registryx-server 0.1.0

package/eslint.config.mjs

@@ -0,0 +1,16 @@
+import tseslint from 'typescript-eslint';
+import security from 'eslint-plugin-security';
+
+export default [
+  ...tseslint.configs.recommended,
+  security.configs.recommended,
+  {
+    files: ['src/**/*.ts', 'test/**/*.ts'],
+    rules: {
+      '@typescript-eslint/no-explicit-any': 'warn',
+      '@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
+      'security/detect-object-injection': 'off',
+    },
+  },
+  { ignores: ['dist/', 'node_modules/', 'coverage/'] },
+];

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "registryx-server",
+  "version": "0.1.0",
+  "description": "MCP server providing unified access to npm, PyPI, Maven Central, and crates.io package registries",
+  "readme": "README.md",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "registryx-server": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsx src/index.ts",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src/ test/",
+    "typecheck": "tsc --noEmit",
+    "format": "prettier --check \"src/**/*.ts\" \"test/**/*.ts\"",
+    "ci": "tsc --noEmit && eslint src/ test/ && vitest run --coverage && prettier --check \"src/**/*.ts\" \"test/**/*.ts\""
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.1",
+    "zod": "^3.23.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "@vitest/coverage-v8": "^2.0.0",
+    "eslint": "^9.0.0",
+    "eslint-plugin-security": "^3.0.0",
+    "prettier": "^3.0.0",
+    "tsup": "^8.0.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.0.0",
+    "typescript-eslint": "^8.0.0",
+    "vitest": "^2.0.0"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "license": "MIT"
+}

package/src/adapters/crates.ts

@@ -0,0 +1,254 @@
+import type { Config } from '../config.js';
+import type { Cache } from '../cache.js';
+import type {
+  RegistryAdapter,
+  PackageSearchResult,
+  PackageMetadata,
+  VersionInfo,
+  VersionDetail,
+  Dependency,
+  DownloadStats,
+  MaintainerInfo,
+  PackageHealth,
+  SecurityAdvisory,
+} from '../types.js';
+import { registryFetch } from '../utils/fetch.js';
+
+export class CratesAdapter implements RegistryAdapter {
+  readonly name = 'crates' as const;
+  constructor(
+    private config: Config,
+    private cache: Cache
+  ) {}
+
+  async search(query: string, limit: number): Promise<PackageSearchResult[]> {
+    const key = `crates:search:${query}:${limit}`;
+    const cached = this.cache.get<PackageSearchResult[]>(key);
+    if (cached) return cached;
+
+    const url = `https://crates.io/api/v1/crates?q=${encodeURIComponent(query)}&per_page=${limit}`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    const results: PackageSearchResult[] = (data.crates ?? []).map(
+      (c: { name: string; max_version: string; description?: string; downloads: number }) => ({
+        name: c.name,
+        version: c.max_version,
+        description: c.description ?? '',
+        downloads: `${c.downloads} total`,
+        registry: 'crates' as const,
+      })
+    );
+    this.cache.set(key, results);
+    return results;
+  }
+
+  async getPackage(name: string): Promise<PackageMetadata> {
+    const key = `crates:pkg:${name}`;
+    const cached = this.cache.get<PackageMetadata>(key);
+    if (cached) return cached;
+
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+    const crate = data.crate;
+    if (!crate) throw new Error(`Crate not found: ${name}`);
+
+    const result: PackageMetadata = {
+      name: crate.name,
+      version: crate.max_version ?? '',
+      description: crate.description ?? '',
+      license: '',
+      homepage: crate.homepage ?? '',
+      repository: crate.repository ?? '',
+      keywords: crate.keywords ?? [],
+      registry: 'crates',
+    };
+    this.cache.set(key, result);
+    return result;
+  }
+
+  async getReadme(name: string): Promise<string> {
+    try {
+      const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+      const res = await registryFetch(url, this.config);
+      const data = (await res.json()) as any;
+      // crates.io doesn't return readme in main endpoint; link to it
+      return data.crate?.readme ?? `See https://crates.io/crates/${name}`;
+    } catch {
+      return 'README not available.';
+    }
+  }
+
+  async getMaintainers(name: string): Promise<MaintainerInfo[]> {
+    try {
+      const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/owner_user`;
+      const res = await registryFetch(url, this.config);
+      const data = (await res.json()) as any;
+      return (data.users ?? []).map((u: { login: string; name?: string; url?: string }) => ({
+        name: u.name ?? u.login,
+        url: u.url,
+      }));
+    } catch {
+      return [];
+    }
+  }
+
+  async listVersions(name: string, limit: number, stableOnly: boolean): Promise<VersionInfo[]> {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/versions`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    let results: VersionInfo[] = (data.versions ?? []).map(
+      (v: { num: string; created_at: string }) => ({
+        version: v.num,
+        date: v.created_at,
+        prerelease: /[-]/.test(v.num.replace(/^\d+\.\d+\.\d+/, '')),
+      })
+    );
+
+    if (stableOnly) results = results.filter((v) => !v.prerelease);
+    return results.slice(0, limit);
+  }
+
+  async getVersion(name: string, version: string): Promise<VersionDetail> {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/${version}`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+    const v = data.version;
+    if (!v) throw new Error(`Version not found: ${name}@${version}`);
+
+    const depUrl = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/${version}/dependencies`;
+    let deps: Dependency[] = [];
+    try {
+      const depRes = await registryFetch(depUrl, this.config);
+      const depData = (await depRes.json()) as any;
+      deps = (depData.dependencies ?? []).map(
+        (d: { crate_id: string; req: string; kind: string }) => ({
+          name: d.crate_id,
+          version: d.req,
+          type: d.kind === 'dev' ? ('dev' as const) : ('runtime' as const),
+        })
+      );
+    } catch {
+      // Dependencies endpoint might fail
+    }
+
+    return {
+      name: v.crate ?? name,
+      version: v.num ?? version,
+      date: v.created_at ?? '',
+      license: v.license ?? 'Unknown',
+      size: v.crate_size ? `${Math.round(v.crate_size / 1024)}KB` : 'Unknown',
+      dependencies: deps,
+      registry: 'crates',
+    };
+  }
+
+  async getDependencies(
+    name: string,
+    version: string,
+    type: 'runtime' | 'dev' | 'all'
+  ): Promise<Dependency[]> {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/${version}/dependencies`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    let deps: Dependency[] = (data.dependencies ?? []).map(
+      (d: { crate_id: string; req: string; kind: string }) => ({
+        name: d.crate_id,
+        version: d.req,
+        type: d.kind === 'dev' ? ('dev' as const) : ('runtime' as const),
+      })
+    );
+
+    if (type !== 'all') {
+      deps = deps.filter((d) => d.type === type);
+    }
+    return deps;
+  }
+
+  async getReverseDependencies(name: string, limit: number): Promise<PackageSearchResult[]> {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}/reverse_dependencies?per_page=${limit}`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    return (data.versions ?? []).map((v: { crate: string; num: string }) => ({
+      name: v.crate ?? '',
+      version: v.num ?? '',
+      description: '',
+      downloads: '',
+      registry: 'crates' as const,
+    }));
+  }
+
+  async getDownloadStats(name: string, period: string): Promise<DownloadStats> {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    return {
+      name,
+      registry: 'crates',
+      period,
+      total: data.crate?.downloads ?? 0,
+      breakdown: [],
+    };
+  }
+
+  async getPackageHealth(name: string): Promise<PackageHealth> {
+    const url = `https://crates.io/api/v1/crates/${encodeURIComponent(name)}`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+    const crate = data.crate ?? {};
+
+    const signals: string[] = [];
+    if (crate.documentation) signals.push('Has documentation');
+    if (crate.repository) signals.push('Has repository');
+    if (crate.homepage) signals.push('Has homepage');
+    if (crate.description) signals.push('Has description');
+
+    return {
+      name,
+      registry: 'crates',
+      score: Math.min(10, signals.length * 2 + 3),
+      lastPublish: crate.updated_at ?? '',
+      weeklyDownloads: crate.recent_downloads,
+      dependencyCount: 0,
+      hasTests: false,
+      hasTypings: false,
+      signals,
+    };
+  }
+
+  async getSecurityAdvisories(name: string, _version?: string): Promise<SecurityAdvisory[]> {
+    try {
+      const url = 'https://osv.dev/v1/query';
+      const body = { package: { name, ecosystem: 'crates.io' } };
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.config.timeoutMs),
+      });
+      if (!res.ok) return [];
+      const data = (await res.json()) as any;
+      return (data.vulns ?? []).map(
+        (v: {
+          id: string;
+          summary?: string;
+          severity?: { score: string }[];
+          references?: { url: string }[];
+        }) => ({
+          id: v.id,
+          title: v.summary ?? v.id,
+          severity: v.severity?.[0]?.score ?? 'Unknown',
+          url: v.references?.[0]?.url ?? `https://osv.dev/vulnerability/${v.id}`,
+          affectedVersions: 'See advisory',
+        })
+      );
+    } catch {
+      return [];
+    }
+  }
+}

package/src/adapters/index.ts

@@ -0,0 +1,4 @@
+export { NpmAdapter } from './npm.js';
+export { PypiAdapter } from './pypi.js';
+export { MavenAdapter } from './maven.js';
+export { CratesAdapter } from './crates.js';

package/src/adapters/maven.ts

@@ -0,0 +1,184 @@
+import type { Config } from '../config.js';
+import type { Cache } from '../cache.js';
+import type {
+  RegistryAdapter,
+  PackageSearchResult,
+  PackageMetadata,
+  VersionInfo,
+  VersionDetail,
+  Dependency,
+  DownloadStats,
+  MaintainerInfo,
+  PackageHealth,
+  SecurityAdvisory,
+} from '../types.js';
+import { registryFetch } from '../utils/fetch.js';
+
+export class MavenAdapter implements RegistryAdapter {
+  readonly name = 'maven' as const;
+  constructor(
+    private config: Config,
+    private cache: Cache
+  ) {}
+
+  private parseCoords(name: string): { groupId: string; artifactId: string } {
+    const parts = name.split(':');
+    if (parts.length !== 2)
+      throw new Error(`Maven package must be groupId:artifactId, got: ${name}`);
+    return { groupId: parts[0], artifactId: parts[1] };
+  }
+
+  async search(query: string, limit: number): Promise<PackageSearchResult[]> {
+    const key = `maven:search:${query}:${limit}`;
+    const cached = this.cache.get<PackageSearchResult[]>(key);
+    if (cached) return cached;
+
+    const url = `https://search.maven.org/solrsearch/select?q=${encodeURIComponent(query)}&rows=${limit}&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    const results: PackageSearchResult[] = (data.response?.docs ?? []).map(
+      (doc: { g: string; a: string; latestVersion: string; p?: string }) => ({
+        name: `${doc.g}:${doc.a}`,
+        version: doc.latestVersion ?? '',
+        description: doc.p ?? '',
+        downloads: '',
+        registry: 'maven' as const,
+      })
+    );
+    this.cache.set(key, results);
+    return results;
+  }
+
+  async getPackage(name: string): Promise<PackageMetadata> {
+    const key = `maven:pkg:${name}`;
+    const cached = this.cache.get<PackageMetadata>(key);
+    if (cached) return cached;
+
+    const { groupId, artifactId } = this.parseCoords(name);
+    const url = `https://search.maven.org/solrsearch/select?q=g:${encodeURIComponent(groupId)}+AND+a:${encodeURIComponent(artifactId)}&rows=1&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+    const doc = data.response?.docs?.[0];
+    if (!doc) throw new Error(`Package not found: ${name}`);
+
+    const result: PackageMetadata = {
+      name: `${doc.g}:${doc.a}`,
+      version: doc.latestVersion ?? '',
+      description: doc.p ?? '',
+      license: '',
+      homepage: '',
+      repository: '',
+      keywords: [],
+      registry: 'maven',
+    };
+    this.cache.set(key, result);
+    return result;
+  }
+
+  async getReadme(_name: string): Promise<string> {
+    return 'Maven Central does not provide README content via API.';
+  }
+
+  async getMaintainers(_name: string): Promise<MaintainerInfo[]> {
+    return []; // Maven Central API doesn't expose maintainer info easily
+  }
+
+  async listVersions(name: string, limit: number, stableOnly: boolean): Promise<VersionInfo[]> {
+    const { groupId, artifactId } = this.parseCoords(name);
+    const url = `https://search.maven.org/solrsearch/select?q=g:${encodeURIComponent(groupId)}+AND+a:${encodeURIComponent(artifactId)}&core=gav&rows=${limit * 2}&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+
+    let results: VersionInfo[] = (data.response?.docs ?? []).map(
+      (doc: { v: string; timestamp: number }) => ({
+        version: doc.v,
+        date: doc.timestamp ? new Date(doc.timestamp).toISOString() : '',
+        prerelease: /[-.](?:alpha|beta|rc|snapshot|milestone|m\d)/i.test(doc.v),
+      })
+    );
+
+    if (stableOnly) results = results.filter((v) => !v.prerelease);
+    return results.slice(0, limit);
+  }
+
+  async getVersion(name: string, version: string): Promise<VersionDetail> {
+    const { groupId, artifactId } = this.parseCoords(name);
+    const url = `https://search.maven.org/solrsearch/select?q=g:${encodeURIComponent(groupId)}+AND+a:${encodeURIComponent(artifactId)}+AND+v:${encodeURIComponent(version)}&rows=1&wt=json`;
+    const res = await registryFetch(url, this.config);
+    const data = (await res.json()) as any;
+    const doc = data.response?.docs?.[0];
+    if (!doc) throw new Error(`Version not found: ${name}@${version}`);
+
+    return {
+      name: `${doc.g}:${doc.a}`,
+      version: doc.v ?? version,
+      date: doc.timestamp ? new Date(doc.timestamp).toISOString() : '',
+      license: '',
+      size: 'Unknown',
+      dependencies: [],
+      registry: 'maven',
+    };
+  }
+
+  async getDependencies(
+    _name: string,
+    _version: string,
+    _type: 'runtime' | 'dev' | 'all'
+  ): Promise<Dependency[]> {
+    return []; // Maven Central search API doesn't expose dependency info
+  }
+
+  async getReverseDependencies(_name: string, _limit: number): Promise<PackageSearchResult[]> {
+    return []; // Not available via search API
+  }
+
+  async getDownloadStats(name: string, period: string): Promise<DownloadStats> {
+    return { name, registry: 'maven', period, total: 0, breakdown: [] };
+  }
+
+  async getPackageHealth(name: string): Promise<PackageHealth> {
+    return {
+      name,
+      registry: 'maven',
+      score: 5,
+      lastPublish: '',
+      dependencyCount: 0,
+      hasTests: false,
+      hasTypings: false,
+      signals: ['Available on Maven Central'],
+    };
+  }
+
+  async getSecurityAdvisories(name: string, _version?: string): Promise<SecurityAdvisory[]> {
+    try {
+      const { groupId, artifactId } = this.parseCoords(name);
+      const url = 'https://osv.dev/v1/query';
+      const body = { package: { name: `${groupId}:${artifactId}`, ecosystem: 'Maven' } };
+      const res = await fetch(url, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.config.timeoutMs),
+      });
+      if (!res.ok) return [];
+      const data = (await res.json()) as any;
+      return (data.vulns ?? []).map(
+        (v: {
+          id: string;
+          summary?: string;
+          severity?: { score: string }[];
+          references?: { url: string }[];
+        }) => ({
+          id: v.id,
+          title: v.summary ?? v.id,
+          severity: v.severity?.[0]?.score ?? 'Unknown',
+          url: v.references?.[0]?.url ?? `https://osv.dev/vulnerability/${v.id}`,
+          affectedVersions: 'See advisory',
+        })
+      );
+    } catch {
+      return [];
+    }
+  }
+}