mcp-spring-boot-actuator 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dmytro Lisnichenko
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,206 @@
+[![npm version](https://img.shields.io/npm/v/mcp-spring-boot-actuator)](https://www.npmjs.com/package/mcp-spring-boot-actuator)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+
+# MCP Spring Boot Actuator
+
+An MCP server that analyzes Spring Boot Actuator endpoints — health, metrics, environment, beans, startup, and caches. Detects issues, security risks, and provides actionable recommendations.
+
+## Why This Tool?
+
+There is **no other MCP server** that analyzes Spring Boot Actuator endpoints. This is the only tool that lets your AI assistant understand your Spring Boot application's health, performance, configuration, and startup behavior through actuator data.
+
+7 analytical tools turn raw actuator JSON into actionable diagnostics — health checks, JVM metrics analysis, security risk detection in environment/beans, startup bottleneck identification, and cache efficiency analysis.
+
+## Tools (7)
+
+### `analyze_health`
+
+Parse and diagnose the `/health` endpoint response. Detects unhealthy components (database, Redis, Kafka, Elasticsearch, disk space) with component-specific recommendations.
+
+```
+curl http://localhost:8080/actuator/health | jq '.' > health.json
+```
+
+**Detects:**
+- DOWN/OUT_OF_SERVICE components
+- Low disk space warnings (< 15% free)
+- Nested component health (e.g., primary/secondary databases)
+- Restricted health endpoints (no `show-details`)
+
+### `analyze_metrics`
+
+Analyze JVM, HTTP, and database pool metrics from `/metrics` endpoints.
+
+```
+# Collect metrics into a single JSON object:
+{
+  "jvm.memory.used": 800000000,
+  "jvm.memory.max": 1000000000,
+  "jvm.threads.live": 150,
+  "jvm.gc.pause.count": 500,
+  "jvm.gc.pause.total": 8.5,
+  "http.server.requests.count": 10000,
+  "http.server.requests.error.count": 50,
+  "hikaricp.connections.active": 8,
+  "hikaricp.connections.max": 10
+}
+```
+
+**Detects:**
+- Heap utilization >= 90% (CRITICAL) or > 75% (WARNING)
+- High thread count (> 500)
+- Long GC pauses (avg > 200ms)
+- HTTP error rate > 10% (CRITICAL) or > 1% (WARNING)
+- Connection pool exhaustion >= 90% (CRITICAL)
+- Pending connection requests
+
+Supports both flat metric values and Spring Boot measurement format (`{ measurements: [{ statistic: "VALUE", value: N }] }`).
+
+### `analyze_env`
+
+Analyze the `/env` endpoint for security risks and misconfigurations.
+
+```
+curl http://localhost:8080/actuator/env | jq '.' > env.json
+```
+
+**Detects:**
+- Exposed secrets (passwords, API keys, tokens not masked with `******`)
+- Risky production configs: `ddl-auto: create-drop`, H2 console enabled, `show-sql: true`
+- DevTools enabled in production
+- All actuator endpoints exposed (`management.endpoints.web.exposure.include=*`)
+- Missing Spring profiles (no active profiles set)
+
+### `analyze_beans`
+
+Analyze the `/beans` endpoint for architectural issues.
+
+```
+curl http://localhost:8080/actuator/beans | jq '.' > beans.json
+```
+
+**Detects:**
+- Circular dependencies (A → B → A)
+- Singleton beans depending on prototype-scoped beans (scope mismatch)
+- Beans with > 10 dependencies (God objects)
+- Large bean counts (> 500)
+- Multiple application contexts
+
+### `analyze_startup`
+
+Analyze the `/startup` actuator endpoint (Spring Boot 3.2+). Parses the startup timeline to detect slow bean initialization and heavy auto-configurations.
+
+```
+curl -X POST http://localhost:8080/actuator/startup | jq '.' > startup.json
+```
+
+**Parameters:**
+- `json` — The `/startup` endpoint JSON response
+
+**Detects:**
+- Slow startup (> 30s CRITICAL, > 15s WARNING)
+- Heavy auto-configurations consuming > 30% of startup time
+- Slow bean initialization (> 2s per bean)
+- Top slowest steps ranked by duration
+
+### `analyze_caches`
+
+Analyze the `/caches` actuator endpoint. Lists registered caches and detects configuration issues.
+
+```
+curl http://localhost:8080/actuator/caches | jq '.' > caches.json
+```
+
+**Parameters:**
+- `json` — The `/caches` endpoint JSON response
+
+**Detects:**
+- Unbounded `ConcurrentMapCache` usage (no eviction, will grow indefinitely)
+- Too many caches (> 20, memory overhead)
+- Missing cache managers (no Spring Cache configured)
+- Empty cache registrations
+
+### `analyze_loggers`
+
+Analyze the `/loggers` actuator endpoint. Detects verbose logging configurations that impact performance and security in production.
+
+```
+curl http://localhost:8080/actuator/loggers | jq '.' > loggers.json
+```
+
+**Parameters:**
+- `json` — The `/loggers` endpoint JSON response
+
+**Detects:**
+- ROOT logger set to DEBUG/TRACE (floods logs, degrades performance)
+- Explicitly configured DEBUG/TRACE loggers (likely leftover from debugging)
+- Verbose framework logging (Spring, Hibernate, HikariCP, Micrometer, Apache)
+- Inconsistent log levels across related packages
+- More than 5 verbose loggers (signs of leftover debug configuration)
+
+## Installation
+
+```bash
+npm install -g mcp-spring-boot-actuator
+```
+
+Or use directly with npx:
+
+```bash
+npx mcp-spring-boot-actuator
+```
+
+## Configuration
+
+### Claude Desktop
+
+Add to your Claude Desktop config (`~/.claude/claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "spring-boot-actuator": {
+      "command": "npx",
+      "args": ["-y", "mcp-spring-boot-actuator"]
+    }
+  }
+}
+```
+
+### Quick Demo
+
+Once configured, try these prompts in Claude:
+
+1. **"Check the health of my Spring Boot app: [paste /actuator/health JSON]"** — Detects DOWN components, low disk space, and provides component-specific recommendations
+2. **"Are there any security risks in my config? [paste /actuator/env JSON]"** — Finds exposed secrets, risky settings like `ddl-auto: create-drop`, and over-exposed endpoints
+3. **"How is my app performing? [paste JVM/HTTP metrics]"** — Analyzes heap usage, GC pressure, HTTP error rates, and connection pool utilization
+- "Why is my app starting so slowly?" (paste `/actuator/startup` JSON)
+- "Are my caches configured properly?" (paste `/actuator/caches` JSON)
+
+## Requirements
+
+- Node.js 18+
+- Spring Boot application with Actuator endpoints enabled
+
+## Part of the MCP Java Backend Suite
+
+This server works alongside:
+- [mcp-db-analyzer](https://www.npmjs.com/package/mcp-db-analyzer) — Database performance analysis
+- [mcp-jvm-diagnostics](https://www.npmjs.com/package/mcp-jvm-diagnostics) — Thread dump and GC log analysis
+- [mcp-migration-advisor](https://www.npmjs.com/package/mcp-migration-advisor) — Schema migration risk analysis
+
+## Limitations & Known Issues
+
+- **Actuator endpoints must be exposed**: Spring Boot secures actuator endpoints by default. You must explicitly expose endpoints via `management.endpoints.web.exposure.include`.
+- **Startup analysis**: Requires Spring Boot 3.2+ with `management.endpoint.startup.enabled=true`. Older versions don't provide startup timing data.
+- **Single instance**: Analyzes one application instance at a time. For clustered applications, point to each instance separately.
+- **Metric accumulation**: Some metrics (HTTP request counts, error rates) require traffic to accumulate data. A freshly started app may show zeros.
+- **Environment masking**: Spring Boot masks sensitive properties by default. The `analyze_env` tool sees masked values (e.g., `******`) and cannot detect actual credential exposure in masked properties.
+- **Custom health indicators**: The tool recognizes standard health indicator patterns. Custom health indicators with non-standard status values may not trigger specific recommendations.
+- **Cache analysis**: Supports ConcurrentMapCache, Caffeine, Redis, and EhCache. Other cache providers may show limited analysis.
+- **Non-JSON responses**: Handles HTML error pages (401, 403, 500) gracefully with "Invalid JSON" warnings, but cannot extract useful data from them.
+- **Circular dependency depth**: Detects A→B→A cycles but may miss longer chains (A→B→C→A) in complex applications.
+
+## License
+
+MIT

package/build/analyzers/beans.js

@@ -0,0 +1,179 @@
+/**
+ * Spring Boot Actuator beans analyzer.
+ *
+ * Analyzes /beans endpoint data to detect:
+ * - Circular dependencies
+ * - Scope mismatches (singleton depending on prototype)
+ * - Bean count per context
+ */
+/**
+ * Parse and analyze the /beans endpoint response.
+ */
+export function analyzeBeans(json) {
+    let data;
+    try {
+        data = JSON.parse(json);
+    }
+    catch {
+        return {
+            totalBeans: 0,
+            contexts: [],
+            beans: [],
+            issues: [{ severity: "CRITICAL", message: "Invalid JSON in beans response", beans: [] }],
+            recommendations: [],
+        };
+    }
+    const beans = [];
+    const contexts = [];
+    const issues = [];
+    const recommendations = [];
+    // Spring Boot format: { contexts: { "application": { beans: { ... } } } }
+    const ctxs = data.contexts;
+    if (ctxs && typeof ctxs === "object") {
+        for (const [ctxName, ctxData] of Object.entries(ctxs)) {
+            contexts.push(ctxName);
+            const ctxBeans = ctxData.beans;
+            if (ctxBeans) {
+                extractBeans(ctxBeans, beans);
+            }
+        }
+    }
+    // Flat format: { beans: { ... } } or just bean map directly
+    const flatBeans = data.beans;
+    if (flatBeans && typeof flatBeans === "object") {
+        extractBeans(flatBeans, beans);
+    }
+    // If we still have no beans, try treating the whole object as a bean map
+    if (beans.length === 0 && !ctxs && !flatBeans) {
+        for (const [name, val] of Object.entries(data)) {
+            if (val && typeof val === "object" && "scope" in val) {
+                const beanData = val;
+                beans.push({
+                    name,
+                    scope: beanData.scope ?? "singleton",
+                    type: beanData.type ?? "unknown",
+                    dependencies: beanData.dependencies ?? [],
+                    resource: beanData.resource ?? null,
+                });
+            }
+        }
+    }
+    // Analyze
+    detectCircularDependencies(beans, issues);
+    detectScopeMismatches(beans, issues, recommendations);
+    analyzeBeanCount(beans, issues, recommendations);
+    return {
+        totalBeans: beans.length,
+        contexts,
+        beans,
+        issues,
+        recommendations,
+    };
+}
+function extractBeans(beanMap, beans) {
+    for (const [name, beanData] of Object.entries(beanMap)) {
+        beans.push({
+            name,
+            scope: beanData.scope ?? "singleton",
+            type: beanData.type ?? "unknown",
+            dependencies: beanData.dependencies ?? [],
+            resource: beanData.resource ?? null,
+        });
+    }
+}
+/**
+ * Detect circular dependencies by building a dependency graph and finding cycles.
+ */
+function detectCircularDependencies(beans, issues) {
+    const beanNames = new Set(beans.map(b => b.name));
+    const adjList = new Map();
+    for (const bean of beans) {
+        const validDeps = bean.dependencies.filter(d => beanNames.has(d));
+        adjList.set(bean.name, validDeps);
+    }
+    const visited = new Set();
+    const inStack = new Set();
+    const cycles = [];
+    function dfs(node, path) {
+        if (inStack.has(node)) {
+            // Found a cycle
+            const cycleStart = path.indexOf(node);
+            if (cycleStart >= 0) {
+                cycles.push(path.slice(cycleStart));
+            }
+            return;
+        }
+        if (visited.has(node))
+            return;
+        visited.add(node);
+        inStack.add(node);
+        path.push(node);
+        const deps = adjList.get(node) || [];
+        for (const dep of deps) {
+            dfs(dep, [...path]);
+        }
+        inStack.delete(node);
+    }
+    for (const bean of beans) {
+        if (!visited.has(bean.name)) {
+            dfs(bean.name, []);
+        }
+    }
+    // Deduplicate cycles
+    const seen = new Set();
+    for (const cycle of cycles) {
+        const key = [...cycle].sort().join(",");
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        issues.push({
+            severity: "WARNING",
+            message: `Circular dependency detected: ${cycle.join(" → ")} → ${cycle[0]}`,
+            beans: cycle,
+        });
+    }
+}
+/**
+ * Detect scope mismatches: singleton beans depending on prototype beans.
+ */
+function detectScopeMismatches(beans, issues, recommendations) {
+    const beansByName = new Map(beans.map(b => [b.name, b]));
+    for (const bean of beans) {
+        if (bean.scope !== "singleton")
+            continue;
+        for (const dep of bean.dependencies) {
+            const depBean = beansByName.get(dep);
+            if (depBean && depBean.scope === "prototype") {
+                issues.push({
+                    severity: "WARNING",
+                    message: `Singleton '${bean.name}' depends on prototype '${dep}'. The prototype will only be injected once — it won't create new instances per use.`,
+                    beans: [bean.name, dep],
+                });
+                recommendations.push(`Inject ObjectFactory<${depBean.type}> or ObjectProvider<${depBean.type}> instead of direct injection for prototype bean '${dep}'.`);
+            }
+        }
+    }
+}
+/**
+ * Analyze overall bean count and flag potential issues.
+ */
+function analyzeBeanCount(beans, issues, recommendations) {
+    if (beans.length > 500) {
+        issues.push({
+            severity: "INFO",
+            message: `Application has ${beans.length} beans. Large bean count may affect startup time.`,
+            beans: [],
+        });
+        recommendations.push("Consider using @Lazy annotation on beans that aren't needed at startup, or use spring.main.lazy-initialization=true for development.");
+    }
+    // Find beans with many dependencies (potential god objects)
+    const highDep = beans.filter(b => b.dependencies.length > 10);
+    if (highDep.length > 0) {
+        issues.push({
+            severity: "INFO",
+            message: `${highDep.length} bean(s) have >10 dependencies: ${highDep.map(b => `${b.name} (${b.dependencies.length})`).join(", ")}. These may be doing too much.`,
+            beans: highDep.map(b => b.name),
+        });
+    }
+}
+//# sourceMappingURL=beans.js.map

package/build/analyzers/caches.js

@@ -0,0 +1,84 @@
+/**
+ * Spring Boot cache analyzer.
+ *
+ * Parses the /caches actuator endpoint.
+ * Detects:
+ * - Caches with zero hits (dead configuration)
+ * - Low hit ratios (ineffective caching)
+ * - Missing cache metrics
+ */
+export function analyzeCaches(json) {
+    const issues = [];
+    const recommendations = [];
+    const caches = [];
+    let data;
+    try {
+        data = JSON.parse(json);
+    }
+    catch {
+        issues.push({
+            severity: "CRITICAL",
+            message: "Invalid JSON — could not parse caches endpoint response.",
+            cache: "",
+        });
+        return { caches, issues, recommendations };
+    }
+    const cacheManagers = data?.cacheManagers;
+    if (!cacheManagers || Object.keys(cacheManagers).length === 0) {
+        issues.push({
+            severity: "INFO",
+            message: "No cache managers found. Application may not be using Spring Cache.",
+            cache: "",
+        });
+        return { caches, issues, recommendations };
+    }
+    for (const [managerName, manager] of Object.entries(cacheManagers)) {
+        const managerCaches = manager.caches;
+        if (!managerCaches)
+            continue;
+        for (const [cacheName, cacheData] of Object.entries(managerCaches)) {
+            const target = cacheData.target || "unknown";
+            caches.push({
+                name: cacheName,
+                cacheManager: managerName,
+                target,
+            });
+        }
+    }
+    if (caches.length === 0) {
+        issues.push({
+            severity: "INFO",
+            message: "No caches registered. Consider adding @Cacheable to frequently accessed data.",
+            cache: "",
+        });
+        recommendations.push("Add @Cacheable annotations to methods that read static or slowly-changing data.");
+        return { caches, issues, recommendations };
+    }
+    // Analyze cache metrics if present (from /metrics endpoint data embedded)
+    // The /caches endpoint itself just lists caches; real metrics need /metrics/cache.gets etc.
+    // We analyze what we can from the structure.
+    // Check for many caches (may indicate over-caching)
+    if (caches.length > 20) {
+        issues.push({
+            severity: "WARNING",
+            message: `${caches.length} caches registered — consider consolidating to reduce memory overhead.`,
+            cache: "",
+        });
+        recommendations.push("Review cache configurations. Each cache consumes memory. Consolidate similar caches.");
+    }
+    // Check for caches using simple (unbounded) provider
+    for (const cache of caches) {
+        if (cache.target.includes("ConcurrentMapCache") || cache.target.includes("simple")) {
+            issues.push({
+                severity: "WARNING",
+                message: `Cache "${cache.name}" uses unbounded ConcurrentMapCache — no eviction policy, will grow indefinitely.`,
+                cache: cache.name,
+            });
+        }
+    }
+    if (issues.filter(i => i.severity !== "INFO").length === 0) {
+        recommendations.push(`${caches.length} cache(s) configured. For deeper analysis, check /metrics/cache.gets and /metrics/cache.puts for hit/miss ratios.`);
+    }
+    return { caches, issues, recommendations };
+}
+//# sourceMappingURL=caches.js.map

package/build/analyzers/env-risk.js

@@ -0,0 +1,165 @@
+/**
+ * Spring Boot Actuator environment risk analyzer.
+ *
+ * Analyzes /env endpoint data to detect:
+ * - Exposed secrets and credentials
+ * - Risky configurations
+ * - Missing production-critical settings
+ */
+// Patterns that indicate credentials or secrets
+const SECRET_PATTERNS = [
+    /password/i, /secret/i, /api[._-]?key/i, /token/i,
+    /credential/i, /private[._-]?key/i, /access[._-]?key/i,
+    /auth/i, /jwt/i,
+];
+// Properties that should differ between dev and production
+const PRODUCTION_CHECKS = [
+    {
+        property: "spring.jpa.hibernate.ddl-auto",
+        badValues: ["create", "create-drop", "update"],
+        message: "Hibernate ddl-auto is set to a destructive mode. In production, use 'validate' or 'none'.",
+    },
+    {
+        property: "spring.jpa.show-sql",
+        badValues: ["true"],
+        message: "SQL logging is enabled. This hurts performance and may expose sensitive data in production.",
+    },
+    {
+        property: "spring.h2.console.enabled",
+        badValues: ["true"],
+        message: "H2 console is enabled. This is a security risk in production — disable it.",
+    },
+    {
+        property: "debug",
+        badValues: ["true"],
+        message: "Debug mode is enabled. This exposes verbose logging and may leak sensitive information.",
+    },
+    {
+        property: "management.endpoints.web.exposure.include",
+        badValues: ["*"],
+        message: "All actuator endpoints are exposed. In production, expose only health and metrics.",
+    },
+    {
+        property: "server.error.include-stacktrace",
+        badValues: ["always", "on_param"],
+        message: "Stack traces are included in error responses. This leaks internal details to clients.",
+    },
+    {
+        property: "spring.devtools.restart.enabled",
+        badValues: ["true"],
+        message: "DevTools restart is enabled. This should not be active in production.",
+    },
+];
+/**
+ * Analyze the /env endpoint response for security and configuration risks.
+ */
+export function analyzeEnv(json) {
+    let data;
+    try {
+        data = JSON.parse(json);
+    }
+    catch {
+        return {
+            activeProfiles: [],
+            propertySources: [],
+            risks: [{ severity: "CRITICAL", property: "parser", message: "Invalid JSON in env response", recommendation: "Check the /env endpoint format." }],
+            recommendations: [],
+        };
+    }
+    const activeProfiles = data.activeProfiles ?? [];
+    const propertySources = [];
+    const risks = [];
+    const recommendations = [];
+    // Extract property sources
+    const sources = data.propertySources;
+    if (Array.isArray(sources)) {
+        for (const source of sources) {
+            const name = source.name;
+            if (name)
+                propertySources.push(name);
+            const properties = source.properties;
+            if (properties && typeof properties === "object") {
+                analyzeProperties(properties, risks);
+            }
+        }
+    }
+    // Flat properties format (simpler JSON structure)
+    if (!sources && typeof data === "object") {
+        const flatProps = {};
+        for (const [key, val] of Object.entries(data)) {
+            if (key !== "activeProfiles" && key !== "propertySources") {
+                flatProps[key] = { value: val };
+            }
+        }
+        if (Object.keys(flatProps).length > 0) {
+            analyzeProperties(flatProps, risks);
+        }
+    }
+    // Profile-based recommendations
+    if (activeProfiles.length === 0) {
+        risks.push({
+            severity: "WARNING",
+            property: "spring.profiles.active",
+            message: "No active profiles set. The application is running with default configuration.",
+            recommendation: "Set spring.profiles.active to 'production' or 'prod' for production deployments.",
+        });
+    }
+    const hasProductionProfile = activeProfiles.some(p => ["production", "prod", "live"].includes(p.toLowerCase()));
+    if (!hasProductionProfile && activeProfiles.length > 0) {
+        risks.push({
+            severity: "INFO",
+            property: "spring.profiles.active",
+            message: `Active profiles: [${activeProfiles.join(", ")}]. No production profile detected.`,
+            recommendation: "Verify this is not a production environment. If it is, add a 'production' profile.",
+        });
+    }
+    // General recommendations
+    if (risks.filter(r => r.severity === "CRITICAL").length > 0) {
+        recommendations.push("Address all CRITICAL issues before deploying to production.");
+    }
+    if (propertySources.some(s => s.includes("application-dev") || s.includes("application-local"))) {
+        recommendations.push("Development property sources detected. Ensure production deployments use production-specific configuration.");
+    }
+    return { activeProfiles, propertySources, risks, recommendations };
+}
+function analyzeProperties(properties, risks) {
+    for (const [propName, propData] of Object.entries(properties)) {
+        const value = String(propData.value ?? "");
+        // Check for exposed secrets
+        checkForSecrets(propName, value, risks);
+        // Check for risky production configurations
+        checkProductionRisks(propName, value, risks);
+    }
+}
+function checkForSecrets(propName, value, risks) {
+    // Skip if value is already masked (Spring Boot masks sensitive values with *****)
+    if (value.includes("******") || value === "******")
+        return;
+    const isSecretProperty = SECRET_PATTERNS.some(pattern => pattern.test(propName));
+    if (!isSecretProperty)
+        return;
+    // Check if the value looks like a real secret (not a placeholder or empty)
+    if (value.length > 5 && value !== "null" && value !== "undefined" && !value.startsWith("${")) {
+        risks.push({
+            severity: "CRITICAL",
+            property: propName,
+            message: `Property '${propName}' appears to contain an unmasked secret value.`,
+            recommendation: `Configure management.endpoint.env.keys-to-sanitize to mask '${propName}', or use a vault/secrets manager.`,
+        });
+    }
+}
+function checkProductionRisks(propName, value, risks) {
+    for (const check of PRODUCTION_CHECKS) {
+        if (propName === check.property || propName.endsWith("." + check.property)) {
+            if (check.badValues.includes(value.toLowerCase())) {
+                risks.push({
+                    severity: "WARNING",
+                    property: propName,
+                    message: check.message,
+                    recommendation: `Change '${propName}' for production environments.`,
+                });
+            }
+        }
+    }
+}
+//# sourceMappingURL=env-risk.js.map