saastore-port 0.1.1

package/dist/server.js

@@ -0,0 +1,276 @@
+#!/usr/bin/env node
+/**
+ * saastore-port — MCP server the seller runs locally in their repo.
+ *
+ * The seller's IDE-side agent (Claude Code, Cursor, Cline, Zed, ...) connects
+ * via stdio and calls our exposed tools. Token economics: the seller's agent
+ * uses the seller's own API key — saastore never sees it (see spec section 7.1).
+ *
+ * Usage:
+ *   npm install -g saastore-port    # eventually; for PoC, npm install + npx
+ *   cd <your-repo>
+ *   <IDE config> -> add MCP server: command="saastore-port", cwd="<your-repo>"
+ *
+ * For the PoC this server registers two tools (analyze_repo + generate_manifest).
+ * The remaining six tools (propose_auth_rewire, apply_auth_rewire,
+ * validate_compliance, boot_test_local, package_image, push_image) land in
+ * follow-up commits as we walk the concierge first-seller pipeline.
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { analyzeRepo } from "./analyze_repo.js";
+import { applyAuthRewire } from "./apply_auth_rewire.js";
+import { bootTestLocal } from "./boot_test_local.js";
+import { generateManifest, } from "./generate_manifest.js";
+import { packageImage, pushImage } from "./package_and_push.js";
+import { proposeAuthRewire } from "./propose_auth_rewire.js";
+import { validateCompliance } from "./validate_compliance.js";
+const server = new Server({ name: "saastore-port", version: "0.1.0" }, { capabilities: { tools: {} } });
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools: [
+        {
+            name: "analyze_repo",
+            description: "Scan the seller's repository and detect framework, auth library, database, payment processors, and external APIs. Pass `path` (defaults to process.cwd()).",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    path: {
+                        type: "string",
+                        description: "Repo root to scan. Defaults to the server's CWD.",
+                    },
+                },
+            },
+        },
+        {
+            name: "apply_auth_rewire",
+            description: "Apply the create-intent files from a RewireProposal (output of propose_auth_rewire). Modify/delete intents are returned as `next_steps` for the agent to handle. Idempotent: refuses to overwrite an existing file unless `force=true`.",
+            inputSchema: {
+                type: "object",
+                required: ["proposal"],
+                properties: {
+                    proposal: {
+                        type: "object",
+                        description: "Output from propose_auth_rewire.",
+                    },
+                    root: {
+                        type: "string",
+                        description: "Repo root to write into. Defaults to CWD.",
+                    },
+                    force: { type: "boolean", description: "Overwrite existing files. Default false." },
+                    dry_run: { type: "boolean", description: "Report what would happen without writing. Default false." },
+                },
+            },
+        },
+        {
+            name: "boot_test_local",
+            description: "Build the seller's Docker image, run it locally with a known SAASTORE_HMAC_SECRET, and probe /health + signed /whoami + bad-signature /whoami + stale-timestamp /whoami. Returns a per-step pass/fail result. Tears down the container at the end.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    context: { type: "string", description: "Build context path. Defaults CWD." },
+                    dockerfile: { type: "string", description: "Dockerfile relative to context. Default 'Dockerfile'." },
+                    port: { type: "number", description: "Host port to bind on. Default 8765." },
+                    container_port: { type: "number", description: "Container's listening port. Default 8000." },
+                    secret: { type: "string", description: "Test HMAC secret." },
+                    startup_timeout_s: { type: "number", description: "Seconds to wait for /health. Default 30." },
+                },
+            },
+        },
+        {
+            name: "package_image",
+            description: "Build the seller's Docker image and stamp the manifest into an OCI label (org.saastore.manifest). Returns the tag + digest.",
+            inputSchema: {
+                type: "object",
+                required: ["tag", "manifest"],
+                properties: {
+                    context: { type: "string", description: "Build context. Defaults CWD." },
+                    dockerfile: { type: "string", description: "Dockerfile relative to context. Default 'Dockerfile'." },
+                    tag: { type: "string", description: "Local image tag, e.g. 'saastore-sparkiz:v1'." },
+                    manifest: {
+                        type: "object",
+                        description: "Manifest object to stamp into the LABEL.",
+                    },
+                },
+            },
+        },
+        {
+            name: "push_image",
+            description: "Tag + push a previously packaged image to the saastore registry. Takes a saastore-issued OAuth token (NOT the seller's own docker login).",
+            inputSchema: {
+                type: "object",
+                required: ["tag", "remote", "token"],
+                properties: {
+                    tag: { type: "string", description: "Local tag (must exist from package_image)." },
+                    remote: { type: "string", description: "Remote reference, e.g. 'registry.fly.io/om-sparkiz:v1'." },
+                    token: { type: "string", description: "Saastore-issued registry token. Use a secret-typed env var; never paste a token literal into chat." },
+                    username: { type: "string", description: "Registry username. Default 'x' (Fly convention)." },
+                },
+            },
+        },
+        {
+            name: "propose_auth_rewire",
+            description: "Return a structured list of changes (create / modify / delete) to wire the saastore SDK adapter into the seller's app and remove the now-dead auth UI. Per-framework kits; FastAPI ships in PoC, others land via concierge. Takes the output of analyze_repo.",
+            inputSchema: {
+                type: "object",
+                required: ["analysis"],
+                properties: {
+                    analysis: {
+                        type: "object",
+                        description: "Output from analyze_repo.",
+                    },
+                },
+            },
+        },
+        {
+            name: "validate_compliance",
+            description: "Locally check the seller's working tree for violations the saastore-side pipeline will reject (auth routes still present, stripe SDK imports, missing manifest). Returns a structured findings list; `ok` is true when there are no `error`-severity findings.",
+            inputSchema: {
+                type: "object",
+                properties: {
+                    path: {
+                        type: "string",
+                        description: "Repo root to scan. Defaults to the server's CWD.",
+                    },
+                },
+            },
+        },
+        {
+            name: "generate_manifest",
+            description: "Generate a saastore.yaml the seller commits in their repo. Takes the output of analyze_repo (`analysis`) plus seller-supplied fields (app_name, port, memory_mb, etc.).",
+            inputSchema: {
+                type: "object",
+                required: ["analysis", "input"],
+                properties: {
+                    analysis: {
+                        type: "object",
+                        description: "Output from analyze_repo.",
+                    },
+                    input: {
+                        type: "object",
+                        required: ["app_name"],
+                        description: "Seller-supplied manifest fields.",
+                        properties: {
+                            app_name: { type: "string" },
+                            port: { type: "number" },
+                            framework_override: { type: "string" },
+                            adapter_override: { type: "string" },
+                            removed_routes: { type: "array", items: { type: "string" } },
+                            memory_mb: { type: "number" },
+                            external_api_caps_usd: { type: "object" },
+                            schema_owner: {
+                                type: "string",
+                                enum: ["app", "platform"],
+                            },
+                            migrate_command: { type: "string" },
+                            s3_bucket: { type: "boolean" },
+                        },
+                    },
+                },
+            },
+        },
+    ],
+}));
+server.setRequestHandler(CallToolRequestSchema, async (request) => {
+    const { name, arguments: args = {} } = request.params;
+    if (name === "analyze_repo") {
+        const path = args["path"] ?? process.cwd();
+        const analysis = await analyzeRepo(path);
+        return {
+            content: [
+                { type: "text", text: JSON.stringify(analysis, null, 2) },
+            ],
+        };
+    }
+    if (name === "apply_auth_rewire") {
+        const proposal = args["proposal"];
+        if (!proposal) {
+            throw new Error("apply_auth_rewire: 'proposal' is required");
+        }
+        const result = await applyAuthRewire(proposal, {
+            root: args["root"],
+            force: args["force"],
+            dry_run: args["dry_run"],
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    if (name === "boot_test_local") {
+        const result = await bootTestLocal({
+            context: args["context"],
+            dockerfile: args["dockerfile"],
+            port: args["port"],
+            container_port: args["container_port"],
+            secret: args["secret"],
+            startup_timeout_s: args["startup_timeout_s"],
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    if (name === "package_image") {
+        const tag = args["tag"];
+        const manifest = args["manifest"];
+        if (!tag || !manifest) {
+            throw new Error("package_image: 'tag' and 'manifest' are required");
+        }
+        const result = await packageImage({
+            tag,
+            manifest,
+            context: args["context"],
+            dockerfile: args["dockerfile"],
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    if (name === "push_image") {
+        const tag = args["tag"];
+        const remote = args["remote"];
+        const token = args["token"];
+        if (!tag || !remote || !token) {
+            throw new Error("push_image: 'tag', 'remote', 'token' are required");
+        }
+        const result = await pushImage({
+            tag,
+            remote,
+            token,
+            username: args["username"],
+        });
+        return { content: [{ type: "text", text: JSON.stringify(result, null, 2) }] };
+    }
+    if (name === "propose_auth_rewire") {
+        const analysis = args["analysis"];
+        if (!analysis) {
+            throw new Error("propose_auth_rewire: 'analysis' is required");
+        }
+        const proposal = proposeAuthRewire(analysis);
+        return {
+            content: [
+                { type: "text", text: JSON.stringify(proposal, null, 2) },
+            ],
+        };
+    }
+    if (name === "validate_compliance") {
+        const path = args["path"] ?? process.cwd();
+        const report = await validateCompliance(path);
+        return {
+            content: [
+                { type: "text", text: JSON.stringify(report, null, 2) },
+            ],
+        };
+    }
+    if (name === "generate_manifest") {
+        const analysis = args["analysis"];
+        const input = args["input"];
+        if (!analysis || !input) {
+            throw new Error("generate_manifest: 'analysis' and 'input' are required");
+        }
+        const { yaml, manifest } = generateManifest(analysis, input);
+        return {
+            content: [
+                { type: "text", text: yaml },
+                { type: "text", text: JSON.stringify({ structured: manifest }, null, 2) },
+            ],
+        };
+    }
+    throw new Error(`unknown tool: ${name}`);
+});
+const transport = new StdioServerTransport();
+await server.connect(transport);
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAA;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAA;AAChF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAA;AAE3C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,OAAO,EACL,gBAAgB,GAEjB,MAAM,wBAAwB,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AAC/D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAA;AAE7D,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,EAC3C,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAA;AAED,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IAC5D,KAAK,EAAE;QACL;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EACT,4JAA4J;YAC9J,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,kDAAkD;qBAChE;iBACF;aACF;SACF;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EACT,yOAAyO;YAC3O,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,UAAU,CAAC;gBACtB,UAAU,EAAE;oBACV,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,kCAAkC;qBAChD;oBACD,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,2CAA2C;qBACzD;oBACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,0CAA0C,EAAE;oBACnF,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,0DAA0D,EAAE;iBACtG;aACF;SACF;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,WAAW,EACT,oPAAoP;YACtP,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mCAAmC,EAAE;oBAC7E,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uDAAuD,EAAE;oBACpG,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qCAAqC,EAAE;oBAC5E,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2CAA2C,EAAE;oBAC5F,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,mBAAmB,EAAE;oBAC5D,iBAAiB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0CAA0C,EAAE;iBAC/F;aACF;SACF;QACD;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EACT,6HAA6H;YAC/H,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,KAAK,EAAE,UAAU,CAAC;gBAC7B,UAAU,EAAE;oBACV,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8BAA8B,EAAE;oBACxE,UAAU,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uDAAuD,EAAE;oBACpG,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,8CAA8C,EAAE;oBACpF,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,0CAA0C;qBACxD;iBACF;aACF;SACF;QACD;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EACT,2IAA2I;YAC7I,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC;gBACpC,UAAU,EAAE;oBACV,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBAClF,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yDAAyD,EAAE;oBAClG,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,oGAAoG,EAAE;oBAC5I,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kDAAkD,EAAE;iBAC9F;aACF;SACF;QACD;YACE,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EACT,+PAA+P;YACjQ,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,UAAU,CAAC;gBACtB,UAAU,EAAE;oBACV,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,2BAA2B;qBACzC;iBACF;aACF;SACF;QACD;YACE,IAAI,EAAE,qBAAqB;YAC3B,WAAW,EACT,gQAAgQ;YAClQ,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAE;wBACJ,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,kDAAkD;qBAChE;iBACF;aACF;SACF;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EACT,yKAAyK;YAC3K,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC;gBAC/B,UAAU,EAAE;oBACV,QAAQ,EAAE;wBACR,IAAI,EAAE,QAAQ;wBACd,WAAW,EAAE,2BAA2B;qBACzC;oBACD,KAAK,EAAE;wBACL,IAAI,EAAE,QAAQ;wBACd,QAAQ,EAAE,CAAC,UAAU,CAAC;wBACtB,WAAW,EAAE,kCAAkC;wBAC/C,UAAU,EAAE;4BACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BAC5B,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BACxB,kBAAkB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BACtC,gBAAgB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BACpC,cAAc,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;4BAC5D,SAAS,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BAC7B,qBAAqB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BACzC,YAAY,EAAE;gCACZ,IAAI,EAAE,QAAQ;gCACd,IAAI,EAAE,CAAC,KAAK,EAAE,UAAU,CAAC;6BAC1B;4BACD,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4BACnC,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;yBAC/B;qBACF;iBACF;aACF;SACF;KACF;CACF,CAAC,CAAC,CAAA;AAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;IAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAA;IAErD,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;QAC5B,MAAM,IAAI,GAAI,IAAI,CAAC,MAAM,CAAwB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;QAClE,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,CAAA;QACxC,OAAO;YACL,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;aAC1D;SACF,CAAA;IACH,CAAC;IAED,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAA0C,CAAA;QAC1E,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC9D,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE;YAC7C,IAAI,EAAE,IAAI,CAAC,MAAM,CAAuB;YACxC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAwB;YAC3C,OAAO,EAAE,IAAI,CAAC,SAAS,CAAwB;SAChD,CAAC,CAAA;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAA;IAC/E,CAAC;IAED,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;YACjC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAuB;YAC9C,UAAU,EAAE,IAAI,CAAC,YAAY,CAAuB;YACpD,IAAI,EAAE,IAAI,CAAC,MAAM,CAAuB;YACxC,cAAc,EAAE,IAAI,CAAC,gBAAgB,CAAuB;YAC5D,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAuB;YAC5C,iBAAiB,EAAE,IAAI,CAAC,mBAAmB,CAAuB;SACnE,CAAC,CAAA;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAA;IAC/E,CAAC;IAED,IAAI,IAAI,KAAK,eAAe,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAW,CAAA;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAA4B,CAAA;QAC5D,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAA;QACrE,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC;YAChC,GAAG;YACH,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,SAAS,CAAuB;YAC9C,UAAU,EAAE,IAAI,CAAC,YAAY,CAAuB;SACrD,CAAC,CAAA;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAA;IAC/E,CAAC;IAED,IAAI,IAAI,KAAK,YAAY,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAW,CAAA;QACjC,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAW,CAAA;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAW,CAAA;QACrC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;QACtE,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;YAC7B,GAAG;YACH,MAAM;YACN,KAAK;YACL,QAAQ,EAAE,IAAI,CAAC,UAAU,CAAuB;SACjD,CAAC,CAAA;QACF,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAA;IAC/E,CAAC;IAED,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAA4C,CAAA;QAC5E,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;QAChE,CAAC;QACD,MAAM,QAAQ,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAA;QAC5C,OAAO;YACL,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;aAC1D;SACF,CAAA;IACH,CAAC;IAED,IAAI,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACnC,MAAM,IAAI,GAAI,IAAI,CAAC,MAAM,CAAwB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;QAClE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAA;QAC7C,OAAO;YACL,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;aACxD;SACF,CAAA;IACH,CAAC;IAED,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAA2C,CAAA;QAC3E,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAkB,CAAA;QAC5C,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAA;QAC3E,CAAC;QACD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAA;QAC5D,OAAO;YACL,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE;gBAC5B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;aAC1E;SACF,CAAA;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAA;AAC1C,CAAC,CAAC,CAAA;AAEF,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAA;AAC5C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA"}

package/dist/validate_compliance.js

@@ -0,0 +1,203 @@
+/**
+ * validate_compliance — local checks ensuring the seller's working tree
+ * won't be rejected by the saastore-side verification pipeline.
+ *
+ * Catches the violations cheaply (locally, no LLM, no network) so the seller
+ * doesn't waste a push + Trivy + manifest-validate roundtrip to find out
+ * they still have a /login route handler. Mirrors the spec section 6.1 contract:
+ *
+ *   - No auth UI: /login, /signup, /logout, /forgot-password
+ *   - No own payment processing (Stripe etc.)
+ *   - App reads identity from saastore headers, not its own session/cookies
+ *
+ * Returns structured findings the seller's agent presents back to them.
+ * Severity tiers:
+ *   - "error"  -> the verification pipeline WILL reject
+ *   - "warn"   -> pipeline might pass but PoC-flagged
+ *   - "info"   -> noteworthy detail (no action required)
+ */
+import { readFile } from "node:fs/promises";
+import { existsSync } from "node:fs";
+import { join, relative } from "node:path";
+import { readdir } from "node:fs/promises";
+// ----- Detection rules -----------------------------------------------------
+/** Source-file extensions we scan. Skip lockfiles, build artifacts, etc. */
+const SCANNED_EXTENSIONS = [".ts", ".tsx", ".js", ".jsx", ".mjs", ".py", ".rb", ".go", ".rs"];
+const SKIP_DIRS = new Set([
+    "node_modules",
+    ".git",
+    "dist",
+    "build",
+    ".next",
+    "out",
+    "__pycache__",
+    ".venv",
+    "venv",
+    "target",
+]);
+/**
+ * Patterns that signal an auth route handler. We look at the literal route
+ * string AND a handful of common decorator/method-call shapes. The aim is
+ * "noisy enough to catch routes" not "perfect AST analysis."
+ */
+const AUTH_ROUTE_PATTERNS = [
+    {
+        rule: "login-route",
+        pattern: /["']\/(?:api\/)?(?:auth\/)?(login|sign-?in|signin)\b/i,
+    },
+    {
+        rule: "signup-route",
+        pattern: /["']\/(?:api\/)?(?:auth\/)?(signup|sign-?up|register)\b/i,
+    },
+    {
+        rule: "logout-route",
+        pattern: /["']\/(?:api\/)?(?:auth\/)?(logout|sign-?out|signout)\b/i,
+    },
+    {
+        rule: "forgot-password-route",
+        pattern: /["']\/(?:api\/)?(?:auth\/)?(forgot|reset)-password\b/i,
+    },
+];
+const PAYMENT_IMPORT_PATTERNS = [
+    {
+        rule: "stripe-import",
+        pattern: /(?:require\s*\(\s*["']stripe["']\s*\)|from\s+stripe\s+import|import\s+stripe\b|from\s+["']stripe["'])/i,
+    },
+    {
+        rule: "paddle-import",
+        pattern: /["']@?paddle\/[a-z-]+["']|from\s+paddle/i,
+    },
+    {
+        rule: "lemonsqueezy-import",
+        pattern: /["']@?lemonsqueezy\/[a-z-]+["']/i,
+    },
+];
+// ----- Helpers -------------------------------------------------------------
+async function* walk(root) {
+    let entries;
+    try {
+        entries = (await readdir(root, { withFileTypes: true }));
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        if (entry.isDirectory()) {
+            if (SKIP_DIRS.has(entry.name))
+                continue;
+            yield* walk(join(root, entry.name));
+        }
+        else if (entry.isFile()) {
+            const path = join(root, entry.name);
+            if (SCANNED_EXTENSIONS.some((ext) => path.endsWith(ext))) {
+                yield path;
+            }
+        }
+    }
+}
+function findMatchInFile(contents, patterns) {
+    const hits = [];
+    const lines = contents.split(/\r?\n/);
+    for (let i = 0; i < lines.length; i++) {
+        const text = lines[i];
+        for (const { rule, pattern } of patterns) {
+            if (pattern.test(text)) {
+                hits.push({ rule, line: i + 1, lineText: text.trim() });
+            }
+        }
+    }
+    return hits;
+}
+function relativeForward(root, path) {
+    return relative(root, path).replace(/\\/g, "/");
+}
+/**
+ * Next.js conventional routes: `app/.../page.tsx` and `app/.../route.ts` (App
+ * Router), and `pages/api/...` (Pages Router). File paths themselves declare
+ * routes, so a path containing `login`, `signup`, `logout`, or `forgot-password`
+ * is an auth route even if the file contents look innocuous.
+ */
+const NEXT_AUTH_PATH_RULES = [
+    { rule: "login-route", pattern: /(?:^|\/)(?:app|pages)\/(?:api\/)?(?:auth\/)?(login|sign-?in|signin)(?:[\/.]|$)/i },
+    { rule: "signup-route", pattern: /(?:^|\/)(?:app|pages)\/(?:api\/)?(?:auth\/)?(signup|sign-?up|register)(?:[\/.]|$)/i },
+    { rule: "logout-route", pattern: /(?:^|\/)(?:app|pages)\/(?:api\/)?(?:auth\/)?(logout|sign-?out|signout)(?:[\/.]|$)/i },
+    { rule: "forgot-password-route", pattern: /(?:^|\/)(?:app|pages)\/(?:api\/)?(?:auth\/)?(forgot|reset)-password(?:[\/.]|$)/i },
+];
+// ----- Main entry ----------------------------------------------------------
+export async function validateCompliance(root) {
+    const findings = [];
+    // --- Walk source files, applying per-line patterns ----------------------
+    for await (const file of walk(root)) {
+        let contents;
+        try {
+            contents = await readFile(file, "utf8");
+        }
+        catch {
+            continue;
+        }
+        // Path-based check first — Next.js's app router declares routes via file
+        // paths, so the file's *location* is itself the route declaration.
+        const relPath = relativeForward(root, file);
+        for (const { rule, pattern } of NEXT_AUTH_PATH_RULES) {
+            if (pattern.test(relPath)) {
+                findings.push({
+                    severity: "error",
+                    rule,
+                    message: `Next.js auth route detected via file path — saastore handles authentication, this file must be removed before packaging.`,
+                    file: relPath,
+                });
+            }
+        }
+        const authHits = findMatchInFile(contents, AUTH_ROUTE_PATTERNS);
+        for (const hit of authHits) {
+            findings.push({
+                severity: "error",
+                rule: hit.rule,
+                message: `auth route handler detected — saastore handles authentication, this route must be removed before packaging. Matched line: ${hit.lineText}`,
+                file: relativeForward(root, file),
+                line: hit.line,
+            });
+        }
+        const payHits = findMatchInFile(contents, PAYMENT_IMPORT_PATTERNS);
+        for (const hit of payHits) {
+            findings.push({
+                severity: "error",
+                rule: hit.rule,
+                message: `payment-processor import detected — saastore is merchant-of-record (spec section 6.1). Remove the SDK + any code that calls into it. Matched line: ${hit.lineText}`,
+                file: relativeForward(root, file),
+                line: hit.line,
+            });
+        }
+    }
+    // --- saastore.yaml presence ---------------------------------------------
+    if (!existsSync(join(root, "saastore.yaml"))) {
+        findings.push({
+            severity: "warn",
+            rule: "missing-manifest",
+            message: "no saastore.yaml at repo root — run the `generate_manifest` tool before packaging.",
+        });
+    }
+    // --- SDK adapter present? ----------------------------------------------
+    // Heuristic: look for `saastore_user` / `saastore-fastapi` in package
+    // manifests so we at least nudge sellers who haven't wired the adapter.
+    const pkgJson = existsSync(join(root, "package.json"))
+        ? await readFile(join(root, "package.json"), "utf8")
+        : "";
+    const pyProject = existsSync(join(root, "pyproject.toml"))
+        ? await readFile(join(root, "pyproject.toml"), "utf8")
+        : "";
+    const reqTxt = existsSync(join(root, "requirements.txt"))
+        ? await readFile(join(root, "requirements.txt"), "utf8")
+        : "";
+    const allManifests = pkgJson + "\n" + pyProject + "\n" + reqTxt;
+    if (allManifests.trim() && !/saastore-(fastapi|nextauth|passport|django|express|generic)/i.test(allManifests)) {
+        findings.push({
+            severity: "warn",
+            rule: "missing-saastore-adapter",
+            message: "no saastore SDK adapter dependency declared — install one (e.g. `pip install saastore-fastapi`) and wire it as the auth dependency before packaging.",
+        });
+    }
+    const hasErrors = findings.some((f) => f.severity === "error");
+    return { ok: !hasErrors, findings };
+}
+//# sourceMappingURL=validate_compliance.js.map

package/dist/validate_compliance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate_compliance.js","sourceRoot":"","sources":["../src/validate_compliance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAA;AAoB1C,8EAA8E;AAE9E,4EAA4E;AAC5E,MAAM,kBAAkB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,CAAA;AAE7F,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;IACxB,cAAc;IACd,MAAM;IACN,MAAM;IACN,OAAO;IACP,OAAO;IACP,KAAK;IACL,aAAa;IACb,OAAO;IACP,MAAM;IACN,QAAQ;CACT,CAAC,CAAA;AAEF;;;;GAIG;AACH,MAAM,mBAAmB,GAA6C;IACpE;QACE,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,uDAAuD;KACjE;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,0DAA0D;KACpE;IACD;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,0DAA0D;KACpE;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,OAAO,EAAE,uDAAuD;KACjE;CACF,CAAA;AAED,MAAM,uBAAuB,GAA6C;IACxE;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EACL,wGAAwG;KAC3G;IACD;QACE,IAAI,EAAE,eAAe;QACrB,OAAO,EAAE,0CAA0C;KACpD;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,OAAO,EAAE,kCAAkC;KAC5C;CACF,CAAA;AAED,8EAA8E;AAE9E,KAAK,SAAS,CAAC,CAAC,IAAI,CAAC,IAAY;IAC/B,IAAI,OAAmF,CAAA;IACvF,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,MAAM,OAAO,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAIrD,CAAA;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAM;IACR,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACxB,IAAI,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC;gBAAE,SAAQ;YACvC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;QACrC,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAA;YACnC,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBACzD,MAAM,IAAI,CAAA;YACZ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CACtB,QAAgB,EAChB,QAAkD;IAElD,MAAM,IAAI,GAA4D,EAAE,CAAA;IACxE,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACrB,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,QAAQ,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvB,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;YACzD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,IAAY;IACjD,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAA;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,oBAAoB,GAA6C;IACrE,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iFAAiF,EAAE;IACnH,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,oFAAoF,EAAE;IACvH,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,oFAAoF,EAAE;IACvH,EAAE,IAAI,EAAE,uBAAuB,EAAE,OAAO,EAAE,iFAAiF,EAAE;CAC9H,CAAA;AAED,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAY;IACnD,MAAM,QAAQ,GAAwB,EAAE,CAAA;IAExC,2EAA2E;IAC3E,IAAI,KAAK,EAAE,MAAM,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,IAAI,QAAgB,CAAA;QACpB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,SAAQ;QACV,CAAC;QAED,yEAAyE;QACzE,mEAAmE;QACnE,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAC3C,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,oBAAoB,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,OAAO;oBACjB,IAAI;oBACJ,OAAO,EAAE,0HAA0H;oBACnI,IAAI,EAAE,OAAO;iBACd,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;QAC/D,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,6HAA6H,GAAG,CAAC,QAAQ,EAAE;gBACpJ,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC;gBACjC,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAA;QAClE,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC;gBACZ,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,sJAAsJ,GAAG,CAAC,QAAQ,EAAE;gBAC7K,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,IAAI,CAAC;gBACjC,IAAI,EAAE,GAAG,CAAC,IAAI;aACf,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,EAAE,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,IAAI,EAAE,kBAAkB;YACxB,OAAO,EACL,oFAAoF;SACvF,CAAC,CAAA;IACJ,CAAC;IAED,0EAA0E;IAC1E,sEAAsE;IACtE,wEAAwE;IACxE,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QACpD,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC;QACpD,CAAC,CAAC,EAAE,CAAA;IACN,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACxD,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QACtD,CAAC,CAAC,EAAE,CAAA;IACN,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;QACvD,CAAC,CAAC,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,EAAE,MAAM,CAAC;QACxD,CAAC,CAAC,EAAE,CAAA;IAEN,MAAM,YAAY,GAAG,OAAO,GAAG,IAAI,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CAAA;IAC/D,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,8DAA8D,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9G,QAAQ,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,MAAM;YAChB,IAAI,EAAE,0BAA0B;YAChC,OAAO,EACL,sJAAsJ;SACzJ,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAA;IAC9D,OAAO,EAAE,EAAE,EAAE,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAA;AACrC,CAAC"}

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "saastore-port",
+  "version": "0.1.1",
+  "description": "MCP server that helps sellers port their app to saastore hosting (HMAC identity, manifest, packaging).",
+  "type": "module",
+  "bin": {
+    "saastore-port": "dist/server.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "keywords": ["mcp", "saastore", "model-context-protocol", "claude", "saas-hosting"],
+  "engines": {
+    "node": ">=20"
+  },
+  "homepage": "https://saastore.ai",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/server.js",
+    "dev": "tsc --watch",
+    "test": "node --test --test-reporter spec --import tsx src/analyze_repo.test.ts src/generate_manifest.test.ts src/validate_compliance.test.ts src/propose_auth_rewire.test.ts src/apply_auth_rewire.test.ts",
+    "prepublishOnly": "npm run build && npm test"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "yaml": "^2.5.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.7.0",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0"
+  },
+  "license": "MIT",
+  "author": "saastore.ai",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/michael-fishman/openmarket"
+  }
+}