npm - mcp-stdio-guard - Versions diffs - 0.1.0 - Mend

mcp-stdio-guard 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 mcp-stdio-guard contributors
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,169 @@
+<p align="center">
+  <img src="assets/logo.svg" alt="mcp-stdio-guard logo" width="120" />
+</p>
+<h1 align="center">mcp-stdio-guard</h1>
+<p align="center">
+  Catch stdout pollution and handshake failures in MCP stdio servers before clients do.
+</p>
+<p align="center">
+  <a href="https://github.com/1Utkarsh1/mcp-stdio-guard/actions/workflows/ci.yml"><img alt="CI" src="https://github.com/1Utkarsh1/mcp-stdio-guard/actions/workflows/ci.yml/badge.svg" /></a>
+  <a href="https://www.npmjs.com/package/mcp-stdio-guard"><img alt="npm" src="https://img.shields.io/npm/v/mcp-stdio-guard?color=0b6bcb" /></a>
+  <img alt="runtime dependencies" src="https://img.shields.io/badge/runtime%20deps-0-1f8f4c" />
+  <img alt="node" src="https://img.shields.io/badge/node-%3E%3D18-2f855a" />
+  <a href="LICENSE"><img alt="license" src="https://img.shields.io/badge/license-MIT-111827" /></a>
+</p>
+<p align="center">
+  <img src="assets/hero.svg" alt="mcp-stdio-guard hero showing a clean MCP stdio pipeline" width="100%" />
+</p>
+MCP stdio servers use stdout as their protocol channel. Debug text, banners, progress logs, `console.log`, Python `print`, or any other stray stdout output can corrupt the stream and make clients fail in confusing ways.
+`mcp-stdio-guard` starts your server, performs a real MCP initialize handshake, optionally sends a real post-initialize MCP request such as `tools/list`, validates every stdout frame, and scans source for risky stdout calls.
+## Why This Exists
+The latest MCP docs say [stdio servers must send JSON-RPC messages on stdout](https://modelcontextprotocol.io/specification/2025-11-25/basic/transports), may log to stderr, and must complete the [`initialize` then `notifications/initialized` lifecycle](https://modelcontextprotocol.io/specification/2025-11-25/basic/lifecycle) before normal operation.
+That is easy to get wrong in real servers. This guard turns that fragile process boundary into a fast local check and a CI gate.
+<p align="center">
+  <img src="assets/protocol-flow.svg" alt="Protocol flow tested by mcp-stdio-guard" width="100%" />
+</p>
+## Install
+From npm:
+```bash
+npx mcp-stdio-guard -- node ./server.js
+```
+From this repo:
+```bash
+git clone https://github.com/1Utkarsh1/mcp-stdio-guard.git
+cd mcp-stdio-guard
+npm ci
+npm test
+```
+## Quickstart
+Run your MCP server behind the guard:
+```bash
+mcp-stdio-guard -- node ./server.js
+```
+Exercise a real MCP operation after initialization:
+```bash
+mcp-stdio-guard --request tools/list -- node ./server.js
+```
+Scan source for obvious stdout writes too:
+```bash
+mcp-stdio-guard --scan src --fail-on-static --request tools/list -- node ./server.js
+```
+JSON output for CI:
+```bash
+mcp-stdio-guard --json --request tools/list -- node ./server.js
+```
+## What It Catches
+<p align="center">
+  <img src="assets/terminal-demo.svg" alt="Passing and failing terminal output examples" width="100%" />
+</p>
+| Problem | Runtime check | Static scan |
+| --- | --- | --- |
+| `console.log("starting")` before server startup | Yes | Yes |
+| Python `print("debug")` in a stdio server | Yes | Yes |
+| Late stdout logs after `initialize` | Yes | Partial |
+| Invalid JSON-RPC frames | Yes | No |
+| Server crash after `notifications/initialized` | Yes | No |
+| Missing `initialize` or operation response | Yes | No |
+| stderr diagnostics | Allowed | Allowed |
+## Live MCP Coverage
+The test suite creates real servers with `@modelcontextprotocol/sdk@1.29.0` and verifies:
+| Scenario | Expected result |
+| --- | --- |
+| clean SDK stdio server through `initialize` and `tools/list` | Pass |
+| SDK server with startup stdout pollution | Fail |
+| SDK server with stderr diagnostics | Pass |
+| SDK server with late stdout pollution after connection | Fail |
+| hand-rolled server that ignores post-initialize requests | Fail |
+| server that crashes after initialized notification | Fail |
+## Commands
+```bash
+mcp-stdio-guard [options] -- <command> [args...]
+```
+| Option | Description |
+| --- | --- |
+| `--protocol <version>` | MCP protocol version to send, default `2025-11-25` |
+| `--timeout <ms>` | initialize and request timeout, default `5000` |
+| `--request <method>` | send one MCP request after initialization, for example `tools/list` |
+| `--params <json>` | JSON params for `--request` |
+| `--scan <path>` | scan source for risky stdout writes |
+| `--fail-on-static` | make static scan findings fail the command |
+| `--json` | print machine-readable output |
+| `--cwd <path>` | run the server command from a specific directory |
+| `--help` | show help |
+## CI
+```yaml
+- run: npm ci
+- run: npx mcp-stdio-guard --scan src --fail-on-static --request tools/list -- node ./server.js
+```
+## Output
+Passing server:
+```text
+PASS MCP stdio guard
+initialize: ok
+frames: 2 stdout / 0 invalid
+stderr: 0 lines
+protocol: 2025-11-25
+request: tools/list responded
+```
+Polluted stdout:
+```text
+FAIL MCP stdio guard
+initialize: ok
+frames: 2 stdout / 1 invalid
+stderr: 0 lines
+protocol: 2025-11-25
+request: tools/list responded
+[error] stdout-non-json: stdout line 1 is not JSON-RPC: "server starting..."
+```
+## Design
+- Runtime dependencies: zero.
+- Default behavior: validate the real process boundary.
+- Optional static scan: intentionally simple and conservative.
+- CI posture: fail on protocol corruption, crashes, and missing responses.
+- Promotion promise: no fake stars, no spam, just a tool that catches a real MCP failure mode.
+## License
+MIT

package/assets/hero.svg ADDED Viewed

@@ -0,0 +1,41 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="520" viewBox="0 0 1200 520" role="img" aria-labelledby="title desc">
+  <title id="title">mcp-stdio-guard hero</title>
+  <desc id="desc">A visual showing the guard protecting an MCP stdio JSON-RPC stream.</desc>
+  <defs>
+    <linearGradient id="bg" x1="0" y1="0" x2="1200" y2="520" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#F8FAFC"/>
+      <stop offset="1" stop-color="#E8F5EE"/>
+    </linearGradient>
+    <linearGradient id="pipe" x1="190" y1="272" x2="1010" y2="272" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#0B6BCB"/>
+      <stop offset="1" stop-color="#1F8F4C"/>
+    </linearGradient>
+    <filter id="soft" x="-10%" y="-10%" width="120%" height="120%">
+      <feDropShadow dx="0" dy="14" stdDeviation="20" flood-color="#0F172A" flood-opacity="0.14"/>
+    </filter>
+  </defs>
+  <rect width="1200" height="520" rx="36" fill="url(#bg)"/>
+  <rect x="64" y="56" width="1072" height="408" rx="28" fill="#FFFFFF" filter="url(#soft)"/>
+  <text x="104" y="132" fill="#0F172A" font-family="Inter, Arial, sans-serif" font-size="56" font-weight="800">Guard your MCP stdio stream</text>
+  <text x="106" y="178" fill="#475569" font-family="Inter, Arial, sans-serif" font-size="25" font-weight="500">Initialize, validate JSON-RPC, run a real request, and catch noisy stdout before users do.</text>
+  <rect x="114" y="248" width="210" height="94" rx="18" fill="#EFF6FF" stroke="#BFDBFE"/>
+  <text x="142" y="286" fill="#0B6BCB" font-family="Inter, Arial, sans-serif" font-size="22" font-weight="800">Your server</text>
+  <text x="142" y="318" fill="#334155" font-family="Inter, Arial, sans-serif" font-size="18">node ./server.js</text>
+  <path d="M340 295h170" stroke="url(#pipe)" stroke-width="12" stroke-linecap="round"/>
+  <path d="M490 276l30 19-30 19z" fill="#1F8F4C"/>
+  <rect x="522" y="226" width="250" height="138" rx="22" fill="#0F172A"/>
+  <text x="556" y="272" fill="#ECFDF5" font-family="Inter, Arial, sans-serif" font-size="24" font-weight="800">stdio guard</text>
+  <text x="556" y="308" fill="#93C5FD" font-family="Inter, Arial, sans-serif" font-size="18">stdout must be JSON-RPC</text>
+  <text x="556" y="336" fill="#86EFAC" font-family="Inter, Arial, sans-serif" font-size="18">stderr is safe for logs</text>
+  <path d="M788 295h170" stroke="url(#pipe)" stroke-width="12" stroke-linecap="round"/>
+  <path d="M938 276l30 19-30 19z" fill="#1F8F4C"/>
+  <rect x="982" y="248" width="104" height="94" rx="18" fill="#ECFDF5" stroke="#BBF7D0"/>
+  <text x="1012" y="286" fill="#166534" font-family="Inter, Arial, sans-serif" font-size="22" font-weight="800">PASS</text>
+  <text x="1005" y="318" fill="#334155" font-family="Inter, Arial, sans-serif" font-size="18">or fail fast</text>
+  <rect x="104" y="390" width="242" height="38" rx="19" fill="#DBEAFE"/>
+  <text x="128" y="416" fill="#1E3A8A" font-family="Inter, Arial, sans-serif" font-size="18" font-weight="700">real MCP SDK tested</text>
+  <rect x="362" y="390" width="204" height="38" rx="19" fill="#DCFCE7"/>
+  <text x="386" y="416" fill="#166534" font-family="Inter, Arial, sans-serif" font-size="18" font-weight="700">zero runtime deps</text>
+  <rect x="582" y="390" width="250" height="38" rx="19" fill="#FEF3C7"/>
+  <text x="606" y="416" fill="#92400E" font-family="Inter, Arial, sans-serif" font-size="18" font-weight="700">CI-ready failure modes</text>
+</svg>

package/assets/logo.svg ADDED Viewed

@@ -0,0 +1,22 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="256" height="256" viewBox="0 0 256 256" role="img" aria-labelledby="title desc">
+  <title id="title">mcp-stdio-guard logo</title>
+  <desc id="desc">A shield containing a terminal prompt and JSON braces.</desc>
+  <defs>
+    <linearGradient id="shield" x1="42" y1="28" x2="214" y2="226" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#0B6BCB"/>
+      <stop offset="1" stop-color="#1F8F4C"/>
+    </linearGradient>
+    <filter id="shadow" x="-20%" y="-20%" width="140%" height="140%">
+      <feDropShadow dx="0" dy="10" stdDeviation="12" flood-color="#0F172A" flood-opacity="0.24"/>
+    </filter>
+  </defs>
+  <rect width="256" height="256" rx="56" fill="#F8FAFC"/>
+  <path d="M128 28l78 30v60c0 50-30 86-78 110-48-24-78-60-78-110V58l78-30z" fill="url(#shield)" filter="url(#shadow)"/>
+  <rect x="70" y="82" width="116" height="82" rx="14" fill="#0F172A"/>
+  <circle cx="91" cy="104" r="5" fill="#EF4444"/>
+  <circle cx="108" cy="104" r="5" fill="#F59E0B"/>
+  <circle cx="125" cy="104" r="5" fill="#22C55E"/>
+  <path d="M91 131l18 13-18 13" fill="none" stroke="#93C5FD" stroke-width="8" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M127 157h38" fill="none" stroke="#ECFDF5" stroke-width="8" stroke-linecap="round"/>
+  <path d="M93 190c18 12 52 12 70 0" fill="none" stroke="#0F172A" stroke-width="10" stroke-linecap="round" opacity="0.22"/>
+</svg>

package/assets/protocol-flow.svg ADDED Viewed

@@ -0,0 +1,33 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="430" viewBox="0 0 1200 430" role="img" aria-labelledby="title desc">
+  <title id="title">MCP protocol flow</title>
+  <desc id="desc">The sequence mcp-stdio-guard verifies: spawn, initialize, initialized notification, optional request, validated stdout.</desc>
+  <rect width="1200" height="430" rx="30" fill="#0F172A"/>
+  <text x="64" y="76" fill="#F8FAFC" font-family="Inter, Arial, sans-serif" font-size="36" font-weight="800">Verified MCP stdio flow</text>
+  <text x="64" y="116" fill="#CBD5E1" font-family="Inter, Arial, sans-serif" font-size="20">Every box is a real process-boundary check, not a README-only promise.</text>
+  <g font-family="Inter, Arial, sans-serif">
+    <rect x="72" y="178" width="176" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="104" y="222" fill="#93C5FD" font-size="20" font-weight="800">1. spawn</text>
+    <text x="104" y="254" fill="#E2E8F0" font-size="17">run command</text>
+    <text x="104" y="278" fill="#94A3B8" font-size="15">after --</text>
+    <path d="M264 234h74" stroke="#38BDF8" stroke-width="8" stroke-linecap="round"/>
+    <path d="M326 219l24 15-24 15z" fill="#38BDF8"/>
+    <rect x="354" y="178" width="176" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="386" y="222" fill="#93C5FD" font-size="20" font-weight="800">2. initialize</text>
+    <text x="386" y="254" fill="#E2E8F0" font-size="17">JSON-RPC id 1</text>
+    <text x="386" y="278" fill="#94A3B8" font-size="15">timeout guarded</text>
+    <path d="M546 234h74" stroke="#38BDF8" stroke-width="8" stroke-linecap="round"/>
+    <path d="M608 219l24 15-24 15z" fill="#38BDF8"/>
+    <rect x="636" y="178" width="176" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="668" y="222" fill="#86EFAC" font-size="20" font-weight="800">3. initialized</text>
+    <text x="668" y="254" fill="#E2E8F0" font-size="17">notification</text>
+    <text x="668" y="278" fill="#94A3B8" font-size="15">server must survive</text>
+    <path d="M828 234h74" stroke="#38BDF8" stroke-width="8" stroke-linecap="round"/>
+    <path d="M890 219l24 15-24 15z" fill="#38BDF8"/>
+    <rect x="918" y="178" width="210" height="112" rx="18" fill="#1E293B" stroke="#334155"/>
+    <text x="950" y="222" fill="#FBBF24" font-size="20" font-weight="800">4. request</text>
+    <text x="950" y="254" fill="#E2E8F0" font-size="17">tools/list or custom</text>
+    <text x="950" y="278" fill="#94A3B8" font-size="15">valid stdout only</text>
+  </g>
+  <rect x="72" y="334" width="1056" height="44" rx="22" fill="#111827" stroke="#334155"/>
+  <text x="104" y="363" fill="#E2E8F0" font-family="Inter, Arial, sans-serif" font-size="18">If stdout is not newline-delimited JSON-RPC at any point, the guard fails the run.</text>
+</svg>

package/assets/terminal-demo.svg ADDED Viewed

@@ -0,0 +1,28 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="1200" height="560" viewBox="0 0 1200 560" role="img" aria-labelledby="title desc">
+  <title id="title">Terminal output examples</title>
+  <desc id="desc">Passing and failing terminal examples for mcp-stdio-guard.</desc>
+  <rect width="1200" height="560" rx="30" fill="#F8FAFC"/>
+  <text x="64" y="74" fill="#0F172A" font-family="Inter, Arial, sans-serif" font-size="36" font-weight="800">Terminal artifacts</text>
+  <text x="64" y="114" fill="#475569" font-family="Inter, Arial, sans-serif" font-size="20">Readable locally, strict enough for CI.</text>
+  <rect x="64" y="154" width="520" height="326" rx="22" fill="#0B1220"/>
+  <rect x="64" y="154" width="520" height="46" rx="22" fill="#111827"/>
+  <circle cx="96" cy="177" r="7" fill="#EF4444"/>
+  <circle cx="120" cy="177" r="7" fill="#F59E0B"/>
+  <circle cx="144" cy="177" r="7" fill="#22C55E"/>
+  <text x="92" y="242" fill="#86EFAC" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="22" font-weight="700">PASS MCP stdio guard</text>
+  <text x="92" y="284" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">initialize: ok</text>
+  <text x="92" y="322" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">frames: 2 stdout / 0 invalid</text>
+  <text x="92" y="360" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">stderr: 0 lines</text>
+  <text x="92" y="398" fill="#93C5FD" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">request: tools/list responded</text>
+  <rect x="616" y="154" width="520" height="326" rx="22" fill="#0B1220"/>
+  <rect x="616" y="154" width="520" height="46" rx="22" fill="#111827"/>
+  <circle cx="648" cy="177" r="7" fill="#EF4444"/>
+  <circle cx="672" cy="177" r="7" fill="#F59E0B"/>
+  <circle cx="696" cy="177" r="7" fill="#22C55E"/>
+  <text x="644" y="242" fill="#FCA5A5" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="22" font-weight="700">FAIL MCP stdio guard</text>
+  <text x="644" y="284" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">initialize: ok</text>
+  <text x="644" y="322" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">frames: 2 stdout / 1 invalid</text>
+  <text x="644" y="360" fill="#E2E8F0" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="19">request: tools/list responded</text>
+  <text x="644" y="398" fill="#FCA5A5" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="17">[error] stdout-non-json:</text>
+  <text x="644" y="430" fill="#FCA5A5" font-family="SFMono-Regular, Menlo, Consolas, monospace" font-size="17">"server starting..."</text>
+</svg>

package/bin/mcp-stdio-guard.js ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+import { runCli } from '../src/index.js';
+runCli(process.argv.slice(2)).catch((error) => {
+  console.error(error?.message || error);
+  process.exit(1);
+});

package/package.json ADDED Viewed

@@ -0,0 +1,47 @@
+{
+  "name": "mcp-stdio-guard",
+  "version": "0.1.0",
+  "description": "A runtime zero-dependency CLI that catches stdout pollution and handshake failures in MCP stdio servers.",
+  "type": "module",
+  "bin": {
+    "mcp-stdio-guard": "bin/mcp-stdio-guard.js"
+  },
+  "files": [
+    "assets",
+    "bin",
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "node --test",
+    "pack:dry": "npm pack --dry-run"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "json-rpc",
+    "stdio",
+    "claude",
+    "cursor",
+    "cli",
+    "developer-tools",
+    "debugging"
+  ],
+  "author": "",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/1Utkarsh1/mcp-stdio-guard.git"
+  },
+  "bugs": {
+    "url": "https://github.com/1Utkarsh1/mcp-stdio-guard/issues"
+  },
+  "homepage": "https://github.com/1Utkarsh1/mcp-stdio-guard#readme",
+  "engines": {
+    "node": ">=18"
+  },
+  "devDependencies": {
+    "@modelcontextprotocol/sdk": "^1.29.0"
+  }
+}

package/src/index.js ADDED Viewed

@@ -0,0 +1,494 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { spawn } from 'node:child_process';
+const DEFAULT_PROTOCOL = '2025-11-25';
+const DEFAULT_TIMEOUT = 5000;
+const VERSION = '0.1.0';
+export async function runCli(argv) {
+  const options = parseArgs(argv);
+  if (options.help) {
+    console.log(helpText());
+    return;
+  }
+  if (options.version) {
+    console.log(VERSION);
+    return;
+  }
+  if (!options.command.length) {
+    throw new Error('Missing command. Use: mcp-stdio-guard -- <command> [args...]');
+  }
+  const result = await guardStdioServer(options.command, {
+    protocol: options.protocol,
+    timeoutMs: options.timeoutMs,
+    cwd: options.cwd,
+    operation: options.requestMethod
+      ? {
+          method: options.requestMethod,
+          params: options.requestParams
+        }
+      : null
+  });
+  if (options.scanPath) {
+    result.staticFindings = scanSource(options.scanPath);
+    if (options.failOnStatic) {
+      for (const finding of result.staticFindings) {
+        result.issues.push({
+          severity: 'error',
+          code: 'static-stdout-write',
+          message: `${finding.file}:${finding.line} ${finding.message}`
+        });
+      }
+    }
+  }
+  result.ok = !result.issues.some((issue) => issue.severity === 'error');
+  if (options.json) {
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    console.log(formatTextResult(result));
+  }
+  if (!result.ok) {
+    process.exitCode = 1;
+  }
+}
+export function parseArgs(argv) {
+  const options = {
+    command: [],
+    protocol: DEFAULT_PROTOCOL,
+    timeoutMs: DEFAULT_TIMEOUT,
+    scanPath: '',
+    failOnStatic: false,
+    requestMethod: '',
+    requestParams: undefined,
+    json: false,
+    help: false,
+    version: false,
+    cwd: process.cwd()
+  };
+  for (let index = 0; index < argv.length; index += 1) {
+    const arg = argv[index];
+    if (arg === '--') {
+      options.command = argv.slice(index + 1);
+      break;
+    }
+    if (arg === '--help' || arg === '-h') {
+      options.help = true;
+    } else if (arg === '--version' || arg === '-v') {
+      options.version = true;
+    } else if (arg === '--json') {
+      options.json = true;
+    } else if (arg === '--fail-on-static') {
+      options.failOnStatic = true;
+    } else if (arg === '--request') {
+      options.requestMethod = readOptionValue(argv, index, arg);
+      index += 1;
+    } else if (arg === '--params') {
+      options.requestParams = parseJsonOption(readOptionValue(argv, index, arg), arg);
+      index += 1;
+    } else if (arg === '--protocol') {
+      options.protocol = readOptionValue(argv, index, arg);
+      index += 1;
+    } else if (arg === '--timeout') {
+      options.timeoutMs = Number(readOptionValue(argv, index, arg));
+      index += 1;
+    } else if (arg === '--scan') {
+      options.scanPath = path.resolve(readOptionValue(argv, index, arg));
+      index += 1;
+    } else if (arg === '--cwd') {
+      options.cwd = path.resolve(readOptionValue(argv, index, arg));
+      index += 1;
+    } else {
+      throw new Error(`Unknown option before --: ${arg}`);
+    }
+  }
+  if (!Number.isInteger(options.timeoutMs) || options.timeoutMs < 100) {
+    throw new Error('--timeout must be an integer >= 100');
+  }
+  if (options.requestParams !== undefined && !options.requestMethod) {
+    throw new Error('--params can only be used with --request');
+  }
+  return options;
+}
+export async function guardStdioServer(commandWithArgs, options = {}) {
+  const startedAt = Date.now();
+  const command = commandWithArgs[0];
+  const args = commandWithArgs.slice(1);
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT;
+  const protocol = options.protocol ?? DEFAULT_PROTOCOL;
+  const operation = options.operation || null;
+  const issues = [];
+  const frames = [];
+  const stderrChunks = [];
+  let stdoutBuffer = '';
+  let initialized = false;
+  let endedByGuard = false;
+  let timer;
+  let child;
+  const result = {
+    ok: false,
+    command: commandWithArgs,
+    protocol,
+    negotiatedProtocol: '',
+    initialized: false,
+    operation: operation
+      ? {
+          method: operation.method,
+          responded: false,
+          error: null
+        }
+      : null,
+    frames,
+    issues,
+    stderr: '',
+    staticFindings: [],
+    durationMs: 0
+  };
+  return new Promise((resolve) => {
+    function addIssue(severity, code, message) {
+      issues.push({ severity, code, message });
+    }
+    function armTimeout(code, message) {
+      clearTimeout(timer);
+      timer = setTimeout(() => {
+        addIssue('error', code, message);
+        finish();
+      }, timeoutMs);
+    }
+    function finishSoon() {
+      clearTimeout(timer);
+      setTimeout(finish, 50);
+    }
+    function finish() {
+      if (result.durationMs) return;
+      clearTimeout(timer);
+      result.durationMs = Date.now() - startedAt;
+      result.stderr = Buffer.concat(stderrChunks).toString('utf8');
+      result.initialized = initialized;
+      result.ok = !issues.some((issue) => issue.severity === 'error');
+      if (child && !child.killed && child.exitCode === null) {
+        endedByGuard = true;
+        child.kill('SIGTERM');
+      }
+      resolve(result);
+    }
+    function send(message) {
+      child.stdin.write(`${JSON.stringify(message)}\n`);
+    }
+    child = spawn(command, args, {
+      cwd: options.cwd ?? process.cwd(),
+      env: process.env,
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+    armTimeout('initialize-timeout', `no initialize response within ${timeoutMs}ms`);
+    child.on('error', (error) => {
+      clearTimeout(timer);
+      addIssue('error', 'spawn-failed', error.message);
+      finish();
+    });
+    child.stdout.on('data', (chunk) => {
+      stdoutBuffer += chunk.toString('utf8');
+      const lines = stdoutBuffer.split(/\r?\n/);
+      stdoutBuffer = lines.pop() ?? '';
+      for (const line of lines) {
+        handleStdoutLine(line);
+      }
+    });
+    child.stderr.on('data', (chunk) => {
+      stderrChunks.push(Buffer.from(chunk));
+    });
+    child.on('exit', (code, signal) => {
+      clearTimeout(timer);
+      if (stdoutBuffer.trim()) {
+        addIssue('error', 'stdout-without-newline', `stdout ended with an incomplete JSON-RPC frame: ${quote(stdoutBuffer)}`);
+      }
+      if (!endedByGuard && initialized && result.operation && !result.operation.responded) {
+        addIssue('error', 'operation-missing-response', `${result.operation.method} did not receive a response before server exit`);
+      }
+      if (!endedByGuard && initialized && code && code !== 0) {
+        addIssue('error', 'server-crashed', `server exited after initialize (code ${code}, signal ${signal ?? 'null'})`);
+      }
+      if (!initialized && !endedByGuard && !issues.some((issue) => issue.code === 'spawn-failed')) {
+        addIssue('error', 'server-exited', `server exited before initialize completed (code ${code ?? 'null'}, signal ${signal ?? 'null'})`);
+      }
+      finish();
+    });
+    send({
+      jsonrpc: '2.0',
+      id: 1,
+      method: 'initialize',
+      params: {
+        protocolVersion: protocol,
+        capabilities: {},
+        clientInfo: {
+          name: 'mcp-stdio-guard',
+          version: VERSION
+        }
+      }
+    });
+    function handleStdoutLine(line) {
+      if (!line.trim()) {
+        addIssue('warning', 'stdout-empty-line', 'stdout contained an empty line');
+        return;
+      }
+      let message;
+      try {
+        message = JSON.parse(line);
+      } catch {
+        addIssue('error', 'stdout-non-json', `stdout line ${frames.length + 1} is not JSON-RPC: ${quote(line)}`);
+        return;
+      }
+      const validation = validateJsonRpc(message);
+      if (validation) {
+        addIssue('error', 'stdout-invalid-json-rpc', validation);
+        return;
+      }
+      frames.push(message);
+      if (message.id === 1) {
+        clearTimeout(timer);
+        if (message.error) {
+          addIssue('error', 'initialize-error', `initialize returned error: ${message.error.message || JSON.stringify(message.error)}`);
+          finish();
+          return;
+        }
+        initialized = true;
+        result.negotiatedProtocol = message.result?.protocolVersion || '';
+        send({ jsonrpc: '2.0', method: 'notifications/initialized' });
+        if (operation) {
+          const request = {
+            jsonrpc: '2.0',
+            id: 2,
+            method: operation.method
+          };
+          if (operation.params !== undefined) {
+            request.params = operation.params;
+          }
+          send(request);
+          armTimeout('operation-timeout', `no ${operation.method} response within ${timeoutMs}ms`);
+        } else {
+          finishSoon();
+        }
+      } else if (operation && message.id === 2) {
+        clearTimeout(timer);
+        result.operation.responded = true;
+        if (message.error) {
+          result.operation.error = message.error;
+          addIssue('warning', 'operation-error', `${operation.method} returned error: ${message.error.message || JSON.stringify(message.error)}`);
+        }
+        finishSoon();
+      }
+    }
+  });
+}
+export function validateJsonRpc(message) {
+  if (!message || typeof message !== 'object' || Array.isArray(message)) {
+    return 'JSON-RPC frame must be an object';
+  }
+  if (message.jsonrpc !== '2.0') {
+    return 'JSON-RPC frame must include jsonrpc: "2.0"';
+  }
+  const hasId = Object.hasOwn(message, 'id');
+  const hasMethod = typeof message.method === 'string';
+  const hasResult = Object.hasOwn(message, 'result');
+  const hasError = Object.hasOwn(message, 'error');
+  if (hasId && !hasMethod && !hasResult && !hasError) {
+    return 'response frame must include result or error';
+  }
+  if (!hasId && !hasMethod) {
+    return 'notification/request frame must include method';
+  }
+  return '';
+}
+export function scanSource(root) {
+  const findings = [];
+  const absoluteRoot = path.resolve(root);
+  const files = listSourceFiles(absoluteRoot);
+  for (const file of files) {
+    const text = fs.readFileSync(file, 'utf8');
+    const lines = text.split(/\r?\n/);
+    for (let index = 0; index < lines.length; index += 1) {
+      const message = detectStdoutWrite(file, lines[index]);
+      if (message) {
+        findings.push({
+          file: path.relative(process.cwd(), file).split(path.sep).join('/'),
+          line: index + 1,
+          message
+        });
+      }
+    }
+  }
+  return findings;
+}
+function detectStdoutWrite(file, line) {
+  const ext = path.extname(file);
+  const stripped = line.trim();
+  if (!stripped || stripped.startsWith('//') || stripped.startsWith('#')) return '';
+  if (['.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx'].includes(ext) && /\bconsole\.(log|info)\s*\(/.test(line)) {
+    return 'console.log/info writes to stdout; use console.error for MCP stdio diagnostics';
+  }
+  if (ext === '.py' && /(^|[^\w])print\s*\(/.test(line) && !/file\s*=\s*sys\.stderr/.test(line)) {
+    return 'print() writes to stdout; pass file=sys.stderr for MCP stdio diagnostics';
+  }
+  if (ext === '.go' && /\bfmt\.(Print|Printf|Println)\s*\(/.test(line)) {
+    return 'fmt.Print* writes to stdout; use stderr for MCP stdio diagnostics';
+  }
+  if (ext === '.rs' && /\bprintln!\s*\(/.test(line)) {
+    return 'println! writes to stdout; use eprintln! for MCP stdio diagnostics';
+  }
+  if (['.java', '.kt'].includes(ext) && /System\.out\.print/.test(line)) {
+    return 'System.out writes to stdout; use stderr for MCP stdio diagnostics';
+  }
+  return '';
+}
+function listSourceFiles(root) {
+  const ignored = new Set(['.git', 'node_modules', 'dist', 'build', 'coverage', '.next', '.cache']);
+  const files = [];
+  function walk(dir) {
+    if (!fs.existsSync(dir)) return;
+    for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+      if (ignored.has(entry.name)) continue;
+      const fullPath = path.join(dir, entry.name);
+      if (entry.isDirectory()) {
+        walk(fullPath);
+      } else if (entry.isFile() && /\.(mjs|cjs|js|jsx|ts|tsx|py|go|rs|java|kt)$/.test(entry.name)) {
+        files.push(fullPath);
+      }
+    }
+  }
+  walk(root);
+  return files.sort();
+}
+function formatTextResult(result) {
+  const status = result.ok ? 'PASS' : 'FAIL';
+  const invalidFrames = result.issues.filter((issue) => issue.code.startsWith('stdout-')).length;
+  const stderrLines = result.stderr ? result.stderr.trim().split(/\r?\n/).filter(Boolean).length : 0;
+  const lines = [
+    `${status} MCP stdio guard`,
+    `initialize: ${result.initialized ? 'ok' : 'failed'}`,
+    `frames: ${result.frames.length} stdout / ${invalidFrames} invalid`,
+    `stderr: ${stderrLines} lines`
+  ];
+  if (result.negotiatedProtocol) {
+    lines.push(`protocol: ${result.negotiatedProtocol}`);
+  }
+  if (result.operation) {
+    const state = result.operation.responded ? 'responded' : 'missing';
+    lines.push(`request: ${result.operation.method} ${state}`);
+  }
+  if (result.staticFindings.length) {
+    lines.push(`static findings: ${result.staticFindings.length}`);
+    for (const finding of result.staticFindings.slice(0, 10)) {
+      lines.push(`[warning] ${finding.file}:${finding.line} ${finding.message}`);
+    }
+  }
+  for (const issue of result.issues) {
+    lines.push(`[${issue.severity}] ${issue.code}: ${issue.message}`);
+  }
+  return lines.join('\n');
+}
+function readOptionValue(argv, index, option) {
+  const value = argv[index + 1];
+  if (!value || value.startsWith('--')) {
+    throw new Error(`${option} requires a value`);
+  }
+  return value;
+}
+function parseJsonOption(rawValue, option) {
+  try {
+    return JSON.parse(rawValue);
+  } catch (error) {
+    throw new Error(`${option} must be valid JSON: ${error.message}`);
+  }
+}
+function quote(value) {
+  const singleLine = String(value).replace(/\s+/g, ' ').trim();
+  return JSON.stringify(singleLine.length > 160 ? `${singleLine.slice(0, 157)}...` : singleLine);
+}
+function helpText() {
+  return `mcp-stdio-guard validates MCP stdio servers.
+Usage:
+  mcp-stdio-guard [options] -- <command> [args...]
+Options:
+  --protocol <version>   MCP protocol version, default ${DEFAULT_PROTOCOL}
+  --timeout <ms>         initialize and request timeout, default ${DEFAULT_TIMEOUT}
+  --scan <path>          scan source for risky stdout writes
+  --fail-on-static       fail when --scan finds risky stdout writes
+  --request <method>     send one MCP request after initialize, e.g. tools/list
+  --params <json>        JSON params for --request
+  --json                 print JSON output
+  --cwd <path>           run command from this directory
+  --version, -v          print version
+  --help, -h             show help
+Examples:
+  mcp-stdio-guard -- node ./server.js
+  mcp-stdio-guard --request tools/list -- node ./server.js
+  mcp-stdio-guard --scan src --fail-on-static --request tools/list -- node ./server.js
+`;
+}