securenow 7.4.0 → 7.5.1

package/mcp/server.js

@@ -0,0 +1,238 @@
+#!/usr/bin/env node
+'use strict';
+
+const readline = require('readline');
+const config = require('../cli/config');
+const { api } = require('../cli/client');
+const pkg = require('../package.json');
+const {
+  RESOURCES,
+  getTool,
+  listTools,
+  listResources,
+  listPrompts,
+  promptMessages,
+  assertConfirmed,
+  buildApiRequest,
+  resourceContent,
+  jsonText,
+  maskSecret,
+  sanitizeArgs,
+} = require('./catalog');
+
+const SERVER_NAME = 'securenow';
+const PROTOCOL_VERSION = '2025-06-18';
+
+function write(message) {
+  process.stdout.write(`${JSON.stringify(message)}\n`);
+}
+
+function ok(id, result) {
+  write({ jsonrpc: '2.0', id, result });
+}
+
+function fail(id, code, message, data) {
+  write({
+    jsonrpc: '2.0',
+    id,
+    error: {
+      code,
+      message,
+      ...(data ? { data } : {}),
+    },
+  });
+}
+
+function bearerToken() {
+  return config.getToken() || config.getApiKey();
+}
+
+function localAuthStatus() {
+  const cfg = config.loadConfig();
+  const app = config.getApp();
+  const token = config.getToken();
+  const apiKey = config.getApiKey();
+  const hasBearer = !!(token || apiKey);
+  return {
+    authenticated: hasBearer,
+    sessionTokenAvailable: !!token,
+    apiKeyAvailable: !!apiKey,
+    authSource: config.getAuthSource(),
+    apiUrl: config.getApiUrl(),
+    appUrl: config.getAppUrl(),
+    defaultApp: config.getDefaultApp(),
+    app: app || null,
+    token: token ? maskSecret(token) : null,
+    apiKey: apiKey ? maskSecret(apiKey) : null,
+    config: {
+      apiUrl: cfg.apiUrl,
+      appUrl: cfg.appUrl,
+      defaultApp: cfg.defaultApp,
+      output: cfg.output,
+    },
+    nextStep: token
+      ? null
+      : apiKey
+        ? 'Using a scoped API key. Run `npx securenow login` for account-wide MCP tools.'
+        : 'Run `npx securenow login` from the project root.',
+  };
+}
+
+async function callApiTool(tool, args) {
+  assertConfirmed(tool, args);
+
+  if (tool.name === 'securenow_auth_status') {
+    return localAuthStatus();
+  }
+
+  if (tool.localOnly) {
+    throw new Error(`${tool.name} is only available in the local MCP server.`);
+  }
+
+  const token = bearerToken();
+  if (!token) {
+    throw new Error('Not authenticated. Run `npx securenow login` from the project root, then retry.');
+  }
+
+  const request = buildApiRequest(tool, args);
+  const options = {
+    token,
+    ...(Object.keys(request.query || {}).length > 0 ? { query: request.query } : {}),
+  };
+
+  if (request.method === 'GET') return api.get(request.endpoint, options);
+  if (request.method === 'POST') return api.post(request.endpoint, request.body || {}, options);
+  if (request.method === 'PUT') return api.put(request.endpoint, request.body || {}, options);
+  if (request.method === 'PATCH') return api.patch(request.endpoint, request.body || {}, options);
+  if (request.method === 'DELETE') return api.delete(request.endpoint, options);
+
+  throw new Error(`Unsupported method for ${tool.name}: ${request.method}`);
+}
+
+function asToolResult(result) {
+  return {
+    content: [
+      {
+        type: 'text',
+        text: typeof result === 'string' ? result : jsonText(result),
+      },
+    ],
+    structuredContent: typeof result === 'object' && result !== null ? result : { value: result },
+  };
+}
+
+function readResource(uri) {
+  const resource = RESOURCES.find((item) => item.uri === uri);
+  if (!resource) throw new Error(`Unknown resource: ${uri}`);
+
+  const text = resourceContent(resource, {
+    projectConfig: () => jsonText(localAuthStatus()),
+    toolsCatalog: () => jsonText(listTools().map((tool) => ({
+      name: tool.name,
+      description: tool.description,
+      readOnly: tool.annotations?.readOnlyHint === true,
+      destructive: tool.annotations?.destructiveHint === true,
+    }))),
+  });
+
+  return {
+    contents: [
+      {
+        uri: resource.uri,
+        mimeType: resource.mimeType,
+        text,
+      },
+    ],
+  };
+}
+
+async function handleRequest(message) {
+  const { id, method, params = {} } = message;
+
+  try {
+    if (method === 'initialize') {
+      return ok(id, {
+        protocolVersion: params.protocolVersion || PROTOCOL_VERSION,
+        capabilities: {
+          tools: {},
+          resources: {},
+          prompts: {},
+        },
+        serverInfo: {
+          name: SERVER_NAME,
+          version: pkg.version,
+        },
+      });
+    }
+
+    if (method === 'ping') return ok(id, {});
+    if (method === 'tools/list') return ok(id, { tools: listTools() });
+    if (method === 'resources/list') return ok(id, { resources: listResources() });
+    if (method === 'prompts/list') return ok(id, { prompts: listPrompts() });
+
+    if (method === 'resources/read') {
+      if (!params.uri) throw new Error('resources/read requires params.uri');
+      return ok(id, readResource(params.uri));
+    }
+
+    if (method === 'prompts/get') {
+      if (!params.name) throw new Error('prompts/get requires params.name');
+      return ok(id, {
+        description: listPrompts().find((prompt) => prompt.name === params.name)?.description || '',
+        messages: promptMessages(params.name, params.arguments || {}),
+      });
+    }
+
+    if (method === 'tools/call') {
+      const name = params.name;
+      const args = params.arguments || {};
+      const tool = getTool(name);
+      if (!tool) throw new Error(`Unknown tool: ${name}`);
+
+      const result = await callApiTool(tool, args);
+      return ok(id, asToolResult({
+        tool: name,
+        arguments: sanitizeArgs(args),
+        result,
+      }));
+    }
+
+    return fail(id, -32601, `Method not found: ${method}`);
+  } catch (err) {
+    return fail(id, -32000, err.message || 'SecureNow MCP request failed');
+  }
+}
+
+function handleMessage(message) {
+  if (Array.isArray(message)) {
+    for (const item of message) handleMessage(item);
+    return;
+  }
+
+  if (!message || message.jsonrpc !== '2.0') {
+    return fail(null, -32600, 'Invalid JSON-RPC message');
+  }
+
+  // Notifications have no id and must not receive a response.
+  if (message.id == null) return;
+
+  handleRequest(message).catch((err) => {
+    fail(message.id, -32603, err.message || 'Internal error');
+  });
+}
+
+const rl = readline.createInterface({
+  input: process.stdin,
+  crlfDelay: Infinity,
+});
+
+rl.on('line', (line) => {
+  if (!line.trim()) return;
+  try {
+    handleMessage(JSON.parse(line));
+  } catch (err) {
+    fail(null, -32700, 'Parse error');
+  }
+});
+
+rl.on('close', () => process.exit(0));

package/nextjs-auto-capture.d.ts

@@ -16,7 +16,7 @@
  * ```
  * 
  * Environment Variables:
- * - SECURENOW_CAPTURE_BODY=1 - Enable body capture (default: disabled)
+ * - SECURENOW_CAPTURE_BODY=0 - Disable body capture (default: enabled)
  * - SECURENOW_MAX_BODY_SIZE=10240 - Max body size in bytes (default: 10KB)
  * - SECURENOW_SENSITIVE_FIELDS=field1,field2 - Additional sensitive fields to redact
  * 

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "securenow",
-  "version": "7.4.0",
+  "version": "7.5.1",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",
   "types": "register.d.ts",
   "bin": {
-    "securenow": "cli.js"
+    "securenow": "cli.js",
+    "securenow-mcp": "mcp/server.js"
   },
   "scripts": {
     "postinstall": "node postinstall.js || exit 0"
@@ -97,6 +98,12 @@
     },
     "./app-config": {
       "default": "./app-config.js"
+    },
+    "./mcp": {
+      "default": "./mcp/server.js"
+    },
+    "./mcp/catalog": {
+      "default": "./mcp/catalog.js"
     }
   },
   "files": [
@@ -119,6 +126,7 @@
     "nuxt-server-plugin.mjs",
     "cli.js",
     "cli/",
+    "mcp/",
     "free-trial-banner.js",
     "resolve-ip.js",
     "cidr.js",