opencode-pair-autonomy 1.0.0

package/vendor/mcp/pg-mcp/package.json

@@ -0,0 +1,18 @@
+{
+  "name": "pg-mcp-server",
+  "version": "1.0.0",
+  "description": "PostgreSQL icin basit ve salt-okunur MCP sunucusu",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "pg-mcp": "./src/index.js"
+  },
+  "scripts": {
+    "start": "node src/index.js",
+    "check": "node --check src/index.js && node --check src/config.js && node --check src/db.js && node --check src/sqlGuard.js && node --check src/tools.js"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "pg": "^8.13.1"
+  }
+}

package/vendor/mcp/pg-mcp/src/config.js

@@ -0,0 +1,71 @@
+import { existsSync, readFileSync } from "fs";
+import { dirname, join } from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+function toPositiveInt(value, fallback) {
+  const n = Number(value);
+  if (!Number.isFinite(n) || n <= 0) return fallback;
+  return Math.floor(n);
+}
+
+function normalizeConnection(connection) {
+  return {
+    host: connection.host || "127.0.0.1",
+    port: toPositiveInt(connection.port, 5432),
+    user: connection.user || "postgres",
+    password: connection.password || "",
+    database: connection.database || "postgres",
+    description: connection.description || "",
+    statement_timeout_ms: toPositiveInt(connection.statement_timeout_ms, 10000),
+    default_row_limit: toPositiveInt(connection.default_row_limit, 100),
+    max_row_limit: toPositiveInt(connection.max_row_limit, 1000),
+    ssl: Boolean(connection.ssl),
+  };
+}
+
+export function loadConfig() {
+  const candidates = [
+    process.env.PG_MCP_CONFIG_PATH,
+    join(__dirname, "../config.json"),
+    join(process.cwd(), "config.json"),
+  ].filter(Boolean);
+
+  let rawConfig;
+  for (const configPath of candidates) {
+    if (existsSync(configPath)) {
+      rawConfig = JSON.parse(readFileSync(configPath, "utf8"));
+      break;
+    }
+  }
+
+  if (!rawConfig) {
+    throw new Error("config.json bulunamadi. PG_MCP_CONFIG_PATH ayarlayin veya proje kokune config.json koyun.");
+  }
+
+  if (!rawConfig.connections || typeof rawConfig.connections !== "object") {
+    throw new Error("config.json icinde 'connections' nesnesi olmalidir.");
+  }
+
+  const entries = Object.entries(rawConfig.connections);
+  if (entries.length === 0) {
+    throw new Error("En az bir baglanti tanimlamalisiniz (connections).");
+  }
+
+  const connections = {};
+  for (const [name, connection] of entries) {
+    if (!connection || typeof connection !== "object") {
+      throw new Error(`'${name}' baglantisi gecersiz.`);
+    }
+
+    const normalized = normalizeConnection(connection);
+    if (normalized.default_row_limit > normalized.max_row_limit) {
+      throw new Error(`'${name}' icin default_row_limit, max_row_limit degerinden buyuk olamaz.`);
+    }
+
+    connections[name] = normalized;
+  }
+
+  return { connections };
+}

package/vendor/mcp/pg-mcp/src/db.js

@@ -0,0 +1,85 @@
+import pg from "pg";
+
+const { Pool } = pg;
+
+function normalizeTimeout(value, fallback = 10000) {
+  const n = Number(value);
+  if (!Number.isFinite(n) || n <= 0) return fallback;
+  return Math.floor(n);
+}
+
+export class DbManager {
+  constructor(config) {
+    this.config = config;
+    this.pools = new Map();
+  }
+
+  getConnectionNames() {
+    return Object.keys(this.config.connections);
+  }
+
+  getConnectionConfig(name) {
+    const cfg = this.config.connections[name];
+    if (!cfg) {
+      const available = this.getConnectionNames().join(", ");
+      throw new Error(`Baglanti bulunamadi: '${name}'. Mevcut baglantilar: ${available}`);
+    }
+    return cfg;
+  }
+
+  getPool(name, databaseOverride = null) {
+    const connection = this.getConnectionConfig(name);
+    const database = databaseOverride || connection.database;
+    const poolKey = `${name}::${database}`;
+
+    if (!this.pools.has(poolKey)) {
+      const c = this.getConnectionConfig(name);
+      this.pools.set(
+        poolKey,
+        new Pool({
+          host: c.host,
+          port: c.port,
+          user: c.user,
+          password: c.password,
+          database,
+          ssl: c.ssl ? { rejectUnauthorized: false } : false,
+          max: 5,
+        })
+      );
+    }
+
+    return this.pools.get(poolKey);
+  }
+
+  async runReadOnly(connectionName, sql, params = [], options = {}) {
+    const connection = this.getConnectionConfig(connectionName);
+    const statementTimeout = normalizeTimeout(connection.statement_timeout_ms);
+    const database = options.database || null;
+
+    const client = await this.getPool(connectionName, database).connect();
+    try {
+      await client.query("BEGIN READ ONLY");
+      await client.query(`SET LOCAL statement_timeout = ${statementTimeout}`);
+      const result = await client.query(sql, params);
+      await client.query("COMMIT");
+      return result;
+    } catch (error) {
+      try {
+        await client.query("ROLLBACK");
+      } catch {
+        // ROLLBACK hatasi olursa asil hatayi koruyoruz.
+      }
+      throw error;
+    } finally {
+      client.release();
+    }
+  }
+
+  async closeAll() {
+    const tasks = [];
+    for (const pool of this.pools.values()) {
+      tasks.push(pool.end());
+    }
+    await Promise.all(tasks);
+  }
+}

package/vendor/mcp/pg-mcp/src/index.js

@@ -0,0 +1,203 @@
+#!/usr/bin/env node
+
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { loadConfig } from "./config.js";
+import { DbManager } from "./db.js";
+import { buildLimitedQuery, resolveRowLimit, validateAndNormalizeSelect } from "./sqlGuard.js";
+import { buildToolDefinitions, fail, ok } from "./tools.js";
+
+const config = loadConfig();
+const db = new DbManager(config);
+const connectionNames = db.getConnectionNames();
+
+function normalizeDatabaseName(value) {
+  if (value == null) return null;
+  if (typeof value !== "string") {
+    throw new Error("'database' alani metin olmalidir.");
+  }
+
+  const trimmed = value.trim();
+  if (!trimmed) return null;
+  if (!/^[a-zA-Z0-9_\-]+$/.test(trimmed)) {
+    throw new Error("'database' alani gecersiz karakter iceriyor.");
+  }
+
+  return trimmed;
+}
+
+const server = new Server(
+  { name: "pg-mcp-server", version: "1.0.0" },
+  { capabilities: { tools: {} } }
+);
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: buildToolDefinitions(connectionNames),
+}));
+
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  const { name, arguments: args } = request.params;
+
+  try {
+    switch (name) {
+      case "list_connections": {
+        const list = connectionNames.map((connectionName) => {
+          const c = db.getConnectionConfig(connectionName);
+          return {
+            name: connectionName,
+            description: c.description,
+            host: c.host,
+            port: c.port,
+            database: c.database,
+            statement_timeout_ms: c.statement_timeout_ms,
+            default_row_limit: c.default_row_limit,
+            max_row_limit: c.max_row_limit,
+          };
+        });
+        return ok(list);
+      }
+
+      case "list_databases": {
+        const connection = args?.connection;
+        if (!connection) return fail("'connection' alani zorunludur.");
+
+        const result = await db.runReadOnly(
+          connection,
+          `
+            SELECT datname AS database_name
+            FROM pg_database
+            WHERE datallowconn = true
+              AND NOT datistemplate
+            ORDER BY datname
+          `
+        );
+
+        return ok(result.rows);
+      }
+
+      case "list_schemas": {
+        const connection = args?.connection;
+        const database = normalizeDatabaseName(args?.database);
+        if (!connection) return fail("'connection' alani zorunludur.");
+
+        const result = await db.runReadOnly(
+          connection,
+          `
+            SELECT schema_name
+            FROM information_schema.schemata
+            WHERE schema_name NOT IN ('pg_catalog', 'information_schema')
+            ORDER BY schema_name
+          `,
+          [],
+          { database }
+        );
+
+        return ok(result.rows);
+      }
+
+      case "list_tables": {
+        const connection = args?.connection;
+        const database = normalizeDatabaseName(args?.database);
+        const schema = args?.schema ?? null;
+        if (!connection) return fail("'connection' alani zorunludur.");
+
+        const result = await db.runReadOnly(
+          connection,
+          `
+            SELECT table_schema, table_name, table_type
+            FROM information_schema.tables
+            WHERE table_schema NOT IN ('pg_catalog', 'information_schema')
+              AND ($1::text IS NULL OR table_schema = $1)
+            ORDER BY table_schema, table_name
+          `,
+          [schema],
+          { database }
+        );
+
+        return ok(result.rows);
+      }
+
+      case "describe_table": {
+        const connection = args?.connection;
+        const database = normalizeDatabaseName(args?.database);
+        const table = args?.table;
+        const schema = args?.schema ?? null;
+        if (!connection) return fail("'connection' alani zorunludur.");
+        if (!table) return fail("'table' alani zorunludur.");
+
+        const result = await db.runReadOnly(
+          connection,
+          `
+            SELECT
+              table_schema,
+              table_name,
+              column_name,
+              ordinal_position,
+              data_type,
+              is_nullable,
+              column_default
+            FROM information_schema.columns
+            WHERE table_name = $1
+              AND ($2::text IS NULL OR table_schema = $2)
+            ORDER BY table_schema, table_name, ordinal_position
+          `,
+          [table, schema],
+          { database }
+        );
+
+        if (result.rows.length === 0) {
+          return fail("Tablo bulunamadi. 'schema' alanini gondererek tekrar deneyin.");
+        }
+
+        return ok(result.rows);
+      }
+
+      case "execute_select": {
+        const connection = args?.connection;
+        const database = normalizeDatabaseName(args?.database);
+        const query = args?.query;
+        const requestedRowLimit = args?.row_limit;
+
+        if (!connection) return fail("'connection' alani zorunludur.");
+        if (!query) return fail("'query' alani zorunludur.");
+
+        const connectionConfig = db.getConnectionConfig(connection);
+        const normalizedQuery = validateAndNormalizeSelect(query);
+        const appliedRowLimit = resolveRowLimit(requestedRowLimit, connectionConfig);
+        const limitedQuery = buildLimitedQuery(normalizedQuery, appliedRowLimit);
+        const result = await db.runReadOnly(connection, limitedQuery, [], { database });
+
+        return ok({
+          row_count: result.rowCount,
+          row_limit: appliedRowLimit,
+          rows: result.rows,
+        });
+      }
+
+      default:
+        return fail(`Bilinmeyen arac: ${name}`);
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return fail(`Hata: ${message}`);
+  }
+});
+
+async function main() {
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}
+
+main().catch((error) => {
+  const message = error instanceof Error ? error.message : String(error);
+  console.error(`Sunucu baslatilamadi: ${message}`);
+  process.exit(1);
+});
+
+for (const signal of ["SIGINT", "SIGTERM"]) {
+  process.on(signal, async () => {
+    await db.closeAll();
+    process.exit(0);
+  });
+}

package/vendor/mcp/pg-mcp/src/sqlGuard.js

@@ -0,0 +1,75 @@
+const BLOCKED_KEYWORDS = [
+  "INSERT",
+  "UPDATE",
+  "DELETE",
+  "UPSERT",
+  "MERGE",
+  "DROP",
+  "ALTER",
+  "CREATE",
+  "TRUNCATE",
+  "GRANT",
+  "REVOKE",
+  "COPY",
+  "CALL",
+  "DO",
+  "VACUUM",
+  "ANALYZE",
+  "REINDEX",
+  "COMMENT",
+  "CLUSTER",
+  "LOCK",
+  "SET",
+  "RESET",
+  "BEGIN",
+  "COMMIT",
+  "ROLLBACK",
+  "INTO",
+];
+
+const blockedKeywordRegex = new RegExp(`\\b(${BLOCKED_KEYWORDS.join("|")})\\b`, "i");
+
+export function validateAndNormalizeSelect(rawQuery) {
+  if (typeof rawQuery !== "string") {
+    throw new Error("Sorgu metin (string) olmalidir.");
+  }
+
+  let query = rawQuery.trim();
+  if (!query) {
+    throw new Error("Sorgu bos olamaz.");
+  }
+
+  while (query.endsWith(";")) {
+    query = query.slice(0, -1).trim();
+  }
+
+  if (query.includes(";")) {
+    throw new Error("Tek seferde yalnizca tek bir SQL ifadesi calistirilabilir.");
+  }
+
+  if (!/^(SELECT|WITH)\b/i.test(query)) {
+    throw new Error("Yalnizca SELECT sorgularina izin verilir.");
+  }
+
+  if (blockedKeywordRegex.test(query)) {
+    throw new Error("Sorgu yazma/DDL iceren ifadeler barindiriyor. Yalnizca salt-okunur SELECT kullanin.");
+  }
+
+  return query;
+}
+
+export function resolveRowLimit(requestedRowLimit, connectionConfig) {
+  const defaultLimit = connectionConfig.default_row_limit;
+  const maxLimit = connectionConfig.max_row_limit;
+  const chosen = requestedRowLimit == null ? defaultLimit : Number(requestedRowLimit);
+
+  if (!Number.isFinite(chosen) || chosen <= 0) {
+    throw new Error("row_limit pozitif bir sayi olmalidir.");
+  }
+
+  return Math.min(Math.floor(chosen), maxLimit);
+}
+
+export function buildLimitedQuery(query, rowLimit) {
+  return `SELECT * FROM (${query}) AS mcp_readonly_query LIMIT ${rowLimit}`;
+}

package/vendor/mcp/pg-mcp/src/tools.js

@@ -0,0 +1,89 @@
+export function buildToolDefinitions(connectionNames) {
+  return [
+    {
+      name: "list_connections",
+      description: "Tanimli PostgreSQL baglantilarini listeler.",
+      inputSchema: {
+        type: "object",
+        properties: {},
+      },
+    },
+    {
+      name: "list_databases",
+      description: "Secilen baglantidaki erisilebilir veritabanlarini listeler.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: connectionNames },
+        },
+        required: ["connection"],
+      },
+    },
+    {
+      name: "list_schemas",
+      description: "Secilen baglantidaki semalari listeler.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: connectionNames },
+          database: { type: "string" },
+        },
+        required: ["connection"],
+      },
+    },
+    {
+      name: "list_tables",
+      description: "Secilen baglantida tablolari listeler. Isterseniz schema verebilirsiniz.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: connectionNames },
+          database: { type: "string" },
+          schema: { type: "string" },
+        },
+        required: ["connection"],
+      },
+    },
+    {
+      name: "describe_table",
+      description: "Bir tablonun kolon bilgilerini dondurur.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: connectionNames },
+          database: { type: "string" },
+          table: { type: "string" },
+          schema: { type: "string" },
+        },
+        required: ["connection", "table"],
+      },
+    },
+    {
+      name: "execute_select",
+      description: "Salt-okunur SELECT sorgusu calistirir. Satir limiti uygulanir.",
+      inputSchema: {
+        type: "object",
+        properties: {
+          connection: { type: "string", enum: connectionNames },
+          database: { type: "string" },
+          query: { type: "string" },
+          row_limit: { type: "number" },
+        },
+        required: ["connection", "query"],
+      },
+    },
+  ];
+}
+
+export function ok(payload) {
+  return {
+    content: [{ type: "text", text: JSON.stringify(payload, null, 2) }],
+  };
+}
+
+export function fail(message) {
+  return {
+    content: [{ type: "text", text: message }],
+    isError: true,
+  };
+}

package/vendor/mcp/ssh-mcp/README.md

@@ -0,0 +1,46 @@
+# SSH MCP Server (v2)
+
+Modernized SSH MCP server with stricter validation, timeout controls, output limits, and optional command allowlists.
+
+## Features
+
+- Config validation with `zod`
+- Per-host timeout and output limits
+- Optional per-host command allowlist
+- Password auth (`password` or `passwordEnv`) and key auth (`keyPath`)
+- Structured JSON responses for `list_hosts`, `test_connection`, `run_command`
+
+## Install
+
+```bash
+npm install
+```
+
+## Configuration
+
+1. Copy the example file:
+
+```bash
+cp config.example.json config.json
+```
+
+2. Fill your host definitions.
+
+By default, the server looks for config in this order:
+
+1. `SSH_MCP_CONFIG_PATH`
+2. `./config.json` (next to this package)
+3. `config.json` in current working directory
+
+## Tools
+
+- `list_hosts`
+- `test_connection`
+- `run_command`
+
+## Security Notes
+
+- Prefer `keyPath` over plain password.
+- Prefer `passwordEnv` over hardcoded passwords.
+- Use `command_allowlist` for production hosts.
+- Keep `StrictHostKeyChecking` at `accept-new` or `yes` unless you have a clear reason not to.

package/vendor/mcp/ssh-mcp/config.example.json

@@ -0,0 +1,23 @@
+{
+  "default_timeout_seconds": 60,
+  "max_timeout_seconds": 600,
+  "max_output_bytes": 131072,
+  "hosts": {
+    "example": {
+      "host": "203.0.113.10",
+      "port": 22,
+      "user": "root",
+      "description": "Example host",
+      "keyPath": "~/.ssh/id_rsa",
+      "passwordEnv": "SSH_PASSWORD_EXAMPLE",
+      "connect_timeout_seconds": 15,
+      "ready_command": "echo SSH_OK",
+      "strict_host_key_checking": "accept-new",
+      "command_allowlist": [
+        "ls *",
+        "df -h*",
+        "systemctl status *"
+      ]
+    }
+  }
+}

package/vendor/mcp/ssh-mcp/config.json

@@ -0,0 +1,6 @@
+{
+  "default_timeout_seconds": 60,
+  "max_timeout_seconds": 600,
+  "max_output_bytes": 131072,
+  "hosts": {}
+}