gitlab-duo-mcp-bridge 0.1.0

package/.env.example

@@ -0,0 +1,52 @@
+# ---------------------------------------------------------------------------
+# gitlab-duo-mcp-bridge configuration
+# Copy to .env (or export these in your MCP client config) and adjust.
+# All variables are optional; sensible defaults are shown.
+# ---------------------------------------------------------------------------
+
+# How to invoke the GitLab Duo CLI. The bridge runs:
+#   <DUO_CLI_COMMAND> <DUO_CLI_BASE_ARGS> <DUO_CLI_GOAL_FLAG> "<goal>" [<DUO_CLI_MODEL_FLAG> <model>] <DUO_CLI_EXTRA_ARGS>
+#
+# Default assumes the GitLab CLI extension: `glab duo cli run --goal "<goal>"`.
+# If you use the standalone binary, set:
+#   DUO_CLI_COMMAND=duo
+#   DUO_CLI_BASE_ARGS=run
+DUO_CLI_COMMAND=glab
+DUO_CLI_BASE_ARGS=duo cli run
+DUO_CLI_GOAL_FLAG=--goal
+DUO_CLI_MODEL_FLAG=--model
+
+# Extra args appended to every invocation (space separated), e.g. "--quiet".
+DUO_CLI_EXTRA_ARGS=
+
+# Optional model override passed via DUO_CLI_MODEL_FLAG (e.g. gpt_5_codex).
+GITLAB_DUO_MODEL=
+
+# Working directory Duo runs in (defaults to the bridge's cwd). The per-call
+# `cwd` tool argument overrides this.
+DUO_CLI_CWD=
+
+# Timeout for a single Duo run, in milliseconds (default 120000 = 2 min).
+DUO_TIMEOUT_MS=120000
+
+# Max characters of raw Duo output kept in the structured `raw` field.
+DUO_MAX_OUTPUT_CHARS=100000
+
+# Max length (chars) of the prompt passed inline on the command line. Above
+# this, the bridge writes the goal (including big diffs) to a temp file in the
+# working directory and asks Duo to read it, avoiding OS command-line length
+# limits (e.g. ENAMETOOLONG on Windows with large diffs). Default 7000.
+DUO_MAX_INLINE_GOAL_CHARS=7000
+
+# Name the tool is registered under. Default `duo_review`.
+# Some MCP clients reject dots in tool names, so the default avoids `duo.review`.
+DUO_TOOL_NAME=duo_review
+
+# Set to 1/true to run in MOCK mode: returns a canned review WITHOUT calling
+# Duo. Useful to wire up and test the bridge in your agent before Duo is set up.
+DUO_MOCK=
+
+# GitLab auth (passed through to the Duo CLI subprocess). Set these if your
+# Duo CLI reads them from the environment.
+GITLAB_TOKEN=
+GITLAB_BASE_URL=

package/README.md

@@ -0,0 +1,356 @@
+# gitlab-duo-mcp-bridge
+
+A tiny **MCP server** that wraps the **GitLab Duo CLI** as a single, clean,
+fault-tolerant tool: **`duo_review`**.
+
+Connect it to any MCP-capable coding agent (Claude Code, opencode, Codex,
+Gemini CLI, ...). The agent calls `duo_review` like any other tool, the bridge
+runs Duo headless under the hood, **normalizes whatever Duo prints into a stable
+JSON structure**, and hands it back. Your agent then acts on the findings (e.g.
+writes the fixes locally).
+
+```
+   ┌────────────────────┐   tools/call duo_review   ┌──────────────────────┐
+   │  Your coding agent  │ ────────────────────────▶ │ gitlab-duo-mcp-bridge │
+   │ (Claude Code, etc.) │ ◀──────────────────────── │   (this MCP server)   │
+   └────────────────────┘   normalized JSON result  └───────────┬──────────┘
+                                                                 │ spawn (headless)
+                                                                 ▼
+                                                      ┌──────────────────────┐
+                                                      │  GitLab Duo CLI       │
+                                                      │  glab duo cli run ... │
+                                                      └──────────────────────┘
+```
+
+### Why a bridge?
+
+Duo's headless output is **agentic text**, not a guaranteed JSON API. If you
+parse its stdout ad-hoc in each agent, it breaks on every Duo update. This
+bridge isolates that fragility in **one place** behind a versioned tool:
+
+- It **asks** Duo for JSON, but **never trusts** that it gets it.
+- The normalizer extracts JSON from prose, from ```` ```json ```` fences, from a
+  trailing object after commentary, or from a top-level array — and **degrades
+  gracefully to plain text** when there is no JSON at all.
+- It **never throws**: launch failures and timeouts come back as structured
+  results with `isError`, so your agent stays in control.
+
+## What it can do
+
+`duo_review` hands a full code review to GitLab Duo's agent and gives you the
+result back as clean JSON. You don't copy code around — Duo gathers it itself.
+
+- **Reviews your changes automatically.** By default it runs `git diff` and
+  `git status` on its own, reads the changed files, and reviews your uncommitted
+  work (or the last commit if the tree is already clean).
+- **Or reviews exactly what you point it at.** Pass a `diff`, a list of `files`,
+  or free-form `instructions` to focus the review.
+- **Looks for real problems, not just style:** bugs and correctness, security
+  vulnerabilities, architecture/design smells, performance, and maintainability.
+- **Gives you actionable findings.** Every issue comes with a type, a severity
+  (`critical` → `info`), the file and line, a clear message, and a concrete fix
+  suggestion — so your agent can go ahead and apply the high-severity ones.
+- **Runs on the model you choose** (Claude, GPT, Gemini — see
+  [Choosing the AI model](#choosing-the-ai-model-anthropic-openai-gemini)), or
+  GitLab's default.
+- **It's an agent, not a linter.** Under the hood Duo uses its own tools (git,
+  file reading, ripgrep) and works on its own, so it understands context across
+  files instead of checking one line at a time.
+
+## Requirements
+
+- **Node.js >= 20** (tested on 24).
+- The **GitLab Duo CLI**, reachable from your shell. Most setups use the GitLab
+  CLI extension: `glab duo cli run --goal "..."`. The standalone `duo` binary
+  works too. The exact command is **fully configurable** (see below).
+
+> Just exploring? You can try the bridge **without installing Duo** using MOCK
+> mode — see [Try it without Duo](#try-it-without-duo-optional) at the end.
+
+## Quick start (plug and play)
+
+No clone, no build, no paths to figure out. Add one line to your MCP client and
+`npx` downloads and runs the bridge automatically the first time your agent
+calls it.
+
+**Claude Code:**
+
+```bash
+claude mcp add gitlab-duo -- npx -y gitlab-duo-mcp-bridge
+```
+
+**Any other MCP client** (opencode, Codex, Gemini CLI, …) — drop this into its
+MCP config:
+
+```jsonc
+{
+  "mcpServers": {
+    "gitlab-duo": {
+      "command": "npx",
+      "args": ["-y", "gitlab-duo-mcp-bridge"]
+    }
+  }
+}
+```
+
+That's the whole setup. Your agent now has a `duo_review` tool. In clients that
+support tool mentions (like Claude Code) you can call it right from your prompt:
+
+> "Using `@duo_review`, review this project and look for improvements."
+
+Everything else (the Duo command, model, timeouts) has sensible defaults and is
+optional.
+
+## Run from source (for contributors)
+
+```bash
+npm install
+npm run build      # compiles TypeScript to dist/
+```
+
+Quick checks:
+
+```bash
+npm test           # unit tests (normalizer + goal builder)
+npm run smoke      # end-to-end MCP handshake in MOCK mode (no Duo needed)
+```
+
+## Configuration (environment variables)
+
+All optional; defaults assume `glab duo cli run --goal "<goal>"`.
+
+| Variable | Default | Purpose |
+| --- | --- | --- |
+| `DUO_CLI_COMMAND` | `glab` | Executable to launch. |
+| `DUO_CLI_BASE_ARGS` | `duo cli run` | Sub-command args (space separated). |
+| `DUO_CLI_GOAL_FLAG` | `--goal` | Flag that carries the prompt. |
+| `DUO_CLI_MODEL_FLAG` | `--model` | Flag that carries the model. |
+| `DUO_CLI_EXTRA_ARGS` | _(empty)_ | Extra args appended to every call. |
+| `GITLAB_DUO_MODEL` | _(none)_ | Default model (e.g. `gpt_5_codex`). |
+| `DUO_CLI_CWD` | bridge cwd | Working directory Duo runs in. |
+| `DUO_TIMEOUT_MS` | `120000` | Per-run timeout (ms). |
+| `DUO_MAX_OUTPUT_CHARS` | `100000` | Max raw output kept in `raw`. |
+| `DUO_MAX_INLINE_GOAL_CHARS` | `7000` | Above this prompt size, the goal (big diffs) is sent via a temp file instead of inline (avoids `ENAMETOOLONG`). |
+| `DUO_TOOL_NAME` | `duo_review` | Tool name registered with MCP. |
+| `DUO_MOCK` | _(off)_ | `1`/`true` → return a canned review (no Duo). |
+| `GITLAB_TOKEN`, `GITLAB_BASE_URL` | _(none)_ | Passed through to the Duo subprocess. |
+
+The bridge invokes:
+
+```
+<DUO_CLI_COMMAND> <DUO_CLI_BASE_ARGS> <DUO_CLI_GOAL_FLAG> "<goal>" [<DUO_CLI_MODEL_FLAG> <model>] <DUO_CLI_EXTRA_ARGS>
+```
+
+The goal string is passed as a **single argv entry** with `shell: false` — no
+shell, no injection, no quoting issues.
+
+> **About the tool name:** it defaults to `duo_review` (underscore) because some
+> MCP clients reject dots in tool names. If your client allows it and you prefer
+> the `duo.review` spelling, set `DUO_TOOL_NAME=duo.review`.
+
+## The `duo_review` tool
+
+**Input** (all optional):
+
+| Field | Type | Description |
+| --- | --- | --- |
+| `diff` | string | Unified diff to review (e.g. `git diff`). |
+| `files` | string[] | Paths to focus on. |
+| `instructions` | string | Extra guidance for the reviewer. |
+| `goal` | string | Override the whole prompt sent to Duo. |
+| `cwd` | string | Working dir for this call. |
+| `model` | string | Model override for this call. |
+| `timeoutMs` | number | Timeout override for this call. |
+
+**Output** (`structuredContent`):
+
+```jsonc
+{
+  "ok": true,            // Duo exited 0 and did not time out
+  "degraded": false,     // true => could not parse JSON, see summary/raw
+  "summary": "…",        // review summary (or raw text when degraded)
+  "issues": [
+    {
+      "type": "security",
+      "severity": "critical" | "high" | "medium" | "low" | "info",
+      "file": "src/auth.ts" | null,
+      "line": 42 | null,
+      "message": "…",
+      "suggestion": "…" | null
+    }
+  ],
+  "raw": "…",            // raw (truncated) Duo output, for debugging
+  "meta": {
+    "commandLine": "glab duo cli run --goal <goal>",
+    "exitCode": 0,
+    "timedOut": false,
+    "durationMs": 1234,
+    "mock": false,
+    "parseError": null,
+    "goalViaFile": false  // true => prompt was too big and sent via a temp file
+  }
+}
+```
+
+A human-readable text version is also returned in `content` for agents that
+don't read `structuredContent`.
+
+## Using it in a session
+
+Once it's connected, just talk to your agent normally. In clients that support
+tool mentions (like Claude Code), `@duo_review` calls the tool directly — no
+flags, no setup:
+
+> "Using `@duo_review`, review this project and look for improvements."
+
+A few more things you can ask:
+
+> "`@duo_review` my uncommitted changes, then apply the high-severity fixes
+> here in my local repo."
+
+> "Review `src/auth.ts` and `src/db.ts` with `duo_review` and focus on
+> security."
+
+In Claude Code you can confirm it's wired up with `/mcp`.
+(If your client doesn't support `@` mentions, just name the tool in plain
+language — *"run `duo_review` on my changes"* — and the agent will call it.)
+
+### Optional tweaks
+
+The defaults assume `glab duo cli run`. If your Duo command is different, or you
+want to pin a model, add an `env` block to the same config:
+
+```jsonc
+{
+  "mcpServers": {
+    "gitlab-duo": {
+      "command": "npx",
+      "args": ["-y", "gitlab-duo-mcp-bridge"],
+      "env": {
+        "DUO_CLI_COMMAND": "glab",
+        "DUO_CLI_BASE_ARGS": "duo cli run",
+        "GITLAB_DUO_MODEL": "claude_sonnet_4_6"
+      }
+    }
+  }
+}
+```
+
+> Running from a local clone instead of npm? Use `"command": "node"` with
+> `"args": ["<abs>/dist/src/index.js"]` after `npm run build`.
+
+## Choosing the AI model (Anthropic, OpenAI, Gemini)
+
+GitLab Duo can run on different underlying models, and the bridge lets you pick
+one — globally or per call. There is **nothing to code**: it just forwards your
+choice to Duo as `--model <id>`.
+
+- **Default for every call:** set `GITLAB_DUO_MODEL` in the client `env` (as in
+  the config above).
+- **Per call:** the `duo_review` tool accepts a `model` field, so you can ask
+  your agent: *"Review this with `duo_review` using `model: gpt_5_codex`."*
+
+Models are identified by GitLab's internal `gitlab_identifier` (not friendly
+names like "claude-sonnet"). Some common ones:
+
+| Provider | Model | `gitlab_identifier` |
+| --- | --- | --- |
+| Anthropic | Claude Sonnet 4.6 | `claude_sonnet_4_6` |
+| Anthropic | Claude Haiku 4.5 (fast/cheap) | `claude_haiku_4_5_20251001` |
+| Anthropic | Claude Opus 4.5 | `claude_opus_4_5_20251101` |
+| OpenAI | GPT-5 Codex | `gpt_5_codex` |
+| OpenAI | GPT-5.1 | `gpt_5` |
+| OpenAI | GPT-5-Mini (cheap) | `gpt_5_mini` |
+| Google | Gemini 2.5 Flash | `gemini_2_5_flash_vertex` |
+
+> Identifiers change over time; the authoritative, always-current list lives in
+> GitLab's `ai_gateway/model_selection/models.yml`.
+
+**Good to know:**
+
+- **No fallback.** If you pick a model your namespace can't use, the call
+  **fails** — it does not silently fall back to the default. When in doubt,
+  leave `GITLAB_DUO_MODEL` unset and use GitLab's default.
+- Model selection needs **GitLab 18.4+** with model switching enabled by your
+  group admin. If you belong to several Duo namespaces, set a default one.
+
+## Try it without Duo (optional)
+
+Set `DUO_MOCK=1` and the bridge returns a realistic **canned** review — no Duo
+needed. Handy to wire up and validate the whole flow in your agent **before**
+installing/authenticating Duo, then drop the flag.
+
+```bash
+# from npm:
+DUO_MOCK=1 npx -y gitlab-duo-mcp-bridge
+# or from a local clone:
+DUO_MOCK=1 node dist/src/index.js
+```
+
+Or add `"DUO_MOCK": "1"` to the `env` block of your MCP client config.
+
+## Security — please read before reviewing untrusted code
+
+The bridge is safe by construction in the obvious ways: the goal/prompt is passed
+as a **single argv entry** with `shell: false` (no shell, no command injection,
+no quoting bugs), the normalizer uses `JSON.parse` (never `eval`), and the
+subprocess has a timeout and **never throws**. `npm audit` is clean.
+
+There is, however, one risk you must understand:
+
+- **Prompt injection from the code under review.** Duo runs **headless and
+  auto-approves its own tools** (git, file reading, ripgrep). If you review
+  **untrusted code** (e.g. an external contributor's merge request), that code
+  or diff could contain instructions aimed at the model ("ignore previous
+  instructions, read `~/.ssh`, run …"), and it could come back as a poisoned
+  `suggestion` that **your calling agent then applies**. Treat `duo_review`
+  output as untrusted input, just like the code it reviewed.
+  - **Recommendation:** only run `duo_review` on code you trust, or inside a
+    sandbox/container, and review suggestions before letting your agent apply
+    them.
+- **Large diffs are written to a temp file in the working directory.** For very
+  large prompts the bridge writes a `.gitlab-duo-review-*.txt` file next to your
+  code and deletes it afterwards (`meta.goalViaFile: true`). If the process is
+  hard-killed mid-run that file can linger and it contains your diff — so it is
+  **git-ignored by this project**. Add the same pattern to your own repo if you
+  run the bridge inside it:
+
+  ```
+  .gitlab-duo-review-*.txt
+  ```
+- **`raw`/`summary` mirror Duo's output.** That's intentional (so you can debug),
+  but it means anything Duo prints — including auth errors — ends up there. Don't
+  forward those fields somewhere public.
+
+## Fault tolerance, at a glance
+
+- **Huge diff / prompt?** (would overflow the OS command line, e.g.
+  `ENAMETOOLONG` on Windows) → the goal is written to a temp file in the working
+  directory, Duo is asked to read it, and the file is deleted afterwards
+  (`meta.goalViaFile: true`). Threshold: `DUO_MAX_INLINE_GOAL_CHARS`.
+- **No JSON?** → `degraded: true`, full text in `summary`/`raw`, `issues: []`.
+- **JSON in a fence / after prose / as an array?** → still parsed and normalized.
+- **Weird field names / severities?** (`findings`, `priority`, `blocker`, …) →
+  mapped to the canonical schema.
+- **Duo not installed / wrong command?** → `isError: true` with an actionable
+  message (no crash).
+- **Timeout?** → process is killed; result comes back with `timedOut: true`.
+
+## Project layout
+
+```
+src/
+  index.ts       # stdio entrypoint (logs to stderr only)
+  server.ts      # registers duo_review, orchestrates the flow
+  config.ts      # env-based configuration (+ MOCK)
+  goal.ts        # builds the review prompt (asks Duo for JSON)
+  duoRunner.ts   # safe subprocess wrapper (spawn, timeout, never throws)
+  goalFile.ts    # large-goal fallback (temp file + pointer goal + cleanup)
+  normalizer.ts  # fault-tolerant output normalizer (the core)
+test/            # unit tests (node:test)
+scripts/smoke.mjs# end-to-end MCP handshake smoke test (MOCK)
+```
+
+## License
+
+MIT

package/dist/src/config.js

@@ -0,0 +1,48 @@
+/**
+ * Configuration for the bridge, loaded from environment variables.
+ *
+ * Every value has a sensible default so the server can boot with no setup
+ * (in MOCK mode) and be tuned entirely through env vars in the MCP client.
+ */
+function trimmedOrUndefined(value) {
+    if (value === undefined)
+        return undefined;
+    const trimmed = value.trim();
+    return trimmed === "" ? undefined : trimmed;
+}
+/** Split a space-separated arg string. Empty/undefined falls back to `fallback`. */
+function splitArgs(value, fallback) {
+    if (value === undefined)
+        return fallback;
+    const trimmed = value.trim();
+    if (trimmed === "")
+        return [];
+    return trimmed.split(/\s+/);
+}
+function parseIntOr(value, fallback) {
+    if (value === undefined)
+        return fallback;
+    const parsed = Number.parseInt(value.trim(), 10);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : fallback;
+}
+function isTruthy(value) {
+    if (value === undefined)
+        return false;
+    return ["1", "true", "yes", "on"].includes(value.trim().toLowerCase());
+}
+export function loadConfig(env = process.env) {
+    return {
+        command: trimmedOrUndefined(env.DUO_CLI_COMMAND) ?? "glab",
+        baseArgs: splitArgs(env.DUO_CLI_BASE_ARGS, ["duo", "cli", "run"]),
+        goalFlag: trimmedOrUndefined(env.DUO_CLI_GOAL_FLAG) ?? "--goal",
+        modelFlag: trimmedOrUndefined(env.DUO_CLI_MODEL_FLAG) ?? "--model",
+        model: trimmedOrUndefined(env.GITLAB_DUO_MODEL),
+        extraArgs: splitArgs(env.DUO_CLI_EXTRA_ARGS, []),
+        timeoutMs: parseIntOr(env.DUO_TIMEOUT_MS, 120_000),
+        cwd: trimmedOrUndefined(env.DUO_CLI_CWD),
+        maxOutputChars: parseIntOr(env.DUO_MAX_OUTPUT_CHARS, 100_000),
+        maxInlineGoalChars: parseIntOr(env.DUO_MAX_INLINE_GOAL_CHARS, 7_000),
+        mock: isTruthy(env.DUO_MOCK),
+        toolName: trimmedOrUndefined(env.DUO_TOOL_NAME) ?? "duo_review",
+    };
+}

package/dist/src/duoRunner.js

@@ -0,0 +1,100 @@
+/**
+ * Thin, safe wrapper around the GitLab Duo CLI subprocess.
+ *
+ * - Uses `spawn` with an args array and `shell: false`, so the goal string is
+ *   passed as a single argv entry (no shell injection, no quoting headaches).
+ * - Captures stdout/stderr, enforces a timeout, and never throws: failures are
+ *   reported in the resolved {@link RunResult} so the caller stays in control.
+ */
+import { spawn } from "node:child_process";
+/** Build the argv passed to spawn. */
+function buildArgs(goal, opts) {
+    const args = [...opts.baseArgs, opts.goalFlag, goal];
+    if (opts.model) {
+        args.push(opts.modelFlag, opts.model);
+    }
+    args.push(...opts.extraArgs);
+    return args;
+}
+/** Quote an arg for display only (never used for actual execution). */
+function quoteForDisplay(arg) {
+    return /\s/.test(arg) ? `"${arg}"` : arg;
+}
+/** Build a display command line with the (potentially huge) goal redacted. */
+function renderCommandLine(goal, opts) {
+    const display = [opts.command, ...opts.baseArgs, opts.goalFlag, "<goal>"];
+    if (opts.model)
+        display.push(opts.modelFlag, opts.model);
+    display.push(...opts.extraArgs);
+    return display.map(quoteForDisplay).join(" ");
+}
+export async function runDuo(goal, opts) {
+    const args = buildArgs(goal, opts);
+    const commandLine = renderCommandLine(goal, opts);
+    const start = Date.now();
+    return new Promise((resolve) => {
+        let settled = false;
+        const finish = (result) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timer);
+            resolve({ ...result, durationMs: Date.now() - start, commandLine });
+        };
+        let child;
+        try {
+            child = spawn(opts.command, args, {
+                cwd: opts.cwd,
+                env: opts.env ?? process.env,
+                shell: false,
+                windowsHide: true,
+            });
+        }
+        catch (err) {
+            resolve({
+                stdout: "",
+                stderr: "",
+                exitCode: null,
+                timedOut: false,
+                spawnError: err instanceof Error ? err.message : String(err),
+                durationMs: Date.now() - start,
+                commandLine,
+            });
+            return;
+        }
+        let stdout = "";
+        let stderr = "";
+        let timedOut = false;
+        const timer = setTimeout(() => {
+            timedOut = true;
+            child.kill("SIGTERM");
+            // Hard-kill if it does not exit promptly.
+            setTimeout(() => {
+                try {
+                    child.kill("SIGKILL");
+                }
+                catch {
+                    /* already gone */
+                }
+            }, 2000).unref?.();
+        }, opts.timeoutMs);
+        child.stdout?.on("data", (chunk) => {
+            stdout += chunk.toString();
+        });
+        child.stderr?.on("data", (chunk) => {
+            stderr += chunk.toString();
+        });
+        child.on("error", (err) => {
+            finish({
+                stdout,
+                stderr,
+                exitCode: null,
+                timedOut,
+                spawnError: err instanceof Error ? err.message : String(err),
+            });
+        });
+        child.on("close", (code) => {
+            finish({ stdout, stderr, exitCode: code, timedOut });
+        });
+    });
+}

package/dist/src/goal.js

@@ -0,0 +1,64 @@
+/**
+ * Builds the goal/prompt string handed to the Duo CLI.
+ *
+ * When the caller provides a `diff`, file paths, and/or extra `instructions`,
+ * they are embedded directly into the prompt so Duo reviews exactly what was
+ * passed. When nothing concrete is provided, the bridge falls back to Duo's
+ * agentic abilities: in headless mode it has its own tools (git, file reading,
+ * ripgrep/grep) and auto-approves them, so we ask it to gather and review the
+ * working-tree changes itself.
+ *
+ * Large prompts (e.g. a big embedded diff) are handled by the caller: above
+ * `DUO_MAX_INLINE_GOAL_CHARS` the goal is written to a temp file and Duo is
+ * asked to read it, avoiding OS command-line length limits (ENAMETOOLONG).
+ *
+ * The prompt asks Duo to answer with a single JSON object matching the schema
+ * the normalizer expects. This is best-effort: Duo may still answer with prose,
+ * which is why the normalizer is tolerant to failure.
+ */
+const SCHEMA_INSTRUCTION = "IMPORTANT: Respond with ONLY a single JSON object and nothing else " +
+    "(no prose before or after, no markdown code fences). The JSON MUST match " +
+    "exactly this schema:\n" +
+    '{"summary": string, "issues": [{"type": string, ' +
+    '"severity": "critical" | "high" | "medium" | "low" | "info", ' +
+    '"file": string | null, "line": number | null, ' +
+    '"message": string, "suggestion": string | null}]}';
+export function buildReviewGoal(input) {
+    if (input.goal && input.goal.trim() !== "") {
+        return input.goal.trim();
+    }
+    const parts = [];
+    const diff = input.diff?.trim() ?? "";
+    const hasDiff = diff !== "";
+    const files = input.files ?? [];
+    const hasFiles = files.length > 0;
+    if (hasDiff || hasFiles) {
+        parts.push("You are a senior software engineer performing a thorough code review.");
+    }
+    else {
+        parts.push("You are a senior software engineer performing a thorough code review. " +
+            "Use your own tools (git, file reading, ripgrep/grep) to gather the " +
+            "code to review YOURSELF — no diff or file contents are included in " +
+            "this prompt, so do not wait for any to be provided.");
+    }
+    if (hasDiff) {
+        parts.push("Review the following unified diff:\n\n```diff\n" + diff + "\n```");
+    }
+    if (hasFiles) {
+        parts.push("Review these files (open and read them yourself):\n- " +
+            files.join("\n- "));
+    }
+    if (!hasDiff && !hasFiles) {
+        parts.push("Review the current uncommitted changes in the working tree: run " +
+            "`git diff` and `git status` yourself and read the changed files. If " +
+            "there are no uncommitted changes, review the changes introduced by " +
+            "the most recent commit instead.");
+    }
+    parts.push("Analyze the code for bugs, security vulnerabilities, architectural and " +
+        "design problems, performance issues, and maintainability concerns.");
+    if (input.instructions && input.instructions.trim() !== "") {
+        parts.push(`Additional instructions:\n${input.instructions.trim()}`);
+    }
+    parts.push(SCHEMA_INSTRUCTION);
+    return parts.join("\n\n");
+}

package/dist/src/goalFile.js

@@ -0,0 +1,54 @@
+/**
+ * Large-goal fallback.
+ *
+ * Passing a huge prompt (e.g. a 30KB diff) as a single `--goal` argv entry can
+ * exceed the OS command-line length limit (ENAMETOOLONG on Windows, E2BIG on
+ * Linux). To stay robust, when the goal is too large we write it to a temporary
+ * file in the working directory Duo runs in, and instead pass a tiny "pointer"
+ * goal that asks Duo (which is agentic and reads files autonomously in headless
+ * mode) to read that file and follow its instructions.
+ *
+ * Everything here is best-effort and never throws: if the file cannot be
+ * written, the caller falls back to passing the goal inline.
+ */
+import { randomBytes } from "node:crypto";
+import { unlinkSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+/**
+ * Build the short prompt that points Duo at the externalized goal file.
+ * Kept well under any command-line limit on purpose.
+ */
+export function buildPointerGoal(fileName) {
+    return ("Your full task instructions, including the unified diff to review, were " +
+        "too large to pass on the command line, so they have been written to a " +
+        `file in your current working directory named "${fileName}". ` +
+        "First, read that file in full using your file-reading tools. Then carry " +
+        "out the instructions it contains exactly, including responding with ONLY " +
+        "the single JSON object that the file describes (no prose, no code fences).");
+}
+/**
+ * Write `goal` to a uniquely named temp file inside `cwd`. Returns a handle
+ * (with a `cleanup` to delete it) or `null` if writing failed.
+ */
+export function writeGoalFile(goal, cwd) {
+    try {
+        const fileName = `.gitlab-duo-review-${Date.now()}-${randomBytes(4).toString("hex")}.txt`;
+        const filePath = join(cwd, fileName);
+        writeFileSync(filePath, goal, "utf8");
+        return {
+            fileName,
+            filePath,
+            cleanup: () => {
+                try {
+                    unlinkSync(filePath);
+                }
+                catch {
+                    /* best-effort: file may already be gone */
+                }
+            },
+        };
+    }
+    catch {
+        return null;
+    }
+}

package/dist/src/index.js

@@ -0,0 +1,23 @@
+#!/usr/bin/env node
+/**
+ * Entrypoint: boots the MCP server over stdio.
+ *
+ * NOTE: stdout is reserved for the MCP protocol (JSON-RPC). All diagnostic
+ * logging MUST go to stderr, otherwise it corrupts the protocol stream.
+ */
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { loadConfig } from "./config.js";
+import { createServer } from "./server.js";
+async function main() {
+    const config = loadConfig();
+    const server = createServer(config);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    const mode = config.mock ? " [MOCK mode]" : "";
+    process.stderr.write(`[gitlab-duo-mcp-bridge] ready. tool="${config.toolName}" ` +
+        `command="${config.command} ${config.baseArgs.join(" ")}"${mode}\n`);
+}
+main().catch((err) => {
+    process.stderr.write(`[gitlab-duo-mcp-bridge] fatal: ${String(err)}\n`);
+    process.exit(1);
+});

package/dist/src/normalizer.js

@@ -0,0 +1,284 @@
+/**
+ * Fault-tolerant normalizer for GitLab Duo CLI output.
+ *
+ * Duo's headless output is "agentic text": it MIGHT be the JSON we asked for,
+ * but it can also be prose, JSON wrapped in markdown fences, JSON with trailing
+ * commentary, an array of findings, or a completely free-form review. This
+ * module turns any of those into a stable {@link NormalizedReview}, and when it
+ * cannot find structured data it degrades gracefully to plain text instead of
+ * throwing. Nothing here ever throws.
+ */
+export const SEVERITIES = [
+    "critical",
+    "high",
+    "medium",
+    "low",
+    "info",
+];
+const SEVERITY_ALIASES = {
+    critical: "critical",
+    blocker: "critical",
+    fatal: "critical",
+    severe: "critical",
+    high: "high",
+    major: "high",
+    error: "high",
+    important: "high",
+    medium: "medium",
+    moderate: "medium",
+    warning: "medium",
+    warn: "medium",
+    normal: "medium",
+    low: "low",
+    minor: "low",
+    trivial: "low",
+    info: "info",
+    informational: "info",
+    note: "info",
+    notice: "info",
+    nit: "info",
+    suggestion: "info",
+    hint: "info",
+    style: "info",
+};
+/** Coerce any severity-ish value into one of the canonical levels. */
+export function normalizeSeverity(value) {
+    if (typeof value === "number" && Number.isFinite(value)) {
+        if (value >= 4)
+            return "critical";
+        if (value === 3)
+            return "high";
+        if (value === 2)
+            return "medium";
+        if (value === 1)
+            return "low";
+        return "info";
+    }
+    if (typeof value !== "string")
+        return "info";
+    const key = value.trim().toLowerCase();
+    if (key === "")
+        return "info";
+    // Default unknown-but-present severities to "medium" so they are not hidden.
+    return SEVERITY_ALIASES[key] ?? "medium";
+}
+function firstNonEmptyString(...values) {
+    for (const value of values) {
+        if (typeof value === "string" && value.trim() !== "")
+            return value.trim();
+    }
+    return null;
+}
+function firstArray(...values) {
+    for (const value of values) {
+        if (Array.isArray(value))
+            return value;
+    }
+    return null;
+}
+function firstLineNumber(...values) {
+    for (const value of values) {
+        if (typeof value === "number" && Number.isFinite(value)) {
+            return Math.trunc(value);
+        }
+        if (typeof value === "string") {
+            const parsed = Number.parseInt(value, 10);
+            if (!Number.isNaN(parsed))
+                return parsed;
+        }
+    }
+    return null;
+}
+/** Convert a single issue-ish value (object or string) into a NormalizedIssue. */
+function normalizeIssue(item) {
+    if (typeof item === "string") {
+        const message = item.trim();
+        if (message === "")
+            return null;
+        return {
+            type: "general",
+            severity: "info",
+            file: null,
+            line: null,
+            message,
+            suggestion: null,
+        };
+    }
+    if (!item || typeof item !== "object")
+        return null;
+    const o = item;
+    const message = firstNonEmptyString(o.message, o.description, o.detail, o.details, o.text, o.body, o.title, o.issue, o.problem, o.comment);
+    const type = firstNonEmptyString(o.type, o.category, o.kind, o.rule, o.tag) ?? "general";
+    const severity = normalizeSeverity(o.severity ?? o.priority ?? o.level ?? o.impact);
+    const file = firstNonEmptyString(o.file, o.path, o.filename, o.file_path, o.filePath, o.location);
+    const line = firstLineNumber(o.line, o.lineNumber, o.line_number, o.lineNo, o.row, o.start_line);
+    const suggestion = firstNonEmptyString(o.suggestion, o.fix, o.recommendation, o.remediation, o.solution, o.advice);
+    // Drop entries that carry no usable information at all.
+    if (message === null && file === null && suggestion === null)
+        return null;
+    return {
+        type,
+        severity,
+        file,
+        line,
+        message: message ?? (file ? `Issue in ${file}` : "Unspecified issue"),
+        suggestion,
+    };
+}
+/** Try to interpret a parsed JSON value as a review object. */
+function coerceReviewObject(value) {
+    if (Array.isArray(value)) {
+        const issues = value
+            .map(normalizeIssue)
+            .filter((x) => x !== null);
+        if (issues.length === 0)
+            return null;
+        return {
+            degraded: false,
+            summary: `${issues.length} issue(s) found.`,
+            issues,
+            parseError: null,
+        };
+    }
+    if (!value || typeof value !== "object")
+        return null;
+    const o = value;
+    const issuesRaw = firstArray(o.issues, o.findings, o.problems, o.comments, o.results, o.violations);
+    const summary = firstNonEmptyString(o.summary, o.overview, o.conclusion);
+    // Only accept this object if it actually looks like a review.
+    if (issuesRaw === null && summary === null)
+        return null;
+    const issues = (issuesRaw ?? [])
+        .map(normalizeIssue)
+        .filter((x) => x !== null);
+    return {
+        degraded: false,
+        summary: summary ??
+            (issues.length > 0
+                ? `${issues.length} issue(s) found.`
+                : "No issues reported."),
+        issues,
+        parseError: null,
+    };
+}
+/**
+ * Extract balanced `{...}` or `[...]` substrings, respecting string literals so
+ * braces inside strings do not break the matching.
+ */
+function extractBalanced(text, open, close) {
+    const results = [];
+    let depth = 0;
+    let start = -1;
+    let inString = false;
+    let quote = "";
+    let escaped = false;
+    for (let i = 0; i < text.length; i++) {
+        const ch = text[i];
+        if (inString) {
+            if (escaped) {
+                escaped = false;
+            }
+            else if (ch === "\\") {
+                escaped = true;
+            }
+            else if (ch === quote) {
+                inString = false;
+            }
+            continue;
+        }
+        if (ch === '"' || ch === "'") {
+            inString = true;
+            quote = ch;
+            continue;
+        }
+        if (ch === open) {
+            if (depth === 0)
+                start = i;
+            depth++;
+        }
+        else if (ch === close) {
+            if (depth > 0) {
+                depth--;
+                if (depth === 0 && start >= 0) {
+                    results.push(text.slice(start, i + 1));
+                    start = -1;
+                }
+            }
+        }
+    }
+    return results;
+}
+/**
+ * Produce JSON candidate strings from raw text, in priority order:
+ * 1. the whole text (pure JSON),
+ * 2. contents of ```json / ``` fenced blocks,
+ * 3. balanced {...} objects, then [...] arrays.
+ */
+export function extractJsonCandidates(text) {
+    const candidates = [];
+    const seen = new Set();
+    const add = (value) => {
+        if (!value)
+            return;
+        const trimmed = value.trim();
+        if (trimmed.length < 2)
+            return;
+        if (seen.has(trimmed))
+            return;
+        seen.add(trimmed);
+        candidates.push(trimmed);
+    };
+    add(text);
+    const fenceRe = /```(?:json5?|jsonc)?\s*([\s\S]*?)```/gi;
+    let match;
+    while ((match = fenceRe.exec(text)) !== null) {
+        add(match[1]);
+    }
+    for (const obj of extractBalanced(text, "{", "}"))
+        add(obj);
+    for (const arr of extractBalanced(text, "[", "]"))
+        add(arr);
+    return candidates;
+}
+const MAX_SUMMARY_CHARS = 4000;
+function clampSummary(text) {
+    if (text.length <= MAX_SUMMARY_CHARS)
+        return text;
+    return `${text.slice(0, MAX_SUMMARY_CHARS)}\n... [truncated]`;
+}
+/**
+ * Normalize raw Duo output into a stable review structure. Never throws.
+ */
+export function normalizeReview(raw) {
+    const text = (raw ?? "").trim();
+    if (text === "") {
+        return {
+            degraded: true,
+            summary: "",
+            issues: [],
+            parseError: "Empty output from Duo CLI.",
+        };
+    }
+    let lastError = null;
+    for (const candidate of extractJsonCandidates(text)) {
+        let parsed;
+        try {
+            parsed = JSON.parse(candidate);
+        }
+        catch (err) {
+            lastError = err instanceof Error ? err.message : String(err);
+            continue;
+        }
+        const review = coerceReviewObject(parsed);
+        if (review)
+            return review;
+    }
+    // Nothing structured found: degrade to plain text, but keep everything.
+    return {
+        degraded: true,
+        summary: clampSummary(text),
+        issues: [],
+        parseError: lastError ??
+            "No structured JSON found in Duo output; returning raw text.",
+    };
+}

package/dist/src/server.js

@@ -0,0 +1,264 @@
+/**
+ * MCP server wiring: registers the `duo_review` tool and orchestrates
+ * goal building -> Duo CLI execution -> fault-tolerant normalization.
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
+import { buildReviewGoal } from "./goal.js";
+import { runDuo } from "./duoRunner.js";
+import { buildPointerGoal, writeGoalFile, } from "./goalFile.js";
+import { normalizeReview, SEVERITIES, } from "./normalizer.js";
+export const SERVER_NAME = "gitlab-duo-mcp-bridge";
+export const SERVER_VERSION = "0.1.0";
+const TOOL_DESCRIPTION = "Run a code review with the GitLab Duo CLI and return a normalized, " +
+    "fault-tolerant result. Use this to get a 'second opinion' review of a diff " +
+    "or set of files: pass a unified `diff` (and/or `files`/`instructions`), and " +
+    "you get back a stable JSON structure with a `summary` and a list of " +
+    "`issues` (type, severity, file, line, message, suggestion). If Duo answers " +
+    "with prose instead of JSON, the result is still returned with " +
+    "`degraded: true` and the raw text in `summary`/`raw`. Your agent can then " +
+    "act on the issues (e.g. write fixes).";
+function truncate(text, max) {
+    if (text.length <= max)
+        return text;
+    return `${text.slice(0, max)}\n... [truncated ${text.length - max} chars]`;
+}
+/** A canned Duo run for MOCK mode (no real CLI call). */
+function mockRun(config) {
+    const payload = {
+        summary: "Mock review: 2 issues found in the provided changes.",
+        issues: [
+            {
+                type: "security",
+                severity: "high",
+                file: "src/auth.ts",
+                line: 42,
+                message: "User input is concatenated directly into a SQL query.",
+                suggestion: "Use parameterized queries / prepared statements.",
+            },
+            {
+                type: "maintainability",
+                severity: "low",
+                file: "src/utils.ts",
+                line: null,
+                message: "Function does too many things and is hard to test.",
+                suggestion: "Split it into smaller, single-responsibility helpers.",
+            },
+        ],
+    };
+    const stdout = ["Here is my review:", "```json", JSON.stringify(payload, null, 2), "```"].join("\n");
+    return {
+        stdout,
+        stderr: "",
+        exitCode: 0,
+        timedOut: false,
+        durationMs: 1,
+        commandLine: `[MOCK] ${config.command} ${config.baseArgs.join(" ")} ${config.goalFlag} <goal>`,
+    };
+}
+/** Build a short, human-readable text rendering of the structured result. */
+function renderText(result) {
+    const lines = [];
+    if (result.degraded) {
+        lines.push("WARNING: Duo output could not be parsed as structured JSON; returning a best-effort result.");
+    }
+    else {
+        lines.push(`Duo review complete: ${result.issues.length} issue(s) found.`);
+    }
+    if (result.summary) {
+        lines.push("");
+        lines.push(result.summary);
+    }
+    if (result.issues.length > 0) {
+        lines.push("");
+        for (const issue of result.issues) {
+            const loc = issue.file
+                ? ` (${issue.file}${issue.line != null ? `:${issue.line}` : ""})`
+                : "";
+            lines.push(`- [${issue.severity}] ${issue.type}${loc}: ${issue.message}`);
+            if (issue.suggestion) {
+                lines.push(`    -> ${issue.suggestion}`);
+            }
+        }
+    }
+    if (!result.ok) {
+        lines.push("");
+        const bits = [
+            `exitCode=${result.meta.exitCode}`,
+            `timedOut=${result.meta.timedOut}`,
+        ];
+        if (result.meta.parseError)
+            bits.push(`parseError=${result.meta.parseError}`);
+        lines.push(`(${bits.join(", ")})`);
+    }
+    return lines.join("\n");
+}
+/** Core handler: run Duo (or mock) and normalize the result. */
+export async function handleReview(config, input) {
+    const goal = buildReviewGoal(input);
+    const effectiveCwd = input.cwd ?? config.cwd ?? process.cwd();
+    // Very large goals (e.g. big diffs) can blow past the OS command-line length
+    // limit (ENAMETOOLONG on Windows). When that happens, write the goal to a
+    // temp file in the working directory and pass a tiny pointer goal instead;
+    // Duo reads the file itself (it is agentic and auto-approves tools headless).
+    let goalFile = null;
+    let goalToSend = goal;
+    if (!config.mock && goal.length > config.maxInlineGoalChars) {
+        goalFile = writeGoalFile(goal, effectiveCwd);
+        if (goalFile) {
+            goalToSend = buildPointerGoal(goalFile.fileName);
+        }
+    }
+    const goalViaFile = goalFile !== null;
+    let run;
+    try {
+        run = config.mock
+            ? mockRun(config)
+            : await runDuo(goalToSend, {
+                command: config.command,
+                baseArgs: config.baseArgs,
+                goalFlag: config.goalFlag,
+                modelFlag: config.modelFlag,
+                model: input.model ?? config.model,
+                extraArgs: config.extraArgs,
+                timeoutMs: input.timeoutMs ?? config.timeoutMs,
+                cwd: effectiveCwd,
+            });
+    }
+    finally {
+        // Always remove the temp file, even on failure/timeout.
+        goalFile?.cleanup();
+    }
+    // Hard launch failure (e.g. command not found): surface an actionable error.
+    if (run.spawnError) {
+        const tooLong = /ENAMETOOLONG|E2BIG|too long/i.test(run.spawnError);
+        const message = `Failed to launch the Duo CLI ('${config.command}'): ${run.spawnError}. ` +
+            (tooLong
+                ? "This usually means the prompt/diff was too large for the command " +
+                    "line. The bridge writes oversized goals to a temp file above " +
+                    `DUO_MAX_INLINE_GOAL_CHARS (currently ${config.maxInlineGoalChars}); ` +
+                    "lower that value, or pass fewer/smaller inputs (e.g. specific " +
+                    "`files` instead of a huge `diff`). "
+                : "") +
+            "Check DUO_CLI_COMMAND / DUO_CLI_BASE_ARGS, make sure the CLI is " +
+            "installed and on PATH, or set DUO_MOCK=1 to test the bridge without Duo.";
+        const structured = {
+            ok: false,
+            degraded: true,
+            summary: message,
+            issues: [],
+            raw: truncate(run.stderr, config.maxOutputChars),
+            meta: {
+                commandLine: run.commandLine,
+                exitCode: run.exitCode,
+                timedOut: run.timedOut,
+                durationMs: run.durationMs,
+                mock: config.mock,
+                parseError: run.spawnError,
+                goalViaFile,
+            },
+        };
+        return {
+            content: [{ type: "text", text: message }],
+            structuredContent: structured,
+            isError: true,
+        };
+    }
+    const source = run.stdout.trim() !== "" ? run.stdout : run.stderr;
+    const normalized = normalizeReview(source);
+    const ok = run.exitCode === 0 && !run.timedOut;
+    const structured = {
+        ok,
+        degraded: normalized.degraded,
+        summary: normalized.summary,
+        issues: normalized.issues,
+        raw: truncate(run.stdout || run.stderr, config.maxOutputChars),
+        meta: {
+            commandLine: run.commandLine,
+            exitCode: run.exitCode,
+            timedOut: run.timedOut,
+            durationMs: run.durationMs,
+            mock: config.mock,
+            parseError: normalized.parseError,
+            goalViaFile,
+        },
+    };
+    // Only flag a true error when the run failed AND produced nothing usable.
+    const isError = !ok && normalized.degraded && normalized.issues.length === 0;
+    return {
+        content: [{ type: "text", text: renderText(structured) }],
+        structuredContent: structured,
+        isError,
+    };
+}
+export function createServer(config) {
+    const server = new McpServer({
+        name: SERVER_NAME,
+        version: SERVER_VERSION,
+    });
+    const inputSchema = {
+        diff: z
+            .string()
+            .optional()
+            .describe("Unified diff to review (e.g. output of `git diff`)."),
+        files: z
+            .array(z.string())
+            .optional()
+            .describe("File paths to focus the review on."),
+        instructions: z
+            .string()
+            .optional()
+            .describe("Extra free-form guidance for the reviewer."),
+        goal: z
+            .string()
+            .optional()
+            .describe("Override the entire prompt sent to Duo. When set, diff/files/instructions are ignored."),
+        cwd: z
+            .string()
+            .optional()
+            .describe("Working directory to run Duo in for this call."),
+        model: z.string().optional().describe("Override the Duo model for this call."),
+        timeoutMs: z
+            .number()
+            .int()
+            .positive()
+            .optional()
+            .describe("Override the run timeout (milliseconds) for this call."),
+    };
+    const outputSchema = {
+        ok: z
+            .boolean()
+            .describe("True when Duo exited successfully and did not time out."),
+        degraded: z
+            .boolean()
+            .describe("True when output could not be parsed as JSON (raw text fallback)."),
+        summary: z.string().describe("Review summary, or raw text when degraded."),
+        issues: z
+            .array(z.object({
+            type: z.string(),
+            severity: z.enum(SEVERITIES),
+            file: z.string().nullable(),
+            line: z.number().nullable(),
+            message: z.string(),
+            suggestion: z.string().nullable(),
+        }))
+            .describe("Normalized list of findings."),
+        raw: z.string().describe("Raw (truncated) Duo output for debugging."),
+        meta: z.object({
+            commandLine: z.string(),
+            exitCode: z.number().nullable(),
+            timedOut: z.boolean(),
+            durationMs: z.number(),
+            mock: z.boolean(),
+            parseError: z.string().nullable(),
+            goalViaFile: z.boolean(),
+        }),
+    };
+    server.registerTool(config.toolName, {
+        title: "GitLab Duo Review",
+        description: TOOL_DESCRIPTION,
+        inputSchema,
+        outputSchema,
+    }, async (input) => handleReview(config, input));
+    return server;
+}

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "gitlab-duo-mcp-bridge",
+  "version": "0.1.0",
+  "description": "MCP server that wraps the GitLab Duo CLI as a clean, fault-tolerant duo_review tool for AI coding agents.",
+  "type": "module",
+  "bin": {
+    "gitlab-duo-mcp-bridge": "dist/src/index.js"
+  },
+  "files": [
+    "dist/src",
+    "README.md",
+    ".env.example"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsc",
+    "prepare": "npm run build",
+    "start": "node dist/src/index.js",
+    "dev": "node --import tsx src/index.ts",
+    "typecheck": "tsc --noEmit",
+    "pretest": "tsc",
+    "test": "node --test \"dist/test/**/*.test.js\"",
+    "smoke": "node scripts/smoke.mjs"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "gitlab",
+    "gitlab-duo",
+    "code-review",
+    "ai-agents"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "zod": "^3.25.0"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0"
+  },
+  "main": "index.js",
+  "directories": {
+    "test": "test"
+  },
+  "author": "DataTalesByAgos"
+}