@turbopentest/mcp-server 0.1.8 → 0.2.1

package/README.md

@@ -1,106 +1,117 @@
-# @turbopentest/mcp-server
-
-MCP server for [TurboPentest](https://turbopentest.com) — run AI-powered penetration tests and review findings from your coding assistant.
-
-## Setup
-
-### 1. Get your API key
-
-Create an API key at [turbopentest.com/settings/api-keys](https://turbopentest.com/settings/api-keys).
-
-### 2. Add to your MCP client
-
-**Claude Desktop** (`claude_desktop_config.json`):
-
-```json
-{
-  "mcpServers": {
-    "turbopentest": {
-      "command": "npx",
-      "args": ["@turbopentest/mcp-server"],
-      "env": {
-        "TURBOPENTEST_API_KEY": "tp_live_..."
-      }
-    }
-  }
-}
-```
-
-**Claude Code** (`.mcp.json` in your project root):
-
-```json
-{
-  "mcpServers": {
-    "turbopentest": {
-      "command": "npx",
-      "args": ["@turbopentest/mcp-server"],
-      "env": {
-        "TURBOPENTEST_API_KEY": "tp_live_..."
-      }
-    }
-  }
-}
-```
-
-**Cursor** (Settings > MCP Servers > Add):
-
-```json
-{
-  "command": "npx",
-  "args": ["@turbopentest/mcp-server"],
-  "env": {
-    "TURBOPENTEST_API_KEY": "tp_live_..."
-  }
-}
-```
-
-## Tools
-
-| Tool                              | Description                                                                                                                           |
-| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
-| `turbopentest_start_pentest`      | Launch a pentest against a verified domain. Supports recon/standard/deep/blitz tiers and optional GitHub repo for white-box scanning. |
-| `turbopentest_get_pentest`        | Get full pentest details: status, progress, findings summary, executive summary, attack surface map, STRIDE threat model.             |
-| `turbopentest_list_pentests`      | List all your pentests with status and finding counts. Filter by status, limit results.                                               |
-| `turbopentest_get_findings`       | Get structured vulnerability findings with severity, CVSS, CWE, PoC, remediation, and retest commands. Filter by severity.            |
-| `turbopentest_download_report`    | Download a pentest report as markdown (best for AI), JSON, or PDF.                                                                    |
-| `turbopentest_get_credits`        | Check your credit balance and available scan tiers with pricing.                                                                      |
-| `turbopentest_verify_attestation` | Verify a blockchain-anchored pentest attestation by hash (public, no API key required).                                               |
-| `turbopentest_list_domains`       | List your verified domains and their verification status.                                                                             |
-
-## Scan Tiers
-
-| Tier     | Agents | Duration | Price |
-| -------- | ------ | -------- | ----- |
-| Recon    | 1      | 30 min   | $49   |
-| Standard | 4      | 1 hour   | $99   |
-| Deep     | 10     | 2 hours  | $299  |
-| Blitz    | 20     | 4 hours  | $699  |
-
-## Example
-
-```
-You:    "Run a pentest on staging.example.com"
-Claude: Calls turbopentest_start_pentest → "Started pentest tp_abc123, 4 agents, ~1 hour"
-
-You:    "How's it going?"
-Claude: Calls turbopentest_get_pentest → "60% complete, 3 findings so far (1 high, 2 medium)"
-
-You:    "Show me the high severity findings"
-Claude: Calls turbopentest_get_findings(severity: "high") → Shows SQL injection details with PoC and remediation
-```
-
-## Configuration
-
-| Environment Variable   | Description                          | Default                        |
-| ---------------------- | ------------------------------------ | ------------------------------ |
-| `TURBOPENTEST_API_KEY` | Your TurboPentest API key (required) | —                              |
-| `TURBOPENTEST_API_URL` | Custom API base URL (for testing)    | `https://turbopentest.com/api` |
-
-## Requirements
-
-- Node.js 18+
-- A [TurboPentest](https://turbopentest.com) account with API access
-
-## License
-
-MIT
+# @turbopentest/mcp-server
+
+MCP server for [TurboPentest](https://turbopentest.com) — run AI-powered penetration tests and review findings from your coding assistant.
+
+## Setup
+
+### 1. Get your API key
+
+Create an API key at [turbopentest.com/settings/api-keys](https://turbopentest.com/settings/api-keys).
+
+### 2. Add to your MCP client
+
+**Claude Desktop** (`claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "turbopentest": {
+      "command": "npx",
+      "args": ["@turbopentest/mcp-server"],
+      "env": {
+        "TURBOPENTEST_API_KEY": "tp_live_..."
+      }
+    }
+  }
+}
+```
+
+**Claude Code** (`.mcp.json` in your project root):
+
+```json
+{
+  "mcpServers": {
+    "turbopentest": {
+      "command": "npx",
+      "args": ["@turbopentest/mcp-server"],
+      "env": {
+        "TURBOPENTEST_API_KEY": "tp_live_..."
+      }
+    }
+  }
+}
+```
+
+**Cursor** (Settings > MCP Servers > Add):
+
+```json
+{
+  "command": "npx",
+  "args": ["@turbopentest/mcp-server"],
+  "env": {
+    "TURBOPENTEST_API_KEY": "tp_live_..."
+  }
+}
+```
+
+## Tools
+
+| Tool                 | Description                                                                                                                           |
+| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| `start_pentest`      | Launch a pentest against a verified domain. Supports recon/standard/deep/blitz tiers and optional GitHub repo for white-box scanning. |
+| `get_pentest`        | Get full scan details: status, progress, findings summary, executive summary, attack surface map, STRIDE threat model.                |
+| `list_pentests`      | List all your pentests with status and finding counts. Filter by status, limit results.                                               |
+| `get_findings`       | Get structured vulnerability findings with severity, CVSS, CWE, PoC, remediation, and retest commands. Filter by severity.            |
+| `download_report`    | Download a pentest report as markdown (best for AI), JSON, or PDF.                                                                    |
+| `get_credits`        | Check your credit balance and available scan tiers with pricing.                                                                      |
+| `verify_attestation` | Verify a blockchain-anchored pentest attestation by hash (public, no API key required).                                               |
+| `list_domains`       | List your verified domains and their verification status.                                                                             |
+
+## Prompts
+
+Built-in prompts for common workflows. Your AI assistant can use these to guide multi-step operations.
+
+| Prompt              | Description                                                                                      |
+| ------------------- | ------------------------------------------------------------------------------------------------ |
+| `analyze_findings`  | Deep-dive analysis of a pentest's findings with prioritized remediation plan                     |
+| `compare_pentests`  | Diff two pentests to track what's new, fixed, and persistent across tests                        |
+| `run_pentest`       | Guided full-lifecycle pentest: domain check, credit verification, launch, monitoring, and summary |
+| `security_posture`  | Executive summary of overall security posture across all recent pentests                          |
+
+## Scan Tiers
+
+| Tier     | Agents | Duration | Price |
+| -------- | ------ | -------- | ----- |
+| Recon    | 1      | 30 min   | $49   |
+| Standard | 4      | 1 hour   | $99   |
+| Deep     | 10     | 2 hours  | $299  |
+| Blitz    | 20     | 4 hours  | $699  |
+
+## Example
+
+```
+You:    "Run a pentest on staging.example.com"
+Claude: Calls start_pentest → "Started pentest tp_abc123, 4 agents, ~1 hour"
+
+You:    "How's it going?"
+Claude: Calls get_pentest → "60% complete, 3 findings so far (1 high, 2 medium)"
+
+You:    "Show me the high severity findings"
+Claude: Calls get_findings(severity: "high") → Shows SQL injection details with PoC and remediation
+```
+
+## Configuration
+
+| Environment Variable   | Description                          | Default                        |
+| ---------------------- | ------------------------------------ | ------------------------------ |
+| `TURBOPENTEST_API_KEY` | Your TurboPentest API key (required) | —                              |
+| `TURBOPENTEST_API_URL` | Custom API base URL (for testing)    | `https://turbopentest.com/api` |
+
+## Requirements
+
+- Node.js 18+
+- A [TurboPentest](https://turbopentest.com) account with API access
+
+## License
+
+MIT

package/dist/prompts/analyze-findings.d.ts

@@ -0,0 +1,2 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerAnalyzeFindings(server: McpServer): void;

package/dist/prompts/analyze-findings.js

@@ -0,0 +1,56 @@
+import { z } from "zod";
+const argsSchema = {
+    pentest_id: z.string().describe("The pentest ID (UUID) to analyze"),
+};
+export function registerAnalyzeFindings(server) {
+    server.registerPrompt("analyze_findings", {
+        title: "Analyze Findings",
+        description: "Deep-dive analysis of a pentest's findings with prioritized remediation plan",
+        argsSchema,
+    }, async ({ pentest_id }) => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `You are a security analyst producing a prioritized remediation plan for pentest ${pentest_id}.
+
+Follow these steps:
+
+1. **Get pentest context** - Call turbopentest_get_pentest with pentest_id="${pentest_id}". Note the target URL, executive summary, attack surface, and STRIDE threat model. If the pentest is not complete, tell the user and stop.
+
+2. **Gather all findings** - Call turbopentest_get_findings with pentest_id="${pentest_id}" for each severity level separately:
+   - First with severity="critical"
+   - Then severity="high"
+   - Then severity="medium"
+   - Then severity="low"
+   This ensures you see all findings even if there are many.
+
+3. **Produce a prioritized remediation plan** organized as follows:
+
+   **Executive Summary** - One paragraph overview of the security posture.
+
+   **Critical & High Priority** - For each critical/high finding:
+   - Title and affected URL
+   - Why it matters (business impact)
+   - Specific remediation steps
+   - Retest command to verify the fix
+   - Estimated effort (quick fix / moderate / significant)
+
+   **Quick Wins** - Findings that are easy to fix regardless of severity. Look for:
+   - Missing security headers
+   - Outdated software versions
+   - Default credentials
+   - Information disclosure
+
+   **Medium & Low Priority** - Grouped summary with remediation themes rather than individual findings.
+
+   **Recommended Fix Order** - Numbered list of what to fix first, considering both severity and effort. Prioritize: critical issues, then quick wins, then high-effort items.
+
+Present the plan in clean markdown with clear sections.`,
+                },
+            },
+        ],
+    }));
+}
+//# sourceMappingURL=analyze-findings.js.map

package/dist/prompts/analyze-findings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-findings.js","sourceRoot":"","sources":["../../src/prompts/analyze-findings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,UAAU,GAAG;IACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;CACpE,CAAC;AAEF,MAAM,UAAU,uBAAuB,CAAC,MAAiB;IACvD,MAAM,CAAC,cAAc,CACnB,kBAAkB,EAClB;QACE,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,8EAA8E;QAC3F,UAAU;KACX,EACD,KAAK,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;QACzB,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE;oBACP,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,mFAAmF,UAAU;;;;8EAIjC,UAAU;;+EAET,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;wDA4BjC;iBAC7C;aACF;SACF;KACF,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/prompts/compare-pentests.d.ts

@@ -0,0 +1,2 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerComparePentests(server: McpServer): void;

package/dist/prompts/compare-pentests.js

@@ -0,0 +1,57 @@
+import { z } from "zod";
+const argsSchema = {
+    baseline_id: z.string().describe("The earlier pentest ID (UUID) to use as baseline"),
+    current_id: z.string().describe("The later pentest ID (UUID) to compare against baseline"),
+};
+export function registerComparePentests(server) {
+    server.registerPrompt("compare_pentests", {
+        title: "Compare Pentests",
+        description: "Diff two pentests to track what's new, fixed, and persistent across tests",
+        argsSchema,
+    }, async ({ baseline_id, current_id }) => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `You are comparing two penetration tests to track security posture changes.
+
+- Baseline (earlier): ${baseline_id}
+- Current (later): ${current_id}
+
+Follow these steps:
+
+1. **Get both pentests** - Call turbopentest_get_pentest for "${baseline_id}" and "${current_id}". Verify both are complete. Note their target URLs and completion dates.
+
+2. **Get all findings** - Call turbopentest_get_findings for both pentest IDs.
+
+3. **Compare findings** - Match findings between the two tests:
+   - Match by fingerprint first (exact match on the fingerprint field)
+   - If a finding has no fingerprint (null), fall back to matching by title
+   - Categorize each finding as:
+     - **New** - in current but not in baseline (regression)
+     - **Fixed** - in baseline but not in current (improvement)
+     - **Persistent** - in both tests (unresolved)
+
+4. **Present the comparison** in this format:
+
+   **Summary**
+   - Baseline: [target] tested on [date], [N] findings
+   - Current: [target] tested on [date], [N] findings
+   - Trend: Improving / Declining / Stable
+
+   **Fixed (improvements)** - List each with severity and title. Celebrate these.
+
+   **New (regressions)** - List each with severity, title, and remediation. Flag these as needing attention.
+
+   **Persistent (unresolved)** - List each with severity and title. Note how long they've been open.
+
+   **Severity Trend** - Table comparing critical/high/medium/low/info counts between baseline and current.
+
+   **Recommendation** - One paragraph on overall trajectory and top priority actions.`,
+                },
+            },
+        ],
+    }));
+}
+//# sourceMappingURL=compare-pentests.js.map

package/dist/prompts/compare-pentests.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compare-pentests.js","sourceRoot":"","sources":["../../src/prompts/compare-pentests.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,UAAU,GAAG;IACjB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;IACpF,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yDAAyD,CAAC;CAC3F,CAAC;AAEF,MAAM,UAAU,uBAAuB,CAAC,MAAiB;IACvD,MAAM,CAAC,cAAc,CACnB,kBAAkB,EAClB;QACE,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,2EAA2E;QACxF,UAAU;KACX,EACD,KAAK,EAAE,EAAE,WAAW,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;QACtC,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE;oBACP,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE;;wBAEM,WAAW;qBACd,UAAU;;;;gEAIiC,WAAW,UAAU,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;sFA2BT;iBAC3E;aACF;SACF;KACF,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/prompts/run-pentest.d.ts

@@ -0,0 +1,2 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerRunPentest(server: McpServer): void;

package/dist/prompts/run-pentest.js

@@ -0,0 +1,42 @@
+import { z } from "zod";
+const argsSchema = {
+    target_url: z.string().describe("The target URL to test (must be a verified domain)"),
+    tier: z
+        .enum(["recon", "standard", "deep", "blitz"])
+        .default("standard")
+        .describe("Tier: recon (1 agent, 30min), standard (4 agents, 1hr), deep (10 agents, 2hr), blitz (20 agents, 4hr)"),
+};
+export function registerRunPentest(server) {
+    server.registerPrompt("run_pentest", {
+        title: "Run Pentest",
+        description: "Guided full-lifecycle pentest: domain check, credit verification, launch, monitoring, and findings summary",
+        argsSchema,
+    }, async ({ target_url, tier }) => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `You are helping a security engineer run a penetration test against ${target_url} using the "${tier}" tier.
+
+Follow these steps in order:
+
+1. **Verify the domain** - Call turbopentest_list_domains and check that the domain for ${target_url} appears and is verified. If not, tell the user they need to verify the domain first at https://turbopentest.com/domains.
+
+2. **Check credits** - Call turbopentest_get_credits and confirm the user has at least one "${tier}" credit available. If not, tell them their current balance and suggest alternatives.
+
+3. **Launch the pentest** - Call turbopentest_start_pentest with target_url="${target_url}" and tier="${tier}". Note the pentest ID from the response.
+
+4. **Monitor progress** - Call turbopentest_get_pentest with the pentest ID to check status. If status is "scanning", report the progress percentage and which tools are running, then wait 30 seconds and check again. Repeat until status is "complete" or "failed". Do not poll more than 240 times (2 hours max).
+
+5. **Summarize findings** - Once complete, call turbopentest_get_findings with the pentest ID. Present a severity breakdown (critical/high/medium/low/info counts) and list the top findings with their titles, severity, and remediation advice.
+
+6. **Offer the report** - Ask the user if they'd like to download the full report. If yes, call turbopentest_download_report with their preferred format (markdown is best for reading here, json for structured data, pdf for sharing).
+
+If any step fails, explain the error clearly and suggest how to resolve it.`,
+                },
+            },
+        ],
+    }));
+}
+//# sourceMappingURL=run-pentest.js.map

package/dist/prompts/run-pentest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-pentest.js","sourceRoot":"","sources":["../../src/prompts/run-pentest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,UAAU,GAAG;IACjB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;IACrF,IAAI,EAAE,CAAC;SACJ,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;SAC5C,OAAO,CAAC,UAAU,CAAC;SACnB,QAAQ,CACP,uGAAuG,CACxG;CACJ,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,MAAiB;IAClD,MAAM,CAAC,cAAc,CACnB,aAAa,EACb;QACE,KAAK,EAAE,aAAa;QACpB,WAAW,EACT,4GAA4G;QAC9G,UAAU;KACX,EACD,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;QAC/B,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE;oBACP,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,sEAAsE,UAAU,eAAe,IAAI;;;;0FAI3B,UAAU;;8FAEN,IAAI;;+EAEnB,UAAU,eAAe,IAAI;;;;;;;;4EAQhC;iBACjE;aACF;SACF;KACF,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/prompts/security-posture.d.ts

@@ -0,0 +1,2 @@
+import type { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerSecurityPosture(server: McpServer): void;

package/dist/prompts/security-posture.js

@@ -0,0 +1,49 @@
+export function registerSecurityPosture(server) {
+    server.registerPrompt("security_posture", {
+        title: "Security Posture",
+        description: "Executive summary of overall security posture across all recent pentests",
+    }, async () => ({
+        messages: [
+            {
+                role: "user",
+                content: {
+                    type: "text",
+                    text: `You are producing an executive security posture report for this user's organization.
+
+Follow these steps:
+
+1. **Get recent pentests** - Call turbopentest_list_pentests with limit=20. Note how many are complete vs in-progress.
+
+2. **Gather findings for recent completed tests** - For the 5 most recently completed pentests, call turbopentest_get_findings for each. This caps API calls while giving a representative view.
+
+3. **Produce an executive summary** with these sections:
+
+   **Overview**
+   - Total pentests run (from the list)
+   - Targets tested (unique URLs)
+   - Date range covered
+
+   **Vulnerability Summary**
+   - Total findings by severity across all 5 analyzed tests
+   - Most common vulnerability types (group by title similarity)
+   - Average findings per test
+
+   **Highest Risk Targets**
+   - Which targets have the most critical/high findings
+   - Any targets with unresolved critical issues
+
+   **Trends** (if multiple tests exist for the same target)
+   - Is the finding count going up or down?
+   - Are critical issues being resolved?
+
+   **Top 3 Recommended Actions**
+   - Specific, actionable items based on the findings
+   - Prioritize by impact and prevalence
+
+Present this as a clean executive briefing suitable for sharing with leadership. Use bullet points and tables where appropriate.`,
+                },
+            },
+        ],
+    }));
+}
+//# sourceMappingURL=security-posture.js.map

package/dist/prompts/security-posture.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-posture.js","sourceRoot":"","sources":["../../src/prompts/security-posture.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,uBAAuB,CAAC,MAAiB;IACvD,MAAM,CAAC,cAAc,CACnB,kBAAkB,EAClB;QACE,KAAK,EAAE,kBAAkB;QACzB,WAAW,EAAE,0EAA0E;KACxF,EACD,KAAK,IAAI,EAAE,CAAC,CAAC;QACX,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,MAAe;gBACrB,OAAO,EAAE;oBACP,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iIAgC+G;iBACtH;aACF;SACF;KACF,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/server.js

@@ -7,11 +7,16 @@ import { registerDownloadReport } from "./tools/download-report.js";
 import { registerGetCredits } from "./tools/get-credits.js";
 import { registerVerifyAttestation } from "./tools/verify-attestation.js";
 import { registerListDomains } from "./tools/list-domains.js";
+import { registerAnalyzeFindings } from "./prompts/analyze-findings.js";
+import { registerComparePentests } from "./prompts/compare-pentests.js";
+import { registerRunPentest } from "./prompts/run-pentest.js";
+import { registerSecurityPosture } from "./prompts/security-posture.js";
 export function createServer(client) {
     const server = new McpServer({
         name: "turbopentest",
-        version: "0.1.8",
+        version: "0.2.0",
     });
+    // Tools
     registerStartPentest(server, client);
     registerGetPentest(server, client);
     registerListPentests(server, client);
@@ -20,6 +25,11 @@ export function createServer(client) {
     registerGetCredits(server, client);
     registerVerifyAttestation(server, client);
     registerListDomains(server, client);
+    // Prompts
+    registerAnalyzeFindings(server);
+    registerComparePentests(server);
+    registerRunPentest(server);
+    registerSecurityPosture(server);
     return server;
 }
 //# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,UAAU,YAAY,CAAC,MAA0B;IACrD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,yBAAyB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEpC,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACpE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AAExE,MAAM,UAAU,YAAY,CAAC,MAA0B;IACrD,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,QAAQ;IACR,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACrC,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,sBAAsB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnC,yBAAyB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,mBAAmB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEpC,UAAU;IACV,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAChC,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAChC,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAEhC,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/package.json

@@ -1,46 +1,46 @@
-{
-  "name": "@turbopentest/mcp-server",
-  "version": "0.1.8",
-  "description": "MCP server for TurboPentest — AI-powered penetration testing from your coding assistant",
-  "type": "module",
-  "main": "dist/index.js",
-  "bin": {
-    "turbopentest-mcp": "dist/index.js"
-  },
-  "files": [
-    "dist"
-  ],
-  "scripts": {
-    "build": "tsc",
-    "dev": "tsx src/index.ts",
-    "prepublishOnly": "npm run build"
-  },
-  "keywords": [
-    "mcp",
-    "model-context-protocol",
-    "pentest",
-    "security",
-    "turbopentest",
-    "ai"
-  ],
-  "author": "IntegSec Inc.",
-  "license": "MIT",
-  "mcpName": "io.github.integsec/turbopentest",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/integsec/turbopentest-mcp.git"
-  },
-  "homepage": "https://turbopentest.com",
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.26.0",
-    "zod": "^4.3.6"
-  },
-  "devDependencies": {
-    "@types/node": "^25.3.5",
-    "tsx": "^4.19.0",
-    "typescript": "^5.7.0"
-  }
-}
+{
+  "name": "@turbopentest/mcp-server",
+  "version": "0.2.1",
+  "description": "MCP server for TurboPentest — AI-powered penetration testing from your coding assistant",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "turbopentest-mcp": "dist/index.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "pentest",
+    "security",
+    "turbopentest",
+    "ai"
+  ],
+  "author": "IntegSec Inc.",
+  "license": "MIT",
+  "mcpName": "io.github.integsec/turbopentest",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/integsec/turbopentest-mcp.git"
+  },
+  "homepage": "https://turbopentest.com",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.5",
+    "tsx": "^4.19.0",
+    "typescript": "^5.7.0"
+  }
+}