midnight-mcp 0.0.2 → 0.0.5

package/dist/utils/logger.js

@@ -7,17 +7,51 @@ const LOG_LEVELS = {
 };
 class Logger {
     level;
-    constructor(level = "info") {
+    format;
+    service;
+    constructor(level = "info", format = "text", service = "midnight-mcp") {
+        this.level = level;
+        this.format = format;
+        this.service = service;
+    }
+    /**
+     * Set log format at runtime
+     */
+    setFormat(format) {
+        this.format = format;
+    }
+    /**
+     * Set log level at runtime
+     */
+    setLevel(level) {
         this.level = level;
     }
     shouldLog(level) {
         return LOG_LEVELS[level] >= LOG_LEVELS[this.level];
     }
-    formatMessage(level, message, meta) {
+    formatTextMessage(level, message, meta) {
         const timestamp = new Date().toISOString();
         const metaStr = meta ? ` ${JSON.stringify(meta)}` : "";
         return `[${timestamp}] [${level.toUpperCase()}] ${message}${metaStr}`;
     }
+    formatJsonMessage(level, message, meta) {
+        const entry = {
+            timestamp: new Date().toISOString(),
+            level,
+            message,
+            service: this.service,
+        };
+        if (meta) {
+            entry.meta = meta;
+        }
+        return JSON.stringify(entry);
+    }
+    formatMessage(level, message, meta) {
+        if (this.format === "json") {
+            return this.formatJsonMessage(level, message, meta);
+        }
+        return this.formatTextMessage(level, message, meta);
+    }
     debug(message, meta) {
         if (this.shouldLog("debug")) {
             console.error(this.formatMessage("debug", message, meta));
@@ -38,6 +72,37 @@ class Logger {
             console.error(this.formatMessage("error", message, meta));
         }
     }
+    /**
+     * Create a child logger with additional context
+     */
+    child(context) {
+        return new ChildLogger(this, context);
+    }
+}
+/**
+ * Child logger that includes additional context in all log messages
+ */
+class ChildLogger {
+    parent;
+    context;
+    constructor(parent, context) {
+        this.parent = parent;
+        this.context = context;
+    }
+    debug(message, meta) {
+        this.parent.debug(message, { ...this.context, ...meta });
+    }
+    info(message, meta) {
+        this.parent.info(message, { ...this.context, ...meta });
+    }
+    warn(message, meta) {
+        this.parent.warn(message, { ...this.context, ...meta });
+    }
+    error(message, meta) {
+        this.parent.error(message, { ...this.context, ...meta });
+    }
 }
-export const logger = new Logger(config.logLevel);
+// Determine log format from environment
+const logFormat = process.env.LOG_FORMAT === "json" ? "json" : "text";
+export const logger = new Logger(config.logLevel, logFormat);
 //# sourceMappingURL=logger.js.map

package/dist/utils/rate-limit.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Rate limit tracking and management utilities
+ * Tracks GitHub API rate limits and warns before hitting limits
+ */
+export interface RateLimitInfo {
+    limit: number;
+    remaining: number;
+    reset: Date;
+    used: number;
+}
+export interface RateLimitStatus {
+    isLimited: boolean;
+    isWarning: boolean;
+    remaining: number;
+    limit: number;
+    resetAt: Date;
+    percentUsed: number;
+    message: string;
+}
+/**
+ * Update rate limit info from API response headers
+ */
+export declare function updateRateLimitFromHeaders(headers: Record<string, string | undefined>): void;
+/**
+ * Update rate limit info directly
+ */
+export declare function updateRateLimit(info: RateLimitInfo): void;
+/**
+ * Get current rate limit status
+ */
+export declare function getRateLimitStatus(): RateLimitStatus;
+/**
+ * Check if we should proceed with an API call
+ * Returns true if safe to proceed, false if we should wait/fail
+ */
+export declare function shouldProceedWithRequest(): {
+    proceed: boolean;
+    reason?: string;
+    waitMs?: number;
+};
+/**
+ * Get time until rate limit resets
+ */
+export declare function getTimeUntilReset(): number;
+/**
+ * Check if cached rate limit info is stale
+ */
+export declare function isRateLimitStale(): boolean;
+/**
+ * Get cached rate limit info
+ */
+export declare function getCachedRateLimit(): RateLimitInfo | null;
+/**
+ * Decrement remaining count (for optimistic tracking)
+ */
+export declare function decrementRemaining(): void;
+/**
+ * Format rate limit status for display
+ */
+export declare function formatRateLimitStatus(): string;
+//# sourceMappingURL=rate-limit.d.ts.map

package/dist/utils/rate-limit.js

@@ -0,0 +1,148 @@
+/**
+ * Rate limit tracking and management utilities
+ * Tracks GitHub API rate limits and warns before hitting limits
+ */
+import { logger } from "./logger.js";
+// Warning threshold - warn when this percentage of rate limit is used
+const WARNING_THRESHOLD = 0.8; // 80%
+// Critical threshold - consider limited when this percentage is used
+const CRITICAL_THRESHOLD = 0.95; // 95%
+// Cached rate limit info
+let cachedRateLimit = null;
+let lastUpdate = 0;
+const CACHE_TTL = 60 * 1000; // 1 minute cache
+/**
+ * Update rate limit info from API response headers
+ */
+export function updateRateLimitFromHeaders(headers) {
+    const limit = parseInt(headers["x-ratelimit-limit"] || "5000", 10);
+    const remaining = parseInt(headers["x-ratelimit-remaining"] || "5000", 10);
+    const resetTimestamp = parseInt(headers["x-ratelimit-reset"] || "0", 10);
+    cachedRateLimit = {
+        limit,
+        remaining,
+        reset: new Date(resetTimestamp * 1000),
+        used: limit - remaining,
+    };
+    lastUpdate = Date.now();
+    // Log warning if approaching limit
+    const percentUsed = (cachedRateLimit.used / cachedRateLimit.limit) * 100;
+    if (percentUsed >= WARNING_THRESHOLD * 100) {
+        logger.warn("GitHub API rate limit warning", {
+            remaining: cachedRateLimit.remaining,
+            limit: cachedRateLimit.limit,
+            percentUsed: Math.round(percentUsed),
+            resetAt: cachedRateLimit.reset.toISOString(),
+        });
+    }
+}
+/**
+ * Update rate limit info directly
+ */
+export function updateRateLimit(info) {
+    cachedRateLimit = info;
+    lastUpdate = Date.now();
+}
+/**
+ * Get current rate limit status
+ */
+export function getRateLimitStatus() {
+    if (!cachedRateLimit) {
+        return {
+            isLimited: false,
+            isWarning: false,
+            remaining: 5000,
+            limit: 5000,
+            resetAt: new Date(),
+            percentUsed: 0,
+            message: "Rate limit info not yet available",
+        };
+    }
+    const percentUsed = cachedRateLimit.used / cachedRateLimit.limit;
+    const isWarning = percentUsed >= WARNING_THRESHOLD;
+    const isLimited = percentUsed >= CRITICAL_THRESHOLD || cachedRateLimit.remaining <= 10;
+    let message;
+    if (isLimited) {
+        const minutesUntilReset = Math.ceil((cachedRateLimit.reset.getTime() - Date.now()) / 60000);
+        message = `Rate limited! Resets in ${minutesUntilReset} minutes`;
+    }
+    else if (isWarning) {
+        message = `Warning: ${cachedRateLimit.remaining} API calls remaining (${Math.round(percentUsed * 100)}% used)`;
+    }
+    else {
+        message = `${cachedRateLimit.remaining}/${cachedRateLimit.limit} API calls remaining`;
+    }
+    return {
+        isLimited,
+        isWarning,
+        remaining: cachedRateLimit.remaining,
+        limit: cachedRateLimit.limit,
+        resetAt: cachedRateLimit.reset,
+        percentUsed: Math.round(percentUsed * 100),
+        message,
+    };
+}
+/**
+ * Check if we should proceed with an API call
+ * Returns true if safe to proceed, false if we should wait/fail
+ */
+export function shouldProceedWithRequest() {
+    if (!cachedRateLimit) {
+        return { proceed: true };
+    }
+    if (cachedRateLimit.remaining <= 10) {
+        const waitMs = Math.max(0, cachedRateLimit.reset.getTime() - Date.now());
+        return {
+            proceed: false,
+            reason: `Rate limit nearly exhausted (${cachedRateLimit.remaining} remaining)`,
+            waitMs,
+        };
+    }
+    return { proceed: true };
+}
+/**
+ * Get time until rate limit resets
+ */
+export function getTimeUntilReset() {
+    if (!cachedRateLimit) {
+        return 0;
+    }
+    return Math.max(0, cachedRateLimit.reset.getTime() - Date.now());
+}
+/**
+ * Check if cached rate limit info is stale
+ */
+export function isRateLimitStale() {
+    return Date.now() - lastUpdate > CACHE_TTL;
+}
+/**
+ * Get cached rate limit info
+ */
+export function getCachedRateLimit() {
+    return cachedRateLimit;
+}
+/**
+ * Decrement remaining count (for optimistic tracking)
+ */
+export function decrementRemaining() {
+    if (cachedRateLimit && cachedRateLimit.remaining > 0) {
+        cachedRateLimit.remaining--;
+        cachedRateLimit.used++;
+    }
+}
+/**
+ * Format rate limit status for display
+ */
+export function formatRateLimitStatus() {
+    const status = getRateLimitStatus();
+    if (status.isLimited) {
+        return `⛔ ${status.message}`;
+    }
+    else if (status.isWarning) {
+        return `⚠️ ${status.message}`;
+    }
+    else {
+        return `✅ ${status.message}`;
+    }
+}
+//# sourceMappingURL=rate-limit.js.map

package/dist/utils/validation.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Input validation and sanitization utilities
+ * Protects against injection attacks and malformed inputs
+ */
+export interface ValidationResult {
+    isValid: boolean;
+    sanitized: string;
+    warnings: string[];
+    errors: string[];
+}
+/**
+ * Sanitize a string by removing dangerous patterns
+ */
+export declare function sanitizeString(input: string, maxLength?: number): string;
+/**
+ * Validate and sanitize a search query
+ */
+export declare function validateQuery(query: unknown): ValidationResult;
+/**
+ * Validate and sanitize a repository name
+ */
+export declare function validateRepository(repo: unknown): ValidationResult;
+/**
+ * Validate and sanitize a file path
+ */
+export declare function validatePath(path: unknown): ValidationResult;
+/**
+ * Validate and sanitize a git ref (branch, tag, or commit)
+ */
+export declare function validateRef(ref: unknown): ValidationResult;
+/**
+ * Validate a numeric input within bounds
+ */
+export declare function validateNumber(value: unknown, options: {
+    min?: number;
+    max?: number;
+    defaultValue: number;
+}): {
+    isValid: boolean;
+    value: number;
+    error?: string;
+};
+/**
+ * Validate tool arguments with automatic sanitization
+ */
+export declare function validateToolArgs<T extends Record<string, unknown>>(args: T, validators: Partial<Record<keyof T, (value: unknown) => ValidationResult>>): {
+    isValid: boolean;
+    sanitized: Partial<T>;
+    errors: string[];
+    warnings: string[];
+};
+//# sourceMappingURL=validation.d.ts.map

package/dist/utils/validation.js

@@ -0,0 +1,255 @@
+/**
+ * Input validation and sanitization utilities
+ * Protects against injection attacks and malformed inputs
+ */
+// Maximum allowed lengths for different input types
+const MAX_LENGTHS = {
+    query: 1000,
+    path: 500,
+    repository: 100,
+    ref: 100,
+    generic: 500,
+};
+// Patterns that could indicate injection attempts
+const DANGEROUS_PATTERNS = [
+    /[<>]/g, // HTML/XML injection
+    /javascript:/gi, // JS protocol
+    /data:/gi, // Data URLs
+    /\0/g, // Null bytes
+    /[\x00-\x08\x0B\x0C\x0E-\x1F]/g, // Control characters (except newline, tab)
+];
+// Valid characters for different input types
+const VALID_PATTERNS = {
+    // Repository names: alphanumeric, hyphens, underscores, slashes
+    repository: /^[a-zA-Z0-9_\-./]+$/,
+    // Git refs: alphanumeric, hyphens, underscores, dots, slashes
+    ref: /^[a-zA-Z0-9_\-./]+$/,
+    // File paths: most characters except dangerous ones
+    path: /^[a-zA-Z0-9_\-./\s]+$/,
+};
+/**
+ * Sanitize a string by removing dangerous patterns
+ */
+export function sanitizeString(input, maxLength = MAX_LENGTHS.generic) {
+    if (!input || typeof input !== "string") {
+        return "";
+    }
+    let sanitized = input;
+    // Remove dangerous patterns
+    for (const pattern of DANGEROUS_PATTERNS) {
+        sanitized = sanitized.replace(pattern, "");
+    }
+    // Trim whitespace
+    sanitized = sanitized.trim();
+    // Truncate to max length
+    if (sanitized.length > maxLength) {
+        sanitized = sanitized.substring(0, maxLength);
+    }
+    return sanitized;
+}
+/**
+ * Validate and sanitize a search query
+ */
+export function validateQuery(query) {
+    const warnings = [];
+    const errors = [];
+    if (query === null || query === undefined) {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Query is required"],
+        };
+    }
+    if (typeof query !== "string") {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Query must be a string"],
+        };
+    }
+    const sanitized = sanitizeString(query, MAX_LENGTHS.query);
+    if (sanitized.length === 0) {
+        errors.push("Query cannot be empty after sanitization");
+    }
+    if (sanitized.length < 2) {
+        warnings.push("Query is very short, results may be limited");
+    }
+    if (query.length !== sanitized.length) {
+        warnings.push("Query was sanitized to remove potentially dangerous characters");
+    }
+    return {
+        isValid: errors.length === 0,
+        sanitized,
+        warnings,
+        errors,
+    };
+}
+/**
+ * Validate and sanitize a repository name
+ */
+export function validateRepository(repo) {
+    const warnings = [];
+    const errors = [];
+    if (repo === null || repo === undefined) {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Repository name is required"],
+        };
+    }
+    if (typeof repo !== "string") {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Repository name must be a string"],
+        };
+    }
+    const sanitized = sanitizeString(repo, MAX_LENGTHS.repository);
+    if (!VALID_PATTERNS.repository.test(sanitized)) {
+        errors.push("Repository name contains invalid characters");
+    }
+    // Check for path traversal attempts
+    if (sanitized.includes("..")) {
+        errors.push("Repository name cannot contain path traversal sequences");
+    }
+    return {
+        isValid: errors.length === 0,
+        sanitized,
+        warnings,
+        errors,
+    };
+}
+/**
+ * Validate and sanitize a file path
+ */
+export function validatePath(path) {
+    const warnings = [];
+    const errors = [];
+    if (path === null || path === undefined) {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Path is required"],
+        };
+    }
+    if (typeof path !== "string") {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Path must be a string"],
+        };
+    }
+    let sanitized = sanitizeString(path, MAX_LENGTHS.path);
+    // Normalize path separators
+    sanitized = sanitized.replace(/\\/g, "/");
+    // Remove leading slashes
+    sanitized = sanitized.replace(/^\/+/, "");
+    // Check for path traversal attempts
+    if (sanitized.includes("..")) {
+        errors.push("Path cannot contain traversal sequences (..)");
+    }
+    // Check for absolute paths
+    if (path.startsWith("/") || /^[a-zA-Z]:/.test(path)) {
+        warnings.push("Absolute paths are converted to relative paths");
+    }
+    return {
+        isValid: errors.length === 0,
+        sanitized,
+        warnings,
+        errors,
+    };
+}
+/**
+ * Validate and sanitize a git ref (branch, tag, or commit)
+ */
+export function validateRef(ref) {
+    const warnings = [];
+    const errors = [];
+    // Ref is optional, so null/undefined is valid
+    if (ref === null || ref === undefined) {
+        return {
+            isValid: true,
+            sanitized: "",
+            warnings,
+            errors,
+        };
+    }
+    if (typeof ref !== "string") {
+        return {
+            isValid: false,
+            sanitized: "",
+            warnings,
+            errors: ["Ref must be a string"],
+        };
+    }
+    const sanitized = sanitizeString(ref, MAX_LENGTHS.ref);
+    if (!VALID_PATTERNS.ref.test(sanitized)) {
+        errors.push("Ref contains invalid characters");
+    }
+    // Check for path traversal
+    if (sanitized.includes("..")) {
+        errors.push("Ref cannot contain path traversal sequences");
+    }
+    return {
+        isValid: errors.length === 0,
+        sanitized,
+        warnings,
+        errors,
+    };
+}
+/**
+ * Validate a numeric input within bounds
+ */
+export function validateNumber(value, options) {
+    const { min = 1, max = 100, defaultValue } = options;
+    if (value === null || value === undefined) {
+        return { isValid: true, value: defaultValue };
+    }
+    const num = typeof value === "string" ? parseInt(value, 10) : value;
+    if (typeof num !== "number" || isNaN(num)) {
+        return {
+            isValid: false,
+            value: defaultValue,
+            error: "Must be a valid number",
+        };
+    }
+    if (num < min) {
+        return { isValid: true, value: min };
+    }
+    if (num > max) {
+        return { isValid: true, value: max };
+    }
+    return { isValid: true, value: num };
+}
+/**
+ * Validate tool arguments with automatic sanitization
+ */
+export function validateToolArgs(args, validators) {
+    const errors = [];
+    const warnings = [];
+    const sanitized = { ...args };
+    for (const [key, validator] of Object.entries(validators)) {
+        if (validator && key in args) {
+            const result = validator(args[key]);
+            if (!result.isValid) {
+                errors.push(`${key}: ${result.errors.join(", ")}`);
+            }
+            warnings.push(...result.warnings.map((w) => `${key}: ${w}`));
+            sanitized[key] =
+                result.sanitized || args[key];
+        }
+    }
+    return {
+        isValid: errors.length === 0,
+        sanitized,
+        errors,
+        warnings,
+    };
+}
+//# sourceMappingURL=validation.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "midnight-mcp",
-  "version": "0.0.2",
+  "version": "0.0.5",
   "description": "Model Context Protocol Server for Midnight Blockchain Development",
   "type": "module",
   "main": "dist/index.js",
@@ -11,7 +11,6 @@
     "build": "tsc",
     "start": "node dist/index.js",
     "dev": "tsx watch src/index.ts",
-    "index": "tsx src/scripts/index-repos.ts",
     "test": "vitest",
     "test:coverage": "vitest --coverage",
     "lint": "eslint src/**/*.ts",