freshcontext-mcp 0.1.2 → 0.1.3

package/dist/adapters/github.js

@@ -1,5 +1,8 @@
 import { chromium } from "playwright";
+import { validateUrl } from "../security.js";
 export async function githubAdapter(options) {
+    const safeUrl = validateUrl(options.url, "github");
+    options = { ...options, url: safeUrl };
     const browser = await chromium.launch({ headless: true });
     const page = await browser.newPage();
     // Spoof a real browser UA to avoid bot detection

package/dist/adapters/hackernews.js

@@ -1,6 +1,8 @@
 import { chromium } from "playwright";
+import { validateUrl } from "../security.js";
 export async function hackerNewsAdapter(options) {
-    // If it's an Algolia API URL or search query, use the REST API directly (no browser)
+    // Validate URL — allow both HN and Algolia domains
+    validateUrl(options.url, "hackernews");
     const url = options.url;
     if (url.includes("hn.algolia.com/api/") || url.startsWith("hn-search:")) {
         const query = url.startsWith("hn-search:")

package/dist/adapters/packageTrends.js

@@ -1,8 +1,8 @@
+import { sanitizePackages } from "../security.js";
 // Uses npm registry API + PyPI JSON API (no auth needed)
 export async function packageTrendsAdapter(options) {
-    // options.url is the package name or a comma-separated list
-    // e.g. "langchain" or "npm:langchain" or "pypi:langchain"
-    const raw_input = options.url.replace(/^https?:\/\//, "").trim();
+    // Sanitize package input
+    const raw_input = sanitizePackages(options.url.replace(/^https?:\/\//, "").trim());
     // Parse ecosystem prefix
     const parts = raw_input.split(",").map((s) => s.trim());
     const results = [];

package/dist/adapters/repoSearch.js

@@ -1,8 +1,9 @@
+import { sanitizeQuery } from "../security.js";
 // Uses GitHub Search API (no auth needed for basic search)
 export async function repoSearchAdapter(options) {
-    // options.url is treated as the search query string
-    // e.g. "mcp server typescript" or a full GitHub search URL
-    let query = options.url;
+    // Sanitize query input
+    const query_input = sanitizeQuery(options.url);
+    let query = query_input;
     // If it's a full URL, extract the query param
     try {
         const parsed = new URL(options.url);

package/dist/adapters/scholar.js

@@ -1,5 +1,8 @@
 import { chromium } from "playwright";
+import { validateUrl } from "../security.js";
 export async function scholarAdapter(options) {
+    const safeUrl = validateUrl(options.url, "scholar");
+    options = { ...options, url: safeUrl };
     const browser = await chromium.launch({ headless: true });
     const page = await browser.newPage();
     await page.setExtraHTTPHeaders({

package/dist/adapters/yc.js

@@ -1,5 +1,8 @@
 import { chromium } from "playwright";
+import { validateUrl } from "../security.js";
 export async function ycAdapter(options) {
+    const safeUrl = validateUrl(options.url, "yc");
+    options = { ...options, url: safeUrl };
     const browser = await chromium.launch({ headless: true });
     const page = await browser.newPage();
     // YC company directory is React-rendered — wait for network to settle

package/dist/security.js

@@ -0,0 +1,117 @@
+/**
+ * freshcontext-mcp security module
+ * Input sanitization, domain allowlists, and request validation
+ */
+// ─── Allowed domains per adapter ────────────────────────────────────────────
+export const ALLOWED_DOMAINS = {
+    github: ["github.com", "raw.githubusercontent.com"],
+    scholar: ["scholar.google.com"],
+    hackernews: ["news.ycombinator.com", "hn.algolia.com"],
+    yc: ["www.ycombinator.com", "ycombinator.com"],
+    repoSearch: [], // uses GitHub API directly, no browser
+    packageTrends: [], // uses npm/PyPI APIs directly, no browser
+};
+// ─── Blocked IP ranges and internal hostnames ────────────────────────────────
+const BLOCKED_PATTERNS = [
+    /^localhost$/i,
+    /^127\.\d+\.\d+\.\d+$/,
+    /^10\.\d+\.\d+\.\d+$/,
+    /^172\.(1[6-9]|2\d|3[01])\.\d+\.\d+$/,
+    /^192\.168\.\d+\.\d+$/,
+    /^169\.254\.\d+\.\d+$/, // AWS metadata
+    /^0\.0\.0\.0$/,
+    /^::1$/,
+    /^fc00:/i,
+    /^fe80:/i,
+];
+// ─── Max length limits ────────────────────────────────────────────────────────
+export const MAX_URL_LENGTH = 500;
+export const MAX_QUERY_LENGTH = 200;
+export const MAX_PACKAGES_LENGTH = 300;
+// ─── Validation errors ───────────────────────────────────────────────────────
+export class SecurityError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "SecurityError";
+    }
+}
+// ─── URL validator ───────────────────────────────────────────────────────────
+export function validateUrl(rawUrl, adapterName) {
+    // Length check
+    if (!rawUrl || rawUrl.trim().length === 0) {
+        throw new SecurityError("URL cannot be empty");
+    }
+    if (rawUrl.length > MAX_URL_LENGTH) {
+        throw new SecurityError(`URL exceeds maximum length of ${MAX_URL_LENGTH} characters`);
+    }
+    // Must be a valid URL
+    let parsed;
+    try {
+        parsed = new URL(rawUrl.trim());
+    }
+    catch {
+        throw new SecurityError(`Invalid URL format: ${rawUrl}`);
+    }
+    // Must use http or https
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+        throw new SecurityError(`Protocol not allowed: ${parsed.protocol}. Only http/https permitted.`);
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    // Block internal/private IPs and hostnames
+    for (const pattern of BLOCKED_PATTERNS) {
+        if (pattern.test(hostname)) {
+            throw new SecurityError(`Access to internal/private addresses is not permitted: ${hostname}`);
+        }
+    }
+    // Domain allowlist check (skip if allowlist is empty — means no browser used)
+    const allowedDomains = ALLOWED_DOMAINS[adapterName];
+    if (allowedDomains && allowedDomains.length > 0) {
+        const isAllowed = allowedDomains.some((domain) => hostname === domain || hostname.endsWith(`.${domain}`));
+        if (!isAllowed) {
+            throw new SecurityError(`Domain not allowed for ${adapterName} adapter: ${hostname}. ` +
+                `Allowed domains: ${allowedDomains.join(", ")}`);
+        }
+    }
+    return parsed.toString();
+}
+// ─── Query string sanitizer ──────────────────────────────────────────────────
+export function sanitizeQuery(query, maxLength = MAX_QUERY_LENGTH) {
+    if (!query || query.trim().length === 0) {
+        throw new SecurityError("Query cannot be empty");
+    }
+    const trimmed = query.trim().slice(0, maxLength);
+    // Strip null bytes and control characters
+    const cleaned = trimmed.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+    if (cleaned.length === 0) {
+        throw new SecurityError("Query contains no valid characters after sanitization");
+    }
+    return cleaned;
+}
+// ─── Package name sanitizer ──────────────────────────────────────────────────
+export function sanitizePackages(input) {
+    if (!input || input.trim().length === 0) {
+        throw new SecurityError("Package name cannot be empty");
+    }
+    if (input.length > MAX_PACKAGES_LENGTH) {
+        throw new SecurityError(`Package input exceeds maximum length of ${MAX_PACKAGES_LENGTH} characters`);
+    }
+    // Only allow valid npm/PyPI package name characters, commas, colons (for npm:/pypi: prefix)
+    const cleaned = input
+        .trim()
+        .replace(/[^a-zA-Z0-9@/._\-,:]/g, "")
+        .slice(0, MAX_PACKAGES_LENGTH);
+    if (cleaned.length === 0) {
+        throw new SecurityError("Package name contains no valid characters after sanitization");
+    }
+    return cleaned;
+}
+// ─── Error formatter ─────────────────────────────────────────────────────────
+export function formatSecurityError(err) {
+    if (err instanceof SecurityError) {
+        return `[Security] ${err.message}`;
+    }
+    if (err instanceof Error) {
+        return `[Error] ${err.message}`;
+    }
+    return "[Error] Unknown error occurred";
+}

package/dist/server.js

@@ -8,6 +8,7 @@ import { ycAdapter } from "./adapters/yc.js";
 import { repoSearchAdapter } from "./adapters/repoSearch.js";
 import { packageTrendsAdapter } from "./adapters/packageTrends.js";
 import { stampFreshness, formatForLLM } from "./tools/freshnessStamp.js";
+import { formatSecurityError } from "./security.js";
 const server = new McpServer({
     name: "freshcontext-mcp",
     version: "0.1.0",
@@ -21,9 +22,14 @@ server.registerTool("extract_github", {
     }),
     annotations: { readOnlyHint: true, openWorldHint: true },
 }, async ({ url, max_length }) => {
-    const result = await githubAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "github");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+        const result = await githubAdapter({ url, maxLength: max_length });
+        const ctx = stampFreshness(result, { url, maxLength: max_length }, "github");
+        return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
 });
 // ─── Tool: extract_scholar ───────────────────────────────────────────────────
 server.registerTool("extract_scholar", {
@@ -34,9 +40,14 @@ server.registerTool("extract_scholar", {
     }),
     annotations: { readOnlyHint: true, openWorldHint: true },
 }, async ({ url, max_length }) => {
-    const result = await scholarAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "google_scholar");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+        const result = await scholarAdapter({ url, maxLength: max_length });
+        const ctx = stampFreshness(result, { url, maxLength: max_length }, "google_scholar");
+        return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
 });
 // ─── Tool: extract_hackernews ────────────────────────────────────────────────
 server.registerTool("extract_hackernews", {
@@ -47,9 +58,14 @@ server.registerTool("extract_hackernews", {
     }),
     annotations: { readOnlyHint: true, openWorldHint: true },
 }, async ({ url, max_length }) => {
-    const result = await hackerNewsAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "hackernews");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+        const result = await hackerNewsAdapter({ url, maxLength: max_length });
+        const ctx = stampFreshness(result, { url, maxLength: max_length }, "hackernews");
+        return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
 });
 // ─── Tool: extract_yc ──────────────────────────────────────────────────────────
 server.registerTool("extract_yc", {
@@ -60,9 +76,14 @@ server.registerTool("extract_yc", {
     }),
     annotations: { readOnlyHint: true, openWorldHint: true },
 }, async ({ url, max_length }) => {
-    const result = await ycAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "ycombinator");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+        const result = await ycAdapter({ url, maxLength: max_length });
+        const ctx = stampFreshness(result, { url, maxLength: max_length }, "ycombinator");
+        return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
 });
 // ─── Tool: search_repos ──────────────────────────────────────────────────────
 server.registerTool("search_repos", {
@@ -73,9 +94,14 @@ server.registerTool("search_repos", {
     }),
     annotations: { readOnlyHint: true, openWorldHint: true },
 }, async ({ query, max_length }) => {
-    const result = await repoSearchAdapter({ url: query, maxLength: max_length });
-    const ctx = stampFreshness(result, { url: query, maxLength: max_length }, "github_search");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+        const result = await repoSearchAdapter({ url: query, maxLength: max_length });
+        const ctx = stampFreshness(result, { url: query, maxLength: max_length }, "github_search");
+        return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
 });
 // ─── Tool: package_trends ────────────────────────────────────────────────────
 server.registerTool("package_trends", {
@@ -86,9 +112,14 @@ server.registerTool("package_trends", {
     }),
     annotations: { readOnlyHint: true, openWorldHint: true },
 }, async ({ packages, max_length }) => {
-    const result = await packageTrendsAdapter({ url: packages, maxLength: max_length });
-    const ctx = stampFreshness(result, { url: packages, maxLength: max_length }, "package_registry");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+        const result = await packageTrendsAdapter({ url: packages, maxLength: max_length });
+        const ctx = stampFreshness(result, { url: packages, maxLength: max_length }, "package_registry");
+        return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    }
+    catch (err) {
+        return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
 });
 // ─── Tool: extract_landscape ─────────────────────────────────────────────────
 server.registerTool("extract_landscape", {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "freshcontext-mcp",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Real-time web extraction MCP server with freshness timestamps for AI agents",
   "keywords": [
     "mcp",

package/src/adapters/github.ts

@@ -1,7 +1,11 @@
 import { chromium } from "playwright";
 import { AdapterResult, ExtractOptions } from "../types.js";
+import { validateUrl } from "../security.js";
 
 export async function githubAdapter(options: ExtractOptions): Promise<AdapterResult> {
+  const safeUrl = validateUrl(options.url, "github");
+  options = { ...options, url: safeUrl };
+
   const browser = await chromium.launch({ headless: true });
   const page = await browser.newPage();
 

package/src/adapters/hackernews.ts

@@ -1,8 +1,10 @@
 import { chromium } from "playwright";
 import { AdapterResult, ExtractOptions } from "../types.js";
+import { validateUrl } from "../security.js";
 
 export async function hackerNewsAdapter(options: ExtractOptions): Promise<AdapterResult> {
-  // If it's an Algolia API URL or search query, use the REST API directly (no browser)
+  // Validate URL — allow both HN and Algolia domains
+  validateUrl(options.url, "hackernews");
   const url = options.url;
 
   if (url.includes("hn.algolia.com/api/") || url.startsWith("hn-search:")) {

package/src/adapters/packageTrends.ts

@@ -1,10 +1,10 @@
 import { AdapterResult, ExtractOptions } from "../types.js";
+import { sanitizePackages } from "../security.js";
 
 // Uses npm registry API + PyPI JSON API (no auth needed)
 export async function packageTrendsAdapter(options: ExtractOptions): Promise<AdapterResult> {
-  // options.url is the package name or a comma-separated list
-  // e.g. "langchain" or "npm:langchain" or "pypi:langchain"
-  const raw_input = options.url.replace(/^https?:\/\//, "").trim();
+  // Sanitize package input
+  const raw_input = sanitizePackages(options.url.replace(/^https?:\/\//, "").trim());
 
   // Parse ecosystem prefix
   const parts = raw_input.split(",").map((s) => s.trim());

package/src/adapters/repoSearch.ts

@@ -1,10 +1,11 @@
 import { AdapterResult, ExtractOptions } from "../types.js";
+import { sanitizeQuery } from "../security.js";
 
 // Uses GitHub Search API (no auth needed for basic search)
 export async function repoSearchAdapter(options: ExtractOptions): Promise<AdapterResult> {
-  // options.url is treated as the search query string
-  // e.g. "mcp server typescript" or a full GitHub search URL
-  let query = options.url;
+  // Sanitize query input
+  const query_input = sanitizeQuery(options.url);
+  let query = query_input;
 
   // If it's a full URL, extract the query param
   try {

package/src/adapters/scholar.ts

@@ -1,7 +1,11 @@
 import { chromium } from "playwright";
 import { AdapterResult, ExtractOptions } from "../types.js";
+import { validateUrl } from "../security.js";
 
 export async function scholarAdapter(options: ExtractOptions): Promise<AdapterResult> {
+  const safeUrl = validateUrl(options.url, "scholar");
+  options = { ...options, url: safeUrl };
+
   const browser = await chromium.launch({ headless: true });
   const page = await browser.newPage();
 

package/src/adapters/yc.ts

@@ -1,7 +1,11 @@
 import { chromium } from "playwright";
 import { AdapterResult, ExtractOptions } from "../types.js";
+import { validateUrl } from "../security.js";
 
 export async function ycAdapter(options: ExtractOptions): Promise<AdapterResult> {
+  const safeUrl = validateUrl(options.url, "yc");
+  options = { ...options, url: safeUrl };
+
   const browser = await chromium.launch({ headless: true });
   const page = await browser.newPage();
 

package/src/security.ts

@@ -0,0 +1,161 @@
+/**
+ * freshcontext-mcp security module
+ * Input sanitization, domain allowlists, and request validation
+ */
+
+// ─── Allowed domains per adapter ────────────────────────────────────────────
+
+export const ALLOWED_DOMAINS: Record<string, string[]> = {
+  github: ["github.com", "raw.githubusercontent.com"],
+  scholar: ["scholar.google.com"],
+  hackernews: ["news.ycombinator.com", "hn.algolia.com"],
+  yc: ["www.ycombinator.com", "ycombinator.com"],
+  repoSearch: [], // uses GitHub API directly, no browser
+  packageTrends: [], // uses npm/PyPI APIs directly, no browser
+};
+
+// ─── Blocked IP ranges and internal hostnames ────────────────────────────────
+
+const BLOCKED_PATTERNS = [
+  /^localhost$/i,
+  /^127\.\d+\.\d+\.\d+$/,
+  /^10\.\d+\.\d+\.\d+$/,
+  /^172\.(1[6-9]|2\d|3[01])\.\d+\.\d+$/,
+  /^192\.168\.\d+\.\d+$/,
+  /^169\.254\.\d+\.\d+$/, // AWS metadata
+  /^0\.0\.0\.0$/,
+  /^::1$/,
+  /^fc00:/i,
+  /^fe80:/i,
+];
+
+// ─── Max length limits ────────────────────────────────────────────────────────
+
+export const MAX_URL_LENGTH = 500;
+export const MAX_QUERY_LENGTH = 200;
+export const MAX_PACKAGES_LENGTH = 300;
+
+// ─── Validation errors ───────────────────────────────────────────────────────
+
+export class SecurityError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "SecurityError";
+  }
+}
+
+// ─── URL validator ───────────────────────────────────────────────────────────
+
+export function validateUrl(
+  rawUrl: string,
+  adapterName: keyof typeof ALLOWED_DOMAINS
+): string {
+  // Length check
+  if (!rawUrl || rawUrl.trim().length === 0) {
+    throw new SecurityError("URL cannot be empty");
+  }
+  if (rawUrl.length > MAX_URL_LENGTH) {
+    throw new SecurityError(
+      `URL exceeds maximum length of ${MAX_URL_LENGTH} characters`
+    );
+  }
+
+  // Must be a valid URL
+  let parsed: URL;
+  try {
+    parsed = new URL(rawUrl.trim());
+  } catch {
+    throw new SecurityError(`Invalid URL format: ${rawUrl}`);
+  }
+
+  // Must use http or https
+  if (!["http:", "https:"].includes(parsed.protocol)) {
+    throw new SecurityError(
+      `Protocol not allowed: ${parsed.protocol}. Only http/https permitted.`
+    );
+  }
+
+  const hostname = parsed.hostname.toLowerCase();
+
+  // Block internal/private IPs and hostnames
+  for (const pattern of BLOCKED_PATTERNS) {
+    if (pattern.test(hostname)) {
+      throw new SecurityError(
+        `Access to internal/private addresses is not permitted: ${hostname}`
+      );
+    }
+  }
+
+  // Domain allowlist check (skip if allowlist is empty — means no browser used)
+  const allowedDomains = ALLOWED_DOMAINS[adapterName];
+  if (allowedDomains && allowedDomains.length > 0) {
+    const isAllowed = allowedDomains.some(
+      (domain) => hostname === domain || hostname.endsWith(`.${domain}`)
+    );
+    if (!isAllowed) {
+      throw new SecurityError(
+        `Domain not allowed for ${adapterName} adapter: ${hostname}. ` +
+          `Allowed domains: ${allowedDomains.join(", ")}`
+      );
+    }
+  }
+
+  return parsed.toString();
+}
+
+// ─── Query string sanitizer ──────────────────────────────────────────────────
+
+export function sanitizeQuery(query: string, maxLength = MAX_QUERY_LENGTH): string {
+  if (!query || query.trim().length === 0) {
+    throw new SecurityError("Query cannot be empty");
+  }
+
+  const trimmed = query.trim().slice(0, maxLength);
+
+  // Strip null bytes and control characters
+  const cleaned = trimmed.replace(/[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]/g, "");
+
+  if (cleaned.length === 0) {
+    throw new SecurityError("Query contains no valid characters after sanitization");
+  }
+
+  return cleaned;
+}
+
+// ─── Package name sanitizer ──────────────────────────────────────────────────
+
+export function sanitizePackages(input: string): string {
+  if (!input || input.trim().length === 0) {
+    throw new SecurityError("Package name cannot be empty");
+  }
+
+  if (input.length > MAX_PACKAGES_LENGTH) {
+    throw new SecurityError(
+      `Package input exceeds maximum length of ${MAX_PACKAGES_LENGTH} characters`
+    );
+  }
+
+  // Only allow valid npm/PyPI package name characters, commas, colons (for npm:/pypi: prefix)
+  const cleaned = input
+    .trim()
+    .replace(/[^a-zA-Z0-9@/._\-,:]/g, "")
+    .slice(0, MAX_PACKAGES_LENGTH);
+
+  if (cleaned.length === 0) {
+    throw new SecurityError("Package name contains no valid characters after sanitization");
+  }
+
+  return cleaned;
+}
+
+// ─── Error formatter ─────────────────────────────────────────────────────────
+
+export function formatSecurityError(err: unknown): string {
+  if (err instanceof SecurityError) {
+    return `[Security] ${err.message}`;
+  }
+  if (err instanceof Error) {
+    return `[Error] ${err.message}`;
+  }
+  return "[Error] Unknown error occurred";
+}

package/src/server.ts

@@ -8,6 +8,7 @@ import { ycAdapter } from "./adapters/yc.js";
 import { repoSearchAdapter } from "./adapters/repoSearch.js";
 import { packageTrendsAdapter } from "./adapters/packageTrends.js";
 import { stampFreshness, formatForLLM } from "./tools/freshnessStamp.js";
+import { SecurityError, formatSecurityError } from "./security.js";
 
 const server = new McpServer({
   name: "freshcontext-mcp",
@@ -27,9 +28,13 @@ server.registerTool(
     annotations: { readOnlyHint: true, openWorldHint: true },
   },
   async ({ url, max_length }) => {
-    const result = await githubAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "github");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+      const result = await githubAdapter({ url, maxLength: max_length });
+      const ctx = stampFreshness(result, { url, maxLength: max_length }, "github");
+      return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    } catch (err) {
+      return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
   }
 );
 
@@ -46,9 +51,13 @@ server.registerTool(
     annotations: { readOnlyHint: true, openWorldHint: true },
   },
   async ({ url, max_length }) => {
-    const result = await scholarAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "google_scholar");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+      const result = await scholarAdapter({ url, maxLength: max_length });
+      const ctx = stampFreshness(result, { url, maxLength: max_length }, "google_scholar");
+      return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    } catch (err) {
+      return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
   }
 );
 
@@ -65,9 +74,13 @@ server.registerTool(
     annotations: { readOnlyHint: true, openWorldHint: true },
   },
   async ({ url, max_length }) => {
-    const result = await hackerNewsAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "hackernews");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+      const result = await hackerNewsAdapter({ url, maxLength: max_length });
+      const ctx = stampFreshness(result, { url, maxLength: max_length }, "hackernews");
+      return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    } catch (err) {
+      return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
   }
 );
 
@@ -84,9 +97,13 @@ server.registerTool(
     annotations: { readOnlyHint: true, openWorldHint: true },
   },
   async ({ url, max_length }) => {
-    const result = await ycAdapter({ url, maxLength: max_length });
-    const ctx = stampFreshness(result, { url, maxLength: max_length }, "ycombinator");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+      const result = await ycAdapter({ url, maxLength: max_length });
+      const ctx = stampFreshness(result, { url, maxLength: max_length }, "ycombinator");
+      return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    } catch (err) {
+      return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
   }
 );
 
@@ -103,9 +120,13 @@ server.registerTool(
     annotations: { readOnlyHint: true, openWorldHint: true },
   },
   async ({ query, max_length }) => {
-    const result = await repoSearchAdapter({ url: query, maxLength: max_length });
-    const ctx = stampFreshness(result, { url: query, maxLength: max_length }, "github_search");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+      const result = await repoSearchAdapter({ url: query, maxLength: max_length });
+      const ctx = stampFreshness(result, { url: query, maxLength: max_length }, "github_search");
+      return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    } catch (err) {
+      return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
   }
 );
 
@@ -122,9 +143,13 @@ server.registerTool(
     annotations: { readOnlyHint: true, openWorldHint: true },
   },
   async ({ packages, max_length }) => {
-    const result = await packageTrendsAdapter({ url: packages, maxLength: max_length });
-    const ctx = stampFreshness(result, { url: packages, maxLength: max_length }, "package_registry");
-    return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    try {
+      const result = await packageTrendsAdapter({ url: packages, maxLength: max_length });
+      const ctx = stampFreshness(result, { url: packages, maxLength: max_length }, "package_registry");
+      return { content: [{ type: "text", text: formatForLLM(ctx) }] };
+    } catch (err) {
+      return { content: [{ type: "text", text: formatSecurityError(err) }] };
+    }
   }
 );