protect-mcp 0.4.2 → 0.4.4

package/dist/cli.mjs

@@ -3,13 +3,15 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-VWUN6AI6.mjs";
+} from "./chunk-VIA2B65K.mjs";
 import {
   ProtectGateway,
   initSigning,
+  isCedarAvailable,
+  loadCedarPolicies,
   loadPolicy,
   validateCredentials
-} from "./chunk-7HBHIKLN.mjs";
+} from "./chunk-VF3OCG4D.mjs";
 
 // src/cli.ts
 function printHelp() {
@@ -31,6 +33,7 @@ Usage:
 
 Options:
   --policy <path>   Policy/config JSON file (default: allow-all)
+  --cedar <dir>     Cedar policy directory (alternative to --policy, evaluates locally via WASM)
   --slug <slug>     ScopeBlind tenant slug (optional)
   --enforce         Enable enforcement mode (default: shadow mode)
   --http            Start HTTP/SSE server instead of stdio proxy
@@ -42,6 +45,7 @@ Commands:
   quickstart        Zero-config onboarding: init + demo + show receipts in one command
   init              Generate config template, Ed25519 keypair, and sample policy
   demo              Start a demo server wrapped with protect-mcp (see receipts instantly)
+  doctor            Check your setup: keys, policies, verifier, API connectivity
   trace <id>        Visualize the receipt DAG from a given receipt_id (ASCII tree)
   status            Show tool call statistics from the local decision log
   digest            Generate a human-readable summary of agent activity
@@ -64,6 +68,7 @@ Examples:
 }
 function parseArgs(argv) {
   let policyPath;
+  let cedarDir;
   let slug;
   let enforce = false;
   let verbose = false;
@@ -88,6 +93,8 @@ function parseArgs(argv) {
       process.exit(0);
     } else if (arg === "--policy" && i + 1 < options.length) {
       policyPath = options[++i];
+    } else if (arg === "--cedar" && i + 1 < options.length) {
+      cedarDir = options[++i];
     } else if (arg === "--slug" && i + 1 < options.length) {
       slug = options[++i];
     } else if (arg === "--enforce") {
@@ -99,7 +106,7 @@ function parseArgs(argv) {
 `);
     }
   }
-  return { policyPath, slug, enforce, verbose, childCommand };
+  return { policyPath, cedarDir, slug, enforce, verbose, childCommand };
 }
 async function handleInit(argv) {
   const { writeFileSync, existsSync, mkdirSync } = await import("fs");
@@ -733,7 +740,7 @@ async function handleTrace(argv) {
     process.stderr.write("[PROTECT_MCP] Usage: protect-mcp trace <receipt_id> [--endpoint <url>] [--depth <n>]\n");
     process.exit(1);
   }
-  let endpoint = "https://evidence-indexer.tomjwxf.workers.dev";
+  let endpoint = "https://api.scopeblind.com/evidence";
   let depth = 3;
   for (let i = 1; i < argv.length; i++) {
     if (argv[i] === "--endpoint" && argv[i + 1]) {
@@ -983,12 +990,57 @@ async function main() {
     await handleReport(args.slice(1));
     process.exit(0);
   }
-  const { policyPath, slug, enforce, verbose, childCommand } = parseArgs(args);
+  if (args[0] === "doctor") {
+    await handleDoctor();
+    process.exit(0);
+  }
+  const { policyPath, cedarDir, slug, enforce, verbose, childCommand } = parseArgs(args);
   let policy = null;
   let policyDigest = "none";
   let credentials;
   let signing;
-  if (policyPath) {
+  let cedarPolicySet = null;
+  let effectiveCedarDir = cedarDir;
+  if (!effectiveCedarDir && !policyPath) {
+    const { existsSync, readdirSync } = await import("fs");
+    for (const candidate of ["cedar", "policies", "."]) {
+      try {
+        if (existsSync(candidate) && readdirSync(candidate).some((f) => f.endsWith(".cedar"))) {
+          effectiveCedarDir = candidate;
+          process.stderr.write(`[PROTECT_MCP] Auto-detected Cedar policies in ./${candidate}/
+`);
+          break;
+        }
+      } catch {
+      }
+    }
+  }
+  if (effectiveCedarDir) {
+    try {
+      const cedarAvailable = await isCedarAvailable();
+      if (!cedarAvailable) {
+        process.stderr.write("[PROTECT_MCP] Warning: @cedar-policy/cedar-wasm not installed. Install with: npm install @cedar-policy/cedar-wasm\n");
+        process.stderr.write("[PROTECT_MCP] Cedar policies will be loaded but evaluated with fallback (allow-all).\n");
+      }
+      cedarPolicySet = loadCedarPolicies(effectiveCedarDir);
+      policyDigest = cedarPolicySet.digest;
+      policy = {
+        tools: { "*": { require: "any" } },
+        policy_engine: "cedar",
+        cedar_dir: effectiveCedarDir
+      };
+      process.stderr.write(`[PROTECT_MCP] Cedar policy engine: loaded ${cedarPolicySet.fileCount} policies from ${effectiveCedarDir} (digest: ${policyDigest})
+`);
+      if (verbose) {
+        process.stderr.write(`[PROTECT_MCP] Cedar files: ${cedarPolicySet.files.join(", ")}
+`);
+      }
+    } catch (err) {
+      process.stderr.write(`[PROTECT_MCP] Error loading Cedar policies: ${err instanceof Error ? err.message : err}
+`);
+      process.exit(1);
+    }
+  } else if (policyPath) {
     try {
       const loaded = loadPolicy(policyPath);
       policy = loaded.policy;
@@ -1034,11 +1086,14 @@ async function main() {
   if (useHttp) {
     const portIdx = args.indexOf("--port");
     const httpPort = portIdx >= 0 && args[portIdx + 1] ? parseInt(args[portIdx + 1]) : 3e3;
-    const { startHttpTransport } = await import("./http-transport-RIVV2RVQ.mjs");
+    const { startHttpTransport } = await import("./http-transport-VLIPOPIC.mjs");
     startHttpTransport({ port: httpPort, config, serverCommand: childCommand });
     return;
   }
   const gateway = new ProtectGateway(config);
+  if (cedarPolicySet) {
+    gateway.setCedarPolicies(cedarPolicySet);
+  }
   await gateway.start();
 }
 async function handleSimulate(args) {
@@ -1083,6 +1138,127 @@ async function handleSimulate(args) {
     process.stdout.write(formatSimulation(summary) + "\n");
   }
 }
+async function handleDoctor() {
+  const { existsSync, readFileSync, readdirSync } = await import("fs");
+  const { join } = await import("path");
+  const { execSync } = await import("child_process");
+  const green2 = (s) => `\x1B[32m\u2713\x1B[0m ${s}`;
+  const red2 = (s) => `\x1B[31m\u2717\x1B[0m ${s}`;
+  const yellow2 = (s) => `\x1B[33m\u26A0\x1B[0m ${s}`;
+  const dim2 = (s) => `\x1B[2m${s}\x1B[0m`;
+  process.stdout.write("\n\x1B[1mprotect-mcp doctor\x1B[0m\n");
+  process.stdout.write(dim2("Checking your ScopeBlind setup...\n\n"));
+  let issues = 0;
+  const nodeVersion = process.version;
+  const major = parseInt(nodeVersion.slice(1));
+  if (major >= 18) {
+    process.stdout.write(green2(`Node.js ${nodeVersion}
+`));
+  } else {
+    process.stdout.write(red2(`Node.js ${nodeVersion} \u2014 requires >= 18
+`));
+    issues++;
+  }
+  const configPath = join(process.cwd(), "scopeblind.config.json");
+  if (existsSync(configPath)) {
+    try {
+      const config = JSON.parse(readFileSync(configPath, "utf-8"));
+      if (config.signing?.private_key || config.signing?.key_file) {
+        process.stdout.write(green2("Signing keys configured\n"));
+      } else {
+        process.stdout.write(yellow2("Config found but no signing keys \u2014 run: protect-mcp init\n"));
+        issues++;
+      }
+    } catch {
+      process.stdout.write(red2("Invalid scopeblind.config.json\n"));
+      issues++;
+    }
+  } else {
+    process.stdout.write(yellow2("No scopeblind.config.json \u2014 run: protect-mcp init\n"));
+  }
+  let policyFound = false;
+  for (const dir of ["cedar", "policies", "."]) {
+    try {
+      if (existsSync(dir) && readdirSync(dir).some((f) => f.endsWith(".cedar"))) {
+        process.stdout.write(green2(`Cedar policies found in ./${dir}/
+`));
+        policyFound = true;
+        break;
+      }
+    } catch {
+    }
+  }
+  if (!policyFound) {
+    for (const name of ["policy.json", "protect-mcp.policy.json", "scopeblind-policy.json"]) {
+      if (existsSync(name)) {
+        process.stdout.write(green2(`JSON policy found: ${name}
+`));
+        policyFound = true;
+        break;
+      }
+    }
+  }
+  if (!policyFound) {
+    process.stdout.write(yellow2("No policy files found \u2014 running in shadow mode (allow all)\n"));
+  }
+  try {
+    const cedarAvailable = await isCedarAvailable();
+    if (cedarAvailable) {
+      process.stdout.write(green2("Cedar WASM engine available\n"));
+    } else {
+      process.stdout.write(dim2("  Cedar WASM not installed \u2014 install: npm install @cedar-policy/cedar-wasm\n"));
+    }
+  } catch {
+    process.stdout.write(dim2("  Cedar WASM not installed\n"));
+  }
+  const logFile = join(process.cwd(), "protect-mcp-decisions.jsonl");
+  const receiptFile = join(process.cwd(), "protect-mcp-receipts.jsonl");
+  if (existsSync(logFile)) {
+    try {
+      const lines = readFileSync(logFile, "utf-8").trim().split("\n").length;
+      process.stdout.write(green2(`Decision log: ${lines} entries
+`));
+    } catch {
+      process.stdout.write(green2("Decision log exists\n"));
+    }
+  } else {
+    process.stdout.write(dim2("  No decision log yet \u2014 will be created on first tool call\n"));
+  }
+  if (existsSync(receiptFile)) {
+    try {
+      const lines = readFileSync(receiptFile, "utf-8").trim().split("\n").length;
+      process.stdout.write(green2(`Receipt file: ${lines} signed receipts
+`));
+    } catch {
+      process.stdout.write(green2("Receipt file exists\n"));
+    }
+  }
+  try {
+    execSync("npx @veritasacta/verify --version 2>/dev/null", { stdio: "pipe", timeout: 1e4 });
+    process.stdout.write(green2("Verifier available: @veritasacta/verify\n"));
+  } catch {
+    process.stdout.write(dim2("  Verifier not cached \u2014 install: npm install -g @veritasacta/verify\n"));
+  }
+  try {
+    const res = await fetch("https://api.scopeblind.com/health", { signal: AbortSignal.timeout(5e3) });
+    if (res.ok) {
+      process.stdout.write(green2("ScopeBlind API reachable\n"));
+    } else {
+      process.stdout.write(yellow2("ScopeBlind API returned non-200 \u2014 receipts will be stored locally\n"));
+    }
+  } catch {
+    process.stdout.write(dim2("  ScopeBlind API not reachable \u2014 offline mode (receipts stored locally)\n"));
+  }
+  process.stdout.write("\n");
+  if (issues === 0) {
+    process.stdout.write("\x1B[32m\x1B[1mAll checks passed.\x1B[0m Ready to wrap MCP servers.\n");
+    process.stdout.write(dim2("\n  npx protect-mcp -- node your-server.js\n\n"));
+  } else {
+    process.stdout.write(`\x1B[33m\x1B[1m${issues} issue(s) found.\x1B[0m Fix them and run doctor again.
+
+`);
+  }
+}
 async function handleReport(args) {
   let period = 30;
   let format = "json";

package/dist/demo-server.d.mts

@@ -1 +1,107 @@
 #!/usr/bin/env node
+/**
+ * @scopeblind/protect-mcp — Built-in Demo MCP Server
+ *
+ * A minimal MCP server (JSON-RPC over stdio) that registers 5 demo tools.
+ * Used by `protect-mcp demo` to let users see receipts flowing
+ * without having their own MCP server.
+ *
+ * Tools:
+ *  - read_file    (safe, high-frequency)
+ *  - write_file   (medium risk)
+ *  - delete_file  (destructive, blocked by default policy)
+ *  - web_search   (rate-limited)
+ *  - deploy       (high-privilege)
+ */
+interface JsonRpcRequest {
+    jsonrpc: '2.0';
+    id?: string | number;
+    method: string;
+    params?: Record<string, unknown>;
+}
+declare function handleRequest(request: JsonRpcRequest): string;
+/**
+ * Smithery sandbox server — returns a minimal MCP server instance
+ * that Smithery can scan for tool/resource capabilities.
+ */
+declare function createSandboxServer(): {
+    tools: ({
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content?: undefined;
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content: {
+                    type: string;
+                    description: string;
+                };
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                query: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                environment: {
+                    type: string;
+                    description: string;
+                    enum: string[];
+                };
+                reason: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                query?: undefined;
+            };
+            required: string[];
+        };
+    })[];
+    handleRequest: typeof handleRequest;
+};
+
+export { createSandboxServer };

package/dist/demo-server.d.ts

@@ -1 +1,107 @@
 #!/usr/bin/env node
+/**
+ * @scopeblind/protect-mcp — Built-in Demo MCP Server
+ *
+ * A minimal MCP server (JSON-RPC over stdio) that registers 5 demo tools.
+ * Used by `protect-mcp demo` to let users see receipts flowing
+ * without having their own MCP server.
+ *
+ * Tools:
+ *  - read_file    (safe, high-frequency)
+ *  - write_file   (medium risk)
+ *  - delete_file  (destructive, blocked by default policy)
+ *  - web_search   (rate-limited)
+ *  - deploy       (high-privilege)
+ */
+interface JsonRpcRequest {
+    jsonrpc: '2.0';
+    id?: string | number;
+    method: string;
+    params?: Record<string, unknown>;
+}
+declare function handleRequest(request: JsonRpcRequest): string;
+/**
+ * Smithery sandbox server — returns a minimal MCP server instance
+ * that Smithery can scan for tool/resource capabilities.
+ */
+declare function createSandboxServer(): {
+    tools: ({
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content?: undefined;
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content: {
+                    type: string;
+                    description: string;
+                };
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                query: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                environment: {
+                    type: string;
+                    description: string;
+                    enum: string[];
+                };
+                reason: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                query?: undefined;
+            };
+            required: string[];
+        };
+    })[];
+    handleRequest: typeof handleRequest;
+};
+
+export { createSandboxServer };

package/dist/demo-server.js

@@ -1,7 +1,29 @@
 #!/usr/bin/env node
 "use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/demo-server.ts
+var demo_server_exports = {};
+__export(demo_server_exports, {
+  createSandboxServer: () => createSandboxServer
+});
+module.exports = __toCommonJS(demo_server_exports);
 var import_node_readline = require("readline");
 var TOOLS = [
   {
@@ -135,3 +157,13 @@ rl.on("line", (line) => {
   }
 });
 process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+function createSandboxServer() {
+  return {
+    tools: TOOLS,
+    handleRequest
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createSandboxServer
+});

package/dist/demo-server.mjs

@@ -1,136 +1,7 @@
 #!/usr/bin/env node
-
-// src/demo-server.ts
-import { createInterface } from "readline";
-var TOOLS = [
-  {
-    name: "read_file",
-    description: "Read the contents of a file",
-    inputSchema: {
-      type: "object",
-      properties: { path: { type: "string", description: "File path to read" } },
-      required: ["path"]
-    }
-  },
-  {
-    name: "write_file",
-    description: "Write content to a file",
-    inputSchema: {
-      type: "object",
-      properties: {
-        path: { type: "string", description: "File path to write" },
-        content: { type: "string", description: "Content to write" }
-      },
-      required: ["path", "content"]
-    }
-  },
-  {
-    name: "delete_file",
-    description: "Delete a file from the filesystem",
-    inputSchema: {
-      type: "object",
-      properties: { path: { type: "string", description: "File path to delete" } },
-      required: ["path"]
-    }
-  },
-  {
-    name: "web_search",
-    description: "Search the web for information",
-    inputSchema: {
-      type: "object",
-      properties: { query: { type: "string", description: "Search query" } },
-      required: ["query"]
-    }
-  },
-  {
-    name: "deploy",
-    description: "Deploy the application to production",
-    inputSchema: {
-      type: "object",
-      properties: {
-        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
-        reason: { type: "string", description: "Deployment reason" }
-      },
-      required: ["environment"]
-    }
-  }
-];
-function handleRequest(request) {
-  if (request.method === "initialize") {
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      result: {
-        protocolVersion: "2024-11-05",
-        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
-        capabilities: { tools: {} }
-      }
-    });
-  }
-  if (request.method === "notifications/initialized") {
-    return "";
-  }
-  if (request.method === "tools/list") {
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      result: { tools: TOOLS }
-    });
-  }
-  if (request.method === "tools/call") {
-    const toolName = request.params?.name || "unknown";
-    const args = request.params?.arguments || {};
-    let resultText;
-    switch (toolName) {
-      case "read_file":
-        resultText = `[demo] Read file: ${args.path || "/example.txt"}
-Contents: Hello from protect-mcp demo server!`;
-        break;
-      case "write_file":
-        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
-        break;
-      case "delete_file":
-        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
-        break;
-      case "web_search":
-        resultText = `[demo] Search results for "${args.query || "test"}":
-1. Example result \u2014 scopeblind.com
-2. MCP security \u2014 modelcontextprotocol.io`;
-        break;
-      case "deploy":
-        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
-        break;
-      default:
-        resultText = `[demo] Unknown tool: ${toolName}`;
-    }
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      result: {
-        content: [{ type: "text", text: resultText }]
-      }
-    });
-  }
-  if (request.id !== void 0) {
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      error: { code: -32601, message: `Method not found: ${request.method}` }
-    });
-  }
-  return "";
-}
-var rl = createInterface({ input: process.stdin, crlfDelay: Infinity });
-rl.on("line", (line) => {
-  const trimmed = line.trim();
-  if (!trimmed) return;
-  try {
-    const request = JSON.parse(trimmed);
-    const response = handleRequest(request);
-    if (response) {
-      process.stdout.write(response + "\n");
-    }
-  } catch {
-  }
-});
-process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+import {
+  createSandboxServer
+} from "./chunk-U76JZVH6.mjs";
+export {
+  createSandboxServer
+};

package/dist/{http-transport-RIVV2RVQ.mjs → http-transport-VLIPOPIC.mjs}

@@ -1,6 +1,6 @@
 import {
   ProtectGateway
-} from "./chunk-7HBHIKLN.mjs";
+} from "./chunk-VF3OCG4D.mjs";
 
 // src/http-transport.ts
 import { createServer } from "http";