mcp-trust 0.1.0

package/dist/readers/cursor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cursor.js","sourceRoot":"","sources":["../../src/readers/cursor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAO5C,SAAS,iBAAiB;IACxB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,IAAI,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO;YACL,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC;YACnF,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC;SAClC,CAAC;IACJ,CAAC;IACD,IAAI,QAAQ,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO;YACL,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAU,CAAC;YAClE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC;SAClC,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,MAAM,GAAG,GAAmB,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,EAAE,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QAChC,IAAI,GAAW,CAAC;QAChB,IAAI,CAAC;YACH,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,MAAoB,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,IAAI,CAAC;gBACP,IAAI;gBACJ,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE;gBACpB,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,MAAM,EAAE,QAAQ;gBAChB,UAAU,EAAE,IAAI;aACjB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/readers/index.d.ts

@@ -0,0 +1,2 @@
+import type { ServerConfig } from "../types.js";
+export declare function readAllConfigs(): ServerConfig[];

package/dist/readers/index.js

@@ -0,0 +1,18 @@
+import { readClaudeDesktop } from "./claude.js";
+import { readCursor } from "./cursor.js";
+import { readCodex } from "./codex.js";
+import { readCline } from "./cline.js";
+export function readAllConfigs() {
+    const all = [...readClaudeDesktop(), ...readCursor(), ...readCodex(), ...readCline()];
+    const seen = new Set();
+    const unique = [];
+    for (const s of all) {
+        const key = `${s.source}:${s.name}:${s.command}:${s.args.join(" ")}`;
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        unique.push(s);
+    }
+    return unique;
+}
+//# sourceMappingURL=index.js.map

package/dist/readers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/readers/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAEvC,MAAM,UAAU,cAAc;IAC5B,MAAM,GAAG,GAAmB,CAAC,GAAG,iBAAiB,EAAE,EAAE,GAAG,UAAU,EAAE,EAAE,GAAG,SAAS,EAAE,EAAE,GAAG,SAAS,EAAE,CAAC,CAAC;IACtG,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAmB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACpB,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACrE,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/reporters/index.d.ts

@@ -0,0 +1,2 @@
+export { renderReport, summarize } from "./terminal.js";
+export { toJson } from "./json.js";

package/dist/reporters/index.js

@@ -0,0 +1,3 @@
+export { renderReport, summarize } from "./terminal.js";
+export { toJson } from "./json.js";
+//# sourceMappingURL=index.js.map

package/dist/reporters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/reporters/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,WAAW,CAAC"}

package/dist/reporters/json.d.ts

@@ -0,0 +1,2 @@
+import type { ServerReport } from "../types.js";
+export declare function toJson(reports: ServerReport[]): string;

package/dist/reporters/json.js

@@ -0,0 +1,23 @@
+export function toJson(reports) {
+    return JSON.stringify(reports.map((r) => ({
+        name: r.server.config.name,
+        source: r.server.config.source,
+        status: r.server.status,
+        score: r.score,
+        verdict: r.verdict,
+        durationMs: r.server.durationMs,
+        toolCount: r.server.toolCount,
+        emptyArgTools: r.server.emptyArgTools,
+        protocolVersion: r.server.protocolVersion,
+        repo: r.health?.repo ?? null,
+        lastCommitDaysAgo: r.health?.lastCommitDaysAgo ?? null,
+        stars: r.health?.stars ?? null,
+        weeklyDownloads: r.health?.weeklyDownloads ?? null,
+        cveCount: r.health?.cveCount ?? null,
+        archived: r.health?.archived ?? null,
+        issues: r.issues,
+        recommendations: r.recommendations,
+        error: r.server.errorMessage ?? null,
+    })), null, 2);
+}
+//# sourceMappingURL=json.js.map

package/dist/reporters/json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json.js","sourceRoot":"","sources":["../../src/reporters/json.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,MAAM,CAAC,OAAuB;IAC5C,OAAO,IAAI,CAAC,SAAS,CACnB,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAClB,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI;QAC1B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM;QAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM;QACvB,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,OAAO,EAAE,CAAC,CAAC,OAAO;QAClB,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,UAAU;QAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS;QAC7B,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,aAAa;QACrC,eAAe,EAAE,CAAC,CAAC,MAAM,CAAC,eAAe;QACzC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,IAAI,IAAI;QAC5B,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,iBAAiB,IAAI,IAAI;QACtD,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,KAAK,IAAI,IAAI;QAC9B,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,eAAe,IAAI,IAAI;QAClD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;QACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;QACpC,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,eAAe,EAAE,CAAC,CAAC,eAAe;QAClC,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI;KACrC,CAAC,CAAC,EACH,IAAI,EACJ,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/reporters/terminal.d.ts

@@ -0,0 +1,3 @@
+import type { AuditSummary, ServerReport } from "../types.js";
+export declare function renderReport(reports: ServerReport[]): void;
+export declare function summarize(reports: ServerReport[]): AuditSummary;

package/dist/reporters/terminal.js

@@ -0,0 +1,120 @@
+import pc from "picocolors";
+const STATUS_ICONS = {
+    alive: pc.green("[ALIVE]"),
+    dead: pc.red("[DEAD] "),
+    hangs: pc.red("[HANG] "),
+    auth_required: pc.yellow("[AUTH] "),
+    install_error: pc.red("[NOEX] "),
+    needs_args: pc.yellow("[ARGS]"),
+    needs_env: pc.yellow("[ENV] "),
+    broken: pc.red("[BRKN] "),
+    not_probed: pc.gray("[----]"),
+};
+const VERDICT_COLORS = {
+    A: pc.green,
+    B: pc.cyan,
+    C: pc.yellow,
+    D: pc.yellow,
+    F: pc.red,
+};
+function pad(s, n) {
+    return s.length >= n ? s : s + " ".repeat(n - s.length);
+}
+function shortStatus(status) {
+    return STATUS_ICONS[status] ?? pc.gray("[" + status + "]");
+}
+export function renderReport(reports) {
+    console.log();
+    console.log(pc.bold(pc.magenta("mcp-trust")) + pc.gray(" v0.1.0"));
+    console.log(pc.gray("Auditing MCP servers installed on this machine"));
+    console.log();
+    if (reports.length === 0) {
+        console.log(pc.yellow("No MCP servers found in any known config location."));
+        console.log(pc.gray("Searched: Claude Desktop, Cursor, Codex, Cline"));
+        console.log();
+        return;
+    }
+    for (const r of reports) {
+        const cfg = r.server.config;
+        const status = shortStatus(r.server.status);
+        const verdict = r.verdict;
+        const verdictColor = VERDICT_COLORS[verdict];
+        const name = pc.bold(pad(cfg.name, 24));
+        const source = pc.gray("[" + cfg.source + "]");
+        console.log(`${status} ${verdictColor(verdict)} ${name} ${source}`);
+        if (r.server.status === "alive") {
+            const toolInfo = pc.gray(`${r.server.toolCount} tool${r.server.toolCount === 1 ? "" : "s"}` +
+                (r.server.emptyArgTools > 0 ? `, ${r.server.emptyArgTools} no-arg` : "") +
+                `, ${r.server.durationMs}ms`);
+            console.log(`        ${toolInfo}`);
+        }
+        else if (r.server.errorMessage) {
+            const errMsg = r.server.errorMessage.split("\n")[0]?.trim() ?? "";
+            console.log(`        ${pc.gray(truncate(errMsg, 80))}`);
+        }
+        if (r.health) {
+            const h = r.health;
+            const age = h.lastCommitDaysAgo !== null ? `${h.lastCommitDaysAgo}d ago` : "unknown";
+            const dl = h.weeklyDownloads > 0 ? formatNumber(h.weeklyDownloads) + " dl/wk" : "no dl data";
+            console.log(`        ${pc.gray(`[${h.repo}]`)} ${pc.gray(`${age}, ${h.stars}★, ${dl}`)}`);
+            if (h.archived) {
+                console.log(`        ${pc.red("⚠ Archived")}`);
+            }
+            if (h.cveCount > 0) {
+                console.log(`        ${pc.red(`⚠ ${h.cveCount} CVE${h.cveCount === 1 ? "" : "s"}`)}`);
+            }
+        }
+        for (const issue of r.issues) {
+            console.log(`        ${pc.red("•")} ${issue}`);
+        }
+        for (const rec of r.recommendations) {
+            console.log(`        ${pc.cyan("→")} ${rec}`);
+        }
+        console.log();
+    }
+    const summary = summarize(reports);
+    renderSummary(summary);
+}
+function renderSummary(s) {
+    const parts = [
+        pc.bold("Total: ") + String(s.total),
+        pc.green("Alive: ") + String(s.alive),
+        pc.red("Dead: ") + String(s.dead),
+        pc.yellow("Other: ") + String(s.other),
+        pc.bold("Avg score: ") + s.averageScore + "/100",
+    ];
+    console.log(pc.gray("─".repeat(60)));
+    console.log(parts.join("  "));
+    if (s.worstOffenders.length > 0) {
+        console.log();
+        console.log(pc.red(pc.bold("Worst offenders:")));
+        for (const name of s.worstOffenders) {
+            console.log(`  ${pc.red("•")} ${name}`);
+        }
+    }
+    console.log();
+}
+export function summarize(reports) {
+    const total = reports.length;
+    const alive = reports.filter((r) => r.server.status === "alive").length;
+    const dead = reports.filter((r) => r.server.status === "dead").length;
+    const other = total - alive - dead;
+    const avg = total === 0 ? 0 : Math.round(reports.reduce((s, r) => s + r.score, 0) / total);
+    const worst = reports
+        .filter((r) => r.verdict === "F" || r.verdict === "D")
+        .sort((a, b) => a.score - b.score)
+        .slice(0, 5)
+        .map((r) => r.server.config.name);
+    return { total, alive, dead, other, averageScore: avg, worstOffenders: worst };
+}
+function truncate(s, n) {
+    return s.length > n ? s.slice(0, n - 1) + "…" : s;
+}
+function formatNumber(n) {
+    if (n >= 1_000_000)
+        return (n / 1_000_000).toFixed(1) + "M";
+    if (n >= 1_000)
+        return (n / 1_000).toFixed(1) + "K";
+    return String(n);
+}
+//# sourceMappingURL=terminal.js.map

package/dist/reporters/terminal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminal.js","sourceRoot":"","sources":["../../src/reporters/terminal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAG5B,MAAM,YAAY,GAA2B;IAC3C,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC;IAC1B,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;IACvB,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;IACxB,aAAa,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC;IACnC,aAAa,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;IAChC,UAAU,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC/B,SAAS,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC9B,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;IACzB,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;CAC9B,CAAC;AAEF,MAAM,cAAc,GAA2C;IAC7D,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,EAAE,CAAC,IAAI;IACV,CAAC,EAAE,EAAE,CAAC,MAAM;IACZ,CAAC,EAAE,EAAE,CAAC,MAAM;IACZ,CAAC,EAAE,EAAE,CAAC,GAAG;CACV,CAAC;AAEF,SAAS,GAAG,CAAC,CAAS,EAAE,CAAS;IAC/B,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,YAAY,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,MAAM,GAAG,GAAG,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAuB;IAClD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,oDAAoD,CAAC,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;QACvE,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO;IACT,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC;QAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC;QAC1B,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QAC7C,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;QAE/C,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,IAAI,YAAY,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,MAAM,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,EAAE,CAAC,IAAI,CACtB,GAAG,CAAC,CAAC,MAAM,CAAC,SAAS,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;gBAChE,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,aAAa,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxE,KAAK,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,CAC/B,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,WAAW,QAAQ,EAAE,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;YAClE,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;YACnB,MAAM,GAAG,GAAG,CAAC,CAAC,iBAAiB,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,iBAAiB,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YACrF,MAAM,EAAE,GAAG,CAAC,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC;YAC7F,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,KAAK,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;YAC1F,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;YACD,IAAI,CAAC,CAAC,QAAQ,GAAG,CAAC,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,OAAO,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACxF,CAAC;QACH,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,eAAe,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACnC,aAAa,CAAC,OAAO,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,aAAa,CAAC,CAAe;IACpC,MAAM,KAAK,GAAG;QACZ,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACpC,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACrC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QACjC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QACtC,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,YAAY,GAAG,MAAM;KACjD,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,cAAc,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAuB;IAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACtE,MAAM,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC;IACnC,MAAM,GAAG,GAAG,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;IAC3F,MAAM,KAAK,GAAG,OAAO;SAClB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,GAAG,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,CAAC;SACrD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;SACjC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,GAAG,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;AACjF,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,CAAS;IACpC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC,IAAI,SAAS;QAAE,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IAC5D,IAAI,CAAC,IAAI,KAAK;QAAE,OAAO,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;IACpD,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;AACnB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,50 @@
+export type ServerStatus = "alive" | "dead" | "hangs" | "auth_required" | "install_error" | "needs_args" | "needs_env" | "broken" | "not_probed";
+export type Verdict = "A" | "B" | "C" | "D" | "F";
+export interface ServerConfig {
+    name: string;
+    command: string;
+    args: string[];
+    env?: Record<string, string>;
+    source: "claude" | "cursor" | "codex" | "cline" | "vscode" | "windsurf" | "manual";
+    configPath: string;
+}
+export interface ProbedServer {
+    config: ServerConfig;
+    status: ServerStatus;
+    probedAt: number;
+    durationMs: number;
+    protocolVersion?: string;
+    toolCount: number;
+    emptyArgTools: number;
+    toolNames: string[];
+    errorMessage?: string;
+    stderr?: string;
+}
+export interface RepoHealth {
+    repo: string;
+    lastCommit: string | null;
+    lastCommitDaysAgo: number | null;
+    stars: number;
+    openIssues: number;
+    cveCount: number;
+    weeklyDownloads: number;
+    contributors: number;
+    archived: boolean;
+    sourceUrl: string | null;
+}
+export interface ServerReport {
+    server: ProbedServer;
+    health: RepoHealth | null;
+    verdict: Verdict;
+    score: number;
+    issues: string[];
+    recommendations: string[];
+}
+export interface AuditSummary {
+    total: number;
+    alive: number;
+    dead: number;
+    other: number;
+    averageScore: number;
+    worstOffenders: string[];
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "mcp-trust",
+  "version": "0.1.0",
+  "description": "Audit the MCP servers installed on your machine. Detect dead, dangerous, or fake servers before they hit production.",
+  "type": "module",
+  "bin": "bin/mcp-trust.js",
+  "files": [
+    "dist",
+    "bin",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepare": "tsc",
+    "test": "node --test --import tsx test/*.test.ts",
+    "lint": "tsc --noEmit",
+    "start": "node --import tsx src/index.ts"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "audit",
+    "security",
+    "cli",
+    "agent",
+    "claude",
+    "codex",
+    "cursor"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "picocolors": "^1.0.1"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.4.0"
+  }
+}