protect-mcp 0.4.6 → 0.5.0

package/dist/{chunk-VF3OCG4D.mjs → chunk-IUFFDQYZ.mjs}

@@ -1,81 +1,16 @@
-// src/policy.ts
-import { createHash } from "crypto";
-import { readFileSync } from "fs";
-function loadPolicy(path) {
-  const raw = readFileSync(path, "utf-8");
-  const parsed = JSON.parse(raw);
-  if (!parsed.tools || typeof parsed.tools !== "object") {
-    throw new Error(`Invalid policy file: missing "tools" object in ${path}`);
-  }
-  const policy = {
-    tools: parsed.tools,
-    default_tier: parsed.default_tier || "unknown",
-    policy_engine: parsed.policy_engine || "built-in",
-    ...parsed.external ? { external: parsed.external } : {}
-  };
-  const digest = computePolicyDigest(policy);
-  return {
-    policy,
-    digest,
-    credentials: parsed.credentials,
-    signing: parsed.signing
-  };
-}
-function computePolicyDigest(policy) {
-  const canonical = JSON.stringify(sortKeysDeep(policy));
-  return createHash("sha256").update(canonical).digest("hex").slice(0, 16);
-}
-function sortKeysDeep(obj) {
-  if (obj === null || typeof obj !== "object") return obj;
-  if (Array.isArray(obj)) return obj.map(sortKeysDeep);
-  const sorted = {};
-  for (const key of Object.keys(obj).sort()) {
-    sorted[key] = sortKeysDeep(obj[key]);
-  }
-  return sorted;
-}
-function getToolPolicy(toolName, policy) {
-  if (!policy) {
-    return { require: "any" };
-  }
-  if (policy.tools[toolName]) {
-    return policy.tools[toolName];
-  }
-  if (policy.tools["*"]) {
-    return policy.tools["*"];
-  }
-  return { require: "any" };
-}
-function parseRateLimit(spec) {
-  const match = spec.match(/^(\d+)\/(second|minute|hour|day)$/);
-  if (!match) {
-    throw new Error(`Invalid rate limit format: "${spec}". Expected "N/unit" (e.g. "5/hour")`);
-  }
-  const count = parseInt(match[1], 10);
-  const unit = match[2];
-  const windowMs = {
-    second: 1e3,
-    minute: 6e4,
-    hour: 36e5,
-    day: 864e5
-  };
-  return { count, windowMs: windowMs[unit] };
-}
-function checkRateLimit(key, limit, store) {
-  const now = Date.now();
-  const windowStart = now - limit.windowMs;
-  const timestamps = (store.get(key) || []).filter((t) => t > windowStart);
-  if (timestamps.length >= limit.count) {
-    store.set(key, timestamps);
-    return { allowed: false, remaining: 0 };
-  }
-  timestamps.push(now);
-  store.set(key, timestamps);
-  return { allowed: true, remaining: limit.count - timestamps.length };
-}
+import {
+  ReceiptBuffer,
+  checkRateLimit,
+  evaluateCedar,
+  getToolPolicy,
+  isSigningEnabled,
+  parseRateLimit,
+  signDecision,
+  startStatusServer
+} from "./chunk-V52W3XIN.mjs";
 
 // src/evidence-store.ts
-import { readFileSync as readFileSync2, writeFileSync, existsSync } from "fs";
+import { readFileSync, writeFileSync, existsSync } from "fs";
 import { join } from "path";
 var DEFAULT_THRESHOLDS = {
   min_receipts: 10,
@@ -162,7 +97,7 @@ var EvidenceStore = class {
   load() {
     if (!existsSync(this.filePath)) return;
     try {
-      const raw = readFileSync2(this.filePath, "utf-8");
+      const raw = readFileSync(this.filePath, "utf-8");
       const parsed = JSON.parse(raw);
       if (parsed.agents && typeof parsed.agents === "object") {
         for (const [id, record] of Object.entries(parsed.agents)) {
@@ -307,103 +242,6 @@ function validateCredentials(credentials) {
   return warnings;
 }
 
-// src/signing.ts
-import { readFileSync as readFileSync3, existsSync as existsSync2 } from "fs";
-var signerState = null;
-var artifactsModule = null;
-async function initSigning(config) {
-  const warnings = [];
-  if (!config || config.enabled === false) {
-    return warnings;
-  }
-  try {
-    const moduleName = "@veritasacta/artifacts";
-    artifactsModule = await import(
-      /* @vite-ignore */
-      moduleName
-    );
-  } catch {
-    warnings.push("signing: @veritasacta/artifacts not available \u2014 receipts will be unsigned");
-    return warnings;
-  }
-  if (config.key_path) {
-    if (!existsSync2(config.key_path)) {
-      warnings.push(`signing: key file not found at ${config.key_path} \u2014 run "protect-mcp init" to generate`);
-      return warnings;
-    }
-    try {
-      const keyData = JSON.parse(readFileSync3(config.key_path, "utf-8"));
-      if (!keyData.privateKey || !keyData.publicKey) {
-        warnings.push("signing: key file missing privateKey or publicKey fields");
-        return warnings;
-      }
-      signerState = {
-        privateKey: keyData.privateKey,
-        publicKey: keyData.publicKey,
-        kid: keyData.kid || artifactsModule.computeKid(keyData.publicKey),
-        issuer: config.issuer || keyData.issuer || "protect-mcp"
-      };
-    } catch (err) {
-      warnings.push(`signing: failed to load key file: ${err instanceof Error ? err.message : err}`);
-    }
-  }
-  return warnings;
-}
-function signDecision(entry) {
-  if (!signerState || !artifactsModule) {
-    return { signed: null, artifact_type: "none" };
-  }
-  const artifactType = entry.decision === "deny" ? "gateway_restraint" : "decision_receipt";
-  try {
-    const payload = {
-      tool: entry.tool,
-      decision: entry.decision,
-      reason_code: entry.reason_code,
-      policy_digest: entry.policy_digest,
-      scope: entry.request_id,
-      // request scope
-      mode: entry.mode,
-      request_id: entry.request_id
-    };
-    if (entry.tier) payload.tier = entry.tier;
-    if (entry.credential_ref) payload.credential_ref = entry.credential_ref;
-    if (entry.rate_limit_remaining !== void 0) {
-      payload.rate_limit_remaining = entry.rate_limit_remaining;
-    }
-    if (entry.policy_engine) payload.policy_engine = entry.policy_engine;
-    const result = artifactsModule.createSignedArtifact(
-      artifactType,
-      payload,
-      signerState.privateKey,
-      {
-        kid: signerState.kid,
-        issuer: signerState.issuer
-      }
-    );
-    return {
-      signed: JSON.stringify(result.artifact),
-      artifact_type: artifactType
-    };
-  } catch (err) {
-    return {
-      signed: null,
-      artifact_type: artifactType,
-      warning: `signing failed: ${err instanceof Error ? err.message : "unknown error"}`
-    };
-  }
-}
-function getSignerInfo() {
-  if (!signerState) return null;
-  return {
-    publicKey: signerState.publicKey,
-    kid: signerState.kid,
-    issuer: signerState.issuer
-  };
-}
-function isSigningEnabled() {
-  return signerState !== null && artifactsModule !== null;
-}
-
 // src/external-pdp.ts
 async function queryExternalPDP(context, config) {
   const timeout = config.timeout_ms || 500;
@@ -564,175 +402,6 @@ function buildDecisionContext(toolName, tier, opts) {
   };
 }
 
-// src/cedar-evaluator.ts
-import { createHash as createHash2 } from "crypto";
-import { readFileSync as readFileSync4, readdirSync, existsSync as existsSync3 } from "fs";
-import { join as join2, extname } from "path";
-var cedarWasm = null;
-var loadAttempted = false;
-async function ensureCedarWasm() {
-  if (cedarWasm) return true;
-  if (loadAttempted) return false;
-  loadAttempted = true;
-  try {
-    const moduleName = "@cedar-policy/cedar-wasm";
-    cedarWasm = await import(
-      /* @vite-ignore */
-      moduleName
-    );
-    return true;
-  } catch {
-    return false;
-  }
-}
-function loadCedarPolicies(dirPath) {
-  if (!existsSync3(dirPath)) {
-    throw new Error(`Cedar policy directory not found: ${dirPath}`);
-  }
-  const entries = readdirSync(dirPath).filter((f) => extname(f) === ".cedar").sort();
-  if (entries.length === 0) {
-    throw new Error(`No .cedar files found in: ${dirPath}`);
-  }
-  const sources = [];
-  for (const file of entries) {
-    const content = readFileSync4(join2(dirPath, file), "utf-8");
-    sources.push(content);
-  }
-  const concatenated = sources.join("\n\n");
-  const digest = createHash2("sha256").update(concatenated).digest("hex").slice(0, 16);
-  return {
-    source: concatenated,
-    digest,
-    fileCount: entries.length,
-    files: entries
-  };
-}
-function buildEntities(req) {
-  const agentId = req.agentId || req.tier;
-  return [
-    {
-      uid: { type: "Agent", id: agentId },
-      attrs: {
-        tier: req.tier,
-        ...req.agentId ? { agent_id: req.agentId } : {}
-      },
-      parents: []
-    },
-    {
-      uid: { type: "Tool", id: req.tool },
-      attrs: {},
-      parents: []
-    }
-  ];
-}
-async function evaluateCedar(policySet, req) {
-  const available = await ensureCedarWasm();
-  if (!available) {
-    return {
-      allowed: true,
-      reason: "cedar_wasm_not_available",
-      metadata: { fallback: true }
-    };
-  }
-  try {
-    const agentId = req.agentId || req.tier;
-    const authRequest = {
-      principal: { type: "Agent", id: agentId },
-      action: { type: "Action", id: "MCP::Tool::call" },
-      resource: { type: "Tool", id: req.tool },
-      context: {
-        tier: req.tier,
-        ...req.context || {}
-      }
-    };
-    const entities = buildEntities(req);
-    let result;
-    if (typeof cedarWasm.isAuthorized === "function") {
-      result = cedarWasm.isAuthorized({
-        policies: policySet.source,
-        entities,
-        principal: authRequest.principal,
-        action: authRequest.action,
-        resource: authRequest.resource,
-        context: authRequest.context,
-        schema: null
-        // No schema enforcement — Cedar still evaluates correctly
-      });
-    } else if (typeof cedarWasm.checkAuthorization === "function") {
-      result = cedarWasm.checkAuthorization(
-        policySet.source,
-        JSON.stringify(entities),
-        JSON.stringify(authRequest)
-      );
-    } else {
-      const cedarEngine = cedarWasm.default || cedarWasm;
-      if (typeof cedarEngine.isAuthorized === "function") {
-        result = cedarEngine.isAuthorized({
-          policies: policySet.source,
-          entities,
-          principal: authRequest.principal,
-          action: authRequest.action,
-          resource: authRequest.resource,
-          context: authRequest.context,
-          schema: null
-        });
-      } else {
-        return {
-          allowed: true,
-          reason: "cedar_wasm_api_unsupported",
-          metadata: { fallback: true, exports: Object.keys(cedarWasm) }
-        };
-      }
-    }
-    const decision = parseWasmResult(result);
-    return {
-      allowed: decision.allowed,
-      reason: decision.allowed ? void 0 : `cedar_deny${decision.diagnostics ? ": " + decision.diagnostics : ""}`,
-      metadata: {
-        policy_digest: policySet.digest,
-        ...decision.matchedPolicies ? { matched_policies: decision.matchedPolicies } : {}
-      }
-    };
-  } catch (err) {
-    return {
-      allowed: true,
-      reason: `cedar_eval_error: ${err instanceof Error ? err.message : "unknown"}`,
-      metadata: { fallback: true, error: true }
-    };
-  }
-}
-function parseWasmResult(result) {
-  if (!result) {
-    return { allowed: true, diagnostics: "null result from Cedar WASM" };
-  }
-  if (result.type === "allow" || result.type === "Allow") {
-    return { allowed: true };
-  }
-  if (result.type === "deny" || result.type === "Deny") {
-    return {
-      allowed: false,
-      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0,
-      matchedPolicies: result.diagnostics?.reasons
-    };
-  }
-  if (result.decision === "Allow") {
-    return { allowed: true };
-  }
-  if (result.decision === "Deny") {
-    return {
-      allowed: false,
-      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0
-    };
-  }
-  if (typeof result === "boolean") {
-    return { allowed: result };
-  }
-  return { allowed: true, diagnostics: `unknown result format: ${JSON.stringify(result)}` };
-}
-async function isCedarAvailable() {
-  return ensureCedarWasm();
-}
-
 // src/notifications.ts
 async function sendApprovalNotification(config, notification) {
   const promises = [];
@@ -918,235 +587,8 @@ import { spawn } from "child_process";
 import { randomUUID, randomBytes } from "crypto";
 import { createInterface } from "readline";
 import { appendFileSync } from "fs";
-import { join as join4 } from "path";
-
-// src/http-server.ts
-import { createServer } from "http";
-import { readFileSync as readFileSync5, existsSync as existsSync4 } from "fs";
-import { join as join3 } from "path";
+import { join as join2 } from "path";
 var LOG_FILE = ".protect-mcp-log.jsonl";
-var MAX_RECEIPTS = 100;
-var ReceiptBuffer = class {
-  receipts = [];
-  add(requestId, receipt) {
-    this.receipts.push({
-      request_id: requestId,
-      receipt,
-      timestamp: Date.now()
-    });
-    if (this.receipts.length > MAX_RECEIPTS) {
-      this.receipts = this.receipts.slice(-MAX_RECEIPTS);
-    }
-  }
-  getAll() {
-    return [...this.receipts].reverse();
-  }
-  getById(requestId) {
-    return this.receipts.find((r) => r.request_id === requestId);
-  }
-  count() {
-    return this.receipts.length;
-  }
-  getLatest() {
-    return this.receipts.length > 0 ? this.receipts[this.receipts.length - 1] : void 0;
-  }
-};
-function startStatusServer(config, receiptBuffer, approvalStore, approvalNonce) {
-  const startTime = Date.now();
-  const logDir = process.cwd();
-  const server = createServer((req, res) => {
-    res.setHeader("Access-Control-Allow-Origin", "*");
-    res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
-    res.setHeader("Content-Type", "application/json");
-    if (req.method === "OPTIONS") {
-      res.writeHead(204);
-      res.end();
-      return;
-    }
-    const url = new URL(req.url || "/", `http://localhost:${config.port}`);
-    const path = url.pathname;
-    try {
-      if (path === "/health") {
-        handleHealth(res, startTime, config);
-      } else if (path === "/status") {
-        handleStatus(res, logDir);
-      } else if (path === "/receipts") {
-        handleReceipts(res, receiptBuffer, url);
-      } else if (path === "/receipts/latest") {
-        handleReceiptLatest(res, receiptBuffer);
-      } else if (path.startsWith("/receipts/")) {
-        const id = path.slice("/receipts/".length);
-        handleReceiptById(res, receiptBuffer, id);
-      } else if (path === "/approve" && req.method === "POST") {
-        handleApprove(req, res, approvalStore, approvalNonce);
-      } else if (path === "/approvals" && req.method === "GET") {
-        handleListApprovals(res, approvalStore);
-      } else {
-        res.writeHead(404);
-        res.end(JSON.stringify({ error: "not_found", endpoints: ["/health", "/status", "/receipts", "/receipts/latest", "/receipts/:id", "/approve", "/approvals"] }));
-      }
-    } catch (err) {
-      res.writeHead(500);
-      res.end(JSON.stringify({ error: "internal_error" }));
-    }
-  });
-  server.on("error", (err) => {
-    if (config.verbose) {
-      process.stderr.write(`[PROTECT_MCP] HTTP status server error: ${err.message}
-`);
-    }
-  });
-  server.listen(config.port, "127.0.0.1", () => {
-    if (config.verbose) {
-      process.stderr.write(`[PROTECT_MCP] HTTP status server listening on http://127.0.0.1:${config.port}
-`);
-    }
-  });
-  server.unref();
-  return server;
-}
-function handleHealth(res, startTime, config) {
-  res.writeHead(200);
-  res.end(JSON.stringify({
-    status: "ok",
-    uptime_ms: Date.now() - startTime,
-    mode: config.mode,
-    version: "0.3.1"
-  }));
-}
-function handleStatus(res, logDir) {
-  const logPath = join3(logDir, LOG_FILE);
-  if (!existsSync4(logPath)) {
-    res.writeHead(200);
-    res.end(JSON.stringify({ entries: 0, message: "no log file yet" }));
-    return;
-  }
-  const raw = readFileSync5(logPath, "utf-8");
-  const lines = raw.trim().split("\n").filter(Boolean);
-  const entries = [];
-  for (const line of lines) {
-    try {
-      entries.push(JSON.parse(line));
-    } catch {
-    }
-  }
-  const toolCounts = {};
-  let allowCount = 0, denyCount = 0;
-  const tierCounts = {};
-  for (const e of entries) {
-    toolCounts[e.tool] = (toolCounts[e.tool] || 0) + 1;
-    if (e.decision === "allow") allowCount++;
-    else denyCount++;
-    if (e.tier) tierCounts[e.tier] = (tierCounts[e.tier] || 0) + 1;
-  }
-  res.writeHead(200);
-  res.end(JSON.stringify({
-    entries: entries.length,
-    allow: allowCount,
-    deny: denyCount,
-    tools: toolCounts,
-    tiers: tierCounts,
-    first_timestamp: entries.length > 0 ? entries[0].timestamp : null,
-    last_timestamp: entries.length > 0 ? entries[entries.length - 1].timestamp : null
-  }));
-}
-function handleReceipts(res, buffer, url) {
-  const limit = parseInt(url.searchParams.get("limit") || "20", 10);
-  const receipts = buffer.getAll().slice(0, Math.min(limit, MAX_RECEIPTS));
-  res.writeHead(200);
-  res.end(JSON.stringify({
-    count: receipts.length,
-    total: buffer.count(),
-    receipts
-  }));
-}
-function handleReceiptLatest(res, buffer) {
-  const latest = buffer.getLatest();
-  if (!latest) {
-    res.writeHead(404);
-    res.end(JSON.stringify({ error: "no_receipts", message: "No receipts yet. Make a tool call through protect-mcp first." }));
-    return;
-  }
-  res.writeHead(200);
-  res.end(JSON.stringify(latest));
-}
-function handleReceiptById(res, buffer, id) {
-  const receipt = buffer.getById(id);
-  if (!receipt) {
-    res.writeHead(404);
-    res.end(JSON.stringify({ error: "receipt_not_found", request_id: id }));
-    return;
-  }
-  res.writeHead(200);
-  res.end(JSON.stringify(receipt));
-}
-function handleApprove(req, res, approvalStore, expectedNonce) {
-  if (!approvalStore) {
-    res.writeHead(503);
-    res.end(JSON.stringify({ error: "approval_store_not_available" }));
-    return;
-  }
-  let body = "";
-  req.on("data", (chunk) => {
-    body += chunk.toString();
-  });
-  req.on("end", () => {
-    try {
-      const { request_id, tool, mode, nonce } = JSON.parse(body);
-      if (expectedNonce && nonce !== expectedNonce) {
-        res.writeHead(403);
-        res.end(JSON.stringify({ error: "invalid_nonce", message: "Approval nonce does not match. Check stderr output for the correct nonce." }));
-        return;
-      }
-      if (!tool || typeof tool !== "string") {
-        res.writeHead(400);
-        res.end(JSON.stringify({ error: "missing_tool", usage: '{"request_id":"abc123","tool":"send_email","mode":"once|always","nonce":"..."}' }));
-        return;
-      }
-      const grantMode = mode === "always" ? "always" : "once";
-      const ttlMs = grantMode === "once" ? 5 * 60 * 1e3 : 24 * 60 * 60 * 1e3;
-      const grantEntry = { tool, mode: grantMode, expires_at: Date.now() + ttlMs };
-      if (grantMode === "always") {
-        approvalStore.set(`always:${tool}`, grantEntry);
-      } else if (request_id) {
-        approvalStore.set(request_id, grantEntry);
-      } else {
-        approvalStore.set(tool, grantEntry);
-      }
-      res.writeHead(200);
-      res.end(JSON.stringify({
-        approved: true,
-        request_id: request_id || null,
-        tool,
-        mode: grantMode,
-        expires_in_seconds: ttlMs / 1e3
-      }));
-    } catch {
-      res.writeHead(400);
-      res.end(JSON.stringify({ error: "invalid_json", usage: '{"request_id":"abc123","tool":"send_email","mode":"once","nonce":"..."}' }));
-    }
-  });
-}
-function handleListApprovals(res, approvalStore) {
-  if (!approvalStore) {
-    res.writeHead(200);
-    res.end(JSON.stringify({ grants: [] }));
-    return;
-  }
-  const now = Date.now();
-  const grants = [];
-  for (const [key, grant] of approvalStore) {
-    if (now < grant.expires_at) {
-      grants.push({ key, tool: grant.tool, mode: grant.mode, expires_in_seconds: Math.round((grant.expires_at - now) / 1e3) });
-    }
-  }
-  res.writeHead(200);
-  res.end(JSON.stringify({ grants }));
-}
-
-// src/gateway.ts
-var LOG_FILE2 = ".protect-mcp-log.jsonl";
 var RECEIPTS_FILE = ".protect-mcp-receipts.jsonl";
 var ProtectGateway = class {
   child = null;
@@ -1172,8 +614,8 @@ var ProtectGateway = class {
   cedarPolicySet = null;
   constructor(config) {
     this.config = config;
-    this.logFilePath = join4(process.cwd(), LOG_FILE2);
-    this.receiptFilePath = join4(process.cwd(), RECEIPTS_FILE);
+    this.logFilePath = join2(process.cwd(), LOG_FILE);
+    this.receiptFilePath = join2(process.cwd(), RECEIPTS_FILE);
     this.evidenceStore = new EvidenceStore();
     this.receiptBuffer = new ReceiptBuffer();
     this.notificationConfig = parseNotificationConfigFromEnv();
@@ -1663,23 +1105,13 @@ var ProtectGateway = class {
 };
 
 export {
-  loadPolicy,
-  getToolPolicy,
-  parseRateLimit,
-  checkRateLimit,
   evaluateTier,
   meetsMinTier,
   resolveCredential,
   listCredentialLabels,
   validateCredentials,
-  initSigning,
-  signDecision,
-  getSignerInfo,
-  isSigningEnabled,
   queryExternalPDP,
   buildDecisionContext,
-  loadCedarPolicies,
-  isCedarAvailable,
   sendApprovalNotification,
   parseNotificationConfigFromEnv,
   ProtectGateway