@sanctuary-framework/mcp-server 0.5.1 → 0.5.3

package/dist/index.d.cts

@@ -38,6 +38,8 @@ interface SanctuaryConfig {
         host: string;
         /** Bearer token for dashboard auth. If "auto", one is generated at startup. */
         auth_token?: string;
+        /** Auto-open dashboard in default browser on startup. Default: true for localhost. */
+        auto_open?: boolean;
         /** TLS cert/key paths for HTTPS dashboard. */
         tls?: {
             cert_path: string;
@@ -1986,6 +1988,8 @@ interface DashboardConfig {
         cert_path: string;
         key_path: string;
     };
+    /** Auto-open the dashboard in the default browser on startup. Default: true for localhost. */
+    auto_open?: boolean;
 }
 declare class DashboardApprovalChannel implements ApprovalChannel {
     private config;
@@ -1996,8 +2000,11 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
     private baseline;
     private auditLog;
     private dashboardHTML;
+    private loginHTML;
     private authToken;
     private useTLS;
+    /** Session TTL: longer for localhost, shorter for remote */
+    private sessionTTLMs;
     /** SEC-012: Short-lived session store. Sessions replace URL query tokens. */
     private sessions;
     private sessionCleanupTimer;
@@ -2037,6 +2044,15 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Returns true if auth passes, false if blocked (response already sent).
      */
     private checkAuth;
+    /**
+     * Check if a request is authenticated WITHOUT sending a response.
+     * Used to decide between login page vs dashboard for GET /.
+     */
+    private isAuthenticated;
+    /**
+     * Parse a specific cookie value from the request.
+     */
+    private parseCookie;
     /**
      * Create a short-lived session by exchanging the long-lived auth token
      * (provided in the Authorization header) for a session ID.
@@ -2074,6 +2090,7 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * normal checkAuth flow.
      */
     private handleSessionExchange;
+    private serveLoginPage;
     private serveDashboard;
     private handleSSE;
     private handleStatus;
@@ -2120,6 +2137,21 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Broadcast current protection status to connected dashboards.
      */
     broadcastProtectionStatus(data: Record<string, unknown>): void;
+    /**
+     * Open a URL in the system's default browser.
+     * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
+     * Fails silently — dashboard still works via terminal URL.
+     */
+    private openInBrowser;
+    /**
+     * Create a pre-authenticated URL for the dashboard.
+     * Used by the sanctuary_dashboard_open tool and at startup.
+     */
+    createSessionUrl(): string;
+    /**
+     * Get the base URL for the dashboard.
+     */
+    getBaseUrl(): string;
     /** Get the number of pending requests */
     get pendingCount(): number;
     /** Get the number of connected SSE clients */

package/dist/index.d.ts

@@ -38,6 +38,8 @@ interface SanctuaryConfig {
         host: string;
         /** Bearer token for dashboard auth. If "auto", one is generated at startup. */
         auth_token?: string;
+        /** Auto-open dashboard in default browser on startup. Default: true for localhost. */
+        auto_open?: boolean;
         /** TLS cert/key paths for HTTPS dashboard. */
         tls?: {
             cert_path: string;
@@ -1986,6 +1988,8 @@ interface DashboardConfig {
         cert_path: string;
         key_path: string;
     };
+    /** Auto-open the dashboard in the default browser on startup. Default: true for localhost. */
+    auto_open?: boolean;
 }
 declare class DashboardApprovalChannel implements ApprovalChannel {
     private config;
@@ -1996,8 +2000,11 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
     private baseline;
     private auditLog;
     private dashboardHTML;
+    private loginHTML;
     private authToken;
     private useTLS;
+    /** Session TTL: longer for localhost, shorter for remote */
+    private sessionTTLMs;
     /** SEC-012: Short-lived session store. Sessions replace URL query tokens. */
     private sessions;
     private sessionCleanupTimer;
@@ -2037,6 +2044,15 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Returns true if auth passes, false if blocked (response already sent).
      */
     private checkAuth;
+    /**
+     * Check if a request is authenticated WITHOUT sending a response.
+     * Used to decide between login page vs dashboard for GET /.
+     */
+    private isAuthenticated;
+    /**
+     * Parse a specific cookie value from the request.
+     */
+    private parseCookie;
     /**
      * Create a short-lived session by exchanging the long-lived auth token
      * (provided in the Authorization header) for a session ID.
@@ -2074,6 +2090,7 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * normal checkAuth flow.
      */
     private handleSessionExchange;
+    private serveLoginPage;
     private serveDashboard;
     private handleSSE;
     private handleStatus;
@@ -2120,6 +2137,21 @@ declare class DashboardApprovalChannel implements ApprovalChannel {
      * Broadcast current protection status to connected dashboards.
      */
     broadcastProtectionStatus(data: Record<string, unknown>): void;
+    /**
+     * Open a URL in the system's default browser.
+     * Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
+     * Fails silently — dashboard still works via terminal URL.
+     */
+    private openInBrowser;
+    /**
+     * Create a pre-authenticated URL for the dashboard.
+     * Used by the sanctuary_dashboard_open tool and at startup.
+     */
+    createSessionUrl(): string;
+    /**
+     * Get the base URL for the dashboard.
+     */
+    getBaseUrl(): string;
     /** Get the number of pending requests */
     get pendingCount(): number;
     /** Get the number of connected SSE clients */