protect-mcp 0.4.3 → 0.4.4

package/README.md

@@ -254,4 +254,4 @@ Supports OPA, Cerbos, Cedar (AWS AgentCore), and generic HTTP endpoints:
 
 MIT — free to use, modify, distribute, and build upon without restriction.
 
-[scopeblind.com](https://scopeblind.com) · [npm](https://www.npmjs.com/package/protect-mcp) · [GitHub](https://github.com/scopeblind/ScopeBlindD2) · [IETF Draft](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/)
+[scopeblind.com](https://scopeblind.com) · [npm](https://www.npmjs.com/package/protect-mcp) · [GitHub](https://github.com/scopeblind/scopeblind-gateway) · [IETF Draft](https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/)

package/dist/chunk-U76JZVH6.mjs

@@ -0,0 +1,144 @@
+// src/demo-server.ts
+import { createInterface } from "readline";
+var TOOLS = [
+  {
+    name: "read_file",
+    description: "Read the contents of a file",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to read" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write content to a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path to write" },
+        content: { type: "string", description: "Content to write" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "delete_file",
+    description: "Delete a file from the filesystem",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to delete" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "web_search",
+    description: "Search the web for information",
+    inputSchema: {
+      type: "object",
+      properties: { query: { type: "string", description: "Search query" } },
+      required: ["query"]
+    }
+  },
+  {
+    name: "deploy",
+    description: "Deploy the application to production",
+    inputSchema: {
+      type: "object",
+      properties: {
+        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
+        reason: { type: "string", description: "Deployment reason" }
+      },
+      required: ["environment"]
+    }
+  }
+];
+function handleRequest(request) {
+  if (request.method === "initialize") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        protocolVersion: "2024-11-05",
+        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        capabilities: { tools: {} }
+      }
+    });
+  }
+  if (request.method === "notifications/initialized") {
+    return "";
+  }
+  if (request.method === "tools/list") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: { tools: TOOLS }
+    });
+  }
+  if (request.method === "tools/call") {
+    const toolName = request.params?.name || "unknown";
+    const args = request.params?.arguments || {};
+    let resultText;
+    switch (toolName) {
+      case "read_file":
+        resultText = `[demo] Read file: ${args.path || "/example.txt"}
+Contents: Hello from protect-mcp demo server!`;
+        break;
+      case "write_file":
+        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
+        break;
+      case "delete_file":
+        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
+        break;
+      case "web_search":
+        resultText = `[demo] Search results for "${args.query || "test"}":
+1. Example result \u2014 scopeblind.com
+2. MCP security \u2014 modelcontextprotocol.io`;
+        break;
+      case "deploy":
+        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
+        break;
+      default:
+        resultText = `[demo] Unknown tool: ${toolName}`;
+    }
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        content: [{ type: "text", text: resultText }]
+      }
+    });
+  }
+  if (request.id !== void 0) {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      error: { code: -32601, message: `Method not found: ${request.method}` }
+    });
+  }
+  return "";
+}
+var rl = createInterface({ input: process.stdin, crlfDelay: Infinity });
+rl.on("line", (line) => {
+  const trimmed = line.trim();
+  if (!trimmed) return;
+  try {
+    const request = JSON.parse(trimmed);
+    const response = handleRequest(request);
+    if (response) {
+      process.stdout.write(response + "\n");
+    }
+  } catch {
+  }
+});
+process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+function createSandboxServer() {
+  return {
+    tools: TOOLS,
+    handleRequest
+  };
+}
+
+export {
+  createSandboxServer
+};

package/dist/demo-server.d.mts

@@ -1 +1,107 @@
 #!/usr/bin/env node
+/**
+ * @scopeblind/protect-mcp — Built-in Demo MCP Server
+ *
+ * A minimal MCP server (JSON-RPC over stdio) that registers 5 demo tools.
+ * Used by `protect-mcp demo` to let users see receipts flowing
+ * without having their own MCP server.
+ *
+ * Tools:
+ *  - read_file    (safe, high-frequency)
+ *  - write_file   (medium risk)
+ *  - delete_file  (destructive, blocked by default policy)
+ *  - web_search   (rate-limited)
+ *  - deploy       (high-privilege)
+ */
+interface JsonRpcRequest {
+    jsonrpc: '2.0';
+    id?: string | number;
+    method: string;
+    params?: Record<string, unknown>;
+}
+declare function handleRequest(request: JsonRpcRequest): string;
+/**
+ * Smithery sandbox server — returns a minimal MCP server instance
+ * that Smithery can scan for tool/resource capabilities.
+ */
+declare function createSandboxServer(): {
+    tools: ({
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content?: undefined;
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content: {
+                    type: string;
+                    description: string;
+                };
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                query: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                environment: {
+                    type: string;
+                    description: string;
+                    enum: string[];
+                };
+                reason: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                query?: undefined;
+            };
+            required: string[];
+        };
+    })[];
+    handleRequest: typeof handleRequest;
+};
+
+export { createSandboxServer };

package/dist/demo-server.d.ts

@@ -1 +1,107 @@
 #!/usr/bin/env node
+/**
+ * @scopeblind/protect-mcp — Built-in Demo MCP Server
+ *
+ * A minimal MCP server (JSON-RPC over stdio) that registers 5 demo tools.
+ * Used by `protect-mcp demo` to let users see receipts flowing
+ * without having their own MCP server.
+ *
+ * Tools:
+ *  - read_file    (safe, high-frequency)
+ *  - write_file   (medium risk)
+ *  - delete_file  (destructive, blocked by default policy)
+ *  - web_search   (rate-limited)
+ *  - deploy       (high-privilege)
+ */
+interface JsonRpcRequest {
+    jsonrpc: '2.0';
+    id?: string | number;
+    method: string;
+    params?: Record<string, unknown>;
+}
+declare function handleRequest(request: JsonRpcRequest): string;
+/**
+ * Smithery sandbox server — returns a minimal MCP server instance
+ * that Smithery can scan for tool/resource capabilities.
+ */
+declare function createSandboxServer(): {
+    tools: ({
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content?: undefined;
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                path: {
+                    type: string;
+                    description: string;
+                };
+                content: {
+                    type: string;
+                    description: string;
+                };
+                query?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                query: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                environment?: undefined;
+                reason?: undefined;
+            };
+            required: string[];
+        };
+    } | {
+        name: string;
+        description: string;
+        inputSchema: {
+            type: string;
+            properties: {
+                environment: {
+                    type: string;
+                    description: string;
+                    enum: string[];
+                };
+                reason: {
+                    type: string;
+                    description: string;
+                };
+                path?: undefined;
+                content?: undefined;
+                query?: undefined;
+            };
+            required: string[];
+        };
+    })[];
+    handleRequest: typeof handleRequest;
+};
+
+export { createSandboxServer };

package/dist/demo-server.js

@@ -1,7 +1,29 @@
 #!/usr/bin/env node
 "use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/demo-server.ts
+var demo_server_exports = {};
+__export(demo_server_exports, {
+  createSandboxServer: () => createSandboxServer
+});
+module.exports = __toCommonJS(demo_server_exports);
 var import_node_readline = require("readline");
 var TOOLS = [
   {
@@ -135,3 +157,13 @@ rl.on("line", (line) => {
   }
 });
 process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+function createSandboxServer() {
+  return {
+    tools: TOOLS,
+    handleRequest
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createSandboxServer
+});

package/dist/demo-server.mjs

@@ -1,136 +1,7 @@
 #!/usr/bin/env node
-
-// src/demo-server.ts
-import { createInterface } from "readline";
-var TOOLS = [
-  {
-    name: "read_file",
-    description: "Read the contents of a file",
-    inputSchema: {
-      type: "object",
-      properties: { path: { type: "string", description: "File path to read" } },
-      required: ["path"]
-    }
-  },
-  {
-    name: "write_file",
-    description: "Write content to a file",
-    inputSchema: {
-      type: "object",
-      properties: {
-        path: { type: "string", description: "File path to write" },
-        content: { type: "string", description: "Content to write" }
-      },
-      required: ["path", "content"]
-    }
-  },
-  {
-    name: "delete_file",
-    description: "Delete a file from the filesystem",
-    inputSchema: {
-      type: "object",
-      properties: { path: { type: "string", description: "File path to delete" } },
-      required: ["path"]
-    }
-  },
-  {
-    name: "web_search",
-    description: "Search the web for information",
-    inputSchema: {
-      type: "object",
-      properties: { query: { type: "string", description: "Search query" } },
-      required: ["query"]
-    }
-  },
-  {
-    name: "deploy",
-    description: "Deploy the application to production",
-    inputSchema: {
-      type: "object",
-      properties: {
-        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
-        reason: { type: "string", description: "Deployment reason" }
-      },
-      required: ["environment"]
-    }
-  }
-];
-function handleRequest(request) {
-  if (request.method === "initialize") {
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      result: {
-        protocolVersion: "2024-11-05",
-        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
-        capabilities: { tools: {} }
-      }
-    });
-  }
-  if (request.method === "notifications/initialized") {
-    return "";
-  }
-  if (request.method === "tools/list") {
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      result: { tools: TOOLS }
-    });
-  }
-  if (request.method === "tools/call") {
-    const toolName = request.params?.name || "unknown";
-    const args = request.params?.arguments || {};
-    let resultText;
-    switch (toolName) {
-      case "read_file":
-        resultText = `[demo] Read file: ${args.path || "/example.txt"}
-Contents: Hello from protect-mcp demo server!`;
-        break;
-      case "write_file":
-        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
-        break;
-      case "delete_file":
-        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
-        break;
-      case "web_search":
-        resultText = `[demo] Search results for "${args.query || "test"}":
-1. Example result \u2014 scopeblind.com
-2. MCP security \u2014 modelcontextprotocol.io`;
-        break;
-      case "deploy":
-        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
-        break;
-      default:
-        resultText = `[demo] Unknown tool: ${toolName}`;
-    }
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      result: {
-        content: [{ type: "text", text: resultText }]
-      }
-    });
-  }
-  if (request.id !== void 0) {
-    return JSON.stringify({
-      jsonrpc: "2.0",
-      id: request.id,
-      error: { code: -32601, message: `Method not found: ${request.method}` }
-    });
-  }
-  return "";
-}
-var rl = createInterface({ input: process.stdin, crlfDelay: Infinity });
-rl.on("line", (line) => {
-  const trimmed = line.trim();
-  if (!trimmed) return;
-  try {
-    const request = JSON.parse(trimmed);
-    const response = handleRequest(request);
-    if (response) {
-      process.stdout.write(response + "\n");
-    }
-  } catch {
-  }
-});
-process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+import {
+  createSandboxServer
+} from "./chunk-U76JZVH6.mjs";
+export {
+  createSandboxServer
+};

package/dist/index.d.mts

@@ -1,3 +1,5 @@
+export { createSandboxServer } from './demo-server.mjs';
+
 interface ProtectPolicy {
     tools: Record<string, ToolPolicy>;
     /** Default trust tier for unidentified agents (default: "unknown") */

package/dist/index.d.ts

@@ -1,3 +1,5 @@
+export { createSandboxServer } from './demo-server.js';
+
 interface ProtectPolicy {
     tools: Record<string, ToolPolicy>;
     /** Default trust tier for unidentified agents (default: "unknown") */

package/dist/index.js

@@ -49,6 +49,7 @@ __export(index_exports, {
   createLogAnchorField: () => createLogAnchorField,
   createReceiptChannel: () => createReceiptChannel,
   createSandbox: () => createSandbox,
+  createSandboxServer: () => createSandboxServer,
   destroySandbox: () => destroySandbox,
   ed25519ToDIDKey: () => ed25519ToDIDKey,
   evaluateTier: () => evaluateTier,
@@ -3464,6 +3465,147 @@ async function confidentialInference(_prompt, _config) {
     "Confidential inference requires a TEE/HE provider SDK. See docs at scopeblind.com/docs/confidential for setup instructions. Supported providers: Gramine (local_tee), Zama Concrete ML (homomorphic), NVIDIA Confidential Computing (secure_enclave)."
   );
 }
+
+// src/demo-server.ts
+var import_node_readline2 = require("readline");
+var TOOLS = [
+  {
+    name: "read_file",
+    description: "Read the contents of a file",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to read" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "write_file",
+    description: "Write content to a file",
+    inputSchema: {
+      type: "object",
+      properties: {
+        path: { type: "string", description: "File path to write" },
+        content: { type: "string", description: "Content to write" }
+      },
+      required: ["path", "content"]
+    }
+  },
+  {
+    name: "delete_file",
+    description: "Delete a file from the filesystem",
+    inputSchema: {
+      type: "object",
+      properties: { path: { type: "string", description: "File path to delete" } },
+      required: ["path"]
+    }
+  },
+  {
+    name: "web_search",
+    description: "Search the web for information",
+    inputSchema: {
+      type: "object",
+      properties: { query: { type: "string", description: "Search query" } },
+      required: ["query"]
+    }
+  },
+  {
+    name: "deploy",
+    description: "Deploy the application to production",
+    inputSchema: {
+      type: "object",
+      properties: {
+        environment: { type: "string", description: "Target environment", enum: ["staging", "production"] },
+        reason: { type: "string", description: "Deployment reason" }
+      },
+      required: ["environment"]
+    }
+  }
+];
+function handleRequest(request) {
+  if (request.method === "initialize") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        protocolVersion: "2024-11-05",
+        serverInfo: { name: "protect-mcp-demo", version: "0.2.0" },
+        capabilities: { tools: {} }
+      }
+    });
+  }
+  if (request.method === "notifications/initialized") {
+    return "";
+  }
+  if (request.method === "tools/list") {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: { tools: TOOLS }
+    });
+  }
+  if (request.method === "tools/call") {
+    const toolName = request.params?.name || "unknown";
+    const args = request.params?.arguments || {};
+    let resultText;
+    switch (toolName) {
+      case "read_file":
+        resultText = `[demo] Read file: ${args.path || "/example.txt"}
+Contents: Hello from protect-mcp demo server!`;
+        break;
+      case "write_file":
+        resultText = `[demo] Wrote ${String(args.content || "").length} bytes to ${args.path || "/example.txt"}`;
+        break;
+      case "delete_file":
+        resultText = `[demo] Deleted file: ${args.path || "/example.txt"}`;
+        break;
+      case "web_search":
+        resultText = `[demo] Search results for "${args.query || "test"}":
+1. Example result \u2014 scopeblind.com
+2. MCP security \u2014 modelcontextprotocol.io`;
+        break;
+      case "deploy":
+        resultText = `[demo] Deployed to ${args.environment || "staging"}${args.reason ? ` (reason: ${args.reason})` : ""}`;
+        break;
+      default:
+        resultText = `[demo] Unknown tool: ${toolName}`;
+    }
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      result: {
+        content: [{ type: "text", text: resultText }]
+      }
+    });
+  }
+  if (request.id !== void 0) {
+    return JSON.stringify({
+      jsonrpc: "2.0",
+      id: request.id,
+      error: { code: -32601, message: `Method not found: ${request.method}` }
+    });
+  }
+  return "";
+}
+var rl = (0, import_node_readline2.createInterface)({ input: process.stdin, crlfDelay: Infinity });
+rl.on("line", (line) => {
+  const trimmed = line.trim();
+  if (!trimmed) return;
+  try {
+    const request = JSON.parse(trimmed);
+    const response = handleRequest(request);
+    if (response) {
+      process.stdout.write(response + "\n");
+    }
+  } catch {
+  }
+});
+process.stderr.write("[DEMO_SERVER] protect-mcp demo server started \u2014 5 tools registered\n");
+function createSandboxServer() {
+  return {
+    tools: TOOLS,
+    handleRequest
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ConfidentialGate,
@@ -3485,6 +3627,7 @@ async function confidentialInference(_prompt, _config) {
   createLogAnchorField,
   createReceiptChannel,
   createSandbox,
+  createSandboxServer,
   destroySandbox,
   ed25519ToDIDKey,
   evaluateTier,

package/dist/index.mjs

@@ -3,6 +3,9 @@ import {
   parseLogFile,
   simulate
 } from "./chunk-VIA2B65K.mjs";
+import {
+  createSandboxServer
+} from "./chunk-U76JZVH6.mjs";
 import {
   collectSignedReceipts,
   createAuditBundle
@@ -1433,6 +1436,7 @@ export {
   createLogAnchorField,
   createReceiptChannel,
   createSandbox,
+  createSandboxServer,
   destroySandbox,
   ed25519ToDIDKey,
   evaluateTier,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "protect-mcp",
-  "version": "0.4.3",
+  "version": "0.4.4",
   "mcpName": "io.github.tomjwxf/protect-mcp",
   "description": "Security gateway for MCP servers. Shadow-mode logs, per-tool policies, optional local Ed25519-signed receipts. Programmatic hooks for trust tiers, credential config, and external policy engines.",
   "main": "dist/index.js",