neozip-mcp 0.1.0-beta

package/dist/connection/wallet-setup.js

@@ -0,0 +1,70 @@
+import { getAddress } from "ethers";
+import { fetchCryptoSelf } from "../archive/crypto-self.js";
+import { evmIdentityFromMnemonic, evmIdentityFromPrivateKey, generateEvmIdentity, } from "../account/wallet-evm.js";
+import { getActiveConnection, readActiveConnectionSecrets, saveEvmWallet, } from "./store.js";
+import { needsPhoneVerification } from "./phone.js";
+export const WALLET_SETUP_HINT = "Configure a Data Wallet first: neozip-connect wallet create --ack-backup, wallet import-mnemonic, or wallet import-key. Or use finish --create-wallet to generate one (no recovery phrase shown).";
+export async function fetchServerLinkedWalletAddress(baseUrl, accessToken) {
+    const result = await fetchCryptoSelf({
+        tokenServiceAccessToken: accessToken,
+        tokenServiceUrl: baseUrl,
+    }, { serverUrl: baseUrl });
+    if (!result.ok)
+        return null;
+    try {
+        return getAddress(result.data.evmAddress);
+    }
+    catch {
+        return null;
+    }
+}
+export async function validateWalletImportAgainstServer(input) {
+    if (input.force)
+        return;
+    const serverAddress = await fetchServerLinkedWalletAddress(input.origin, input.accessToken);
+    if (!serverAddress)
+        return;
+    const derived = getAddress(input.derivedAddress);
+    if (derived.toLowerCase() !== serverAddress.toLowerCase()) {
+        throw new Error(`Imported wallet (${derived}) differs from the wallet linked on Token Service (${serverAddress}). ` +
+            "Restore the correct recovery phrase or private key, or pass --force to replace the server wallet.");
+    }
+}
+export function requireWalletPreconditions(conn, secrets) {
+    if (!secrets?.accessToken || !conn.emailVerified) {
+        throw new Error("Verify email first. Run neozip-connect verify.");
+    }
+}
+export async function requirePhonePreconditions(conn, origin) {
+    if (await needsPhoneVerification(conn, origin)) {
+        throw new Error("Phone verification required. Run neozip-connect phone request and phone verify.");
+    }
+}
+export function walletAlreadyConfigured(conn, secrets) {
+    return Boolean(secrets?.evmPrivateKeyHex && conn.evmAddress);
+}
+export async function saveImportedWallet(connectionId, evm) {
+    return saveEvmWallet(connectionId, evm.privateKey, evm.address);
+}
+export function createLocalWalletIdentity() {
+    const evm = generateEvmIdentity();
+    if (!evm.mnemonic) {
+        throw new Error("Failed to generate recovery phrase for new Data Wallet");
+    }
+    return evm;
+}
+export function importWalletFromMnemonic(mnemonic) {
+    return evmIdentityFromMnemonic(mnemonic);
+}
+export function importWalletFromPrivateKey(privateKey) {
+    return evmIdentityFromPrivateKey(privateKey);
+}
+export function activeWalletContext() {
+    const conn = getActiveConnection();
+    const secrets = readActiveConnectionSecrets();
+    if (!conn || !secrets) {
+        throw new Error("No active connection. Run neozip-connect first.");
+    }
+    return { conn, secrets, origin: conn.tokenServiceOrigin };
+}
+//# sourceMappingURL=wallet-setup.js.map

package/dist/constants/wallet-identity.js

@@ -0,0 +1,11 @@
+/** Wallet-encrypted X25519 identity key wrap format (Token Service API_IDENTITY.md). */
+export const WRAP_FORMAT_VERSION = 1;
+export const WRAP_KDF_INFO = "NeoZip/WalletEncIK/v1";
+export const WRAP_AEAD = "AES-256-GCM";
+export const WRAP_KDF_SALT_LEN = 32;
+export const WRAP_IV_LEN = 12;
+/** SPKI-DER prefix for X25519 public keys (12 bytes). */
+export const X25519_SPKI_PREFIX = Buffer.from("302a300506032b656e032100", "hex");
+/** neozipkit-pro identity type for Token Service email recipients. */
+export const TOKEN_SERVICE_RECIPIENT_IDENTITY_TYPE = "zipstamp";
+//# sourceMappingURL=wallet-identity.js.map

package/dist/index.js

@@ -0,0 +1,47 @@
+#!/usr/bin/env node
+import "./load-env.js";
+import { loadConfig } from "./config/index.js";
+import { createServer } from "./server.js";
+import { logStartupSummary } from "./startup-summary.js";
+import { assertAccountReadyForStartup } from "./startup-account-gate.js";
+// MCP over stdio: only JSON-RPC must go to stdout.
+const rawStdoutWrite = process.stdout.write.bind(process.stdout);
+process.stdout.write = function (chunk, encodingOrCb, cb) {
+    const buf = typeof chunk === "string" ? chunk : chunk.toString();
+    const isJsonRpc = buf.trimStart().startsWith("{") && buf.includes('"jsonrpc"');
+    if (isJsonRpc) {
+        return rawStdoutWrite(chunk, encodingOrCb, cb);
+    }
+    const done = typeof encodingOrCb === "function"
+        ? encodingOrCb
+        : typeof cb === "function"
+            ? cb
+            : undefined;
+    const ok = process.stderr.write(chunk, typeof encodingOrCb === "function"
+        ? undefined
+        : encodingOrCb, done);
+    if (!ok && done)
+        process.nextTick(() => done());
+    return ok;
+};
+const config = loadConfig();
+if (config.capabilitiesMode === "auto") {
+    console.error(`[neozip-mcp] Capabilities (auto): ${config.capabilities.join(", ")}`);
+}
+if (config.debug) {
+    console.error(`[neozip-mcp] Config: capabilities=${config.capabilities.join(",")}`);
+    console.error(`[neozip-mcp] Sandbox paths: ${config.sandboxPaths.join(", ")}`);
+    console.error(`[neozip-mcp] Rate limits: zip=${config.rateLimit}/min, blockchain=${config.blockchainRateLimit}/min`);
+}
+async function main() {
+    await assertAccountReadyForStartup(config);
+    await logStartupSummary(config);
+    const server = createServer(config);
+    await server.start({ transportType: "stdio" });
+    console.error("[neozip-mcp] Server ready (stdio)");
+}
+main().catch((err) => {
+    console.error(`[neozip-mcp] Fatal: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/load-env.js

@@ -0,0 +1,16 @@
+import dotenv from "dotenv";
+import path from "path";
+// Base defaults from .env; .env.local fills gaps for local dev.
+// Do not override vars already set (e.g. NEOZIP_MCP_* from .cursor/mcp.json).
+dotenv.config();
+const local = dotenv.config({
+    path: path.resolve(process.cwd(), ".env.local"),
+});
+if (local.parsed) {
+    for (const [key, value] of Object.entries(local.parsed)) {
+        if (process.env[key] === undefined) {
+            process.env[key] = value;
+        }
+    }
+}
+//# sourceMappingURL=load-env.js.map

package/dist/neozipkit-node.js

@@ -0,0 +1,11 @@
+import * as neozipNode from "neozipkit/node";
+function resolveZipkitNode() {
+    const d = neozipNode.default;
+    if (typeof d === "function")
+        return d;
+    if (d && typeof d.default === "function")
+        return d.default;
+    throw new Error("Could not resolve ZipkitNode from neozipkit/node");
+}
+export const ZipkitNode = resolveZipkitNode();
+//# sourceMappingURL=neozipkit-node.js.map

package/dist/register/resources.js

@@ -0,0 +1,14 @@
+import { registerZipResources } from "../resources/zip-resource.js";
+export function registerResources(deps) {
+    const hasZipAccess = deps.capabilities.isToolEnabled("list") ||
+        deps.capabilities.isToolEnabled("read_entry") ||
+        deps.capabilities.isToolEnabled("info");
+    if (!hasZipAccess)
+        return;
+    registerZipResources(deps.server, {
+        sandbox: deps.sandbox,
+        resourceLimiter: deps.resourceLimiter,
+        config: deps.config,
+    });
+}
+//# sourceMappingURL=resources.js.map

package/dist/register/tools.js

@@ -0,0 +1,77 @@
+import { errorResult } from "../types/index.js";
+import { compressParameters, executeCompress } from "../tools/compress.js";
+import { extractParameters, executeExtract } from "../tools/extract.js";
+import { listParameters, executeList } from "../tools/list.js";
+import { infoParameters, executeInfo } from "../tools/info.js";
+import { testParameters, executeTest } from "../tools/test.js";
+import { readEntryParameters, executeReadEntry } from "../tools/read-entry.js";
+import { searchEntriesParameters, executeSearchEntries } from "../tools/search-entries.js";
+import { grepEntriesParameters, executeGrepEntries } from "../tools/grep-entries.js";
+import { mintParameters, executeMint } from "../tools/mint.js";
+import { verifyParameters, executeVerify } from "../tools/verify.js";
+import { stampParameters, executeStamp } from "../tools/stamp.js";
+import { upgradeTimestampedParameters, executeUpgradeTimestamped } from "../tools/upgrade.js";
+import { tokenServiceStatusParameters, executeTokenServiceStatus, tokenServiceRegisterParameters, executeTokenServiceRegister, tokenServiceVerifyParameters, executeTokenServiceVerify, } from "../tools/token-service-account.js";
+import { walletInfoParameters, executeWalletInfo } from "../tools/wallet-info.js";
+import { walletConfigStatusParameters, executeWalletConfigStatus, } from "../tools/wallet-config-status.js";
+import { connectStatusParameters, executeConnectStatus, } from "../tools/connect-status.js";
+import { identityStatusParameters, executeIdentityStatus, } from "../tools/identity-status.js";
+import { lookupRecipientParameters, executeLookupRecipient, } from "../tools/lookup-recipient.js";
+import { accountStatusParameters, executeAccountStatus, accountListParameters, executeAccountList, accountCreateParameters, executeAccountCreate, accountSelectParameters, executeAccountSelect, accountRegisterEmailParameters, executeAccountRegisterEmail, accountVerifyEmailParameters, executeAccountVerifyEmail, accountRequestPhoneOtpParameters, executeAccountRequestPhoneOtp, accountVerifyPhoneParameters, executeAccountVerifyPhone, accountCreateWalletParameters, executeAccountCreateWallet, accountImportWalletParameters, executeAccountImportWallet, accountLinkWalletParameters, executeAccountLinkWallet, accountProvisionIdentityParameters, executeAccountProvisionIdentity, accountRemoveParameters, executeAccountRemove, accountLogoutParameters, executeAccountLogout, accountInitializeParameters, executeAccountInitialize, } from "../tools/account.js";
+function registerTool(deps, toolName, description, 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+parameters, execute) {
+    if (!deps.capabilities.isToolEnabled(toolName))
+        return;
+    deps.server.addTool({
+        name: toolName,
+        description,
+        parameters,
+        execute: async (args) => {
+            const check = deps.rateLimiter.check(toolName);
+            if (!check.allowed) {
+                return errorResult(`Rate limit exceeded. Retry after ${Math.ceil((check.retryAfterMs || 0) / 1000)}s.`);
+            }
+            return execute(args);
+        },
+    });
+}
+export function registerTools(deps) {
+    const { sandbox, resourceLimiter, config, auth } = deps;
+    registerTool(deps, "compress", "Create a ZIP archive from files or directories. Defaults to Zstandard compression. Blockchain options require neozip-connect: options.timestamp (verified email), options.tokenize (wallet; supersedes timestamp), options.recipientEmails (full profile). timestamp and tokenize are mutually exclusive. Call connect_status before compress to see readiness and the next neozip-connect command. Set options.password for password ZIPs. recipientEmails is not combinable with timestamp or tokenize.", compressParameters, (args) => executeCompress(args, sandbox, resourceLimiter, config, auth));
+    registerTool(deps, "extract", "Extract a ZIP archive to a directory. Pass options.password for ZipCrypto, WinZip AES-256, or NeoZip AES-256 encrypted entries. Supports overwrite control and timestamp preservation.", extractParameters, (args) => executeExtract(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "list", "List the contents of a ZIP archive. Pass options.password for encrypted archives. JSON format includes per-entry encryptionScheme, archiveKind, and blockchain verification for timestamped/tokenized archives.", listParameters, (args) => executeList(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "info", "Get detailed metadata about a ZIP archive including file count, sizes, compression ratio, methods, encryption status, comment, merkle root, and blockchain timestamp/token verification when metadata is present. Use options.format=json for AI-friendly structured output.", infoParameters, (args) => executeInfo(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "test", "Test ZIP integrity (per-entry checksums). Pass options.password for encrypted archives; set options.verifyPassword true to decrypt and verify the password. For timestamped or tokenized archives, also verifies blockchain status via Token Service / on-chain checks.", testParameters, (args) => executeTest(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "read_entry", "Read the text contents of a specific file inside a ZIP archive without extracting the entire package. Pass options.password for encrypted entries. Supports chunking to fit LLM context limits.", readEntryParameters, (args) => executeReadEntry(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "search_entries", "Perform a keyword or regex search across file names inside a ZIP archive. Pass options.password when the archive is encrypted.", searchEntriesParameters, (args) => executeSearchEntries(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "grep_entries", "Search for text strings or regex matches inside file bodies within a ZIP archive without extracting them. Pass options.password for encrypted archives.", grepEntriesParameters, (args) => executeGrepEntries(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "mint", "Mint a ZIP file's merkle root as an NFT on the blockchain (Base network). Requires wallet configuration.", mintParameters, (args) => executeMint(args, auth, resourceLimiter, config, config.network));
+    registerTool(deps, "verify", "Verify a tokenized ZIP file's authenticity by checking its TOKEN.NZIP metadata against the blockchain. Pass options.password if payload entries are encrypted.", verifyParameters, (args) => executeVerify(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "stamp", "Submit a ZIP file's merkle root to the NeoZip Token Service for blockchain timestamping.", stampParameters, (args) => executeStamp(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "upgrade_timestamped", "Upgrade Timestamped archive: replace META-INF/TS-SUBMIT.NZIP with META-INF/TIMESTAMP.NZIP once the Token Service batch is confirmed on-chain. Enables independent blockchain verification without live Token Service calls.", upgradeTimestampedParameters, (args) => executeUpgradeTimestamped(args, sandbox, resourceLimiter, config));
+    registerTool(deps, "token_service_status", "Check NeoZip Token Service email verification status for timestamping. Reports connect profile email and Token Service URL when configured.", tokenServiceStatusParameters, (args) => executeTokenServiceStatus(args, resourceLimiter, config));
+    registerTool(deps, "token_service_register", "Register an email with the NeoZip Token Service and send a 6-digit verification code. Use token_service_verify after the user receives the code.", tokenServiceRegisterParameters, (args) => executeTokenServiceRegister(args, resourceLimiter, config));
+    registerTool(deps, "token_service_verify", "Verify a NeoZip Token Service email with the 6-digit code from the registration email. Required before timestamping via compress or stamp.", tokenServiceVerifyParameters, (args) => executeTokenServiceVerify(args, resourceLimiter, config));
+    registerTool(deps, "lookup_recipient", "Look up a recipient's Token Service X25519 public key by verified email (GET /crypto/public). Use before compress with options.recipientEmails. Does not return private keys.", lookupRecipientParameters, (args) => executeLookupRecipient(args, resourceLimiter, config));
+    registerTool(deps, "wallet_info", "Display wallet and network status including masked key, address, balance, and supported networks.", walletInfoParameters, (args) => executeWalletInfo(args, auth, resourceLimiter, config.network));
+    registerTool(deps, "wallet_config_status", "Report how wallet, Token Service, and identity credentials are configured (sources and readiness flags; no secret values).", walletConfigStatusParameters, (args) => executeWalletConfigStatus(args, config, auth));
+    registerTool(deps, "connect_status", "Fast neozip-connect readiness check: phase, store health, compress/blockchain tool readiness, interactive and scriptable next commands. Call before compress with timestamp/tokenize/recipientEmails. No network calls.", connectStatusParameters, (args) => executeConnectStatus(args, config, auth));
+    registerTool(deps, "identity_status", "Query Token Service GET /crypto/self for provisioned X25519 identity (requires NEOZIP_TOKEN_SERVICE_ACCESS_TOKEN in MCP env).", identityStatusParameters, (args) => executeIdentityStatus(args, resourceLimiter, config));
+    registerTool(deps, "account_status", "NeoZip account setup phase, masked profile metadata, and nextSteps (no secrets). Use first when onboarding.", accountStatusParameters, (args) => executeAccountStatus(args));
+    registerTool(deps, "account_list", "List local NeoZip MCP profiles on this machine (no secrets).", accountListParameters, (args) => executeAccountList(args));
+    registerTool(deps, "account_create", "Create a new local profile shell and set it active (~/.neozip/mcp/).", accountCreateParameters, (args) => executeAccountCreate(args));
+    registerTool(deps, "account_select", "Set the active profile for subsequent account_* tools and config merge.", accountSelectParameters, (args) => executeAccountSelect(args));
+    registerTool(deps, "account_register_email", "Register email with Token Service (app OTP delivery for MCP). Requires active profile.", accountRegisterEmailParameters, (args) => executeAccountRegisterEmail(args, resourceLimiter));
+    registerTool(deps, "account_verify_email", "Verify email OTP; persist Bearer token to encrypted profile store (never returned in output).", accountVerifyEmailParameters, (args) => executeAccountVerifyEmail(args, resourceLimiter));
+    registerTool(deps, "account_request_phone_otp", "Request SMS OTP for phone verification when Token Service requires it (requires verified email).", accountRequestPhoneOtpParameters, (args) => executeAccountRequestPhoneOtp(args, resourceLimiter));
+    registerTool(deps, "account_verify_phone", "Verify phone SMS OTP and persist phoneE164/phoneVerifiedAt to encrypted profile store.", accountVerifyPhoneParameters, (args) => executeAccountVerifyPhone(args, resourceLimiter));
+    registerTool(deps, "account_create_wallet", "Generate a local EOA Data Wallet; store encrypted private key (never returned).", accountCreateWalletParameters, (args) => executeAccountCreateWallet(args));
+    registerTool(deps, "account_import_wallet", "Import mnemonic or hex private key into encrypted profile (prefer account_create_wallet in agents).", accountImportWalletParameters, (args) => executeAccountImportWallet(args));
+    registerTool(deps, "account_link_wallet", "Ensure and attach Data Wallet on Token Service (signed challenges in-process).", accountLinkWalletParameters, (args) => executeAccountLinkWallet(args, resourceLimiter));
+    registerTool(deps, "account_provision_identity", "Provision X25519 identity key on Token Service for recipient encryption.", accountProvisionIdentityParameters, (args) => executeAccountProvisionIdentity(args, resourceLimiter));
+    registerTool(deps, "account_remove", "Delete a profile and its encrypted secrets (requires confirm: true).", accountRemoveParameters, (args) => executeAccountRemove(args));
+    registerTool(deps, "account_logout", "Log out of NeoZip: clear stored credentials for the active profile (~/.neozip/mcp/), deselect profile, and end the session (like Vercel MCP logout). Reload MCP after logout. Does not delete the profile shell.", accountLogoutParameters, (args) => executeAccountLogout(args));
+    registerTool(deps, "account_initialize", "Guided account setup orchestrator (auto runs next safe step; returns account_status JSON).", accountInitializeParameters, (args) => executeAccountInitialize(args, resourceLimiter));
+}
+//# sourceMappingURL=tools.js.map

package/dist/resources/zip-resource.js

@@ -0,0 +1,40 @@
+import { openArchive } from "../archive/open-archive.js";
+import { readEntryContent } from "../archive/read-entry-content.js";
+import { buildArchiveManifest } from "../archive/manifest.js";
+import { parseZipResourceUri } from "./zip-uri.js";
+export function registerZipResources(server, deps) {
+    server.addResourceTemplate({
+        name: "zip-entry",
+        uriTemplate: "zip://{+path}",
+        description: "Read a file inside a ZIP archive without full extraction. URI format: zip://{archivePath}/{internalEntryPath}",
+        mimeType: "text/plain",
+        arguments: [
+            {
+                name: "path",
+                description: "Archive path and internal entry, e.g. /home/user/archive.nzip/src/index.js",
+            },
+            {
+                name: "password",
+                description: "Optional password for password-protected entries (required when archive uses ZipCrypto, WinZip AES, or NeoZip AES).",
+            },
+        ],
+        load: async (args) => {
+            const { archivePath, entryPath } = parseZipResourceUri(`zip://${args.path}`);
+            const { zip, entries } = await openArchive(archivePath, deps.sandbox, deps.resourceLimiter, deps.config, { password: args.password });
+            if (!entryPath) {
+                const manifest = buildArchiveManifest(archivePath, entries);
+                return {
+                    text: JSON.stringify(manifest, null, 2),
+                };
+            }
+            const readResult = await readEntryContent(zip, entries, deps.config, {
+                entryPath,
+                translate: true,
+            });
+            return {
+                text: readResult.content,
+            };
+        },
+    });
+}
+//# sourceMappingURL=zip-resource.js.map

package/dist/resources/zip-uri.js

@@ -0,0 +1,23 @@
+export function parseZipResourceUri(uri) {
+    if (!uri.startsWith("zip://")) {
+        throw new Error(`Invalid zip resource URI: ${uri}`);
+    }
+    const rest = decodeURIComponent(uri.slice("zip://".length));
+    const archiveMatch = rest.match(/^(.+?\.(?:zip|nzip))(?:\/(.*))?$/i);
+    if (!archiveMatch) {
+        throw new Error(`Cannot parse archive path from URI: ${uri}`);
+    }
+    return {
+        archivePath: archiveMatch[1],
+        entryPath: archiveMatch[2] ?? "",
+    };
+}
+export function buildZipResourceUri(archivePath, entryPath) {
+    const encodedArchive = encodeURIComponent(archivePath.replace(/\\/g, "/"));
+    if (!entryPath) {
+        return `zip://${encodedArchive}`;
+    }
+    const normalizedEntry = entryPath.replace(/\\/g, "/").replace(/^\/+/, "");
+    return `zip://${encodedArchive}/${normalizedEntry}`;
+}
+//# sourceMappingURL=zip-uri.js.map

package/dist/security/auth.js

@@ -0,0 +1,28 @@
+export class AuthGuard {
+    constructor(config) {
+        this.apiKey = config.apiKey;
+        this.walletKey = config.walletKey;
+    }
+    requireWalletKey() {
+        if (!this.walletKey) {
+            throw new Error("Wallet private key required for blockchain operations. " +
+                "Run neozip-connect finish to create and link a wallet.");
+        }
+        return this.walletKey;
+    }
+    hasWalletKey() {
+        return !!this.walletKey;
+    }
+    getWalletKey() {
+        return this.walletKey;
+    }
+    /**
+     * Mask a private key for display (show first 6 and last 4 chars)
+     */
+    static maskKey(key) {
+        if (key.length <= 10)
+            return "****";
+        return key.slice(0, 6) + "..." + key.slice(-4);
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/security/capabilities.js

@@ -0,0 +1,85 @@
+const TOOL_GROUPS = {
+    zip: [
+        "compress",
+        "extract",
+        "list",
+        "info",
+        "test",
+        "read_entry",
+        "search_entries",
+        "grep_entries",
+        "upgrade_timestamped",
+        "token_service_status",
+        "lookup_recipient",
+        "wallet_config_status",
+        "identity_status",
+        "connect_status",
+    ],
+    blockchain: [
+        "mint",
+        "verify",
+        "stamp",
+        "upgrade_timestamped",
+        "wallet_info",
+        "wallet_config_status",
+        "identity_status",
+        "token_service_status",
+        "token_service_register",
+        "token_service_verify",
+        "connect_status",
+    ],
+    account: [
+        "account_status",
+        "account_list",
+        "account_create",
+        "account_select",
+        "account_register_email",
+        "account_verify_email",
+        "account_create_wallet",
+        "account_import_wallet",
+        "account_link_wallet",
+        "account_provision_identity",
+        "account_remove",
+        "account_logout",
+        "account_initialize",
+        "wallet_config_status",
+        "identity_status",
+        "connect_status",
+    ],
+    readonly: [
+        "list",
+        "info",
+        "test",
+        "verify",
+        "wallet_info",
+        "wallet_config_status",
+        "identity_status",
+        "read_entry",
+        "search_entries",
+        "grep_entries",
+        "upgrade_timestamped",
+        "token_service_status",
+        "lookup_recipient",
+        "connect_status",
+    ],
+};
+export class CapabilityScope {
+    constructor(capabilities) {
+        this.enabledTools = new Set();
+        for (const group of capabilities) {
+            const tools = TOOL_GROUPS[group];
+            if (tools) {
+                for (const tool of tools) {
+                    this.enabledTools.add(tool);
+                }
+            }
+        }
+    }
+    isToolEnabled(toolName) {
+        return this.enabledTools.has(toolName);
+    }
+    getEnabledTools() {
+        return [...this.enabledTools];
+    }
+}
+//# sourceMappingURL=capabilities.js.map

package/dist/security/rate-limiter.js

@@ -0,0 +1,43 @@
+export class RateLimiter {
+    constructor(defaultLimit, blockchainLimit) {
+        this.buckets = new Map();
+        this.defaultLimit = defaultLimit;
+        this.blockchainLimit = blockchainLimit;
+    }
+    check(toolName) {
+        const limit = RateLimiter.BLOCKCHAIN_TOOLS.has(toolName)
+            ? this.blockchainLimit
+            : this.defaultLimit;
+        const now = Date.now();
+        const intervalMs = 60000;
+        let bucket = this.buckets.get(toolName);
+        if (!bucket) {
+            bucket = { tokens: limit, lastRefill: now };
+            this.buckets.set(toolName, bucket);
+        }
+        const elapsed = now - bucket.lastRefill;
+        if (elapsed >= intervalMs) {
+            bucket.tokens = limit;
+            bucket.lastRefill = now;
+        }
+        else {
+            const refill = (elapsed / intervalMs) * limit;
+            bucket.tokens = Math.min(limit, bucket.tokens + refill);
+            bucket.lastRefill = now;
+        }
+        if (bucket.tokens >= 1) {
+            bucket.tokens -= 1;
+            return { allowed: true };
+        }
+        const retryAfterMs = Math.ceil(((1 - bucket.tokens) / limit) * intervalMs);
+        return { allowed: false, retryAfterMs };
+    }
+}
+RateLimiter.BLOCKCHAIN_TOOLS = new Set([
+    "mint", "verify", "stamp", "upgrade_timestamped", "wallet_info",
+    "token_service_register", "token_service_verify",
+    "account_register_email", "account_verify_email", "account_create_wallet",
+    "account_import_wallet", "account_link_wallet", "account_provision_identity",
+    "account_logout", "account_initialize",
+]);
+//# sourceMappingURL=rate-limiter.js.map

package/dist/security/resource-limiter.js

@@ -0,0 +1,44 @@
+import * as fs from "fs";
+export class ResourceLimiter {
+    constructor(maxFileSize, maxEntries, timeoutSeconds) {
+        this.maxFileSize = maxFileSize;
+        this.maxEntries = maxEntries;
+        this.timeoutMs = timeoutSeconds * 1000;
+    }
+    async checkFileSize(filePath) {
+        try {
+            const stats = await fs.promises.stat(filePath);
+            if (stats.size > this.maxFileSize) {
+                const sizeMB = (stats.size / 1024 / 1024).toFixed(1);
+                const maxMB = (this.maxFileSize / 1024 / 1024).toFixed(1);
+                throw new Error(`File size ${sizeMB} MB exceeds limit of ${maxMB} MB`);
+            }
+        }
+        catch (err) {
+            if (err instanceof Error && err.message.includes("exceeds limit"))
+                throw err;
+            // File may not exist yet (output), that's fine
+        }
+    }
+    checkEntryCount(count) {
+        if (count > this.maxEntries) {
+            throw new Error(`ZIP contains ${count} entries, exceeding limit of ${this.maxEntries}`);
+        }
+    }
+    async withTimeout(operation, label) {
+        const controller = new AbortController();
+        const timer = setTimeout(() => controller.abort(), this.timeoutMs);
+        try {
+            return await Promise.race([
+                operation(),
+                new Promise((_, reject) => {
+                    controller.signal.addEventListener("abort", () => reject(new Error(`Operation "${label}" timed out after ${this.timeoutMs / 1000}s`)));
+                }),
+            ]);
+        }
+        finally {
+            clearTimeout(timer);
+        }
+    }
+}
+//# sourceMappingURL=resource-limiter.js.map

package/dist/security/sandbox.js

@@ -0,0 +1,61 @@
+import * as fs from "fs";
+import * as path from "path";
+import * as os from "os";
+const DENY_LIST = [
+    path.join(os.homedir(), ".ssh"),
+    path.join(os.homedir(), ".gnupg"),
+    path.join(os.homedir(), ".aws"),
+    "/etc/shadow",
+    "/etc/passwd",
+];
+const DENY_WRITE_LIST = [
+    path.join(os.homedir(), ".neozip", "wallet.json"),
+];
+export class PathSandbox {
+    constructor(allowedPaths) {
+        this.allowedRoots = allowedPaths.map((p) => path.resolve(p));
+    }
+    async validatePath(targetPath, write = false) {
+        const resolved = path.resolve(targetPath);
+        if (resolved.includes("\0")) {
+            throw new Error("Path contains null bytes");
+        }
+        const normalized = path.normalize(resolved);
+        let realPath;
+        try {
+            realPath = await fs.promises.realpath(normalized);
+        }
+        catch {
+            // File may not exist yet (e.g. output path); validate the parent
+            const parent = path.dirname(normalized);
+            try {
+                const realParent = await fs.promises.realpath(parent);
+                realPath = path.join(realParent, path.basename(normalized));
+            }
+            catch {
+                realPath = normalized;
+            }
+        }
+        for (const denied of DENY_LIST) {
+            if (realPath.startsWith(denied + path.sep) || realPath === denied) {
+                throw new Error(`Access denied: ${targetPath} is in a restricted location`);
+            }
+        }
+        if (write) {
+            for (const denied of DENY_WRITE_LIST) {
+                if (realPath === denied) {
+                    throw new Error(`Write access denied: ${targetPath}`);
+                }
+            }
+        }
+        const inAllowed = this.allowedRoots.some((root) => realPath.startsWith(root + path.sep) || realPath === root);
+        if (!inAllowed) {
+            throw new Error(`Path outside sandbox: ${targetPath} is not within allowed directories`);
+        }
+        return realPath;
+    }
+    async validatePaths(paths, write = false) {
+        return Promise.all(paths.map((p) => this.validatePath(p, write)));
+    }
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/server.js

@@ -0,0 +1,32 @@
+import { FastMCP } from "fastmcp";
+import { PathSandbox } from "./security/sandbox.js";
+import { CapabilityScope } from "./security/capabilities.js";
+import { RateLimiter } from "./security/rate-limiter.js";
+import { ResourceLimiter } from "./security/resource-limiter.js";
+import { AuthGuard } from "./security/auth.js";
+import { registerTools } from "./register/tools.js";
+import { registerResources } from "./register/resources.js";
+export function createServer(config) {
+    const server = new FastMCP({
+        name: "NeoZip MCP Server",
+        version: "0.2.0",
+    });
+    const sandbox = new PathSandbox(config.sandboxPaths);
+    const capabilities = new CapabilityScope(config.capabilities);
+    const rateLimiter = new RateLimiter(config.rateLimit, config.blockchainRateLimit);
+    const resourceLimiter = new ResourceLimiter(config.maxFileSize, config.maxEntries, config.timeoutSeconds);
+    const auth = new AuthGuard(config);
+    const deps = {
+        server,
+        config,
+        capabilities,
+        rateLimiter,
+        sandbox,
+        resourceLimiter,
+        auth,
+    };
+    registerTools(deps);
+    registerResources(deps);
+    return server;
+}
+//# sourceMappingURL=server.js.map