+    logger.debug('Running unsafe action guard', { action, metadata });
+    // 1. Check for known unsafe patterns
+    if (hasUnsafePattern(action)) {
+        return {
+            safe: false,
+            reason: `Action '${action}' matches unsafe pattern`,
+            riskLevel: 'high',
+        };
+    }
+    // 2. Check program whitelist
+    if (metadata?.programId && !SAFE_PROGRAMS.has(metadata.programId)) {
+        return {
+            safe: false,
+            reason: `Program '${metadata.programId}' is not in the safe programs whitelist`,
+            riskLevel: 'critical',
+        };
+    }
+    // 3. Check value thresholds
+    if (metadata?.valueSol !== undefined) {
+        const config = context.config;
+        const maxTxValueSol = config.maxTxValueSol;
+        if (metadata.valueSol > maxTxValueSol) {
+            return {
+                safe: false,
+                reason: `Transaction value (${metadata.valueSol} SOL) exceeds maximum allowed (${maxTxValueSol} SOL)`,
+                riskLevel: 'high',
+            };
+        }
+        if (metadata.valueSol > config.requireApprovalAboveSol) {
+            return {
+                safe: true,
+                reason: `Transaction value (${metadata.valueSol} SOL) requires approval`,
+                riskLevel: 'medium',
+            };
+        }
+    }
+    // 4. Check for privilege escalation attempts
+    if (isPrivilegeEscalationAttempt(action, metadata)) {
+        return {
+            safe: false,
+            reason: 'Potential privilege escalation attempt detected',
+            riskLevel: 'critical',
+        };
+    }
+    // 5. Check for reentrancy risks
+    if (isReentrancyRisk(action)) {
+        return {
+            safe: false,
+            reason: 'Potential reentrancy risk detected',
+            riskLevel: 'high',
+        };
+    }
+    logger.debug('Unsafe action guard passed', { action });
+    return { safe: true, riskLevel: 'low' };
+}
+/**
+ * Check for unsafe patterns in action name
+ */
+function hasUnsafePattern(action) {
+    const actionLower = action.toLowerCase();
+    return UNSAFE_PATTERNS.some(pattern => actionLower.includes(pattern));
+}
+/**
+ * Check for privilege escalation attempts
+ */
+function isPrivilegeEscalationAttempt(action, metadata) {
+    // Check for authority changes
+    const authorityPatterns = [
+        'set_authority',
+        'update_authority',
+        'change_owner',
+        'transfer_authority',
+    ];
+    const actionLower = action.toLowerCase();
+    const hasAuthorityChange = authorityPatterns.some(pattern => actionLower.includes(pattern));
+    if (!hasAuthorityChange) {
+        return false;
+    }
+    // If accounts include unknown programs, it's suspicious
+    if (metadata?.accounts) {
+        const hasUnknownProgram = metadata.accounts.some(account => !SAFE_PROGRAMS.has(account));
+        if (hasUnknownProgram) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Check for reentrancy risks
+ */
+function isReentrancyRisk(action) {
+    const reentrancyPatterns = [
+        'invoke_signed',
+        'cross_program_invoke',
+        'cpi',
+    ];
+    const actionLower = action.toLowerCase();
+    return reentrancyPatterns.some(pattern => actionLower.includes(pattern));
+}
+/**
+ * Get risk score for action (0-100)
+ */
+export function getRiskScore(context, action, metadata) {
+    const result = unsafeActionGuard(context, action, metadata);
+    if (!result.safe) {
+        switch (result.riskLevel) {
+            case 'critical': return 100;
+            case 'high': return 75;
+            case 'medium': return 50;
+            default: return 25;
+        }
+    }
+    // Base risk factors
+    let score = 10; // Base score for arbitrary actions
+    // Increase for write operations
+    if (action.includes('write') || action.includes('create') || action.includes('update')) {
+        score += 20;
+    }
+    // Increase for high value
+    if (metadata?.valueSol && metadata.valueSol > 1) {
+        score += Math.min(30, metadata.valueSol * 5);
+    }
+    return Math.min(100, score);
+}
+//# sourceMappingURL=unsafe-action-guard.js.map

package/dist/security/unsafe-action-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unsafe-action-guard.js","sourceRoot":"","sources":["../../src/security/unsafe-action-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAG3C;;GAEG;AACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,cAAc;IACd,kCAAkC,EAAE,iBAAiB;IACrD,6CAA6C,EAAE,gBAAgB;IAC/D,8CAA8C,EAAE,mBAAmB;IACnE,6CAA6C,EAAE,iBAAiB;IAChE,6CAA6C,EAAE,UAAU;IAEzD,eAAe;IACf,6CAA6C,EAAE,cAAc;IAE7D,aAAa;IACb,6CAA6C,EAAE,UAAU;IACzD,8CAA8C,EAAE,UAAU;IAC1D,6CAA6C,EAAE,YAAY;IAC3D,8CAA8C,EAAE,OAAO;IAEvD,UAAU;IACV,6CAA6C,EAAE,SAAS;IACxD,6CAA6C,EAAE,WAAW;IAE1D,MAAM;IACN,6CAA6C,EAAE,WAAW;CAC3D,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,eAAe;IACf,eAAe;IACf,aAAa;IACb,YAAY;IACZ,UAAU;IACV,SAAS;IACT,OAAO;CACR,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAsB,EACtB,MAAc,EACd,QAIC;IAED,MAAM,CAAC,KAAK,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;IAElE,qCAAqC;IACrC,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,WAAW,MAAM,0BAA0B;YACnD,SAAS,EAAE,MAAM;SAClB,CAAC;IACJ,CAAC;IAED,6BAA6B;IAC7B,IAAI,QAAQ,EAAE,SAAS,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAClE,OAAO;YACL,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,YAAY,QAAQ,CAAC,SAAS,yCAAyC;YAC/E,SAAS,EAAE,UAAU;SACtB,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,QAAQ,EAAE,QAAQ,KAAK,SAAS,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAE3C,IAAI,QAAQ,CAAC,QAAQ,GAAG,aAAa,EAAE,CAAC;YACtC,OAAO;gBACL,IAAI,EAAE,KAAK;gBACX,MAAM,EAAE,sBAAsB,QAAQ,CAAC,QAAQ,kCAAkC,aAAa,OAAO;gBACrG,SAAS,EAAE,MAAM;aAClB,CAAC;QACJ,CAAC;QAED,IAAI,QAAQ,CAAC,QAAQ,GAAG,MAAM,CAAC,uBAAuB,EAAE,CAAC;YACvD,OAAO;gBACL,IAAI,EAAE,IAAI;gBACV,MAAM,EAAE,sBAAsB,QAAQ,CAAC,QAAQ,yBAAyB;gBACxE,SAAS,EAAE,QAAQ;aACpB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,4BAA4B,CAAC,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC;QACnD,OAAO;YACL,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,iDAAiD;YACzD,SAAS,EAAE,UAAU;SACtB,CAAC;IACJ,CAAC;IAED,gCAAgC;IAChC,IAAI,gBAAgB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,IAAI,EAAE,KAAK;YACX,MAAM,EAAE,oCAAoC;YAC5C,SAAS,EAAE,MAAM;SAClB,CAAC;IACJ,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAEvD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACtC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,OAAO,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;GAEG;AACH,SAAS,4BAA4B,CACnC,MAAc,EACd,QAAkC;IAElC,8BAA8B;IAC9B,MAAM,iBAAiB,GAAG;QACxB,eAAe;QACf,kBAAkB;QAClB,cAAc;QACd,oBAAoB;KACrB,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC1D,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC9B,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wDAAwD;IACxD,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;QACvB,MAAM,iBAAiB,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACzD,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAC5B,CAAC;QAEF,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACtC,MAAM,kBAAkB,GAAG;QACzB,eAAe;QACf,sBAAsB;QACtB,KAAK;KACN,CAAC;IAEF,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;IACzC,OAAO,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAsB,EACtB,MAAc,EACd,QAAkD;IAElD,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAE5D,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,QAAQ,MAAM,CAAC,SAAS,EAAE,CAAC;YACzB,KAAK,UAAU,CAAC,CAAC,OAAO,GAAG,CAAC;YAC5B,KAAK,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;YACvB,KAAK,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,IAAI,KAAK,GAAG,EAAE,CAAC,CAAC,mCAAmC;IAEnD,gCAAgC;IAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvF,KAAK,IAAI,EAAE,CAAC;IACd,CAAC;IAED,0BAA0B;IAC1B,IAAI,QAAQ,EAAE,QAAQ,IAAI,QAAQ,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;QAChD,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AAC9B,CAAC"}

package/dist/server/create-server.d.ts

@@ -0,0 +1,12 @@
+/**
+ * MCP Server creation
+ *
+ * Creates and configures the MCP server with all SAP Protocol capabilities.
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import type { SapMcpConfig } from '../core/types.js';
+/**
+ * Create and configure the MCP server instance
+ */
+export declare function createSapMcpServer(config: SapMcpConfig): Promise<Server>;
+//# sourceMappingURL=create-server.d.ts.map

package/dist/server/create-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,OAAO,KAAK,EAAE,YAAY,EAAiB,MAAM,kBAAkB,CAAC;AAOpE;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAkD9E"}

package/dist/server/create-server.js

@@ -0,0 +1,57 @@
+/**
+ * MCP Server creation
+ *
+ * Creates and configures the MCP server with all SAP Protocol capabilities.
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { logger } from '../core/logger.js';
+import { MCP_SERVER_NAME, MCP_SERVER_VERSION } from '../core/constants.js';
+import { createSapClient } from '../sap/sap-client-manager.js';
+import { resolveSigner } from '../signer/signer-resolver.js';
+import { PolicyEngine } from '../policy/policy-engine.js';
+import { registerCapabilities } from './register-capabilities.js';
+import { setToolExecutionContext } from '../adapters/mcp/sdk-compat.js';
+/**
+ * Create and configure the MCP server instance
+ */
+export async function createSapMcpServer(config) {
+    logger.info('Creating SAP MCP Server', { name: MCP_SERVER_NAME, version: MCP_SERVER_VERSION });
+    // Create MCP server with ALL capabilities declared upfront
+    // This is REQUIRED for MCP SDK v1.0.0 - capabilities must be declared in constructor
+    const server = new Server({
+        name: MCP_SERVER_NAME,
+        version: MCP_SERVER_VERSION,
+    }, {
+        // Declare all capabilities upfront
+        capabilities: {
+            tools: {}, // Enable tools/list
+            resources: {}, // Enable resources/list
+            prompts: {}, // Enable prompts/list
+        },
+    });
+    // Create SAP client
+    const sapClient = await createSapClient(config);
+    logger.info('SAP client created', { programId: config.programId });
+    // Resolve signer based on mode
+    const signer = await resolveSigner(config);
+    logger.info('Signer resolved', { mode: signer?.mode ?? 'none' });
+    // Create policy engine
+    const policyEngine = new PolicyEngine(config);
+    logger.info('Policy engine initialized');
+    // Create shared context
+    const context = {
+        config,
+        connection: sapClient.connection,
+        sapClient,
+        signer: signer.signer,
+        policyEngine,
+        session: undefined, // Will be set per-session if using delegated mode
+        logger,
+    };
+    setToolExecutionContext(server, context);
+    // Register all capabilities (tools, resources, prompts)
+    await registerCapabilities(server, context);
+    logger.info('Server capabilities registered');
+    return server;
+}
+//# sourceMappingURL=create-server.js.map

package/dist/server/create-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-server.js","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE3E,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,MAAoB;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAE/F,2DAA2D;IAC3D,qFAAqF;IACrF,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,kBAAkB;KAC5B,EACD;QACE,mCAAmC;QACnC,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE,EAAO,oBAAoB;YACpC,SAAS,EAAE,EAAE,EAAG,wBAAwB;YACxC,OAAO,EAAE,EAAE,EAAK,sBAAsB;SACvC;KACF,CACF,CAAC;IAEF,oBAAoB;IACpB,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,MAAM,CAAC,CAAC;IAChD,MAAM,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAEnE,+BAA+B;IAC/B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,MAAM,EAAE,CAAC,CAAC;IAEjE,uBAAuB;IACvB,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAEzC,wBAAwB;IACxB,MAAM,OAAO,GAAkB;QAC7B,MAAM;QACN,UAAU,EAAE,SAAS,CAAC,UAAU;QAChC,SAAS;QACT,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,YAAY;QACZ,OAAO,EAAE,SAAS,EAAE,kDAAkD;QACtE,MAAM;KACP,CAAC;IAEF,uBAAuB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEzC,wDAAwD;IACxD,MAAM,oBAAoB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAE9C,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Server module barrel export
+ */
+export { createSapMcpServer } from './create-server.js';
+export { registerCapabilities } from './register-capabilities.js';
+export { SERVER_METADATA, CAPABILITIES } from './server-metadata.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/server/index.js

@@ -0,0 +1,7 @@
+/**
+ * Server module barrel export
+ */
+export { createSapMcpServer } from './create-server.js';
+export { registerCapabilities } from './register-capabilities.js';
+export { SERVER_METADATA, CAPABILITIES } from './server-metadata.js';
+//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/server/register-capabilities.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Register MCP server capabilities (tools, resources, prompts)
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import type { SapMcpContext } from '../core/types.js';
+/**
+ * Register all server capabilities
+ */
+export declare function registerCapabilities(server: Server, context: SapMcpContext): Promise<void>;
+//# sourceMappingURL=register-capabilities.d.ts.map

package/dist/server/register-capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-capabilities.d.ts","sourceRoot":"","sources":["../../src/server/register-capabilities.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAMtD;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,IAAI,CAAC,CAcf"}

package/dist/server/register-capabilities.js

@@ -0,0 +1,23 @@
+/**
+ * Register MCP server capabilities (tools, resources, prompts)
+ */
+import { registerTools } from '../tools/register-tools.js';
+import { registerResources } from '../resources/register-resources.js';
+import { registerPrompts } from '../prompts/register-prompts.js';
+import { logger } from '../core/logger.js';
+/**
+ * Register all server capabilities
+ */
+export async function registerCapabilities(server, context) {
+    logger.info('Registering server capabilities');
+    // Register SAP Protocol, Synapse AgentKit, network, and transaction tools.
+    await registerTools(server, context);
+    logger.info('SAP Protocol tools registered');
+    // Register resources
+    await registerResources(server, context);
+    logger.info('Resources registered');
+    // Register prompts
+    await registerPrompts(server, context);
+    logger.info('Prompts registered');
+}
+//# sourceMappingURL=register-capabilities.js.map

package/dist/server/register-capabilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"register-capabilities.js","sourceRoot":"","sources":["../../src/server/register-capabilities.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AACvE,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAE3C;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAc,EACd,OAAsB;IAEtB,MAAM,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;IAE/C,2EAA2E;IAC3E,MAAM,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAE7C,qBAAqB;IACrB,MAAM,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;IAEpC,mBAAmB;IACnB,MAAM,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;AACpC,CAAC"}