npm - @quint-security/proxy - Versions diffs - 0.3.0 - Mend

@quint-security/proxy 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/http-proxy.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { type PolicyConfig } from "@quint-security/core";
+export interface HttpProxyOptions {
+    serverName: string;
+    port: number;
+    targetUrl: string;
+    policy: PolicyConfig;
+    requireAuth?: boolean;
+}
+/**
+ * Start the HTTP proxy: run a local HTTP server, intercept all JSON-RPC
+ * requests, enforce policy, sign and log everything, forward to remote.
+ */
+export declare function startHttpProxy(opts: HttpProxyOptions): Promise<void>;
+//# sourceMappingURL=http-proxy.d.ts.map

package/dist/http-proxy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-proxy.d.ts","sourceRoot":"","sources":["../src/http-proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,YAAY,EAYlB,MAAM,sBAAsB,CAAC;AAK9B,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,YAAY,CAAC;IACrB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiJ1E"}

package/dist/http-proxy.js ADDED Viewed

@@ -0,0 +1,140 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startHttpProxy = startHttpProxy;
+const core_1 = require("@quint-security/core");
+const http_relay_js_1 = require("./http-relay.js");
+const interceptor_js_1 = require("./interceptor.js");
+const logger_js_1 = require("./logger.js");
+/**
+ * Start the HTTP proxy: run a local HTTP server, intercept all JSON-RPC
+ * requests, enforce policy, sign and log everything, forward to remote.
+ */
+async function startHttpProxy(opts) {
+    (0, core_1.setLogLevel)(opts.policy.log_level);
+    const dataDir = (0, core_1.resolveDataDir)(opts.policy.data_dir);
+    // Ensure signing keys exist
+    const kp = (0, core_1.ensureKeyPair)(dataDir);
+    // Open audit database
+    const db = (0, core_1.openAuditDb)(dataDir);
+    // Create audit logger
+    const logger = new logger_js_1.AuditLogger(db, kp.privateKey, kp.publicKey, opts.policy);
+    // Create risk engine
+    const riskEngine = new core_1.RiskEngine();
+    // Create HTTP relay (with optional auth)
+    const authDb = opts.requireAuth ? (0, core_1.openAuthDb)(dataDir) : null;
+    const relay = new http_relay_js_1.HttpRelay(opts.port, opts.targetUrl, opts.requireAuth ? (req) => {
+        const authHeader = req.headers.authorization;
+        if (!authHeader || !authHeader.startsWith("Bearer ")) {
+            return "Quint: missing or invalid Authorization header. Use: Bearer <api-key>";
+        }
+        const token = authHeader.slice(7);
+        const result = (0, core_1.authenticateBearer)(authDb, token);
+        if (!result) {
+            return "Quint: invalid or expired API key";
+        }
+        return null;
+    } : undefined);
+    // ── Handle requests from agent → remote MCP server ──
+    relay.on("request", (line, requestKey) => {
+        const result = (0, interceptor_js_1.inspectRequest)(line, opts.serverName, opts.policy);
+        // Log the request
+        logger.log({
+            serverName: opts.serverName,
+            direction: "request",
+            method: result.method,
+            messageId: result.messageId,
+            toolName: result.toolName,
+            argumentsJson: result.argumentsJson,
+            responseJson: null,
+            verdict: result.verdict,
+        });
+        if (result.verdict === "deny") {
+            // Send error response back to agent
+            const reqId = result.message && "id" in result.message ? result.message.id : null;
+            const errorResponse = (0, interceptor_js_1.buildDenyResponse)(reqId ?? null);
+            relay.respondToClient(requestKey, errorResponse);
+            (0, core_1.logInfo)(`denied ${result.toolName} on ${opts.serverName}`);
+            // Log the synthetic deny response
+            logger.log({
+                serverName: opts.serverName,
+                direction: "response",
+                method: result.method,
+                messageId: result.messageId,
+                toolName: result.toolName,
+                argumentsJson: null,
+                responseJson: errorResponse,
+                verdict: "deny",
+            });
+        }
+        else if (result.toolName) {
+            // Run risk scoring on tool calls that passed policy
+            const risk = riskEngine.score(result.toolName, result.argumentsJson, "anonymous");
+            const riskAction = riskEngine.evaluate(risk);
+            if (riskAction === "deny") {
+                // Risk score too high — auto-deny
+                const reqId = result.message && "id" in result.message ? result.message.id : null;
+                const errorResponse = (0, interceptor_js_1.buildDenyResponse)(reqId ?? null);
+                relay.respondToClient(requestKey, errorResponse);
+                (0, core_1.logWarn)(`risk-denied ${result.toolName} (score=${risk.score}, level=${risk.level}): ${risk.reasons.join("; ")}`);
+                logger.log({
+                    serverName: opts.serverName,
+                    direction: "response",
+                    method: result.method,
+                    messageId: result.messageId,
+                    toolName: result.toolName,
+                    argumentsJson: null,
+                    responseJson: errorResponse,
+                    verdict: "deny",
+                });
+            }
+            else {
+                if (riskAction === "flag") {
+                    (0, core_1.logWarn)(`high-risk ${result.toolName} (score=${risk.score}, level=${risk.level}): ${risk.reasons.join("; ")}`);
+                }
+                (0, core_1.logDebug)(`forwarding ${result.method} (risk=${risk.score}) to remote`);
+                relay.forwardToRemote(requestKey);
+            }
+            // Check for revocation threshold
+            if (riskEngine.shouldRevoke("anonymous")) {
+                (0, core_1.logWarn)(`repeated high-risk actions detected — consider revoking agent credentials`);
+            }
+        }
+        else {
+            // Non-tool-call (initialize, tools/list, etc.) — forward directly
+            (0, core_1.logDebug)(`forwarding ${result.method} (${result.verdict}) to remote`);
+            relay.forwardToRemote(requestKey);
+        }
+    });
+    // ── Handle responses from remote MCP server ──
+    relay.on("response", (line) => {
+        const result = (0, interceptor_js_1.inspectResponse)(line);
+        // Log the response
+        logger.log({
+            serverName: opts.serverName,
+            direction: "response",
+            method: result.method,
+            messageId: result.messageId,
+            toolName: null,
+            argumentsJson: null,
+            responseJson: result.responseJson,
+            verdict: "passthrough",
+        });
+    });
+    // ── Handle errors ──
+    relay.on("error", (err) => {
+        (0, core_1.logError)(`http-proxy error: ${err.message}`);
+    });
+    // Handle shutdown
+    const shutdown = () => {
+        relay.stop();
+        db.close();
+        authDb?.close();
+        process.exit(0);
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+    // Start listening
+    await relay.start();
+    (0, core_1.logInfo)(`HTTP proxy listening on http://localhost:${opts.port} → ${opts.targetUrl}`);
+}
+//# sourceMappingURL=http-proxy.js.map

package/dist/http-proxy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-proxy.js","sourceRoot":"","sources":["../src/http-proxy.ts"],"names":[],"mappings":";;AA8BA,wCAiJC;AA/KD,+CAa8B;AAC9B,mDAA4C;AAC5C,qDAAsF;AACtF,2CAA0C;AAU1C;;;GAGG;AACI,KAAK,UAAU,cAAc,CAAC,IAAsB;IACzD,IAAA,kBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,IAAA,qBAAc,EAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,4BAA4B;IAC5B,MAAM,EAAE,GAAG,IAAA,oBAAa,EAAC,OAAO,CAAC,CAAC;IAElC,sBAAsB;IACtB,MAAM,EAAE,GAAG,IAAA,kBAAW,EAAC,OAAO,CAAC,CAAC;IAEhC,sBAAsB;IACtB,MAAM,MAAM,GAAG,IAAI,uBAAW,CAAC,EAAE,EAAE,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAE7E,qBAAqB;IACrB,MAAM,UAAU,GAAG,IAAI,iBAAU,EAAE,CAAC;IAEpC,yCAAyC;IACzC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAA,iBAAU,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC7D,MAAM,KAAK,GAAG,IAAI,yBAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE;QAChF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAC7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO,uEAAuE,CAAC;QACjF,CAAC;QACD,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,IAAA,yBAAkB,EAAC,MAAO,EAAE,KAAK,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,mCAAmC,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAEf,uDAAuD;IAEvD,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAY,EAAE,UAAkB,EAAE,EAAE;QACvD,MAAM,MAAM,GAAG,IAAA,+BAAc,EAAC,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAElE,kBAAkB;QAClB,MAAM,CAAC,GAAG,CAAC;YACT,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,YAAY,EAAE,IAAI;YAClB,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,oCAAoC;YACpC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAClF,MAAM,aAAa,GAAG,IAAA,kCAAiB,EAAC,KAAK,IAAI,IAAI,CAAC,CAAC;YACvD,KAAK,CAAC,eAAe,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACjD,IAAA,cAAO,EAAC,UAAU,MAAM,CAAC,QAAQ,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;YAE3D,kCAAkC;YAClC,MAAM,CAAC,GAAG,CAAC;gBACT,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,aAAa,EAAE,IAAI;gBACnB,YAAY,EAAE,aAAa;gBAC3B,OAAO,EAAE,MAAM;aAChB,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3B,oDAAoD;YACpD,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;YAClF,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAE7C,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,kCAAkC;gBAClC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBAClF,MAAM,aAAa,GAAG,IAAA,kCAAiB,EAAC,KAAK,IAAI,IAAI,CAAC,CAAC;gBACvD,KAAK,CAAC,eAAe,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;gBACjD,IAAA,cAAO,EAAC,eAAe,MAAM,CAAC,QAAQ,WAAW,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAEjH,MAAM,CAAC,GAAG,CAAC;oBACT,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,SAAS,EAAE,UAAU;oBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,aAAa,EAAE,IAAI;oBACnB,YAAY,EAAE,aAAa;oBAC3B,OAAO,EAAE,MAAM;iBAChB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,IAAA,cAAO,EAAC,aAAa,MAAM,CAAC,QAAQ,WAAW,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjH,CAAC;gBACD,IAAA,eAAQ,EAAC,cAAc,MAAM,CAAC,MAAM,UAAU,IAAI,CAAC,KAAK,aAAa,CAAC,CAAC;gBACvE,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;YACpC,CAAC;YAED,iCAAiC;YACjC,IAAI,UAAU,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,IAAA,cAAO,EAAC,2EAA2E,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,kEAAkE;YAClE,IAAA,eAAQ,EAAC,cAAc,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;YACtE,KAAK,CAAC,eAAe,CAAC,UAAU,CAAC,CAAC;QACpC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gDAAgD;IAEhD,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,IAAY,EAAE,EAAE;QACpC,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,CAAC;QAErC,mBAAmB;QACnB,MAAM,CAAC,GAAG,CAAC;YACT,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,UAAU;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,IAAI;YACd,aAAa,EAAE,IAAI;YACnB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,sBAAsB;IAEtB,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QAC/B,IAAA,eAAQ,EAAC,qBAAqB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,kBAAkB;IAClB,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,KAAK,CAAC,IAAI,EAAE,CAAC;QACb,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,EAAE,KAAK,EAAE,CAAC;QAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhC,kBAAkB;IAClB,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;IACpB,IAAA,cAAO,EAAC,4CAA4C,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;AACvF,CAAC"}

package/dist/http-relay.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { type IncomingMessage } from "node:http";
+import { EventEmitter } from "node:events";
+export interface HttpRelayEvents {
+    /** Fired for every JSON-RPC request received from the agent via HTTP */
+    request: (line: string) => void;
+    /** Fired for every JSON-RPC response received from the remote server */
+    response: (line: string) => void;
+    /** Unrecoverable error */
+    error: (err: Error) => void;
+}
+/**
+ * Optional auth check function. Return null/undefined if auth passes,
+ * or an error message string to reject the request with 401.
+ */
+export type AuthCheckFn = (req: IncomingMessage) => string | undefined | null;
+/**
+ * HttpRelay manages:
+ *  - Running a local HTTP server that accepts JSON-RPC POST requests
+ *  - Forwarding allowed requests to a remote MCP server via fetch()
+ *  - Streaming SSE responses back when the remote uses text/event-stream
+ *
+ * The interceptor hooks into request/response events to inspect,
+ * allow, deny, or modify messages before they are forwarded.
+ */
+export declare class HttpRelay extends EventEmitter {
+    private server;
+    private port;
+    private targetUrl;
+    private pending;
+    private requestCounter;
+    private authCheck;
+    constructor(port: number, targetUrl: string, authCheck?: AuthCheckFn);
+    start(): Promise<void>;
+    stop(): void;
+    /**
+     * Send a deny response back to the HTTP client for a given pending request.
+     */
+    respondToClient(requestKey: string, body: string): void;
+    /**
+     * Forward the original request to the remote MCP server and relay the response.
+     */
+    forwardToRemote(requestKey: string): Promise<void>;
+    private handleRequest;
+}
+//# sourceMappingURL=http-relay.d.ts.map

package/dist/http-relay.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-relay.d.ts","sourceRoot":"","sources":["../src/http-relay.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,KAAK,eAAe,EAAuB,MAAM,WAAW,CAAC;AACjG,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,WAAW,eAAe;IAC9B,wEAAwE;IACxE,OAAO,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IAChC,wEAAwE;IACxE,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACjC,0BAA0B;IAC1B,KAAK,EAAE,CAAC,GAAG,EAAE,KAAK,KAAK,IAAI,CAAC;CAC7B;AAQD;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,GAAG,EAAE,eAAe,KAAK,MAAM,GAAG,SAAS,GAAG,IAAI,CAAC;AAE9E;;;;;;;;GAQG;AACH,qBAAa,SAAU,SAAQ,YAAY;IACzC,OAAO,CAAC,MAAM,CAAuB;IACrC,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,OAAO,CAA0C;IACzD,OAAO,CAAC,cAAc,CAAK;IAC3B,OAAO,CAAC,SAAS,CAA4B;gBAEjC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,WAAW;IAOpE,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAiBtB,IAAI,IAAI,IAAI;IAIZ;;OAEG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI;IASvD;;OAEG;IACG,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA2FxD,OAAO,CAAC,aAAa;CAoDtB"}

package/dist/http-relay.js ADDED Viewed

@@ -0,0 +1,193 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HttpRelay = void 0;
+const node_http_1 = require("node:http");
+const node_events_1 = require("node:events");
+/**
+ * HttpRelay manages:
+ *  - Running a local HTTP server that accepts JSON-RPC POST requests
+ *  - Forwarding allowed requests to a remote MCP server via fetch()
+ *  - Streaming SSE responses back when the remote uses text/event-stream
+ *
+ * The interceptor hooks into request/response events to inspect,
+ * allow, deny, or modify messages before they are forwarded.
+ */
+class HttpRelay extends node_events_1.EventEmitter {
+    server = null;
+    port;
+    targetUrl;
+    pending = new Map();
+    requestCounter = 0;
+    authCheck = null;
+    constructor(port, targetUrl, authCheck) {
+        super();
+        this.port = port;
+        this.targetUrl = targetUrl;
+        this.authCheck = authCheck ?? null;
+    }
+    start() {
+        return new Promise((resolve, reject) => {
+            this.server = (0, node_http_1.createServer)((req, res) => {
+                this.handleRequest(req, res);
+            });
+            this.server.on("error", (err) => {
+                this.emit("error", err);
+                reject(err);
+            });
+            this.server.listen(this.port, () => {
+                resolve();
+            });
+        });
+    }
+    stop() {
+        this.server?.close();
+    }
+    /**
+     * Send a deny response back to the HTTP client for a given pending request.
+     */
+    respondToClient(requestKey, body) {
+        const pending = this.pending.get(requestKey);
+        if (!pending)
+            return;
+        this.pending.delete(requestKey);
+        pending.res.writeHead(200, { "Content-Type": "application/json" });
+        pending.res.end(body);
+    }
+    /**
+     * Forward the original request to the remote MCP server and relay the response.
+     */
+    async forwardToRemote(requestKey) {
+        const pending = this.pending.get(requestKey);
+        if (!pending)
+            return;
+        this.pending.delete(requestKey);
+        try {
+            // Forward relevant headers from the original request to the remote server
+            const forwardHeaders = {
+                "Content-Type": "application/json",
+                Accept: "application/json, text/event-stream",
+            };
+            if (pending.headers.authorization) {
+                forwardHeaders["Authorization"] = pending.headers.authorization;
+            }
+            const remoteRes = await fetch(this.targetUrl, {
+                method: "POST",
+                headers: forwardHeaders,
+                body: pending.body,
+            });
+            const contentType = remoteRes.headers.get("content-type") ?? "";
+            if (contentType.includes("text/event-stream") && remoteRes.body) {
+                // SSE streaming — relay each event back to the client
+                pending.res.writeHead(remoteRes.status, {
+                    "Content-Type": "text/event-stream",
+                    "Cache-Control": "no-cache",
+                    Connection: "keep-alive",
+                });
+                const reader = remoteRes.body.getReader();
+                const decoder = new TextDecoder();
+                let buffer = "";
+                try {
+                    while (true) {
+                        const { done, value } = await reader.read();
+                        if (done)
+                            break;
+                        const chunk = decoder.decode(value, { stream: true });
+                        buffer += chunk;
+                        pending.res.write(chunk);
+                        // Extract complete SSE data lines for logging
+                        const lines = buffer.split("\n");
+                        buffer = lines.pop() ?? "";
+                        for (const line of lines) {
+                            if (line.startsWith("data: ")) {
+                                const data = line.slice(6).trim();
+                                if (data) {
+                                    this.emit("response", data);
+                                }
+                            }
+                        }
+                    }
+                }
+                finally {
+                    // Flush remaining buffer
+                    if (buffer.startsWith("data: ")) {
+                        const data = buffer.slice(6).trim();
+                        if (data) {
+                            this.emit("response", data);
+                        }
+                    }
+                    pending.res.end();
+                }
+            }
+            else {
+                // Standard JSON response
+                const responseBody = await remoteRes.text();
+                this.emit("response", responseBody);
+                pending.res.writeHead(remoteRes.status, {
+                    "Content-Type": contentType || "application/json",
+                });
+                pending.res.end(responseBody);
+            }
+        }
+        catch (err) {
+            const errorBody = JSON.stringify({
+                jsonrpc: "2.0",
+                id: null,
+                error: {
+                    code: -32603,
+                    message: `Quint: failed to reach remote server: ${err.message}`,
+                },
+            });
+            this.emit("response", errorBody);
+            pending.res.writeHead(502, { "Content-Type": "application/json" });
+            pending.res.end(errorBody);
+        }
+    }
+    handleRequest(req, res) {
+        // Only handle POST requests
+        if (req.method !== "POST") {
+            res.writeHead(405, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "Method not allowed. Use POST." }));
+            return;
+        }
+        // CORS preflight support
+        res.setHeader("Access-Control-Allow-Origin", "*");
+        res.setHeader("Access-Control-Allow-Methods", "POST, OPTIONS");
+        res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+        // Auth check (if configured)
+        if (this.authCheck) {
+            const authError = this.authCheck(req);
+            if (authError) {
+                res.writeHead(401, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: null,
+                    error: { code: -32600, message: authError },
+                }));
+                return;
+            }
+        }
+        const chunks = [];
+        req.on("data", (chunk) => chunks.push(chunk));
+        req.on("end", () => {
+            const body = Buffer.concat(chunks).toString("utf-8");
+            const requestKey = String(++this.requestCounter);
+            // Capture headers to forward to remote server
+            const headers = {};
+            for (const key of ["authorization", "content-type", "accept"]) {
+                const val = req.headers[key];
+                if (typeof val === "string")
+                    headers[key] = val;
+            }
+            this.pending.set(requestKey, { res, body, headers });
+            // Emit the request for the interceptor to inspect.
+            // The interceptor will call respondToClient() for denials
+            // or forwardToRemote() for allowed requests.
+            this.emit("request", body, requestKey);
+        });
+        req.on("error", (err) => {
+            this.emit("error", err);
+        });
+    }
+}
+exports.HttpRelay = HttpRelay;
+//# sourceMappingURL=http-relay.js.map

package/dist/http-relay.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-relay.js","sourceRoot":"","sources":["../src/http-relay.ts"],"names":[],"mappings":";;;AAAA,yCAAiG;AACjG,6CAA2C;AAuB3C;;;;;;;;GAQG;AACH,MAAa,SAAU,SAAQ,0BAAY;IACjC,MAAM,GAAkB,IAAI,CAAC;IAC7B,IAAI,CAAS;IACb,SAAS,CAAS;IAClB,OAAO,GAAgC,IAAI,GAAG,EAAE,CAAC;IACjD,cAAc,GAAG,CAAC,CAAC;IACnB,SAAS,GAAuB,IAAI,CAAC;IAE7C,YAAY,IAAY,EAAE,SAAiB,EAAE,SAAuB;QAClE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,CAAC;IACrC,CAAC;IAED,KAAK;QACH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,MAAM,GAAG,IAAA,wBAAY,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACtC,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBAC9B,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBACxB,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE;gBACjC,OAAO,EAAE,CAAC;YACZ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,IAAI;QACF,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,UAAkB,EAAE,IAAY;QAC9C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEhC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,UAAkB;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAEhC,IAAI,CAAC;YACH,0EAA0E;YAC1E,MAAM,cAAc,GAA2B;gBAC7C,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,qCAAqC;aAC9C,CAAC;YACF,IAAI,OAAO,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAClC,cAAc,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC;YAClE,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE;gBAC5C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,cAAc;gBACvB,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;YAEH,MAAM,WAAW,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;YAEhE,IAAI,WAAW,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;gBAChE,sDAAsD;gBACtD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE;oBACtC,cAAc,EAAE,mBAAmB;oBACnC,eAAe,EAAE,UAAU;oBAC3B,UAAU,EAAE,YAAY;iBACzB,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;gBAClC,IAAI,MAAM,GAAG,EAAE,CAAC;gBAEhB,IAAI,CAAC;oBACH,OAAO,IAAI,EAAE,CAAC;wBACZ,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;wBAC5C,IAAI,IAAI;4BAAE,MAAM;wBAEhB,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;wBACtD,MAAM,IAAI,KAAK,CAAC;wBAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;wBAEzB,8CAA8C;wBAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;wBACjC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;wBAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;4BACzB,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gCAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gCAClC,IAAI,IAAI,EAAE,CAAC;oCACT,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;gCAC9B,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;wBAAS,CAAC;oBACT,yBAAyB;oBACzB,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAChC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;wBACpC,IAAI,IAAI,EAAE,CAAC;4BACT,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;wBAC9B,CAAC;oBACH,CAAC;oBACD,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;gBACpB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,yBAAyB;gBACzB,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;gBAC5C,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;gBAEpC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE;oBACtC,cAAc,EAAE,WAAW,IAAI,kBAAkB;iBAClD,CAAC,CAAC;gBACH,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC/B,OAAO,EAAE,KAAK;gBACd,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,yCAA0C,GAAa,CAAC,OAAO,EAAE;iBAC3E;aACF,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YACnE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,GAAoB,EAAE,GAAmB;QAC7D,4BAA4B;QAC5B,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,GAAG,CAAC,SAAS,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;QAClD,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,eAAe,CAAC,CAAC;QAC/D,GAAG,CAAC,SAAS,CAAC,8BAA8B,EAAE,6BAA6B,CAAC,CAAC;QAE7E,6BAA6B;QAC7B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,SAAS,EAAE,CAAC;gBACd,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;oBACrB,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE;iBAC5C,CAAC,CAAC,CAAC;gBACJ,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YACjB,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,MAAM,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;YAEjD,8CAA8C;YAC9C,MAAM,OAAO,GAA2B,EAAE,CAAC;YAC3C,KAAK,MAAM,GAAG,IAAI,CAAC,eAAe,EAAE,cAAc,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAC9D,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAC7B,IAAI,OAAO,GAAG,KAAK,QAAQ;oBAAE,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YAClD,CAAC;YAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAErD,mDAAmD;YACnD,0DAA0D;YAC1D,6CAA6C;YAC7C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACtB,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAlMD,8BAkMC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { type PolicyConfig } from "@quint-security/core";
+export { Relay } from "./relay.js";
+export { HttpRelay } from "./http-relay.js";
+export { inspectRequest, inspectResponse, buildDenyResponse } from "./interceptor.js";
+export { AuditLogger } from "./logger.js";
+export { startHttpProxy } from "./http-proxy.js";
+export interface ProxyOptions {
+    serverName: string;
+    command: string;
+    args: string[];
+    policy: PolicyConfig;
+}
+/**
+ * Start the proxy: spawn child MCP server, intercept all JSON-RPC
+ * messages, enforce policy, sign and log everything.
+ */
+export declare function startProxy(opts: ProxyOptions): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,YAAY,EAUlB,MAAM,sBAAsB,CAAC;AAK9B,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACtF,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,YAAY,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI,CAgJnD"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,151 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startHttpProxy = exports.AuditLogger = exports.buildDenyResponse = exports.inspectResponse = exports.inspectRequest = exports.HttpRelay = exports.Relay = void 0;
+exports.startProxy = startProxy;
+const core_1 = require("@quint-security/core");
+const relay_js_1 = require("./relay.js");
+const interceptor_js_1 = require("./interceptor.js");
+const logger_js_1 = require("./logger.js");
+var relay_js_2 = require("./relay.js");
+Object.defineProperty(exports, "Relay", { enumerable: true, get: function () { return relay_js_2.Relay; } });
+var http_relay_js_1 = require("./http-relay.js");
+Object.defineProperty(exports, "HttpRelay", { enumerable: true, get: function () { return http_relay_js_1.HttpRelay; } });
+var interceptor_js_2 = require("./interceptor.js");
+Object.defineProperty(exports, "inspectRequest", { enumerable: true, get: function () { return interceptor_js_2.inspectRequest; } });
+Object.defineProperty(exports, "inspectResponse", { enumerable: true, get: function () { return interceptor_js_2.inspectResponse; } });
+Object.defineProperty(exports, "buildDenyResponse", { enumerable: true, get: function () { return interceptor_js_2.buildDenyResponse; } });
+var logger_js_2 = require("./logger.js");
+Object.defineProperty(exports, "AuditLogger", { enumerable: true, get: function () { return logger_js_2.AuditLogger; } });
+var http_proxy_js_1 = require("./http-proxy.js");
+Object.defineProperty(exports, "startHttpProxy", { enumerable: true, get: function () { return http_proxy_js_1.startHttpProxy; } });
+/**
+ * Start the proxy: spawn child MCP server, intercept all JSON-RPC
+ * messages, enforce policy, sign and log everything.
+ */
+function startProxy(opts) {
+    (0, core_1.setLogLevel)(opts.policy.log_level);
+    const dataDir = (0, core_1.resolveDataDir)(opts.policy.data_dir);
+    // Ensure signing keys exist
+    const kp = (0, core_1.ensureKeyPair)(dataDir);
+    // Open audit database
+    const db = (0, core_1.openAuditDb)(dataDir);
+    // Create audit logger
+    const logger = new logger_js_1.AuditLogger(db, kp.privateKey, kp.publicKey, opts.policy);
+    // Create risk engine
+    const riskEngine = new core_1.RiskEngine();
+    // Create relay
+    const relay = new relay_js_1.Relay(opts.command, opts.args);
+    // ── Handle messages from parent (AI agent) → child (MCP server) ──
+    relay.on("parentMessage", (line) => {
+        const result = (0, interceptor_js_1.inspectRequest)(line, opts.serverName, opts.policy);
+        // For non-tool-call requests, log immediately. Tool calls get logged after risk scoring.
+        if (!result.toolName || result.verdict === "deny") {
+            logger.log({
+                serverName: opts.serverName,
+                direction: "request",
+                method: result.method,
+                messageId: result.messageId,
+                toolName: result.toolName,
+                argumentsJson: result.argumentsJson,
+                responseJson: null,
+                verdict: result.verdict,
+            });
+        }
+        if (result.verdict === "deny") {
+            const reqId = result.message && "id" in result.message ? result.message.id : null;
+            const errorResponse = (0, interceptor_js_1.buildDenyResponse)(reqId ?? null);
+            relay.sendToParent(errorResponse);
+            (0, core_1.logInfo)(`denied ${result.toolName} on ${opts.serverName}`);
+            logger.log({
+                serverName: opts.serverName,
+                direction: "response",
+                method: result.method,
+                messageId: result.messageId,
+                toolName: result.toolName,
+                argumentsJson: null,
+                responseJson: errorResponse,
+                verdict: "deny",
+            });
+        }
+        else if (result.toolName) {
+            const risk = riskEngine.score(result.toolName, result.argumentsJson, "anonymous");
+            const riskAction = riskEngine.evaluate(risk);
+            // Re-log the request with risk score attached
+            logger.log({
+                serverName: opts.serverName,
+                direction: "request",
+                method: result.method,
+                messageId: result.messageId,
+                toolName: result.toolName,
+                argumentsJson: result.argumentsJson,
+                responseJson: null,
+                verdict: result.verdict,
+                riskScore: risk.score,
+                riskLevel: risk.level,
+            });
+            if (riskAction === "deny") {
+                const reqId = result.message && "id" in result.message ? result.message.id : null;
+                const errorResponse = (0, interceptor_js_1.buildDenyResponse)(reqId ?? null);
+                relay.sendToParent(errorResponse);
+                (0, core_1.logWarn)(`risk-denied ${result.toolName} (score=${risk.score}, level=${risk.level}): ${risk.reasons.join("; ")}`);
+                logger.log({
+                    serverName: opts.serverName,
+                    direction: "response",
+                    method: result.method,
+                    messageId: result.messageId,
+                    toolName: result.toolName,
+                    argumentsJson: null,
+                    responseJson: errorResponse,
+                    verdict: "deny",
+                    riskScore: risk.score,
+                    riskLevel: risk.level,
+                });
+            }
+            else {
+                if (riskAction === "flag") {
+                    (0, core_1.logWarn)(`high-risk ${result.toolName} (score=${risk.score}, level=${risk.level}): ${risk.reasons.join("; ")}`);
+                }
+                (0, core_1.logDebug)(`forwarding ${result.method} (risk=${risk.score}) to child`);
+                relay.sendToChild(line);
+            }
+            if (riskEngine.shouldRevoke("anonymous")) {
+                (0, core_1.logWarn)(`repeated high-risk actions detected — consider revoking agent credentials`);
+            }
+        }
+        else {
+            // Non-tool-call — forward directly
+            (0, core_1.logDebug)(`forwarding ${result.method} (${result.verdict}) to child`);
+            relay.sendToChild(line);
+        }
+    });
+    // ── Handle messages from child (MCP server) → parent (AI agent) ──
+    relay.on("childMessage", (line) => {
+        const result = (0, interceptor_js_1.inspectResponse)(line);
+        // Log the response
+        logger.log({
+            serverName: opts.serverName,
+            direction: "response",
+            method: result.method,
+            messageId: result.messageId,
+            toolName: null,
+            argumentsJson: null,
+            responseJson: result.responseJson,
+            verdict: "passthrough",
+        });
+        // Always forward responses to parent
+        relay.sendToParent(line);
+    });
+    // ── Handle child exit ──
+    relay.on("childExit", (code) => {
+        db.close();
+        process.exit(code ?? 0);
+    });
+    relay.on("error", (err) => {
+        (0, core_1.logError)(`relay error: ${err.message}`);
+        db.close();
+        process.exit(1);
+    });
+    // Start
+    relay.start();
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAiCA,gCAgJC;AAjLD,+CAW8B;AAC9B,yCAAmC;AACnC,qDAAsF;AACtF,2CAA0C;AAE1C,uCAAmC;AAA1B,iGAAA,KAAK,OAAA;AACd,iDAA4C;AAAnC,0GAAA,SAAS,OAAA;AAClB,mDAAsF;AAA7E,gHAAA,cAAc,OAAA;AAAE,iHAAA,eAAe,OAAA;AAAE,mHAAA,iBAAiB,OAAA;AAC3D,yCAA0C;AAAjC,wGAAA,WAAW,OAAA;AACpB,iDAAiD;AAAxC,+GAAA,cAAc,OAAA;AASvB;;;GAGG;AACH,SAAgB,UAAU,CAAC,IAAkB;IAC3C,IAAA,kBAAW,EAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,IAAA,qBAAc,EAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAErD,4BAA4B;IAC5B,MAAM,EAAE,GAAG,IAAA,oBAAa,EAAC,OAAO,CAAC,CAAC;IAElC,sBAAsB;IACtB,MAAM,EAAE,GAAG,IAAA,kBAAW,EAAC,OAAO,CAAC,CAAC;IAEhC,sBAAsB;IACtB,MAAM,MAAM,GAAG,IAAI,uBAAW,CAAC,EAAE,EAAE,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAE7E,qBAAqB;IACrB,MAAM,UAAU,GAAG,IAAI,iBAAU,EAAE,CAAC;IAEpC,eAAe;IACf,MAAM,KAAK,GAAG,IAAI,gBAAK,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAEjD,oEAAoE;IAEpE,KAAK,CAAC,EAAE,CAAC,eAAe,EAAE,CAAC,IAAY,EAAE,EAAE;QACzC,MAAM,MAAM,GAAG,IAAA,+BAAc,EAAC,IAAI,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAElE,yFAAyF;QACzF,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAClD,MAAM,CAAC,GAAG,CAAC;gBACT,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,SAAS,EAAE,SAAS;gBACpB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,YAAY,EAAE,IAAI;gBAClB,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAClF,MAAM,aAAa,GAAG,IAAA,kCAAiB,EAAC,KAAK,IAAI,IAAI,CAAC,CAAC;YACvD,KAAK,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;YAClC,IAAA,cAAO,EAAC,UAAU,MAAM,CAAC,QAAQ,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;YAE3D,MAAM,CAAC,GAAG,CAAC;gBACT,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,SAAS,EAAE,UAAU;gBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,aAAa,EAAE,IAAI;gBACnB,YAAY,EAAE,aAAa;gBAC3B,OAAO,EAAE,MAAM;aAChB,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;YAClF,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAE7C,8CAA8C;YAC9C,MAAM,CAAC,GAAG,CAAC;gBACT,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,SAAS,EAAE,SAAS;gBACpB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,YAAY,EAAE,IAAI;gBAClB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,SAAS,EAAE,IAAI,CAAC,KAAK;gBACrB,SAAS,EAAE,IAAI,CAAC,KAAK;aACtB,CAAC,CAAC;YAEH,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;gBAC1B,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBAClF,MAAM,aAAa,GAAG,IAAA,kCAAiB,EAAC,KAAK,IAAI,IAAI,CAAC,CAAC;gBACvD,KAAK,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;gBAClC,IAAA,cAAO,EAAC,eAAe,MAAM,CAAC,QAAQ,WAAW,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAEjH,MAAM,CAAC,GAAG,CAAC;oBACT,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,SAAS,EAAE,UAAU;oBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,aAAa,EAAE,IAAI;oBACnB,YAAY,EAAE,aAAa;oBAC3B,OAAO,EAAE,MAAM;oBACf,SAAS,EAAE,IAAI,CAAC,KAAK;oBACrB,SAAS,EAAE,IAAI,CAAC,KAAK;iBACtB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,IAAA,cAAO,EAAC,aAAa,MAAM,CAAC,QAAQ,WAAW,IAAI,CAAC,KAAK,WAAW,IAAI,CAAC,KAAK,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjH,CAAC;gBACD,IAAA,eAAQ,EAAC,cAAc,MAAM,CAAC,MAAM,UAAU,IAAI,CAAC,KAAK,YAAY,CAAC,CAAC;gBACtE,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;YAED,IAAI,UAAU,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,IAAA,cAAO,EAAC,2EAA2E,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;aAAM,CAAC;YACN,mCAAmC;YACnC,IAAA,eAAQ,EAAC,cAAc,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,OAAO,YAAY,CAAC,CAAC;YACrE,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,oEAAoE;IAEpE,KAAK,CAAC,EAAE,CAAC,cAAc,EAAE,CAAC,IAAY,EAAE,EAAE;QACxC,MAAM,MAAM,GAAG,IAAA,gCAAe,EAAC,IAAI,CAAC,CAAC;QAErC,mBAAmB;QACnB,MAAM,CAAC,GAAG,CAAC;YACT,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,SAAS,EAAE,UAAU;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,QAAQ,EAAE,IAAI;YACd,aAAa,EAAE,IAAI;YACnB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;QAEH,qCAAqC;QACrC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAE1B,KAAK,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,IAAmB,EAAE,EAAE;QAC5C,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QAC/B,IAAA,eAAQ,EAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxC,EAAE,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,QAAQ;IACR,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC"}

package/dist/interceptor.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { type JsonRpcMessage, type Verdict, type PolicyConfig } from "@quint-security/core";
+export interface InspectionResult {
+    /** The parsed JSON-RPC message (null if line is not valid JSON-RPC) */
+    message: JsonRpcMessage | null;
+    /** Policy verdict */
+    verdict: Verdict;
+    /** Extracted tool name (for tools/call requests) */
+    toolName: string | null;
+    /** Extracted tool arguments as JSON string */
+    argumentsJson: string | null;
+    /** JSON-RPC method */
+    method: string;
+    /** JSON-RPC id */
+    messageId: string | null;
+}
+/**
+ * Try to parse a line as JSON-RPC and determine the policy verdict.
+ * Non-parseable lines or non-tools/call methods get "passthrough".
+ */
+export declare function inspectRequest(line: string, serverName: string, policy: PolicyConfig): InspectionResult;
+/**
+ * Inspect a response line from the child (just for logging purposes — responses always pass through).
+ */
+export declare function inspectResponse(line: string): {
+    method: string;
+    messageId: string | null;
+    responseJson: string | null;
+};
+/**
+ * Build a JSON-RPC error response for a denied tool call.
+ */
+export declare function buildDenyResponse(requestId: string | number | null): string;
+//# sourceMappingURL=interceptor.d.ts.map

package/dist/interceptor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"interceptor.d.ts","sourceRoot":"","sources":["../src/interceptor.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,OAAO,EACZ,KAAK,YAAY,EAKlB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,gBAAgB;IAC/B,uEAAuE;IACvE,OAAO,EAAE,cAAc,GAAG,IAAI,CAAC;IAC/B,qBAAqB;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,oDAAoD;IACpD,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,8CAA8C;IAC9C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,sBAAsB;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,YAAY,GACnB,gBAAgB,CA+ClB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG;IAC7C,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,CAaA;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,GAAG,MAAM,CAU3E"}