ssh-mcp-pro 1.0.0

package/dist/agent-bin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-bin.js","sourceRoot":"","sources":["../src/agent-bin.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAC1D,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/audit.d.ts

@@ -0,0 +1,25 @@
+import type { PolicyDecision } from "./policy.js";
+export interface AuditEvent {
+    id: string;
+    timestamp: string;
+    action: string;
+    sessionId?: string;
+    host?: string;
+    username?: string;
+    target?: string;
+    allowed: boolean;
+    mode?: string;
+    reason?: string;
+}
+export declare class AuditLog {
+    private readonly maxEvents;
+    private readonly events;
+    private sequence;
+    constructor(maxEvents?: number);
+    private redactEvent;
+    private redactStringPatterns;
+    record(event: Omit<AuditEvent, "id" | "timestamp">): AuditEvent;
+    recordPolicyDecision(decision: PolicyDecision, details: Omit<AuditEvent, "id" | "timestamp" | "allowed" | "mode" | "reason">): AuditEvent;
+    list(limit?: number): AuditEvent[];
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAElD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,QAAQ;IAIP,OAAO,CAAC,QAAQ,CAAC,SAAS;IAHtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAoB;IAC3C,OAAO,CAAC,QAAQ,CAAK;gBAEQ,SAAS,SAAM;IAE5C,OAAO,CAAC,WAAW;IAKnB,OAAO,CAAC,oBAAoB;IAkB5B,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,CAAC,GAAG,UAAU;IAgB/D,oBAAoB,CAClB,QAAQ,EAAE,cAAc,EACxB,OAAO,EAAE,IAAI,CAAC,UAAU,EAAE,IAAI,GAAG,WAAW,GAAG,SAAS,GAAG,MAAM,GAAG,QAAQ,CAAC,GAC5E,UAAU;IASb,IAAI,CAAC,KAAK,SAAM,GAAG,UAAU,EAAE;CAGhC"}

package/dist/audit.js

@@ -0,0 +1,50 @@
+import { redactErrorMessage, redactSensitiveData } from "./logging.js";
+export class AuditLog {
+    maxEvents;
+    events = [];
+    sequence = 0;
+    constructor(maxEvents = 500) {
+        this.maxEvents = maxEvents;
+    }
+    redactEvent(event) {
+        const fieldRedacted = redactSensitiveData(event);
+        return this.redactStringPatterns(fieldRedacted);
+    }
+    redactStringPatterns(value) {
+        if (typeof value === "string") {
+            return redactErrorMessage(value);
+        }
+        if (Array.isArray(value)) {
+            return value.map((item) => this.redactStringPatterns(item));
+        }
+        if (value && typeof value === "object") {
+            return Object.fromEntries(Object.entries(value).map(([key, item]) => [key, this.redactStringPatterns(item)]));
+        }
+        return value;
+    }
+    record(event) {
+        const auditEvent = {
+            ...event,
+            id: `audit-${Date.now()}-${++this.sequence}`,
+            timestamp: new Date().toISOString(),
+        };
+        const redactedEvent = this.redactEvent(auditEvent);
+        this.events.push(redactedEvent);
+        if (this.events.length > this.maxEvents) {
+            this.events.splice(0, this.events.length - this.maxEvents);
+        }
+        return { ...redactedEvent };
+    }
+    recordPolicyDecision(decision, details) {
+        return this.record({
+            ...details,
+            allowed: decision.allowed,
+            mode: decision.mode,
+            ...(decision.reason ? { reason: decision.reason } : {}),
+        });
+    }
+    list(limit = 100) {
+        return this.events.slice(-limit).map((event) => ({ ...event }));
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAgBvE,MAAM,OAAO,QAAQ;IAIU;IAHZ,MAAM,GAAiB,EAAE,CAAC;IACnC,QAAQ,GAAG,CAAC,CAAC;IAErB,YAA6B,YAAY,GAAG;QAAf,cAAS,GAAT,SAAS,CAAM;IAAG,CAAC;IAExC,WAAW,CAAC,KAAiB;QACnC,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAe,CAAC;IAChE,CAAC;IAEO,oBAAoB,CAAC,KAAc;QACzC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,OAAO,MAAM,CAAC,WAAW,CACvB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,EAAE,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC,CAAC,CACnF,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,KAA2C;QAChD,MAAM,UAAU,GAAe;YAC7B,GAAG,KAAK;YACR,EAAE,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;YAC5C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEnD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,EAAE,GAAG,aAAa,EAAE,CAAC;IAC9B,CAAC;IAED,oBAAoB,CAClB,QAAwB,EACxB,OAA6E;QAE7E,OAAO,IAAI,CAAC,MAAM,CAAC;YACjB,GAAG,OAAO;YACV,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,GAAG,GAAG;QACd,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;IAClE,CAAC;CACF"}

package/dist/auth.d.ts

@@ -0,0 +1,4 @@
+export declare function constantTimeTokenEquals(provided: string, expected: string): boolean;
+export declare function extractBearerToken(authorization: string | undefined): string | undefined;
+export declare function isBearerAuthorizationValid(authorization: string | undefined, expectedToken: string): boolean;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAMA,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAWnF;AAED,wBAAgB,kBAAkB,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAWxF;AAED,wBAAgB,0BAA0B,CACxC,aAAa,EAAE,MAAM,GAAG,SAAS,EACjC,aAAa,EAAE,MAAM,GACpB,OAAO,CAOT"}

package/dist/auth.js

@@ -0,0 +1,33 @@
+import { createHash, timingSafeEqual } from "node:crypto";
+function sha256(input) {
+    return createHash("sha256").update(input, "utf8").digest();
+}
+export function constantTimeTokenEquals(provided, expected) {
+    if (typeof provided !== "string" || typeof expected !== "string") {
+        return false;
+    }
+    if (expected.length === 0) {
+        return false;
+    }
+    const providedDigest = sha256(provided);
+    const expectedDigest = sha256(expected);
+    return timingSafeEqual(providedDigest, expectedDigest);
+}
+export function extractBearerToken(authorization) {
+    if (authorization === undefined) {
+        return undefined;
+    }
+    const parts = authorization.split(" ");
+    if (parts.length !== 2 || parts[0] !== "Bearer" || parts[1]?.length === 0) {
+        return undefined;
+    }
+    return parts[1];
+}
+export function isBearerAuthorizationValid(authorization, expectedToken) {
+    const providedToken = extractBearerToken(authorization);
+    if (providedToken === undefined) {
+        return false;
+    }
+    return constantTimeTokenEquals(providedToken, expectedToken);
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D,SAAS,MAAM,CAAC,KAAa;IAC3B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,QAAgB,EAAE,QAAgB;IACxE,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjE,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IACxC,OAAO,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;AACzD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,aAAiC;IAClE,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,0BAA0B,CACxC,aAAiC,EACjC,aAAqB;IAErB,MAAM,aAAa,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,uBAAuB,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AAC/D,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,16 @@
+export interface CliOptions {
+    help: boolean;
+    version: boolean;
+    forceStdio: boolean;
+    transport: "stdio" | "http";
+    host?: string;
+    port?: string;
+    bearerTokenFile?: string;
+    enableLegacySse: boolean;
+    toolProfile?: string;
+    connectorCredentialProvider?: string;
+    unsupportedNoStdio: boolean;
+    agentArgs?: string[];
+}
+export declare function parseArgs(argv: string[]): CliOptions;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,OAAO,CAAC;IACpB,SAAS,EAAE,OAAO,GAAG,MAAM,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CAmGpD"}

package/dist/cli.js

@@ -0,0 +1,99 @@
+export function parseArgs(argv) {
+    const opts = {
+        help: false,
+        version: false,
+        forceStdio: false,
+        transport: "stdio",
+        enableLegacySse: false,
+        unsupportedNoStdio: false,
+    };
+    for (let index = 0; index < argv.length; index++) {
+        const arg = argv[index];
+        switch (arg) {
+            case "agent":
+                opts.agentArgs = argv.slice(index + 1);
+                index = argv.length;
+                break;
+            case "http":
+                opts.transport = "http";
+                break;
+            case "stdio":
+                opts.transport = "stdio";
+                break;
+            case "--help":
+            case "-h":
+                opts.help = true;
+                break;
+            case "--version":
+            case "-v":
+                opts.version = true;
+                break;
+            case "--stdio":
+                opts.forceStdio = true;
+                opts.transport = "stdio";
+                break;
+            case "--transport=http":
+                opts.transport = "http";
+                break;
+            case "--transport=stdio":
+                opts.transport = "stdio";
+                break;
+            case "--host":
+                {
+                    const next = argv[index + 1];
+                    if (next !== undefined) {
+                        opts.host = next;
+                        index++;
+                    }
+                }
+                break;
+            case "--port":
+                {
+                    const next = argv[index + 1];
+                    if (next !== undefined) {
+                        opts.port = next;
+                        index++;
+                    }
+                }
+                break;
+            case "--bearer-token-file":
+                {
+                    const next = argv[index + 1];
+                    if (next !== undefined) {
+                        opts.bearerTokenFile = next;
+                        index++;
+                    }
+                }
+                break;
+            case "--enable-legacy-sse":
+                opts.enableLegacySse = true;
+                break;
+            case "--tool-profile":
+                {
+                    const next = argv[index + 1];
+                    if (next !== undefined) {
+                        opts.toolProfile = next;
+                        index++;
+                    }
+                }
+                break;
+            case "--connector-credential-provider":
+                {
+                    const next = argv[index + 1];
+                    if (next !== undefined) {
+                        opts.connectorCredentialProvider = next;
+                        index++;
+                    }
+                }
+                break;
+            case "--no-stdio":
+                opts.unsupportedNoStdio = true;
+                break;
+            default:
+                // Ignore unknown flags to avoid breaking MCP client invocations.
+                break;
+        }
+    }
+    return opts;
+}
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAeA,MAAM,UAAU,SAAS,CAAC,IAAc;IACtC,MAAM,IAAI,GAAe;QACvB,IAAI,EAAE,KAAK;QACX,OAAO,EAAE,KAAK;QACd,UAAU,EAAE,KAAK;QACjB,SAAS,EAAE,OAAO;QAClB,eAAe,EAAE,KAAK;QACtB,kBAAkB,EAAE,KAAK;KAC1B,CAAC;IAEF,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,OAAO;gBACV,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;gBACvC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC;gBACpB,MAAM;YACR,KAAK,MAAM;gBACT,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;gBACxB,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC;gBACzB,MAAM;YACR,KAAK,QAAQ,CAAC;YACd,KAAK,IAAI;gBACP,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;gBACjB,MAAM;YACR,KAAK,WAAW,CAAC;YACjB,KAAK,IAAI;gBACP,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;gBACpB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;gBACvB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC;gBACzB,MAAM;YACR,KAAK,kBAAkB;gBACrB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC;gBACxB,MAAM;YACR,KAAK,mBAAmB;gBACtB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC;gBACzB,MAAM;YACR,KAAK,QAAQ;gBACX,CAAC;oBACC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;oBAC7B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wBACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;wBACjB,KAAK,EAAE,CAAC;oBACV,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,KAAK,QAAQ;gBACX,CAAC;oBACC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;oBAC7B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wBACvB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;wBACjB,KAAK,EAAE,CAAC;oBACV,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,KAAK,qBAAqB;gBACxB,CAAC;oBACC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;oBAC7B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wBACvB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;wBAC5B,KAAK,EAAE,CAAC;oBACV,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,KAAK,qBAAqB;gBACxB,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;gBAC5B,MAAM;YACR,KAAK,gBAAgB;gBACnB,CAAC;oBACC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;oBAC7B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wBACvB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;wBACxB,KAAK,EAAE,CAAC;oBACV,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,KAAK,iCAAiC;gBACpC,CAAC;oBACC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;oBAC7B,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;wBACvB,IAAI,CAAC,2BAA2B,GAAG,IAAI,CAAC;wBACxC,KAAK,EAAE,CAAC;oBACV,CAAC;gBACH,CAAC;gBACD,MAAM;YACR,KAAK,YAAY;gBACf,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;gBAC/B,MAAM;YACR;gBACE,iEAAiE;gBACjE,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,103 @@
+import { type ToolProfile } from "./connector-profile.js";
+import type { PolicyConfig } from "./policy.js";
+import type { HostKeyPolicy } from "./types.js";
+export declare const CONNECTOR_CREDENTIAL_PROVIDERS: readonly ["none", "agent", "command"];
+export type ConnectorCredentialProvider = (typeof CONNECTOR_CREDENTIAL_PROVIDERS)[number];
+/**
+ * Server configuration options
+ */
+export interface ServerConfig {
+    /** Maximum concurrent sessions */
+    maxSessions: number;
+    /** Default session TTL in milliseconds */
+    sessionTtlMs: number;
+    /** Session cleanup interval in milliseconds */
+    cleanupIntervalMs: number;
+    /** Default command timeout in milliseconds */
+    commandTimeoutMs: number;
+    /** Maximum buffered stdout/stderr per command result (bytes) */
+    maxCommandOutputBytes: number;
+    /** Maximum streaming chunks retained in memory */
+    maxStreamChunks: number;
+    /** Maximum file size for read operations (bytes) */
+    maxFileSize: number;
+    /** Maximum file write payload size accepted before buffering (bytes) */
+    maxFileWriteBytes: number;
+    /** Maximum file transfer size (bytes) */
+    maxTransferBytes: number;
+    /** Enable debug logging */
+    debug: boolean;
+    /** Rate limiting configuration */
+    rateLimit: {
+        enabled: boolean;
+        maxRequests: number;
+        windowMs: number;
+        perSession: {
+            enabled: boolean;
+            maxRequests: number;
+            windowMs: number;
+        };
+    };
+    /** Security settings */
+    security: {
+        allowRootLogin: boolean;
+        hostKeyPolicy: HostKeyPolicy;
+        knownHostsPath: string;
+        allowedCiphers: string[];
+    };
+    /** Policy settings enforced before risky operations */
+    policy: PolicyConfig;
+    /** Remote HTTP transport settings */
+    http: {
+        host: string;
+        port: number;
+        allowedOrigins: string[];
+        bearerTokenFile?: string;
+        enableLegacySse: boolean;
+        maxRequestBodyBytes: number;
+        maxSessions: number;
+        sessionIdleTtlMs: number;
+        publicUrl?: string;
+        trustProxy: boolean;
+    };
+    /** Remote ChatGPT/Claude connector settings */
+    connector: {
+        toolProfile: ToolProfile;
+        credentialProvider: ConnectorCredentialProvider;
+        credentialCommand?: string;
+        credentialCommandArgs: string[];
+        credentialCommandTimeoutMs: number;
+        defaultUsername?: string;
+    };
+    /** HTTP authorization settings for remote MCP clients */
+    auth: {
+        mode: "bearer" | "oauth";
+        oauthIssuer?: string;
+        oauthAudience?: string;
+        oauthJwksUrl?: string;
+        oauthResource?: string;
+        oauthRequiredScopes: string[];
+    };
+}
+export declare const DEFAULT_CONFIG: ServerConfig;
+/**
+ * Configuration manager with environment variable overrides
+ */
+export declare class ConfigManager {
+    private config;
+    constructor(overrides?: Partial<ServerConfig>);
+    private loadConfig;
+    /**
+     * Get a configuration value
+     */
+    get<K extends keyof ServerConfig>(key: K): ServerConfig[K];
+    /**
+     * Get the entire configuration
+     */
+    getAll(): Readonly<ServerConfig>;
+    /**
+     * Update configuration at runtime
+     */
+    update(updates: Partial<ServerConfig>): void;
+}
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,OAAO,EAAoB,KAAK,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC5E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,eAAO,MAAM,8BAA8B,uCAAwC,CAAC;AACpF,MAAM,MAAM,2BAA2B,GAAG,CAAC,OAAO,8BAA8B,CAAC,CAAC,MAAM,CAAC,CAAC;AAE1F;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kCAAkC;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,+CAA+C;IAC/C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,8CAA8C;IAC9C,gBAAgB,EAAE,MAAM,CAAC;IACzB,gEAAgE;IAChE,qBAAqB,EAAE,MAAM,CAAC;IAC9B,kDAAkD;IAClD,eAAe,EAAE,MAAM,CAAC;IACxB,oDAAoD;IACpD,WAAW,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,yCAAyC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,2BAA2B;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,kCAAkC;IAClC,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE;YACV,OAAO,EAAE,OAAO,CAAC;YACjB,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;KACH,CAAC;IACF,wBAAwB;IACxB,QAAQ,EAAE;QACR,cAAc,EAAE,OAAO,CAAC;QACxB,aAAa,EAAE,aAAa,CAAC;QAC7B,cAAc,EAAE,MAAM,CAAC;QACvB,cAAc,EAAE,MAAM,EAAE,CAAC;KAC1B,CAAC;IACF,uDAAuD;IACvD,MAAM,EAAE,YAAY,CAAC;IACrB,qCAAqC;IACrC,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,eAAe,EAAE,OAAO,CAAC;QACzB,mBAAmB,EAAE,MAAM,CAAC;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,CAAC;QACzB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,+CAA+C;IAC/C,SAAS,EAAE;QACT,WAAW,EAAE,WAAW,CAAC;QACzB,kBAAkB,EAAE,2BAA2B,CAAC;QAChD,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,qBAAqB,EAAE,MAAM,EAAE,CAAC;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF,yDAAyD;IACzD,IAAI,EAAE;QACJ,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC;QACzB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;CACH;AAED,eAAO,MAAM,cAAc,EAAE,YAmE5B,CAAC;AA2EF;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAe;gBAEjB,SAAS,GAAE,OAAO,CAAC,YAAY,CAAM;IAKjD,OAAO,CAAC,UAAU;IAySlB;;OAEG;IACH,GAAG,CAAC,CAAC,SAAS,MAAM,YAAY,EAAE,GAAG,EAAE,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC;IAI1D;;OAEG;IACH,MAAM,IAAI,QAAQ,CAAC,YAAY,CAAC;IA0ChC;;OAEG;IACH,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,IAAI;CAkF7C"}