npm - cedar-mcp-server - Versions diffs - 1.0.0 - Mend

cedar-mcp-server 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (215) hide show

package/.editorconfig +12 -0
package/.github/workflows/ci.yml +31 -0
package/.github/workflows/release.yml +42 -0
package/.nvmrc +1 -0
package/CHANGELOG.md +241 -0
package/CONTRIBUTING.md +83 -0
package/LICENSE +182 -0
package/README.md +1635 -0
package/SECURITY.md +37 -0
package/dist/http-server.d.ts +61 -0
package/dist/http-server.d.ts.map +1 -0
package/dist/http-server.js +194 -0
package/dist/http-server.js.map +1 -0
package/dist/index.d.ts +32 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +270 -0
package/dist/index.js.map +1 -0
package/dist/parser/policy-ast.d.ts +49 -0
package/dist/parser/policy-ast.d.ts.map +1 -0
package/dist/parser/policy-ast.js +311 -0
package/dist/parser/policy-ast.js.map +1 -0
package/dist/prompts/index.d.ts +38 -0
package/dist/prompts/index.d.ts.map +1 -0
package/dist/prompts/index.js +172 -0
package/dist/prompts/index.js.map +1 -0
package/dist/resources/ref-resolver.d.ts +23 -0
package/dist/resources/ref-resolver.d.ts.map +1 -0
package/dist/resources/ref-resolver.js +128 -0
package/dist/resources/ref-resolver.js.map +1 -0
package/dist/resources/store-manager.d.ts +64 -0
package/dist/resources/store-manager.d.ts.map +1 -0
package/dist/resources/store-manager.js +221 -0
package/dist/resources/store-manager.js.map +1 -0
package/dist/server.d.ts +18 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +539 -0
package/dist/server.js.map +1 -0
package/dist/tools/advise/avp-rules.d.ts +49 -0
package/dist/tools/advise/avp-rules.d.ts.map +1 -0
package/dist/tools/advise/avp-rules.js +59 -0
package/dist/tools/advise/avp-rules.js.map +1 -0
package/dist/tools/advise/cedar-patterns.d.ts +24 -0
package/dist/tools/advise/cedar-patterns.d.ts.map +1 -0
package/dist/tools/advise/cedar-patterns.js +57 -0
package/dist/tools/advise/cedar-patterns.js.map +1 -0
package/dist/tools/advise/context-builder.d.ts +28 -0
package/dist/tools/advise/context-builder.d.ts.map +1 -0
package/dist/tools/advise/context-builder.js +89 -0
package/dist/tools/advise/context-builder.js.map +1 -0
package/dist/tools/advise/gotchas.d.ts +15 -0
package/dist/tools/advise/gotchas.d.ts.map +1 -0
package/dist/tools/advise/gotchas.js +83 -0
package/dist/tools/advise/gotchas.js.map +1 -0
package/dist/tools/advise.d.ts +96 -0
package/dist/tools/advise.d.ts.map +1 -0
package/dist/tools/advise.js +258 -0
package/dist/tools/advise.js.map +1 -0
package/dist/tools/authorize-batch.d.ts +35 -0
package/dist/tools/authorize-batch.d.ts.map +1 -0
package/dist/tools/authorize-batch.js +262 -0
package/dist/tools/authorize-batch.js.map +1 -0
package/dist/tools/authorize.d.ts +115 -0
package/dist/tools/authorize.d.ts.map +1 -0
package/dist/tools/authorize.js +373 -0
package/dist/tools/authorize.js.map +1 -0
package/dist/tools/check-change.d.ts +19 -0
package/dist/tools/check-change.d.ts.map +1 -0
package/dist/tools/check-change.js +91 -0
package/dist/tools/check-change.js.map +1 -0
package/dist/tools/diff-schema.d.ts +103 -0
package/dist/tools/diff-schema.d.ts.map +1 -0
package/dist/tools/diff-schema.js +379 -0
package/dist/tools/diff-schema.js.map +1 -0
package/dist/tools/diff-stores.d.ts +45 -0
package/dist/tools/diff-stores.d.ts.map +1 -0
package/dist/tools/diff-stores.js +222 -0
package/dist/tools/diff-stores.js.map +1 -0
package/dist/tools/explain.d.ts +80 -0
package/dist/tools/explain.d.ts.map +1 -0
package/dist/tools/explain.js +187 -0
package/dist/tools/explain.js.map +1 -0
package/dist/tools/format.d.ts +11 -0
package/dist/tools/format.d.ts.map +1 -0
package/dist/tools/format.js +20 -0
package/dist/tools/format.js.map +1 -0
package/dist/tools/generate-sample.d.ts +28 -0
package/dist/tools/generate-sample.d.ts.map +1 -0
package/dist/tools/generate-sample.js +568 -0
package/dist/tools/generate-sample.js.map +1 -0
package/dist/tools/link-template.d.ts +17 -0
package/dist/tools/link-template.d.ts.map +1 -0
package/dist/tools/link-template.js +78 -0
package/dist/tools/link-template.js.map +1 -0
package/dist/tools/list-template-links.d.ts +16 -0
package/dist/tools/list-template-links.d.ts.map +1 -0
package/dist/tools/list-template-links.js +22 -0
package/dist/tools/list-template-links.js.map +1 -0
package/dist/tools/list-templates.d.ts +16 -0
package/dist/tools/list-templates.d.ts.map +1 -0
package/dist/tools/list-templates.js +36 -0
package/dist/tools/list-templates.js.map +1 -0
package/dist/tools/translate.d.ts +11 -0
package/dist/tools/translate.d.ts.map +1 -0
package/dist/tools/translate.js +53 -0
package/dist/tools/translate.js.map +1 -0
package/dist/tools/validate-entities.d.ts +19 -0
package/dist/tools/validate-entities.d.ts.map +1 -0
package/dist/tools/validate-entities.js +88 -0
package/dist/tools/validate-entities.js.map +1 -0
package/dist/tools/validate-schema.d.ts +22 -0
package/dist/tools/validate-schema.d.ts.map +1 -0
package/dist/tools/validate-schema.js +89 -0
package/dist/tools/validate-schema.js.map +1 -0
package/dist/tools/validate-template.d.ts +18 -0
package/dist/tools/validate-template.d.ts.map +1 -0
package/dist/tools/validate-template.js +59 -0
package/dist/tools/validate-template.js.map +1 -0
package/dist/tools/validate.d.ts +90 -0
package/dist/tools/validate.d.ts.map +1 -0
package/dist/tools/validate.js +351 -0
package/dist/tools/validate.js.map +1 -0
package/dist/utils/format-detector.d.ts +49 -0
package/dist/utils/format-detector.d.ts.map +1 -0
package/dist/utils/format-detector.js +298 -0
package/dist/utils/format-detector.js.map +1 -0
package/examples/README.md +36 -0
package/examples/abac-multi-tenant/README.md +150 -0
package/examples/abac-multi-tenant/entities/users-and-docs.json +33 -0
package/examples/abac-multi-tenant/policies/member-read-internal.cedar +9 -0
package/examples/abac-multi-tenant/policies/owner-full-access.cedar +9 -0
package/examples/abac-multi-tenant/policies/premium-share-guard.cedar +9 -0
package/examples/abac-multi-tenant/policies/private-doc-guard.cedar +13 -0
package/examples/abac-multi-tenant/run.ts +92 -0
package/examples/abac-multi-tenant/schema.json +60 -0
package/examples/api-gateway-path-routing/README.md +154 -0
package/examples/api-gateway-path-routing/entities/users-and-roles.json +20 -0
package/examples/api-gateway-path-routing/policies/admin-full-access.cedar +6 -0
package/examples/api-gateway-path-routing/policies/developer-projects.cedar +14 -0
package/examples/api-gateway-path-routing/policies/viewer-readonly.cedar +10 -0
package/examples/api-gateway-path-routing/run.ts +108 -0
package/examples/api-gateway-path-routing/schema.json +54 -0
package/examples/rbac-document-management/README.md +167 -0
package/examples/rbac-document-management/entities/users-and-docs.json +43 -0
package/examples/rbac-document-management/policies/admin.cedar +6 -0
package/examples/rbac-document-management/policies/editor.cedar +6 -0
package/examples/rbac-document-management/policies/top-secret-forbid.cedar +13 -0
package/examples/rbac-document-management/policies/viewer.cedar +6 -0
package/examples/rbac-document-management/run.ts +87 -0
package/examples/rbac-document-management/schema.json +57 -0
package/package.json +50 -0
package/src/http-server.ts +239 -0
package/src/index.ts +294 -0
package/src/parser/policy-ast.ts +345 -0
package/src/prompts/README.md +3 -0
package/src/prompts/index.ts +217 -0
package/src/resources/ref-resolver.ts +134 -0
package/src/resources/store-manager.ts +248 -0
package/src/server.ts +711 -0
package/src/tools/advise/avp-rules.ts +70 -0
package/src/tools/advise/cedar-patterns.ts +73 -0
package/src/tools/advise/context-builder.ts +109 -0
package/src/tools/advise/gotchas.ts +92 -0
package/src/tools/advise.ts +366 -0
package/src/tools/authorize-batch.ts +345 -0
package/src/tools/authorize.ts +464 -0
package/src/tools/check-change.ts +119 -0
package/src/tools/diff-schema.ts +510 -0
package/src/tools/diff-stores.ts +298 -0
package/src/tools/explain.ts +278 -0
package/src/tools/format.ts +33 -0
package/src/tools/generate-sample.ts +665 -0
package/src/tools/link-template.ts +109 -0
package/src/tools/list-template-links.ts +41 -0
package/src/tools/list-templates.ts +55 -0
package/src/tools/translate.ts +66 -0
package/src/tools/validate-entities.ts +125 -0
package/src/tools/validate-schema.ts +128 -0
package/src/tools/validate-template.ts +72 -0
package/src/tools/validate.ts +459 -0
package/src/utils/format-detector.ts +356 -0
package/test/fixtures/docmgmt.ts +121 -0
package/test/fixtures/multitenant.ts +163 -0
package/test/index.test.ts +96 -0
package/test/integration/e2e/behavior.test.ts +359 -0
package/test/integration/e2e/edge-cases.test.ts +365 -0
package/test/integration/e2e/failure-modes.test.ts +266 -0
package/test/integration/e2e/protocol.test.ts +252 -0
package/test/integration/http-smoke.test.ts +588 -0
package/test/integration/smoke.test.ts +475 -0
package/test/prompts/prompts.test.ts +173 -0
package/test/property/properties.test.ts +234 -0
package/test/resources/ref-resolver.test.ts +186 -0
package/test/resources/store-manager.test.ts +344 -0
package/test/setup.test.ts +7 -0
package/test/tools/advise/avp-rules.test.ts +76 -0
package/test/tools/advise.test.ts +339 -0
package/test/tools/authorize-batch.test.ts +459 -0
package/test/tools/authorize.test.ts +682 -0
package/test/tools/check-change.test.ts +104 -0
package/test/tools/cross-fixture.test.ts +170 -0
package/test/tools/diff-schema.test.ts +355 -0
package/test/tools/diff-stores.test.ts +291 -0
package/test/tools/explain.test.ts +221 -0
package/test/tools/format.test.ts +33 -0
package/test/tools/generate-sample.test.ts +480 -0
package/test/tools/link-template.test.ts +90 -0
package/test/tools/list-templates.test.ts +151 -0
package/test/tools/translate.test.ts +89 -0
package/test/tools/validate-entities.test.ts +178 -0
package/test/tools/validate-schema.test.ts +86 -0
package/test/tools/validate-template.test.ts +89 -0
package/test/tools/validate.test.ts +331 -0
package/test/utils/format-detector.test.ts +518 -0
package/tsconfig.json +17 -0
package/vitest.config.ts +13 -0

package/SECURITY.md ADDED Viewed

@@ -0,0 +1,37 @@
+# Security
+## Trust boundary
+`cedar-mcp-server` is a local MCP server. It runs as a child process on the same machine as the MCP client (Claude Code, Claude Desktop, Cursor, etc.). The trust model is: the client and its workspace are trusted. The server does not authenticate callers, enforce rate limits, or apply any network-level access controls.
+Do not expose this server over a network without an authentication layer in front of it. The stdio transport (`npx cedar-mcp-server`) is local-only by design.
+## What the server does
+- Evaluates Cedar policies and authorization requests in-process using `@cedar-policy/cedar-wasm`. No network calls.
+- Reads `.cedar` and `.cedarschema` / `.json` files from directories configured as MCP Roots. Reads only; never writes to the filesystem.
+- Calls the MCP client's `sampling/createMessage` capability for `cedar_advise`. The client decides whether to fulfill the sampling request and which model to use.
+## What the server does NOT do
+- Makes no calls to AWS APIs or Amazon Verified Permissions.
+- Makes no outbound network requests of any kind.
+- Does not write, modify, or delete files on disk.
+- Does not execute arbitrary code from policy inputs.
+- Does not store policy text, entity data, or authorization results anywhere outside the MCP conversation.
+## Input validation
+**Policy IDs.** Policy files are loaded from the `policies/` subdirectory of each configured root. Policy IDs are derived from filenames and validated against `^[a-zA-Z0-9_-]+$` before use. IDs containing path separators or `..` sequences are rejected. This prevents directory traversal attacks on the policy store.
+**Root URIs.** Only `file://` URIs are accepted as MCP Roots. Non-`file://` URIs (e.g. `http://`) are rejected at load time.
+**Policy and schema text.** Cedar policies and schemas passed as inline text or read from disk are evaluated inside the `@cedar-policy/cedar-wasm` WASM sandbox. They cannot execute arbitrary code. Malformed input returns a structured error, not a process crash.
+**Entity JSON.** Entity data is parsed and passed to the Cedar evaluator. It is not executed. Excessively large entity payloads may cause slow evaluation but do not create a code execution path.
+## Reporting a vulnerability
+If you find a security issue in this project, open a [GitHub Issue](https://github.com/Pigius/cedar-mcp-server/issues) with the label `security`. For issues you prefer not to disclose publicly, email the maintainer directly (contact via the GitHub profile).
+Please include: a description of the issue, steps to reproduce, and the potential impact.

package/dist/http-server.d.ts ADDED Viewed

@@ -0,0 +1,61 @@
+import { type Server as HttpServer } from "node:http";
+export interface HttpServerOptions {
+    port: number;
+    host?: string;
+    roots?: Array<{
+        name: string;
+        path: string;
+    }>;
+    /** Max concurrent HTTP sessions. New sessions over the cap receive 503.
+     *  Default: 100. Override via env CEDAR_MAX_HTTP_SESSIONS or this option. */
+    maxSessions?: number;
+    /** Idle session TTL in milliseconds. A session unused for longer is evicted
+     *  by the reaper. Default: 30 minutes. Override via env
+     *  CEDAR_HTTP_SESSION_IDLE_TTL_MS or this option. */
+    sessionIdleTtlMs?: number;
+    /** How often the reaper scans for stale sessions. Default: 60 seconds.
+     *  Mostly relevant for tests; production deploys can leave the default. */
+    reaperIntervalMs?: number;
+}
+export interface RunningHttpServer {
+    httpServer: HttpServer;
+    port: number;
+    host: string;
+    close(): Promise<void>;
+}
+/**
+ * Boot cedar-mcp-server in Streamable HTTP mode.
+ *
+ * Per-session model: each MCP session gets its own McpServer + transport pair.
+ * The Streamable HTTP spec mandates this because each session has independent
+ * protocol state (initialized handshake, message history, capabilities).
+ *
+ * Shared across all sessions: the storeManager singleton. The deployment model
+ * is "one server per policy-store set, many team clients all seeing the same
+ * roots." Roots are deployer-configured via CLI flags at startup; client
+ * listRoots() is NOT called in HTTP mode. For per-tenant isolation, deploy
+ * multiple processes.
+ *
+ * Resource management:
+ *   - Max-sessions cap: new sessions over the limit receive HTTP 503. This is
+ *     backpressure, not eviction — existing sessions are not interrupted to
+ *     make room. Default 100; override via maxSessions option or
+ *     CEDAR_MAX_HTTP_SESSIONS env var.
+ *   - Idle TTL: a reaper scans periodically and evicts sessions whose last
+ *     observed request exceeds the TTL. Default 30 min idle / 60s scan;
+ *     override via sessionIdleTtlMs / reaperIntervalMs options or env vars.
+ *     This catches the case where transport.onclose doesn't fire (e.g.,
+ *     network partition, TCP RST) and prevents the sessions map from leaking.
+ *
+ * Session lifecycle:
+ *   1. Client POSTs to /mcp without Mcp-Session-Id → server creates a new
+ *      session (transport + server pair), runs initialize, returns the
+ *      session ID in the response header. New sessions over maxSessions are
+ *      rejected with HTTP 503.
+ *   2. Subsequent requests with that Mcp-Session-Id route to the same pair
+ *      and refresh its lastActiveAt timestamp.
+ *   3. transport.onclose fires on graceful disconnect → session removed.
+ *   4. Reaper sweeps idle sessions out periodically as a backstop.
+ */
+export declare function startHttpServer(options: HttpServerOptions): Promise<RunningHttpServer>;
+//# sourceMappingURL=http-server.d.ts.map

package/dist/http-server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-server.d.ts","sourceRoot":"","sources":["../src/http-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAoC,KAAK,MAAM,IAAI,UAAU,EAAE,MAAM,WAAW,CAAC;AAQxF,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC9C;iFAC6E;IAC7E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;yDAEqD;IACrD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;+EAC2E;IAC3E,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,UAAU,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAiK5F"}

package/dist/http-server.js ADDED Viewed

@@ -0,0 +1,194 @@
+import { createServer as createHttpServer } from "node:http";
+import { randomUUID } from "node:crypto";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import { createMcpExpressApp } from "@modelcontextprotocol/sdk/server/express.js";
+import express from "express";
+import { createServer } from "./server.js";
+import { storeManager } from "./resources/store-manager.js";
+const DEFAULT_MAX_SESSIONS = 100;
+const DEFAULT_SESSION_IDLE_TTL_MS = 30 * 60 * 1000; // 30 min
+const DEFAULT_REAPER_INTERVAL_MS = 60 * 1000; // 1 min
+/**
+ * Boot cedar-mcp-server in Streamable HTTP mode.
+ *
+ * Per-session model: each MCP session gets its own McpServer + transport pair.
+ * The Streamable HTTP spec mandates this because each session has independent
+ * protocol state (initialized handshake, message history, capabilities).
+ *
+ * Shared across all sessions: the storeManager singleton. The deployment model
+ * is "one server per policy-store set, many team clients all seeing the same
+ * roots." Roots are deployer-configured via CLI flags at startup; client
+ * listRoots() is NOT called in HTTP mode. For per-tenant isolation, deploy
+ * multiple processes.
+ *
+ * Resource management:
+ *   - Max-sessions cap: new sessions over the limit receive HTTP 503. This is
+ *     backpressure, not eviction — existing sessions are not interrupted to
+ *     make room. Default 100; override via maxSessions option or
+ *     CEDAR_MAX_HTTP_SESSIONS env var.
+ *   - Idle TTL: a reaper scans periodically and evicts sessions whose last
+ *     observed request exceeds the TTL. Default 30 min idle / 60s scan;
+ *     override via sessionIdleTtlMs / reaperIntervalMs options or env vars.
+ *     This catches the case where transport.onclose doesn't fire (e.g.,
+ *     network partition, TCP RST) and prevents the sessions map from leaking.
+ *
+ * Session lifecycle:
+ *   1. Client POSTs to /mcp without Mcp-Session-Id → server creates a new
+ *      session (transport + server pair), runs initialize, returns the
+ *      session ID in the response header. New sessions over maxSessions are
+ *      rejected with HTTP 503.
+ *   2. Subsequent requests with that Mcp-Session-Id route to the same pair
+ *      and refresh its lastActiveAt timestamp.
+ *   3. transport.onclose fires on graceful disconnect → session removed.
+ *   4. Reaper sweeps idle sessions out periodically as a backstop.
+ */
+export async function startHttpServer(options) {
+    const host = options.host ?? "127.0.0.1";
+    const maxSessions = options.maxSessions
+        ?? (Number(process.env.CEDAR_MAX_HTTP_SESSIONS) || DEFAULT_MAX_SESSIONS);
+    const sessionIdleTtlMs = options.sessionIdleTtlMs
+        ?? (Number(process.env.CEDAR_HTTP_SESSION_IDLE_TTL_MS) || DEFAULT_SESSION_IDLE_TTL_MS);
+    const reaperIntervalMs = options.reaperIntervalMs ?? DEFAULT_REAPER_INTERVAL_MS;
+    // Load deployer-configured roots before the server starts accepting traffic.
+    // Shared by all sessions via the storeManager singleton.
+    if (options.roots && options.roots.length > 0) {
+        storeManager.loadFromRoots(options.roots.map((r) => ({ uri: `file://${r.path}`, name: r.name })));
+    }
+    const sessions = new Map();
+    async function createSession() {
+        const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID(),
+        });
+        const server = createServer();
+        await server.connect(transport);
+        transport.onclose = () => {
+            // Only drop the session-map entry here. Do NOT call server.close():
+            // server.close() triggers transport close, which fires this handler
+            // again. The McpServer becomes unreferenced and gets GC'd. The shared
+            // WASM module lives at process scope, not per-session.
+            const sid = transport.sessionId;
+            if (sid && sessions.has(sid)) {
+                sessions.delete(sid);
+            }
+        };
+        return { transport, server, lastActiveAt: Date.now() };
+    }
+    // Reaper: evict sessions whose lastActiveAt is older than the idle TTL.
+    // Collect-then-delete pattern avoids mid-iteration map mutation when the
+    // transport.close() callback re-enters the sessions map.
+    const reaper = setInterval(() => {
+        const cutoff = Date.now() - sessionIdleTtlMs;
+        const toEvict = [];
+        for (const [sid, sess] of sessions.entries()) {
+            if (sess.lastActiveAt < cutoff)
+                toEvict.push(sid);
+        }
+        for (const sid of toEvict) {
+            const sess = sessions.get(sid);
+            if (sess) {
+                sessions.delete(sid);
+                void sess.transport.close().catch(() => { });
+            }
+        }
+    }, reaperIntervalMs);
+    // Don't keep the Node event loop alive just for the reaper — let the
+    // process exit cleanly when the HTTP server closes.
+    reaper.unref();
+    const app = createMcpExpressApp({ host });
+    app.use(express.json({ limit: "10mb" }));
+    app.post("/mcp", async (req, res) => {
+        try {
+            const sessionIdHeader = req.headers["mcp-session-id"];
+            const sessionId = Array.isArray(sessionIdHeader) ? sessionIdHeader[0] : sessionIdHeader;
+            let session;
+            if (sessionId && sessions.has(sessionId)) {
+                session = sessions.get(sessionId);
+                if (session)
+                    session.lastActiveAt = Date.now();
+            }
+            else {
+                // New session — apply backpressure if at cap. We do this BEFORE
+                // creating the transport/server pair to avoid leaking resources
+                // on rejection.
+                if (sessions.size >= maxSessions) {
+                    res.status(503).json({
+                        error: "Too many concurrent MCP sessions",
+                        message: `Server is at the max-session limit of ${maxSessions}. Try again later, or run multiple processes for higher capacity.`,
+                        active_sessions: sessions.size,
+                        max_sessions: maxSessions,
+                    });
+                    return;
+                }
+                session = await createSession();
+            }
+            if (!session) {
+                res.status(400).json({ error: "Could not establish MCP session" });
+                return;
+            }
+            await session.transport.handleRequest(req, res, req.body);
+            // After the initialize request completes the transport will have set
+            // its sessionId. Register the session under that ID so subsequent
+            // requests find it.
+            const sidAfter = session.transport.sessionId;
+            if (sidAfter && !sessions.has(sidAfter)) {
+                sessions.set(sidAfter, session);
+            }
+        }
+        catch (e) {
+            if (!res.headersSent) {
+                res.status(500).json({
+                    error: "Internal MCP transport error",
+                    message: e instanceof Error ? e.message : String(e),
+                });
+            }
+        }
+    });
+    app.get("/health", (_req, res) => {
+        res.json({
+            status: "ok",
+            transport: "streamable-http",
+            mode: "stateful",
+            active_sessions: sessions.size,
+            max_sessions: maxSessions,
+            session_idle_ttl_ms: sessionIdleTtlMs,
+        });
+    });
+    const httpServer = createHttpServer(app);
+    await new Promise((resolve, reject) => {
+        httpServer.once("error", reject);
+        httpServer.listen(options.port, host, () => {
+            httpServer.off("error", reject);
+            resolve();
+        });
+    });
+    // eslint-disable-next-line no-console
+    console.error(`[cedar-mcp-server] Streamable HTTP listening on http://${host}:${options.port}/mcp (max_sessions=${maxSessions}, idle_ttl=${Math.round(sessionIdleTtlMs / 1000)}s)`);
+    if (options.roots && options.roots.length > 0) {
+        // eslint-disable-next-line no-console
+        console.error(`[cedar-mcp-server] Loaded ${options.roots.length} root(s): ${options.roots.map((r) => r.name).join(", ")}`);
+    }
+    else {
+        // eslint-disable-next-line no-console
+        console.error("[cedar-mcp-server] WARNING: no --root flags supplied; tools that depend on a configured store will error.");
+    }
+    return {
+        httpServer,
+        port: options.port,
+        host,
+        async close() {
+            clearInterval(reaper);
+            // Close all sessions first so each McpServer cleans up its WASM state
+            for (const session of sessions.values()) {
+                try {
+                    await session.server.close();
+                }
+                catch { /* ignore */ }
+            }
+            sessions.clear();
+            await new Promise((resolve, reject) => {
+                httpServer.close((err) => (err ? reject(err) : resolve()));
+            });
+        },
+    };
+}
+//# sourceMappingURL=http-server.js.map

package/dist/http-server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-server.js","sourceRoot":"","sources":["../src/http-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,IAAI,gBAAgB,EAA6B,MAAM,WAAW,CAAC;AACxF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,mBAAmB,EAAE,MAAM,6CAA6C,CAAC;AAClF,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAiC5D,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACjC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,SAAS;AAC7D,MAAM,0BAA0B,GAAG,EAAE,GAAG,IAAI,CAAC,CAAO,QAAQ;AAE5D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAA0B;IAC9D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,WAAW,CAAC;IACzC,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW;WAClC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,oBAAoB,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB;WAC5C,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,IAAI,2BAA2B,CAAC,CAAC;IACzF,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,0BAA0B,CAAC;IAEhF,6EAA6E;IAC7E,yDAAyD;IACzD,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,YAAY,CAAC,aAAa,CACxB,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CACtE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAmB,CAAC;IAE5C,KAAK,UAAU,aAAa;QAC1B,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;YAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;SACvC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;QAC9B,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAEhC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YACvB,oEAAoE;YACpE,oEAAoE;YACpE,sEAAsE;YACtE,uDAAuD;YACvD,MAAM,GAAG,GAAG,SAAS,CAAC,SAAS,CAAC;YAChC,IAAI,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;QACH,CAAC,CAAC;QAEF,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IACzD,CAAC;IAED,wEAAwE;IACxE,yEAAyE;IACzE,yDAAyD;IACzD,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,EAAE;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;QAC7C,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC7C,IAAI,IAAI,CAAC,YAAY,GAAG,MAAM;gBAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,IAAI,EAAE,CAAC;gBACT,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAgB,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;IACH,CAAC,EAAE,gBAAgB,CAAC,CAAC;IACrB,qEAAqE;IACrE,oDAAoD;IACpD,MAAM,CAAC,KAAK,EAAE,CAAC;IAEf,MAAM,GAAG,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAEzC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;YACtD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;YAExF,IAAI,OAA4B,CAAC;YACjC,IAAI,SAAS,IAAI,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACzC,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBAClC,IAAI,OAAO;oBAAE,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACjD,CAAC;iBAAM,CAAC;gBACN,gEAAgE;gBAChE,gEAAgE;gBAChE,gBAAgB;gBAChB,IAAI,QAAQ,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;oBACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,KAAK,EAAE,kCAAkC;wBACzC,OAAO,EAAE,yCAAyC,WAAW,mEAAmE;wBAChI,eAAe,EAAE,QAAQ,CAAC,IAAI;wBAC9B,YAAY,EAAE,WAAW;qBAC1B,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;gBACD,OAAO,GAAG,MAAM,aAAa,EAAE,CAAC;YAClC,CAAC;YAED,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAE1D,qEAAqE;YACrE,kEAAkE;YAClE,oBAAoB;YACpB,MAAM,QAAQ,GAAG,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC;YAC7C,IAAI,QAAQ,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,8BAA8B;oBACrC,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC/B,GAAG,CAAC,IAAI,CAAC;YACP,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,iBAAiB;YAC5B,IAAI,EAAE,UAAU;YAChB,eAAe,EAAE,QAAQ,CAAC,IAAI;YAC9B,YAAY,EAAE,WAAW;YACzB,mBAAmB,EAAE,gBAAgB;SACtC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IAEzC,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACjC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;YACzC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAChC,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,sCAAsC;IACtC,OAAO,CAAC,KAAK,CAAC,0DAA0D,IAAI,IAAI,OAAO,CAAC,IAAI,sBAAsB,WAAW,cAAc,IAAI,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;IACpL,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,sCAAsC;QACtC,OAAO,CAAC,KAAK,CAAC,6BAA6B,OAAO,CAAC,KAAK,CAAC,MAAM,aAAa,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7H,CAAC;SAAM,CAAC;QACN,sCAAsC;QACtC,OAAO,CAAC,KAAK,CAAC,2GAA2G,CAAC,CAAC;IAC7H,CAAC;IAED,OAAO;QACL,UAAU;QACV,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,IAAI;QACJ,KAAK,CAAC,KAAK;YACT,aAAa,CAAC,MAAM,CAAC,CAAC;YACtB,sEAAsE;YACtE,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;gBACxC,IAAI,CAAC;oBACH,MAAM,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC/B,CAAC;gBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC1B,CAAC;YACD,QAAQ,CAAC,KAAK,EAAE,CAAC;YACjB,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1C,UAAU,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAC7D,CAAC,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+#!/usr/bin/env node
+/**
+ * Synchronously populate StoreManager with the cwd-fallback store, if the
+ * cwd looks like a Cedar workspace. Returns the loaded root descriptor when
+ * a store was loaded, or null otherwise.
+ *
+ * Round 5 dogfood (Scenario E) found that emitting `notifications/resources/list_changed`
+ * AFTER an async cwd-fallback (kickoff-11 11a) was insufficient: Claude Code's
+ * `listMcpResources` does not honor `list_changed` for cache invalidation, so a
+ * client that snapshots `resources/list` once on the initialize response stays
+ * stuck on the empty pre-fallback snapshot regardless of any later notification.
+ *
+ * The fix is structural: populate StoreManager BEFORE the transport accepts
+ * any client requests. `process.cwd()` is available at startup; there is no
+ * need to wait for the transport. By the time the client can send any
+ * request, the store already exists.
+ *
+ * Security: rejects filesystem-root cwds (`/`) and any cwd whose basename is
+ * empty after normalization. Without this guard, the cwd-fallback would push
+ * an empty-path root into StoreManager, and the per-store path sandbox
+ * (`isPathAllowed`, which uses `startsWith(store.path)`) would return true
+ * for every filesystem path. StoreManager.loadFromRoots also refuses
+ * empty-path roots as a second layer of defense, but rejecting here keeps
+ * the cwd-fallback's intent narrow (workspace-shaped cwds only).
+ *
+ * Exported so unit tests can exercise it without spawning a stdio process.
+ */
+export declare function populateCwdFallback(cwd: string): {
+    uri: string;
+    name: string;
+} | null;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAyBA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAMrF"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,270 @@
+#!/usr/bin/env node
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { RootsListChangedNotificationSchema } from "@modelcontextprotocol/sdk/types.js";
+import { existsSync } from "node:fs";
+import { join, basename } from "node:path";
+import { createServer } from "./server.js";
+import { storeManager } from "./resources/store-manager.js";
+import { startHttpServer } from "./http-server.js";
+/**
+ * A directory "looks like a Cedar workspace" if it has at least one of:
+ *   - schema.cedarschema  (preferred)
+ *   - schema.json         (fallback)
+ *   - policies/           (per-file policies layout)
+ *
+ * This is the same convention StoreManager uses to read a loaded root.
+ */
+function looksLikeCedarWorkspace(path) {
+    return (existsSync(join(path, "schema.cedarschema")) ||
+        existsSync(join(path, "schema.json")) ||
+        existsSync(join(path, "policies")));
+}
+/**
+ * Synchronously populate StoreManager with the cwd-fallback store, if the
+ * cwd looks like a Cedar workspace. Returns the loaded root descriptor when
+ * a store was loaded, or null otherwise.
+ *
+ * Round 5 dogfood (Scenario E) found that emitting `notifications/resources/list_changed`
+ * AFTER an async cwd-fallback (kickoff-11 11a) was insufficient: Claude Code's
+ * `listMcpResources` does not honor `list_changed` for cache invalidation, so a
+ * client that snapshots `resources/list` once on the initialize response stays
+ * stuck on the empty pre-fallback snapshot regardless of any later notification.
+ *
+ * The fix is structural: populate StoreManager BEFORE the transport accepts
+ * any client requests. `process.cwd()` is available at startup; there is no
+ * need to wait for the transport. By the time the client can send any
+ * request, the store already exists.
+ *
+ * Security: rejects filesystem-root cwds (`/`) and any cwd whose basename is
+ * empty after normalization. Without this guard, the cwd-fallback would push
+ * an empty-path root into StoreManager, and the per-store path sandbox
+ * (`isPathAllowed`, which uses `startsWith(store.path)`) would return true
+ * for every filesystem path. StoreManager.loadFromRoots also refuses
+ * empty-path roots as a second layer of defense, but rejecting here keeps
+ * the cwd-fallback's intent narrow (workspace-shaped cwds only).
+ *
+ * Exported so unit tests can exercise it without spawning a stdio process.
+ */
+export function populateCwdFallback(cwd) {
+    if (cwd === "/" || basename(cwd).length === 0)
+        return null;
+    if (!looksLikeCedarWorkspace(cwd))
+        return null;
+    const cwdRoot = { uri: `file://${cwd}`, name: basename(cwd) };
+    storeManager.loadFromRoots([cwdRoot]);
+    return cwdRoot;
+}
+function parseArgs(argv) {
+    const args = argv.slice(2);
+    const out = { mode: "stdio", roots: [] };
+    for (let i = 0; i < args.length; i++) {
+        const a = args[i];
+        if (a === "--help" || a === "-h") {
+            return { mode: "help", roots: [] };
+        }
+        else if (a === "--http") {
+            const portArg = args[i + 1];
+            if (!portArg || portArg.startsWith("--")) {
+                return { mode: "help", roots: [], error: "--http requires a port number (e.g. --http 3000)" };
+            }
+            const port = Number(portArg);
+            if (!Number.isInteger(port) || port < 1 || port > 65535) {
+                return { mode: "help", roots: [], error: `--http port must be an integer between 1 and 65535 (got '${portArg}')` };
+            }
+            out.mode = "http";
+            out.port = port;
+            i++;
+        }
+        else if (a === "--host") {
+            const hostArg = args[i + 1];
+            if (!hostArg || hostArg.startsWith("--")) {
+                return { mode: "help", roots: [], error: "--host requires a hostname (e.g. --host 0.0.0.0)" };
+            }
+            out.host = hostArg;
+            i++;
+        }
+        else if (a === "--root") {
+            const rootArg = args[i + 1];
+            if (!rootArg || rootArg.startsWith("--")) {
+                return { mode: "help", roots: [], error: "--root requires a name=path value (e.g. --root production=/etc/cedar/prod)" };
+            }
+            const eq = rootArg.indexOf("=");
+            if (eq <= 0 || eq === rootArg.length - 1) {
+                return { mode: "help", roots: [], error: `--root must be name=path (got '${rootArg}')` };
+            }
+            const name = rootArg.slice(0, eq);
+            const path = rootArg.slice(eq + 1);
+            out.roots.push({ name, path });
+            i++;
+        }
+        else {
+            return { mode: "help", roots: [], error: `Unknown argument: ${a}` };
+        }
+    }
+    if (out.mode === "stdio" && out.roots.length > 0) {
+        return { mode: "help", roots: [], error: "--root flags are only used with --http mode; in stdio mode roots come from the MCP client" };
+    }
+    return out;
+}
+function printUsage(error) {
+    if (error) {
+        // eslint-disable-next-line no-console
+        console.error(`Error: ${error}\n`);
+    }
+    // eslint-disable-next-line no-console
+    console.error(`cedar-mcp-server — MCP server for Cedar policy language
+Usage:
+  cedar-mcp-server                              Start in stdio mode (default; for npx/Claude Code)
+  cedar-mcp-server --http <port> [options]      Start in Streamable HTTP mode for shared team deployment
+HTTP options:
+  --http <port>            Listen port (1-65535)
+  --host <host>            Bind host (default: 127.0.0.1; use 0.0.0.0 for non-localhost; you handle auth via reverse proxy)
+  --root <name>=<path>     Repeatable; deployer-configured policy store ("production=/etc/cedar/prod")
+Notes:
+  - Stdio mode: roots are negotiated with the MCP client via listRoots(); --root flags are not allowed.
+  - HTTP mode: stateful Streamable HTTP transport with session IDs. ALL clients share the same roots and policy stores (deployment model: one server per policy-store set). For per-tenant isolation, run multiple processes.
+  - HTTP mode default-binds to localhost with DNS-rebinding protection. Non-localhost binding is on you to secure (reverse proxy + auth).
+Examples:
+  cedar-mcp-server
+  cedar-mcp-server --http 3000 --root production=/etc/cedar/production --root staging=/etc/cedar/staging
+  cedar-mcp-server --http 3000 --host 0.0.0.0 --root prod=/etc/cedar/prod
+`);
+}
+/**
+ * Reconcile StoreManager state with whatever the MCP client advertises via
+ * `listRoots()`. Called from `oninitialized` AND on every
+ * `notifications/roots/list_changed` from the client.
+ *
+ * Precedence rules:
+ *  - Client-advertised roots REPLACE any sync-loaded cwd-fallback. A client
+ *    that explicitly advertises roots is stating authoritative intent; the
+ *    cwd-fallback was an "if you didn't tell me anything" default.
+ *  - Client returns ZERO roots (or doesn't support listRoots): preserve the
+ *    sync-loaded cwd-fallback. We do NOT call `loadFromRoots([])` here
+ *    because StoreManager.loadFromRoots clears the store as its first step,
+ *    which would wipe the cwd-fallback populated synchronously at startup.
+ *
+ * `sendResourceListChanged` always fires at the end: cache-aware clients use
+ * it to refetch when the store membership changes. Idempotent if nothing
+ * actually changed.
+ */
+async function loadRootsStdio(server) {
+    let clientRoots = [];
+    let clientSupportsRoots = true;
+    try {
+        const result = await server.server.listRoots();
+        clientRoots = result.roots;
+    }
+    catch {
+        clientSupportsRoots = false;
+    }
+    // Reconcile StoreManager state from the current (clientRoots, cwd) tuple.
+    // Stateless re-derivation: each call to loadRootsStdio computes the right
+    // state from scratch rather than mutating the previous state. This matters
+    // when a client advertised roots earlier and then retracts them via
+    // `roots/list_changed`; without re-derivation the stale advertised roots
+    // would leak forward instead of falling back to cwd.
+    if (clientRoots.length > 0) {
+        storeManager.loadFromRoots(clientRoots);
+        console.error(`[cedar-mcp-server] Loaded ${clientRoots.length} root(s) from MCP client: ${clientRoots.map((r) => r.uri).join(", ")} (replaces any sync-loaded cwd-fallback).`);
+    }
+    else {
+        const fallback = populateCwdFallback(process.cwd());
+        if (fallback) {
+            console.error(`[cedar-mcp-server] MCP client advertised 0 roots; using cwd-fallback store "${fallback.name}" (re-derived).`);
+        }
+        else {
+            storeManager.loadFromRoots([]);
+            if (clientSupportsRoots) {
+                console.error("[cedar-mcp-server] MCP client returned 0 roots and cwd does not look like a Cedar workspace (no schema.cedarschema, schema.json, or policies/ dir). Cedar tools will require inline inputs.");
+            }
+            else {
+                console.error("[cedar-mcp-server] MCP client does not support roots/list and cwd does not look like a Cedar workspace. Cedar tools will require inline inputs.");
+            }
+        }
+    }
+    // kickoff-11 11a notification: cache-aware clients refetch on this. The
+    // synchronous cwd-fallback from runStdio means the FIRST resources/list
+    // already sees the populated store (this is the Round 5 fix), so this
+    // notification is most useful for the late-arriving-roots case (client
+    // sends roots/list_changed mid-session, swapping the store set). McpServer
+    // makes it a no-op when not connected, so it's safe to call from any path.
+    server.sendResourceListChanged();
+}
+async function runStdio() {
+    const server = createServer();
+    // Round 5 fix: populate StoreManager BEFORE the transport accepts any
+    // client requests. The previous shape (cwd-fallback inside `oninitialized`
+    // → kickoff-11 sendResourceListChanged) was contract-correct against the
+    // MCP spec but did not hold against Claude Code, which snapshots
+    // resources/list once on the initialize response and does not honor
+    // list_changed for the `listMcpResources` cache. Synchronous population
+    // before connect closes the window entirely.
+    //
+    // Edge case (kickoff-10 audit Probe C): if process.cwd() is the
+    // cedar-mcp-server repo itself, it currently has none of schema.cedarschema,
+    // schema.json, or policies/ — looksLikeCedarWorkspace returns false. If a
+    // future commit adds a top-level policies/ directory (for examples or
+    // similar) the fallback would self-load. Flag in CHANGELOG if that
+    // ever happens.
+    const loaded = populateCwdFallback(process.cwd());
+    if (loaded) {
+        console.error(`[cedar-mcp-server] Synchronously auto-loaded cwd as workspace store: "${loaded.name}" (${loaded.uri}). StoreManager populated before transport accepts requests.`);
+    }
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    server.server.oninitialized = async () => {
+        await loadRootsStdio(server);
+    };
+    server.server.setNotificationHandler(RootsListChangedNotificationSchema, async () => {
+        await loadRootsStdio(server);
+    });
+    process.on("SIGINT", async () => {
+        await server.close();
+        process.exit(0);
+    });
+    process.on("SIGTERM", async () => {
+        await server.close();
+        process.exit(0);
+    });
+}
+async function runHttp(parsed) {
+    const running = await startHttpServer({
+        port: parsed.port,
+        host: parsed.host,
+        roots: parsed.roots,
+    });
+    const shutdown = async () => {
+        try {
+            await running.close();
+        }
+        finally {
+            process.exit(0);
+        }
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+}
+async function main() {
+    const parsed = parseArgs(process.argv);
+    if (parsed.mode === "help") {
+        printUsage(parsed.error);
+        process.exit(parsed.error ? 1 : 0);
+    }
+    if (parsed.mode === "http") {
+        await runHttp(parsed);
+    }
+    else {
+        await runStdio();
+    }
+}
+main().catch((err) => {
+    // eslint-disable-next-line no-console
+    console.error("Fatal error:", err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,kCAAkC,EAAE,MAAM,oCAAoC,CAAC;AACxF,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAEnD;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAAC,IAAY;IAC3C,OAAO,CACL,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QAC5C,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACrC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC,CACnC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAW;IAC7C,IAAI,GAAG,KAAK,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3D,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,MAAM,OAAO,GAAG,EAAE,GAAG,EAAE,UAAU,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9D,YAAY,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACtC,OAAO,OAAO,CAAC;AACjB,CAAC;AAUD,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,GAAG,GAAe,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAErD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QACnB,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACjC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACrC,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAE,CAAC;YAChG,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,KAAK,EAAE,CAAC;gBACxD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,4DAA4D,OAAO,IAAI,EAAE,CAAC;YACrH,CAAC;YACD,GAAG,CAAC,IAAI,GAAG,MAAM,CAAC;YAClB,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;YAChB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,kDAAkD,EAAE,CAAC;YAChG,CAAC;YACD,GAAG,CAAC,IAAI,GAAG,OAAO,CAAC;YACnB,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,4EAA4E,EAAE,CAAC;YAC1H,CAAC;YACD,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,KAAK,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,kCAAkC,OAAO,IAAI,EAAE,CAAC;YAC3F,CAAC;YACD,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAClC,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YACnC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/B,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,qBAAqB,CAAC,EAAE,EAAE,CAAC;QACtE,CAAC;IACH,CAAC;IAED,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,2FAA2F,EAAE,CAAC;IACzI,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,IAAI,KAAK,EAAE,CAAC;QACV,sCAAsC;QACtC,OAAO,CAAC,KAAK,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;IACrC,CAAC;IACD,sCAAsC;IACtC,OAAO,CAAC,KAAK,CACX;;;;;;;;;;;;;;;;;;;;CAoBH,CACE,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,KAAK,UAAU,cAAc,CAAC,MAAgD;IAC5E,IAAI,WAAW,GAA0C,EAAE,CAAC;IAC5D,IAAI,mBAAmB,GAAG,IAAI,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC/C,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB,GAAG,KAAK,CAAC;IAC9B,CAAC;IAED,0EAA0E;IAC1E,0EAA0E;IAC1E,2EAA2E;IAC3E,oEAAoE;IACpE,yEAAyE;IACzE,qDAAqD;IACrD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,YAAY,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;QACxC,OAAO,CAAC,KAAK,CAAC,6BAA6B,WAAW,CAAC,MAAM,6BAA6B,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACjL,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACpD,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,+EAA+E,QAAQ,CAAC,IAAI,iBAAiB,CAAC,CAAC;QAC/H,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;YAC/B,IAAI,mBAAmB,EAAE,CAAC;gBACxB,OAAO,CAAC,KAAK,CAAC,6LAA6L,CAAC,CAAC;YAC/M,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,iJAAiJ,CAAC,CAAC;YACnK,CAAC;QACH,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,wEAAwE;IACxE,sEAAsE;IACtE,uEAAuE;IACvE,2EAA2E;IAC3E,2EAA2E;IAC3E,MAAM,CAAC,uBAAuB,EAAE,CAAC;AACnC,CAAC;AAED,KAAK,UAAU,QAAQ;IACrB,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAE9B,sEAAsE;IACtE,2EAA2E;IAC3E,yEAAyE;IACzE,iEAAiE;IACjE,oEAAoE;IACpE,wEAAwE;IACxE,6CAA6C;IAC7C,EAAE;IACF,gEAAgE;IAChE,6EAA6E;IAC7E,0EAA0E;IAC1E,sEAAsE;IACtE,mEAAmE;IACnE,gBAAgB;IAChB,MAAM,MAAM,GAAG,mBAAmB,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IAClD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,yEAAyE,MAAM,CAAC,IAAI,MAAM,MAAM,CAAC,GAAG,8DAA8D,CAAC,CAAC;IACpL,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,MAAM,CAAC,MAAM,CAAC,aAAa,GAAG,KAAK,IAAI,EAAE;QACvC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC,CAAC;IAEF,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAClC,kCAAkC,EAClC,KAAK,IAAI,EAAE;QACT,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC,CACF,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;QAC9B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE;QAC/B,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,MAAkB;IACvC,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC,IAAK;QAClB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;QAC1B,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,KAAK,EAAE,CAAC;QACxB,CAAC;gBAAS,CAAC;YACT,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACxB,CAAC;SAAM,CAAC;QACN,MAAM,QAAQ,EAAE,CAAC;IACnB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,sCAAsC;IACtC,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IACnC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}