git-doc-mcp 0.1.0

package/dist/cli/index.js

@@ -0,0 +1,71 @@
+#!/usr/bin/env node
+/**
+ * git-doc-mcp CLI entry point.
+ *
+ * Usage:
+ *   npx git-doc-mcp --manifest <url-or-path> [options]
+ *   npx git-doc-mcp serve --manifest <url-or-path> [options]
+ *
+ * Options:
+ *   --manifest <path>          URL or local path to manifest.yml
+ *   --manifest-header <header> Header for fetching manifest (can be repeated)
+ *   --manifest-hash <hash>     Expected manifest hash (for pinning)
+ *   --action-code-header <h>   Header for downloading action scripts
+ *   --secret <name=value>      Pre-approved secret (can be repeated)
+ *   --help                     Show help
+ *   --version                  Show version
+ */
+import { Command } from 'commander';
+import { serveCommand } from './commands/serve.js';
+const program = new Command();
+program
+    .name('git-doc-mcp')
+    .description('Turn any manifest into an MCP server')
+    .version('0.1.0');
+// Top-level options (allow running without 'serve' subcommand)
+program
+    .option('--manifest <path>', 'URL or local path to manifest.yml')
+    .option('--manifest-header <header>', 'Header for fetching manifest (can be repeated)', collect, [])
+    .option('--manifest-hash <hash>', 'Expected manifest hash for pinning')
+    .option('--action-code-header <header>', 'Header for downloading action scripts', collect, [])
+    .option('--resource-header <header>', 'Header for fetching resources (can be repeated)', collect, [])
+    .option('--secret <name=value>', 'Pre-approved secret (can be repeated)', collect, [])
+    .option('--timeout <ms>', 'Worker timeout in milliseconds', '60000')
+    .option('--memory-limit <bytes>', 'Memory limit for sandbox', '134217728')
+    .option('--allow-http', 'Allow insecure HTTP connections (default: HTTPS-only)', false)
+    .option('--trust-changed', 'Accept manifest changes on TOFU hash mismatch', false)
+    .option('--rate-limit <calls-per-minute>', 'Rate limit for tool calls (0 = unlimited)', '60')
+    .action((options) => {
+    // If --manifest is provided at top level, run serve directly
+    if (options.manifest) {
+        return serveCommand(options);
+    }
+    // Otherwise show help
+    program.outputHelp();
+});
+// 'serve' subcommand (explicit)
+program
+    .command('serve')
+    .description('Start MCP server from a manifest')
+    .requiredOption('--manifest <path>', 'URL or local path to manifest.yml')
+    .option('--manifest-header <header>', 'Header for fetching manifest (can be repeated)', collect, [])
+    .option('--manifest-hash <hash>', 'Expected manifest hash for pinning')
+    .option('--action-code-header <header>', 'Header for downloading action scripts', collect, [])
+    .option('--resource-header <header>', 'Header for fetching resources (can be repeated)', collect, [])
+    .option('--secret <name=value>', 'Pre-approved secret (can be repeated)', collect, [])
+    .option('--timeout <ms>', 'Worker timeout in milliseconds', '60000')
+    .option('--memory-limit <bytes>', 'Memory limit for sandbox', '134217728')
+    .option('--allow-http', 'Allow insecure HTTP connections (default: HTTPS-only)', false)
+    .option('--trust-changed', 'Accept manifest changes on TOFU hash mismatch', false)
+    .option('--rate-limit <calls-per-minute>', 'Rate limit for tool calls (0 = unlimited)', '60')
+    .action(serveCommand);
+/**
+ * Collect repeated option values.
+ */
+function collect(value, previous) {
+    return [...previous, value];
+}
+// Parse arguments
+program.parse();
+export { program };
+//# sourceMappingURL=index.js.map

package/dist/cli/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAEnD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,sCAAsC,CAAC;KACnD,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,+DAA+D;AAC/D,OAAO;KACJ,MAAM,CAAC,mBAAmB,EAAE,mCAAmC,CAAC;KAChE,MAAM,CAAC,4BAA4B,EAAE,gDAAgD,EAAE,OAAO,EAAE,EAAE,CAAC;KACnG,MAAM,CAAC,wBAAwB,EAAE,oCAAoC,CAAC;KACtE,MAAM,CAAC,+BAA+B,EAAE,uCAAuC,EAAE,OAAO,EAAE,EAAE,CAAC;KAC7F,MAAM,CAAC,4BAA4B,EAAE,iDAAiD,EAAE,OAAO,EAAE,EAAE,CAAC;KACpG,MAAM,CAAC,uBAAuB,EAAE,uCAAuC,EAAE,OAAO,EAAE,EAAE,CAAC;KACrF,MAAM,CAAC,gBAAgB,EAAE,gCAAgC,EAAE,OAAO,CAAC;KACnE,MAAM,CAAC,wBAAwB,EAAE,0BAA0B,EAAE,WAAW,CAAC;KACzE,MAAM,CAAC,cAAc,EAAE,uDAAuD,EAAE,KAAK,CAAC;KACtF,MAAM,CAAC,iBAAiB,EAAE,+CAA+C,EAAE,KAAK,CAAC;KACjF,MAAM,CAAC,iCAAiC,EAAE,2CAA2C,EAAE,IAAI,CAAC;KAC5F,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;IAClB,6DAA6D;IAC7D,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IACD,sBAAsB;IACtB,OAAO,CAAC,UAAU,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEL,gCAAgC;AAChC,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,kCAAkC,CAAC;KAC/C,cAAc,CAAC,mBAAmB,EAAE,mCAAmC,CAAC;KACxE,MAAM,CAAC,4BAA4B,EAAE,gDAAgD,EAAE,OAAO,EAAE,EAAE,CAAC;KACnG,MAAM,CAAC,wBAAwB,EAAE,oCAAoC,CAAC;KACtE,MAAM,CAAC,+BAA+B,EAAE,uCAAuC,EAAE,OAAO,EAAE,EAAE,CAAC;KAC7F,MAAM,CAAC,4BAA4B,EAAE,iDAAiD,EAAE,OAAO,EAAE,EAAE,CAAC;KACpG,MAAM,CAAC,uBAAuB,EAAE,uCAAuC,EAAE,OAAO,EAAE,EAAE,CAAC;KACrF,MAAM,CAAC,gBAAgB,EAAE,gCAAgC,EAAE,OAAO,CAAC;KACnE,MAAM,CAAC,wBAAwB,EAAE,0BAA0B,EAAE,WAAW,CAAC;KACzE,MAAM,CAAC,cAAc,EAAE,uDAAuD,EAAE,KAAK,CAAC;KACtF,MAAM,CAAC,iBAAiB,EAAE,+CAA+C,EAAE,KAAK,CAAC;KACjF,MAAM,CAAC,iCAAiC,EAAE,2CAA2C,EAAE,IAAI,CAAC;KAC5F,MAAM,CAAC,YAAY,CAAC,CAAC;AAExB;;GAEG;AACH,SAAS,OAAO,CAAC,KAAa,EAAE,QAAkB;IAChD,OAAO,CAAC,GAAG,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,kBAAkB;AAClB,OAAO,CAAC,KAAK,EAAE,CAAC;AAEhB,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/http/client.d.ts

@@ -0,0 +1,39 @@
+/**
+ * HTTP client for fetching action scripts.
+ * @module http/client
+ */
+import type { AuditLogger } from '../audit/logger.js';
+/**
+ * HTTP client options.
+ */
+export interface HttpClientOptions {
+    /** Headers for requests */
+    headers?: Record<string, string>;
+    /** Timeout in ms */
+    timeout?: number;
+    /** Maximum response size in bytes */
+    maxSize?: number;
+    /** Optional audit logger for structured error event logging */
+    auditLogger?: AuditLogger;
+    /** Allow HTTP URLs (default: false, HTTPS-only) */
+    allowHttp?: boolean;
+}
+/**
+ * Fetch result.
+ */
+export interface FetchResult {
+    content: string;
+    hash: string;
+    etag?: string;
+    lastModified?: string;
+}
+/**
+ * Fetch content from URL with SSRF protection.
+ */
+export declare function fetchContent(url: string, options?: HttpClientOptions): Promise<FetchResult>;
+/**
+ * Verify content hash.
+ * @throws Error if hash doesn't match
+ */
+export declare function verifyHash(content: string, expectedHash: string): void;
+//# sourceMappingURL=client.d.ts.map

package/dist/http/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/http/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,2BAA2B;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,oBAAoB;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,mDAAmD;IACnD,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAWD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAOD;;GAEG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,WAAW,CAAC,CAoGtB;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAQtE"}

package/dist/http/client.js

@@ -0,0 +1,114 @@
+/**
+ * HTTP client for fetching action scripts.
+ * @module http/client
+ */
+import * as crypto from 'node:crypto';
+import { validateUrl, validateRedirect } from '../sandbox/url-validator.js';
+import { stripCrossOriginHeaders } from './redirect-utils.js';
+/**
+ * Default HTTP client options.
+ */
+const DEFAULT_OPTIONS = {
+    headers: {},
+    timeout: 30000,
+    maxSize: 500 * 1024, // 500KB for action scripts
+};
+/**
+ * Maximum number of redirects to follow when fetching action scripts.
+ */
+const MAX_REDIRECTS = 5;
+/**
+ * Fetch content from URL with SSRF protection.
+ */
+export async function fetchContent(url, options = {}) {
+    const { auditLogger, allowHttp = false, ...rest } = options;
+    const opts = { ...DEFAULT_OPTIONS, ...rest };
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), opts.timeout);
+    const allowedSchemes = allowHttp ? ['https', 'http'] : ['https'];
+    const validationOptions = { allowedSchemes };
+    try {
+        // Validate the initial URL against SSRF before fetching
+        await validateUrl(url, validationOptions);
+        let currentUrl = url;
+        let redirectCount = 0;
+        let currentHeaders = { ...opts.headers };
+        let response = await fetch(currentUrl, {
+            method: 'GET',
+            headers: {
+                'Accept': 'application/javascript, text/javascript, */*',
+                ...currentHeaders,
+            },
+            signal: controller.signal,
+            redirect: 'manual',
+        });
+        while (response.status >= 300 && response.status < 400) {
+            const location = response.headers.get('location');
+            if (!location) {
+                auditLogger?.logError('Redirect without location header', { url: currentUrl, status: response.status });
+                throw new Error(`Redirect response ${response.status} missing Location header`);
+            }
+            redirectCount++;
+            if (redirectCount > MAX_REDIRECTS) {
+                auditLogger?.logError('Too many redirects fetching action', { url, maxRedirects: MAX_REDIRECTS });
+                throw new Error(`Too many redirects (max ${MAX_REDIRECTS}) fetching action from ${url}`);
+            }
+            // Resolve relative redirect URLs
+            const redirectTarget = new URL(location, currentUrl).href;
+            // Validate the redirect target for SSRF
+            await validateRedirect(redirectTarget, url, validationOptions);
+            // Strip sensitive headers on cross-origin redirect
+            currentHeaders = stripCrossOriginHeaders(currentHeaders, currentUrl, redirectTarget);
+            currentUrl = redirectTarget;
+            response = await fetch(currentUrl, {
+                method: 'GET',
+                headers: {
+                    'Accept': 'application/javascript, text/javascript, */*',
+                    ...currentHeaders,
+                },
+                signal: controller.signal,
+                redirect: 'manual',
+            });
+        }
+        if (!response.ok) {
+            auditLogger?.logError('Action fetch failed', { url: currentUrl, status: response.status });
+            throw new Error(`Failed to fetch ${url}: ${response.status} ${response.statusText}`);
+        }
+        // Check size
+        const contentLength = response.headers.get('content-length');
+        if (contentLength && parseInt(contentLength, 10) > opts.maxSize) {
+            auditLogger?.logError('Action content too large', { url: currentUrl, contentLength: parseInt(contentLength, 10), maxSize: opts.maxSize });
+            throw new Error(`Content too large: ${contentLength} bytes (max: ${opts.maxSize})`);
+        }
+        const content = await response.text();
+        // Check actual size
+        if (content.length > opts.maxSize) {
+            auditLogger?.logError('Action body too large', { url: currentUrl, actualSize: content.length, maxSize: opts.maxSize });
+            throw new Error(`Content too large: ${content.length} bytes (max: ${opts.maxSize})`);
+        }
+        // Compute hash
+        const hash = 'sha256:' + crypto.createHash('sha256').update(content).digest('hex');
+        const etag = response.headers.get('etag');
+        const lastModified = response.headers.get('last-modified');
+        return {
+            content,
+            hash,
+            ...(etag ? { etag } : {}),
+            ...(lastModified ? { lastModified } : {}),
+        };
+    }
+    finally {
+        clearTimeout(timeoutId);
+    }
+}
+/**
+ * Verify content hash.
+ * @throws Error if hash doesn't match
+ */
+export function verifyHash(content, expectedHash) {
+    const actualHash = 'sha256:' + crypto.createHash('sha256').update(content).digest('hex');
+    if (actualHash !== expectedHash) {
+        throw new Error(`Hash mismatch: expected ${expectedHash}, got ${actualHash}`);
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/http/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/http/client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAE5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAkB9D;;GAEG;AACH,MAAM,eAAe,GAAmE;IACtF,OAAO,EAAE,EAAE;IACX,OAAO,EAAE,KAAK;IACd,OAAO,EAAE,GAAG,GAAG,IAAI,EAAE,2BAA2B;CACjD,CAAC;AAYF;;GAEG;AACH,MAAM,aAAa,GAAG,CAAC,CAAC;AAExB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,UAA6B,EAAE;IAE/B,MAAM,EAAE,WAAW,EAAE,SAAS,GAAG,KAAK,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAC5D,MAAM,IAAI,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,IAAI,EAAE,CAAC;IAE7C,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IACrE,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACjE,MAAM,iBAAiB,GAAG,EAAE,cAAc,EAAE,CAAC;IAE7C,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,WAAW,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;QAE1C,IAAI,UAAU,GAAG,GAAG,CAAC;QACrB,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAEzC,IAAI,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,QAAQ,EAAE,8CAA8C;gBACxD,GAAG,cAAc;aAClB;YACD,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,WAAW,EAAE,QAAQ,CAAC,kCAAkC,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;gBACxG,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,CAAC,MAAM,0BAA0B,CAAC,CAAC;YAClF,CAAC;YAED,aAAa,EAAE,CAAC;YAChB,IAAI,aAAa,GAAG,aAAa,EAAE,CAAC;gBAClC,WAAW,EAAE,QAAQ,CAAC,oCAAoC,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC,CAAC;gBAClG,MAAM,IAAI,KAAK,CAAC,2BAA2B,aAAa,0BAA0B,GAAG,EAAE,CAAC,CAAC;YAC3F,CAAC;YAED,iCAAiC;YACjC,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,IAAI,CAAC;YAE1D,wCAAwC;YACxC,MAAM,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE,iBAAiB,CAAC,CAAC;YAE/D,mDAAmD;YACnD,cAAc,GAAG,uBAAuB,CAAC,cAAc,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC;YACrF,UAAU,GAAG,cAAc,CAAC;YAE5B,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;gBACjC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,QAAQ,EAAE,8CAA8C;oBACxD,GAAG,cAAc;iBAClB;gBACD,MAAM,EAAE,UAAU,CAAC,MAAM;gBACzB,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,WAAW,EAAE,QAAQ,CAAC,qBAAqB,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC3F,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,KAAK,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,aAAa;QACb,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC7D,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAChE,WAAW,EAAE,QAAQ,CAAC,0BAA0B,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YAC1I,MAAM,IAAI,KAAK,CACb,sBAAsB,aAAa,gBAAgB,IAAI,CAAC,OAAO,GAAG,CACnE,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtC,oBAAoB;QACpB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,WAAW,EAAE,QAAQ,CAAC,uBAAuB,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACvH,MAAM,IAAI,KAAK,CACb,sBAAsB,OAAO,CAAC,MAAM,gBAAgB,IAAI,CAAC,OAAO,GAAG,CACpE,CAAC;QACJ,CAAC;QAED,eAAe;QACf,MAAM,IAAI,GAAG,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEnF,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAE3D,OAAO;YACL,OAAO;YACP,IAAI;YACJ,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC1C,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe,EAAE,YAAoB;IAC9D,MAAM,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEzF,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,2BAA2B,YAAY,SAAS,UAAU,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/http/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * HTTP module - client for fetching.
+ * @module http
+ */
+export * from './client.js';
+export * from './redirect-utils.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/http/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/http/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC"}

package/dist/http/index.js

@@ -0,0 +1,7 @@
+/**
+ * HTTP module - client for fetching.
+ * @module http
+ */
+export * from './client.js';
+export * from './redirect-utils.js';
+//# sourceMappingURL=index.js.map

package/dist/http/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/http/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,qBAAqB,CAAC"}

package/dist/http/redirect-utils.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Redirect utilities for cross-origin header stripping.
+ * @module http/redirect-utils
+ */
+/**
+ * Accepted header input formats (equivalent to the Fetch API HeadersInit type).
+ * Covers all forms accepted by the Headers constructor:
+ * - Plain object (string values or readonly string arrays)
+ * - Array of [key, value] pairs
+ * - Headers instance
+ */
+type HeadersInput = Record<string, string | ReadonlyArray<string>> | string[][] | Headers;
+/**
+ * Strip sensitive headers when a redirect crosses origins.
+ *
+ * Per RFC 9110 and browser security best practices, credentials
+ * (Authorization, Cookie, Proxy-Authorization) must not follow
+ * redirects to a different origin (scheme + host + port).
+ *
+ * @param headers - Current request headers
+ * @param originalUrl - URL of the request that triggered the redirect
+ * @param redirectUrl - URL the redirect points to
+ * @returns Headers with sensitive entries removed if cross-origin, or unchanged if same-origin
+ */
+export declare function stripCrossOriginHeaders(headers: HeadersInput, originalUrl: string, redirectUrl: string): Record<string, string>;
+export {};
+//# sourceMappingURL=redirect-utils.d.ts.map

package/dist/http/redirect-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redirect-utils.d.ts","sourceRoot":"","sources":["../../src/http/redirect-utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH;;;;;;GAMG;AACH,KAAK,YAAY,GACb,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,GAC9C,MAAM,EAAE,EAAE,GACV,OAAO,CAAC;AA2CZ;;;;;;;;;;;GAWG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,YAAY,EACrB,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,GAClB,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAiBxB"}

package/dist/http/redirect-utils.js

@@ -0,0 +1,73 @@
+/**
+ * Redirect utilities for cross-origin header stripping.
+ * @module http/redirect-utils
+ */
+/**
+ * Headers that MUST be stripped on cross-origin redirects.
+ * These contain credentials that should not leak to untrusted origins.
+ * Matching is case-insensitive (see stripCrossOriginHeaders).
+ */
+const SENSITIVE_HEADERS = ['authorization', 'cookie', 'proxy-authorization'];
+/**
+ * Normalize HeadersInput to a plain Record<string, string>.
+ * Handles Headers instances, [key, value] tuples, and plain objects.
+ */
+function normalizeHeaders(headers) {
+    if (headers instanceof Headers) {
+        const result = {};
+        headers.forEach((value, key) => { result[key] = value; });
+        return result;
+    }
+    if (Array.isArray(headers)) {
+        const result = {};
+        for (const pair of headers) {
+            const key = pair[0];
+            const value = pair[1];
+            if (key !== undefined && value !== undefined) {
+                result[key] = value;
+            }
+        }
+        return result;
+    }
+    // Plain object: may have string or ReadonlyArray<string> values
+    const result = {};
+    for (const [key, val] of Object.entries(headers)) {
+        if (typeof val === 'string') {
+            result[key] = val;
+        }
+        else if (Array.isArray(val) && val.length > 0) {
+            // For multi-value headers, join with comma (per HTTP spec)
+            result[key] = val.join(', ');
+        }
+    }
+    return result;
+}
+/**
+ * Strip sensitive headers when a redirect crosses origins.
+ *
+ * Per RFC 9110 and browser security best practices, credentials
+ * (Authorization, Cookie, Proxy-Authorization) must not follow
+ * redirects to a different origin (scheme + host + port).
+ *
+ * @param headers - Current request headers
+ * @param originalUrl - URL of the request that triggered the redirect
+ * @param redirectUrl - URL the redirect points to
+ * @returns Headers with sensitive entries removed if cross-origin, or unchanged if same-origin
+ */
+export function stripCrossOriginHeaders(headers, originalUrl, redirectUrl) {
+    const normalized = normalizeHeaders(headers);
+    const originalOrigin = new URL(originalUrl).origin;
+    const redirectOrigin = new URL(redirectUrl).origin;
+    if (originalOrigin === redirectOrigin) {
+        return normalized;
+    }
+    // Cross-origin: strip sensitive headers (case-insensitive)
+    const stripped = {};
+    for (const [key, value] of Object.entries(normalized)) {
+        if (!SENSITIVE_HEADERS.includes(key.toLowerCase())) {
+            stripped[key] = value;
+        }
+    }
+    return stripped;
+}
+//# sourceMappingURL=redirect-utils.js.map

package/dist/http/redirect-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redirect-utils.js","sourceRoot":"","sources":["../../src/http/redirect-utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH;;;;GAIG;AACH,MAAM,iBAAiB,GAAG,CAAC,eAAe,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;AAE7E;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAAqB;IAC7C,IAAI,OAAO,YAAY,OAAO,EAAE,CAAC;QAC/B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,MAAM,GAA2B,EAAE,CAAC;QAC1C,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,GAAG,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBAC7C,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,gEAAgE;IAChE,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACjD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACpB,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChD,2DAA2D;YAC3D,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAqB,EACrB,WAAmB,EACnB,WAAmB;IAEnB,MAAM,UAAU,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;IACnD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;IAEnD,IAAI,cAAc,KAAK,cAAc,EAAE,CAAC;QACtC,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,2DAA2D;IAC3D,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACnD,QAAQ,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,36 @@
+/**
+ * @git-doc-mcp/core - Core library for git-doc-mcp
+ *
+ * Provides:
+ * - Manifest loading and validation
+ * - Sandbox execution with isolated-vm
+ * - Worker process management
+ * - Secret scoping and approval
+ * - MCP server setup
+ *
+ * @example
+ * ```typescript
+ * import { loadManifest, createMcpServer, startMcpServer } from '@git-doc-mcp/core';
+ *
+ * const result = await loadManifest({ manifestPath: './manifest.yml' });
+ * const server = createMcpServer({
+ *   manifest: result.manifest,
+ *   onToolCall: async (name, input) => {
+ *     // Execute tool
+ *     return { content: [{ type: 'text', text: 'result' }] };
+ *   },
+ * });
+ * await startMcpServer(server);
+ * ```
+ *
+ * @module @git-doc-mcp/core
+ */
+export * from './manifest/index.js';
+export * from './secrets/index.js';
+export * from './sandbox/index.js';
+export * from './worker/index.js';
+export * from './server/index.js';
+export * from './http/index.js';
+export * from './audit/index.js';
+export * from './rate-limit/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAGH,cAAc,qBAAqB,CAAC;AAGpC,cAAc,oBAAoB,CAAC;AAGnC,cAAc,oBAAoB,CAAC;AAGnC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,mBAAmB,CAAC;AAGlC,cAAc,iBAAiB,CAAC;AAGhC,cAAc,kBAAkB,CAAC;AAGjC,cAAc,uBAAuB,CAAC"}

package/dist/index.js

@@ -0,0 +1,44 @@
+/**
+ * @git-doc-mcp/core - Core library for git-doc-mcp
+ *
+ * Provides:
+ * - Manifest loading and validation
+ * - Sandbox execution with isolated-vm
+ * - Worker process management
+ * - Secret scoping and approval
+ * - MCP server setup
+ *
+ * @example
+ * ```typescript
+ * import { loadManifest, createMcpServer, startMcpServer } from '@git-doc-mcp/core';
+ *
+ * const result = await loadManifest({ manifestPath: './manifest.yml' });
+ * const server = createMcpServer({
+ *   manifest: result.manifest,
+ *   onToolCall: async (name, input) => {
+ *     // Execute tool
+ *     return { content: [{ type: 'text', text: 'result' }] };
+ *   },
+ * });
+ * await startMcpServer(server);
+ * ```
+ *
+ * @module @git-doc-mcp/core
+ */
+// Manifest
+export * from './manifest/index.js';
+// Secrets
+export * from './secrets/index.js';
+// Sandbox
+export * from './sandbox/index.js';
+// Worker
+export * from './worker/index.js';
+// Server
+export * from './server/index.js';
+// HTTP
+export * from './http/index.js';
+// Audit
+export * from './audit/index.js';
+// Rate limiting
+export * from './rate-limit/index.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,WAAW;AACX,cAAc,qBAAqB,CAAC;AAEpC,UAAU;AACV,cAAc,oBAAoB,CAAC;AAEnC,UAAU;AACV,cAAc,oBAAoB,CAAC;AAEnC,SAAS;AACT,cAAc,mBAAmB,CAAC;AAElC,SAAS;AACT,cAAc,mBAAmB,CAAC;AAElC,OAAO;AACP,cAAc,iBAAiB,CAAC;AAEhC,QAAQ;AACR,cAAc,kBAAkB,CAAC;AAEjC,gBAAgB;AAChB,cAAc,uBAAuB,CAAC"}

package/dist/manifest/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Manifest module - schema and loader.
+ * @module manifest
+ */
+export * from './schema.js';
+export * from './loader.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/manifest/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/manifest/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}

package/dist/manifest/index.js

@@ -0,0 +1,7 @@
+/**
+ * Manifest module - schema and loader.
+ * @module manifest
+ */
+export * from './schema.js';
+export * from './loader.js';
+//# sourceMappingURL=index.js.map

package/dist/manifest/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/manifest/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC"}

package/dist/manifest/loader.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Manifest loader - fetches manifest from URL or local file.
+ * @module manifest/loader
+ */
+import { Manifest } from './schema.js';
+import type { AuditLogger } from '../audit/logger.js';
+/**
+ * Manifest loader options.
+ */
+export interface ManifestLoaderOptions {
+    /** URL or file path to manifest.yml */
+    manifestPath: string;
+    /** Headers for HTTP requests (for private manifests) */
+    headers?: Record<string, string>;
+    /** Timeout for HTTP requests in ms */
+    timeout?: number;
+    /** Optional audit logger for structured error event logging */
+    auditLogger?: AuditLogger;
+    /** Allow HTTP URLs (default: false, HTTPS-only) */
+    allowHttp?: boolean;
+}
+/**
+ * Manifest load result.
+ */
+export interface ManifestLoadResult {
+    manifest: Manifest;
+    /** SHA-256 hash of manifest content */
+    hash: string;
+    /** ETag from HTTP response (if applicable) */
+    etag?: string;
+    /** Last-Modified from HTTP response (if applicable) */
+    lastModified?: string;
+    /** Source URL or file path */
+    source: string;
+}
+/**
+ * Check if path is a URL.
+ */
+export declare function isUrl(path: string): boolean;
+/**
+ * Compute SHA-256 hash of content.
+ */
+export declare function computeHash(content: string): string;
+/**
+ * Load manifest from URL or local file.
+ */
+export declare function loadManifest(options: ManifestLoaderOptions): Promise<ManifestLoadResult>;
+/**
+ * Check if manifest has changed using ETag.
+ */
+export declare function checkManifestUpdate(url: string, etag: string, headers?: Record<string, string>, timeout?: number, allowHttp?: boolean): Promise<{
+    changed: boolean;
+    result?: ManifestLoadResult;
+}>;
+//# sourceMappingURL=loader.d.ts.map

package/dist/manifest/loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../../src/manifest/loader.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,EAAE,QAAQ,EAAiB,MAAM,aAAa,CAAC;AAEtD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,YAAY,EAAE,MAAM,CAAC;IACrB,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,mDAAmD;IACnD,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,QAAQ,CAAC;IACnB,uCAAuC;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,uDAAuD;IACvD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE3C;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAa9F;AAyID;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,EACpC,OAAO,SAAQ,EACf,SAAS,UAAQ,GAChB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,kBAAkB,CAAA;CAAE,CAAC,CAiF5D"}