plumb-mcp-server 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Shashank Gupta
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,294 @@
+# plumb-mcp-server
+
+An LLM-free [MCP](https://modelcontextprotocol.io/) server that exposes Plumb's boundary-analysis tools — dependency-cruiser, ts-morph public-surface, and madge cycle detection — so any MCP client (Claude Desktop, Cursor, or any SDK host) can call them as structured tools.
+
+This server ships the **tools**, not an agent or LLM. No API key. No inference. It returns grounded structural facts that an agent can then reason over — separating the mechanical data-gathering from the judgment layer.
+
+---
+
+## Install & run
+
+Build the package first (from the repo root):
+
+```sh
+pnpm build
+```
+
+The server binary is `plumb-mcp-server`. Run it directly to start the stdio server:
+
+```sh
+plumb-mcp-server
+```
+
+### MCP client config
+
+Add to your MCP client config (e.g. `claude_desktop_config.json` or `mcp.json`):
+
+```json
+{
+  "mcpServers": {
+    "plumb": {
+      "command": "plumb-mcp-server"
+    }
+  }
+}
+```
+
+### Sandbox with `PLUMB_MCP_ALLOWED_ROOT`
+
+By default the server accepts any existing directory. Set `PLUMB_MCP_ALLOWED_ROOT` to restrict analysis to a directory tree and block path-traversal attempts:
+
+```json
+{
+  "mcpServers": {
+    "plumb": {
+      "command": "plumb-mcp-server",
+      "env": {
+        "PLUMB_MCP_ALLOWED_ROOT": "/path/to/your/repos"
+      }
+    }
+  }
+}
+```
+
+---
+
+## Tools
+
+### `dependency-graph`
+
+Analyses module dependencies in a TypeScript repository using dependency-cruiser and returns a flat edge list.
+
+**Input**
+
+| Field | Type | Required | Notes |
+|---|---|---|---|
+| `repoPath` | `string` | yes | Absolute path to the repository root |
+| `doNotFollow` | `string` | no | **Accepted but not yet forwarded to dependency-cruiser — currently a no-op stub.** Ignored at runtime. |
+
+**Output shape**
+
+```ts
+{
+  repoPath: string;
+  modules: string[];              // repo-relative source paths, sorted
+  edges: {
+    from: string;                 // repo-relative source file
+    to: string | null;            // resolved target (null for unresolvable/external)
+    importPath: string;           // the import specifier as written in source
+    line: number | null;          // line number of the import statement
+    external: boolean;            // true for node_modules / unresolvable deps
+    dynamic: boolean;             // true for dynamic import()
+  }[];
+  generatedWith: {
+    tool: 'dependency-cruiser';
+    version: string;
+  };
+}
+```
+
+---
+
+### `public-surface`
+
+Maps each package in the repository to its public API surface: the entrypoint (`src/index.ts`) and the set of modules reachable from it, using ts-morph static resolution.
+
+**Input**
+
+| Field | Type | Required |
+|---|---|---|
+| `repoPath` | `string` | yes |
+
+**Output shape**
+
+```ts
+{
+  repoPath: string;
+  packages: {
+    packageRoot: string;          // repo-relative package directory
+    entrypoint: string | null;    // repo-relative path to src/index.ts, or null
+    publicModules: string[];      // modules reachable from the entrypoint
+  }[];
+  generatedWith: string;          // e.g. "ts-morph@28.0.0"
+}
+```
+
+---
+
+### `detect-cycles`
+
+Finds circular dependencies in a TypeScript repository using madge. Returns cycles as lists of repo-relative file paths.
+
+**Input**
+
+| Field | Type | Required |
+|---|---|---|
+| `repoPath` | `string` | yes |
+
+**Output shape**
+
+```ts
+{
+  repoPath: string;
+  cycles: {
+    members: string[];            // repo-relative paths forming the cycle
+  }[];
+  generatedWith: string;          // e.g. "madge@8.0.0"
+}
+```
+
+---
+
+## Worked example
+
+The repository includes a synthetic labeled fixture at `packages/agent/test/fixtures/flawed-monorepo`. It contains seeded violations (deep-internal imports, cyclic dependencies, inverted-layer dependencies, etc.) used by the eval harness.
+
+### Tool: `detect-cycles`
+
+Call:
+
+```json
+{
+  "tool": "detect-cycles",
+  "arguments": {
+    "repoPath": "<repo-root>/packages/agent/test/fixtures/flawed-monorepo"
+  }
+}
+```
+
+Actual output (captured from a real run):
+
+```json
+{
+  "repoPath": "<repo-root>/packages/agent/test/fixtures/flawed-monorepo",
+  "cycles": [
+    {
+      "members": [
+        "cycle3/src/x.ts",
+        "cycle3/src/y.ts",
+        "cycle3/src/z.ts"
+      ]
+    },
+    {
+      "members": [
+        "graph/src/a.ts",
+        "graph/src/b.ts"
+      ]
+    }
+  ],
+  "generatedWith": "madge@8.0.0"
+}
+```
+
+This surfaces both seeded cycles: the 3-node `cycle3/` ring (P14 in the fixture's violation catalog) and the 2-node `graph/` mutual import (P3).
+
+### Tool: `public-surface`
+
+Call:
+
+```json
+{
+  "tool": "public-surface",
+  "arguments": {
+    "repoPath": "<repo-root>/packages/agent/test/fixtures/flawed-monorepo"
+  }
+}
+```
+
+Actual output (captured from a real run):
+
+```json
+{
+  "repoPath": "<repo-root>/packages/agent/test/fixtures/flawed-monorepo",
+  "packages": [
+    {
+      "packageRoot": "billing",
+      "entrypoint": "billing/src/index.ts",
+      "publicModules": [
+        "billing/src/index.ts",
+        "billing/src/internal/ledger.ts"
+      ]
+    },
+    {
+      "packageRoot": "catalog",
+      "entrypoint": "catalog/src/index.ts",
+      "publicModules": [
+        "catalog/src/index.ts",
+        "catalog/src/products.ts"
+      ]
+    },
+    {
+      "packageRoot": "orders",
+      "entrypoint": "orders/src/index.ts",
+      "publicModules": [
+        "orders/src/checkout.ts",
+        "orders/src/index.ts"
+      ]
+    },
+    {
+      "packageRoot": "payments",
+      "entrypoint": "payments/src/index.ts",
+      "publicModules": [
+        "payments/src/index.ts"
+      ]
+    },
+    {
+      "packageRoot": "remotes/analytics",
+      "entrypoint": "remotes/analytics/src/index.ts",
+      "publicModules": [
+        "remotes/analytics/src/index.ts"
+      ]
+    },
+    {
+      "packageRoot": "remotes/dashboard",
+      "entrypoint": "remotes/dashboard/src/index.ts",
+      "publicModules": [
+        "remotes/dashboard/src/index.ts"
+      ]
+    },
+    {
+      "packageRoot": "shared",
+      "entrypoint": "shared/src/index.ts",
+      "publicModules": [
+        "shared/src/format.ts",
+        "shared/src/index.ts"
+      ]
+    },
+    {
+      "packageRoot": "vendor/react-lite",
+      "entrypoint": "vendor/react-lite/src/index.ts",
+      "publicModules": [
+        "vendor/react-lite/src/index.ts"
+      ]
+    }
+  ],
+  "generatedWith": "ts-morph@28.0.0"
+}
+```
+
+This shows that `shared/src/format.ts` is reachable from `shared/src/index.ts` — so it is "public" in the ts-morph sense — yet violations P6, P7, and P8 import it directly from outside `shared/`, bypassing the entrypoint. The `dependency-graph` tool provides the edge list; an agent composes the two to classify each cross-package edge as `via-entrypoint` or `bypasses-entrypoint`.
+
+---
+
+## The honest boundary
+
+This server returns structural facts. The `surfaceClass`-per-edge labeling that powers Plumb's violation findings — classifying each dependency edge as `via-entrypoint`, `bypasses-entrypoint`, `intra-package`, or `not-a-package-import` — is the **agent's composition** of `public-surface` and `dependency-graph`, not a single tool. That composition layer is intentionally outside this server: it requires LLM judgment to map surface classes to violation categories given an architectural description.
+
+Put differently: `plumb-mcp-server` draws the line at facts. Everything beyond that is reasoning.
+
+---
+
+## Security
+
+- `repoPath` is validated as an existing directory before any tool runs. Empty or whitespace-only values are rejected immediately.
+- Set `PLUMB_MCP_ALLOWED_ROOT` to restrict which directory trees are analyzable and to block path-traversal attempts. The guard resolves real paths (following symlinks) before comparing, so a symlink inside the allowed root that points outside it is caught and rejected.
+- **Path disclosure:** error messages and successful result payloads contain absolute on-disk paths (e.g. `repoPath` is echoed in every Facts object). If the server runs with access to sensitive paths, hosts should filter or redact tool output before surfacing it to end users.
+- **Resource bounds:** the server imposes no timeout or file-count limit on analysis. Point it at a developer-sized repository; avoid enormous monorepos or pathologically deep trees. The underlying tools already skip `node_modules` by default.
+- The server reads files only within the given `repoPath`; it does not execute shell commands or make network requests.
+- No credentials or API keys are required or read.
+
+---
+
+## License & status
+
+`plumb-mcp-server` is part of the [Plumb](https://plumb.sgupta.dev) project — the OSS companion deliverable to the measured Plumb case study. Licensed MIT — see `LICENSE`. The static analysis engine it depends on is published separately as [`plumb-tools`](https://www.npmjs.com/package/plumb-tools).

package/dist/bin.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=bin.d.ts.map

package/dist/bin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":""}

package/dist/bin.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { createServer } from './server.js';
+const server = createServer();
+const transport = new StdioServerTransport();
+await server.connect(transport);
+//# sourceMappingURL=bin.js.map

package/dist/bin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;AAC9B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;AAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { createServer } from './server.js';
+export { resolveRepoPath } from './resolve-repo-path.js';
+export type { ResolveResult } from './resolve-repo-path.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export { createServer } from './server.js';
+export { resolveRepoPath } from './resolve-repo-path.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/resolve-repo-path.d.ts

@@ -0,0 +1,15 @@
+export type ResolveResult = {
+    ok: true;
+    value: string;
+} | {
+    ok: false;
+    error: string;
+};
+/**
+ * Resolves and validates a repoPath from MCP client input.
+ *
+ * Footgun: repoPath crosses a trust boundary here (MCP client is external).
+ * The underlying analysis tools do no path validation themselves.
+ */
+export declare function resolveRepoPath(input: string): ResolveResult;
+//# sourceMappingURL=resolve-repo-path.d.ts.map

package/dist/resolve-repo-path.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-repo-path.d.ts","sourceRoot":"","sources":["../src/resolve-repo-path.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,aAAa,GACrB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC3B;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjC;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAgD5D"}

package/dist/resolve-repo-path.js

@@ -0,0 +1,56 @@
+import { existsSync, realpathSync, statSync } from 'node:fs';
+import { isAbsolute, relative, resolve } from 'node:path';
+/**
+ * Resolves and validates a repoPath from MCP client input.
+ *
+ * Footgun: repoPath crosses a trust boundary here (MCP client is external).
+ * The underlying analysis tools do no path validation themselves.
+ */
+export function resolveRepoPath(input) {
+    if (input.trim() === '') {
+        return { ok: false, error: 'repoPath must be a non-empty path' };
+    }
+    const abs = resolve(input);
+    if (!existsSync(abs)) {
+        return { ok: false, error: `repoPath does not exist: ${abs}` };
+    }
+    if (!statSync(abs).isDirectory()) {
+        return { ok: false, error: `repoPath is not a directory: ${abs}` };
+    }
+    const allowedRoot = process.env['PLUMB_MCP_ALLOWED_ROOT'];
+    if (allowedRoot !== undefined && allowedRoot !== '') {
+        let realRoot;
+        let realAbs;
+        try {
+            realRoot = realpathSync(resolve(allowedRoot));
+        }
+        catch {
+            return { ok: false, error: `PLUMB_MCP_ALLOWED_ROOT does not exist or is not accessible` };
+        }
+        try {
+            realAbs = realpathSync(abs);
+        }
+        catch {
+            return { ok: false, error: `repoPath does not exist: ${abs}` };
+        }
+        const rel = relative(realRoot, realAbs);
+        // rel starts with '..' or is absolute when realAbs is outside realRoot
+        if (rel.startsWith('..') || isAbsolute(rel)) {
+            return {
+                ok: false,
+                error: `repoPath is not within the allowed root (PLUMB_MCP_ALLOWED_ROOT=${realRoot}): ${realAbs}`,
+            };
+        }
+        return { ok: true, value: realAbs };
+    }
+    else {
+        process.stderr.write('[plumb-mcp-server] PLUMB_MCP_ALLOWED_ROOT is not set — any existing directory is accepted\n');
+        try {
+            return { ok: true, value: realpathSync(abs) };
+        }
+        catch {
+            return { ok: false, error: `repoPath does not exist: ${abs}` };
+        }
+    }
+}
+//# sourceMappingURL=resolve-repo-path.js.map

package/dist/resolve-repo-path.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-repo-path.js","sourceRoot":"","sources":["../src/resolve-repo-path.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAM1D;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa;IAC3C,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;IACnE,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;IAE3B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,GAAG,EAAE,EAAE,CAAC;IACjE,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,GAAG,EAAE,EAAE,CAAC;IACrE,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAC1D,IAAI,WAAW,KAAK,SAAS,IAAI,WAAW,KAAK,EAAE,EAAE,CAAC;QACpD,IAAI,QAAgB,CAAC;QACrB,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4DAA4D,EAAE,CAAC;QAC5F,CAAC;QACD,IAAI,CAAC;YACH,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,GAAG,EAAE,EAAE,CAAC;QACjE,CAAC;QACD,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACxC,uEAAuE;QACvE,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,mEAAmE,QAAQ,MAAM,OAAO,EAAE;aAClG,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IACtC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6FAA6F,CAC9F,CAAC;QACF,IAAI,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,GAAG,EAAE,EAAE,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+export declare function createServer(): McpServer;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAgEpE,wBAAgB,YAAY,IAAI,SAAS,CAQxC"}

package/dist/server.js

@@ -0,0 +1,48 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { dependencyGraphTool, publicSurfaceTool, detectCyclesTool, } from 'plumb-tools';
+import { resolveRepoPath } from './resolve-repo-path.js';
+// Generic mapping: one AnalysisTool → one registered MCP tool.
+// Keeps the binding DRY; the name and description come from the tool object
+// so they stay in sync without hardcoding.
+function registerAnalysisTool(server, tool) {
+    // ZodRawShapeCompat = Record<string, AnySchema>; .shape gives us that directly.
+    // We cast through unknown here because TypeScript cannot align the generic
+    // ZodRawShapeCompat inference between our dynamic shape and the SDK's callback
+    // type; the runtime contract is correct.
+    const shape = tool.inputSchema
+        .shape;
+    const handler = async (args) => {
+        const validation = resolveRepoPath(String(args['repoPath'] ?? ''));
+        if (!validation.ok) {
+            return {
+                content: [{ type: 'text', text: validation.error }],
+                isError: true,
+            };
+        }
+        try {
+            const input = { ...args, repoPath: validation.value };
+            const facts = await tool.run(input);
+            return {
+                content: [{ type: 'text', text: JSON.stringify(facts, null, 2) }],
+            };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return {
+                content: [{ type: 'text', text: `Tool execution failed: ${message}` }],
+                isError: true,
+            };
+        }
+    };
+    // Cast handler to satisfy the SDK's generic ToolCallback inference.
+    // The deprecated .tool() overload is simpler to type-check for dynamic shapes.
+    server.tool(tool.name, tool.description, shape, handler);
+}
+export function createServer() {
+    const server = new McpServer({ name: 'plumb-mcp-server', version: '0.1.0' });
+    registerAnalysisTool(server, dependencyGraphTool);
+    registerAnalysisTool(server, publicSurfaceTool);
+    registerAnalysisTool(server, detectCyclesTool);
+    return server;
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAMzD,+DAA+D;AAC/D,4EAA4E;AAC5E,2CAA2C;AAC3C,SAAS,oBAAoB,CAC3B,MAAiB,EACjB,IAAmC;IAEnC,gFAAgF;IAChF,2EAA2E;IAC3E,+EAA+E;IAC/E,yCAAyC;IACzC,MAAM,KAAK,GAAI,IAAI,CAAC,WAA6D;SAC9E,KAAgC,CAAC;IAEpC,MAAM,OAAO,GAAG,KAAK,EAAE,IAA6B,EAAuB,EAAE;QAC3E,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACnE,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;YACnB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC;gBACnD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,UAAU,CAAC,KAAK,EAAY,CAAC;YAChE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAClE,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,0BAA0B,OAAO,EAAE,EAAE,CAAC;gBACtE,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC;IAEF,oEAAoE;IACpE,+EAA+E;IAC9E,MAOC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IAE7E,oBAAoB,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAClD,oBAAoB,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAChD,oBAAoB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAE/C,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "plumb-mcp-server",
+  "version": "0.1.0",
+  "description": "LLM-free MCP server exposing Plumb's boundary-analysis tools: dependency graph, public surface, and cycle detection",
+  "author": "Shashank Gupta",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "architecture",
+    "dependency-analysis",
+    "typescript",
+    "monorepo",
+    "boundaries",
+    "dependency-cruiser",
+    "madge",
+    "ts-morph"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "plumb-mcp-server": "./dist/bin.js"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "plumb-tools": "^0.1.0",
+    "@modelcontextprotocol/sdk": "1.29.0",
+    "zod": "4.4.3"
+  },
+  "scripts": {
+    "typecheck": "tsc --noEmit",
+    "build": "tsc -p tsconfig.build.json"
+  }
+}