protect-mcp 0.3.3 → 0.4.1

package/dist/cli.mjs

@@ -1,13 +1,15 @@
 #!/usr/bin/env node
 import {
-  ProtectGateway,
   formatSimulation,
+  parseLogFile,
+  simulate
+} from "./chunk-VWUN6AI6.mjs";
+import {
+  ProtectGateway,
   initSigning,
   loadPolicy,
-  parseLogFile,
-  simulate,
   validateCredentials
-} from "./chunk-WDCPUM2O.mjs";
+} from "./chunk-7HBHIKLN.mjs";
 
 // src/cli.ts
 function printHelp() {
@@ -31,6 +33,8 @@ Options:
   --policy <path>   Policy/config JSON file (default: allow-all)
   --slug <slug>     ScopeBlind tenant slug (optional)
   --enforce         Enable enforcement mode (default: shadow mode)
+  --http            Start HTTP/SSE server instead of stdio proxy
+  --port <port>     HTTP server port (default: 3000, requires --http)
   --verbose         Enable debug logging to stderr
   --help            Show this help
 
@@ -1020,6 +1024,14 @@ async function main() {
     signing,
     credentials
   };
+  const useHttp = args.includes("--http");
+  if (useHttp) {
+    const portIdx = args.indexOf("--port");
+    const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
+    const { startHttpTransport } = await import("./http-transport-RIVV2RVQ.mjs");
+    startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
+    return;
+  }
   const gateway = new ProtectGateway(config);
   await gateway.start();
 }

package/dist/http-transport-RIVV2RVQ.mjs

@@ -0,0 +1,157 @@
+import {
+  ProtectGateway
+} from "./chunk-7HBHIKLN.mjs";
+
+// src/http-transport.ts
+import { createServer } from "http";
+async function startHttpTransport(options) {
+  const { port, config, serverCommand } = options;
+  const sseClients = /* @__PURE__ */ new Set();
+  const httpConfig = {
+    ...config,
+    command: serverCommand[0],
+    args: serverCommand.slice(1)
+  };
+  const gateway = new ProtectGateway(httpConfig);
+  await gateway.startForHttp();
+  const server = createServer(async (req, res) => {
+    const origin = req.headers.origin || "*";
+    res.setHeader("Access-Control-Allow-Origin", origin);
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id");
+    res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
+    res.setHeader("Access-Control-Allow-Credentials", "true");
+    if (req.method === "OPTIONS") {
+      res.writeHead(204);
+      res.end();
+      return;
+    }
+    const url = new URL(req.url || "/", `http://localhost:${port}`);
+    if (url.pathname === "/health" && req.method === "GET") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({
+        status: "ok",
+        server: "protect-mcp",
+        version: "0.4.0",
+        transport: "streamable-http",
+        mode: config.policy ? config.enforce ? "enforce" : "shadow" : "shadow",
+        wrapping: serverCommand.join(" ")
+      }));
+      return;
+    }
+    if (url.pathname === "/mcp/sse" && req.method === "GET") {
+      res.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        "Connection": "keep-alive"
+      });
+      res.write(`data: ${JSON.stringify({ type: "connected", server: "protect-mcp" })}
+
+`);
+      sseClients.add(res);
+      req.on("close", () => sseClients.delete(res));
+      return;
+    }
+    if (url.pathname === "/mcp" && req.method === "POST") {
+      let body = "";
+      req.on("data", (chunk) => {
+        body += chunk;
+      });
+      req.on("end", async () => {
+        try {
+          const jsonRpc = JSON.parse(body);
+          const acceptSSE = (req.headers.accept || "").includes("text/event-stream");
+          const responseStr = await gateway.processRequest(jsonRpc);
+          const response = JSON.parse(responseStr);
+          if (acceptSSE) {
+            res.writeHead(200, {
+              "Content-Type": "text/event-stream",
+              "Cache-Control": "no-cache"
+            });
+            res.write(`data: ${JSON.stringify(response)}
+
+`);
+            res.end();
+          } else {
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify(response));
+          }
+          if (jsonRpc.method === "tools/call") {
+            const event = {
+              type: "decision",
+              tool: jsonRpc.params?.name,
+              timestamp: (/* @__PURE__ */ new Date()).toISOString()
+            };
+            for (const client of sseClients) {
+              try {
+                client.write(`data: ${JSON.stringify(event)}
+
+`);
+              } catch {
+                sseClients.delete(client);
+              }
+            }
+          }
+        } catch (err) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({
+            jsonrpc: "2.0",
+            error: { code: -32700, message: "Parse error" },
+            id: null
+          }));
+        }
+      });
+      return;
+    }
+    if (url.pathname === "/mcp" && req.method === "DELETE") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ status: "session_closed" }));
+      return;
+    }
+    res.writeHead(404, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({
+      error: "not_found",
+      endpoints: [
+        "POST /mcp          \u2014 JSON-RPC endpoint (Streamable HTTP)",
+        "GET  /mcp/sse      \u2014 Server-Sent Events stream",
+        "GET  /health       \u2014 Health check",
+        "DELETE /mcp        \u2014 Close session"
+      ]
+    }));
+  });
+  server.listen(port, () => {
+    process.stderr.write(`
+[PROTECT_MCP] HTTP transport listening on http://0.0.0.0:${port}
+`);
+    process.stderr.write(`  POST   /mcp        \u2014 JSON-RPC (Streamable HTTP)
+`);
+    process.stderr.write(`  GET    /mcp/sse    \u2014 Server-Sent Events
+`);
+    process.stderr.write(`  GET    /health     \u2014 Health check
+`);
+    process.stderr.write(`  DELETE /mcp        \u2014 Close session
+`);
+    process.stderr.write(`
+  Wrapping: ${serverCommand.join(" ")}
+`);
+    process.stderr.write(`  Mode: ${config.enforce ? "enforce" : "shadow"}
+
+`);
+  });
+  const shutdown = () => {
+    process.stderr.write("\n[PROTECT_MCP] Shutting down HTTP transport...\n");
+    for (const client of sseClients) {
+      try {
+        client.end();
+      } catch {
+      }
+    }
+    server.close();
+    gateway.stop();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+}
+export {
+  startHttpTransport
+};

package/dist/index.d.mts

@@ -316,6 +316,9 @@ declare class ProtectGateway {
     private readonly approvalNonce;
     private currentTier;
     private admissionResult;
+    /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+    private pendingResponses;
+    private httpMode;
     constructor(config: ProtectConfig);
     start(): Promise<void>;
     setManifest(manifest: ManifestPresentation | null): AdmissionResult;
@@ -329,6 +332,22 @@ declare class ProtectGateway {
     private makeErrorResponse;
     private sendToChild;
     private sendToClient;
+    /**
+     * Enable HTTP transport mode.
+     * In this mode, sendToClient resolves pending promises instead of
+     * writing to stdout, and start() skips stdin reading.
+     */
+    enableHttpMode(): void;
+    /**
+     * Start in HTTP mode — spawns child process but does NOT read from
+     * process.stdin. Requests come in via processRequest() instead.
+     */
+    startForHttp(): Promise<void>;
+    /**
+     * Process a JSON-RPC request programmatically (for HTTP transport).
+     * Returns a promise that resolves with the JSON-RPC response string.
+     */
+    processRequest(jsonRpc: JsonRpcRequest): Promise<string>;
     private log;
     stop(): void;
 }

package/dist/index.d.ts

@@ -316,6 +316,9 @@ declare class ProtectGateway {
     private readonly approvalNonce;
     private currentTier;
     private admissionResult;
+    /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+    private pendingResponses;
+    private httpMode;
     constructor(config: ProtectConfig);
     start(): Promise<void>;
     setManifest(manifest: ManifestPresentation | null): AdmissionResult;
@@ -329,6 +332,22 @@ declare class ProtectGateway {
     private makeErrorResponse;
     private sendToChild;
     private sendToClient;
+    /**
+     * Enable HTTP transport mode.
+     * In this mode, sendToClient resolves pending promises instead of
+     * writing to stdout, and start() skips stdin reading.
+     */
+    enableHttpMode(): void;
+    /**
+     * Start in HTTP mode — spawns child process but does NOT read from
+     * process.stdin. Requests come in via processRequest() instead.
+     */
+    startForHttp(): Promise<void>;
+    /**
+     * Process a JSON-RPC request programmatically (for HTTP transport).
+     * Returns a promise that resolves with the JSON-RPC response string.
+     */
+    processRequest(jsonRpc: JsonRpcRequest): Promise<string>;
     private log;
     stop(): void;
 }

package/dist/index.js

@@ -868,6 +868,9 @@ var ProtectGateway = class {
   approvalNonce = (0, import_node_crypto2.randomBytes)(16).toString("hex");
   currentTier = "unknown";
   admissionResult = null;
+  /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+  pendingResponses = /* @__PURE__ */ new Map();
+  httpMode = false;
   constructor(config) {
     this.config = config;
     this.logFilePath = (0, import_node_path3.join)(process.cwd(), LOG_FILE2);
@@ -1187,8 +1190,108 @@ var ProtectGateway = class {
     if (this.child?.stdin?.writable) this.child.stdin.write(message + "\n");
   }
   sendToClient(message) {
+    if (this.httpMode) {
+      try {
+        const parsed = JSON.parse(message);
+        if (parsed.id !== void 0 && parsed.id !== null) {
+          const pending = this.pendingResponses.get(parsed.id);
+          if (pending) {
+            clearTimeout(pending.timeout);
+            this.pendingResponses.delete(parsed.id);
+            pending.resolve(message);
+            return;
+          }
+        }
+      } catch {
+      }
+    }
     process.stdout.write(message + "\n");
   }
+  /**
+   * Enable HTTP transport mode.
+   * In this mode, sendToClient resolves pending promises instead of
+   * writing to stdout, and start() skips stdin reading.
+   */
+  enableHttpMode() {
+    this.httpMode = true;
+  }
+  /**
+   * Start in HTTP mode — spawns child process but does NOT read from
+   * process.stdin. Requests come in via processRequest() instead.
+   */
+  async startForHttp() {
+    this.httpMode = true;
+    const { command, args, verbose } = this.config;
+    const mode = this.config.enforce ? "enforce" : "shadow";
+    if (verbose) {
+      this.log(`Starting gateway in ${mode} mode (HTTP transport)`);
+      this.log(`Wrapping: ${command} ${args.join(" ")}`);
+    }
+    this.log(`Approval nonce: ${this.approvalNonce}`);
+    const childEnv = { ...process.env };
+    if (this.config.credentials) {
+      for (const [label, credConfig] of Object.entries(this.config.credentials)) {
+        if (credConfig.inject === "env" && credConfig.name && credConfig.value_env) {
+          const envValue = process.env[credConfig.value_env];
+          if (envValue) {
+            childEnv[credConfig.name] = envValue;
+            if (verbose) this.log(`Credential "${label}": injected as env var "${credConfig.name}"`);
+          }
+        }
+      }
+    }
+    this.child = (0, import_node_child_process.spawn)(command, args, { stdio: ["pipe", "pipe", "pipe"], env: childEnv });
+    if (!this.child.stdin || !this.child.stdout || !this.child.stderr) {
+      throw new Error("Failed to create pipes to child process");
+    }
+    this.child.stderr.on("data", (data) => {
+      process.stderr.write(data);
+    });
+    const childReader = (0, import_node_readline.createInterface)({ input: this.child.stdout, crlfDelay: Infinity });
+    childReader.on("line", (line) => {
+      this.handleServerMessage(line);
+    });
+    this.child.on("exit", (code, signal) => {
+      if (verbose) this.log(`Child process exited (code=${code}, signal=${signal})`);
+      this.evidenceStore.save();
+    });
+    this.child.on("error", (err) => {
+      this.log(`Child process error: ${err.message}`);
+    });
+  }
+  /**
+   * Process a JSON-RPC request programmatically (for HTTP transport).
+   * Returns a promise that resolves with the JSON-RPC response string.
+   */
+  async processRequest(jsonRpc) {
+    const REQUEST_TIMEOUT_MS = 3e4;
+    if (jsonRpc.method === "tools/call" && jsonRpc.id !== void 0) {
+      const blocked = await this.interceptToolCall(jsonRpc);
+      if (blocked) {
+        return JSON.stringify(blocked);
+      }
+    }
+    return new Promise((resolve, reject) => {
+      const id = jsonRpc.id;
+      if (id === void 0 || id === null) {
+        const modified2 = this.injectParamsCredentials(jsonRpc);
+        this.sendToChild(JSON.stringify(modified2));
+        resolve(JSON.stringify({ jsonrpc: "2.0", result: {}, id: null }));
+        return;
+      }
+      const timeout = setTimeout(() => {
+        this.pendingResponses.delete(id);
+        resolve(JSON.stringify({
+          jsonrpc: "2.0",
+          error: { code: -32e3, message: "Request timeout (30s)" },
+          id
+        }));
+      }, REQUEST_TIMEOUT_MS);
+      this.pendingResponses.set(id, { resolve, timeout });
+      const modified = this.injectParamsCredentials(jsonRpc);
+      this.sendToChild(JSON.stringify(modified));
+    });
+  }
   log(message) {
     process.stderr.write(`[PROTECT_MCP] ${message}
 `);

package/dist/index.mjs

@@ -1,9 +1,17 @@
+import {
+  formatSimulation,
+  parseLogFile,
+  simulate
+} from "./chunk-VWUN6AI6.mjs";
+import {
+  collectSignedReceipts,
+  createAuditBundle
+} from "./chunk-5JXFV37Y.mjs";
 import {
   ProtectGateway,
   buildDecisionContext,
   checkRateLimit,
   evaluateTier,
-  formatSimulation,
   getSignerInfo,
   getToolPolicy,
   initSigning,
@@ -11,18 +19,12 @@ import {
   listCredentialLabels,
   loadPolicy,
   meetsMinTier,
-  parseLogFile,
   parseRateLimit,
   queryExternalPDP,
   resolveCredential,
   signDecision,
-  simulate,
   validateCredentials
-} from "./chunk-WDCPUM2O.mjs";
-import {
-  collectSignedReceipts,
-  createAuditBundle
-} from "./chunk-5JXFV37Y.mjs";
+} from "./chunk-7HBHIKLN.mjs";
 import {
   formatReportMarkdown,
   generateReport

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "protect-mcp",
-  "version": "0.3.3",
+  "version": "0.4.1",
   "mcpName": "io.github.tomjwxf/protect-mcp",
   "description": "Security gateway for MCP servers. Shadow-mode logs, per-tool policies, optional local Ed25519-signed receipts. Programmatic hooks for trust tiers, credential config, and external policy engines.",
   "main": "dist/index.js",
@@ -49,7 +49,7 @@
     "claude-code"
   ],
   "author": "Tom Farley <tommy@scopeblind.com>",
-  "license": "FSL-1.1-MIT",
+  "license": "MIT",
   "homepage": "https://www.scopeblind.com",
   "repository": {
     "type": "git",