protect-mcp 0.4.0 → 0.4.1

package/dist/{chunk-XMZWJOC3.mjs → chunk-7HBHIKLN.mjs}

@@ -814,6 +814,9 @@ var ProtectGateway = class {
   approvalNonce = randomBytes(16).toString("hex");
   currentTier = "unknown";
   admissionResult = null;
+  /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+  pendingResponses = /* @__PURE__ */ new Map();
+  httpMode = false;
   constructor(config) {
     this.config = config;
     this.logFilePath = join3(process.cwd(), LOG_FILE2);
@@ -1133,8 +1136,108 @@ var ProtectGateway = class {
     if (this.child?.stdin?.writable) this.child.stdin.write(message + "\n");
   }
   sendToClient(message) {
+    if (this.httpMode) {
+      try {
+        const parsed = JSON.parse(message);
+        if (parsed.id !== void 0 && parsed.id !== null) {
+          const pending = this.pendingResponses.get(parsed.id);
+          if (pending) {
+            clearTimeout(pending.timeout);
+            this.pendingResponses.delete(parsed.id);
+            pending.resolve(message);
+            return;
+          }
+        }
+      } catch {
+      }
+    }
     process.stdout.write(message + "\n");
   }
+  /**
+   * Enable HTTP transport mode.
+   * In this mode, sendToClient resolves pending promises instead of
+   * writing to stdout, and start() skips stdin reading.
+   */
+  enableHttpMode() {
+    this.httpMode = true;
+  }
+  /**
+   * Start in HTTP mode — spawns child process but does NOT read from
+   * process.stdin. Requests come in via processRequest() instead.
+   */
+  async startForHttp() {
+    this.httpMode = true;
+    const { command, args, verbose } = this.config;
+    const mode = this.config.enforce ? "enforce" : "shadow";
+    if (verbose) {
+      this.log(`Starting gateway in ${mode} mode (HTTP transport)`);
+      this.log(`Wrapping: ${command} ${args.join(" ")}`);
+    }
+    this.log(`Approval nonce: ${this.approvalNonce}`);
+    const childEnv = { ...process.env };
+    if (this.config.credentials) {
+      for (const [label, credConfig] of Object.entries(this.config.credentials)) {
+        if (credConfig.inject === "env" && credConfig.name && credConfig.value_env) {
+          const envValue = process.env[credConfig.value_env];
+          if (envValue) {
+            childEnv[credConfig.name] = envValue;
+            if (verbose) this.log(`Credential "${label}": injected as env var "${credConfig.name}"`);
+          }
+        }
+      }
+    }
+    this.child = spawn(command, args, { stdio: ["pipe", "pipe", "pipe"], env: childEnv });
+    if (!this.child.stdin || !this.child.stdout || !this.child.stderr) {
+      throw new Error("Failed to create pipes to child process");
+    }
+    this.child.stderr.on("data", (data) => {
+      process.stderr.write(data);
+    });
+    const childReader = createInterface({ input: this.child.stdout, crlfDelay: Infinity });
+    childReader.on("line", (line) => {
+      this.handleServerMessage(line);
+    });
+    this.child.on("exit", (code, signal) => {
+      if (verbose) this.log(`Child process exited (code=${code}, signal=${signal})`);
+      this.evidenceStore.save();
+    });
+    this.child.on("error", (err) => {
+      this.log(`Child process error: ${err.message}`);
+    });
+  }
+  /**
+   * Process a JSON-RPC request programmatically (for HTTP transport).
+   * Returns a promise that resolves with the JSON-RPC response string.
+   */
+  async processRequest(jsonRpc) {
+    const REQUEST_TIMEOUT_MS = 3e4;
+    if (jsonRpc.method === "tools/call" && jsonRpc.id !== void 0) {
+      const blocked = await this.interceptToolCall(jsonRpc);
+      if (blocked) {
+        return JSON.stringify(blocked);
+      }
+    }
+    return new Promise((resolve, reject) => {
+      const id = jsonRpc.id;
+      if (id === void 0 || id === null) {
+        const modified2 = this.injectParamsCredentials(jsonRpc);
+        this.sendToChild(JSON.stringify(modified2));
+        resolve(JSON.stringify({ jsonrpc: "2.0", result: {}, id: null }));
+        return;
+      }
+      const timeout = setTimeout(() => {
+        this.pendingResponses.delete(id);
+        resolve(JSON.stringify({
+          jsonrpc: "2.0",
+          error: { code: -32e3, message: "Request timeout (30s)" },
+          id
+        }));
+      }, REQUEST_TIMEOUT_MS);
+      this.pendingResponses.set(id, { resolve, timeout });
+      const modified = this.injectParamsCredentials(jsonRpc);
+      this.sendToChild(JSON.stringify(modified));
+    });
+  }
   log(message) {
     process.stderr.write(`[PROTECT_MCP] ${message}
 `);

package/dist/{chunk-UW2SGWCJ.mjs → chunk-VWUN6AI6.mjs}

@@ -3,7 +3,7 @@ import {
   getToolPolicy,
   meetsMinTier,
   parseRateLimit
-} from "./chunk-XMZWJOC3.mjs";
+} from "./chunk-7HBHIKLN.mjs";
 
 // src/simulate.ts
 import { readFileSync } from "fs";

package/dist/cli.js

@@ -883,6 +883,9 @@ var init_gateway = __esm({
       approvalNonce = (0, import_node_crypto2.randomBytes)(16).toString("hex");
       currentTier = "unknown";
       admissionResult = null;
+      /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+      pendingResponses = /* @__PURE__ */ new Map();
+      httpMode = false;
       constructor(config) {
         this.config = config;
         this.logFilePath = (0, import_node_path3.join)(process.cwd(), LOG_FILE2);
@@ -1202,8 +1205,108 @@ var init_gateway = __esm({
         if (this.child?.stdin?.writable) this.child.stdin.write(message + "\n");
       }
       sendToClient(message) {
+        if (this.httpMode) {
+          try {
+            const parsed = JSON.parse(message);
+            if (parsed.id !== void 0 && parsed.id !== null) {
+              const pending = this.pendingResponses.get(parsed.id);
+              if (pending) {
+                clearTimeout(pending.timeout);
+                this.pendingResponses.delete(parsed.id);
+                pending.resolve(message);
+                return;
+              }
+            }
+          } catch {
+          }
+        }
         process.stdout.write(message + "\n");
       }
+      /**
+       * Enable HTTP transport mode.
+       * In this mode, sendToClient resolves pending promises instead of
+       * writing to stdout, and start() skips stdin reading.
+       */
+      enableHttpMode() {
+        this.httpMode = true;
+      }
+      /**
+       * Start in HTTP mode — spawns child process but does NOT read from
+       * process.stdin. Requests come in via processRequest() instead.
+       */
+      async startForHttp() {
+        this.httpMode = true;
+        const { command, args, verbose } = this.config;
+        const mode = this.config.enforce ? "enforce" : "shadow";
+        if (verbose) {
+          this.log(`Starting gateway in ${mode} mode (HTTP transport)`);
+          this.log(`Wrapping: ${command} ${args.join(" ")}`);
+        }
+        this.log(`Approval nonce: ${this.approvalNonce}`);
+        const childEnv = { ...process.env };
+        if (this.config.credentials) {
+          for (const [label, credConfig] of Object.entries(this.config.credentials)) {
+            if (credConfig.inject === "env" && credConfig.name && credConfig.value_env) {
+              const envValue = process.env[credConfig.value_env];
+              if (envValue) {
+                childEnv[credConfig.name] = envValue;
+                if (verbose) this.log(`Credential "${label}": injected as env var "${credConfig.name}"`);
+              }
+            }
+          }
+        }
+        this.child = (0, import_node_child_process.spawn)(command, args, { stdio: ["pipe", "pipe", "pipe"], env: childEnv });
+        if (!this.child.stdin || !this.child.stdout || !this.child.stderr) {
+          throw new Error("Failed to create pipes to child process");
+        }
+        this.child.stderr.on("data", (data) => {
+          process.stderr.write(data);
+        });
+        const childReader = (0, import_node_readline.createInterface)({ input: this.child.stdout, crlfDelay: Infinity });
+        childReader.on("line", (line) => {
+          this.handleServerMessage(line);
+        });
+        this.child.on("exit", (code, signal) => {
+          if (verbose) this.log(`Child process exited (code=${code}, signal=${signal})`);
+          this.evidenceStore.save();
+        });
+        this.child.on("error", (err) => {
+          this.log(`Child process error: ${err.message}`);
+        });
+      }
+      /**
+       * Process a JSON-RPC request programmatically (for HTTP transport).
+       * Returns a promise that resolves with the JSON-RPC response string.
+       */
+      async processRequest(jsonRpc) {
+        const REQUEST_TIMEOUT_MS = 3e4;
+        if (jsonRpc.method === "tools/call" && jsonRpc.id !== void 0) {
+          const blocked = await this.interceptToolCall(jsonRpc);
+          if (blocked) {
+            return JSON.stringify(blocked);
+          }
+        }
+        return new Promise((resolve, reject) => {
+          const id = jsonRpc.id;
+          if (id === void 0 || id === null) {
+            const modified2 = this.injectParamsCredentials(jsonRpc);
+            this.sendToChild(JSON.stringify(modified2));
+            resolve(JSON.stringify({ jsonrpc: "2.0", result: {}, id: null }));
+            return;
+          }
+          const timeout = setTimeout(() => {
+            this.pendingResponses.delete(id);
+            resolve(JSON.stringify({
+              jsonrpc: "2.0",
+              error: { code: -32e3, message: "Request timeout (30s)" },
+              id
+            }));
+          }, REQUEST_TIMEOUT_MS);
+          this.pendingResponses.set(id, { resolve, timeout });
+          const modified = this.injectParamsCredentials(jsonRpc);
+          this.sendToChild(JSON.stringify(modified));
+        });
+      }
       log(message) {
         process.stderr.write(`[PROTECT_MCP] ${message}
 `);
@@ -3893,15 +3996,22 @@ var http_transport_exports = {};
 __export(http_transport_exports, {
   startHttpTransport: () => startHttpTransport
 });
-function startHttpTransport(options) {
+async function startHttpTransport(options) {
   const { port, config, serverCommand } = options;
   const sseClients = /* @__PURE__ */ new Set();
-  const gateway = new ProtectGateway(config);
+  const httpConfig = {
+    ...config,
+    command: serverCommand[0],
+    args: serverCommand.slice(1)
+  };
+  const gateway = new ProtectGateway(httpConfig);
+  await gateway.startForHttp();
   const server = (0, import_node_http2.createServer)(async (req, res) => {
     const origin = req.headers.origin || "*";
     res.setHeader("Access-Control-Allow-Origin", origin);
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id");
+    res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
     res.setHeader("Access-Control-Allow-Credentials", "true");
     if (req.method === "OPTIONS") {
       res.writeHead(204);
@@ -3914,9 +4024,10 @@ function startHttpTransport(options) {
       res.end(JSON.stringify({
         status: "ok",
         server: "protect-mcp",
-        version: "0.3.3",
-        transport: "http",
-        mode: config.policy ? config.enforce ? "enforce" : "shadow" : "shadow"
+        version: "0.4.0",
+        transport: "streamable-http",
+        mode: config.policy ? config.enforce ? "enforce" : "shadow" : "shadow",
+        wrapping: serverCommand.join(" ")
       }));
       return;
     }
@@ -3942,28 +4053,35 @@ function startHttpTransport(options) {
         try {
           const jsonRpc = JSON.parse(body);
           const acceptSSE = (req.headers.accept || "").includes("text/event-stream");
+          const responseStr = await gateway.processRequest(jsonRpc);
+          const response = JSON.parse(responseStr);
           if (acceptSSE) {
             res.writeHead(200, {
               "Content-Type": "text/event-stream",
               "Cache-Control": "no-cache"
             });
-            const response = await processJsonRpc(gateway, jsonRpc, config, serverCommand);
             res.write(`data: ${JSON.stringify(response)}
 
 `);
             res.end();
           } else {
-            const response = await processJsonRpc(gateway, jsonRpc, config, serverCommand);
             res.writeHead(200, { "Content-Type": "application/json" });
             res.end(JSON.stringify(response));
           }
-          for (const client of sseClients) {
-            try {
-              client.write(`data: ${JSON.stringify({ type: "decision", request: jsonRpc, timestamp: (/* @__PURE__ */ new Date()).toISOString() })}
+          if (jsonRpc.method === "tools/call") {
+            const event = {
+              type: "decision",
+              tool: jsonRpc.params?.name,
+              timestamp: (/* @__PURE__ */ new Date()).toISOString()
+            };
+            for (const client of sseClients) {
+              try {
+                client.write(`data: ${JSON.stringify(event)}
 
 `);
-            } catch {
-              sseClients.delete(client);
+              } catch {
+                sseClients.delete(client);
+              }
             }
           }
         } catch (err) {
@@ -3977,24 +4095,43 @@ function startHttpTransport(options) {
       });
       return;
     }
+    if (url.pathname === "/mcp" && req.method === "DELETE") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ status: "session_closed" }));
+      return;
+    }
     res.writeHead(404, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ error: "not_found", endpoints: ["/mcp", "/mcp/sse", "/health"] }));
+    res.end(JSON.stringify({
+      error: "not_found",
+      endpoints: [
+        "POST /mcp          \u2014 JSON-RPC endpoint (Streamable HTTP)",
+        "GET  /mcp/sse      \u2014 Server-Sent Events stream",
+        "GET  /health       \u2014 Health check",
+        "DELETE /mcp        \u2014 Close session"
+      ]
+    }));
   });
   server.listen(port, () => {
     process.stderr.write(`
-protect-mcp HTTP server listening on port ${port}
+[PROTECT_MCP] HTTP transport listening on http://0.0.0.0:${port}
 `);
-    process.stderr.write(`  POST /mcp          \u2014 JSON-RPC endpoint (Streamable HTTP)
+    process.stderr.write(`  POST   /mcp        \u2014 JSON-RPC (Streamable HTTP)
 `);
-    process.stderr.write(`  GET  /mcp/sse      \u2014 Server-Sent Events stream
+    process.stderr.write(`  GET    /mcp/sse    \u2014 Server-Sent Events
 `);
-    process.stderr.write(`  GET  /health       \u2014 Health check
+    process.stderr.write(`  GET    /health     \u2014 Health check
+`);
+    process.stderr.write(`  DELETE /mcp        \u2014 Close session
+`);
+    process.stderr.write(`
+  Wrapping: ${serverCommand.join(" ")}
+`);
+    process.stderr.write(`  Mode: ${config.enforce ? "enforce" : "shadow"}
 
 `);
   });
-  gateway.start(serverCommand[0], serverCommand.slice(1));
-  process.on("SIGINT", () => {
-    process.stderr.write("\nShutting down HTTP transport...\n");
+  const shutdown = () => {
+    process.stderr.write("\n[PROTECT_MCP] Shutting down HTTP transport...\n");
     for (const client of sseClients) {
       try {
         client.end();
@@ -4002,18 +4139,10 @@ protect-mcp HTTP server listening on port ${port}
       }
     }
     server.close();
-    process.exit(0);
-  });
-}
-async function processJsonRpc(gateway, request, config, serverCommand) {
-  return {
-    jsonrpc: "2.0",
-    result: {
-      message: "Request processed by protect-mcp HTTP transport",
-      mode: config.enforce ? "enforce" : "shadow"
-    },
-    id: request.id || null
+    gateway.stop();
   };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
 }
 var import_node_http2;
 var init_http_transport = __esm({

package/dist/cli.mjs

@@ -3,13 +3,13 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-UW2SGWCJ.mjs";
+} from "./chunk-VWUN6AI6.mjs";
 import {
   ProtectGateway,
   initSigning,
   loadPolicy,
   validateCredentials
-} from "./chunk-XMZWJOC3.mjs";
+} from "./chunk-7HBHIKLN.mjs";
 
 // src/cli.ts
 function printHelp() {
@@ -1028,7 +1028,7 @@ async function main() {
   if (useHttp) {
     const portIdx = args.indexOf("--port");
     const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
-    const { startHttpTransport } = await import("./http-transport-S7YXXMD3.mjs");
+    const { startHttpTransport } = await import("./http-transport-RIVV2RVQ.mjs");
     startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
     return;
   }

package/dist/{http-transport-S7YXXMD3.mjs → http-transport-RIVV2RVQ.mjs}

@@ -1,18 +1,25 @@
 import {
   ProtectGateway
-} from "./chunk-XMZWJOC3.mjs";
+} from "./chunk-7HBHIKLN.mjs";
 
 // src/http-transport.ts
 import { createServer } from "http";
-function startHttpTransport(options) {
+async function startHttpTransport(options) {
   const { port, config, serverCommand } = options;
   const sseClients = /* @__PURE__ */ new Set();
-  const gateway = new ProtectGateway(config);
+  const httpConfig = {
+    ...config,
+    command: serverCommand[0],
+    args: serverCommand.slice(1)
+  };
+  const gateway = new ProtectGateway(httpConfig);
+  await gateway.startForHttp();
   const server = createServer(async (req, res) => {
     const origin = req.headers.origin || "*";
     res.setHeader("Access-Control-Allow-Origin", origin);
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Mcp-Session-Id");
+    res.setHeader("Access-Control-Expose-Headers", "Mcp-Session-Id");
     res.setHeader("Access-Control-Allow-Credentials", "true");
     if (req.method === "OPTIONS") {
       res.writeHead(204);
@@ -25,9 +32,10 @@ function startHttpTransport(options) {
       res.end(JSON.stringify({
         status: "ok",
         server: "protect-mcp",
-        version: "0.3.3",
-        transport: "http",
-        mode: config.policy ? config.enforce ? "enforce" : "shadow" : "shadow"
+        version: "0.4.0",
+        transport: "streamable-http",
+        mode: config.policy ? config.enforce ? "enforce" : "shadow" : "shadow",
+        wrapping: serverCommand.join(" ")
       }));
       return;
     }
@@ -53,28 +61,35 @@ function startHttpTransport(options) {
         try {
           const jsonRpc = JSON.parse(body);
           const acceptSSE = (req.headers.accept || "").includes("text/event-stream");
+          const responseStr = await gateway.processRequest(jsonRpc);
+          const response = JSON.parse(responseStr);
           if (acceptSSE) {
             res.writeHead(200, {
               "Content-Type": "text/event-stream",
               "Cache-Control": "no-cache"
             });
-            const response = await processJsonRpc(gateway, jsonRpc, config, serverCommand);
             res.write(`data: ${JSON.stringify(response)}
 
 `);
             res.end();
           } else {
-            const response = await processJsonRpc(gateway, jsonRpc, config, serverCommand);
             res.writeHead(200, { "Content-Type": "application/json" });
             res.end(JSON.stringify(response));
           }
-          for (const client of sseClients) {
-            try {
-              client.write(`data: ${JSON.stringify({ type: "decision", request: jsonRpc, timestamp: (/* @__PURE__ */ new Date()).toISOString() })}
+          if (jsonRpc.method === "tools/call") {
+            const event = {
+              type: "decision",
+              tool: jsonRpc.params?.name,
+              timestamp: (/* @__PURE__ */ new Date()).toISOString()
+            };
+            for (const client of sseClients) {
+              try {
+                client.write(`data: ${JSON.stringify(event)}
 
 `);
-            } catch {
-              sseClients.delete(client);
+              } catch {
+                sseClients.delete(client);
+              }
             }
           }
         } catch (err) {
@@ -88,24 +103,43 @@ function startHttpTransport(options) {
       });
       return;
     }
+    if (url.pathname === "/mcp" && req.method === "DELETE") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ status: "session_closed" }));
+      return;
+    }
     res.writeHead(404, { "Content-Type": "application/json" });
-    res.end(JSON.stringify({ error: "not_found", endpoints: ["/mcp", "/mcp/sse", "/health"] }));
+    res.end(JSON.stringify({
+      error: "not_found",
+      endpoints: [
+        "POST /mcp          \u2014 JSON-RPC endpoint (Streamable HTTP)",
+        "GET  /mcp/sse      \u2014 Server-Sent Events stream",
+        "GET  /health       \u2014 Health check",
+        "DELETE /mcp        \u2014 Close session"
+      ]
+    }));
   });
   server.listen(port, () => {
     process.stderr.write(`
-protect-mcp HTTP server listening on port ${port}
+[PROTECT_MCP] HTTP transport listening on http://0.0.0.0:${port}
+`);
+    process.stderr.write(`  POST   /mcp        \u2014 JSON-RPC (Streamable HTTP)
 `);
-    process.stderr.write(`  POST /mcp          \u2014 JSON-RPC endpoint (Streamable HTTP)
+    process.stderr.write(`  GET    /mcp/sse    \u2014 Server-Sent Events
 `);
-    process.stderr.write(`  GET  /mcp/sse      \u2014 Server-Sent Events stream
+    process.stderr.write(`  GET    /health     \u2014 Health check
 `);
-    process.stderr.write(`  GET  /health       \u2014 Health check
+    process.stderr.write(`  DELETE /mcp        \u2014 Close session
+`);
+    process.stderr.write(`
+  Wrapping: ${serverCommand.join(" ")}
+`);
+    process.stderr.write(`  Mode: ${config.enforce ? "enforce" : "shadow"}
 
 `);
   });
-  gateway.start(serverCommand[0], serverCommand.slice(1));
-  process.on("SIGINT", () => {
-    process.stderr.write("\nShutting down HTTP transport...\n");
+  const shutdown = () => {
+    process.stderr.write("\n[PROTECT_MCP] Shutting down HTTP transport...\n");
     for (const client of sseClients) {
       try {
         client.end();
@@ -113,18 +147,10 @@ protect-mcp HTTP server listening on port ${port}
       }
     }
     server.close();
-    process.exit(0);
-  });
-}
-async function processJsonRpc(gateway, request, config, serverCommand) {
-  return {
-    jsonrpc: "2.0",
-    result: {
-      message: "Request processed by protect-mcp HTTP transport",
-      mode: config.enforce ? "enforce" : "shadow"
-    },
-    id: request.id || null
+    gateway.stop();
   };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
 }
 export {
   startHttpTransport

package/dist/index.d.mts

@@ -316,6 +316,9 @@ declare class ProtectGateway {
     private readonly approvalNonce;
     private currentTier;
     private admissionResult;
+    /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+    private pendingResponses;
+    private httpMode;
     constructor(config: ProtectConfig);
     start(): Promise<void>;
     setManifest(manifest: ManifestPresentation | null): AdmissionResult;
@@ -329,6 +332,22 @@ declare class ProtectGateway {
     private makeErrorResponse;
     private sendToChild;
     private sendToClient;
+    /**
+     * Enable HTTP transport mode.
+     * In this mode, sendToClient resolves pending promises instead of
+     * writing to stdout, and start() skips stdin reading.
+     */
+    enableHttpMode(): void;
+    /**
+     * Start in HTTP mode — spawns child process but does NOT read from
+     * process.stdin. Requests come in via processRequest() instead.
+     */
+    startForHttp(): Promise<void>;
+    /**
+     * Process a JSON-RPC request programmatically (for HTTP transport).
+     * Returns a promise that resolves with the JSON-RPC response string.
+     */
+    processRequest(jsonRpc: JsonRpcRequest): Promise<string>;
     private log;
     stop(): void;
 }

package/dist/index.d.ts

@@ -316,6 +316,9 @@ declare class ProtectGateway {
     private readonly approvalNonce;
     private currentTier;
     private admissionResult;
+    /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+    private pendingResponses;
+    private httpMode;
     constructor(config: ProtectConfig);
     start(): Promise<void>;
     setManifest(manifest: ManifestPresentation | null): AdmissionResult;
@@ -329,6 +332,22 @@ declare class ProtectGateway {
     private makeErrorResponse;
     private sendToChild;
     private sendToClient;
+    /**
+     * Enable HTTP transport mode.
+     * In this mode, sendToClient resolves pending promises instead of
+     * writing to stdout, and start() skips stdin reading.
+     */
+    enableHttpMode(): void;
+    /**
+     * Start in HTTP mode — spawns child process but does NOT read from
+     * process.stdin. Requests come in via processRequest() instead.
+     */
+    startForHttp(): Promise<void>;
+    /**
+     * Process a JSON-RPC request programmatically (for HTTP transport).
+     * Returns a promise that resolves with the JSON-RPC response string.
+     */
+    processRequest(jsonRpc: JsonRpcRequest): Promise<string>;
     private log;
     stop(): void;
 }

package/dist/index.js

@@ -868,6 +868,9 @@ var ProtectGateway = class {
   approvalNonce = (0, import_node_crypto2.randomBytes)(16).toString("hex");
   currentTier = "unknown";
   admissionResult = null;
+  /** HTTP transport mode: pending response resolvers keyed by JSON-RPC id */
+  pendingResponses = /* @__PURE__ */ new Map();
+  httpMode = false;
   constructor(config) {
     this.config = config;
     this.logFilePath = (0, import_node_path3.join)(process.cwd(), LOG_FILE2);
@@ -1187,8 +1190,108 @@ var ProtectGateway = class {
     if (this.child?.stdin?.writable) this.child.stdin.write(message + "\n");
   }
   sendToClient(message) {
+    if (this.httpMode) {
+      try {
+        const parsed = JSON.parse(message);
+        if (parsed.id !== void 0 && parsed.id !== null) {
+          const pending = this.pendingResponses.get(parsed.id);
+          if (pending) {
+            clearTimeout(pending.timeout);
+            this.pendingResponses.delete(parsed.id);
+            pending.resolve(message);
+            return;
+          }
+        }
+      } catch {
+      }
+    }
     process.stdout.write(message + "\n");
   }
+  /**
+   * Enable HTTP transport mode.
+   * In this mode, sendToClient resolves pending promises instead of
+   * writing to stdout, and start() skips stdin reading.
+   */
+  enableHttpMode() {
+    this.httpMode = true;
+  }
+  /**
+   * Start in HTTP mode — spawns child process but does NOT read from
+   * process.stdin. Requests come in via processRequest() instead.
+   */
+  async startForHttp() {
+    this.httpMode = true;
+    const { command, args, verbose } = this.config;
+    const mode = this.config.enforce ? "enforce" : "shadow";
+    if (verbose) {
+      this.log(`Starting gateway in ${mode} mode (HTTP transport)`);
+      this.log(`Wrapping: ${command} ${args.join(" ")}`);
+    }
+    this.log(`Approval nonce: ${this.approvalNonce}`);
+    const childEnv = { ...process.env };
+    if (this.config.credentials) {
+      for (const [label, credConfig] of Object.entries(this.config.credentials)) {
+        if (credConfig.inject === "env" && credConfig.name && credConfig.value_env) {
+          const envValue = process.env[credConfig.value_env];
+          if (envValue) {
+            childEnv[credConfig.name] = envValue;
+            if (verbose) this.log(`Credential "${label}": injected as env var "${credConfig.name}"`);
+          }
+        }
+      }
+    }
+    this.child = (0, import_node_child_process.spawn)(command, args, { stdio: ["pipe", "pipe", "pipe"], env: childEnv });
+    if (!this.child.stdin || !this.child.stdout || !this.child.stderr) {
+      throw new Error("Failed to create pipes to child process");
+    }
+    this.child.stderr.on("data", (data) => {
+      process.stderr.write(data);
+    });
+    const childReader = (0, import_node_readline.createInterface)({ input: this.child.stdout, crlfDelay: Infinity });
+    childReader.on("line", (line) => {
+      this.handleServerMessage(line);
+    });
+    this.child.on("exit", (code, signal) => {
+      if (verbose) this.log(`Child process exited (code=${code}, signal=${signal})`);
+      this.evidenceStore.save();
+    });
+    this.child.on("error", (err) => {
+      this.log(`Child process error: ${err.message}`);
+    });
+  }
+  /**
+   * Process a JSON-RPC request programmatically (for HTTP transport).
+   * Returns a promise that resolves with the JSON-RPC response string.
+   */
+  async processRequest(jsonRpc) {
+    const REQUEST_TIMEOUT_MS = 3e4;
+    if (jsonRpc.method === "tools/call" && jsonRpc.id !== void 0) {
+      const blocked = await this.interceptToolCall(jsonRpc);
+      if (blocked) {
+        return JSON.stringify(blocked);
+      }
+    }
+    return new Promise((resolve, reject) => {
+      const id = jsonRpc.id;
+      if (id === void 0 || id === null) {
+        const modified2 = this.injectParamsCredentials(jsonRpc);
+        this.sendToChild(JSON.stringify(modified2));
+        resolve(JSON.stringify({ jsonrpc: "2.0", result: {}, id: null }));
+        return;
+      }
+      const timeout = setTimeout(() => {
+        this.pendingResponses.delete(id);
+        resolve(JSON.stringify({
+          jsonrpc: "2.0",
+          error: { code: -32e3, message: "Request timeout (30s)" },
+          id
+        }));
+      }, REQUEST_TIMEOUT_MS);
+      this.pendingResponses.set(id, { resolve, timeout });
+      const modified = this.injectParamsCredentials(jsonRpc);
+      this.sendToChild(JSON.stringify(modified));
+    });
+  }
   log(message) {
     process.stderr.write(`[PROTECT_MCP] ${message}
 `);

package/dist/index.mjs

@@ -2,7 +2,7 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-UW2SGWCJ.mjs";
+} from "./chunk-VWUN6AI6.mjs";
 import {
   collectSignedReceipts,
   createAuditBundle
@@ -24,7 +24,7 @@ import {
   resolveCredential,
   signDecision,
   validateCredentials
-} from "./chunk-XMZWJOC3.mjs";
+} from "./chunk-7HBHIKLN.mjs";
 import {
   formatReportMarkdown,
   generateReport

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "protect-mcp",
-  "version": "0.4.0",
+  "version": "0.4.1",
   "mcpName": "io.github.tomjwxf/protect-mcp",
   "description": "Security gateway for MCP servers. Shadow-mode logs, per-tool policies, optional local Ed25519-signed receipts. Programmatic hooks for trust tiers, credential config, and external policy engines.",
   "main": "dist/index.js",