mcp-migration-advisor 0.2.0

package/build/generators/rollback.js

@@ -0,0 +1,197 @@
+/**
+ * Migration rollback generator.
+ *
+ * Given a forward migration, generates the reverse DDL to undo it.
+ * Handles:
+ * - CREATE TABLE → DROP TABLE
+ * - ADD COLUMN → DROP COLUMN (ALTER TABLE ... DROP COLUMN)
+ * - CREATE INDEX → DROP INDEX
+ * - DROP TABLE → warns (cannot reverse without backup)
+ * - DROP COLUMN → warns (data is lost)
+ * - ADD CONSTRAINT → DROP CONSTRAINT
+ * - MODIFY COLUMN → warns (original type unknown without schema)
+ * - RENAME → reverse RENAME
+ */
+export function generateRollback(migration) {
+    const rollbackStatements = [];
+    const warnings = [];
+    // Process in reverse order (last statement rolled back first)
+    for (let i = migration.statements.length - 1; i >= 0; i--) {
+        const stmt = migration.statements[i];
+        const result = generateRollbackStatement(stmt);
+        rollbackStatements.push(result);
+        if (result.warning) {
+            warnings.push(result.warning);
+        }
+    }
+    const fullyReversible = rollbackStatements.every(s => s.isReversible);
+    // Build the rollback SQL
+    const rollbackLines = [];
+    rollbackLines.push("-- Rollback migration: " + migration.filename);
+    if (migration.version) {
+        rollbackLines.push("-- Reverses version: " + migration.version);
+    }
+    rollbackLines.push("-- Generated by MCP Migration Advisor");
+    rollbackLines.push("");
+    if (!fullyReversible) {
+        rollbackLines.push("-- WARNING: This migration is NOT fully reversible.");
+        rollbackLines.push("-- Some operations require manual intervention (see warnings below).");
+        rollbackLines.push("");
+    }
+    for (const stmt of rollbackStatements) {
+        if (stmt.warning) {
+            rollbackLines.push(`-- WARNING: ${stmt.warning}`);
+        }
+        rollbackLines.push(stmt.rollback + ";");
+        rollbackLines.push("");
+    }
+    // Add Flyway schema_version cleanup
+    if (migration.version) {
+        rollbackLines.push("-- Remove migration record from Flyway history:");
+        rollbackLines.push(`DELETE FROM flyway_schema_history WHERE version = '${migration.version}';`);
+    }
+    return {
+        statements: rollbackStatements,
+        fullyReversible,
+        warnings,
+        rollbackSql: rollbackLines.join("\n"),
+    };
+}
+function generateRollbackStatement(stmt) {
+    switch (stmt.type) {
+        case "CREATE_TABLE":
+            return {
+                forward: stmt.raw,
+                rollback: `DROP TABLE IF EXISTS ${stmt.tableName}`,
+                isReversible: true,
+                warning: null,
+            };
+        case "DROP_TABLE":
+            return {
+                forward: stmt.raw,
+                rollback: `-- Cannot reverse DROP TABLE ${stmt.tableName} without schema backup`,
+                isReversible: false,
+                warning: `DROP TABLE ${stmt.tableName} is irreversible — table structure and data are lost. Restore from backup.`,
+            };
+        case "CREATE_INDEX": {
+            // Extract index name from the raw SQL
+            const indexMatch = stmt.raw.match(/INDEX\s+(?:CONCURRENTLY\s+)?(?:IF\s+NOT\s+EXISTS\s+)?(?:`|"|)?(\w+)/i);
+            const indexName = indexMatch ? indexMatch[1] : "unknown_index";
+            const concurrently = stmt.details.concurrently ? "CONCURRENTLY " : "";
+            return {
+                forward: stmt.raw,
+                rollback: `DROP INDEX ${concurrently}IF EXISTS ${indexName}`,
+                isReversible: true,
+                warning: null,
+            };
+        }
+        case "DROP_INDEX": {
+            return {
+                forward: stmt.raw,
+                rollback: `-- Cannot reverse DROP INDEX without original index definition`,
+                isReversible: false,
+                warning: "DROP INDEX is irreversible without the original CREATE INDEX statement.",
+            };
+        }
+        case "ADD_COLUMN":
+            return {
+                forward: stmt.raw,
+                rollback: `ALTER TABLE ${stmt.tableName} DROP COLUMN IF EXISTS ${stmt.columnName}`,
+                isReversible: true,
+                warning: null,
+            };
+        case "DROP_COLUMN":
+            return {
+                forward: stmt.raw,
+                rollback: `-- Cannot reverse DROP COLUMN ${stmt.columnName} on ${stmt.tableName} — data is lost`,
+                isReversible: false,
+                warning: `DROP COLUMN ${stmt.tableName}.${stmt.columnName} is irreversible — column data is lost. Restore from backup.`,
+            };
+        case "MODIFY_COLUMN": {
+            if (stmt.details.setNotNull === "true") {
+                return {
+                    forward: stmt.raw,
+                    rollback: `ALTER TABLE ${stmt.tableName} ALTER COLUMN ${stmt.columnName} DROP NOT NULL`,
+                    isReversible: true,
+                    warning: null,
+                };
+            }
+            if (stmt.details.dropNotNull === "true") {
+                return {
+                    forward: stmt.raw,
+                    rollback: `ALTER TABLE ${stmt.tableName} ALTER COLUMN ${stmt.columnName} SET NOT NULL`,
+                    isReversible: true,
+                    warning: "Reversing DROP NOT NULL requires all existing values to be non-null.",
+                };
+            }
+            if (stmt.details.typeChange === "true") {
+                return {
+                    forward: stmt.raw,
+                    rollback: `-- Cannot reverse type change on ${stmt.tableName}.${stmt.columnName} — original type unknown`,
+                    isReversible: false,
+                    warning: `Type change on ${stmt.tableName}.${stmt.columnName} requires knowing the original type. Check schema before migration.`,
+                };
+            }
+            return {
+                forward: stmt.raw,
+                rollback: `-- Cannot reverse: ${stmt.raw.slice(0, 80)}`,
+                isReversible: false,
+                warning: `Column modification on ${stmt.tableName}.${stmt.columnName} may not be reversible.`,
+            };
+        }
+        case "ADD_CONSTRAINT":
+            return {
+                forward: stmt.raw,
+                rollback: `ALTER TABLE ${stmt.tableName} DROP CONSTRAINT IF EXISTS ${stmt.details.constraintName || "unknown_constraint"}`,
+                isReversible: true,
+                warning: null,
+            };
+        case "DROP_CONSTRAINT":
+            return {
+                forward: stmt.raw,
+                rollback: `-- Cannot reverse DROP CONSTRAINT ${stmt.details.constraintName} — original definition unknown`,
+                isReversible: false,
+                warning: `DROP CONSTRAINT ${stmt.details.constraintName} is irreversible without the original constraint definition.`,
+            };
+        case "RENAME": {
+            // Try to extract old and new names from the raw SQL
+            const renameMatch = stmt.raw.match(/RENAME\s+(?:TO|COLUMN\s+\w+\s+TO)\s+(?:`|"|)?(\w+)/i);
+            if (renameMatch && stmt.tableName) {
+                const newName = renameMatch[1];
+                if (stmt.raw.toUpperCase().includes("RENAME COLUMN")) {
+                    const colMatch = stmt.raw.match(/RENAME\s+COLUMN\s+(?:`|"|)?(\w+)(?:`|")?\s+TO\s+(?:`|"|)?(\w+)/i);
+                    if (colMatch) {
+                        return {
+                            forward: stmt.raw,
+                            rollback: `ALTER TABLE ${stmt.tableName} RENAME COLUMN ${colMatch[2]} TO ${colMatch[1]}`,
+                            isReversible: true,
+                            warning: null,
+                        };
+                    }
+                }
+                return {
+                    forward: stmt.raw,
+                    rollback: `ALTER TABLE ${newName} RENAME TO ${stmt.tableName}`,
+                    isReversible: true,
+                    warning: null,
+                };
+            }
+            return {
+                forward: stmt.raw,
+                rollback: `-- Cannot parse RENAME for rollback: ${stmt.raw.slice(0, 80)}`,
+                isReversible: false,
+                warning: "RENAME could not be parsed for automatic rollback.",
+            };
+        }
+        case "ALTER_TABLE":
+        case "OTHER":
+        default:
+            return {
+                forward: stmt.raw,
+                rollback: `-- Manual rollback needed: ${stmt.raw.slice(0, 80)}`,
+                isReversible: false,
+                warning: `Statement requires manual rollback: ${stmt.raw.slice(0, 80)}`,
+            };
+    }
+}
+//# sourceMappingURL=rollback.js.map

package/build/index.js

@@ -0,0 +1,285 @@
+#!/usr/bin/env node
+/**
+ * MCP Migration Advisor — MCP server for database migration risk analysis.
+ *
+ * Tools:
+ *   analyze_migration  — Parse and analyze a SQL migration for risks
+ *   score_risk          — Calculate risk score for a migration
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { z } from "zod";
+import { parseMigration } from "./parsers/flyway-sql.js";
+import { parseLiquibaseXml } from "./parsers/liquibase-xml.js";
+import { parseLiquibaseYaml } from "./parsers/liquibase-yaml.js";
+import { analyzeLockRisks, calculateRiskScore } from "./analyzers/lock-risk.js";
+import { analyzeDataLoss } from "./analyzers/data-loss.js";
+import { generateRollback } from "./generators/rollback.js";
+import { detectConflicts, formatConflictReport } from "./analyzers/conflicts.js";
+import { validateLicense, formatUpgradePrompt } from "./license.js";
+// License check (reads MCP_LICENSE_KEY env var once at startup)
+const license = validateLicense(process.env.MCP_LICENSE_KEY, "migration-advisor");
+// Handle --help
+if (process.argv.includes("--help") || process.argv.includes("-h")) {
+    console.log(`mcp-migration-advisor v0.1.0 — MCP server for database migration risk analysis
+
+Usage:
+  mcp-migration-advisor [options]
+
+Options:
+  --help, -h   Show this help message
+
+Tools provided:
+  analyze_migration        Parse a SQL migration file and detect risks
+  analyze_liquibase        Parse a Liquibase XML changelog and detect risks
+  analyze_liquibase_yaml   Parse a Liquibase YAML changelog and detect risks
+  score_risk               Calculate overall risk score (0-100)
+  generate_rollback        Generate reverse DDL to undo a migration
+  detect_conflicts         Detect conflicts between two migration files`);
+    process.exit(0);
+}
+const server = new McpServer({
+    name: "mcp-migration-advisor",
+    version: "0.1.0",
+});
+// Tool 1: analyze_migration
+server.tool("analyze_migration", "Analyze a SQL migration file for lock risks, data loss potential, and unsafe patterns. Supports Flyway (V__*.sql) and plain SQL.", {
+    filename: z.string().describe("Migration filename (e.g., V2__add_user_email.sql)"),
+    sql: z.string().describe("The SQL content of the migration file"),
+}, async ({ filename, sql }) => {
+    const migration = parseMigration(filename, sql);
+    const lockRisks = analyzeLockRisks(migration);
+    const dataLossIssues = analyzeDataLoss(migration);
+    const riskScore = calculateRiskScore(lockRisks);
+    let output = `## Migration Analysis: ${filename}\n\n`;
+    // Migration info
+    if (migration.version) {
+        output += `**Version**: ${migration.version}\n`;
+    }
+    output += `**Description**: ${migration.description}\n`;
+    output += `**Statements**: ${migration.statements.length}\n`;
+    output += `**Risk Score**: ${riskScore}/100${riskScore >= 60 ? " ⚠️ HIGH RISK" : riskScore >= 30 ? " ⚡ MODERATE RISK" : " ✅ LOW RISK"}\n\n`;
+    // Statement summary
+    output += "### Operations\n\n";
+    const typeCounts = {};
+    for (const stmt of migration.statements) {
+        typeCounts[stmt.type] = (typeCounts[stmt.type] || 0) + 1;
+    }
+    output += "| Operation | Count |\n|-----------|-------|\n";
+    for (const [type, count] of Object.entries(typeCounts)) {
+        output += `| ${type} | ${count} |\n`;
+    }
+    output += "\n";
+    // Lock risks
+    if (lockRisks.length > 0) {
+        output += "### Lock Risks\n\n";
+        for (const risk of lockRisks) {
+            output += `**${risk.severity}**: ${risk.risk}\n`;
+            output += `> \`${risk.statement}\`\n`;
+            output += `> **Recommendation**: ${risk.recommendation}\n\n`;
+        }
+    }
+    else {
+        output += "### Lock Risks\n\nNo lock risks detected.\n\n";
+    }
+    // Data loss issues
+    if (dataLossIssues.length > 0) {
+        output += "### Data Loss Analysis\n\n";
+        for (const issue of dataLossIssues) {
+            output += `**${issue.risk}**: ${issue.description}\n`;
+            output += `> \`${issue.statement}\`\n`;
+            output += `> **Mitigation**: ${issue.mitigation}\n\n`;
+        }
+    }
+    else {
+        output += "### Data Loss Analysis\n\nNo data loss risks detected.\n\n";
+    }
+    return {
+        content: [{ type: "text", text: output }],
+    };
+});
+// Tool 2: analyze_liquibase
+server.tool("analyze_liquibase", "Analyze a Liquibase XML changelog for lock risks, data loss potential, and unsafe patterns.", {
+    xml: z.string().describe("The Liquibase XML changelog content"),
+}, async ({ xml }) => {
+    const migration = parseLiquibaseXml(xml);
+    const lockRisks = analyzeLockRisks(migration);
+    const dataLossIssues = analyzeDataLoss(migration);
+    const riskScore = calculateRiskScore(lockRisks);
+    let output = `## Liquibase Changelog Analysis\n\n`;
+    output += `**ChangeSets**: ${migration.description}\n`;
+    output += `**Statements**: ${migration.statements.length}\n`;
+    output += `**Risk Score**: ${riskScore}/100${riskScore >= 60 ? " HIGH RISK" : riskScore >= 30 ? " MODERATE RISK" : " LOW RISK"}\n\n`;
+    const typeCounts = {};
+    for (const stmt of migration.statements) {
+        typeCounts[stmt.type] = (typeCounts[stmt.type] || 0) + 1;
+    }
+    output += "### Operations\n\n| Operation | Count |\n|-----------|-------|\n";
+    for (const [type, count] of Object.entries(typeCounts)) {
+        output += `| ${type} | ${count} |\n`;
+    }
+    output += "\n";
+    if (lockRisks.length > 0) {
+        output += "### Lock Risks\n\n";
+        for (const risk of lockRisks) {
+            output += `**${risk.severity}**: ${risk.risk}\n> **Recommendation**: ${risk.recommendation}\n\n`;
+        }
+    }
+    if (dataLossIssues.length > 0) {
+        output += "### Data Loss Analysis\n\n";
+        for (const issue of dataLossIssues) {
+            output += `**${issue.risk}**: ${issue.description}\n> **Mitigation**: ${issue.mitigation}\n\n`;
+        }
+    }
+    if (lockRisks.length === 0 && dataLossIssues.length === 0) {
+        output += "### No risks detected.\n";
+    }
+    return { content: [{ type: "text", text: output }] };
+});
+// Tool 3: analyze_liquibase_yaml
+server.tool("analyze_liquibase_yaml", "Analyze a Liquibase YAML changelog for lock risks, data loss potential, and unsafe patterns. Supports createTable, dropTable, addColumn, dropColumn, modifyDataType, createIndex, renameTable, renameColumn, and more.", {
+    yaml: z.string().describe("The Liquibase YAML changelog content"),
+}, async ({ yaml }) => {
+    const migration = parseLiquibaseYaml(yaml);
+    const lockRisks = analyzeLockRisks(migration);
+    const dataLossIssues = analyzeDataLoss(migration);
+    const riskScore = calculateRiskScore(lockRisks);
+    let output = `## Liquibase YAML Changelog Analysis\n\n`;
+    output += `**ChangeSets**: ${migration.description}\n`;
+    output += `**Statements**: ${migration.statements.length}\n`;
+    output += `**Risk Score**: ${riskScore}/100${riskScore >= 60 ? " HIGH RISK" : riskScore >= 30 ? " MODERATE RISK" : " LOW RISK"}\n\n`;
+    const typeCounts = {};
+    for (const stmt of migration.statements) {
+        typeCounts[stmt.type] = (typeCounts[stmt.type] || 0) + 1;
+    }
+    output += "### Operations\n\n| Operation | Count |\n|-----------|-------|\n";
+    for (const [type, count] of Object.entries(typeCounts)) {
+        output += `| ${type} | ${count} |\n`;
+    }
+    output += "\n";
+    if (lockRisks.length > 0) {
+        output += "### Lock Risks\n\n";
+        for (const risk of lockRisks) {
+            output += `**${risk.severity}**: ${risk.risk}\n> **Recommendation**: ${risk.recommendation}\n\n`;
+        }
+    }
+    if (dataLossIssues.length > 0) {
+        output += "### Data Loss Analysis\n\n";
+        for (const issue of dataLossIssues) {
+            output += `**${issue.risk}**: ${issue.description}\n> **Mitigation**: ${issue.mitigation}\n\n`;
+        }
+    }
+    if (lockRisks.length === 0 && dataLossIssues.length === 0) {
+        output += "### No risks detected.\n";
+    }
+    return { content: [{ type: "text", text: output }] };
+});
+// Tool 4: score_risk
+server.tool("score_risk", "Calculate the overall risk score (0-100) for a SQL migration. Higher scores indicate more dangerous migrations.", {
+    filename: z.string().describe("Migration filename"),
+    sql: z.string().describe("The SQL content of the migration file"),
+}, async ({ filename, sql }) => {
+    const migration = parseMigration(filename, sql);
+    const lockRisks = analyzeLockRisks(migration);
+    const dataLossIssues = analyzeDataLoss(migration);
+    const riskScore = calculateRiskScore(lockRisks);
+    const criticalCount = lockRisks.filter(r => r.severity === "CRITICAL").length;
+    const highCount = lockRisks.filter(r => r.severity === "HIGH").length;
+    const dataLossCertain = dataLossIssues.filter(i => i.risk === "CERTAIN").length;
+    const dataLossLikely = dataLossIssues.filter(i => i.risk === "LIKELY").length;
+    let verdict;
+    if (riskScore >= 60 || dataLossCertain > 0) {
+        verdict = "HIGH RISK — requires careful review and testing before deployment";
+    }
+    else if (riskScore >= 30 || dataLossLikely > 0) {
+        verdict = "MODERATE RISK — review lock duration and test on staging";
+    }
+    else {
+        verdict = "LOW RISK — standard migration, proceed with normal deployment";
+    }
+    const output = `## Risk Score: ${riskScore}/100
+
+**Verdict**: ${verdict}
+
+### Breakdown
+
+| Category | Count |
+|----------|-------|
+| CRITICAL lock risks | ${criticalCount} |
+| HIGH lock risks | ${highCount} |
+| Certain data loss | ${dataLossCertain} |
+| Likely data loss | ${dataLossLikely} |
+| Total statements | ${migration.statements.length} |
+`;
+    return {
+        content: [{ type: "text", text: output }],
+    };
+});
+// Tool 4: generate_rollback
+server.tool("generate_rollback", "Generate reverse DDL to undo a SQL migration. Produces rollback SQL with warnings for irreversible operations (DROP TABLE, DROP COLUMN, type changes). Includes Flyway schema_history cleanup.", {
+    filename: z.string().describe("Migration filename (e.g., V2__add_user_email.sql)"),
+    sql: z.string().describe("The SQL content of the migration file"),
+}, async ({ filename, sql }) => {
+    // Pro feature gate — free users get a preview, Pro users get full output
+    if (!license.isPro) {
+        const migration = parseMigration(filename, sql);
+        const report = generateRollback(migration);
+        // Show a preview: statement count and reversibility, but not the actual SQL
+        let preview = `## Rollback Preview: ${filename}\n\n`;
+        preview += `**Reversible**: ${report.fullyReversible ? "Yes" : "Partially"}\n`;
+        preview += `**Statements**: ${report.statements.length}\n`;
+        preview += `**Warnings**: ${report.warnings.length}\n\n`;
+        preview += formatUpgradePrompt("generate_rollback", "Full rollback SQL generation with:\n" +
+            "- Complete reverse DDL for all migration operations\n" +
+            "- Flyway schema_history cleanup statements\n" +
+            "- Irreversibility warnings with manual intervention guidance");
+        return { content: [{ type: "text", text: preview }] };
+    }
+    const migration = parseMigration(filename, sql);
+    const report = generateRollback(migration);
+    let output = `## Rollback Script: ${filename}\n\n`;
+    output += `**Reversible**: ${report.fullyReversible ? "Yes — all operations can be automatically reversed" : "Partially — some operations require manual intervention"}\n`;
+    output += `**Statements**: ${report.statements.length}\n\n`;
+    if (report.warnings.length > 0) {
+        output += "### Warnings\n\n";
+        for (const w of report.warnings) {
+            output += `- ${w}\n`;
+        }
+        output += "\n";
+    }
+    output += "### Rollback SQL\n\n```sql\n";
+    output += report.rollbackSql;
+    output += "\n```\n";
+    return { content: [{ type: "text", text: output }] };
+});
+// Tool 5: detect_conflicts
+server.tool("detect_conflicts", "Detect conflicts between two SQL migration files. Identifies same-table modifications, same-column changes, lock contention risks, and drop dependencies that could cause failures if applied concurrently or in the wrong order.", {
+    filename_a: z.string().describe("First migration filename (e.g., V3__add_email.sql)"),
+    sql_a: z.string().describe("SQL content of the first migration"),
+    filename_b: z.string().describe("Second migration filename (e.g., V4__modify_users.sql)"),
+    sql_b: z.string().describe("SQL content of the second migration"),
+}, async ({ filename_a, sql_a, filename_b, sql_b }) => {
+    try {
+        const migA = parseMigration(filename_a, sql_a);
+        const migB = parseMigration(filename_b, sql_b);
+        const report = detectConflicts(migA, migB);
+        return { content: [{ type: "text", text: formatConflictReport(report) }] };
+    }
+    catch (err) {
+        return {
+            content: [{
+                    type: "text",
+                    text: `Error detecting conflicts: ${err instanceof Error ? err.message : String(err)}`,
+                }],
+        };
+    }
+});
+async function main() {
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+main().catch((err) => {
+    console.error("Fatal error:", err);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/build/license.js

@@ -0,0 +1,115 @@
+/**
+ * License validation for MCP Migration Advisor (Pro features).
+ *
+ * Validates license keys offline using HMAC-SHA256.
+ * Missing or invalid keys gracefully degrade to free mode — never errors.
+ *
+ * Key format: MCPJBS-XXXXX-XXXXX-XXXXX-XXXXX
+ * Payload (12 bytes = 20 base32 chars):
+ *   [0]     product mask (8 bits)
+ *   [1-2]   expiry days since 2026-01-01 (16 bits)
+ *   [3-5]   customer ID (24 bits)
+ *   [6-11]  HMAC-SHA256 truncated (48 bits)
+ */
+import { createHmac } from "node:crypto";
+const KEY_PREFIX = "MCPJBS-";
+const EPOCH = new Date("2026-01-01T00:00:00Z");
+const BASE32_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+const HMAC_SECRET = "mcp-java-backend-suite-license-v1";
+const PRODUCTS = {
+    "db-analyzer": 0,
+    "jvm-diagnostics": 1,
+    "migration-advisor": 2,
+    "spring-boot-actuator": 3,
+    "redis-diagnostics": 4,
+};
+export function validateLicense(key, product) {
+    const FREE = {
+        isPro: false,
+        expiresAt: null,
+        customerId: null,
+        reason: "No license key provided",
+    };
+    if (!key || key.trim().length === 0)
+        return FREE;
+    const trimmed = key.trim().toUpperCase();
+    if (!trimmed.startsWith(KEY_PREFIX)) {
+        return { ...FREE, reason: "Invalid key format: missing MCPJBS- prefix" };
+    }
+    const body = trimmed.slice(KEY_PREFIX.length).replace(/-/g, "");
+    if (body.length < 20) {
+        return { ...FREE, reason: "Invalid key format: too short" };
+    }
+    let decoded;
+    try {
+        decoded = base32Decode(body.slice(0, 20));
+    }
+    catch {
+        return { ...FREE, reason: "Invalid key format: bad base32 encoding" };
+    }
+    if (decoded.length < 12) {
+        return { ...FREE, reason: "Invalid key format: decoded data too short" };
+    }
+    const payload = decoded.subarray(0, 6);
+    const providedSignature = decoded.subarray(6, 12);
+    const expectedHmac = createHmac("sha256", HMAC_SECRET)
+        .update(payload)
+        .digest();
+    const expectedSignature = expectedHmac.subarray(0, 6);
+    if (!providedSignature.equals(expectedSignature)) {
+        return { ...FREE, reason: "Invalid license key: signature mismatch" };
+    }
+    const productMask = payload[0];
+    const daysSinceEpoch = (payload[1] << 8) | payload[2];
+    const customerId = (payload[3] << 16) | (payload[4] << 8) | payload[5];
+    const productBit = PRODUCTS[product];
+    if (productBit === undefined) {
+        return { ...FREE, reason: `Unknown product: ${product}` };
+    }
+    if ((productMask & (1 << productBit)) === 0) {
+        return { ...FREE, customerId, reason: `License does not include ${product}` };
+    }
+    const expiresAt = new Date(EPOCH.getTime() + daysSinceEpoch * 24 * 60 * 60 * 1000);
+    if (new Date() > expiresAt) {
+        return {
+            isPro: false,
+            expiresAt,
+            customerId,
+            reason: `License expired on ${expiresAt.toISOString().slice(0, 10)}`,
+        };
+    }
+    return { isPro: true, expiresAt, customerId, reason: "Valid Pro license" };
+}
+export function formatUpgradePrompt(toolName, featureDescription) {
+    return [
+        `## ${toolName} (Pro Feature)`,
+        "",
+        "This analysis is available with MCP Java Backend Suite Pro.",
+        "",
+        `**What you'll get:**`,
+        featureDescription,
+        "",
+        "**Upgrade**: https://mcpjbs.dev/pricing",
+        "**Price**: $19/month or $190/year",
+        "",
+        "> Already have a key? Set `MCP_LICENSE_KEY` in your Claude Desktop config.",
+    ].join("\n");
+}
+function base32Decode(encoded) {
+    const bytes = [];
+    let bits = 0;
+    let value = 0;
+    for (const char of encoded) {
+        const idx = BASE32_CHARS.indexOf(char);
+        if (idx === -1)
+            throw new Error(`Invalid base32 character: ${char}`);
+        value = (value << 5) | idx;
+        bits += 5;
+        if (bits >= 8) {
+            bits -= 8;
+            bytes.push((value >> bits) & 0xff);
+        }
+    }
+    return Buffer.from(bytes);
+}
+//# sourceMappingURL=license.js.map