protect-mcp 0.2.1 → 0.3.0

package/dist/cli.mjs

@@ -4,7 +4,7 @@ import {
   initSigning,
   loadPolicy,
   validateCredentials
-} from "./chunk-ZCKNFULF.mjs";
+} from "./chunk-3WCA7O4D.mjs";
 
 // src/cli.ts
 function printHelp() {
@@ -14,6 +14,8 @@ protect-mcp \u2014 Shadow-mode security gateway for MCP servers
 Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp init [--dir <path>]
+  protect-mcp demo
+  protect-mcp status [--dir <path>]
 
 Options:
   --policy <path>   Policy/config JSON file (default: allow-all)
@@ -24,12 +26,16 @@ Options:
 
 Commands:
   init              Generate config template, Ed25519 keypair, and sample policy
+  demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
+  status            Show tool call statistics from the local decision log
 
 Examples:
   protect-mcp -- node my-server.js
   protect-mcp --policy protect-mcp.json -- node my-server.js
   protect-mcp --policy protect-mcp.json --enforce -- node my-server.js
   protect-mcp init
+  protect-mcp demo
+  protect-mcp status
 
 `);
 }
@@ -144,19 +150,27 @@ async function handleInit(argv) {
     },
     credentials: {
       _example_api: {
-        inject: "header",
-        name: "Authorization",
+        inject: "env",
+        name: "EXAMPLE_API_KEY",
         value_env: "EXAMPLE_API_KEY",
         _comment: "Remove the underscore prefix and set EXAMPLE_API_KEY in your environment"
       }
     }
   };
   writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  const claudeConfig = {
+    "mcpServers": {
+      "my-server": {
+        "command": "npx",
+        "args": ["protect-mcp", "--policy", configPath, "--", "node", "my-server.js"]
+      }
+    }
+  };
   process.stderr.write(`
 ${bold("protect-mcp initialized!")}
 
 Created:
-  ${configPath}     Config with shadow mode + optional local signing
+  ${configPath}     Config with shadow mode + local signing
   ${keyPath}       Ed25519 signing keypair
 
 ${bold("Next steps:")}
@@ -170,13 +184,227 @@ ${bold("Your gateway public key:")}
 ${bold("Key ID (kid):")}
   ${keypair.kid}
 
+${bold("Claude Desktop config snippet")} (add to claude_desktop_config.json):
+${dim(JSON.stringify(claudeConfig, null, 2))}
+
+${bold("Quick demo:")}
+  protect-mcp demo
+
 Shadow mode is the default \u2014 all tool calls are logged and nothing is blocked.
-Run with the generated policy file if you also want local signed receipts. Add --enforce when ready.
+Add --enforce when ready to block policy violations.
+`);
+}
+async function handleDemo() {
+  const { existsSync } = await import("fs");
+  const { join, dirname } = await import("path");
+  const { fileURLToPath } = await import("url");
+  const __filename = fileURLToPath(import.meta.url);
+  const __dirname = dirname(__filename);
+  const demoServerPath = join(__dirname, "demo-server.js");
+  const configPath = join(process.cwd(), "protect-mcp.json");
+  const hasConfig = existsSync(configPath);
+  if (!hasConfig) {
+    process.stderr.write(`
+${bold("protect-mcp demo")}
+
+Starting demo with default shadow mode (no signing).
+For signed receipts, run ${dim("npx protect-mcp init")} first.
+
+`);
+  } else {
+    process.stderr.write(`
+${bold("protect-mcp demo")}
+
+Using config from ${configPath}
+Starting demo server with 5 tools...
+
+`);
+  }
+  let policy = null;
+  let policyDigest = "none";
+  let credentials;
+  let signing;
+  if (hasConfig) {
+    try {
+      const loaded = loadPolicy(configPath);
+      policy = loaded.policy;
+      policyDigest = loaded.digest;
+      credentials = loaded.credentials;
+      signing = loaded.signing;
+    } catch (err) {
+      process.stderr.write(`[PROTECT_MCP] Warning: Could not load config: ${err instanceof Error ? err.message : err}
+`);
+    }
+  }
+  if (signing) {
+    const warnings = await initSigning(signing);
+    for (const w of warnings) {
+      process.stderr.write(`[PROTECT_MCP] Warning: ${w}
+`);
+    }
+  }
+  if (credentials) {
+    const warnings = validateCredentials(credentials);
+    for (const w of warnings) {
+      process.stderr.write(`[PROTECT_MCP] Warning: ${w}
+`);
+    }
+  }
+  const config = {
+    command: process.execPath,
+    // node
+    args: [demoServerPath],
+    policy,
+    policyDigest,
+    enforce: false,
+    // Demo always runs in shadow mode
+    verbose: true,
+    signing,
+    credentials
+  };
+  const gateway = new ProtectGateway(config);
+  process.stderr.write(`${bold("Demo ready!")} The demo server is running.
+`);
+  process.stderr.write(`Send JSON-RPC tool calls on stdin, or use an MCP client.
+
+`);
+  process.stderr.write(`${dim("Example (paste into stdin):")}
+`);
+  process.stderr.write(`${dim('{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"read_file","arguments":{"path":"/etc/hosts"}}}')}
+
+`);
+  await gateway.start();
+}
+async function handleStatus(argv) {
+  const { readFileSync, existsSync } = await import("fs");
+  const { join } = await import("path");
+  let dir = process.cwd();
+  const dirIdx = argv.indexOf("--dir");
+  if (dirIdx !== -1 && argv[dirIdx + 1]) {
+    dir = argv[dirIdx + 1];
+  }
+  const logPath = join(dir, ".protect-mcp-log.jsonl");
+  if (!existsSync(logPath)) {
+    process.stderr.write(`${bold("protect-mcp status")}
+
+`);
+    process.stderr.write(`No log file found at ${logPath}
+`);
+    process.stderr.write(`Run protect-mcp with a wrapped server first to generate logs.
+`);
+    process.exit(0);
+  }
+  const raw = readFileSync(logPath, "utf-8");
+  const lines = raw.trim().split("\n").filter(Boolean);
+  if (lines.length === 0) {
+    process.stderr.write(`${bold("protect-mcp status")}
+
+No entries in log file.
+`);
+    process.exit(0);
+  }
+  const entries = [];
+  for (const line of lines) {
+    try {
+      entries.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  if (entries.length === 0) {
+    process.stderr.write(`${bold("protect-mcp status")}
+
+No valid entries in log file.
+`);
+    process.exit(0);
+  }
+  const toolCounts = /* @__PURE__ */ new Map();
+  let allowCount = 0;
+  let denyCount = 0;
+  let rateLimitCount = 0;
+  const tierCounts = /* @__PURE__ */ new Map();
+  const reasonCounts = /* @__PURE__ */ new Map();
+  for (const entry of entries) {
+    toolCounts.set(entry.tool, (toolCounts.get(entry.tool) || 0) + 1);
+    if (entry.decision === "allow") allowCount++;
+    else if (entry.decision === "deny") denyCount++;
+    if (entry.reason_code === "rate_limit_exceeded") rateLimitCount++;
+    if (entry.tier) tierCounts.set(entry.tier, (tierCounts.get(entry.tier) || 0) + 1);
+    reasonCounts.set(entry.reason_code, (reasonCounts.get(entry.reason_code) || 0) + 1);
+  }
+  const firstTs = new Date(Math.min(...entries.map((e) => e.timestamp)));
+  const lastTs = new Date(Math.max(...entries.map((e) => e.timestamp)));
+  const sortedTools = [...toolCounts.entries()].sort((a, b) => b[1] - a[1]);
+  process.stdout.write(`
+${bold("protect-mcp status")}
+
+`);
+  process.stdout.write(`  Total decisions: ${bold(String(entries.length))}
+`);
+  process.stdout.write(`  ${green("\u2713 Allow")}: ${allowCount}    ${red("\u2717 Deny")}: ${denyCount}    ${yellow("\u2298 Rate-limited")}: ${rateLimitCount}
+
+`);
+  process.stdout.write(`  ${bold("Time range:")}
+`);
+  process.stdout.write(`    First: ${firstTs.toISOString()}
+`);
+  process.stdout.write(`    Last:  ${lastTs.toISOString()}
+
+`);
+  process.stdout.write(`  ${bold("Top tools:")}
+`);
+  for (const [tool, count] of sortedTools.slice(0, 10)) {
+    const bar = "\u2588".repeat(Math.min(Math.ceil(count / entries.length * 30), 30));
+    process.stdout.write(`    ${tool.padEnd(20)} ${String(count).padStart(4)}  ${dim(bar)}
+`);
+  }
+  if (tierCounts.size > 0) {
+    process.stdout.write(`
+  ${bold("Trust tiers seen:")}
+`);
+    for (const [tier, count] of tierCounts) {
+      process.stdout.write(`    ${tier.padEnd(15)} ${count}
+`);
+    }
+  }
+  process.stdout.write(`
+  ${bold("Decision reasons:")}
+`);
+  for (const [reason, count] of [...reasonCounts.entries()].sort((a, b) => b[1] - a[1])) {
+    process.stdout.write(`    ${reason.padEnd(25)} ${count}
+`);
+  }
+  const evidencePath = join(dir, ".protect-mcp-evidence.json");
+  if (existsSync(evidencePath)) {
+    try {
+      const evidenceRaw = readFileSync(evidencePath, "utf-8");
+      const evidence = JSON.parse(evidenceRaw);
+      const agentCount = Object.keys(evidence.agents || {}).length;
+      process.stdout.write(`
+  ${bold("Evidence store:")} ${agentCount} agent(s) tracked
+`);
+    } catch {
+    }
+  }
+  process.stdout.write(`
+  Log file: ${dim(logPath)}
+
 `);
 }
 function bold(s) {
   return process.env.NO_COLOR ? s : `\x1B[1m${s}\x1B[0m`;
 }
+function dim(s) {
+  return process.env.NO_COLOR ? s : `\x1B[2m${s}\x1B[0m`;
+}
+function green(s) {
+  return process.env.NO_COLOR ? s : `\x1B[32m${s}\x1B[0m`;
+}
+function red(s) {
+  return process.env.NO_COLOR ? s : `\x1B[31m${s}\x1B[0m`;
+}
+function yellow(s) {
+  return process.env.NO_COLOR ? s : `\x1B[33m${s}\x1B[0m`;
+}
 async function main() {
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
@@ -187,6 +415,14 @@ async function main() {
     await handleInit(args.slice(1));
     process.exit(0);
   }
+  if (args[0] === "demo") {
+    await handleDemo();
+    return;
+  }
+  if (args[0] === "status") {
+    await handleStatus(args.slice(1));
+    process.exit(0);
+  }
   const { policyPath, slug, enforce, verbose, childCommand } = parseArgs(args);
   let policy = null;
   let policyDigest = "none";

package/dist/demo-server.d.mts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/demo-server.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/demo-server.js

@@ -0,0 +1,137 @@
+#!/usr/bin/env node
+"use strict";
+
+// src/demo-server.ts
+var import_node_readline = require("readline");
+var TOOLS = [
+  {
+    name: "read_file",
+    description: "Read the contents of a file",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to read" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write content to a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path to write" },
+        content: { type: "string", description: "Content to write" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "delete_file",
+    description: "Delete a file from the filesystem",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to delete" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "web_search",
+    description: "Search the web for information",
+    inputSchema: {
+      type: "object",
+      properties: { query: { type: "string", description: "Search query" } },
+      required: ["query"]
+    }
+  },
+  {
+    name: "deploy",
+    description: "Deploy the application to production",
+    inputSchema: {
+      type: "object",
+      properties: {
+        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
+        reason: { type: "string", description: "Deployment reason" }
+      },
+      required: ["environment"]
+    }
+  }
+];
+function handleRequest(request) {
+  if (request.method === "initialize") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        protocolVersion: "2024-11-05",
+        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        capabilities: { tools: {} }
+      }
+    });
+  }
+  if (request.method === "notifications/initialized") {
+    return "";
+  }
+  if (request.method === "tools/list") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: { tools: TOOLS }
+    });
+  }
+  if (request.method === "tools/call") {
+    const toolName = request.params?.name || "unknown";
+    const args = request.params?.arguments || {};
+    let resultText;
+    switch (toolName) {
+      case "read_file":
+        resultText = `[demo] Read file: ${args.path || "/example.txt"}
+Contents: Hello from protect-mcp demo server!`;
+        break;
+      case "write_file":
+        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
+        break;
+      case "delete_file":
+        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
+        break;
+      case "web_search":
+        resultText = `[demo] Search results for "${args.query || "test"}":
+1. Example result \u2014 scopeblind.com
+2. MCP security \u2014 modelcontextprotocol.io`;
+        break;
+      case "deploy":
+        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
+        break;
+      default:
+        resultText = `[demo] Unknown tool: ${toolName}`;
+    }
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        content: [{ type: "text", text: resultText }]
+      }
+    });
+  }
+  if (request.id !== void 0) {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      error: { code: -32601, message: `Method not found: ${request.method}` }
+    });
+  }
+  return "";
+}
+var rl = (0, import_node_readline.createInterface)({ input: process.stdin, crlfDelay: Infinity });
+rl.on("line", (line) => {
+  const trimmed = line.trim();
+  if (!trimmed) return;
+  try {
+    const request = JSON.parse(trimmed);
+    const response = handleRequest(request);
+    if (response) {
+      process.stdout.write(response + "\n");
+    }
+  } catch {
+  }
+});
+process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");

package/dist/demo-server.mjs

@@ -0,0 +1,136 @@
+#!/usr/bin/env node
+
+// src/demo-server.ts
+import { createInterface } from "readline";
+var TOOLS = [
+  {
+    name: "read_file",
+    description: "Read the contents of a file",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to read" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write content to a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path to write" },
+        content: { type: "string", description: "Content to write" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "delete_file",
+    description: "Delete a file from the filesystem",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to delete" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "web_search",
+    description: "Search the web for information",
+    inputSchema: {
+      type: "object",
+      properties: { query: { type: "string", description: "Search query" } },
+      required: ["query"]
+    }
+  },
+  {
+    name: "deploy",
+    description: "Deploy the application to production",
+    inputSchema: {
+      type: "object",
+      properties: {
+        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
+        reason: { type: "string", description: "Deployment reason" }
+      },
+      required: ["environment"]
+    }
+  }
+];
+function handleRequest(request) {
+  if (request.method === "initialize") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        protocolVersion: "2024-11-05",
+        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        capabilities: { tools: {} }
+      }
+    });
+  }
+  if (request.method === "notifications/initialized") {
+    return "";
+  }
+  if (request.method === "tools/list") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: { tools: TOOLS }
+    });
+  }
+  if (request.method === "tools/call") {
+    const toolName = request.params?.name || "unknown";
+    const args = request.params?.arguments || {};
+    let resultText;
+    switch (toolName) {
+      case "read_file":
+        resultText = `[demo] Read file: ${args.path || "/example.txt"}
+Contents: Hello from protect-mcp demo server!`;
+        break;
+      case "write_file":
+        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
+        break;
+      case "delete_file":
+        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
+        break;
+      case "web_search":
+        resultText = `[demo] Search results for "${args.query || "test"}":
+1. Example result \u2014 scopeblind.com
+2. MCP security \u2014 modelcontextprotocol.io`;
+        break;
+      case "deploy":
+        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
+        break;
+      default:
+        resultText = `[demo] Unknown tool: ${toolName}`;
+    }
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        content: [{ type: "text", text: resultText }]
+      }
+    });
+  }
+  if (request.id !== void 0) {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      error: { code: -32601, message: `Method not found: ${request.method}` }
+    });
+  }
+  return "";
+}
+var rl = createInterface({ input: process.stdin, crlfDelay: Infinity });
+rl.on("line", (line) => {
+  const trimmed = line.trim();
+  if (!trimmed) return;
+  try {
+    const request = JSON.parse(trimmed);
+    const response = handleRequest(request);
+    if (response) {
+      process.stdout.write(response + "\n");
+    }
+  } catch {
+  }
+});
+process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");