midnight-mcp 0.2.19 → 0.2.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -183,7 +183,7 @@ Quick references available offline:
183
183
 
184
184
  ## Indexed Repositories
185
185
 
186
- The API indexes **102+ Midnight repositories** from the entire Midnight ecosystem:
186
+ The API indexes **115+ Midnight repositories** from the entire Midnight ecosystem:
187
187
 
188
188
  | Category | Count | Key Repositories |
189
189
  | ------------------------ | ----- | -------------------------------------------------------------------------------- |
@@ -192,15 +192,15 @@ The API indexes **102+ Midnight repositories** from the entire Midnight ecosyste
192
192
  | **Core Infrastructure** | 9 | `midnight-node`, `midnight-indexer`, `midnight-ledger`, `midnight-zk` |
193
193
  | **ZK & Cryptography** | 6 | `midnight-trusted-setup`, `fri`, `galois_recursion`, `pluto_eris` |
194
194
  | **Documentation** | 5 | `midnight-docs`, `midnight-improvement-proposals`, `midnight-architecture` |
195
- | **Examples & Templates** | 8 | `example-counter`, `example-bboard`, `example-dex`, `example-DAO` |
195
+ | **Examples & Templates** | 18 | `example-counter`, `example-bboard`, `example-kitties`, `example-zkloan` |
196
196
  | **Identity** | 5 | `midnight-did`, `midnight-did-resolver`, `midnight-verifiable-credentials` |
197
- | **Developer Tools** | 4 | `setup-compact-action`, `upload-sarif-github-action`, `midnight-dev-utils` |
197
+ | **Developer Tools** | 5 | `setup-compact-action`, `midnight-dev-utils`, `midnight-local-dev` |
198
198
  | **Solutions & Apps** | 7 | `midnight-solutions`, `midnight-website-next`, `nightcap`, `ocp` |
199
199
  | **Glacier Drop** | 15 | `midnight-glacier-drop-tools`, `gd-claim-api`, `gd-claim-portal` |
200
- | **Partners** | 14 | OpenZeppelin, BrickTowers, MeshJS, PaimaStudios, hackathon winners |
200
+ | **Partners & Community** | 20 | OpenZeppelin, BrickTowers, MeshJS, PaimaStudios, hackathon winners, Olanetsoft |
201
201
  | **Other** | 18+ | Contracts, bridges, token distribution, monitoring, QA tools, community projects |
202
202
 
203
- All **non-archived** repositories from the `midnightntwrk` organization plus community partners. See [api/README.md](api/README.md#indexed-repositories-102) for the complete list.
203
+ All **non-archived** repositories from the `midnightntwrk` organization plus community partners. See [api/README.md](api/README.md#indexed-repositories-115) for the complete list.
204
204
 
205
205
  ---
206
206
 
package/dist/bin.js CHANGED
@@ -2,10 +2,10 @@
2
2
  import {
3
3
  startHttpServer,
4
4
  startServer
5
- } from "./chunk-4CUN6SQZ.js";
5
+ } from "./chunk-T2CXHJAO.js";
6
6
  import {
7
7
  setOutputFormat
8
- } from "./chunk-OYH7MAIC.js";
8
+ } from "./chunk-YDH6CRK3.js";
9
9
 
10
10
  // src/bin.ts
11
11
  import { config } from "dotenv";
@@ -13,7 +13,7 @@ import { resolve } from "path";
13
13
  import yargs from "yargs";
14
14
  import { hideBin } from "yargs/helpers";
15
15
  config({ path: resolve(process.cwd(), ".env") });
16
- var CURRENT_VERSION = "0.2.19";
16
+ var CURRENT_VERSION = "0.2.21";
17
17
  process.on("uncaughtException", (error) => {
18
18
  console.error("Uncaught exception:", error);
19
19
  process.exit(1);
@@ -5,7 +5,6 @@ import {
5
5
  createCacheKey,
6
6
  fileCache,
7
7
  formatErrorResponse,
8
- formatRateLimitStatus,
9
8
  getHealthStatus,
10
9
  getQuickHealthStatus,
11
10
  getRateLimitStatus,
@@ -25,7 +24,7 @@ import {
25
24
  validateNumber,
26
25
  validateQuery,
27
26
  vectorStore
28
- } from "./chunk-OYH7MAIC.js";
27
+ } from "./chunk-YDH6CRK3.js";
29
28
 
30
29
  // src/tools/search/schemas.ts
31
30
  import { z } from "zod";
@@ -1605,8 +1604,55 @@ var REPO_ALIASES = {
1605
1604
  bboard: { owner: "midnightntwrk", repo: "example-bboard" },
1606
1605
  "example-dex": { owner: "midnightntwrk", repo: "example-dex" },
1607
1606
  dex: { owner: "midnightntwrk", repo: "example-dex" },
1607
+ "example-hello-world": {
1608
+ owner: "midnightntwrk",
1609
+ repo: "example-hello-world"
1610
+ },
1611
+ "hello-world": { owner: "midnightntwrk", repo: "example-hello-world" },
1612
+ "example-kitties": { owner: "midnightntwrk", repo: "example-kitties" },
1613
+ kitties: { owner: "midnightntwrk", repo: "example-kitties" },
1614
+ cryptokitties: { owner: "midnightntwrk", repo: "example-kitties" },
1615
+ "example-nft-contracts": {
1616
+ owner: "midnightntwrk",
1617
+ repo: "example-nft-contracts"
1618
+ },
1619
+ "nft-contracts": { owner: "midnightntwrk", repo: "example-nft-contracts" },
1620
+ nft: { owner: "midnightntwrk", repo: "example-nft-contracts" },
1621
+ "example-locker": { owner: "midnightntwrk", repo: "example-locker" },
1622
+ locker: { owner: "midnightntwrk", repo: "example-locker" },
1623
+ "example-zkloan": { owner: "midnightntwrk", repo: "example-zkloan" },
1624
+ zkloan: { owner: "midnightntwrk", repo: "example-zkloan" },
1625
+ "example-battleship": {
1626
+ owner: "midnightntwrk",
1627
+ repo: "example-battleship"
1628
+ },
1629
+ "example-private-party": {
1630
+ owner: "midnightntwrk",
1631
+ repo: "example-private-party"
1632
+ },
1633
+ "private-party": { owner: "midnightntwrk", repo: "example-private-party" },
1634
+ "midnight-dust-generator": {
1635
+ owner: "midnightntwrk",
1636
+ repo: "midnight-dust-generator"
1637
+ },
1638
+ "dust-generator": {
1639
+ owner: "midnightntwrk",
1640
+ repo: "midnight-dust-generator"
1641
+ },
1642
+ "midnight-tip-jar": { owner: "midnightntwrk", repo: "midnight-tip-jar" },
1643
+ "tip-jar": { owner: "midnightntwrk", repo: "midnight-tip-jar" },
1644
+ "midnight-leaderboard": {
1645
+ owner: "midnightntwrk",
1646
+ repo: "midnight-leaderboard"
1647
+ },
1648
+ leaderboard: { owner: "midnightntwrk", repo: "midnight-leaderboard" },
1608
1649
  // Developer Tools
1609
1650
  "create-mn-app": { owner: "midnightntwrk", repo: "create-mn-app" },
1651
+ "midnight-local-dev": {
1652
+ owner: "midnightntwrk",
1653
+ repo: "midnight-local-dev"
1654
+ },
1655
+ "local-dev": { owner: "midnightntwrk", repo: "midnight-local-dev" },
1610
1656
  "midnight-wallet": { owner: "midnightntwrk", repo: "midnight-wallet" },
1611
1657
  wallet: { owner: "midnightntwrk", repo: "midnight-wallet" },
1612
1658
  // Infrastructure
@@ -1698,7 +1744,29 @@ var REPO_ALIASES = {
1698
1744
  lucentlabs: { owner: "statera-protocol", repo: "statera-protocol-midnight" },
1699
1745
  stablecoin: { owner: "statera-protocol", repo: "statera-protocol-midnight" },
1700
1746
  "midnight-bank": { owner: "nel349", repo: "midnight-bank" },
1701
- bank: { owner: "nel349", repo: "midnight-bank" }
1747
+ bank: { owner: "nel349", repo: "midnight-bank" },
1748
+ // Third-Party / Community (NOT official Midnight, not in midnight-awesome-dapps)
1749
+ // effectstream is a multi-chain Web3 engine (EVM, Midnight, Bitcoin, Cardano,
1750
+ // Avail, Celestia, NEAR). Only its Midnight pieces are relevant here:
1751
+ // @effectstream/midnight-contracts and the evm-midnight-v2 / zswap-da templates.
1752
+ // NOTE: repo currently has NO LICENSE — treat indexed content as reference only.
1753
+ effectstream: { owner: "effectstream", repo: "effectstream" },
1754
+ "effect-stream": { owner: "effectstream", repo: "effectstream" },
1755
+ // Community Examples & Learning Resources (Olanetsoft)
1756
+ "midnight-mcp": { owner: "Olanetsoft", repo: "midnight-mcp" },
1757
+ mcp: { owner: "Olanetsoft", repo: "midnight-mcp" },
1758
+ "compact-playground": { owner: "Olanetsoft", repo: "compact-playground" },
1759
+ playground: { owner: "Olanetsoft", repo: "compact-playground" },
1760
+ "compact-by-example": { owner: "Olanetsoft", repo: "compact-by-example" },
1761
+ "learn-compact": { owner: "Olanetsoft", repo: "learn-compact" },
1762
+ "example-dust-sponsorship": {
1763
+ owner: "Olanetsoft",
1764
+ repo: "example-dust-sponsorship"
1765
+ },
1766
+ "dust-sponsorship": {
1767
+ owner: "Olanetsoft",
1768
+ repo: "example-dust-sponsorship"
1769
+ }
1702
1770
  };
1703
1771
  var EXAMPLES = [
1704
1772
  {
@@ -6930,6 +6998,19 @@ var transports = {
6930
6998
  streamable: {},
6931
6999
  sse: {}
6932
7000
  };
7001
+ function buildAllowlist(port) {
7002
+ const hosts = [`127.0.0.1:${port}`, `localhost:${port}`];
7003
+ const origins = hosts.flatMap((host) => [
7004
+ `http://${host}`,
7005
+ `https://${host}`
7006
+ ]);
7007
+ return { allowedHosts: hosts, allowedOrigins: origins };
7008
+ }
7009
+ function isRebindingBlocked(host, origin, allowedHosts, allowedOrigins) {
7010
+ if (host && !allowedHosts.includes(host)) return true;
7011
+ if (origin && !allowedOrigins.includes(origin)) return true;
7012
+ return false;
7013
+ }
6933
7014
  async function closeTransports(transportMap) {
6934
7015
  const closePromises = Object.values(transportMap).map(
6935
7016
  (transport) => transport.close?.().catch(() => {
@@ -6940,6 +7021,7 @@ async function closeTransports(transportMap) {
6940
7021
  async function startHttpServer(port = 3e3) {
6941
7022
  const mcpServer = await initializeServer();
6942
7023
  const app = express();
7024
+ const { allowedHosts, allowedOrigins } = buildAllowlist(port);
6943
7025
  app.use("/mcp", express.json());
6944
7026
  app.get("/health", (_req, res) => {
6945
7027
  res.json({
@@ -6956,6 +7038,10 @@ async function startHttpServer(port = 3e3) {
6956
7038
  } else if (!sessionId && isInitializeRequest(req.body)) {
6957
7039
  transport = new StreamableHTTPServerTransport({
6958
7040
  sessionIdGenerator: () => randomUUID(),
7041
+ // Block DNS-rebinding attacks from browser pages (loopback allowlist).
7042
+ enableDnsRebindingProtection: true,
7043
+ allowedHosts,
7044
+ allowedOrigins,
6959
7045
  onsessioninitialized: (newSessionId) => {
6960
7046
  transports.streamable[newSessionId] = transport;
6961
7047
  logger.debug(`New streamable session: ${newSessionId}`);
@@ -6993,9 +7079,20 @@ async function startHttpServer(port = 3e3) {
6993
7079
  }
6994
7080
  await transport.handleRequest(req, res, req.body);
6995
7081
  });
6996
- app.get("/sse", async (_req, res) => {
7082
+ app.get("/sse", async (req, res) => {
7083
+ const host = req.headers.host;
7084
+ const origin = req.headers.origin;
7085
+ if (isRebindingBlocked(host, origin, allowedHosts, allowedOrigins)) {
7086
+ logger.warn(`Rejected SSE connection`, { host, origin });
7087
+ res.status(403).send("Forbidden: invalid Host or Origin");
7088
+ return;
7089
+ }
6997
7090
  logger.debug("New SSE connection");
6998
- const transport = new SSEServerTransport("/messages", res);
7091
+ const transport = new SSEServerTransport("/messages", res, {
7092
+ enableDnsRebindingProtection: true,
7093
+ allowedHosts,
7094
+ allowedOrigins
7095
+ });
6999
7096
  transports.sse[transport.sessionId] = transport;
7000
7097
  res.on("close", () => {
7001
7098
  delete transports.sse[transport.sessionId];
@@ -9321,7 +9418,9 @@ async function healthCheck(input) {
9321
9418
  const status = await getHealthStatus();
9322
9419
  return {
9323
9420
  ...status,
9324
- rateLimit: formatRateLimitStatus(),
9421
+ // Return the structured object (not a formatted string) so the value
9422
+ // conforms to the tool's outputSchema, which declares rateLimit as an object.
9423
+ rateLimit: getRateLimitStatus(),
9325
9424
  cacheStats: {
9326
9425
  search: searchCache.getStats(),
9327
9426
  file: fileCache.getStats(),
@@ -9331,7 +9430,7 @@ async function healthCheck(input) {
9331
9430
  }
9332
9431
  return {
9333
9432
  ...getQuickHealthStatus(),
9334
- rateLimit: formatRateLimitStatus()
9433
+ rateLimit: getRateLimitStatus()
9335
9434
  };
9336
9435
  }
9337
9436
  async function getStatus(_input) {
@@ -9371,23 +9470,26 @@ async function checkVersion(_input) {
9371
9470
  const data = await response.json();
9372
9471
  const latestVersion = data.version;
9373
9472
  const isUpToDate = CURRENT_VERSION === latestVersion;
9374
- return {
9473
+ const result = {
9375
9474
  currentVersion: CURRENT_VERSION,
9376
9475
  latestVersion,
9377
9476
  isUpToDate,
9378
- message: isUpToDate ? "\u2705 You are running the latest version!" : `\u26A0\uFE0F UPDATE AVAILABLE: v${latestVersion} (you have v${CURRENT_VERSION})`,
9379
- updateInstructions: isUpToDate ? null : {
9477
+ message: isUpToDate ? "\u2705 You are running the latest version!" : `\u26A0\uFE0F UPDATE AVAILABLE: v${latestVersion} (you have v${CURRENT_VERSION})`
9478
+ };
9479
+ if (!isUpToDate) {
9480
+ result.updateInstructions = {
9380
9481
  step1: "Clear npx cache: rm -rf ~/.npm/_npx (macOS/Linux) or del /s /q %LocalAppData%\\npm-cache\\_npx (Windows)",
9381
9482
  step2: "Restart Claude Desktop completely (Cmd+Q / Alt+F4, then reopen)",
9382
9483
  step3: "Or update config to use: npx -y midnight-mcp@latest (forces latest)",
9383
9484
  alternative: "You can also install globally: npm install -g midnight-mcp@latest"
9384
- },
9385
- newFeatures: isUpToDate ? null : [
9485
+ };
9486
+ result.newFeatures = [
9386
9487
  "Auto-update config tool - AI agents update your config automatically",
9387
9488
  "midnight-extract-contract-structure - Static analysis with 10 pre-compilation checks",
9388
9489
  "MCP Logging, Progress, Completions capabilities"
9389
- ]
9390
- };
9490
+ ];
9491
+ }
9492
+ return result;
9391
9493
  } catch (error) {
9392
9494
  return {
9393
9495
  currentVersion: CURRENT_VERSION,
@@ -11253,4 +11355,4 @@ export {
11253
11355
  startServer,
11254
11356
  startHttpServer
11255
11357
  };
11256
- //# sourceMappingURL=chunk-4CUN6SQZ.js.map
11358
+ //# sourceMappingURL=chunk-T2CXHJAO.js.map
@@ -1624,7 +1624,7 @@ var releaseTracker = new ReleaseTracker();
1624
1624
 
1625
1625
  // src/utils/health.ts
1626
1626
  var startTime = Date.now();
1627
- var VERSION = "0.2.19";
1627
+ var VERSION = "0.2.21";
1628
1628
  async function checkGitHubAPI() {
1629
1629
  const start = Date.now();
1630
1630
  try {
@@ -1652,7 +1652,7 @@ async function checkGitHubAPI() {
1652
1652
  }
1653
1653
  async function checkVectorStore() {
1654
1654
  try {
1655
- const { vectorStore: vectorStore2 } = await import("./db-3CCKZDB7.js");
1655
+ const { vectorStore: vectorStore2 } = await import("./db-5GTR4PCW.js");
1656
1656
  if (vectorStore2) {
1657
1657
  return {
1658
1658
  status: "pass",
@@ -1790,16 +1790,6 @@ function shouldProceedWithRequest() {
1790
1790
  }
1791
1791
  return { proceed: true };
1792
1792
  }
1793
- function formatRateLimitStatus() {
1794
- const status = getRateLimitStatus();
1795
- if (status.isLimited) {
1796
- return `\u26D4 ${status.message}`;
1797
- } else if (status.isWarning) {
1798
- return `\u26A0\uFE0F ${status.message}`;
1799
- } else {
1800
- return `\u2705 ${status.message}`;
1801
- }
1802
- }
1803
1793
 
1804
1794
  // src/utils/cache.ts
1805
1795
  var Cache = class {
@@ -2128,7 +2118,7 @@ function serialize(data) {
2128
2118
  }
2129
2119
 
2130
2120
  // src/utils/version.ts
2131
- var CURRENT_VERSION = "0.2.19";
2121
+ var CURRENT_VERSION = "0.2.21";
2132
2122
 
2133
2123
  // src/db/vectorStore.ts
2134
2124
  var VectorStore = class {
@@ -2338,7 +2328,6 @@ export {
2338
2328
  getHealthStatus,
2339
2329
  getQuickHealthStatus,
2340
2330
  getRateLimitStatus,
2341
- formatRateLimitStatus,
2342
2331
  createCacheKey,
2343
2332
  searchCache,
2344
2333
  fileCache,
@@ -2351,4 +2340,4 @@ export {
2351
2340
  serialize,
2352
2341
  CURRENT_VERSION
2353
2342
  };
2354
- //# sourceMappingURL=chunk-OYH7MAIC.js.map
2343
+ //# sourceMappingURL=chunk-YDH6CRK3.js.map
@@ -0,0 +1,7 @@
1
+ import {
2
+ vectorStore
3
+ } from "./chunk-YDH6CRK3.js";
4
+ export {
5
+ vectorStore
6
+ };
7
+ //# sourceMappingURL=db-5GTR4PCW.js.map
package/dist/index.js CHANGED
@@ -9,10 +9,10 @@ import {
9
9
  promptDefinitions,
10
10
  startHttpServer,
11
11
  startServer
12
- } from "./chunk-4CUN6SQZ.js";
12
+ } from "./chunk-T2CXHJAO.js";
13
13
  import {
14
14
  logger
15
- } from "./chunk-OYH7MAIC.js";
15
+ } from "./chunk-YDH6CRK3.js";
16
16
  export {
17
17
  allResources,
18
18
  allTools,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "midnight-mcp",
3
- "version": "0.2.19",
3
+ "version": "0.2.21",
4
4
  "description": "Model Context Protocol Server for Midnight Blockchain Development",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -10,7 +10,7 @@
10
10
  "scripts": {
11
11
  "build": "tsup",
12
12
  "typecheck": "tsc --noEmit",
13
- "start": "node dist/bin.js --stdio",
13
+ "start": "node dist/bin.js",
14
14
  "start:http": "node dist/bin.js --http",
15
15
  "dev": "NODE_ENV=development tsup --watch",
16
16
  "test": "vitest",
@@ -1,7 +0,0 @@
1
- import {
2
- vectorStore
3
- } from "./chunk-OYH7MAIC.js";
4
- export {
5
- vectorStore
6
- };
7
- //# sourceMappingURL=db-3CCKZDB7.js.map