magenta-canon 0.1.0

package/docs/MCP_GATEWAY.md

@@ -0,0 +1,97 @@
+# Magenta MCP Gateway (stdio)
+
+A witnessed, capability-gated **stdio proxy** that sits between an MCP host
+(Claude Code / Claude Desktop / Cursor) and a downstream MCP server. Every
+`tools/call` is gated against operator-delegated capabilities and witnessed —
+allowed *and* refused — onto the same transparency/evidence surface proven in
+[`VERIFICATION_RUN.md`](./VERIFICATION_RUN.md). Refused calls never reach the
+downstream server. The receipts are verifiable with `scripts/magenta-verify.ts`
+and zero new trust.
+
+```
+ MCP host ──stdio──▶ Magenta Gateway ──gate+witness──▶ control plane (/internal/agent/action)
+ (Claude)  ◀────────  (this proxy)    ──forward if allowed──▶ downstream MCP server
+```
+
+**Scope (this lane):** local stdio only. No Streamable HTTP, no hosted/multi-tenant.
+
+## How gating works
+
+- Each tool is mapped to a Magenta action (`toolMap`), or falls back to
+  `agent.mcp.call` (the default), gated by the operator's `grantedCapabilities`.
+- `payments.refund:<=10000` — a ceilinged grant: the `refund` tool is allowed only
+  up to 10000 cents; over that is refused (and recorded).
+- `mcp.call:search`, `mcp.call:read_file` — an allowlist: those tools pass; any
+  tool **not** mapped and **not** allowlisted is **default-denied** (and recorded).
+- The gate **always records before it forwards** — there is no path to the
+  downstream server that skips the receipt. A denied call returns an MCP tool
+  error (`isError: true`) carrying the reason and the witnessing receipt hash.
+
+## Run the demo
+
+**1. Boot the control plane** (the witness + evidence surface):
+
+```bash
+INTERNAL_API_KEY=operator-secret-xyz MAGENTA_STATE_FILE=/tmp/magenta-state.json \
+  PORT=5000 npx tsx server/index.ts
+# then, once: bootstrap trust
+curl -s -X POST :5000/internal/founder/ceremony -H 'X-Internal-Key: operator-secret-xyz' -d '{}'
+```
+
+**2. Point your MCP host at the gateway.** Edit `examples/magenta-gateway.config.json`
+to set your downstream server command and your granted capabilities, then add the
+gateway to your MCP client config:
+
+```jsonc
+// Claude Desktop / Claude Code / Cursor MCP servers config
+{
+  "mcpServers": {
+    "magenta-gated-tools": {
+      "command": "npx",
+      "args": ["tsx", "/abs/path/to/magenta-canon/scripts/mcp-gateway.ts",
+               "/abs/path/to/magenta-canon/examples/magenta-gateway.config.json"]
+    }
+  }
+}
+```
+
+The host now spawns the gateway, which spawns your downstream server. Every tool
+call the agent makes flows through the gate.
+
+**3. Trigger one ALLOWED call** — e.g. the agent calls `refund { amount_cents: 8900 }`.
+It is witnessed and forwarded; the agent gets the real downstream result.
+
+**4. Trigger one REFUSED call** — e.g. `refund { amount_cents: 25000 }` (over the
+$100 ceiling) or any tool not on the allowlist. The downstream server is never
+contacted; the agent receives an MCP tool error noting the block and the receipt hash.
+
+**5. Publish evidence and verify** (the same loop as `VERIFICATION_RUN.md`):
+
+```bash
+curl -s :5000/api/trust/evidence > bundle.json
+npx tsx scripts/magenta-verify.ts bundle.json     # → RESULT: VERIFIED
+```
+
+Both the allowed and the refused call appear as receipts in the bundle — the
+refusal is evidence too — and the verifier confirms the log is authentic and
+untampered without trusting the server.
+
+## Tests
+
+`scripts/mcp-gateway.test.ts` proves, in-process against the real witness surface:
+- allowed tool call passes through downstream **and** writes a receipt;
+- refused tool call **never** reaches downstream **and** still writes a refusal receipt;
+- the standalone verifier **VERIFIES** the resulting evidence bundle;
+- an unknown tool is default-denied and recorded (no bypass of the trust loop);
+- non-`tools/call` messages (`initialize`, `tools/list`) pass through ungated.
+
+## Notes / honesty
+
+- The gate **logic** (`McpGate`) is tested in-process with injected `record` +
+  `forward`; the stdio + control-plane wiring at the bottom of `mcp-gateway.ts`
+  is thin glue exercised by the manual demo above, not the unit tests.
+- Capabilities here are **operator-configured** (Act-1 style) — the gateway is a
+  transparent proxy, so the human who installs it sets the ceilings. Per-call
+  agent-signed envelopes (Act 2) are a separate, stronger mode.
+- Streamable HTTP transport and hosted/multi-tenant operation are deliberately
+  **not** implemented in this lane.

package/docs/NPM_PACKAGING.md

@@ -0,0 +1,177 @@
+# NPM Packaging
+
+How Magenta Canon is packaged as an installable CLI, what ships in the tarball,
+what deliberately does not, and how to verify the package locally.
+
+> **Status: packaging readiness — NOT published.** Nothing here publishes to npm.
+> The package has not been pushed to the registry. Publishing is a separate,
+> explicitly-authorized step.
+
+## Intended first release
+
+The first npm release is planned as **`magenta-canon@0.1.0`** published under the
+**`next`** dist-tag (not `latest`). This is deliberate: Magenta Canon is a
+**proven reference implementation**, not production-hosted infrastructure yet, so
+`0.1.0` + `next` signals early-OSS posture and lets adopters opt in explicitly
+(`npm i magenta-canon@next`). It can be promoted to `latest` (and a higher
+version) once production durability and an externally-mirrored witness land. The
+intended command — run only after explicit authorization on an authenticated
+machine — is:
+
+```bash
+npm publish --tag next --access public
+```
+
+## The CLI
+
+The package exposes a single bin, `magenta-canon`, with three commands. Until the
+package is promoted to `latest`, install from the `next` dist-tag:
+
+```bash
+npx magenta-canon@next demo                 # full local proof loop (allow/block/verify/tamper)
+npx magenta-canon@next verify <bundle.json> # independently verify an evidence bundle
+npx magenta-canon@next gateway <config.json># run the stdio MCP capability gateway
+npx magenta-canon@next --help | --version
+```
+
+- `verify` exits `0` on **VERIFIED**, `1` on **VERIFICATION FAILED** (and supports
+  `--self-test`). It is the standalone verifier — it imports nothing from the
+  server.
+- `gateway` is the transparent stdio proxy; point an MCP host at it (see
+  [`MCP_GATEWAY.md`](MCP_GATEWAY.md)).
+- `demo` runs the whole wedge locally against an ephemeral, **headless** control
+  plane (see "Headless mode" below).
+
+The bin (`bin/magenta-canon.mjs`) is a thin dispatcher. It does not change any
+verifier, witness, evidence, or gate behavior — it locates the package's existing
+entry scripts and runs them, resolving the `tsx` TypeScript runner via
+`createRequire` so it works from a global install, `npx`, or a repo checkout.
+
+## Headless control plane (why `demo` works after install)
+
+The control plane (`server/index.ts`) normally serves a frontend: in development
+it imports Vite, and in production it serves a pre-built client. Neither belongs
+in a lean OSS CLI. So the package adds an **additive** flag:
+
+```
+MAGENTA_HEADLESS=1   → skip Vite and static-client serving (API only)
+```
+
+`npx magenta-canon demo` sets `MAGENTA_HEADLESS=1` (with `NODE_ENV=production`),
+so the control plane boots with **no Vite and no built client** and still exposes
+every endpoint the demo needs: `/api/health`, `/internal/founder/ceremony`,
+`/internal/agent/action`, `/api/trust/evidence`. This flag changes only what is
+served for the frontend — it does **not** change gate, witness, evidence, or
+verifier behavior.
+
+## What ships in the tarball
+
+Controlled by the `files` allowlist in `package.json`. Current contents
+(`magenta-canon-0.1.0.tgz` — 75 files, ~210 KB packed, ~849 KB unpacked):
+
+| Path | Why |
+|---|---|
+| `bin/` | the `magenta-canon` CLI dispatcher |
+| `scripts/` | `demo.mjs`, `magenta-verify.ts`, `mcp-gateway.ts`, `mcp-demo-drive.mjs` (+ repo tooling) |
+| `server/` | the headless control plane (gate, witness, transparency log, evidence) |
+| `shared/` | canonical hashing, certificates, and the Drizzle schema the server imports |
+| `examples/` | the demo gateway config + the minimal downstream MCP server |
+| `tsconfig.json` | required so `tsx` resolves the `@shared/*` path alias at runtime |
+| `docs/MAGENTA_VERIFICATION_SPEC.md`, `MCP_GATEWAY.md`, `SECURITY_MODEL.md`, `NPM_PACKAGING.md` | the spec + the docs a CLI user needs |
+| `README.md`, `LICENSE` | always |
+
+Runtime dependency added for packaging: **`tsx`** (moved from devDependencies to
+`dependencies`) so the published package can run the TypeScript entry scripts.
+
+## What is deliberately NOT included
+
+- **The React client (`client/`)** and any frontend build — the CLI is headless.
+- **The website (`public/`)** — landing page, sitemap, banner, canon artifacts.
+- **All tests (`**/*.test.ts`)**, `reports/`, `diagnostics/`, `attached_assets/`,
+  and other repo-only material (excluded via `!` patterns in `files`).
+- **No hosted/cloud functionality, no HTTP gateway, no dashboard, no multi-tenant,
+  no production durability.** The package is the local reference implementation.
+
+### Open/paid boundary (unchanged)
+
+The package ships the **open** surface: the verifier, the verification spec, the
+stdio gateway, the evidence format, and a runnable local control plane. It does
+**not** ship — and this lane does not create — the proposed paid surface (hosted
+externally-mirrored witness, multi-tenant policy/control plane, compliance
+reporting). See [`OSS_VS_PAID.md`](OSS_VS_PAID.md). Verification stays free and
+re-implementable; that boundary is not weakened by packaging.
+
+## Verify the package locally
+
+Inspect exactly what would publish, without publishing:
+
+```bash
+npm pack --dry-run          # lists files; add --json for machine output
+npm pack                    # writes magenta-canon-<version>.tgz
+```
+
+Smoke-test the packed artifact in a throwaway project:
+
+```bash
+mkdir /tmp/mc-try && cd /tmp/mc-try && npm init -y
+npm install /path/to/magenta-canon-0.1.0.tgz   # installs deps incl. tsx
+npx magenta-canon --version
+npx magenta-canon verify --self-test            # VERIFIED + VERIFICATION FAILED
+npx magenta-canon demo                          # full headless proof loop
+```
+
+(Offline alternative used in CI/dev: extract the tarball and symlink an existing
+`node_modules` into the extracted `package/` dir, then run
+`node package/bin/magenta-canon.mjs <cmd>`.)
+
+## Dependency footprint (after slimming)
+
+Frontend/UI libraries (React, 29 Radix packages, recharts, framer-motion, …) and
+test/type tooling (jest, ts-jest, supertest, jsdom, `@types/*`) were moved from
+`dependencies` to `devDependencies` — none are imported by shipped code, so the
+repo still builds/tests with them while consumers no longer install them. Two
+packages were corrected: `semver` (imported on the server boot path) is now a
+declared `dependency`; `nanoid` (only in the dev-only `server/vite.ts`) is a
+`devDependency`.
+
+| | Before | After |
+|---|---|---|
+| runtime `dependencies` | 76 | **19** |
+| production install (`npm i --omit=dev`) | full frontend stack included | **~88 MB / 121 pkgs** |
+
+## Validated
+
+In a **real `npm install --omit=dev`** of the tarball (production deps only):
+
+- `--version` / `--help` → ok. ✅
+- `verify --self-test` → `VERIFIED` then `VERIFICATION FAILED` (exit 0). ✅
+- `gateway` with no config → usage message, exit 2. ✅
+- `demo` → the full seven-step proof loop (allow `$89`, block `$250`, downstream
+  absence, `VERIFIED`, tamper `VERIFICATION FAILED`). ✅
+- `npm test` (repo, full devDeps) → 18 suites / 331 tests green. ✅
+- `npm run build` (client + server) → green. ✅
+- `npm publish --dry-run` → clean (no errors; see "Dry-run output" below). ✅
+
+`demo` now works from a true `npm install` because the 9 server files that used
+the `@shared/*` tsconfig path alias were rewritten to relative imports — `tsx`
+resolves those identically whether the package is nested in `node_modules` or run
+from a repo checkout. (`tsconfig.json` is still shipped; the client retains the
+alias, and it is harmless for the CLI.)
+
+### Dry-run output (current)
+
+`npm publish --dry-run` reports: package size **~210 kB**, unpacked **~849 kB**,
+**75 files**, unscoped + default public access. No errors. The only prior warning
+(`repository.url` normalization) was fixed with `npm pkg fix`.
+
+## Known follow-ups (not in this lane)
+
+- **Optional compiled build:** shipping pre-compiled JS would drop the `tsx`
+  runtime dependency entirely. Deferred — not required now that all three CLI
+  commands work via `tsx` from a true install.
+- **`scripts/` hygiene:** the package currently ships a few repo-only helper
+  scripts (`post-merge.sh`, `heartbeat-loop.cjs`, the `uci-*` tools,
+  `agent-demo.ts`, `magenta-cli.ts`) that the CLI does not invoke. Harmless, but a
+  tighter `files` allowlist could trim them before publish. Cosmetic.
+- **Publication:** choosing the dist-tag and running `npm publish` is a separate,
+  explicitly-authorized step.

package/docs/SECURITY_MODEL.md

@@ -0,0 +1,96 @@
+# Magenta Canon — Security Model
+
+This document states precisely **what Magenta Canon protects, what it does not,
+and under what assumptions.** It is the honest backing for the claims in the
+README. If a claim isn't supported here, it doesn't belong in the README.
+
+## What Magenta is
+
+A **verifiable control plane for AI-agent tool calls**. Two layers:
+
+1. **Capability gate** — every consequential agent action is checked against a
+   delegated capability before it happens (allow / deny, with a recorded reason).
+2. **Transparency-log witness** — every decision (allowed *and* denied) is
+   recorded as a hash-chained, signed **execution receipt**, anchored in an
+   append-only Merkle log whose **Signed Tree Head (STH)** an outside party can
+   verify without trusting the operator.
+
+The MCP Gateway puts layer 1 in the request path of real MCP tool calls; the
+verifier (`scripts/magenta-verify.ts`) lets anyone check layer 2.
+
+## The core property
+
+> **An action's outcome is gated before it happens, and recorded so that
+> tampering with the record is detectable by an independent party.**
+
+Concretely, proven in `docs/MCP_GATEWAY_RUN.md` and `docs/VERIFICATION_RUN.md`:
+- a refund over the delegated ceiling was **blocked and never reached** the
+  downstream tool (proven by the downstream's own call log);
+- the resulting evidence bundle **verified** with an independent tool;
+- a tampered bundle **failed** verification (exit code 1).
+
+## Threats it addresses
+
+| Threat | How Magenta addresses it |
+|---|---|
+| An agent takes an action outside its delegated authority | Capability gate denies it **before** it reaches the tool; the attempt is recorded. |
+| After-the-fact log editing by an outsider | Hash-chained receipts: editing one breaks the chain (detected by the verifier). |
+| **Insider** rewrites the log into a self-consistent forgery | The recomputed Merkle root won't match an STH the auditor **already holds**, signed by the **separate witness key** — so the forgery is exposed *(see the trust assumption below)*. |
+| "We can't prove what the agent did" | Every decision is a signed receipt on an independently verifiable log. |
+| Trusting the operator's word | The verifier re-derives all math and imports nothing from the server. |
+
+## Trust assumptions (read these — the guarantees are conditional)
+
+1. **Insider non-repudiation requires the STH to be externalized.** If the
+   operator both runs the witness *and* holds the only copy of the Signed Tree
+   Head, the guarantee is only **tamper-evidence across a restart**, not proof
+   against the operator. The full insider guarantee holds **only when the STH is
+   mirrored to an independent party** (the customer, an auditor, or a public
+   log) *before* any disputed action. The code emits and verifies STHs; the
+   mirror is an **operational commitment**, not yet an automated feature.
+2. **The witness key must be independent of the request-signing root.** Magenta
+   generates it separately; in production it should live in a separate KMS / host.
+3. **It is accountability, not prevention-of-everything.** The gate prevents an
+   *un-authorized* action; the witness proves *what was decided*. A correctly
+   *authorized* but harmful action is still recorded but not blocked — the
+   boundary is only as good as the capability policy the operator sets.
+4. **The verifier and the published spec are the trust root for auditors.**
+   `scripts/magenta-verify.ts` imports only `node:crypto`, `node:fs`, `tweetnacl`
+   (test-enforced) and follows `docs/MAGENTA_VERIFICATION_SPEC.md`. An auditor
+   should read the spec / re-implement the verifier rather than trust ours blindly.
+
+## Non-goals / what it does NOT do
+
+- It does **not** sandbox or inspect tool *behavior* — it gates *whether* a call
+  is authorized and records it; it does not analyze what the tool does internally.
+- It does **not** make a model safer or aligned; it makes its actions accountable.
+- It is **not** a blockchain / trustless-consensus system — there is an operator;
+  the property is "you can *catch* the operator," contingent on STH mirroring.
+- It does **not** yet provide production durability (see Status).
+
+## Capability model
+
+- **Act 1 (proven):** capabilities are **operator-configured** — the human who
+  installs the gateway sets the ceilings (e.g. `payments.refund:<=10000`, or an
+  allowlist `mcp.call:<tool>`). Default is **deny**: a tool with no policy is refused.
+- **Act 2 (proven, stronger, separate mode):** the agent **signs** a sovereign
+  envelope per action and its capabilities come from a **verified, chain-anchored
+  certificate** (root → intermediate → actor) — so the agent cannot widen its own
+  authority, and its signature is non-repudiable. Not exercised by the stdio
+  gateway demo, which uses Act 1.
+
+## Current status (honest)
+
+- **Proven reference implementation**, validated in a **development sandbox**.
+- Demo persistence is **file-backed**; **production durability (single-writer,
+  Postgres) is not yet complete.**
+- The downstream MCP server in the demo is **minimal** (real stdio JSON-RPC,
+  sufficient to prove the path; not a production tool server).
+- Transport is **stdio only** — no Streamable HTTP, no hosted/multi-tenant.
+- STH mirroring (trust assumption #1) is an operational step, **not yet automated**.
+
+## Cryptographic primitives
+
+SHA-256 (hashing + Merkle), Ed25519 (receipt and STH signatures), RFC 6962-style
+Merkle leaf/node domain separation, canonical JSON (sorted keys). Full wire
+formats: `docs/MAGENTA_VERIFICATION_SPEC.md`.

package/examples/magenta-gateway.config.json

@@ -0,0 +1,24 @@
+{
+  "downstream": {
+    "command": "node",
+    "args": ["./your-downstream-mcp-server.js"]
+  },
+  "controlPlane": {
+    "url": "http://127.0.0.1:5000",
+    "internalKey": "operator-secret-xyz"
+  },
+  "agent": {
+    "agentId": "mcp:claude-code",
+    "authorizedBy": "operator:cj@trendinghot",
+    "model": "mcp-gateway"
+  },
+  "grantedCapabilities": [
+    "payments.refund:<=10000",
+    "mcp.call:search",
+    "mcp.call:read_file"
+  ],
+  "toolMap": {
+    "refund": { "action": "agent.payments.refund", "paramsFrom": ["amount_cents", "order_id"] }
+  },
+  "defaultAction": "agent.mcp.call"
+}

package/examples/magenta-gateway.demo.config.json

@@ -0,0 +1,20 @@
+{
+  "downstream": {
+    "command": "node",
+    "args": ["examples/mock-mcp-server.mjs"]
+  },
+  "controlPlane": {
+    "url": "http://127.0.0.1:5000",
+    "internalKey": "operator-secret-xyz"
+  },
+  "agent": {
+    "agentId": "mcp:claude-code",
+    "authorizedBy": "operator:cj@trendinghot",
+    "model": "mcp-gateway"
+  },
+  "grantedCapabilities": ["payments.refund:<=10000"],
+  "toolMap": {
+    "refund": { "action": "agent.payments.refund", "paramsFrom": ["amount_cents", "order_id"] }
+  },
+  "defaultAction": "agent.mcp.call"
+}

package/examples/mock-mcp-server.mjs

@@ -0,0 +1,62 @@
+#!/usr/bin/env node
+/**
+ * Minimal real downstream MCP server (stdio, newline-delimited JSON-RPC 2.0).
+ *
+ * Used to prove the Magenta MCP Gateway end-to-end: it exposes a `refund` tool,
+ * and — critically — appends every `tools/call` it RECEIVES to the file named by
+ * $DOWNSTREAM_LOG. That file is the ground truth for "the refused call never
+ * reached downstream": a blocked call must NOT appear in it.
+ */
+import readline from "node:readline";
+import { appendFileSync } from "node:fs";
+
+const LOG = process.env.DOWNSTREAM_LOG;
+const send = (msg) => process.stdout.write(JSON.stringify(msg) + "\n");
+const logCall = (name, args) => {
+  process.stderr.write(`[downstream] tools/call RECEIVED: ${name} ${JSON.stringify(args)}\n`);
+  if (LOG) appendFileSync(LOG, JSON.stringify({ name, args, at: new Date().toISOString() }) + "\n");
+};
+
+const TOOLS = [
+  {
+    name: "refund",
+    description: "Issue a refund for an order.",
+    inputSchema: {
+      type: "object",
+      properties: { amount_cents: { type: "integer" }, order_id: { type: "string" } },
+      required: ["amount_cents"],
+    },
+  },
+];
+
+readline.createInterface({ input: process.stdin }).on("line", (line) => {
+  if (!line.trim()) return;
+  let msg;
+  try { msg = JSON.parse(line); } catch { return; }
+
+  switch (msg.method) {
+    case "initialize":
+      send({ jsonrpc: "2.0", id: msg.id, result: {
+        protocolVersion: "2025-06-18",
+        capabilities: { tools: {} },
+        serverInfo: { name: "mock-downstream", version: "1.0.0" },
+      } });
+      break;
+    case "notifications/initialized":
+      break; // notification, no response
+    case "tools/list":
+      send({ jsonrpc: "2.0", id: msg.id, result: { tools: TOOLS } });
+      break;
+    case "tools/call": {
+      const name = msg.params?.name;
+      const args = msg.params?.arguments ?? {};
+      logCall(name, args); // ← ground truth: this call reached downstream
+      send({ jsonrpc: "2.0", id: msg.id, result: {
+        content: [{ type: "text", text: `refund executed: ${JSON.stringify(args)}` }],
+      } });
+      break;
+    }
+    default:
+      if (msg.id != null) send({ jsonrpc: "2.0", id: msg.id, error: { code: -32601, message: `method not found: ${msg.method}` } });
+  }
+});

package/package.json

@@ -0,0 +1,171 @@
+{
+  "name": "magenta-canon",
+  "version": "0.1.0",
+  "type": "module",
+  "license": "Apache-2.0",
+  "description": "A verifiable MCP accountability gateway for AI-agent tool calls: allows authorized calls, blocks unauthorized calls, records both, and produces cryptographic evidence anyone can verify.",
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "ai-agents",
+    "tool-calls",
+    "gateway",
+    "transparency-log",
+    "merkle",
+    "verifiable",
+    "accountability",
+    "audit"
+  ],
+  "homepage": "https://github.com/royal-ohio/magenta-canon#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/royal-ohio/magenta-canon.git"
+  },
+  "bugs": {
+    "url": "https://github.com/royal-ohio/magenta-canon/issues"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "bin": {
+    "magenta-canon": "bin/magenta-canon.mjs"
+  },
+  "files": [
+    "bin/",
+    "scripts/",
+    "server/",
+    "shared/",
+    "examples/",
+    "tsconfig.json",
+    "docs/MAGENTA_VERIFICATION_SPEC.md",
+    "docs/MCP_GATEWAY.md",
+    "docs/SECURITY_MODEL.md",
+    "docs/NPM_PACKAGING.md",
+    "README.md",
+    "LICENSE",
+    "!**/*.test.ts",
+    "!**/*.test.mjs",
+    "!**/*.test.js"
+  ],
+  "scripts": {
+    "dev": "NODE_ENV=development tsx server/index.ts",
+    "demo": "node scripts/demo.mjs",
+    "build": "tsx script/build.ts",
+    "start": "NODE_ENV=production node dist/index.cjs",
+    "check": "tsc",
+    "test": "jest",
+    "db:push": "drizzle-kit push"
+  },
+  "dependencies": {
+    "@anthropic-ai/sdk": "^0.100.1",
+    "connect-pg-simple": "^10.0.0",
+    "cors": "^2.8.6",
+    "date-fns": "^3.6.0",
+    "drizzle-orm": "^0.39.3",
+    "drizzle-zod": "^0.7.0",
+    "express": "^4.21.2",
+    "express-session": "^1.18.1",
+    "memorystore": "^1.6.7",
+    "passport": "^0.7.0",
+    "passport-local": "^1.0.0",
+    "pg": "^8.16.3",
+    "semver": "^6.3.1",
+    "tsx": "^4.7.0",
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1",
+    "ws": "^8.18.0",
+    "zod": "^3.24.2",
+    "zod-validation-error": "^3.4.0"
+  },
+  "devDependencies": {
+    "@hookform/resolvers": "^3.10.0",
+    "@jridgewell/trace-mapping": "^0.3.25",
+    "@radix-ui/react-accordion": "^1.2.4",
+    "@radix-ui/react-alert-dialog": "^1.1.7",
+    "@radix-ui/react-aspect-ratio": "^1.1.3",
+    "@radix-ui/react-avatar": "^1.1.4",
+    "@radix-ui/react-checkbox": "^1.1.5",
+    "@radix-ui/react-collapsible": "^1.1.4",
+    "@radix-ui/react-context-menu": "^2.2.7",
+    "@radix-ui/react-dialog": "^1.1.7",
+    "@radix-ui/react-dropdown-menu": "^2.1.7",
+    "@radix-ui/react-hover-card": "^1.1.7",
+    "@radix-ui/react-label": "^2.1.3",
+    "@radix-ui/react-menubar": "^1.1.7",
+    "@radix-ui/react-navigation-menu": "^1.2.6",
+    "@radix-ui/react-popover": "^1.1.7",
+    "@radix-ui/react-progress": "^1.1.3",
+    "@radix-ui/react-radio-group": "^1.2.4",
+    "@radix-ui/react-scroll-area": "^1.2.4",
+    "@radix-ui/react-select": "^2.1.7",
+    "@radix-ui/react-separator": "^1.1.3",
+    "@radix-ui/react-slider": "^1.2.4",
+    "@radix-ui/react-slot": "^1.2.0",
+    "@radix-ui/react-switch": "^1.1.4",
+    "@radix-ui/react-tabs": "^1.1.4",
+    "@radix-ui/react-toast": "^1.2.7",
+    "@radix-ui/react-toggle": "^1.1.3",
+    "@radix-ui/react-toggle-group": "^1.1.3",
+    "@radix-ui/react-tooltip": "^1.2.0",
+    "@replit/vite-plugin-cartographer": "^0.4.4",
+    "@replit/vite-plugin-dev-banner": "^0.1.1",
+    "@replit/vite-plugin-runtime-error-modal": "^0.0.3",
+    "@tailwindcss/typography": "^0.5.15",
+    "@tailwindcss/vite": "^4.1.18",
+    "@tanstack/react-query": "^5.60.5",
+    "@types/connect-pg-simple": "^7.0.3",
+    "@types/cors": "^2.8.19",
+    "@types/express": "4.17.21",
+    "@types/express-session": "^1.18.0",
+    "@types/jest": "^30.0.0",
+    "@types/jsdom": "^27.0.0",
+    "@types/node": "^20.19.41",
+    "@types/passport": "^1.0.16",
+    "@types/passport-local": "^1.0.38",
+    "@types/react": "^18.3.11",
+    "@types/react-dom": "^18.3.1",
+    "@types/supertest": "^6.0.3",
+    "@types/ws": "^8.5.13",
+    "@vitejs/plugin-react": "^4.7.0",
+    "autoprefixer": "^10.4.20",
+    "class-variance-authority": "^0.7.1",
+    "clsx": "^2.1.1",
+    "cmdk": "^1.1.1",
+    "drizzle-kit": "^0.31.8",
+    "embla-carousel-react": "^8.6.0",
+    "esbuild": "^0.25.0",
+    "framer-motion": "^11.13.1",
+    "input-otp": "^1.4.2",
+    "jest": "^30.2.0",
+    "jsdom": "^27.4.0",
+    "lucide-react": "^0.453.0",
+    "nanoid": "^3.3.11",
+    "next-themes": "^0.4.6",
+    "postcss": "^8.4.47",
+    "react": "^18.3.1",
+    "react-day-picker": "^8.10.1",
+    "react-dom": "^18.3.1",
+    "react-hook-form": "^7.55.0",
+    "react-icons": "^5.4.0",
+    "react-resizable-panels": "^2.1.7",
+    "recharts": "^2.15.2",
+    "supertest": "^7.2.2",
+    "tailwind-merge": "^2.6.0",
+    "tailwindcss": "^3.4.17",
+    "tailwindcss-animate": "^1.0.7",
+    "ts-jest": "^29.4.6",
+    "tw-animate-css": "^1.2.5",
+    "typescript": "^5.3.3",
+    "vaul": "^1.1.2",
+    "vite": "^7.3.0",
+    "wouter": "^3.3.5"
+  },
+  "overrides": {
+    "drizzle-kit": {
+      "@esbuild-kit/esm-loader": "npm:tsx@^4.20.4"
+    }
+  },
+  "optionalDependencies": {
+    "bufferutil": "^4.0.8"
+  }
+}