mcp-stdio-guard 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 mcp-stdio-guard contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,169 @@
+<p align="center">
+  <img src="assets/logo.svg" alt="mcp-stdio-guard logo" width="120" />
+</p>
+
+<h1 align="center">mcp-stdio-guard</h1>
+
+<p align="center">
+  Catch stdout pollution and handshake failures in MCP stdio servers before clients do.
+</p>
+
+<p align="center">
+  <a href="https://github.com/1Utkarsh1/mcp-stdio-guard/actions/workflows/ci.yml"><img alt="CI" src="https://github.com/1Utkarsh1/mcp-stdio-guard/actions/workflows/ci.yml/badge.svg" /></a>
+  <a href="https://www.npmjs.com/package/mcp-stdio-guard"><img alt="npm" src="https://img.shields.io/npm/v/mcp-stdio-guard?color=0b6bcb" /></a>
+  <img alt="runtime dependencies" src="https://img.shields.io/badge/runtime%20deps-0-1f8f4c" />
+  <img alt="node" src="https://img.shields.io/badge/node-%3E%3D18-2f855a" />
+  <a href="LICENSE"><img alt="license" src="https://img.shields.io/badge/license-MIT-111827" /></a>
+</p>
+
+<p align="center">
+  <img src="assets/hero.svg" alt="mcp-stdio-guard hero showing a clean MCP stdio pipeline" width="100%" />
+</p>
+
+MCP stdio servers use stdout as their protocol channel. Debug text, banners, progress logs, `console.log`, Python `print`, or any other stray stdout output can corrupt the stream and make clients fail in confusing ways.
+
+`mcp-stdio-guard` starts your server, performs a real MCP initialize handshake, optionally sends a real post-initialize MCP request such as `tools/list`, validates every stdout frame, and scans source for risky stdout calls.
+
+## Why This Exists
+
+The latest MCP docs say [stdio servers must send JSON-RPC messages on stdout](https://modelcontextprotocol.io/specification/2025-11-25/basic/transports), may log to stderr, and must complete the [`initialize` then `notifications/initialized` lifecycle](https://modelcontextprotocol.io/specification/2025-11-25/basic/lifecycle) before normal operation.
+
+That is easy to get wrong in real servers. This guard turns that fragile process boundary into a fast local check and a CI gate.
+
+<p align="center">
+  <img src="assets/protocol-flow.svg" alt="Protocol flow tested by mcp-stdio-guard" width="100%" />
+</p>
+
+## Install
+
+From npm:
+
+```bash
+npx mcp-stdio-guard -- node ./server.js
+```
+
+From this repo:
+
+```bash
+git clone https://github.com/1Utkarsh1/mcp-stdio-guard.git
+cd mcp-stdio-guard
+npm ci
+npm test
+```
+
+## Quickstart
+
+Run your MCP server behind the guard:
+
+```bash
+mcp-stdio-guard -- node ./server.js
+```
+
+Exercise a real MCP operation after initialization:
+
+```bash
+mcp-stdio-guard --request tools/list -- node ./server.js
+```
+
+Scan source for obvious stdout writes too:
+
+```bash
+mcp-stdio-guard --scan src --fail-on-static --request tools/list -- node ./server.js
+```
+
+JSON output for CI:
+
+```bash
+mcp-stdio-guard --json --request tools/list -- node ./server.js
+```
+
+## What It Catches
+
+<p align="center">
+  <img src="assets/terminal-demo.svg" alt="Passing and failing terminal output examples" width="100%" />
+</p>
+
+| Problem | Runtime check | Static scan |
+| --- | --- | --- |
+| `console.log("starting")` before server startup | Yes | Yes |
+| Python `print("debug")` in a stdio server | Yes | Yes |
+| Late stdout logs after `initialize` | Yes | Partial |
+| Invalid JSON-RPC frames | Yes | No |
+| Server crash after `notifications/initialized` | Yes | No |
+| Missing `initialize` or operation response | Yes | No |
+| stderr diagnostics | Allowed | Allowed |
+
+## Live MCP Coverage
+
+The test suite creates real servers with `@modelcontextprotocol/sdk@1.29.0` and verifies:
+
+| Scenario | Expected result |
+| --- | --- |
+| clean SDK stdio server through `initialize` and `tools/list` | Pass |
+| SDK server with startup stdout pollution | Fail |
+| SDK server with stderr diagnostics | Pass |
+| SDK server with late stdout pollution after connection | Fail |
+| hand-rolled server that ignores post-initialize requests | Fail |
+| server that crashes after initialized notification | Fail |
+
+## Commands
+
+```bash
+mcp-stdio-guard [options] -- <command> [args...]
+```
+
+| Option | Description |
+| --- | --- |
+| `--protocol <version>` | MCP protocol version to send, default `2025-11-25` |
+| `--timeout <ms>` | initialize and request timeout, default `5000` |
+| `--request <method>` | send one MCP request after initialization, for example `tools/list` |
+| `--params <json>` | JSON params for `--request` |
+| `--scan <path>` | scan source for risky stdout writes |
+| `--fail-on-static` | make static scan findings fail the command |
+| `--json` | print machine-readable output |
+| `--cwd <path>` | run the server command from a specific directory |
+| `--help` | show help |
+
+## CI
+
+```yaml
+- run: npm ci
+- run: npx mcp-stdio-guard --scan src --fail-on-static --request tools/list -- node ./server.js
+```
+
+## Output
+
+Passing server:
+
+```text
+PASS MCP stdio guard
+initialize: ok
+frames: 2 stdout / 0 invalid
+stderr: 0 lines
+protocol: 2025-11-25
+request: tools/list responded
+```
+
+Polluted stdout:
+
+```text
+FAIL MCP stdio guard
+initialize: ok
+frames: 2 stdout / 1 invalid
+stderr: 0 lines
+protocol: 2025-11-25
+request: tools/list responded
+[error] stdout-non-json: stdout line 1 is not JSON-RPC: "server starting..."
+```
+
+## Design
+
+- Runtime dependencies: zero.
+- Default behavior: validate the real process boundary.
+- Optional static scan: intentionally simple and conservative.
+- CI posture: fail on protocol corruption, crashes, and missing responses.
+- Promotion promise: no fake stars, no spam, just a tool that catches a real MCP failure mode.
+
+## License
+
+MIT

package/assets/hero.svg

@@ -0,0 +1,41 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="520" viewBox="0 0 1200 520" role="img" aria-labelledby="title desc">
+  <title id="title">mcp-stdio-guard hero</title>
+  <desc id="desc">A visual showing the guard protecting an MCP stdio JSON-RPC stream.</desc>
+  <defs>
+    <linearGradient id="bg" x1="0" y1="0" x2="1200" y2="520" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#F8FAFC"/>
+      <stop offset="1" stop-color="#E8F5EE"/>
+    </linearGradient>
+    <linearGradient id="pipe" x1="190" y1="272" x2="1010" y2="272" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#0B6BCB"/>
+      <stop offset="1" stop-color="#1F8F4C"/>
+    </linearGradient>
+    <filter id="soft" x="-10%" y="-10%" width="120%" height="120%">
+      <feDropShadow dx="0" dy="14" stdDeviation="20" flood-color="#0F172A" flood-opacity="0.14"/>
+    </filter>
+  </defs>
+  <rect width="1200" height="520" rx="36" fill="url(#bg)"/>
+  <rect x="64" y="56" width="1072" height="408" rx="28" fill="#FFFFFF" filter="url(#soft)"/>
+  <text x="104" y="132" fill="#0F172A" font-family="Inter, Arial, sans-serif" font-size="56" font-weight="800">Guard your MCP stdio stream</text>
+  <text x="106" y="178" fill="#475569" font-family="Inter, Arial, sans-serif" font-size="25" font-weight="500">Initialize, validate JSON-RPC, run a real request, and catch noisy stdout before users do.</text>
+  <rect x="114" y="248" width="210" height="94" rx="18" fill="#EFF6FF" stroke="#BFDBFE"/>
+  <text x="142" y="286" fill="#0B6BCB" font-family="Inter, Arial, sans-serif" font-size="22" font-weight="800">Your server</text>
+  <text x="142" y="318" fill="#334155" font-family="Inter, Arial, sans-serif" font-size="18">node ./server.js</text>
+  <path d="M340 295h170" stroke="url(#pipe)" stroke-width="12" stroke-linecap="round"/>
+  <path d="M490 276l30 19-30 19z" fill="#1F8F4C"/>
+  <rect x="522" y="226" width="250" height="138" rx="22" fill="#0F172A"/>
+  <text x="556" y="272" fill="#ECFDF5" font-family="Inter, Arial, sans-serif" font-size="24" font-weight="800">stdio guard</text>
+  <text x="556" y="308" fill="#93C5FD" font-family="Inter, Arial, sans-serif" font-size="18">stdout must be JSON-RPC</text>
+  <text x="556" y="336" fill="#86EFAC" font-family="Inter, Arial, sans-serif" font-size="18">stderr is safe for logs</text>
+  <path d="M788 295h170" stroke="url(#pipe)" stroke-width="12" stroke-linecap="round"/>
+  <path d="M938 276l30 19-30 19z" fill="#1F8F4C"/>
+  <rect x="982" y="248" width="104" height="94" rx="18" fill="#ECFDF5" stroke="#BBF7D0"/>
+  <text x="1012" y="286" fill="#166534" font-family="Inter, Arial, sans-serif" font-size="22" font-weight="800">PASS</text>
+  <text x="1005" y="318" fill="#334155" font-family="Inter, Arial, sans-serif" font-size="18">or fail fast</text>
+  <rect x="104" y="390" width="242" height="38" rx="19" fill="#DBEAFE"/>
+  <text x="128" y="416" fill="#1E3A8A" font-family="Inter, Arial, sans-serif" font-size="18" font-weight="700">real MCP SDK tested</text>
+  <rect x="362" y="390" width="204" height="38" rx="19" fill="#DCFCE7"/>
+  <text x="386" y="416" fill="#166534" font-family="Inter, Arial, sans-serif" font-size="18" font-weight="700">zero runtime deps</text>
+  <rect x="582" y="390" width="250" height="38" rx="19" fill="#FEF3C7"/>
+  <text x="606" y="416" fill="#92400E" font-family="Inter, Arial, sans-serif" font-size="18" font-weight="700">CI-ready failure modes</text>
+</svg>

package/assets/logo.svg

@@ -0,0 +1,22 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="256" height="256" viewBox="0 0 256 256" role="img" aria-labelledby="title desc">
+  <title id="title">mcp-stdio-guard logo</title>
+  <desc id="desc">A shield containing a terminal prompt and JSON braces.</desc>
+  <defs>
+    <linearGradient id="shield" x1="42" y1="28" x2="214" y2="226" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#0B6BCB"/>
+      <stop offset="1" stop-color="#1F8F4C"/>
+    </linearGradient>
+    <filter id="shadow" x="-20%" y="-20%" width="140%" height="140%">
+      <feDropShadow dx="0" dy="10" stdDeviation="12" flood-color="#0F172A" flood-opacity="0.24"/>
+    </filter>
+  </defs>
+  <rect width="256" height="256" rx="56" fill="#F8FAFC"/>
+  <path d="M128 28l78 30v60c0 50-30 86-78 110-48-24-78-60-78-110V58l78-30z" fill="url(#shield)" filter="url(#shadow)"/>
+  <rect x="70" y="82" width="116" height="82" rx="14" fill="#0F172A"/>
+  <circle cx="91" cy="104" r="5" fill="#EF4444"/>
+  <circle cx="108" cy="104" r="5" fill="#F59E0B"/>
+  <circle cx="125" cy="104" r="5" fill="#22C55E"/>
+  <path d="M91 131l18 13-18 13" fill="none" stroke="#93C5FD" stroke-width="8" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M127 157h38" fill="none" stroke="#ECFDF5" stroke-width="8" stroke-linecap="round"/>
+  <path d="M93 190c18 12 52 12 70 0" fill="none" stroke="#0F172A" stroke-width="10" stroke-linecap="round" opacity="0.22"/>
+</svg>

package/assets/protocol-flow.svg

@@ -0,0 +1,33 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="430" viewBox="0 0 1200 430" role="img" aria-labelledby="title desc">
+  <title id="title">MCP protocol flow</title>
+  <desc id="desc">The sequence mcp-stdio-guard verifies: spawn, initialize, initialized notification, optional request, validated stdout.</desc>
+  <rect width="1200" height="430" rx="30" fill="#0F172A"/>
+  <text x="64" y="76" fill="#F8FAFC" font-family="Inter, Arial, sans-serif" font-size="36" font-weight="800">Verified MCP stdio flow</text>
+  <text x="64" y="116" fill="#CBD5E1" font-family="Inter, Arial, sans-serif" font-size="20">Every box is a real process-boundary check, not a README-only promise.</text>
+  <g font-family="Inter, Arial, sans-serif">
+    <rect x="72" y="178" width="176" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="104" y="222" fill="#93C5FD" font-size="20" font-weight="800">1. spawn</text>
+    <text x="104" y="254" fill="#E2E8F0" font-size="17">run command</text>
+    <text x="104" y="278" fill="#94A3B8" font-size="15">after --</text>
+    <path d="M264 234h74" stroke="#38BDF8" stroke-width="8" stroke-linecap="round"/>
+    <path d="M326 219l24 15-24 15z" fill="#38BDF8"/>
+    <rect x="354" y="178" width="176" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="386" y="222" fill="#93C5FD" font-size="20" font-weight="800">2. initialize</text>
+    <text x="386" y="254" fill="#E2E8F0" font-size="17">JSON-RPC id 1</text>
+    <text x="386" y="278" fill="#94A3B8" font-size="15">timeout guarded</text>
+    <path d="M546 234h74" stroke="#38BDF8" stroke-width="8" stroke-linecap="round"/>
+    <path d="M608 219l24 15-24 15z" fill="#38BDF8"/>
+    <rect x="636" y="178" width="176" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="668" y="222" fill="#86EFAC" font-size="20" font-weight="800">3. initialized</text>
+    <text x="668" y="254" fill="#E2E8F0" font-size="17">notification</text>
+    <text x="668" y="278" fill="#94A3B8" font-size="15">server must survive</text>
+    <path d="M828 234h74" stroke="#38BDF8" stroke-width="8" stroke-linecap="round"/>
+    <path d="M890 219l24 15-24 15z" fill="#38BDF8"/>
+    <rect x="918" y="178" width="210" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="950" y="222" fill="#FBBF24" font-size="20" font-weight="800">4. request</text>
+    <text x="950" y="254" fill="#E2E8F0" font-size="17">tools/list or custom</text>
+    <text x="950" y="278" fill="#94A3B8" font-size="15">valid stdout only</text>
+  </g>
+  <rect x="72" y="334" width="1056" height="44" rx="22" fill="#111827" stroke="#334155"/>
+  <text x="104" y="363" fill="#E2E8F0" font-family="Inter, Arial, sans-serif" font-size="18">If stdout is not newline-delimited JSON-RPC at any point, the guard fails the run.</text>
+</svg>

package/assets/terminal-demo.svg

@@ -0,0 +1,28 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="560" viewBox="0 0 1200 560" role="img" aria-labelledby="title desc">
+  <title id="title">Terminal output examples</title>
+  <desc id="desc">Passing and failing terminal examples for mcp-stdio-guard.</desc>
+  <rect width="1200" height="560" rx="30" fill="#F8FAFC"/>
+  <text x="64" y="74" fill="#0F172A" font-family="Inter, Arial, sans-serif" font-size="36" font-weight="800">Terminal artifacts</text>
+  <text x="64" y="114" fill="#475569" font-family="Inter, Arial, sans-serif" font-size="20">Readable locally, strict enough for CI.</text>
+  <rect x="64" y="154" width="520" height="326" rx="22" fill="#0B1220"/>
+  <rect x="64" y="154" width="520" height="46" rx="22" fill="#111827"/>
+  <circle cx="96" cy="177" r="7" fill="#EF4444"/>
+  <circle cx="120" cy="177" r="7" fill="#F59E0B"/>
+  <circle cx="144" cy="177" r="7" fill="#22C55E"/>
+  <text x="92" y="242" fill="#86EFAC" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="22" font-weight="700">PASS MCP stdio guard</text>
+  <text x="92" y="284" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">initialize: ok</text>
+  <text x="92" y="322" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">frames: 2 stdout / 0 invalid</text>
+  <text x="92" y="360" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">stderr: 0 lines</text>
+  <text x="92" y="398" fill="#93C5FD" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">request: tools/list responded</text>
+  <rect x="616" y="154" width="520" height="326" rx="22" fill="#0B1220"/>
+  <rect x="616" y="154" width="520" height="46" rx="22" fill="#111827"/>
+  <circle cx="648" cy="177" r="7" fill="#EF4444"/>
+  <circle cx="672" cy="177" r="7" fill="#F59E0B"/>
+  <circle cx="696" cy="177" r="7" fill="#22C55E"/>
+  <text x="644" y="242" fill="#FCA5A5" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="22" font-weight="700">FAIL MCP stdio guard</text>
+  <text x="644" y="284" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">initialize: ok</text>
+  <text x="644" y="322" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">frames: 2 stdout / 1 invalid</text>
+  <text x="644" y="360" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">request: tools/list responded</text>
+  <text x="644" y="398" fill="#FCA5A5" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="17">[error] stdout-non-json:</text>
+  <text x="644" y="430" fill="#FCA5A5" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="17">"server starting..."</text>
+</svg>

package/bin/mcp-stdio-guard.js

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+
+import { runCli } from '../src/index.js';
+
+runCli(process.argv.slice(2)).catch((error) => {
+  console.error(error?.message || error);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "mcp-stdio-guard",
+  "version": "0.1.0",
+  "description": "A runtime zero-dependency CLI that catches stdout pollution and handshake failures in MCP stdio servers.",
+  "type": "module",
+  "bin": {
+    "mcp-stdio-guard": "bin/mcp-stdio-guard.js"
+  },
+  "files": [
+    "assets",
+    "bin",
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "node --test",
+    "pack:dry": "npm pack --dry-run"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "json-rpc",
+    "stdio",
+    "claude",
+    "cursor",
+    "cli",
+    "developer-tools",
+    "debugging"
+  ],
+  "author": "",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/1Utkarsh1/mcp-stdio-guard.git"
+  },
+  "bugs": {
+    "url": "https://github.com/1Utkarsh1/mcp-stdio-guard/issues"
+  },
+  "homepage": "https://github.com/1Utkarsh1/mcp-stdio-guard#readme",
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0"
+  }
+}

package/src/index.js

@@ -0,0 +1,494 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { spawn } from 'node:child_process';
+
+const DEFAULT_PROTOCOL = '2025-11-25';
+const DEFAULT_TIMEOUT = 5000;
+const VERSION = '0.1.0';
+
+export async function runCli(argv) {
+  const options = parseArgs(argv);
+
+  if (options.help) {
+    console.log(helpText());
+    return;
+  }
+
+  if (options.version) {
+    console.log(VERSION);
+    return;
+  }
+
+  if (!options.command.length) {
+    throw new Error('Missing command. Use: mcp-stdio-guard -- <command> [args...]');
+  }
+
+  const result = await guardStdioServer(options.command, {
+    protocol: options.protocol,
+    timeoutMs: options.timeoutMs,
+    cwd: options.cwd,
+    operation: options.requestMethod
+      ? {
+          method: options.requestMethod,
+          params: options.requestParams
+        }
+      : null
+  });
+
+  if (options.scanPath) {
+    result.staticFindings = scanSource(options.scanPath);
+    if (options.failOnStatic) {
+      for (const finding of result.staticFindings) {
+        result.issues.push({
+          severity: 'error',
+          code: 'static-stdout-write',
+          message: `${finding.file}:${finding.line} ${finding.message}`
+        });
+      }
+    }
+  }
+
+  result.ok = !result.issues.some((issue) => issue.severity === 'error');
+
+  if (options.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(formatTextResult(result));
+  }
+
+  if (!result.ok) {
+    process.exitCode = 1;
+  }
+}
+
+export function parseArgs(argv) {
+  const options = {
+    command: [],
+    protocol: DEFAULT_PROTOCOL,
+    timeoutMs: DEFAULT_TIMEOUT,
+    scanPath: '',
+    failOnStatic: false,
+    requestMethod: '',
+    requestParams: undefined,
+    json: false,
+    help: false,
+    version: false,
+    cwd: process.cwd()
+  };
+
+  for (let index = 0; index < argv.length; index += 1) {
+    const arg = argv[index];
+
+    if (arg === '--') {
+      options.command = argv.slice(index + 1);
+      break;
+    }
+
+    if (arg === '--help' || arg === '-h') {
+      options.help = true;
+    } else if (arg === '--version' || arg === '-v') {
+      options.version = true;
+    } else if (arg === '--json') {
+      options.json = true;
+    } else if (arg === '--fail-on-static') {
+      options.failOnStatic = true;
+    } else if (arg === '--request') {
+      options.requestMethod = readOptionValue(argv, index, arg);
+      index += 1;
+    } else if (arg === '--params') {
+      options.requestParams = parseJsonOption(readOptionValue(argv, index, arg), arg);
+      index += 1;
+    } else if (arg === '--protocol') {
+      options.protocol = readOptionValue(argv, index, arg);
+      index += 1;
+    } else if (arg === '--timeout') {
+      options.timeoutMs = Number(readOptionValue(argv, index, arg));
+      index += 1;
+    } else if (arg === '--scan') {
+      options.scanPath = path.resolve(readOptionValue(argv, index, arg));
+      index += 1;
+    } else if (arg === '--cwd') {
+      options.cwd = path.resolve(readOptionValue(argv, index, arg));
+      index += 1;
+    } else {
+      throw new Error(`Unknown option before --: ${arg}`);
+    }
+  }
+
+  if (!Number.isInteger(options.timeoutMs) || options.timeoutMs < 100) {
+    throw new Error('--timeout must be an integer >= 100');
+  }
+
+  if (options.requestParams !== undefined && !options.requestMethod) {
+    throw new Error('--params can only be used with --request');
+  }
+
+  return options;
+}
+
+export async function guardStdioServer(commandWithArgs, options = {}) {
+  const startedAt = Date.now();
+  const command = commandWithArgs[0];
+  const args = commandWithArgs.slice(1);
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT;
+  const protocol = options.protocol ?? DEFAULT_PROTOCOL;
+  const operation = options.operation || null;
+  const issues = [];
+  const frames = [];
+  const stderrChunks = [];
+  let stdoutBuffer = '';
+  let initialized = false;
+  let endedByGuard = false;
+  let timer;
+  let child;
+
+  const result = {
+    ok: false,
+    command: commandWithArgs,
+    protocol,
+    negotiatedProtocol: '',
+    initialized: false,
+    operation: operation
+      ? {
+          method: operation.method,
+          responded: false,
+          error: null
+        }
+      : null,
+    frames,
+    issues,
+    stderr: '',
+    staticFindings: [],
+    durationMs: 0
+  };
+
+  return new Promise((resolve) => {
+    function addIssue(severity, code, message) {
+      issues.push({ severity, code, message });
+    }
+
+    function armTimeout(code, message) {
+      clearTimeout(timer);
+      timer = setTimeout(() => {
+        addIssue('error', code, message);
+        finish();
+      }, timeoutMs);
+    }
+
+    function finishSoon() {
+      clearTimeout(timer);
+      setTimeout(finish, 50);
+    }
+
+    function finish() {
+      if (result.durationMs) return;
+      clearTimeout(timer);
+      result.durationMs = Date.now() - startedAt;
+      result.stderr = Buffer.concat(stderrChunks).toString('utf8');
+      result.initialized = initialized;
+      result.ok = !issues.some((issue) => issue.severity === 'error');
+      if (child && !child.killed && child.exitCode === null) {
+        endedByGuard = true;
+        child.kill('SIGTERM');
+      }
+      resolve(result);
+    }
+
+    function send(message) {
+      child.stdin.write(`${JSON.stringify(message)}\n`);
+    }
+
+    child = spawn(command, args, {
+      cwd: options.cwd ?? process.cwd(),
+      env: process.env,
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+
+    armTimeout('initialize-timeout', `no initialize response within ${timeoutMs}ms`);
+
+    child.on('error', (error) => {
+      clearTimeout(timer);
+      addIssue('error', 'spawn-failed', error.message);
+      finish();
+    });
+
+    child.stdout.on('data', (chunk) => {
+      stdoutBuffer += chunk.toString('utf8');
+      const lines = stdoutBuffer.split(/\r?\n/);
+      stdoutBuffer = lines.pop() ?? '';
+      for (const line of lines) {
+        handleStdoutLine(line);
+      }
+    });
+
+    child.stderr.on('data', (chunk) => {
+      stderrChunks.push(Buffer.from(chunk));
+    });
+
+    child.on('exit', (code, signal) => {
+      clearTimeout(timer);
+      if (stdoutBuffer.trim()) {
+        addIssue('error', 'stdout-without-newline', `stdout ended with an incomplete JSON-RPC frame: ${quote(stdoutBuffer)}`);
+      }
+      if (!endedByGuard && initialized && result.operation && !result.operation.responded) {
+        addIssue('error', 'operation-missing-response', `${result.operation.method} did not receive a response before server exit`);
+      }
+      if (!endedByGuard && initialized && code && code !== 0) {
+        addIssue('error', 'server-crashed', `server exited after initialize (code ${code}, signal ${signal ?? 'null'})`);
+      }
+      if (!initialized && !endedByGuard && !issues.some((issue) => issue.code === 'spawn-failed')) {
+        addIssue('error', 'server-exited', `server exited before initialize completed (code ${code ?? 'null'}, signal ${signal ?? 'null'})`);
+      }
+      finish();
+    });
+
+    send({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'initialize',
+      params: {
+        protocolVersion: protocol,
+        capabilities: {},
+        clientInfo: {
+          name: 'mcp-stdio-guard',
+          version: VERSION
+        }
+      }
+    });
+
+    function handleStdoutLine(line) {
+      if (!line.trim()) {
+        addIssue('warning', 'stdout-empty-line', 'stdout contained an empty line');
+        return;
+      }
+
+      let message;
+      try {
+        message = JSON.parse(line);
+      } catch {
+        addIssue('error', 'stdout-non-json', `stdout line ${frames.length + 1} is not JSON-RPC: ${quote(line)}`);
+        return;
+      }
+
+      const validation = validateJsonRpc(message);
+      if (validation) {
+        addIssue('error', 'stdout-invalid-json-rpc', validation);
+        return;
+      }
+
+      frames.push(message);
+
+      if (message.id === 1) {
+        clearTimeout(timer);
+        if (message.error) {
+          addIssue('error', 'initialize-error', `initialize returned error: ${message.error.message || JSON.stringify(message.error)}`);
+          finish();
+          return;
+        }
+
+        initialized = true;
+        result.negotiatedProtocol = message.result?.protocolVersion || '';
+        send({ jsonrpc: '2.0', method: 'notifications/initialized' });
+        if (operation) {
+          const request = {
+            jsonrpc: '2.0',
+            id: 2,
+            method: operation.method
+          };
+          if (operation.params !== undefined) {
+            request.params = operation.params;
+          }
+          send(request);
+          armTimeout('operation-timeout', `no ${operation.method} response within ${timeoutMs}ms`);
+        } else {
+          finishSoon();
+        }
+      } else if (operation && message.id === 2) {
+        clearTimeout(timer);
+        result.operation.responded = true;
+        if (message.error) {
+          result.operation.error = message.error;
+          addIssue('warning', 'operation-error', `${operation.method} returned error: ${message.error.message || JSON.stringify(message.error)}`);
+        }
+        finishSoon();
+      }
+    }
+  });
+}
+
+export function validateJsonRpc(message) {
+  if (!message || typeof message !== 'object' || Array.isArray(message)) {
+    return 'JSON-RPC frame must be an object';
+  }
+
+  if (message.jsonrpc !== '2.0') {
+    return 'JSON-RPC frame must include jsonrpc: "2.0"';
+  }
+
+  const hasId = Object.hasOwn(message, 'id');
+  const hasMethod = typeof message.method === 'string';
+  const hasResult = Object.hasOwn(message, 'result');
+  const hasError = Object.hasOwn(message, 'error');
+
+  if (hasId && !hasMethod && !hasResult && !hasError) {
+    return 'response frame must include result or error';
+  }
+
+  if (!hasId && !hasMethod) {
+    return 'notification/request frame must include method';
+  }
+
+  return '';
+}
+
+export function scanSource(root) {
+  const findings = [];
+  const absoluteRoot = path.resolve(root);
+  const files = listSourceFiles(absoluteRoot);
+
+  for (const file of files) {
+    const text = fs.readFileSync(file, 'utf8');
+    const lines = text.split(/\r?\n/);
+    for (let index = 0; index < lines.length; index += 1) {
+      const message = detectStdoutWrite(file, lines[index]);
+      if (message) {
+        findings.push({
+          file: path.relative(process.cwd(), file).split(path.sep).join('/'),
+          line: index + 1,
+          message
+        });
+      }
+    }
+  }
+
+  return findings;
+}
+
+function detectStdoutWrite(file, line) {
+  const ext = path.extname(file);
+  const stripped = line.trim();
+  if (!stripped || stripped.startsWith('//') || stripped.startsWith('#')) return '';
+
+  if (['.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx'].includes(ext) && /\bconsole\.(log|info)\s*\(/.test(line)) {
+    return 'console.log/info writes to stdout; use console.error for MCP stdio diagnostics';
+  }
+
+  if (ext === '.py' && /(^|[^\w])print\s*\(/.test(line) && !/file\s*=\s*sys\.stderr/.test(line)) {
+    return 'print() writes to stdout; pass file=sys.stderr for MCP stdio diagnostics';
+  }
+
+  if (ext === '.go' && /\bfmt\.(Print|Printf|Println)\s*\(/.test(line)) {
+    return 'fmt.Print* writes to stdout; use stderr for MCP stdio diagnostics';
+  }
+
+  if (ext === '.rs' && /\bprintln!\s*\(/.test(line)) {
+    return 'println! writes to stdout; use eprintln! for MCP stdio diagnostics';
+  }
+
+  if (['.java', '.kt'].includes(ext) && /System\.out\.print/.test(line)) {
+    return 'System.out writes to stdout; use stderr for MCP stdio diagnostics';
+  }
+
+  return '';
+}
+
+function listSourceFiles(root) {
+  const ignored = new Set(['.git', 'node_modules', 'dist', 'build', 'coverage', '.next', '.cache']);
+  const files = [];
+
+  function walk(dir) {
+    if (!fs.existsSync(dir)) return;
+    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      if (ignored.has(entry.name)) continue;
+      const fullPath = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        walk(fullPath);
+      } else if (entry.isFile() && /\.(mjs|cjs|js|jsx|ts|tsx|py|go|rs|java|kt)$/.test(entry.name)) {
+        files.push(fullPath);
+      }
+    }
+  }
+
+  walk(root);
+  return files.sort();
+}
+
+function formatTextResult(result) {
+  const status = result.ok ? 'PASS' : 'FAIL';
+  const invalidFrames = result.issues.filter((issue) => issue.code.startsWith('stdout-')).length;
+  const stderrLines = result.stderr ? result.stderr.trim().split(/\r?\n/).filter(Boolean).length : 0;
+  const lines = [
+    `${status} MCP stdio guard`,
+    `initialize: ${result.initialized ? 'ok' : 'failed'}`,
+    `frames: ${result.frames.length} stdout / ${invalidFrames} invalid`,
+    `stderr: ${stderrLines} lines`
+  ];
+
+  if (result.negotiatedProtocol) {
+    lines.push(`protocol: ${result.negotiatedProtocol}`);
+  }
+
+  if (result.operation) {
+    const state = result.operation.responded ? 'responded' : 'missing';
+    lines.push(`request: ${result.operation.method} ${state}`);
+  }
+
+  if (result.staticFindings.length) {
+    lines.push(`static findings: ${result.staticFindings.length}`);
+    for (const finding of result.staticFindings.slice(0, 10)) {
+      lines.push(`[warning] ${finding.file}:${finding.line} ${finding.message}`);
+    }
+  }
+
+  for (const issue of result.issues) {
+    lines.push(`[${issue.severity}] ${issue.code}: ${issue.message}`);
+  }
+
+  return lines.join('\n');
+}
+
+function readOptionValue(argv, index, option) {
+  const value = argv[index + 1];
+  if (!value || value.startsWith('--')) {
+    throw new Error(`${option} requires a value`);
+  }
+  return value;
+}
+
+function parseJsonOption(rawValue, option) {
+  try {
+    return JSON.parse(rawValue);
+  } catch (error) {
+    throw new Error(`${option} must be valid JSON: ${error.message}`);
+  }
+}
+
+function quote(value) {
+  const singleLine = String(value).replace(/\s+/g, ' ').trim();
+  return JSON.stringify(singleLine.length > 160 ? `${singleLine.slice(0, 157)}...` : singleLine);
+}
+
+function helpText() {
+  return `mcp-stdio-guard validates MCP stdio servers.
+
+Usage:
+  mcp-stdio-guard [options] -- <command> [args...]
+
+Options:
+  --protocol <version>   MCP protocol version, default ${DEFAULT_PROTOCOL}
+  --timeout <ms>         initialize and request timeout, default ${DEFAULT_TIMEOUT}
+  --scan <path>          scan source for risky stdout writes
+  --fail-on-static       fail when --scan finds risky stdout writes
+  --request <method>     send one MCP request after initialize, e.g. tools/list
+  --params <json>        JSON params for --request
+  --json                 print JSON output
+  --cwd <path>           run command from this directory
+  --version, -v          print version
+  --help, -h             show help
+
+Examples:
+  mcp-stdio-guard -- node ./server.js
+  mcp-stdio-guard --request tools/list -- node ./server.js
+  mcp-stdio-guard --scan src --fail-on-static --request tools/list -- node ./server.js
+`;
+}