@sanctuary-framework/mcp-server 0.5.2 → 0.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +41 -9
- package/dist/cli.cjs.map +1 -1
- package/dist/cli.js +43 -11
- package/dist/cli.js.map +1 -1
- package/dist/index.cjs +41 -9
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +10 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.js +43 -11
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/cli.js
CHANGED
|
@@ -4,7 +4,7 @@ import { hmac } from '@noble/hashes/hmac';
|
|
|
4
4
|
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
|
|
5
5
|
import { mkdir, readFile, writeFile, stat, unlink, readdir, chmod, access } from 'fs/promises';
|
|
6
6
|
import { join } from 'path';
|
|
7
|
-
import { homedir } from 'os';
|
|
7
|
+
import { platform, homedir } from 'os';
|
|
8
8
|
import { createRequire } from 'module';
|
|
9
9
|
import { randomBytes as randomBytes$1, createHmac } from 'crypto';
|
|
10
10
|
import { gcm } from '@noble/ciphers/aes.js';
|
|
@@ -16,7 +16,7 @@ import { ListToolsRequestSchema, CallToolRequestSchema } from '@modelcontextprot
|
|
|
16
16
|
import { createServer as createServer$2 } from 'http';
|
|
17
17
|
import { createServer as createServer$1, get } from 'https';
|
|
18
18
|
import { readFileSync, statSync } from 'fs';
|
|
19
|
-
import { execSync } from 'child_process';
|
|
19
|
+
import { exec, execSync } from 'child_process';
|
|
20
20
|
|
|
21
21
|
var __defProp = Object.defineProperty;
|
|
22
22
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
@@ -292,6 +292,12 @@ async function loadConfig(configPath) {
|
|
|
292
292
|
if (process.env.SANCTUARY_DASHBOARD_AUTH_TOKEN) {
|
|
293
293
|
config.dashboard.auth_token = process.env.SANCTUARY_DASHBOARD_AUTH_TOKEN;
|
|
294
294
|
}
|
|
295
|
+
if (process.env.SANCTUARY_DASHBOARD_AUTO_OPEN === "true") {
|
|
296
|
+
config.dashboard.auto_open = true;
|
|
297
|
+
}
|
|
298
|
+
if (process.env.SANCTUARY_DASHBOARD_AUTO_OPEN === "false") {
|
|
299
|
+
config.dashboard.auto_open = false;
|
|
300
|
+
}
|
|
295
301
|
if (process.env.SANCTUARY_DASHBOARD_TLS_CERT && process.env.SANCTUARY_DASHBOARD_TLS_KEY) {
|
|
296
302
|
config.dashboard.tls = {
|
|
297
303
|
cert_path: process.env.SANCTUARY_DASHBOARD_TLS_CERT,
|
|
@@ -5696,26 +5702,26 @@ var DashboardApprovalChannel = class {
|
|
|
5696
5702
|
const protocol = this.useTLS ? "https" : "http";
|
|
5697
5703
|
const baseUrl = `${protocol}://${this.config.host}:${this.config.port}`;
|
|
5698
5704
|
this.httpServer.listen(this.config.port, this.config.host, () => {
|
|
5705
|
+
const sessionUrl = this.authToken ? this.createSessionUrl() : baseUrl;
|
|
5699
5706
|
process.stderr.write(
|
|
5700
5707
|
`
|
|
5701
5708
|
Sanctuary Principal Dashboard: ${baseUrl}
|
|
5702
5709
|
`
|
|
5703
5710
|
);
|
|
5704
5711
|
if (this.authToken) {
|
|
5705
|
-
const sessionUrl = this.createSessionUrl();
|
|
5706
|
-
process.stderr.write(
|
|
5707
|
-
` Quick open: ${sessionUrl}
|
|
5708
|
-
`
|
|
5709
|
-
);
|
|
5710
5712
|
const hint = this.authToken.slice(0, 4) + "..." + this.authToken.slice(-4);
|
|
5711
5713
|
process.stderr.write(
|
|
5712
5714
|
` Auth token: ${hint}
|
|
5713
|
-
|
|
5714
5715
|
`
|
|
5715
5716
|
);
|
|
5716
|
-
}
|
|
5717
|
-
|
|
5717
|
+
}
|
|
5718
|
+
process.stderr.write(`
|
|
5718
5719
|
`);
|
|
5720
|
+
const isTest = !!(process.env.VITEST || process.env.NODE_ENV === "test" || process.env.CI);
|
|
5721
|
+
const isLocalhost = this.config.host === "127.0.0.1" || this.config.host === "localhost" || this.config.host === "::1";
|
|
5722
|
+
const shouldAutoOpen = !isTest && (this.config.auto_open ?? isLocalhost);
|
|
5723
|
+
if (shouldAutoOpen) {
|
|
5724
|
+
this.openInBrowser(sessionUrl);
|
|
5719
5725
|
}
|
|
5720
5726
|
resolve();
|
|
5721
5727
|
});
|
|
@@ -6247,6 +6253,31 @@ data: ${JSON.stringify(data)}
|
|
|
6247
6253
|
broadcastProtectionStatus(data) {
|
|
6248
6254
|
this.broadcastSSE("protection-status", data);
|
|
6249
6255
|
}
|
|
6256
|
+
/**
|
|
6257
|
+
* Open a URL in the system's default browser.
|
|
6258
|
+
* Cross-platform: macOS (open), Linux (xdg-open), Windows (start).
|
|
6259
|
+
* Fails silently — dashboard still works via terminal URL.
|
|
6260
|
+
*/
|
|
6261
|
+
openInBrowser(url) {
|
|
6262
|
+
const os = platform();
|
|
6263
|
+
let cmd;
|
|
6264
|
+
if (os === "darwin") {
|
|
6265
|
+
cmd = `open "${url}"`;
|
|
6266
|
+
} else if (os === "win32") {
|
|
6267
|
+
cmd = `start "" "${url}"`;
|
|
6268
|
+
} else {
|
|
6269
|
+
cmd = `xdg-open "${url}"`;
|
|
6270
|
+
}
|
|
6271
|
+
exec(cmd, (err) => {
|
|
6272
|
+
if (err) {
|
|
6273
|
+
process.stderr.write(
|
|
6274
|
+
` (Could not auto-open browser. Open the URL above manually.)
|
|
6275
|
+
|
|
6276
|
+
`
|
|
6277
|
+
);
|
|
6278
|
+
}
|
|
6279
|
+
});
|
|
6280
|
+
}
|
|
6250
6281
|
/**
|
|
6251
6282
|
* Create a pre-authenticated URL for the dashboard.
|
|
6252
6283
|
* Used by the sanctuary_dashboard_open tool and at startup.
|
|
@@ -12038,7 +12069,8 @@ async function createSanctuaryServer(options) {
|
|
|
12038
12069
|
timeout_seconds: policy.approval_channel.timeout_seconds,
|
|
12039
12070
|
// SEC-002: auto_deny removed — timeout always denies
|
|
12040
12071
|
auth_token: authToken,
|
|
12041
|
-
tls: config.dashboard.tls
|
|
12072
|
+
tls: config.dashboard.tls,
|
|
12073
|
+
auto_open: config.dashboard.auto_open
|
|
12042
12074
|
});
|
|
12043
12075
|
dashboard.setDependencies({ policy, baseline, auditLog });
|
|
12044
12076
|
await dashboard.start();
|