@vengtoo/mcp-gateway 0.1.0

package/dist/authorize.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorize = void 0;
+const DEFAULT_CLOUD_URL = "https://api.vengtoo.com/access/v1/evaluation";
+const DEFAULT_TIMEOUT_MS = 10_000;
+function normalizeResponse(raw) {
+    const allowed = raw.decision ?? raw.allowed ?? false;
+    const reason = raw.context?.reason ?? raw.reason;
+    return { allowed, reason };
+}
+async function authorize(config, subjectId, toolName, args) {
+    const body = {
+        subject: { type: config.subjectType ?? "agent", id: subjectId },
+        resource: { type: config.resourceType ?? "mcp_tool", name: toolName, attributes: args },
+        action: { name: "invoke" },
+    };
+    const timeoutMs = config.vengtoo.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const auth = authHeader(config);
+    const endpoints = resolveEndpoints(config);
+    let lastError;
+    for (let i = 0; i < endpoints.length; i++) {
+        const url = endpoints[i];
+        const isLast = i === endpoints.length - 1;
+        try {
+            const res = await postJson(url, body, auth, timeoutMs);
+            if (res.ok)
+                return normalizeResponse((await res.json()));
+            const text = await safeText(res);
+            if (res.status === 401) {
+                return deny(`authentication failed — check your API key`);
+            }
+            if (res.status === 404) {
+                return deny(`no authorization policy configured for this tool`);
+            }
+            if (res.status >= 500 && !isLast) {
+                lastError = new Error(`${url}: ${res.status} ${text}`);
+                continue;
+            }
+            return deny(`authorization service error (${res.status})`);
+        }
+        catch (err) {
+            lastError = err;
+            if (isLast)
+                break;
+        }
+    }
+    console.error("[vengtoo-gateway] authorize failed:", lastError);
+    return deny(`authz unreachable: ${lastError?.message ?? "unknown"}`);
+}
+exports.authorize = authorize;
+function resolveEndpoints(config) {
+    const urls = [];
+    const a = config.vengtoo;
+    if (a.agentUrl) {
+        const base = a.agentUrl.replace(/\/$/, "");
+        urls.push(base.endsWith("/access/v1/evaluation") ? base : `${base}/access/v1/evaluation`);
+    }
+    if (a.cloudUrl)
+        urls.push(a.cloudUrl);
+    if (urls.length === 0)
+        urls.push(DEFAULT_CLOUD_URL);
+    return urls;
+}
+function authHeader(config) {
+    const a = config.vengtoo;
+    if (a.apiKey)
+        return `Bearer ${a.apiKey}`;
+    if (a.clientId && a.clientSecret) {
+        return `Basic ${Buffer.from(`${a.clientId}:${a.clientSecret}`).toString("base64")}`;
+    }
+    return undefined;
+}
+async function postJson(url, body, auth, timeoutMs) {
+    const headers = { "Content-Type": "application/json", Accept: "application/json" };
+    if (auth)
+        headers["Authorization"] = auth;
+    const controller = new AbortController();
+    const t = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        return await fetch(url, { method: "POST", headers, body: JSON.stringify(body), signal: controller.signal });
+    }
+    finally {
+        clearTimeout(t);
+    }
+}
+async function safeText(res) {
+    try {
+        return await res.text();
+    }
+    catch {
+        return "";
+    }
+}
+function deny(reason) {
+    return { allowed: false, reason };
+}

package/dist/classify.d.ts

@@ -0,0 +1,8 @@
+import type { DiscoveredTool } from "./utils";
+export type TrustLevel = "low" | "medium" | "high";
+export interface ClassifiedTool extends DiscoveredTool {
+    trust: TrustLevel;
+    schema: unknown;
+}
+export declare function classifyTool(toolName: string): TrustLevel;
+export declare function classifyTools(tools: DiscoveredTool[], schemas: Map<string, unknown>): ClassifiedTool[];

package/dist/classify.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.classifyTools = exports.classifyTool = void 0;
+const HIGH = /delete|remove|destroy|drop|purge|wipe/i;
+const MEDIUM = /create|write|update|insert|modify|send|post|execute|mutation/i;
+function classifyTool(toolName) {
+    const action = toolName.includes("__")
+        ? toolName.split("__").pop()
+        : toolName;
+    if (HIGH.test(action))
+        return "high";
+    if (MEDIUM.test(action))
+        return "medium";
+    return "low";
+}
+exports.classifyTool = classifyTool;
+function classifyTools(tools, schemas) {
+    return tools.map((t) => ({
+        ...t,
+        trust: classifyTool(t.qualifiedName),
+        schema: schemas.get(t.qualifiedName) ?? {},
+    }));
+}
+exports.classifyTools = classifyTools;

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -0,0 +1,104 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs_1 = require("fs");
+const path_1 = require("path");
+const gateway_1 = require("./gateway");
+const config = loadConfig();
+if (process.argv.includes("--list-tools")) {
+    Promise.resolve().then(() => __importStar(require("./list-tools"))).then((m) => m.listTools(config));
+}
+else if (process.argv.includes("--generate-policy")) {
+    const outFlag = process.argv.indexOf("--generate-policy");
+    const outPath = process.argv[outFlag + 1] || "policy.rego";
+    Promise.resolve().then(() => __importStar(require("./generate-policy"))).then((m) => m.generatePolicy(config, outPath));
+}
+else {
+    (0, gateway_1.startGateway)(config).catch((err) => {
+        console.error("[vengtoo-gateway] fatal:", err);
+        process.exit(1);
+    });
+}
+function loadConfig() {
+    const configFlag = process.argv.indexOf("--config");
+    const configPath = configFlag !== -1 && process.argv[configFlag + 1]
+        ? (0, path_1.resolve)(process.argv[configFlag + 1])
+        : (0, path_1.resolve)("gateway.config.json");
+    try {
+        const raw = (0, fs_1.readFileSync)(configPath, "utf-8");
+        const config = JSON.parse(raw);
+        if (!config.vengtoo)
+            throw new Error("missing 'vengtoo' section");
+        if (!config.subject)
+            throw new Error("missing 'subject'");
+        if (!config.servers || Object.keys(config.servers).length === 0) {
+            throw new Error("missing 'servers' — configure at least one downstream MCP server");
+        }
+        if (process.env.VENGTOO_API_KEY)
+            config.vengtoo.apiKey = process.env.VENGTOO_API_KEY;
+        if (process.env.VENGTOO_AGENT_URL)
+            config.vengtoo.agentUrl = process.env.VENGTOO_AGENT_URL;
+        if (process.env.VENGTOO_SUBJECT)
+            config.subject = process.env.VENGTOO_SUBJECT;
+        if (config.vengtoo.agentUrl) {
+            try {
+                new URL(config.vengtoo.agentUrl);
+            }
+            catch {
+                throw new Error(`'vengtoo.agentUrl' is not a valid URL: ${config.vengtoo.agentUrl}`);
+            }
+        }
+        if (config.vengtoo.cloudUrl) {
+            try {
+                new URL(config.vengtoo.cloudUrl);
+            }
+            catch {
+                throw new Error(`'vengtoo.cloudUrl' is not a valid URL: ${config.vengtoo.cloudUrl}`);
+            }
+        }
+        for (const [name, srv] of Object.entries(config.servers)) {
+            if (!srv.command || typeof srv.command !== "string") {
+                throw new Error(`server '${name}' must have a non-empty 'command' string`);
+            }
+        }
+        if (config.vengtoo.timeoutMs !== undefined) {
+            if (typeof config.vengtoo.timeoutMs !== "number" || config.vengtoo.timeoutMs <= 0) {
+                throw new Error(`'vengtoo.timeoutMs' must be a positive number`);
+            }
+        }
+        return config;
+    }
+    catch (err) {
+        if (err instanceof Error && "code" in err && err.code === "ENOENT") {
+            console.error(`Config not found: ${configPath}`);
+            console.error(`Usage: vengtoo-mcp-gateway --config <path>`);
+            process.exit(1);
+        }
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`Invalid config: ${message}`);
+        process.exit(1);
+    }
+}

package/dist/demo.d.ts

@@ -0,0 +1 @@
+export declare function runDemo(): Promise<void>;

package/dist/demo.js

@@ -0,0 +1,164 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runDemo = void 0;
+const path_1 = require("path");
+const index_js_1 = require("@modelcontextprotocol/sdk/client/index.js");
+const stdio_js_1 = require("@modelcontextprotocol/sdk/client/stdio.js");
+const AGENT_PORT = 8181;
+const AGENT_URL = `http://localhost:${AGENT_PORT}`;
+const TESTS = [
+    { name: "SELECT query", tool: "database__query", args: { sql: "SELECT * FROM users" }, expectAllow: true },
+    { name: "List tables", tool: "database__list_tables", args: {}, expectAllow: true },
+    { name: "Describe table", tool: "database__describe_table", args: { table: "users" }, expectAllow: true },
+    { name: "INSERT (safe write)", tool: "database__execute", args: { sql: "INSERT INTO users (email) VALUES ('test@test.com')" }, expectAllow: true },
+    { name: "DROP TABLE (destructive)", tool: "database__execute", args: { sql: "DROP TABLE users" }, expectAllow: false },
+    { name: "TRUNCATE (destructive)", tool: "database__execute", args: { sql: "TRUNCATE TABLE users" }, expectAllow: false },
+    { name: "DELETE FROM (destructive)", tool: "database__execute", args: { sql: "DELETE FROM users WHERE id = 1" }, expectAllow: false },
+    { name: "ALTER TABLE (destructive)", tool: "database__execute", args: { sql: "ALTER TABLE users DROP COLUMN email" }, expectAllow: false },
+];
+function log(msg) { console.error(msg); }
+function pass(msg) { console.error(`  \x1b[32m✓\x1b[0m ${msg}`); }
+function fail(msg) { console.error(`  \x1b[31m✗\x1b[0m ${msg}`); }
+function bold(msg) { return `\x1b[1m${msg}\x1b[0m`; }
+async function waitForAgent(timeoutMs = 10_000) {
+    const start = Date.now();
+    while (Date.now() - start < timeoutMs) {
+        try {
+            const res = await fetch(`${AGENT_URL}/readyz`);
+            if (res.ok)
+                return true;
+        }
+        catch { }
+        await new Promise((r) => setTimeout(r, 500));
+    }
+    return false;
+}
+function findDemoDir() {
+    // Works from dist/ (compiled) or src/ (dev)
+    const thisDir = __dirname;
+    const candidates = [
+        (0, path_1.resolve)(thisDir, "..", "demo"), // dist/../demo
+        (0, path_1.resolve)(thisDir, "..", "..", "demo"), // nested
+    ];
+    for (const c of candidates) {
+        try {
+            require("fs").accessSync((0, path_1.resolve)(c, "mock-servers", "database-server.mjs"));
+            return c;
+        }
+        catch { }
+    }
+    throw new Error("Could not find demo directory. Run from the authzx-mcp-gateway package root.");
+}
+async function runDemo() {
+    log("");
+    log(bold("  AuthzX MCP Gateway — Live Demo"));
+    log("  ─────────────────────────────────────────");
+    log("");
+    log("  This demo shows the gateway blocking destructive database");
+    log("  operations while allowing reads and safe writes.");
+    log("");
+    const demoDir = findDemoDir();
+    const policyPath = (0, path_1.resolve)(demoDir, "policies", "mcp-database-policy.rego");
+    const mockServerPath = (0, path_1.resolve)(demoDir, "mock-servers", "database-server.mjs");
+    const cliPath = (0, path_1.resolve)(__dirname, "cli.js");
+    // Step 1: Check if agent is running, or try to start it
+    log(bold("  Step 1: AuthzX Agent"));
+    log("");
+    log("  The agent evaluates your Rego policy on every tool call.");
+    log("  It must be running before the gateway can work.");
+    log("");
+    const agentReady = await waitForAgent(2_000);
+    if (agentReady) {
+        log("  \x1b[32m✓\x1b[0m Agent detected on :8181");
+    }
+    else {
+        log("  \x1b[31m✗ Agent not running on :8181\x1b[0m");
+        log("");
+        log("  Start it in another terminal:");
+        log("");
+        log("    # 1. Install the agent (Go binary)");
+        log("    #    Download from: https://github.com/authzx/authzx-agent/releases");
+        log("    #    Or build from source: go build -o authzx-agent ./cmd/agent/");
+        log("");
+        log("    # 2. Run with the demo policy");
+        log(`    authzx-agent --policy ${policyPath}`);
+        log("");
+        log("  Then run this demo again.");
+        process.exit(1);
+    }
+    // Step 2: Start gateway with mock database server
+    log("");
+    log(bold("  Step 2: Gateway + Mock Database Server"));
+    const gatewayConfig = {
+        authzx: { agentUrl: AGENT_URL },
+        subject: "agent:demo",
+        servers: {
+            database: {
+                command: "node",
+                args: [mockServerPath],
+            },
+        },
+    };
+    const configPath = (0, path_1.resolve)(demoDir, ".demo-runtime-config.json");
+    require("fs").writeFileSync(configPath, JSON.stringify(gatewayConfig, null, 2));
+    const transport = new stdio_js_1.StdioClientTransport({
+        command: "node",
+        args: [cliPath, "--config", configPath],
+    });
+    const client = new index_js_1.Client({ name: "authzx-demo", version: "1.0.0" }, { capabilities: {} });
+    await client.connect(transport);
+    const { tools } = await client.listTools();
+    log(`  Gateway started — ${tools.length} tools registered`);
+    for (const t of tools) {
+        log(`    • ${t.name}`);
+    }
+    // Step 3: Run tests
+    log("");
+    log(bold("  Step 3: Authorization Tests"));
+    log("");
+    let passed = 0;
+    let failed_count = 0;
+    for (const test of TESTS) {
+        const result = await client.callTool({ name: test.tool, arguments: test.args });
+        const isError = result.isError === true;
+        const text = result.content[0]?.text ?? "";
+        const wasDenied = isError && text.includes("Authorization denied");
+        const wasAllowed = !wasDenied;
+        if (wasAllowed === test.expectAllow) {
+            const label = test.expectAllow ? "ALLOWED" : "DENIED";
+            pass(`${test.name} → ${label}`);
+            passed++;
+        }
+        else {
+            const expected = test.expectAllow ? "ALLOW" : "DENY";
+            const got = wasAllowed ? "ALLOW" : "DENY";
+            fail(`${test.name} → expected ${expected}, got ${got}`);
+            failed_count++;
+        }
+        if (wasDenied) {
+            const reason = text.replace("Authorization denied for tool \"" + test.tool + "\": ", "");
+            log(`    └─ ${reason}`);
+        }
+    }
+    // Cleanup
+    try {
+        require("fs").unlinkSync(configPath);
+    }
+    catch { }
+    log("");
+    log("  ─────────────────────────────────────────");
+    log(`  ${bold(`${passed}/${TESTS.length} passed`)}${failed_count > 0 ? ` (${failed_count} failed)` : ""}`);
+    log("");
+    if (failed_count === 0) {
+        log("  \x1b[32m✓ All tests passed!\x1b[0m The gateway correctly blocked");
+        log("    destructive operations while allowing safe ones.");
+        log("");
+        log("  Next steps:");
+        log("    1. Replace the mock server with your real MCP servers");
+        log("    2. Edit the Rego policy to match your requirements");
+        log("    3. Add the gateway to your .mcp.json");
+        log("");
+    }
+    process.exit(failed_count > 0 ? 1 : 0);
+}
+exports.runDemo = runDemo;

package/dist/drift.d.ts

@@ -0,0 +1,4 @@
+import type { DriftEvent, DriftSeverity, ServerSnapshot, ToolSnapshot } from "./types";
+export declare function detectDrift(serverName: string, oldSnapshot: ServerSnapshot, newTools: ToolSnapshot[]): DriftEvent[];
+export declare function maxSeverity(events: DriftEvent[]): DriftSeverity | null;
+export declare function logDriftEvents(events: DriftEvent[]): void;

package/dist/drift.js

@@ -0,0 +1,128 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logDriftEvents = exports.maxSeverity = exports.detectDrift = void 0;
+function detectDrift(serverName, oldSnapshot, newTools) {
+    const events = [];
+    const oldMap = new Map(oldSnapshot.tools.map((t) => [t.name, t]));
+    const newMap = new Map(newTools.map((t) => [t.name, t]));
+    for (const [name, oldTool] of oldMap) {
+        if (!newMap.has(name)) {
+            events.push({
+                toolName: name,
+                serverName,
+                severity: "CRITICAL",
+                changeType: "tool_removed",
+                message: `Tool "${name}" was removed from server "${serverName}"`,
+            });
+            continue;
+        }
+        const newTool = newMap.get(name);
+        events.push(...compareTools(serverName, oldTool, newTool));
+    }
+    for (const name of newMap.keys()) {
+        if (!oldMap.has(name)) {
+            events.push({
+                toolName: name,
+                serverName,
+                severity: "WARNING",
+                changeType: "tool_added",
+                message: `New tool "${name}" appeared on server "${serverName}"`,
+            });
+        }
+    }
+    return events.sort((a, b) => severityRank(a.severity) - severityRank(b.severity));
+}
+exports.detectDrift = detectDrift;
+function compareTools(serverName, oldTool, newTool) {
+    const events = [];
+    if (oldTool.description !== newTool.description) {
+        events.push({
+            toolName: oldTool.name,
+            serverName,
+            severity: "INFO",
+            changeType: "description_changed",
+            oldValue: oldTool.description,
+            newValue: newTool.description,
+            message: `Description changed for tool "${oldTool.name}"`,
+        });
+    }
+    const oldProps = getProperties(oldTool.inputSchema);
+    const newProps = getProperties(newTool.inputSchema);
+    for (const key of Object.keys(oldProps)) {
+        if (!(key in newProps)) {
+            events.push({
+                toolName: oldTool.name,
+                serverName,
+                severity: "CRITICAL",
+                changeType: "parameter_removed",
+                field: key,
+                oldValue: oldProps[key],
+                message: `Parameter "${key}" removed from tool "${oldTool.name}"`,
+            });
+        }
+        else if (oldProps[key]?.type !== newProps[key]?.type) {
+            events.push({
+                toolName: oldTool.name,
+                serverName,
+                severity: "CRITICAL",
+                changeType: "type_changed",
+                field: key,
+                oldValue: oldProps[key]?.type,
+                newValue: newProps[key]?.type,
+                message: `Parameter "${key}" type changed from "${oldProps[key]?.type}" to "${newProps[key]?.type}" in tool "${oldTool.name}"`,
+            });
+        }
+    }
+    for (const key of Object.keys(newProps)) {
+        if (!(key in oldProps)) {
+            events.push({
+                toolName: oldTool.name,
+                serverName,
+                severity: "WARNING",
+                changeType: "parameter_added",
+                field: key,
+                newValue: newProps[key],
+                message: `Parameter "${key}" added to tool "${oldTool.name}"`,
+            });
+        }
+    }
+    return events;
+}
+function getProperties(schema) {
+    if (typeof schema === "object" &&
+        schema !== null &&
+        "properties" in schema &&
+        typeof schema.properties === "object") {
+        return schema.properties;
+    }
+    return {};
+}
+function maxSeverity(events) {
+    if (events.length === 0)
+        return null;
+    if (events.some((e) => e.severity === "CRITICAL"))
+        return "CRITICAL";
+    if (events.some((e) => e.severity === "WARNING"))
+        return "WARNING";
+    return "INFO";
+}
+exports.maxSeverity = maxSeverity;
+function logDriftEvents(events) {
+    for (const e of events) {
+        console.error(`[vengtoo-gateway] DRIFT ${e.severity}: ${e.message}`);
+    }
+    if (events.length > 0) {
+        const critical = events.filter((e) => e.severity === "CRITICAL").length;
+        const warning = events.filter((e) => e.severity === "WARNING").length;
+        const info = events.filter((e) => e.severity === "INFO").length;
+        console.error(`[vengtoo-gateway] drift summary: ${critical} critical, ${warning} warning, ${info} info`);
+    }
+}
+exports.logDriftEvents = logDriftEvents;
+function severityRank(s) {
+    switch (s) {
+        case "CRITICAL": return 0;
+        case "WARNING": return 1;
+        case "INFO": return 2;
+    }
+}

package/dist/gateway-id.d.ts

@@ -0,0 +1 @@
+export declare function getOrCreateGatewayId(): string;

package/dist/gateway-id.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOrCreateGatewayId = void 0;
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const VENGTOO_DIR = (0, path_1.join)(process.cwd(), ".vengtoo");
+const ID_FILE = (0, path_1.join)(VENGTOO_DIR, "gateway.id");
+function getOrCreateGatewayId() {
+    if ((0, fs_1.existsSync)(ID_FILE)) {
+        return (0, fs_1.readFileSync)(ID_FILE, "utf-8").trim();
+    }
+    (0, fs_1.mkdirSync)(VENGTOO_DIR, { recursive: true });
+    const id = `gw_${(0, crypto_1.randomUUID)().replace(/-/g, "").slice(0, 16)}`;
+    (0, fs_1.writeFileSync)(ID_FILE, id, "utf-8");
+    return id;
+}
+exports.getOrCreateGatewayId = getOrCreateGatewayId;

package/dist/gateway.d.ts

@@ -0,0 +1,2 @@
+import type { GatewayConfig } from "./types";
+export declare function startGateway(config: GatewayConfig): Promise<void>;