protect-mcp 0.2.2 → 0.3.1

package/dist/cli.mjs

@@ -4,7 +4,7 @@ import {
   initSigning,
   loadPolicy,
   validateCredentials
-} from "./chunk-ZCKNFULF.mjs";
+} from "./chunk-U7TMVD3E.mjs";
 
 // src/cli.ts
 function printHelp() {
@@ -14,6 +14,11 @@ protect-mcp \u2014 Shadow-mode security gateway for MCP servers
 Usage:
   protect-mcp [options] -- <command> [args...]
   protect-mcp init [--dir <path>]
+  protect-mcp demo
+  protect-mcp status [--dir <path>]
+  protect-mcp digest [--today] [--dir <path>]
+  protect-mcp receipts [--last <n>] [--dir <path>]
+  protect-mcp bundle [--output <path>] [--dir <path>]
 
 Options:
   --policy <path>   Policy/config JSON file (default: allow-all)
@@ -24,12 +29,22 @@ Options:
 
 Commands:
   init              Generate config template, Ed25519 keypair, and sample policy
+  demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
+  status            Show tool call statistics from the local decision log
+  digest            Generate a human-readable summary of agent activity
+  receipts          Show recent persisted signed receipts
+  bundle            Export an offline-verifiable audit bundle
 
 Examples:
   protect-mcp -- node my-server.js
   protect-mcp --policy protect-mcp.json -- node my-server.js
   protect-mcp --policy protect-mcp.json --enforce -- node my-server.js
   protect-mcp init
+  protect-mcp demo
+  protect-mcp status
+  protect-mcp digest --today
+  protect-mcp receipts --last 10
+  protect-mcp bundle --output audit.json
 
 `);
 }
@@ -144,19 +159,27 @@ async function handleInit(argv) {
     },
     credentials: {
       _example_api: {
-        inject: "header",
-        name: "Authorization",
+        inject: "env",
+        name: "EXAMPLE_API_KEY",
         value_env: "EXAMPLE_API_KEY",
         _comment: "Remove the underscore prefix and set EXAMPLE_API_KEY in your environment"
       }
     }
   };
   writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  const claudeConfig = {
+    "mcpServers": {
+      "my-server": {
+        "command": "npx",
+        "args": ["protect-mcp", "--policy", configPath, "--", "node", "my-server.js"]
+      }
+    }
+  };
   process.stderr.write(`
 ${bold("protect-mcp initialized!")}
 
 Created:
-  ${configPath}     Config with shadow mode + optional local signing
+  ${configPath}     Config with shadow mode + local signing
   ${keyPath}       Ed25519 signing keypair
 
 ${bold("Next steps:")}
@@ -170,13 +193,427 @@ ${bold("Your gateway public key:")}
 ${bold("Key ID (kid):")}
   ${keypair.kid}
 
+${bold("Claude Desktop config snippet")} (add to claude_desktop_config.json):
+${dim(JSON.stringify(claudeConfig, null, 2))}
+
+${bold("Quick demo:")}
+  protect-mcp demo
+
 Shadow mode is the default \u2014 all tool calls are logged and nothing is blocked.
-Run with the generated policy file if you also want local signed receipts. Add --enforce when ready.
+Add --enforce when ready to block policy violations.
+`);
+}
+async function handleDemo() {
+  const { existsSync } = await import("fs");
+  const { join, dirname, resolve } = await import("path");
+  const cliPath = resolve(process.argv[1] || "dist/cli.js");
+  const cliDir = dirname(cliPath);
+  const demoServerPath = join(cliDir, "demo-server.js");
+  const configPath = join(process.cwd(), "protect-mcp.json");
+  const hasConfig = existsSync(configPath);
+  if (!hasConfig) {
+    process.stderr.write(`
+${bold("protect-mcp demo")}
+
+Starting demo with default shadow mode (no signing).
+For signed receipts, run ${dim("npx protect-mcp init")} first.
+
+`);
+  } else {
+    process.stderr.write(`
+${bold("protect-mcp demo")}
+
+Using config from ${configPath}
+Starting demo server with 5 tools...
+
+`);
+  }
+  let policy = null;
+  let policyDigest = "none";
+  let credentials;
+  let signing;
+  if (hasConfig) {
+    try {
+      const loaded = loadPolicy(configPath);
+      policy = loaded.policy;
+      policyDigest = loaded.digest;
+      credentials = loaded.credentials;
+      signing = loaded.signing;
+    } catch (err) {
+      process.stderr.write(`[PROTECT_MCP] Warning: Could not load config: ${err instanceof Error ? err.message : err}
+`);
+    }
+  }
+  if (signing) {
+    const warnings = await initSigning(signing);
+    for (const w of warnings) {
+      process.stderr.write(`[PROTECT_MCP] Warning: ${w}
+`);
+    }
+  }
+  if (credentials) {
+    const warnings = validateCredentials(credentials);
+    for (const w of warnings) {
+      process.stderr.write(`[PROTECT_MCP] Warning: ${w}
+`);
+    }
+  }
+  const config = {
+    command: process.execPath,
+    // node
+    args: [demoServerPath],
+    policy,
+    policyDigest,
+    enforce: false,
+    // Demo always runs in shadow mode
+    verbose: true,
+    signing,
+    credentials
+  };
+  const gateway = new ProtectGateway(config);
+  process.stderr.write(`${bold("Demo ready!")} The demo server is running.
+`);
+  process.stderr.write(`Send JSON-RPC tool calls on stdin, or use an MCP client.
+
+`);
+  process.stderr.write(`${dim("Example (paste into stdin):")}
+`);
+  process.stderr.write(`${dim('{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"read_file","arguments":{"path":"/etc/hosts"}}}')}
+
+`);
+  await gateway.start();
+}
+async function handleStatus(argv) {
+  const { readFileSync, existsSync } = await import("fs");
+  const { join } = await import("path");
+  let dir = process.cwd();
+  const dirIdx = argv.indexOf("--dir");
+  if (dirIdx !== -1 && argv[dirIdx + 1]) {
+    dir = argv[dirIdx + 1];
+  }
+  const logPath = join(dir, ".protect-mcp-log.jsonl");
+  if (!existsSync(logPath)) {
+    process.stderr.write(`${bold("protect-mcp status")}
+
+`);
+    process.stderr.write(`No log file found at ${logPath}
+`);
+    process.stderr.write(`Run protect-mcp with a wrapped server first to generate logs.
+`);
+    process.exit(0);
+  }
+  const raw = readFileSync(logPath, "utf-8");
+  const lines = raw.trim().split("\n").filter(Boolean);
+  if (lines.length === 0) {
+    process.stderr.write(`${bold("protect-mcp status")}
+
+No entries in log file.
+`);
+    process.exit(0);
+  }
+  const entries = [];
+  for (const line of lines) {
+    try {
+      entries.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  if (entries.length === 0) {
+    process.stderr.write(`${bold("protect-mcp status")}
+
+No valid entries in log file.
+`);
+    process.exit(0);
+  }
+  const toolCounts = /* @__PURE__ */ new Map();
+  let allowCount = 0;
+  let denyCount = 0;
+  let rateLimitCount = 0;
+  const tierCounts = /* @__PURE__ */ new Map();
+  const reasonCounts = /* @__PURE__ */ new Map();
+  for (const entry of entries) {
+    toolCounts.set(entry.tool, (toolCounts.get(entry.tool) || 0) + 1);
+    if (entry.decision === "allow") allowCount++;
+    else if (entry.decision === "deny") denyCount++;
+    if (entry.reason_code === "rate_limit_exceeded") rateLimitCount++;
+    if (entry.tier) tierCounts.set(entry.tier, (tierCounts.get(entry.tier) || 0) + 1);
+    reasonCounts.set(entry.reason_code, (reasonCounts.get(entry.reason_code) || 0) + 1);
+  }
+  const firstTs = new Date(Math.min(...entries.map((e) => e.timestamp)));
+  const lastTs = new Date(Math.max(...entries.map((e) => e.timestamp)));
+  const sortedTools = [...toolCounts.entries()].sort((a, b) => b[1] - a[1]);
+  process.stdout.write(`
+${bold("protect-mcp status")}
+
+`);
+  process.stdout.write(`  Total decisions: ${bold(String(entries.length))}
+`);
+  process.stdout.write(`  ${green("\u2713 Allow")}: ${allowCount}    ${red("\u2717 Deny")}: ${denyCount}    ${yellow("\u2298 Rate-limited")}: ${rateLimitCount}
+
+`);
+  process.stdout.write(`  ${bold("Time range:")}
+`);
+  process.stdout.write(`    First: ${firstTs.toISOString()}
+`);
+  process.stdout.write(`    Last:  ${lastTs.toISOString()}
+
+`);
+  process.stdout.write(`  ${bold("Top tools:")}
+`);
+  for (const [tool, count] of sortedTools.slice(0, 10)) {
+    const bar = "\u2588".repeat(Math.min(Math.ceil(count / entries.length * 30), 30));
+    process.stdout.write(`    ${tool.padEnd(20)} ${String(count).padStart(4)}  ${dim(bar)}
+`);
+  }
+  if (tierCounts.size > 0) {
+    process.stdout.write(`
+  ${bold("Trust tiers seen:")}
+`);
+    for (const [tier, count] of tierCounts) {
+      process.stdout.write(`    ${tier.padEnd(15)} ${count}
+`);
+    }
+  }
+  process.stdout.write(`
+  ${bold("Decision reasons:")}
+`);
+  for (const [reason, count] of [...reasonCounts.entries()].sort((a, b) => b[1] - a[1])) {
+    process.stdout.write(`    ${reason.padEnd(25)} ${count}
+`);
+  }
+  const evidencePath = join(dir, ".protect-mcp-evidence.json");
+  if (existsSync(evidencePath)) {
+    try {
+      const evidenceRaw = readFileSync(evidencePath, "utf-8");
+      const evidence = JSON.parse(evidenceRaw);
+      const agentCount = Object.keys(evidence.agents || {}).length;
+      process.stdout.write(`
+  ${bold("Evidence store:")} ${agentCount} agent(s) tracked
+`);
+    } catch {
+    }
+  }
+  const keyPath = join(dir, "keys", "gateway.json");
+  if (existsSync(keyPath)) {
+    try {
+      const keyData = JSON.parse(readFileSync(keyPath, "utf-8"));
+      if (keyData.publicKey) {
+        const fingerprint = keyData.publicKey.slice(0, 16) + "...";
+        process.stdout.write(`
+  ${bold("\u{1F6E1}\uFE0F Passport identity:")}
+`);
+        process.stdout.write(`    Public key:  ${fingerprint}
+`);
+        if (keyData.kid) process.stdout.write(`    Key ID:      ${keyData.kid}
+`);
+        process.stdout.write(`    Issuer:      ${keyData.issuer || "protect-mcp"}
+`);
+        process.stdout.write(`    Verify:      ${dim("npx @veritasacta/verify <receipt.json>")}
+`);
+      }
+    } catch {
+    }
+  }
+  process.stdout.write(`
+  Log file: ${dim(logPath)}
+
 `);
 }
 function bold(s) {
   return process.env.NO_COLOR ? s : `\x1B[1m${s}\x1B[0m`;
 }
+function dim(s) {
+  return process.env.NO_COLOR ? s : `\x1B[2m${s}\x1B[0m`;
+}
+function green(s) {
+  return process.env.NO_COLOR ? s : `\x1B[32m${s}\x1B[0m`;
+}
+function red(s) {
+  return process.env.NO_COLOR ? s : `\x1B[31m${s}\x1B[0m`;
+}
+function yellow(s) {
+  return process.env.NO_COLOR ? s : `\x1B[33m${s}\x1B[0m`;
+}
+async function handleDigest(argv) {
+  const { readFileSync, existsSync } = await import("fs");
+  const { join } = await import("path");
+  let dir = process.cwd();
+  const dirIdx = argv.indexOf("--dir");
+  if (dirIdx !== -1 && argv[dirIdx + 1]) dir = argv[dirIdx + 1];
+  const today = argv.includes("--today");
+  const logPath = join(dir, ".protect-mcp-log.jsonl");
+  if (!existsSync(logPath)) {
+    process.stderr.write(`${bold("protect-mcp digest")}
+
+No log file found. Run protect-mcp first.
+`);
+    process.exit(0);
+  }
+  const raw = readFileSync(logPath, "utf-8");
+  const lines = raw.trim().split("\n").filter(Boolean);
+  let entries = [];
+  for (const line of lines) {
+    try {
+      entries.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  if (today) {
+    const todayStart = /* @__PURE__ */ new Date();
+    todayStart.setHours(0, 0, 0, 0);
+    entries = entries.filter((e) => e.timestamp >= todayStart.getTime());
+  }
+  if (entries.length === 0) {
+    process.stdout.write(`
+${bold("\u{1F6E1}\uFE0F Agent Digest")}
+
+  No activity${today ? " today" : ""}.
+
+`);
+    process.exit(0);
+  }
+  const allowed = entries.filter((e) => e.decision === "allow").length;
+  const denied = entries.filter((e) => e.decision === "deny").length;
+  const approvalRequired = entries.filter((e) => e.decision === "require_approval").length;
+  const toolUsage = /* @__PURE__ */ new Map();
+  for (const e of entries) {
+    toolUsage.set(e.tool, (toolUsage.get(e.tool) || 0) + 1);
+  }
+  const sortedTools = [...toolUsage.entries()].sort((a, b) => b[1] - a[1]);
+  const currentTier = entries[entries.length - 1]?.tier || "unknown";
+  const firstTime = new Date(Math.min(...entries.map((e) => e.timestamp)));
+  const lastTime = new Date(Math.max(...entries.map((e) => e.timestamp)));
+  const durationMs = lastTime.getTime() - firstTime.getTime();
+  const durationStr = durationMs < 6e4 ? `${Math.round(durationMs / 1e3)}s` : durationMs < 36e5 ? `${Math.round(durationMs / 6e4)}m` : `${(durationMs / 36e5).toFixed(1)}h`;
+  process.stdout.write(`
+${bold("\u{1F6E1}\uFE0F Agent Daily Digest")}
+
+`);
+  process.stdout.write(`  \u{1F4CA} ${bold(String(entries.length))} actions | `);
+  process.stdout.write(`${green("\u2713 " + allowed)} allowed | `);
+  process.stdout.write(`${red("\u2717 " + denied)} blocked`);
+  if (approvalRequired > 0) process.stdout.write(` | ${yellow("\u23F3 " + approvalRequired)} awaiting approval`);
+  process.stdout.write(`
+`);
+  process.stdout.write(`  \u{1F3C5} Trust tier: ${bold(currentTier)} | \u23F1 Active: ${durationStr}
+
+`);
+  process.stdout.write(`  ${bold("Tools used:")}
+`);
+  for (const [tool, count] of sortedTools.slice(0, 8)) {
+    process.stdout.write(`    ${tool.padEnd(22)} ${count}x
+`);
+  }
+  if (denied > 0) {
+    const deniedTools = entries.filter((e) => e.decision === "deny");
+    const deniedToolNames = [...new Set(deniedTools.map((e) => e.tool))];
+    process.stdout.write(`
+  ${bold(red("Blocked tools:"))}
+`);
+    for (const tool of deniedToolNames) {
+      const reason = deniedTools.find((e) => e.tool === tool)?.reason_code || "policy";
+      process.stdout.write(`    ${red("\u2717")} ${tool} (${reason})
+`);
+    }
+  }
+  process.stdout.write(`
+  ${dim("Latest receipt: curl -s http://127.0.0.1:9876/receipts/latest | jq -r .receipt > receipt.json")}
+`);
+  process.stdout.write(`  ${dim("Verify: npx @veritasacta/verify receipt.json --key <public-key-hex>")}
+`);
+  process.stdout.write(`  ${dim("Export: npx protect-mcp bundle --output audit.json")}
+
+`);
+}
+async function handleReceipts(argv) {
+  const { readFileSync, existsSync } = await import("fs");
+  const { join } = await import("path");
+  let dir = process.cwd();
+  const dirIdx = argv.indexOf("--dir");
+  if (dirIdx !== -1 && argv[dirIdx + 1]) dir = argv[dirIdx + 1];
+  const lastIdx = argv.indexOf("--last");
+  const count = lastIdx !== -1 && argv[lastIdx + 1] ? parseInt(argv[lastIdx + 1], 10) : 20;
+  const receiptsPath = join(dir, ".protect-mcp-receipts.jsonl");
+  if (!existsSync(receiptsPath)) {
+    process.stderr.write(`${bold("protect-mcp receipts")}
+
+No signed receipt file found. Run protect-mcp with signing enabled first.
+`);
+    process.exit(0);
+  }
+  const raw = readFileSync(receiptsPath, "utf-8");
+  const lines = raw.trim().split("\n").filter(Boolean);
+  const recent = lines.slice(-count);
+  process.stdout.write(`
+${bold("\u{1F6E1}\uFE0F Recent Receipts")} (last ${recent.length})
+
+`);
+  for (const line of recent) {
+    try {
+      const entry = JSON.parse(line);
+      const payload = entry.payload || {};
+      const time = typeof entry.issued_at === "string" ? new Date(entry.issued_at).toLocaleTimeString() : "unknown";
+      const decision = payload.decision || "unknown";
+      const icon = decision === "allow" ? green("\u2713") : decision === "require_approval" ? yellow("\u23F3") : red("\u2717");
+      process.stdout.write(`  ${dim(time)} ${icon} ${String(payload.tool || "unknown").padEnd(22)} ${String(entry.type || "receipt").padEnd(18)} ${dim(String(payload.reason_code || "signed"))}
+`);
+    } catch {
+    }
+  }
+  process.stdout.write(`
+`);
+}
+async function handleBundle(argv) {
+  const { readFileSync, writeFileSync, existsSync } = await import("fs");
+  const { join } = await import("path");
+  const { createAuditBundle } = await import("./bundle-TXOTFJIJ.mjs");
+  let dir = process.cwd();
+  const dirIdx = argv.indexOf("--dir");
+  if (dirIdx !== -1 && argv[dirIdx + 1]) dir = argv[dirIdx + 1];
+  const outputIdx = argv.indexOf("--output");
+  const outputPath = outputIdx !== -1 && argv[outputIdx + 1] ? argv[outputIdx + 1] : join(dir, "audit-bundle.json");
+  const receiptsPath = join(dir, ".protect-mcp-receipts.jsonl");
+  const keyPath = join(dir, "keys", "gateway.json");
+  if (!existsSync(receiptsPath)) {
+    process.stderr.write(`${bold("protect-mcp bundle")}
+
+No signed receipt file found. Run protect-mcp with signing enabled first.
+`);
+    process.exit(0);
+  }
+  if (!existsSync(keyPath)) {
+    process.stderr.write(`${bold("protect-mcp bundle")}
+
+No key file found at ${keyPath}
+`);
+    process.exit(1);
+  }
+  const receipts = readFileSync(receiptsPath, "utf-8").trim().split("\n").filter(Boolean).map((line) => JSON.parse(line));
+  const keyData = JSON.parse(readFileSync(keyPath, "utf-8"));
+  const bundle = createAuditBundle({
+    tenant: keyData.issuer || "protect-mcp",
+    receipts,
+    signingKeys: [{
+      kty: "OKP",
+      crv: "Ed25519",
+      kid: keyData.kid || "unknown",
+      x: Buffer.from(keyData.publicKey, "hex").toString("base64url"),
+      use: "sig"
+    }]
+  });
+  writeFileSync(outputPath, JSON.stringify(bundle, null, 2) + "\n");
+  process.stdout.write(`
+${bold("protect-mcp bundle")}
+
+`);
+  process.stdout.write(`  Receipts: ${receipts.length}
+`);
+  process.stdout.write(`  Output:   ${outputPath}
+`);
+  process.stdout.write(`  Verify:   npx @veritasacta/verify ${outputPath} --bundle
+
+`);
+}
 async function main() {
   const args = process.argv.slice(2);
   if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
@@ -187,6 +624,26 @@ async function main() {
     await handleInit(args.slice(1));
     process.exit(0);
   }
+  if (args[0] === "demo") {
+    await handleDemo();
+    return;
+  }
+  if (args[0] === "status") {
+    await handleStatus(args.slice(1));
+    process.exit(0);
+  }
+  if (args[0] === "digest") {
+    await handleDigest(args.slice(1));
+    process.exit(0);
+  }
+  if (args[0] === "receipts") {
+    await handleReceipts(args.slice(1));
+    process.exit(0);
+  }
+  if (args[0] === "bundle") {
+    await handleBundle(args.slice(1));
+    process.exit(0);
+  }
   const { policyPath, slug, enforce, verbose, childCommand } = parseArgs(args);
   let policy = null;
   let policyDigest = "none";

package/dist/demo-server.d.mts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/demo-server.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node

package/dist/demo-server.js

@@ -0,0 +1,137 @@
+#!/usr/bin/env node
+"use strict";
+
+// src/demo-server.ts
+var import_node_readline = require("readline");
+var TOOLS = [
+  {
+    name: "read_file",
+    description: "Read the contents of a file",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to read" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write content to a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path to write" },
+        content: { type: "string", description: "Content to write" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "delete_file",
+    description: "Delete a file from the filesystem",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to delete" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "web_search",
+    description: "Search the web for information",
+    inputSchema: {
+      type: "object",
+      properties: { query: { type: "string", description: "Search query" } },
+      required: ["query"]
+    }
+  },
+  {
+    name: "deploy",
+    description: "Deploy the application to production",
+    inputSchema: {
+      type: "object",
+      properties: {
+        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
+        reason: { type: "string", description: "Deployment reason" }
+      },
+      required: ["environment"]
+    }
+  }
+];
+function handleRequest(request) {
+  if (request.method === "initialize") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        protocolVersion: "2024-11-05",
+        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        capabilities: { tools: {} }
+      }
+    });
+  }
+  if (request.method === "notifications/initialized") {
+    return "";
+  }
+  if (request.method === "tools/list") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: { tools: TOOLS }
+    });
+  }
+  if (request.method === "tools/call") {
+    const toolName = request.params?.name || "unknown";
+    const args = request.params?.arguments || {};
+    let resultText;
+    switch (toolName) {
+      case "read_file":
+        resultText = `[demo] Read file: ${args.path || "/example.txt"}
+Contents: Hello from protect-mcp demo server!`;
+        break;
+      case "write_file":
+        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
+        break;
+      case "delete_file":
+        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
+        break;
+      case "web_search":
+        resultText = `[demo] Search results for "${args.query || "test"}":
+1. Example result \u2014 scopeblind.com
+2. MCP security \u2014 modelcontextprotocol.io`;
+        break;
+      case "deploy":
+        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
+        break;
+      default:
+        resultText = `[demo] Unknown tool: ${toolName}`;
+    }
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        content: [{ type: "text", text: resultText }]
+      }
+    });
+  }
+  if (request.id !== void 0) {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      error: { code: -32601, message: `Method not found: ${request.method}` }
+    });
+  }
+  return "";
+}
+var rl = (0, import_node_readline.createInterface)({ input: process.stdin, crlfDelay: Infinity });
+rl.on("line", (line) => {
+  const trimmed = line.trim();
+  if (!trimmed) return;
+  try {
+    const request = JSON.parse(trimmed);
+    const response = handleRequest(request);
+    if (response) {
+      process.stdout.write(response + "\n");
+    }
+  } catch {
+  }
+});
+process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");