mcp-trust 0.1.0 → 0.2.0

package/README.md

@@ -7,7 +7,7 @@ npx mcp-doctor
 ```
 
 ```
-mcp-doctor v0.1.0
+mcp-doctor v0.2.0
 Auditing MCP servers installed on this machine
 
 [ALIVE] B github                  [claude]      14 tools, 4 no-arg, 47ms
@@ -79,6 +79,54 @@ mcp-doctor audit --json             # machine-readable output
 mcp-doctor audit --config-only      # list configured servers, don't probe
 mcp-doctor audit --fail-on-dead     # exit 1 if any server is dead (for CI)
 mcp-doctor audit --concurrency 8    # parallelize probes
+mcp-doctor install @scope/pkg       # verify an npm package, then add it to your config
+mcp-doctor serve                    # run as an MCP server exposing mcp_trust_audit
+```
+
+### `install` — add a server safely
+
+Resolves the package on npm, probes it live, then writes it to your config only if it passes. Refuses to add dead or F-graded servers unless you pass `--yes`. Defaults to Claude Desktop; pass `--client cursor` to target Cursor instead.
+
+```bash
+mcp-trust install @modelcontextprotocol/server-github
+mcp-trust install @modelcontextprotocol/server-github --client cursor
+mcp-trust install @scope/pkg --yes              # add even F-graded packages
+mcp-trust install @scope/pkg --dry-run          # probe + report, don't write
+mcp-trust install @scope/pkg --name my-alias    # override the entry name
+```
+
+If the requested name already exists in your config, the new entry is suffixed (`github-2`, `github-3`, …) instead of overwriting.
+
+### `serve` — use mcp-trust from inside an agent
+
+Runs mcp-trust as a Model Context Protocol server over stdio, exposing a single tool `mcp_trust_audit` that any MCP client (Claude Desktop, Cursor, Cline, your own agent) can call. The tool takes a list of server configurations, spawns each one, performs a real handshake, and returns a structured report.
+
+```jsonc
+// example call from any MCP client
+{
+  "name": "mcp_trust_audit",
+  "arguments": {
+    "servers": {
+      "github":    { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-github"] },
+      "filesystem":{ "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"] }
+    },
+    "noHealth": false,
+    "concurrency": 4
+  }
+}
+```
+
+Add it to your client config the same way you'd add any other MCP server:
+
+```json
+{
+  "mcpServers": {
+    "mcp-trust": {
+      "command": "npx",
+      "args": ["-y", "mcp-trust", "serve"]
+    }
+  }
+}
 ```
 
 ### Config locations scanned

package/dist/commands/index.d.ts

@@ -1,2 +1,5 @@
 export { runAudit } from "./audit.js";
 export type { AuditOptions } from "./audit.js";
+export { runInstall } from "./install.js";
+export type { InstallOptions } from "./install.js";
+export { runServe } from "./serve.js";

package/dist/commands/index.js

@@ -1,2 +1,4 @@
 export { runAudit } from "./audit.js";
+export { runInstall } from "./install.js";
+export { runServe } from "./serve.js";
 //# sourceMappingURL=index.js.map

package/dist/commands/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAEtC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC"}

package/dist/commands/install.d.ts

@@ -0,0 +1,10 @@
+import { type TargetClient } from "../install/writer.js";
+export interface InstallOptions {
+    client?: TargetClient;
+    configPath?: string;
+    yes?: boolean;
+    name?: string;
+    noHealth?: boolean;
+    dryRun?: boolean;
+}
+export declare function runInstall(pkg: string, opts?: InstallOptions): Promise<void>;

package/dist/commands/install.js

@@ -0,0 +1,98 @@
+import pc from "picocolors";
+import { fetchPackument } from "../install/packument.js";
+import { probeServer } from "../prober/index.js";
+import { checkRepoHealth, scoreServer } from "../checks/index.js";
+import { resolveTarget, addServerToConfig, readExistingServers } from "../install/writer.js";
+import { renderReport, summarize } from "../reporters/index.js";
+function prompt(question) {
+    return new Promise((resolve) => {
+        process.stdout.write(question);
+        process.stdin.setEncoding("utf8");
+        process.stdin.once("data", (data) => {
+            const answer = data.toString().trim().toLowerCase();
+            resolve(answer === "" || answer === "y" || answer === "yes");
+        });
+        process.stdin.resume();
+    });
+}
+function deriveNameFromPackage(pkg) {
+    return pkg.replace(/^@[\w.-]+\//, "").replace(/[^a-z0-9-]/gi, "-").toLowerCase();
+}
+export async function runInstall(pkg, opts = {}) {
+    if (!pkg || pkg.startsWith("-")) {
+        console.error(pc.red("error:") + " install requires a package name, e.g. `mcp-trust install @modelcontextprotocol/server-github`");
+        process.exit(2);
+    }
+    let resolved;
+    try {
+        console.log(pc.gray(`Resolving ${pkg} on npm…`));
+        resolved = await fetchPackument(pkg);
+    }
+    catch (err) {
+        console.error(pc.red("error:") + " " + (err instanceof Error ? err.message : String(err)));
+        process.exit(1);
+    }
+    console.log(pc.bold(resolved.name) + pc.gray(` v${resolved.version}`));
+    if (resolved.description)
+        console.log(pc.gray(resolved.description));
+    if (resolved.repoUrl)
+        console.log(pc.gray(resolved.repoUrl));
+    console.log();
+    const desiredName = opts.name ?? deriveNameFromPackage(resolved.name);
+    const target = resolveTarget(opts.client, opts.configPath);
+    const existing = readExistingServers(target.path, target.client);
+    const collision = existing.find((s) => s.name === desiredName);
+    if (collision) {
+        console.log(pc.yellow(`A server named "${desiredName}" already exists in ${target.path}`));
+    }
+    const probeConfig = {
+        name: desiredName,
+        command: resolved.installCommand,
+        args: resolved.installArgs,
+        source: target.client,
+        configPath: target.path,
+    };
+    console.log(pc.bold("Probing server before adding…"));
+    const probed = await probeServer(probeConfig);
+    const token = opts.noHealth ? "" : process.env.GITHUB_TOKEN;
+    const health = opts.noHealth ? null : await checkRepoHealth(resolved.installCommand, resolved.installArgs, undefined, token);
+    const report = scoreServer(probed, health);
+    const reports = [report];
+    console.log();
+    const summary = summarize(reports);
+    renderReport(reports);
+    if (report.server.status !== "alive") {
+        console.log(pc.red(pc.bold("Server did not respond to the MCP handshake. Refusing to add a non-functional server.")));
+        process.exit(1);
+    }
+    if (report.verdict === "F" && !opts.yes) {
+        console.log(pc.yellow("Server scored F. Use --yes to install anyway."));
+        process.exit(1);
+    }
+    if (opts.dryRun) {
+        console.log(pc.gray(`[dry-run] Would add "${desiredName}" to ${target.path}`));
+        return;
+    }
+    if (!opts.yes && process.stdin.isTTY) {
+        const ok = await prompt(`Add "${desiredName}" to ${target.path}? [Y/n] `);
+        if (!ok) {
+            console.log(pc.gray("Cancelled."));
+            return;
+        }
+    }
+    try {
+        const result = addServerToConfig(target.client, target.path, {
+            name: desiredName,
+            command: resolved.installCommand,
+            args: resolved.installArgs,
+        });
+        console.log();
+        console.log(pc.green(pc.bold("Installed.")) + ` Added "${result.finalName}" to ${result.path}`);
+        console.log(pc.gray("Run ") + pc.cyan("mcp-trust audit") + pc.gray(" to verify it's still healthy on next run."));
+    }
+    catch (err) {
+        console.error(pc.red("error:") + " " + (err instanceof Error ? err.message : String(err)));
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=install.js.map

package/dist/commands/install.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install.js","sourceRoot":"","sources":["../../src/commands/install.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,mBAAmB,EAAqB,MAAM,sBAAsB,CAAC;AAChH,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAYhE,SAAS,MAAM,CAAC,QAAgB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC/B,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;YAClC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACpD,OAAO,CAAC,MAAM,KAAK,EAAE,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,KAAK,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;IACzB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAW;IACxC,OAAO,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;AACnF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,GAAW,EAAE,OAAuB,EAAE;IACrE,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,gGAAgG,CAAC,CAAC;QACnI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,QAAQ,CAAC;IACb,IAAI,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,aAAa,GAAG,UAAU,CAAC,CAAC,CAAC;QACjD,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,KAAK,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACvE,IAAI,QAAQ,CAAC,WAAW;QAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;IACrE,IAAI,QAAQ,CAAC,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,IAAI,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;IAE/D,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,mBAAmB,WAAW,uBAAuB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,WAAW,GAAiB;QAChC,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,QAAQ,CAAC,cAAc;QAChC,IAAI,EAAE,QAAQ,CAAC,WAAW;QAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,IAAI;KACxB,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAC5D,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,eAAe,CAAC,QAAQ,CAAC,cAAc,EAAE,QAAQ,CAAC,WAAW,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;IAC7H,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,CAAC;IAEzB,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACnC,YAAY,CAAC,OAAO,CAAC,CAAC;IAEtB,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,uFAAuF,CAAC,CAAC,CAAC,CAAC;QACtH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,wBAAwB,WAAW,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/E,OAAO;IACT,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACrC,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,QAAQ,WAAW,QAAQ,MAAM,CAAC,IAAI,UAAU,CAAC,CAAC;QAC1E,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;YAC3D,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,QAAQ,CAAC,cAAc;YAChC,IAAI,EAAE,QAAQ,CAAC,WAAW;SAC3B,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,WAAW,MAAM,CAAC,SAAS,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAChG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC,CAAC;IACpH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC3F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/serve.d.ts

@@ -0,0 +1 @@
+export declare function runServe(): Promise<void>;

package/dist/commands/serve.js

@@ -0,0 +1,195 @@
+import * as readline from "node:readline";
+import { probeServer } from "../prober/index.js";
+import { checkRepoHealth, scoreServer } from "../checks/index.js";
+const VERSION = "0.2.0";
+const PROTOCOL_VERSION = "2024-11-05";
+function send(id, payload) {
+    const msg = id !== undefined ? { jsonrpc: "2.0", id, ...payload } : { jsonrpc: "2.0", ...payload };
+    process.stdout.write(JSON.stringify(msg) + "\n");
+}
+function sendResponse(id, result) {
+    send(id, { result });
+}
+function sendError(id, code, message, data) {
+    send(id, { error: { code, message, data } });
+}
+function toolResult(text, isError = false) {
+    return { content: [{ type: "text", text }], isError };
+}
+function formatReportForAgent(reports) {
+    if (reports.length === 0) {
+        return "No servers were provided to audit.";
+    }
+    const lines = [];
+    lines.push(`mcp-trust audit: ${reports.length} server${reports.length === 1 ? "" : "s"} audited`);
+    lines.push("");
+    for (const r of reports) {
+        const icon = r.server.status === "alive" ? "ALIVE" : r.server.status.toUpperCase();
+        lines.push(`## ${r.server.config.name}`);
+        lines.push(`  status:   ${icon}`);
+        lines.push(`  verdict:  ${r.verdict} (score ${r.score})`);
+        lines.push(`  source:   ${r.server.config.source} (${r.server.config.command})`);
+        lines.push(`  duration: ${r.server.durationMs}ms`);
+        if (r.server.toolCount > 0) {
+            lines.push(`  tools:    ${r.server.toolCount} (${r.server.emptyArgTools} require args)`);
+        }
+        if (r.server.errorMessage) {
+            lines.push(`  error:    ${r.server.errorMessage}`);
+        }
+        if (r.health) {
+            const age = r.health.lastCommitDaysAgo ?? "?";
+            lines.push(`  repo:     ${r.health.repo} | ${r.health.stars} stars | last commit ${age}d ago | ${r.health.weeklyDownloads} weekly downloads`);
+            if (r.health.archived)
+                lines.push("  archived: yes");
+            if (r.health.cveCount > 0)
+                lines.push(`  cves:     ${r.health.cveCount}`);
+        }
+        else if (r.server.status === "alive") {
+            lines.push("  repo:     (health lookup skipped or unavailable)");
+        }
+        if (r.issues.length > 0) {
+            lines.push("  issues:");
+            for (const i of r.issues)
+                lines.push(`    - ${i}`);
+        }
+        if (r.recommendations.length > 0) {
+            lines.push("  recommendations:");
+            for (const rec of r.recommendations)
+                lines.push(`    - ${rec}`);
+        }
+        lines.push("");
+    }
+    const alive = reports.filter((r) => r.server.status === "alive").length;
+    const failing = reports.length - alive;
+    const avg = Math.round(reports.reduce((s, r) => s + r.score, 0) / reports.length);
+    lines.push(`summary: ${alive} alive, ${failing} failing, avg score ${avg}`);
+    return lines.join("\n");
+}
+function buildServers(input) {
+    const out = [];
+    for (const [name, def] of Object.entries(input.servers ?? {})) {
+        if (!def || typeof def !== "object" || typeof def.command !== "string")
+            continue;
+        out.push({
+            name,
+            command: def.command,
+            args: Array.isArray(def.args) ? def.args.map(String) : [],
+            env: def.env && typeof def.env === "object" ? Object.fromEntries(Object.entries(def.env).map(([k, v]) => [k, String(v)])) : undefined,
+            source: "manual",
+            configPath: "<mcp-tool-call>",
+        });
+    }
+    return out;
+}
+async function runAuditTool(input) {
+    const servers = buildServers(input);
+    if (servers.length === 0)
+        return [];
+    const concurrency = Math.max(1, Math.min(input.concurrency ?? 4, 16));
+    const token = process.env.GITHUB_TOKEN;
+    const reports = [];
+    for (let i = 0; i < servers.length; i += concurrency) {
+        const batch = servers.slice(i, i + concurrency);
+        const results = await Promise.all(batch.map(async (cfg) => {
+            const probed = await probeServer(cfg);
+            const health = input.noHealth ? null : await checkRepoHealth(cfg.command, cfg.args, cfg.env, token);
+            return scoreServer(probed, health);
+        }));
+        reports.push(...results);
+    }
+    return reports;
+}
+const AUDIT_TOOL = {
+    name: "mcp_trust_audit",
+    description: "Audit a set of MCP server configurations. Spawns each server, performs a real MCP JSON-RPC initialize + tools/list handshake, then scores it A-F based on health, recency, tool surface, and known CVEs. Returns a structured report with issues and recommendations for each server.",
+    inputSchema: {
+        type: "object",
+        properties: {
+            servers: {
+                type: "object",
+                description: "Map of server name to { command, args?, env? }. Each will be spawned and probed.",
+                additionalProperties: {
+                    type: "object",
+                    properties: {
+                        command: { type: "string", description: "Executable to run (e.g. 'npx', 'node', 'python')." },
+                        args: { type: "array", items: { type: "string" }, description: "Arguments to pass." },
+                        env: { type: "object", additionalProperties: { type: "string" }, description: "Environment variables." },
+                    },
+                    required: ["command"],
+                },
+            },
+            noHealth: { type: "boolean", description: "Skip GitHub/npm repo health lookups (faster)." },
+            concurrency: { type: "number", description: "Max servers to probe in parallel (default 4, max 16)." },
+        },
+        required: ["servers"],
+    },
+};
+function handleInitialize(id) {
+    sendResponse(id, {
+        protocolVersion: PROTOCOL_VERSION,
+        capabilities: { tools: {} },
+        serverInfo: { name: "mcp-trust", version: VERSION },
+    });
+}
+function handleToolsList(id) {
+    sendResponse(id, { tools: [AUDIT_TOOL] });
+}
+async function handleToolsCall(id, params) {
+    if (!params || params.name !== "mcp_trust_audit") {
+        sendError(id, -32602, `Unknown tool: ${params?.name ?? "<none>"}`);
+        return;
+    }
+    const args = (params.arguments ?? {});
+    if (!args.servers || typeof args.servers !== "object") {
+        sendResponse(id, toolResult("Error: 'servers' must be an object mapping name -> {command, args?, env?}", true));
+        return;
+    }
+    try {
+        const reports = await runAuditTool(args);
+        const text = formatReportForAgent(reports);
+        sendResponse(id, toolResult(text, false));
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        sendResponse(id, toolResult(`Audit failed: ${msg}`, true));
+    }
+}
+export async function runServe() {
+    const rl = readline.createInterface({ input: process.stdin, crlfDelay: Infinity, terminal: false });
+    rl.on("line", (line) => {
+        const trimmed = line.trim();
+        if (!trimmed)
+            return;
+        let msg;
+        try {
+            msg = JSON.parse(trimmed);
+        }
+        catch {
+            sendError(undefined, -32700, "Parse error");
+            return;
+        }
+        const { id, method, params } = msg;
+        if (method === "initialize") {
+            handleInitialize(id ?? 0);
+        }
+        else if (method === "tools/list") {
+            handleToolsList(id ?? 0);
+        }
+        else if (method === "tools/call") {
+            void handleToolsCall(id ?? 0, params);
+        }
+        else if (method && method.startsWith("notifications/")) {
+            // no response for notifications
+        }
+        else if (method === "ping") {
+            sendResponse(id ?? 0, {});
+        }
+        else if (id !== undefined) {
+            sendError(id, -32601, `Method not found: ${method}`);
+        }
+    });
+    rl.on("close", () => {
+        process.exit(0);
+    });
+}
+//# sourceMappingURL=serve.js.map

package/dist/commands/serve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../src/commands/serve.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGlE,MAAM,OAAO,GAAG,OAAO,CAAC;AACxB,MAAM,gBAAgB,GAAG,YAAY,CAAC;AAQtC,SAAS,IAAI,CAAC,EAAsB,EAAE,OAAe;IACnD,MAAM,GAAG,GAAG,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC;IACnG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,SAAS,YAAY,CAAC,EAAU,EAAE,MAAe;IAC/C,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,SAAS,CAAC,EAAsB,EAAE,IAAY,EAAE,OAAe,EAAE,IAAc;IACtF,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,UAAU,CAAC,IAAY,EAAE,OAAO,GAAG,KAAK;IAC/C,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC;AACxD,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAuB;IACnD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,OAAO,CAAC,MAAM,UAAU,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC;IAClG,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QACnF,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,OAAO,WAAW,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC;QAC1D,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,CAAC;QACjF,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,CAAC,MAAM,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,gBAAgB,CAAC,CAAC;QAC3F,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC1B,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,iBAAiB,IAAI,GAAG,CAAC;YAC9C,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,wBAAwB,GAAG,WAAW,CAAC,CAAC,MAAM,CAAC,eAAe,mBAAmB,CAAC,CAAC;YAC9I,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACrD,IAAI,CAAC,CAAC,MAAM,CAAC,QAAQ,GAAG,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC5E,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACxB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM;gBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACjC,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,eAAe;gBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACjB,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,GAAG,KAAK,CAAC;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClF,KAAK,CAAC,IAAI,CAAC,YAAY,KAAK,WAAW,OAAO,uBAAuB,GAAG,EAAE,CAAC,CAAC;IAE5E,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,YAAY,CAAC,KAAqB;IACzC,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9D,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;YAAE,SAAS;QACjF,GAAG,CAAC,IAAI,CAAC;YACP,IAAI;YACJ,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;YACzD,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;YACrI,MAAM,EAAE,QAAQ;YAChB,UAAU,EAAE,iBAAiB;SAC9B,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAqB;IAC/C,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACpC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IACvC,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAChD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACpG,OAAO,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CACH,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,GAAG;IACjB,IAAI,EAAE,iBAAiB;IACvB,WAAW,EACT,uRAAuR;IACzR,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,kFAAkF;gBAC/F,oBAAoB,EAAE;oBACpB,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mDAAmD,EAAE;wBAC7F,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,oBAAoB,EAAE;wBACrF,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,WAAW,EAAE,wBAAwB,EAAE;qBACzG;oBACD,QAAQ,EAAE,CAAC,SAAS,CAAC;iBACtB;aACF;YACD,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,+CAA+C,EAAE;YAC3F,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uDAAuD,EAAE;SACtG;QACD,QAAQ,EAAE,CAAC,SAAS,CAAC;KACtB;CACF,CAAC;AAEF,SAAS,gBAAgB,CAAC,EAAU;IAClC,YAAY,CAAC,EAAE,EAAE;QACf,eAAe,EAAE,gBAAgB;QACjC,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;QAC3B,UAAU,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,EAAE;KACpD,CAAC,CAAC;AACL,CAAC;AAED,SAAS,eAAe,CAAC,EAAU;IACjC,YAAY,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,EAAU,EAAE,MAA0D;IACnG,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,iBAAiB,EAAE,CAAC;QACjD,SAAS,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,iBAAiB,MAAM,EAAE,IAAI,IAAI,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,CAAmB,CAAC;IACxD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACtD,YAAY,CAAC,EAAE,EAAE,UAAU,CAAC,2EAA2E,EAAE,IAAI,CAAC,CAAC,CAAC;QAChH,OAAO;IACT,CAAC;IACD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;QAC3C,YAAY,CAAC,EAAE,EAAE,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,YAAY,CAAC,EAAE,EAAE,UAAU,CAAC,iBAAiB,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IACpG,EAAE,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,IAAI,GAAuD,CAAC;QAC5D,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,SAAS,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QACD,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC;QACnC,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YAC5B,gBAAgB,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAC5B,CAAC;aAAM,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YACnC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,MAAM,KAAK,YAAY,EAAE,CAAC;YACnC,KAAK,eAAe,CAAC,EAAE,IAAI,CAAC,EAAE,MAAgD,CAAC,CAAC;QAClF,CAAC;aAAM,IAAI,MAAM,IAAI,MAAM,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACzD,gCAAgC;QAClC,CAAC;aAAM,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC7B,YAAY,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5B,CAAC;aAAM,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;YAC5B,SAAS,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,qBAAqB,MAAM,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAClB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/index.js

@@ -1,7 +1,8 @@
 #!/usr/bin/env node
 import pc from "picocolors";
 import { runAudit } from "./commands/index.js";
-const HELP = `${pc.bold("mcp-trust")} ${pc.gray("v0.1.0")}
+import { runInstall } from "./commands/install.js";
+const HELP = `${pc.bold("mcp-trust")} ${pc.gray("v0.2.0")}
 
 Audit the MCP servers installed on your machine. Detects dead, dangerous,
 or fake servers before they hit production.
@@ -11,6 +12,8 @@ ${pc.bold("Usage:")}
 
 ${pc.bold("Commands:")}
   audit      Probe all configured MCP servers and report health (default)
+  install    Verify an npm package is a healthy MCP server, then add it to your config
+  serve      Run as an MCP server so other agents can call mcp_trust_audit
   version    Print version
   help       Show this message
 
@@ -25,12 +28,14 @@ ${pc.bold("Examples:")}
   mcp-trust
   mcp-trust audit --json
   mcp-trust audit --fail-on-dead
-  mcp-trust audit --concurrency 1
+  mcp-trust install @modelcontextprotocol/server-github
+  mcp-trust serve
 `;
 function parseArgs(argv) {
     const args = argv.slice(2);
     let command = "audit";
     const options = {};
+    const positional = [];
     for (let i = 0; i < args.length; i++) {
         const arg = args[i];
         if (arg === "help" || arg === "--help" || arg === "-h") {
@@ -39,8 +44,8 @@ function parseArgs(argv) {
         else if (arg === "version" || arg === "--version" || arg === "-v") {
             command = "version";
         }
-        else if (arg === "audit") {
-            command = "audit";
+        else if (arg === "audit" || arg === "install" || arg === "serve") {
+            command = arg;
         }
         else if (arg === "--json") {
             options.json = true;
@@ -52,7 +57,30 @@ function parseArgs(argv) {
             options.failOnDead = true;
         }
         else if (arg === "--no-health") {
-            options.githubToken = ""; // signal to skip
+            options.noHealth = true;
+            options.githubToken = "";
+        }
+        else if (arg === "--yes" || arg === "-y") {
+            options.yes = true;
+        }
+        else if (arg === "--dry-run") {
+            options.dryRun = true;
+        }
+        else if (arg === "--client") {
+            const next = args[++i];
+            if (next === "claude" || next === "cursor" || next === "codex") {
+                options.client = next;
+            }
+            else {
+                console.error(pc.red("error:") + " --client must be one of: claude, cursor, codex");
+                process.exit(2);
+            }
+        }
+        else if (arg === "--config-path" || arg === "--config") {
+            options.configPath = args[++i];
+        }
+        else if (arg === "--name") {
+            options.name = args[++i];
         }
         else if (arg === "--concurrency") {
             const next = args[++i];
@@ -63,28 +91,50 @@ function parseArgs(argv) {
             }
             options.concurrency = n;
         }
-        else {
+        else if (arg?.startsWith("-")) {
             console.error(pc.red("error:") + " unknown argument: " + arg);
             console.error("Run " + pc.cyan("mcp-trust help") + " for usage");
             process.exit(2);
         }
+        else if (arg) {
+            positional.push(arg);
+        }
     }
-    return { command, options };
+    return { command, options, positional };
 }
 async function main() {
-    const { command, options } = parseArgs(process.argv);
+    const { command, options, positional } = parseArgs(process.argv);
     if (command === "help") {
         console.log(HELP);
         return;
     }
     if (command === "version") {
-        console.log("mcp-trust v0.1.0");
+        console.log("mcp-trust v0.2.0");
         return;
     }
     if (command === "audit") {
         await runAudit(options);
         return;
     }
+    if (command === "install") {
+        if (positional.length === 0) {
+            console.error(pc.red("error:") + " install requires a package name");
+            console.error("  e.g. mcp-trust install @modelcontextprotocol/server-github");
+            process.exit(2);
+        }
+        const pkg = positional[0];
+        if (!pkg) {
+            console.error(pc.red("error:") + " install requires a package name");
+            process.exit(2);
+        }
+        await runInstall(pkg, options);
+        return;
+    }
+    if (command === "serve") {
+        const { runServe } = await import("./commands/serve.js");
+        await runServe();
+        return;
+    }
 }
 main().catch((err) => {
     console.error(pc.red("fatal:") + " " + (err instanceof Error ? err.message : String(err)));

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAqB,MAAM,qBAAqB,CAAC;AAElE,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;;;;;EAKvD,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;;;EAGjB,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;;;;;EAKpB,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;;;;;;;EAOnB,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;;;;;CAKrB,CAAC;AAEF,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,OAAO,GAAG,OAAO,CAAC;IACtB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACvD,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACpE,OAAO,GAAG,SAAS,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YAC3B,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;aAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YACnC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;YACpC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YACjC,OAAO,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,iBAAiB;QAC7C,CAAC;aAAM,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,4CAA4C,CAAC,CAAC;gBAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,qBAAqB,GAAG,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,YAAY,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAErD,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO;IACT,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3F,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAqB,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,UAAU,EAAuB,MAAM,uBAAuB,CAAC;AAExE,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;;;;;EAKvD,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;;;EAGjB,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;;;;;;;EAOpB,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;;;;;;;EAOnB,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;;;;;;CAMrB,CAAC;AAEF,SAAS,SAAS,CAAC,IAAc;IAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,OAAO,GAAG,OAAO,CAAC;IACtB,MAAM,OAAO,GAA6F,EAAE,CAAC;IAC7G,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACvD,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;aAAM,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,WAAW,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACpE,OAAO,GAAG,SAAS,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;YACnE,OAAO,GAAG,GAAG,CAAC;QAChB,CAAC;aAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QACtB,CAAC;aAAM,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YACnC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;YACpC,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,CAAC;aAAM,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;YACxB,OAAO,CAAC,WAAW,GAAG,EAAE,CAAC;QAC3B,CAAC;aAAM,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;QACrB,CAAC;aAAM,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YAC/B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;QACxB,CAAC;aAAM,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvB,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;gBAC/D,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,iDAAiD,CAAC,CAAC;gBACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;aAAM,IAAI,GAAG,KAAK,eAAe,IAAI,GAAG,KAAK,UAAU,EAAE,CAAC;YACzD,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACjC,CAAC;aAAM,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3B,CAAC;aAAM,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAC1C,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,4CAA4C,CAAC,CAAC;gBAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YACD,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC;QAC1B,CAAC;aAAM,IAAI,GAAG,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,qBAAqB,GAAG,GAAG,CAAC,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,YAAY,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;aAAM,IAAI,GAAG,EAAE,CAAC;YACf,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;AAC1C,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjE,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAChC,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,kCAAkC,CAAC,CAAC;YACrE,OAAO,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;YAC9E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,kCAAkC,CAAC,CAAC;YACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/B,OAAO;IACT,CAAC;IACD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACzD,MAAM,QAAQ,EAAE,CAAC;QACjB,OAAO;IACT,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3F,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACjC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/install/packument.d.ts

@@ -0,0 +1,23 @@
+interface NpmPackument {
+    name: string;
+    version: string;
+    description?: string;
+    bin?: Record<string, string> | string;
+    main?: string;
+    dependencies?: Record<string, string>;
+    repository?: {
+        url?: string;
+    } | string;
+    mcpName?: string;
+}
+export interface ResolvedPackage {
+    name: string;
+    version: string;
+    description: string;
+    installCommand: string;
+    installArgs: string[];
+    repoUrl: string | null;
+}
+export declare function fetchPackument(pkg: string): Promise<ResolvedPackage>;
+export declare function resolveFromPackument(data: NpmPackument): ResolvedPackage;
+export {};

package/dist/install/packument.js

@@ -0,0 +1,48 @@
+const NPM_REGISTRY = "https://registry.npmjs.org";
+export async function fetchPackument(pkg) {
+    const cleanName = pkg.replace(/^npm:/, "").trim();
+    const url = `${NPM_REGISTRY}/${encodeURIComponent(cleanName).replace(/^%40/, "@")}/latest`;
+    const res = await fetch(url, { headers: { Accept: "application/json" } });
+    if (!res.ok) {
+        if (res.status === 404) {
+            throw new Error(`Package "${cleanName}" not found on npm`);
+        }
+        throw new Error(`npm registry returned ${res.status} for ${cleanName}`);
+    }
+    const data = (await res.json());
+    return resolveFromPackument(data);
+}
+export function resolveFromPackument(data) {
+    const installCommand = "npx";
+    const installArgs = ["-y", data.name];
+    let repoUrl = null;
+    if (typeof data.repository === "string") {
+        repoUrl = data.repository;
+    }
+    else if (data.repository?.url) {
+        repoUrl = data.repository.url;
+    }
+    if (repoUrl) {
+        repoUrl = repoUrl
+            .replace(/^git\+/, "")
+            .replace(/\.git$/, "")
+            .replace(/^git:/, "https:")
+            .replace(/^ssh:\/\/git@/, "https://");
+        const match = repoUrl.match(/github\.com[/:]([\w.-]+)\/([\w.-]+)/);
+        if (match) {
+            repoUrl = `https://github.com/${match[1]}/${match[2]}`;
+        }
+        else {
+            repoUrl = null;
+        }
+    }
+    return {
+        name: data.name,
+        version: data.version,
+        description: data.description ?? "",
+        installCommand,
+        installArgs,
+        repoUrl,
+    };
+}
+//# sourceMappingURL=packument.js.map

package/dist/install/packument.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"packument.js","sourceRoot":"","sources":["../../src/install/packument.ts"],"names":[],"mappings":"AAWA,MAAM,YAAY,GAAG,4BAA4B,CAAC;AAWlD,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAW;IAC9C,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClD,MAAM,GAAG,GAAG,GAAG,YAAY,IAAI,kBAAkB,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,SAAS,CAAC;IAC3F,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAC;IAC1E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,YAAY,SAAS,oBAAoB,CAAC,CAAC;QAC7D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,QAAQ,SAAS,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAiB,CAAC;IAChD,OAAO,oBAAoB,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAkB;IACrD,MAAM,cAAc,GAAG,KAAK,CAAC;IAC7B,MAAM,WAAW,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAEtC,IAAI,OAAO,GAAkB,IAAI,CAAC;IAClC,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC;IAC5B,CAAC;SAAM,IAAI,IAAI,CAAC,UAAU,EAAE,GAAG,EAAE,CAAC;QAChC,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;IAChC,CAAC;IACD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,GAAG,OAAO;aACd,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;aACrB,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;aACrB,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC;aAC1B,OAAO,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACxC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACnE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,GAAG,sBAAsB,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO;QACL,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;QACnC,cAAc;QACd,WAAW;QACX,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/install/writer.d.ts

@@ -0,0 +1,17 @@
+import type { ServerConfig } from "../types.js";
+export type TargetClient = "claude" | "cursor" | "codex";
+export declare function addServerToConfig(client: TargetClient, configPath: string, server: {
+    name: string;
+    command: string;
+    args: string[];
+    env?: Record<string, string>;
+}): {
+    path: string;
+    finalName: string;
+    written: boolean;
+};
+export declare function resolveTarget(client: TargetClient | undefined, explicitPath: string | undefined): {
+    client: TargetClient;
+    path: string;
+};
+export declare function readExistingServers(configPath: string, client: TargetClient): ServerConfig[];

package/dist/install/writer.js

@@ -0,0 +1,101 @@
+import { existsSync, readFileSync, writeFileSync, renameSync } from "node:fs";
+import { dirname } from "node:path";
+import { homedir, platform } from "node:os";
+import { join } from "node:path";
+function defaultConfigPath(client) {
+    const home = homedir();
+    const win = platform() === "win32";
+    if (client === "claude") {
+        if (win) {
+            return join(process.env.APPDATA ?? join(home, "AppData", "Roaming"), "Claude", "claude_desktop_config.json");
+        }
+        if (platform() === "darwin") {
+            return join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json");
+        }
+        return join(process.env.XDG_CONFIG_HOME ?? join(home, ".config"), "Claude", "claude_desktop_config.json");
+    }
+    if (client === "cursor") {
+        if (win)
+            return join(process.env.APPDATA ?? join(home, "AppData", "Roaming"), "Cursor", "mcp.json");
+        if (platform() === "darwin")
+            return join(home, "Library", "Application Support", "Cursor", "mcp.json");
+        return join(process.env.XDG_CONFIG_HOME ?? join(home, ".config"), "Cursor", "mcp.json");
+    }
+    return join(home, ".codex", "config.toml");
+}
+export function addServerToConfig(client, configPath, server) {
+    if (client === "codex") {
+        throw new Error("Adding to Codex TOML config is not yet supported");
+    }
+    let parsed = {};
+    if (existsSync(configPath)) {
+        try {
+            const raw = readFileSync(configPath, "utf8");
+            parsed = JSON.parse(raw);
+        }
+        catch (err) {
+            throw new Error(`Failed to read existing config at ${configPath}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    const servers = parsed.mcpServers ?? {};
+    const finalName = ensureUniqueName(servers, server.name);
+    servers[finalName] = {
+        command: server.command,
+        args: server.args,
+        env: server.env,
+    };
+    parsed.mcpServers = servers;
+    const dir = dirname(configPath);
+    if (!existsSync(dir)) {
+        throw new Error(`Config directory does not exist: ${dir}`);
+    }
+    const tmpPath = `${configPath}.tmp-${process.pid}-${Date.now()}`;
+    try {
+        writeFileSync(tmpPath, JSON.stringify(parsed, null, 2) + "\n", "utf8");
+        renameSync(tmpPath, configPath);
+    }
+    catch (err) {
+        throw new Error(`Failed to write config at ${configPath}: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    return { path: configPath, finalName, written: true };
+}
+function ensureUniqueName(existing, desired) {
+    if (!(desired in existing))
+        return desired;
+    let i = 2;
+    while (`${desired}-${i}` in existing)
+        i++;
+    return `${desired}-${i}`;
+}
+export function resolveTarget(client, explicitPath) {
+    if (explicitPath) {
+        const resolvedClient = client ?? "claude";
+        return { client: resolvedClient, path: explicitPath };
+    }
+    if (!client)
+        return { client: "claude", path: defaultConfigPath("claude") };
+    return { client, path: defaultConfigPath(client) };
+}
+export function readExistingServers(configPath, client) {
+    if (!existsSync(configPath))
+        return [];
+    if (client === "codex")
+        return [];
+    try {
+        const raw = readFileSync(configPath, "utf8");
+        const parsed = JSON.parse(raw);
+        const servers = parsed.mcpServers ?? {};
+        return Object.entries(servers).map(([name, cfg]) => ({
+            name,
+            command: cfg.command,
+            args: cfg.args ?? [],
+            env: cfg.env,
+            source: client,
+            configPath,
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=writer.js.map

package/dist/install/writer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"writer.js","sourceRoot":"","sources":["../../src/install/writer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAYjC,SAAS,iBAAiB,CAAC,MAAoB;IAC7C,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,QAAQ,EAAE,KAAK,OAAO,CAAC;IACnC,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,QAAQ,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;IAC5G,CAAC;IACD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,IAAI,GAAG;YAAE,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpG,IAAI,QAAQ,EAAE,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACvG,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,MAAoB,EACpB,UAAkB,EAClB,MAAuF;IAEvF,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,MAAM,GAA4B,EAAE,CAAC;IACzC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAC7C,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAe,CAAC;QACzC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,qCAAqC,UAAU,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1H,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAEzD,OAAO,CAAC,SAAS,CAAC,GAAG;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,GAAG,EAAE,MAAM,CAAC,GAAG;KAChB,CAAC;IACF,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC;IAE5B,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,UAAU,QAAQ,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IACjE,IAAI,CAAC;QACH,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;QACvE,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,UAAU,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AACxD,CAAC;AAED,SAAS,gBAAgB,CACvB,QAAiC,EACjC,OAAe;IAEf,IAAI,CAAC,CAAC,OAAO,IAAI,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAC3C,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,GAAG,OAAO,IAAI,CAAC,EAAE,IAAI,QAAQ;QAAE,CAAC,EAAE,CAAC;IAC1C,OAAO,GAAG,OAAO,IAAI,CAAC,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,MAAgC,EAChC,YAAgC;IAEhC,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,cAAc,GAAG,MAAM,IAAI,QAAQ,CAAC;QAC1C,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;IAC5E,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,UAAkB,EAAE,MAAoB;IAC1E,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IACvC,IAAI,MAAM,KAAK,OAAO;QAAE,OAAO,EAAE,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA4B,CAAC;QAC1D,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;QACxC,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,IAAI;YACJ,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE;YACpB,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,MAAM,EAAE,MAAM;YACd,UAAU;SACX,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/prober/spawner.js

@@ -89,7 +89,7 @@ export async function probeServer(config) {
         send(child, 1, "initialize", {
             protocolVersion: PROTOCOL_VERSION,
             capabilities: {},
-            clientInfo: { name: "mcp-doctor", version: "0.1.0" },
+            clientInfo: { name: "mcp-doctor", version: "0.2.0" },
         });
     });
     if (initResponse === "hang") {

package/dist/reporters/terminal.js

@@ -25,7 +25,7 @@ function shortStatus(status) {
 }
 export function renderReport(reports) {
     console.log();
-    console.log(pc.bold(pc.magenta("mcp-trust")) + pc.gray(" v0.1.0"));
+    console.log(pc.bold(pc.magenta("mcp-trust")) + pc.gray(" v0.2.0"));
     console.log(pc.gray("Auditing MCP servers installed on this machine"));
     console.log();
     if (reports.length === 0) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-trust",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Audit the MCP servers installed on your machine. Detect dead, dangerous, or fake servers before they hit production.",
   "type": "module",
   "bin": "bin/mcp-trust.js",