mcp-trust 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 mcp-doctor contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,153 @@
+# mcp-doctor (npm: mcp-trust)
+
+**The MCP ecosystem is sick. 60% of npm-published servers fail basic connectivity. 52% are abandoned.** `mcp-doctor` reads the MCP servers installed on your machine, probes each one with the protocol handshake, and tells you which are alive, dead, dangerous, or fake — before they hit production.
+
+```bash
+npx mcp-doctor
+```
+
+```
+mcp-doctor v0.1.0
+Auditing MCP servers installed on this machine
+
+[ALIVE] B github                  [claude]      14 tools, 4 no-arg, 47ms
+        [modelcontextprotocol/servers] 12d ago, 48201★, 1.2M dl/wk
+[DEAD ] F someones-mcp            [cursor]      
+        spawn npx ENOENT
+        → Verify the package is installed globally or use the full path
+[ALIVE] D postgres                [claude]      28 tools, 0 no-arg, 192ms
+        [tylersamples/mcp-postgres] 287d ago, 84★, 210 dl/wk
+        • Last commit was 287 days ago (6+ months)
+        • Only 210 weekly npm downloads (low usage)
+        → Server is likely abandoned
+[ALIVE] F rando-ai-tool           [codex]       3 tools, 3 no-arg, 89ms
+        [github.com/x/x] 422d ago, 2★, 0 dl/wk
+        • 100% of tools take no arguments (3/3)
+        • Repository is archived (no longer maintained)
+        • Last commit was 422 days ago (over a year)
+
+────────────────────────────────────────────────────────────
+Total: 4  Alive: 3  Dead: 1  Other: 0  Avg score: 47/100
+
+Worst offenders:
+  • rando-ai-tool
+  • someones-mcp
+```
+
+## Why this exists
+
+The MCP ecosystem crossed a threshold in 2025–2026 and never looked back. As of April 2026:
+
+- **2,000+ servers** in the official registry, **19,700+** if you count every npm package
+- **52% are abandoned** (no commits in 90+ days, broken builds, unpatched CVEs)
+- **60% of npm-published servers fail the basic `tools/list` handshake** when probed cold
+- **28% of tools exposed are empty-argument stubs** (`list_models`, `ping`) — useless to an agent
+- **9,922 distinct tools** across 359 reachable servers — past the 20–128 tool budget of any single LLM client
+
+Every developer who uses Claude Desktop, Cursor, Codex, or Cline has between 4 and 12 MCP servers running. The median team has six of them in the "dead" or "lightly maintained" tier. They just don't know it yet, because the agent doesn't call the broken path every day.
+
+**`mcp-trust` is the missing trust layer for the MCP ecosystem.** It runs locally, takes 5 seconds, and tells you what is actually alive.
+
+## What it checks
+
+For every server it finds in your config, `mcp-doctor` runs:
+
+1. **Protocol probe** — spawns the server, sends `initialize` and `tools/list`, kills the process if it doesn't respond in 15s
+2. **GitHub health** — last commit date, star count, open issues, archive status
+3. **Security advisories** — pulls active CVEs from the GitHub Advisory Database
+4. **npm health** — weekly download count (low numbers = nobody's using it)
+5. **Tool quality** — flags servers with >50 tools (exceeds LLM client budgets) and >50% empty-arg tools (usually stubs)
+6. **Verdict** — A/B/C/D/F score with specific issues and recommendations
+
+## Install
+
+```bash
+npx mcp-trust
+```
+
+Or install globally:
+
+```bash
+npm install -g mcp-trust
+```
+
+## Usage
+
+```bash
+mcp-doctor                          # audit everything
+mcp-doctor audit --json             # machine-readable output
+mcp-doctor audit --config-only      # list configured servers, don't probe
+mcp-doctor audit --fail-on-dead     # exit 1 if any server is dead (for CI)
+mcp-doctor audit --concurrency 8    # parallelize probes
+```
+
+### Config locations scanned
+
+| Client | File |
+|---|---|
+| Claude Desktop | `%APPDATA%\Claude\claude_desktop_config.json` |
+| Cursor | `%APPDATA%\Cursor\mcp.json` |
+| Codex | `~/.codex/config.toml` |
+| Cline | `~/.cline/mcp.json` |
+
+### CI integration
+
+```yaml
+# .github/workflows/mcp-audit.yml
+name: MCP audit
+on: [pull_request]
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: npx mcp-trust audit --fail-on-dead --json > mcp-report.json
+      - uses: actions/upload-artifact@v4
+        with:
+          name: mcp-audit
+          path: mcp-report.json
+```
+
+### Environment variables
+
+- `GITHUB_TOKEN` — bumps GitHub API rate limit from 60 to 5000 req/h
+
+## Verdict scale
+
+| Score | Verdict | Meaning |
+|---|---|---|
+| 90–100 | A | Healthy, maintained, responsive |
+| 75–89 | B | Good, with minor concerns |
+| 60–74 | C | Usable, but watch for issues |
+| 40–59 | D | Multiple problems, plan a replacement |
+| 0–39 | F | Dead, dangerous, or abandoned — remove it |
+
+## Status types
+
+- `ALIVE` — responded to `initialize` and `tools/list` within timeout
+- `DEAD` — process exited before responding
+- `HANG` — process started but never completed the handshake
+- `AUTH` — server requires credentials to even respond
+- `ARGS` — server expects CLI arguments that are missing
+- `ENV` — server expects an environment variable that isn't set
+- `NOEX` — command not found (not installed globally)
+- `BRKN` — other failure (syntax error, runtime exception)
+
+## Output
+
+A grade A through F, a list of specific issues, and concrete recommendations. Designed to be readable by humans in 5 seconds and parseable by tools via `--json`.
+
+## Limitations
+
+- Only audits servers configured locally. Does not see marketplace servers you haven't installed
+- For `stdio`-based servers only. HTTP/streamable MCP servers are not yet supported
+- Server reputation signals (GitHub stars, downloads) can be gamed. Treat them as one signal among many
+- Network access required for GitHub / npm lookups (the local probe works offline)
+
+## Contributing
+
+PRs welcome. The protocol probe is in `src/prober/spawner.ts`, the scoring rules are in `src/checks/scorer.ts`. Add a new client reader by following the pattern in `src/readers/claude.ts`.
+
+## License
+
+MIT

package/bin/mcp-trust.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import("../dist/index.js");

package/dist/checks/github.d.ts

@@ -0,0 +1,4 @@
+import type { RepoHealth } from "../types.js";
+export declare function parseGitHubRepo(repo: string | undefined): string | null;
+export declare function checkRepoHealth(command: string, args: string[], env: Record<string, string> | undefined, token?: string): Promise<RepoHealth | null>;
+export declare function extractPackageName(command: string, args: string[]): string | null;

package/dist/checks/github.js

@@ -0,0 +1,175 @@
+const GITHUB_API = "https://api.github.com";
+const NPM_API = "https://api.npmjs.org";
+export function parseGitHubRepo(repo) {
+    if (!repo)
+        return null;
+    const cleaned = repo.replace(/^git\+/, "").replace(/\.git$/, "");
+    const match = cleaned.match(/github\.com[/:]([\w.-]+)\/([\w.-]+)/);
+    if (!match)
+        return null;
+    return `${match[1]}/${match[2]}`;
+}
+async function fetchNpmRepo(packageName) {
+    try {
+        const res = await fetch(`${NPM_API}/${encodeURIComponent(packageName)}/latest`, {
+            headers: { Accept: "application/json" },
+        });
+        if (!res.ok)
+            return null;
+        const data = (await res.json());
+        const repo = data.repository;
+        if (typeof repo === "string")
+            return parseGitHubRepo(repo);
+        if (repo && typeof repo === "object")
+            return parseGitHubRepo(repo.url);
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+async function fetchNpmDownloads(packageName) {
+    try {
+        const res = await fetch(`${NPM_API}/downloads/point/last-week/${encodeURIComponent(packageName)}`, {
+            headers: { Accept: "application/json" },
+        });
+        if (!res.ok)
+            return 0;
+        const data = (await res.json());
+        return data.downloads ?? 0;
+    }
+    catch {
+        return 0;
+    }
+}
+async function fetchGitHubRepo(repo, token) {
+    try {
+        const res = await fetch(`${GITHUB_API}/repos/${repo}`, {
+            headers: token ? { Authorization: `Bearer ${token}` } : {},
+        });
+        if (!res.ok)
+            return null;
+        return (await res.json());
+    }
+    catch {
+        return null;
+    }
+}
+async function fetchLastCommit(repo, token) {
+    try {
+        const res = await fetch(`${GITHUB_API}/repos/${repo}/commits?per_page=1`, {
+            headers: token ? { Authorization: `Bearer ${token}` } : {},
+        });
+        if (!res.ok)
+            return null;
+        const data = (await res.json());
+        return data[0] ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+async function fetchAdvisories(repo, token) {
+    try {
+        const res = await fetch(`${GITHUB_API}/advisories?ecosystem=npm&affects=${encodeURIComponent(repo)}`, {
+            headers: token ? { Authorization: `Bearer ${token}` } : {},
+        });
+        if (!res.ok)
+            return [];
+        const data = (await res.json());
+        return data.filter((a) => !a.withdrawn_at);
+    }
+    catch {
+        return [];
+    }
+}
+export async function checkRepoHealth(command, args, env, token) {
+    const packageName = extractPackageName(command, args);
+    if (!packageName)
+        return null;
+    const repo = await fetchNpmRepo(packageName);
+    if (!repo)
+        return null;
+    const [repoInfo, lastCommit, advisories, weeklyDownloads] = await Promise.all([
+        fetchGitHubRepo(repo, token),
+        fetchLastCommit(repo, token),
+        fetchAdvisories(repo, token),
+        fetchNpmDownloads(packageName),
+    ]);
+    if (!repoInfo)
+        return null;
+    const lastCommitDate = lastCommit?.commit?.author?.date ?? repoInfo.pushed_at;
+    const daysAgo = Math.floor((Date.now() - new Date(lastCommitDate).getTime()) / 86_400_000);
+    return {
+        repo,
+        lastCommit: lastCommitDate,
+        lastCommitDaysAgo: daysAgo,
+        stars: repoInfo.stargazers_count,
+        openIssues: repoInfo.open_issues_count,
+        cveCount: advisories.length,
+        weeklyDownloads,
+        contributors: 0,
+        archived: repoInfo.archived,
+        sourceUrl: `https://github.com/${repo}`,
+    };
+}
+export function extractPackageName(command, args) {
+    if (command === "npx" || command.endsWith("/npx") || command.endsWith("\\npx.exe")) {
+        for (let i = 0; i < args.length; i++) {
+            const arg = args[i];
+            if (!arg)
+                continue;
+            if (arg === "-y" || arg === "--yes")
+                continue;
+            if (arg === "-p" || arg === "--package") {
+                return args[i + 1] ?? null;
+            }
+            if (arg.startsWith("@") || arg.startsWith("npm:")) {
+                return arg.replace(/^npm:/, "");
+            }
+            if (arg && !arg.startsWith("-")) {
+                const cleaned = arg.startsWith("npm:") ? arg.slice(4) : arg;
+                const match = cleaned.match(/^(@?[\w./-]+)/);
+                if (match)
+                    return match[1] ?? null;
+            }
+        }
+        return null;
+    }
+    if (command === "uvx" || command === "uv" || command === "pipx" || command === "python" || command === "python3") {
+        for (let i = 0; i < args.length; i++) {
+            const arg = args[i];
+            if (!arg)
+                continue;
+            if (arg === "run" || arg === "tool" || arg === "exec")
+                continue;
+            if (arg === "-m")
+                continue;
+            if (arg && !arg.startsWith("-")) {
+                return arg;
+            }
+        }
+        return null;
+    }
+    if (command === "docker") {
+        for (let i = 0; i < args.length; i++) {
+            const arg = args[i];
+            if (!arg)
+                continue;
+            if (arg === "run")
+                continue;
+            if (arg === "-i" || arg === "--interactive" || arg === "--rm")
+                continue;
+            if (arg === "-e" || arg === "--env") {
+                i++;
+                continue;
+            }
+            if (arg.includes("/")) {
+                return arg.split("/").pop() ?? null;
+            }
+        }
+        return null;
+    }
+    return null;
+}
+//# sourceMappingURL=github.js.map

package/dist/checks/github.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../../src/checks/github.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,GAAG,wBAAwB,CAAC;AAC5C,MAAM,OAAO,GAAG,uBAAuB,CAAC;AAOxC,MAAM,UAAU,eAAe,CAAC,IAAwB;IACtD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACnE,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACnC,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,WAAmB;IAC7C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,IAAI,kBAAkB,CAAC,WAAW,CAAC,SAAS,EAAE;YAC9E,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAgB,CAAC;QAC/C,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,CAAC;QAC7B,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,8BAA8B,kBAAkB,CAAC,WAAW,CAAC,EAAE,EAAE;YACjG,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,CAAC,CAAC;QACtB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA2B,CAAC;QAC1D,OAAO,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAeD,KAAK,UAAU,eAAe,CAAC,IAAY,EAAE,KAAc;IACzD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,UAAU,IAAI,EAAE,EAAE;YACrD,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE;SAC3D,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAe,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAAC,IAAY,EAAE,KAAc;IACzD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,UAAU,IAAI,qBAAqB,EAAE;YACxE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE;SAC3D,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmB,CAAC;QAClD,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AASD,KAAK,UAAU,eAAe,CAAC,IAAY,EAAE,KAAc;IACzD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,UAAU,qCAAqC,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE;YACpG,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE;SAC3D,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,OAAO,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAe,CAAC;QAC9C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,IAAc,EACd,GAAuC,EACvC,KAAc;IAEd,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACtD,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAE9B,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,UAAU,EAAE,eAAe,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC5E,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC;QAC5B,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC;QAC5B,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC;QAC5B,iBAAiB,CAAC,WAAW,CAAC;KAC/B,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,cAAc,GAAG,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,IAAI,QAAQ,CAAC,SAAS,CAAC;IAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,UAAU,CAAC,CAAC;IAE3F,OAAO;QACL,IAAI;QACJ,UAAU,EAAE,cAAc;QAC1B,iBAAiB,EAAE,OAAO;QAC1B,KAAK,EAAE,QAAQ,CAAC,gBAAgB;QAChC,UAAU,EAAE,QAAQ,CAAC,iBAAiB;QACtC,QAAQ,EAAE,UAAU,CAAC,MAAM;QAC3B,eAAe;QACf,YAAY,EAAE,CAAC;QACf,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,sBAAsB,IAAI,EAAE;KACxC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAe,EAAE,IAAc;IAChE,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACnF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,OAAO;gBAAE,SAAS;YAC9C,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;gBACxC,OAAO,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC;YAC7B,CAAC;YACD,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClD,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;YAClC,CAAC;YACD,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;gBAC7C,IAAI,KAAK;oBAAE,OAAO,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QACjH,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IAAI,GAAG,KAAK,KAAK,IAAI,GAAG,KAAK,MAAM,IAAI,GAAG,KAAK,MAAM;gBAAE,SAAS;YAChE,IAAI,GAAG,KAAK,IAAI;gBAAE,SAAS;YAC3B,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChC,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACpB,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IAAI,GAAG,KAAK,KAAK;gBAAE,SAAS;YAC5B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,eAAe,IAAI,GAAG,KAAK,MAAM;gBAAE,SAAS;YACxE,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBACpC,CAAC,EAAE,CAAC;gBACJ,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC;YACtC,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/checks/index.d.ts

@@ -0,0 +1,2 @@
+export { checkRepoHealth } from "./github.js";
+export { scoreServer } from "./scorer.js";

package/dist/checks/index.js

@@ -0,0 +1,3 @@
+export { checkRepoHealth } from "./github.js";
+export { scoreServer } from "./scorer.js";
+//# sourceMappingURL=index.js.map

package/dist/checks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/checks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC"}

package/dist/checks/scorer.d.ts

@@ -0,0 +1,2 @@
+import type { ProbedServer, RepoHealth, ServerReport } from "../types.js";
+export declare function scoreServer(probed: ProbedServer, health: RepoHealth | null): ServerReport;

package/dist/checks/scorer.js

@@ -0,0 +1,109 @@
+export function scoreServer(probed, health) {
+    let score = 100;
+    const issues = [];
+    const recommendations = [];
+    if (probed.status !== "alive") {
+        score -= 80;
+        issues.push(`Server status: ${probed.status}`);
+        if (probed.status === "dead") {
+            issues.push("Process exited before responding to initialize");
+            recommendations.push("Check the install command and try running it manually");
+        }
+        else if (probed.status === "hangs") {
+            issues.push("Server did not respond within 5s");
+            recommendations.push("Server may be waiting on credentials or external network");
+        }
+        else if (probed.status === "install_error") {
+            issues.push("Command not found or not executable");
+            recommendations.push("Verify the package is installed globally or use the full path");
+        }
+        else if (probed.status === "auth_required") {
+            issues.push("Server requires credentials before it will respond");
+            recommendations.push("Set the required API keys in the env section of your MCP config");
+        }
+        else if (probed.status === "needs_args") {
+            issues.push("Server expects CLI arguments that are missing");
+            recommendations.push("Add the required arguments to the args array");
+        }
+        else if (probed.status === "needs_env") {
+            issues.push("Server expects an environment variable that is not set");
+            recommendations.push("Set the required env var in the env section of your MCP config");
+        }
+    }
+    if (probed.status === "alive") {
+        if (probed.emptyArgTools > 0 && probed.toolCount > 0) {
+            const pct = Math.round((probed.emptyArgTools / probed.toolCount) * 100);
+            if (pct > 50) {
+                score -= 10;
+                issues.push(`${pct}% of tools take no arguments (${probed.emptyArgTools}/${probed.toolCount})`);
+                recommendations.push("Tools with no required args are often stubs or discovery probes");
+            }
+            else if (pct > 25) {
+                score -= 5;
+                issues.push(`${pct}% of tools take no arguments`);
+            }
+        }
+        if (probed.toolCount > 50) {
+            score -= 10;
+            issues.push(`Exposes ${probed.toolCount} tools (most LLM clients cap at 20-128)`);
+            recommendations.push("This server will likely exceed your client's tool budget");
+        }
+        else if (probed.toolCount === 0) {
+            score -= 20;
+            issues.push("Server responds but exposes zero tools");
+        }
+    }
+    if (health) {
+        if (health.archived) {
+            score -= 70;
+            issues.push("Repository is archived (no longer maintained)");
+            recommendations.push("Find an actively maintained alternative");
+        }
+        if (health.lastCommitDaysAgo !== null) {
+            if (health.lastCommitDaysAgo > 365) {
+                score -= 30;
+                issues.push(`Last commit was ${health.lastCommitDaysAgo} days ago (over a year)`);
+                recommendations.push("Server is likely abandoned");
+            }
+            else if (health.lastCommitDaysAgo > 180) {
+                score -= 15;
+                issues.push(`Last commit was ${health.lastCommitDaysAgo} days ago (6+ months)`);
+            }
+            else if (health.lastCommitDaysAgo > 90) {
+                score -= 5;
+                issues.push(`Last commit was ${health.lastCommitDaysAgo} days ago`);
+            }
+        }
+        if (health.cveCount > 0) {
+            score -= 25;
+            issues.push(`${health.cveCount} active security advisory${health.cveCount === 1 ? "" : "ies"} on GitHub`);
+            recommendations.push("Review advisories at " + health.sourceUrl + "/security/advisories");
+        }
+        if (health.weeklyDownloads > 0 && health.weeklyDownloads < 100) {
+            score -= 10;
+            issues.push(`Only ${health.weeklyDownloads} weekly npm downloads (low usage)`);
+        }
+        else if (health.weeklyDownloads >= 1_000_000) {
+            score += 5;
+        }
+    }
+    else if (probed.status === "alive") {
+        score -= 5;
+        issues.push("Could not resolve to a GitHub repo for health check");
+    }
+    score = Math.max(0, Math.min(100, score));
+    const verdict = scoreToVerdict(score);
+    return { server: probed, health, verdict, score, issues, recommendations };
+}
+function scoreToVerdict(score) {
+    if (score >= 90)
+        return "A";
+    if (score >= 75)
+        return "B";
+    if (score >= 60)
+        return "C";
+    if (score >= 40)
+        return "D";
+    return "F";
+}
+//# sourceMappingURL=scorer.js.map

package/dist/checks/scorer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scorer.js","sourceRoot":"","sources":["../../src/checks/scorer.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,WAAW,CAAC,MAAoB,EAAE,MAAyB;IACzE,IAAI,KAAK,GAAG,GAAG,CAAC;IAChB,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC9B,KAAK,IAAI,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC,kBAAkB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC9D,eAAe,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;QAChF,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAChD,eAAe,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QACnF,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACnD,eAAe,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;QACxF,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;YAClE,eAAe,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;QAC1F,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAC7D,eAAe,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACvE,CAAC;aAAM,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;YACtE,eAAe,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC9B,IAAI,MAAM,CAAC,aAAa,GAAG,CAAC,IAAI,MAAM,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;YACrD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,GAAG,CAAC,CAAC;YACxE,IAAI,GAAG,GAAG,EAAE,EAAE,CAAC;gBACb,KAAK,IAAI,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,iCAAiC,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;gBAChG,eAAe,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC1F,CAAC;iBAAM,IAAI,GAAG,GAAG,EAAE,EAAE,CAAC;gBACpB,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,8BAA8B,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,GAAG,EAAE,EAAE,CAAC;YAC1B,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,SAAS,yCAAyC,CAAC,CAAC;YAClF,eAAe,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QACnF,CAAC;aAAM,IAAI,MAAM,CAAC,SAAS,KAAK,CAAC,EAAE,CAAC;YAClC,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;YAC7D,eAAe,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,MAAM,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC;gBACnC,KAAK,IAAI,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,iBAAiB,yBAAyB,CAAC,CAAC;gBAClF,eAAe,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;YACrD,CAAC;iBAAM,IAAI,MAAM,CAAC,iBAAiB,GAAG,GAAG,EAAE,CAAC;gBAC1C,KAAK,IAAI,EAAE,CAAC;gBACZ,MAAM,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,iBAAiB,uBAAuB,CAAC,CAAC;YAClF,CAAC;iBAAM,IAAI,MAAM,CAAC,iBAAiB,GAAG,EAAE,EAAE,CAAC;gBACzC,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,iBAAiB,WAAW,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;YACxB,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,4BAA4B,MAAM,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC,CAAC;YAC1G,eAAe,CAAC,IAAI,CAAC,uBAAuB,GAAG,MAAM,CAAC,SAAS,GAAG,sBAAsB,CAAC,CAAC;QAC5F,CAAC;QACD,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,IAAI,MAAM,CAAC,eAAe,GAAG,GAAG,EAAE,CAAC;YAC/D,KAAK,IAAI,EAAE,CAAC;YACZ,MAAM,CAAC,IAAI,CAAC,QAAQ,MAAM,CAAC,eAAe,mCAAmC,CAAC,CAAC;QACjF,CAAC;aAAM,IAAI,MAAM,CAAC,eAAe,IAAI,SAAS,EAAE,CAAC;YAC/C,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QACrC,KAAK,IAAI,CAAC,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;IAEtC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;AAC7E,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5B,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/commands/audit.d.ts

@@ -0,0 +1,9 @@
+import type { ServerReport } from "../types.js";
+export interface AuditOptions {
+    json?: boolean;
+    failOnDead?: boolean;
+    configOnly?: boolean;
+    concurrency?: number;
+    githubToken?: string;
+}
+export declare function runAudit(opts?: AuditOptions): Promise<ServerReport[]>;

package/dist/commands/audit.js

@@ -0,0 +1,53 @@
+import { readAllConfigs } from "../readers/index.js";
+import { probeServer } from "../prober/index.js";
+import { checkRepoHealth, scoreServer } from "../checks/index.js";
+import { renderReport } from "../reporters/index.js";
+export async function runAudit(opts = {}) {
+    const configs = readAllConfigs();
+    if (configs.length === 0 && !opts.json) {
+        renderReport([]);
+        return [];
+    }
+    if (opts.configOnly) {
+        const reports = configs.map((c) => scoreServer({
+            config: c,
+            status: "not_probed",
+            probedAt: Date.now(),
+            durationMs: 0,
+            toolCount: 0,
+            emptyArgTools: 0,
+            toolNames: [],
+        }, null));
+        if (opts.json)
+            console.log(JSON.stringify(reports, null, 2));
+        else
+            renderReport(reports);
+        return reports;
+    }
+    const concurrency = opts.concurrency ?? 4;
+    const token = opts.githubToken ?? process.env.GITHUB_TOKEN;
+    const reports = [];
+    for (let i = 0; i < configs.length; i += concurrency) {
+        const batch = configs.slice(i, i + concurrency);
+        const batchResults = await Promise.all(batch.map(async (cfg) => {
+            const probed = await probeServer(cfg);
+            const health = await checkRepoHealth(cfg.command, cfg.args, cfg.env, token);
+            return scoreServer(probed, health);
+        }));
+        reports.push(...batchResults);
+    }
+    if (opts.json) {
+        console.log(JSON.stringify(reports, null, 2));
+    }
+    else {
+        renderReport(reports);
+    }
+    if (opts.failOnDead) {
+        const hasFailing = reports.some((r) => r.server.status !== "alive" && r.server.status !== "not_probed");
+        if (hasFailing) {
+            process.exitCode = 1;
+        }
+    }
+    return reports;
+}
+//# sourceMappingURL=audit.js.map

package/dist/commands/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAWrD,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAqB,EAAE;IACpD,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACvC,YAAY,CAAC,EAAE,CAAC,CAAC;QACjB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAChC,WAAW,CACT;YACE,MAAM,EAAE,CAAC;YACT,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;YACpB,UAAU,EAAE,CAAC;YACb,SAAS,EAAE,CAAC;YACZ,aAAa,EAAE,CAAC;YAChB,SAAS,EAAE,EAAE;SACd,EACD,IAAI,CACL,CACF,CAAC;QACF,IAAI,IAAI,CAAC,IAAI;YAAE,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;;YACxD,YAAY,CAAC,OAAO,CAAC,CAAC;QAC3B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;IAC3D,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC;QAChD,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CACpC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACtB,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,CAAC;YACtC,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC5E,OAAO,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,CAAC,CAAC,CACH,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;QACpB,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC;QACxG,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/commands/index.d.ts

@@ -0,0 +1,2 @@
+export { runAudit } from "./audit.js";
+export type { AuditOptions } from "./audit.js";

package/dist/commands/index.js

@@ -0,0 +1,2 @@
+export { runAudit } from "./audit.js";
+//# sourceMappingURL=index.js.map

package/dist/commands/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};