registryx-server 0.1.0

package/dist/index.js

@@ -0,0 +1,1210 @@
+#!/usr/bin/env node
+#!/usr/bin/env node
+
+// src/index.ts
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// src/config.ts
+var VALID_REGISTRIES = /* @__PURE__ */ new Set(["npm", "pypi", "maven", "crates"]);
+function loadConfig() {
+  const registriesEnv = process.env.REGISTRYX_MCP_REGISTRIES ?? "npm,pypi,maven,crates";
+  const registries = registriesEnv.split(",").map((r) => r.trim().toLowerCase()).filter((r) => VALID_REGISTRIES.has(r));
+  if (registries.length === 0) {
+    throw new Error(
+      "No valid registries configured. Set REGISTRYX_MCP_REGISTRIES to comma-separated values: npm, pypi, maven, crates"
+    );
+  }
+  const timeoutMs = parseInt(process.env.REGISTRYX_MCP_TIMEOUT_MS ?? "15000", 10);
+  if (isNaN(timeoutMs) || timeoutMs < 1e3 || timeoutMs > 12e4) {
+    throw new Error("REGISTRYX_MCP_TIMEOUT_MS must be between 1000 and 120000");
+  }
+  const cacheTtlMs = parseInt(process.env.REGISTRYX_MCP_CACHE_TTL_MS ?? "300000", 10);
+  if (isNaN(cacheTtlMs) || cacheTtlMs < 0) {
+    throw new Error("REGISTRYX_MCP_CACHE_TTL_MS must be >= 0");
+  }
+  return {
+    registries,
+    npmToken: process.env.REGISTRYX_MCP_NPM_TOKEN || void 0,
+    timeoutMs,
+    cacheTtlMs
+  };
+}
+
+// src/server.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { z } from "zod";
+
+// src/cache.ts
+var Cache = class {
+  store = /* @__PURE__ */ new Map();
+  ttlMs;
+  constructor(ttlMs) {
+    this.ttlMs = ttlMs;
+  }
+  get(key) {
+    const entry = this.store.get(key);
+    if (!entry) return void 0;
+    if (Date.now() > entry.expiresAt) {
+      this.store.delete(key);
+      return void 0;
+    }
+    return entry.value;
+  }
+  set(key, value) {
+    if (this.ttlMs <= 0) return;
+    this.store.set(key, {
+      value,
+      expiresAt: Date.now() + this.ttlMs
+    });
+  }
+  clear() {
+    this.store.clear();
+  }
+  get size() {
+    return this.store.size;
+  }
+};
+
+// src/utils/fetch.ts
+var ALLOWED_HOSTS = /* @__PURE__ */ new Set([
+  "registry.npmjs.org",
+  "api.npmjs.org",
+  "pypi.org",
+  "search.maven.org",
+  "crates.io",
+  "osv.dev"
+]);
+async function registryFetch(url, config, extraHeaders) {
+  const parsed = new URL(url);
+  if (parsed.protocol !== "https:") {
+    throw new Error(`Only HTTPS URLs allowed, got: ${parsed.protocol}`);
+  }
+  if (!ALLOWED_HOSTS.has(parsed.hostname)) {
+    throw new Error(`Host not allowed: ${parsed.hostname}`);
+  }
+  const headers = {
+    Accept: "application/json",
+    "User-Agent": "registryx-mcp-server/0.1.0",
+    ...extraHeaders
+  };
+  if (parsed.hostname === "registry.npmjs.org" && config.npmToken) {
+    headers["Authorization"] = `Bearer ${config.npmToken}`;
+  }
+  const response = await fetch(url, {
+    headers,
+    signal: AbortSignal.timeout(config.timeoutMs)
+  });
+  if (!response.ok) {
+    throw new Error(`HTTP ${response.status} from ${parsed.hostname}${parsed.pathname}`);
+  }
+  return response;
+}
+
+// src/adapters/npm.ts
+var NpmAdapter = class {
+  constructor(config, cache) {
+    this.config = config;
+    this.cache = cache;
+  }
+  config;
+  cache;
+  name = "npm";
+  async search(query, limit) {
+    const key = `npm:search:${query}:${limit}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const url = `https://registry.npmjs.org/-/v1/search?text=${encodeURIComponent(query)}&size=${limit}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const results = (data.objects ?? []).map(
+      (obj) => ({
+        name: obj.package.name,
+        version: obj.package.version,
+        description: obj.package.description ?? "",
+        downloads: "",
+        registry: "npm"
+      })
+    );
+    this.cache.set(key, results);
+    return results;
+  }
+  async getPackage(name) {
+    const key = `npm:pkg:${name}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const latest = data["dist-tags"]?.latest ?? "";
+    const result = {
+      name: data.name,
+      version: latest,
+      description: data.description ?? "",
+      license: typeof data.license === "string" ? data.license : data.license?.type ?? "Unknown",
+      homepage: data.homepage ?? "",
+      repository: typeof data.repository === "string" ? data.repository : data.repository?.url ?? "",
+      keywords: data.keywords ?? [],
+      registry: "npm"
+    };
+    this.cache.set(key, result);
+    return result;
+  }
+  async getReadme(name) {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return data.readme ?? "No README available.";
+  }
+  async getMaintainers(name) {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return (data.maintainers ?? []).map((m) => ({
+      name: m.name,
+      email: m.email
+    }));
+  }
+  async listVersions(name, limit, stableOnly) {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const versions = Object.keys(data.versions ?? {}).reverse();
+    const timeMap = data.time ?? {};
+    let results = versions.map((v) => ({
+      version: v,
+      date: timeMap[v] ?? "",
+      prerelease: /[-+]/.test(v.replace(/^\d+\.\d+\.\d+/, ""))
+    }));
+    if (stableOnly) results = results.filter((v) => !v.prerelease);
+    return results.slice(0, limit);
+  }
+  async getVersion(name, version) {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}/${version}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const deps = Object.entries(data.dependencies ?? {}).map(([n, v]) => ({
+      name: n,
+      version: v,
+      type: "runtime"
+    }));
+    return {
+      name: data.name,
+      version: data.version,
+      date: "",
+      license: typeof data.license === "string" ? data.license : "Unknown",
+      size: data.dist?.unpackedSize ? `${Math.round(data.dist.unpackedSize / 1024)}KB` : "Unknown",
+      dependencies: deps,
+      registry: "npm"
+    };
+  }
+  async getDependencies(name, version, type) {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}/${version}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const deps = [];
+    if (type === "runtime" || type === "all") {
+      for (const [n, v] of Object.entries(data.dependencies ?? {})) {
+        deps.push({ name: n, version: v, type: "runtime" });
+      }
+    }
+    if (type === "dev" || type === "all") {
+      for (const [n, v] of Object.entries(data.devDependencies ?? {})) {
+        deps.push({ name: n, version: v, type: "dev" });
+      }
+    }
+    return deps;
+  }
+  async getReverseDependencies(name, limit) {
+    const url = `https://registry.npmjs.org/-/v1/search?text=dependencies:${encodeURIComponent(name)}&size=${limit}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return (data.objects ?? []).map(
+      (obj) => ({
+        name: obj.package.name,
+        version: obj.package.version,
+        description: obj.package.description ?? "",
+        downloads: "",
+        registry: "npm"
+      })
+    );
+  }
+  async getDownloadStats(name, period) {
+    const npmPeriod = period === "last-year" ? "last-year" : period;
+    const url = `https://api.npmjs.org/downloads/point/${npmPeriod}/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return {
+      name,
+      registry: "npm",
+      period,
+      total: data.downloads ?? 0,
+      breakdown: []
+    };
+  }
+  async getPackageHealth(name) {
+    const url = `https://registry.npmjs.org/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const latest = data["dist-tags"]?.latest ?? "";
+    const latestInfo = data.versions?.[latest] ?? {};
+    const timeMap = data.time ?? {};
+    const lastPublish = timeMap[latest] ?? "";
+    const depCount = Object.keys(latestInfo.dependencies ?? {}).length;
+    const hasTypings = !!latestInfo.types || !!latestInfo.typings;
+    const signals = [];
+    if (hasTypings) signals.push("Has TypeScript typings");
+    if (latestInfo.scripts?.test) signals.push("Has test script");
+    if (data.readme && data.readme.length > 500) signals.push("Detailed README");
+    return {
+      name,
+      registry: "npm",
+      score: Math.min(10, signals.length * 3 + 4),
+      lastPublish,
+      dependencyCount: depCount,
+      hasTests: !!latestInfo.scripts?.test,
+      hasTypings,
+      signals
+    };
+  }
+  async getSecurityAdvisories(name, _version) {
+    try {
+      const url = "https://osv.dev/v1/query";
+      const body = { package: { name, ecosystem: "npm" } };
+      const res = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.config.timeoutMs)
+      });
+      if (!res.ok) return [];
+      const data = await res.json();
+      return (data.vulns ?? []).map(
+        (v) => ({
+          id: v.id,
+          title: v.summary ?? v.id,
+          severity: v.severity?.[0]?.score ?? "Unknown",
+          url: v.references?.[0]?.url ?? `https://osv.dev/vulnerability/${v.id}`,
+          affectedVersions: "See advisory"
+        })
+      );
+    } catch {
+      return [];
+    }
+  }
+};
+
+// src/adapters/pypi.ts
+var PypiAdapter = class {
+  constructor(config, cache) {
+    this.config = config;
+    this.cache = cache;
+  }
+  config;
+  cache;
+  name = "pypi";
+  async search(query, limit) {
+    const key = `pypi:search:${query}:${limit}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const results = [];
+    try {
+      const pkgUrl = `https://pypi.org/pypi/${encodeURIComponent(query)}/json`;
+      const res = await registryFetch(pkgUrl, this.config);
+      const data = await res.json();
+      results.push({
+        name: data.info.name,
+        version: data.info.version,
+        description: data.info.summary ?? "",
+        downloads: "",
+        registry: "pypi"
+      });
+    } catch {
+    }
+    this.cache.set(key, results.slice(0, limit));
+    return results.slice(0, limit);
+  }
+  async getPackage(name) {
+    const key = `pypi:pkg:${name}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const info = data.info;
+    const result = {
+      name: info.name,
+      version: info.version,
+      description: info.summary ?? "",
+      license: info.license ?? "Unknown",
+      homepage: info.home_page ?? info.project_url ?? "",
+      repository: info.project_urls?.Source ?? info.project_urls?.Repository ?? "",
+      keywords: info.keywords ? info.keywords.split(",").map((k) => k.trim()) : [],
+      registry: "pypi"
+    };
+    this.cache.set(key, result);
+    return result;
+  }
+  async getReadme(name) {
+    const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return data.info.description ?? "No README available.";
+  }
+  async getMaintainers(name) {
+    const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const info = data.info;
+    const maintainers = [];
+    if (info.author) maintainers.push({ name: info.author, email: info.author_email });
+    if (info.maintainer) maintainers.push({ name: info.maintainer, email: info.maintainer_email });
+    return maintainers;
+  }
+  async listVersions(name, limit, stableOnly) {
+    const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const releases = Object.keys(data.releases ?? {}).reverse();
+    let results = releases.map((v) => {
+      const files = data.releases[v] ?? [];
+      const date = files[0]?.upload_time_iso_8601 ?? "";
+      return {
+        version: v,
+        date,
+        prerelease: /(?:a|b|rc|dev|alpha|beta)\d*/i.test(v)
+      };
+    });
+    if (stableOnly) results = results.filter((v) => !v.prerelease);
+    return results.slice(0, limit);
+  }
+  async getVersion(name, version) {
+    const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/${version}/json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const info = data.info;
+    const deps = (info.requires_dist ?? []).map((d) => {
+      const match = d.match(/^([^\s;]+)/);
+      return {
+        name: match?.[1] ?? d,
+        version: "",
+        type: "runtime"
+      };
+    });
+    return {
+      name: info.name,
+      version: info.version,
+      date: data.urls?.[0]?.upload_time_iso_8601 ?? "",
+      license: info.license ?? "Unknown",
+      size: data.urls?.[0]?.size ? `${Math.round(data.urls[0].size / 1024)}KB` : "Unknown",
+      dependencies: deps,
+      registry: "pypi"
+    };
+  }
+  async getDependencies(name, version, _type) {
+    const vd = await this.getVersion(name, version);
+    return vd.dependencies;
+  }
+  async getReverseDependencies(_name, _limit) {
+    return [];
+  }
+  async getDownloadStats(name, period) {
+    return {
+      name,
+      registry: "pypi",
+      period,
+      total: 0,
+      // PyPI doesn't have a public real-time download API
+      breakdown: []
+    };
+  }
+  async getPackageHealth(name) {
+    const url = `https://pypi.org/pypi/${encodeURIComponent(name)}/json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const info = data.info;
+    const signals = [];
+    if (info.description && info.description.length > 500) signals.push("Detailed description");
+    if (info.license) signals.push("License specified");
+    if (info.requires_python) signals.push("Python version specified");
+    if (info.project_urls?.Documentation) signals.push("Has documentation URL");
+    const depCount = (info.requires_dist ?? []).length;
+    return {
+      name,
+      registry: "pypi",
+      score: Math.min(10, signals.length * 2 + 3),
+      lastPublish: data.urls?.[0]?.upload_time_iso_8601 ?? "",
+      dependencyCount: depCount,
+      hasTests: false,
+      hasTypings: info.classifiers?.some((c) => c.includes("Typing")) ?? false,
+      signals
+    };
+  }
+  async getSecurityAdvisories(name, _version) {
+    try {
+      const url = "https://osv.dev/v1/query";
+      const body = { package: { name, ecosystem: "PyPI" } };
+      const res = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.config.timeoutMs)
+      });
+      if (!res.ok) return [];
+      const data = await res.json();
+      return (data.vulns ?? []).map(
+        (v) => ({
+          id: v.id,
+          title: v.summary ?? v.id,
+          severity: v.severity?.[0]?.score ?? "Unknown",
+          url: v.references?.[0]?.url ?? `https://osv.dev/vulnerability/${v.id}`,
+          affectedVersions: "See advisory"
+        })
+      );
+    } catch {
+      return [];
+    }
+  }
+};
+
+// src/adapters/maven.ts
+var MavenAdapter = class {
+  constructor(config, cache) {
+    this.config = config;
+    this.cache = cache;
+  }
+  config;
+  cache;
+  name = "maven";
+  parseCoords(name) {
+    const parts = name.split(":");
+    if (parts.length !== 2)
+      throw new Error(`Maven package must be groupId:artifactId, got: ${name}`);
+    return { groupId: parts[0], artifactId: parts[1] };
+  }
+  async search(query, limit) {
+    const key = `maven:search:${query}:${limit}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const url = `https://search.maven.org/solrsearch/select?q=${encodeURIComponent(query)}&rows=${limit}&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const results = (data.response?.docs ?? []).map(
+      (doc) => ({
+        name: `${doc.g}:${doc.a}`,
+        version: doc.latestVersion ?? "",
+        description: doc.p ?? "",
+        downloads: "",
+        registry: "maven"
+      })
+    );
+    this.cache.set(key, results);
+    return results;
+  }
+  async getPackage(name) {
+    const key = `maven:pkg:${name}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const { groupId, artifactId } = this.parseCoords(name);
+    const url = `https://search.maven.org/solrsearch/select?q=g:${encodeURIComponent(groupId)}+AND+a:${encodeURIComponent(artifactId)}&rows=1&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const doc = data.response?.docs?.[0];
+    if (!doc) throw new Error(`Package not found: ${name}`);
+    const result = {
+      name: `${doc.g}:${doc.a}`,
+      version: doc.latestVersion ?? "",
+      description: doc.p ?? "",
+      license: "",
+      homepage: "",
+      repository: "",
+      keywords: [],
+      registry: "maven"
+    };
+    this.cache.set(key, result);
+    return result;
+  }
+  async getReadme(_name) {
+    return "Maven Central does not provide README content via API.";
+  }
+  async getMaintainers(_name) {
+    return [];
+  }
+  async listVersions(name, limit, stableOnly) {
+    const { groupId, artifactId } = this.parseCoords(name);
+    const url = `https://search.maven.org/solrsearch/select?q=g:${encodeURIComponent(groupId)}+AND+a:${encodeURIComponent(artifactId)}&core=gav&rows=${limit * 2}&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    let results = (data.response?.docs ?? []).map(
+      (doc) => ({
+        version: doc.v,
+        date: doc.timestamp ? new Date(doc.timestamp).toISOString() : "",
+        prerelease: /[-.](?:alpha|beta|rc|snapshot|milestone|m\d)/i.test(doc.v)
+      })
+    );
+    if (stableOnly) results = results.filter((v) => !v.prerelease);
+    return results.slice(0, limit);
+  }
+  async getVersion(name, version) {
+    const { groupId, artifactId } = this.parseCoords(name);
+    const url = `https://search.maven.org/solrsearch/select?q=g:${encodeURIComponent(groupId)}+AND+a:${encodeURIComponent(artifactId)}+AND+v:${encodeURIComponent(version)}&rows=1&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const doc = data.response?.docs?.[0];
+    if (!doc) throw new Error(`Version not found: ${name}@${version}`);
+    return {
+      name: `${doc.g}:${doc.a}`,
+      version: doc.v ?? version,
+      date: doc.timestamp ? new Date(doc.timestamp).toISOString() : "",
+      license: "",
+      size: "Unknown",
+      dependencies: [],
+      registry: "maven"
+    };
+  }
+  async getDependencies(_name, _version, _type) {
+    return [];
+  }
+  async getReverseDependencies(_name, _limit) {
+    return [];
+  }
+  async getDownloadStats(name, period) {
+    return { name, registry: "maven", period, total: 0, breakdown: [] };
+  }
+  async getPackageHealth(name) {
+    return {
+      name,
+      registry: "maven",
+      score: 5,
+      lastPublish: "",
+      dependencyCount: 0,
+      hasTests: false,
+      hasTypings: false,
+      signals: ["Available on Maven Central"]
+    };
+  }
+  async getSecurityAdvisories(name, _version) {
+    try {
+      const { groupId, artifactId } = this.parseCoords(name);
+      const url = "https://osv.dev/v1/query";
+      const body = { package: { name: `${groupId}:${artifactId}`, ecosystem: "Maven" } };
+      const res = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.config.timeoutMs)
+      });
+      if (!res.ok) return [];
+      const data = await res.json();
+      return (data.vulns ?? []).map(
+        (v) => ({
+          id: v.id,
+          title: v.summary ?? v.id,
+          severity: v.severity?.[0]?.score ?? "Unknown",
+          url: v.references?.[0]?.url ?? `https://osv.dev/vulnerability/${v.id}`,
+          affectedVersions: "See advisory"
+        })
+      );
+    } catch {
+      return [];
+    }
+  }
+};
+
+// src/adapters/crates.ts
+var CratesAdapter = class {
+  constructor(config, cache) {
+    this.config = config;
+    this.cache = cache;
+  }
+  config;
+  cache;
+  name = "crates";
+  async search(query, limit) {
+    const key = `crates:search:${query}:${limit}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const url = `https://crates.io/api/v1/crates?q=${encodeURIComponent(query)}&per_page=${limit}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const results = (data.crates ?? []).map(
+      (c) => ({
+        name: c.name,
+        version: c.max_version,
+        description: c.description ?? "",
+        downloads: `${c.downloads} total`,
+        registry: "crates"
+      })
+    );
+    this.cache.set(key, results);
+    return results;
+  }
+  async getPackage(name) {
+    const key = `crates:pkg:${name}`;
+    const cached = this.cache.get(key);
+    if (cached) return cached;
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const crate = data.crate;
+    if (!crate) throw new Error(`Crate not found: ${name}`);
+    const result = {
+      name: crate.name,
+      version: crate.max_version ?? "",
+      description: crate.description ?? "",
+      license: "",
+      homepage: crate.homepage ?? "",
+      repository: crate.repository ?? "",
+      keywords: crate.keywords ?? [],
+      registry: "crates"
+    };
+    this.cache.set(key, result);
+    return result;
+  }
+  async getReadme(name) {
+    try {
+      const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+      const res = await registryFetch(url, this.config);
+      const data = await res.json();
+      return data.crate?.readme ?? `See https://crates.io/crates/${name}`;
+    } catch {
+      return "README not available.";
+    }
+  }
+  async getMaintainers(name) {
+    try {
+      const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/owner_user`;
+      const res = await registryFetch(url, this.config);
+      const data = await res.json();
+      return (data.users ?? []).map((u) => ({
+        name: u.name ?? u.login,
+        url: u.url
+      }));
+    } catch {
+      return [];
+    }
+  }
+  async listVersions(name, limit, stableOnly) {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/versions`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    let results = (data.versions ?? []).map(
+      (v) => ({
+        version: v.num,
+        date: v.created_at,
+        prerelease: /[-]/.test(v.num.replace(/^\d+\.\d+\.\d+/, ""))
+      })
+    );
+    if (stableOnly) results = results.filter((v) => !v.prerelease);
+    return results.slice(0, limit);
+  }
+  async getVersion(name, version) {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/${version}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const v = data.version;
+    if (!v) throw new Error(`Version not found: ${name}@${version}`);
+    const depUrl = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/${version}/dependencies`;
+    let deps = [];
+    try {
+      const depRes = await registryFetch(depUrl, this.config);
+      const depData = await depRes.json();
+      deps = (depData.dependencies ?? []).map(
+        (d) => ({
+          name: d.crate_id,
+          version: d.req,
+          type: d.kind === "dev" ? "dev" : "runtime"
+        })
+      );
+    } catch {
+    }
+    return {
+      name: v.crate ?? name,
+      version: v.num ?? version,
+      date: v.created_at ?? "",
+      license: v.license ?? "Unknown",
+      size: v.crate_size ? `${Math.round(v.crate_size / 1024)}KB` : "Unknown",
+      dependencies: deps,
+      registry: "crates"
+    };
+  }
+  async getDependencies(name, version, type) {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/${version}/dependencies`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    let deps = (data.dependencies ?? []).map(
+      (d) => ({
+        name: d.crate_id,
+        version: d.req,
+        type: d.kind === "dev" ? "dev" : "runtime"
+      })
+    );
+    if (type !== "all") {
+      deps = deps.filter((d) => d.type === type);
+    }
+    return deps;
+  }
+  async getReverseDependencies(name, limit) {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/reverse_dependencies?per_page=${limit}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return (data.versions ?? []).map((v) => ({
+      name: v.crate ?? "",
+      version: v.num ?? "",
+      description: "",
+      downloads: "",
+      registry: "crates"
+    }));
+  }
+  async getDownloadStats(name, period) {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    return {
+      name,
+      registry: "crates",
+      period,
+      total: data.crate?.downloads ?? 0,
+      breakdown: []
+    };
+  }
+  async getPackageHealth(name) {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = await res.json();
+    const crate = data.crate ?? {};
+    const signals = [];
+    if (crate.documentation) signals.push("Has documentation");
+    if (crate.repository) signals.push("Has repository");
+    if (crate.homepage) signals.push("Has homepage");
+    if (crate.description) signals.push("Has description");
+    return {
+      name,
+      registry: "crates",
+      score: Math.min(10, signals.length * 2 + 3),
+      lastPublish: crate.updated_at ?? "",
+      weeklyDownloads: crate.recent_downloads,
+      dependencyCount: 0,
+      hasTests: false,
+      hasTypings: false,
+      signals
+    };
+  }
+  async getSecurityAdvisories(name, _version) {
+    try {
+      const url = "https://osv.dev/v1/query";
+      const body = { package: { name, ecosystem: "crates.io" } };
+      const res = await fetch(url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.config.timeoutMs)
+      });
+      if (!res.ok) return [];
+      const data = await res.json();
+      return (data.vulns ?? []).map(
+        (v) => ({
+          id: v.id,
+          title: v.summary ?? v.id,
+          severity: v.severity?.[0]?.score ?? "Unknown",
+          url: v.references?.[0]?.url ?? `https://osv.dev/vulnerability/${v.id}`,
+          affectedVersions: "See advisory"
+        })
+      );
+    } catch {
+      return [];
+    }
+  }
+};
+
+// src/utils/format.ts
+function formatNumber(n) {
+  if (n >= 1e9) return `${(n / 1e9).toFixed(1)}B`;
+  if (n >= 1e6) return `${(n / 1e6).toFixed(1)}M`;
+  if (n >= 1e3) return `${(n / 1e3).toFixed(1)}K`;
+  return n.toString();
+}
+function padRight(str, len) {
+  return str.length >= len ? str : str + " ".repeat(len - str.length);
+}
+function truncate(str, maxLen) {
+  if (str.length <= maxLen) return str;
+  return str.slice(0, maxLen - 3) + "...";
+}
+
+// src/server.ts
+function buildAdapters(config, cache) {
+  const map = /* @__PURE__ */ new Map();
+  const factories = {
+    npm: () => new NpmAdapter(config, cache),
+    pypi: () => new PypiAdapter(config, cache),
+    maven: () => new MavenAdapter(config, cache),
+    crates: () => new CratesAdapter(config, cache)
+  };
+  for (const reg of config.registries) {
+    map.set(reg, factories[reg]());
+  }
+  return map;
+}
+function getAdapter(adapters, name) {
+  const adapter = adapters.get(name);
+  if (!adapter)
+    throw new Error(
+      `Registry "${name}" is not enabled. Enabled: ${[...adapters.keys()].join(", ")}`
+    );
+  return adapter;
+}
+function getAdaptersForRegistry(adapters, registry) {
+  if (registry === "all") return [...adapters.values()];
+  return [getAdapter(adapters, registry)];
+}
+var registryEnum = z.enum(["npm", "pypi", "maven", "crates"]);
+var registryOrAll = z.enum(["npm", "pypi", "maven", "crates", "all"]).default("all");
+function createServer(config) {
+  const cache = new Cache(config.cacheTtlMs);
+  const adapters = buildAdapters(config, cache);
+  const server = new McpServer({
+    name: "registryx",
+    version: "0.1.0"
+  });
+  server.tool(
+    "registryx_search",
+    "Search packages across npm, PyPI, Maven Central, and crates.io registries",
+    {
+      query: z.string().describe("Package search text"),
+      registry: registryOrAll.describe("Registry to search (default: all)"),
+      limit: z.number().min(1).max(50).default(10).describe("Max results per registry")
+    },
+    async ({ query, registry, limit }) => {
+      const targets = getAdaptersForRegistry(adapters, registry);
+      const sections = [`RegistryX Search \u2014 "${query}"
+`];
+      const results = await Promise.allSettled(
+        targets.map(async (a) => ({ name: a.name, results: await a.search(query, limit) }))
+      );
+      for (const r of results) {
+        if (r.status === "fulfilled") {
+          const { name, results: pkgs } = r.value;
+          sections.push(`\u{1F4E6} ${name} (${pkgs.length} results):`);
+          for (const p of pkgs) {
+            sections.push(
+              `  ${padRight(p.name, 30)} ${padRight(p.version, 12)} ${p.downloads ? padRight(p.downloads, 14) : ""}${truncate(p.description, 60)}`
+            );
+          }
+          sections.push("");
+        } else {
+          sections.push(`\u274C Error: ${r.reason}`);
+        }
+      }
+      return { content: [{ type: "text", text: sections.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_search_alternatives",
+    "Find equivalent packages across different registries",
+    {
+      packageName: z.string().describe("Package name to find alternatives for"),
+      sourceRegistry: registryEnum.describe("Registry the package is from"),
+      targetRegistries: z.array(registryEnum).optional().describe("Registries to search in")
+    },
+    async ({ packageName, sourceRegistry, targetRegistries }) => {
+      const source = getAdapter(adapters, sourceRegistry);
+      const pkg = await source.getPackage(packageName);
+      const searchTerms = [pkg.name.replace(/[^a-zA-Z0-9 ]/g, " "), ...pkg.keywords.slice(0, 3)];
+      const query = searchTerms.join(" ");
+      const targets = targetRegistries ? targetRegistries.filter((r) => r !== sourceRegistry).map((r) => getAdapter(adapters, r)) : [...adapters.values()].filter((a) => a.name !== sourceRegistry);
+      const sections = [
+        `Alternatives for "${packageName}" (${sourceRegistry}): ${pkg.description}
+`
+      ];
+      const results = await Promise.allSettled(
+        targets.map(async (a) => ({ name: a.name, results: await a.search(query, 5) }))
+      );
+      for (const r of results) {
+        if (r.status === "fulfilled") {
+          const { name, results: pkgs } = r.value;
+          sections.push(`\u{1F4E6} ${name}:`);
+          for (const p of pkgs) {
+            sections.push(
+              `  ${padRight(p.name, 30)} ${padRight(p.version, 12)} ${truncate(p.description, 60)}`
+            );
+          }
+          sections.push("");
+        }
+      }
+      return { content: [{ type: "text", text: sections.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_get_package",
+    "Get detailed package metadata from a registry",
+    {
+      name: z.string().describe("Package name (Maven: groupId:artifactId)"),
+      registry: registryEnum.describe("Package registry")
+    },
+    async ({ name, registry }) => {
+      const adapter = getAdapter(adapters, registry);
+      const pkg = await adapter.getPackage(name);
+      const lines = [
+        `\u{1F4E6} ${pkg.name} v${pkg.version} (${pkg.registry})`,
+        `Description: ${pkg.description}`,
+        `License: ${pkg.license}`,
+        `Homepage: ${pkg.homepage || "N/A"}`,
+        `Repository: ${pkg.repository || "N/A"}`,
+        `Keywords: ${pkg.keywords.join(", ") || "N/A"}`
+      ];
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_get_readme",
+    "Get README content for a package",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry")
+    },
+    async ({ name, registry }) => {
+      const adapter = getAdapter(adapters, registry);
+      const readme = await adapter.getReadme(name);
+      return { content: [{ type: "text", text: truncate(readme, 8e3) }] };
+    }
+  );
+  server.tool(
+    "registryx_get_maintainers",
+    "Get package maintainers/authors",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry")
+    },
+    async ({ name, registry }) => {
+      const adapter = getAdapter(adapters, registry);
+      const maintainers = await adapter.getMaintainers(name);
+      if (maintainers.length === 0)
+        return { content: [{ type: "text", text: "No maintainer info available." }] };
+      const lines = [`Maintainers for ${name} (${registry}):`];
+      for (const m of maintainers) {
+        lines.push(`  \u{1F464} ${m.name}${m.email ? ` <${m.email}>` : ""}${m.url ? ` (${m.url})` : ""}`);
+      }
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_list_versions",
+    "List available versions for a package",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      limit: z.number().min(1).max(100).default(20).describe("Max versions to return"),
+      stable: z.boolean().default(true).describe("Exclude pre-release versions")
+    },
+    async ({ name, registry, limit, stable }) => {
+      const adapter = getAdapter(adapters, registry);
+      const versions = await adapter.listVersions(name, limit, stable);
+      const lines = [`Versions for ${name} (${registry}) \u2014 ${stable ? "stable only" : "all"}:`];
+      for (const v of versions) {
+        lines.push(
+          `  ${padRight(v.version, 20)} ${v.date ? v.date.split("T")[0] : ""}${v.prerelease ? " [pre]" : ""}`
+        );
+      }
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_get_version",
+    "Get details for a specific package version",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      version: z.string().describe("Version string")
+    },
+    async ({ name, registry, version }) => {
+      const adapter = getAdapter(adapters, registry);
+      const vd = await adapter.getVersion(name, version);
+      const lines = [
+        `\u{1F4E6} ${vd.name} v${vd.version} (${vd.registry})`,
+        `Date: ${vd.date || "Unknown"}`,
+        `License: ${vd.license}`,
+        `Size: ${vd.size}`,
+        `Dependencies: ${vd.dependencies.length}`
+      ];
+      if (vd.dependencies.length > 0) {
+        lines.push("");
+        for (const d of vd.dependencies.slice(0, 20)) {
+          lines.push(`  ${d.type === "dev" ? "[dev] " : ""}${d.name} ${d.version}`);
+        }
+      }
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_compare_versions",
+    "Compare two versions of a package",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      version1: z.string().describe("First version"),
+      version2: z.string().describe("Second version")
+    },
+    async ({ name, registry, version1, version2 }) => {
+      const adapter = getAdapter(adapters, registry);
+      const [v1, v2] = await Promise.all([
+        adapter.getVersion(name, version1),
+        adapter.getVersion(name, version2)
+      ]);
+      const deps1 = new Set(v1.dependencies.map((d) => d.name));
+      const deps2 = new Set(v2.dependencies.map((d) => d.name));
+      const added = [...deps2].filter((d) => !deps1.has(d));
+      const removed = [...deps1].filter((d) => !deps2.has(d));
+      const lines = [
+        `Comparing ${name} v${version1} \u2194 v${version2} (${registry})`,
+        "",
+        `  v${version1}: ${v1.date || "Unknown"} | ${v1.license} | ${v1.size} | ${v1.dependencies.length} deps`,
+        `  v${version2}: ${v2.date || "Unknown"} | ${v2.license} | ${v2.size} | ${v2.dependencies.length} deps`
+      ];
+      if (added.length > 0) lines.push(`
+  \u2795 Added: ${added.join(", ")}`);
+      if (removed.length > 0) lines.push(`  \u2796 Removed: ${removed.join(", ")}`);
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_get_dependencies",
+    "Get package dependencies",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      version: z.string().optional().describe("Version (latest if omitted)"),
+      type: z.enum(["runtime", "dev", "all"]).default("runtime").describe("Dependency type")
+    },
+    async ({ name, registry, version, type }) => {
+      const adapter = getAdapter(adapters, registry);
+      const ver = version ?? (await adapter.getPackage(name)).version;
+      const deps = await adapter.getDependencies(name, ver, type);
+      if (deps.length === 0)
+        return {
+          content: [{ type: "text", text: `No ${type} dependencies found for ${name}@${ver}.` }]
+        };
+      const lines = [`Dependencies for ${name}@${ver} (${registry}, ${type}):`];
+      for (const d of deps) {
+        lines.push(`  ${d.type === "dev" ? "[dev] " : ""}${padRight(d.name, 30)} ${d.version}`);
+      }
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_reverse_dependencies",
+    "Find packages that depend on this one",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      limit: z.number().min(1).max(100).default(20).describe("Max results")
+    },
+    async ({ name, registry, limit }) => {
+      const adapter = getAdapter(adapters, registry);
+      const rdeps = await adapter.getReverseDependencies(name, limit);
+      if (rdeps.length === 0)
+        return {
+          content: [
+            {
+              type: "text",
+              text: `No reverse dependency data available for ${name} on ${registry}.`
+            }
+          ]
+        };
+      const lines = [`Packages that depend on ${name} (${registry}):`];
+      for (const p of rdeps) {
+        lines.push(`  ${padRight(p.name, 30)} ${p.version}`);
+      }
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_download_stats",
+    "Get download statistics for a package",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      period: z.enum(["last-day", "last-week", "last-month", "last-year"]).default("last-month").describe("Time period")
+    },
+    async ({ name, registry, period }) => {
+      const adapter = getAdapter(adapters, registry);
+      const stats = await adapter.getDownloadStats(name, period);
+      const lines = [
+        `\u{1F4CA} Download stats for ${name} (${registry})`,
+        `Period: ${stats.period}`,
+        `Total: ${formatNumber(stats.total)}`
+      ];
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_package_health",
+    "Get package health score and maintenance signals",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry")
+    },
+    async ({ name, registry }) => {
+      const adapter = getAdapter(adapters, registry);
+      const health = await adapter.getPackageHealth(name);
+      const lines = [
+        `\u{1F3E5} Health for ${name} (${registry})`,
+        `Score: ${health.score}/10`,
+        `Last publish: ${health.lastPublish || "Unknown"}`,
+        `Dependencies: ${health.dependencyCount}`,
+        `Has typings: ${health.hasTypings ? "\u2705" : "\u274C"}`,
+        `Has tests: ${health.hasTests ? "\u2705" : "\u274C"}`,
+        "",
+        "Signals:",
+        ...health.signals.map((s) => `  \u2705 ${s}`)
+      ];
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  server.tool(
+    "registryx_security_advisories",
+    "Check for security advisories (via OSV.dev)",
+    {
+      name: z.string().describe("Package name"),
+      registry: registryEnum.describe("Package registry"),
+      version: z.string().optional().describe("Specific version to check")
+    },
+    async ({ name, registry, version }) => {
+      const adapter = getAdapter(adapters, registry);
+      const advisories = await adapter.getSecurityAdvisories(name, version);
+      if (advisories.length === 0) {
+        return {
+          content: [
+            { type: "text", text: `\u2705 No known security advisories for ${name} (${registry}).` }
+          ]
+        };
+      }
+      const lines = [`\u{1F512} Security advisories for ${name} (${registry}):`];
+      for (const a of advisories) {
+        lines.push(`  \u26A0\uFE0F ${a.id}: ${a.title}`);
+        lines.push(`     Severity: ${a.severity} | ${a.url}`);
+      }
+      return { content: [{ type: "text", text: lines.join("\n") }] };
+    }
+  );
+  return server;
+}
+
+// src/index.ts
+async function main() {
+  const config = loadConfig();
+  const server = createServer(config);
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  process.on("SIGINT", async () => {
+    await server.close();
+    process.exit(0);
+  });
+  process.on("SIGTERM", async () => {
+    await server.close();
+    process.exit(0);
+  });
+}
+main().catch((err) => {
+  console.error("Fatal:", err);
+  process.exit(1);
+});