toolgate 1.0.0

package/dist/index.js

@@ -0,0 +1,616 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ToolGate: () => ToolGate,
+  autoConfigFromMCP: () => autoConfigFromMCP,
+  classifyTool: () => classifyTool,
+  cliApproval: () => cliApproval,
+  discoverMCPTools: () => discoverMCPTools,
+  mcpToolGate: () => mcpToolGate
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/core/toolgate.ts
+var import_crypto = require("crypto");
+
+// src/classifiers/classify.ts
+var READ_PATTERNS = [
+  /^(get|read|fetch|list|search|find|query|lookup|describe|show|view|check|inspect|retrieve|browse|scan|count|exists|head|peek|poll|watch|observe|select|load)/i,
+  /([-_]get$|[-_]read$|[-_]list$|[-_]fetch$|[-_]search$|[-_]find$|[-_]query$|[-_]describe$|[-_]show$|[-_]view$|[-_]check$)/i,
+  /^(is[-_]|has[-_]|can[-_]|does[-_])/i
+];
+var WRITE_PATTERNS = [
+  /^(create|write|put|set|add|insert|post|save|store|upload|push|append|upsert|make|generate|build|init|register|submit|publish)/i,
+  /([-_]create$|[-_]write$|[-_]add$|[-_]insert$|[-_]post$|[-_]save$|[-_]upload$|[-_]push$|[-_]set$|[-_]submit$|[-_]publish$)/i
+];
+var DELETE_PATTERNS = [
+  /^(delete|remove|destroy|drop|purge|clear|clean|unset|revoke|cancel|terminate|kill|close|archive|trash|wipe|reset)/i,
+  /([-_]delete$|[-_]remove$|[-_]destroy$|[-_]drop$|[-_]clear$|[-_]cancel$|[-_]revoke$|[-_]close$|[-_]archive$|[-_]trash$)/i
+];
+var UPDATE_PATTERNS = [
+  /^(update|edit|modify|patch|change|alter|replace|rename|move|merge|assign|reassign|transfer|swap|toggle|enable|disable|approve|reject|resolve|reopen)/i,
+  /([-_]update$|[-_]edit$|[-_]modify$|[-_]patch$|[-_]change$|[-_]rename$|[-_]move$|[-_]merge$|[-_]assign$|[-_]toggle$)/i
+];
+var EXECUTE_PATTERNS = [
+  /^(run|exec|execute|invoke|trigger|fire|dispatch|emit|call|start|restart|stop|deploy|rollback|migrate|sync|process|transform|convert|compile|evaluate)/i,
+  /([-_]run$|[-_]exec$|[-_]execute$|[-_]trigger$|[-_]deploy$|[-_]start$|[-_]stop$|[-_]restart$)/i
+];
+var SEND_PATTERNS = [
+  /^(send|email|mail|notify|message|broadcast|forward|reply|share|invite|alert|ping|sms|slack|tweet|dm|comment)/i,
+  /([-_]send$|[-_]email$|[-_]notify$|[-_]message$|[-_]share$|[-_]forward$|[-_]reply$|[-_]comment$|[-_]invite$)/i
+];
+var READ_DESCRIPTION_SIGNALS = [
+  "retrieve",
+  "get",
+  "fetch",
+  "list",
+  "search",
+  "find",
+  "query",
+  "read",
+  "show",
+  "view",
+  "check",
+  "look up",
+  "returns",
+  "display",
+  "browse",
+  "inspect",
+  "describe",
+  "status",
+  "info",
+  "details"
+];
+var MUTATE_DESCRIPTION_SIGNALS = [
+  "create",
+  "update",
+  "delete",
+  "remove",
+  "modify",
+  "write",
+  "set",
+  "send",
+  "post",
+  "put",
+  "patch",
+  "add",
+  "insert",
+  "push",
+  "publish",
+  "execute",
+  "run",
+  "trigger",
+  "invoke",
+  "deploy",
+  "move",
+  "rename",
+  "edit",
+  "change",
+  "assign",
+  "transfer",
+  "submit",
+  "approve",
+  "reject",
+  "archive",
+  "trash",
+  "clear",
+  "revoke",
+  "cancel",
+  "forward",
+  "reply",
+  "share",
+  "invite",
+  "notify",
+  "message",
+  "email",
+  "broadcast"
+];
+function classifyFromDescription(description) {
+  const lower = description.toLowerCase();
+  let readScore = 0;
+  let mutateScore = 0;
+  for (const signal of READ_DESCRIPTION_SIGNALS) {
+    if (lower.includes(signal)) readScore++;
+  }
+  for (const signal of MUTATE_DESCRIPTION_SIGNALS) {
+    if (lower.includes(signal)) mutateScore++;
+  }
+  if (readScore > 0 && mutateScore === 0) return { intent: "read", confidence: 0.8 };
+  if (mutateScore > 0 && readScore === 0) return { intent: "write", confidence: 0.8 };
+  if (mutateScore > readScore) return { intent: "write", confidence: 0.6 };
+  if (readScore > mutateScore) return { intent: "read", confidence: 0.6 };
+  return { intent: "unknown", confidence: 0.3 };
+}
+function classifyFromHTTPHints(params) {
+  const method = params.method?.toUpperCase?.();
+  if (!method) return null;
+  if (method === "GET" || method === "HEAD" || method === "OPTIONS") return "read";
+  if (method === "POST") return "create";
+  if (method === "PUT" || method === "PATCH") return "update";
+  if (method === "DELETE") return "delete";
+  return null;
+}
+function classifyTool(toolName, params, mcpToolDef) {
+  const httpIntent = classifyFromHTTPHints(params);
+  if (httpIntent) {
+    return {
+      intent: httpIntent,
+      isPassthrough: httpIntent === "read",
+      confidence: 0.85,
+      reason: `HTTP method in params indicates ${httpIntent}`
+    };
+  }
+  for (const pat of READ_PATTERNS) {
+    if (pat.test(toolName)) {
+      return { intent: "read", isPassthrough: true, confidence: 0.9, reason: `Tool name matches read pattern: ${pat}` };
+    }
+  }
+  for (const pat of DELETE_PATTERNS) {
+    if (pat.test(toolName)) {
+      return { intent: "delete", isPassthrough: false, confidence: 0.9, reason: `Tool name matches delete pattern: ${pat}` };
+    }
+  }
+  for (const pat of SEND_PATTERNS) {
+    if (pat.test(toolName)) {
+      return { intent: "send", isPassthrough: false, confidence: 0.9, reason: `Tool name matches send pattern: ${pat}` };
+    }
+  }
+  for (const pat of WRITE_PATTERNS) {
+    if (pat.test(toolName)) {
+      return { intent: "write", isPassthrough: false, confidence: 0.9, reason: `Tool name matches write pattern: ${pat}` };
+    }
+  }
+  for (const pat of UPDATE_PATTERNS) {
+    if (pat.test(toolName)) {
+      return { intent: "update", isPassthrough: false, confidence: 0.9, reason: `Tool name matches update pattern: ${pat}` };
+    }
+  }
+  for (const pat of EXECUTE_PATTERNS) {
+    if (pat.test(toolName)) {
+      return { intent: "execute", isPassthrough: false, confidence: 0.85, reason: `Tool name matches execute pattern: ${pat}` };
+    }
+  }
+  if (mcpToolDef?.description) {
+    const descResult = classifyFromDescription(mcpToolDef.description);
+    return {
+      intent: descResult.intent,
+      isPassthrough: descResult.intent === "read",
+      confidence: descResult.confidence,
+      reason: `MCP tool description analysis: "${mcpToolDef.description.slice(0, 80)}..."`
+    };
+  }
+  return {
+    intent: "unknown",
+    isPassthrough: false,
+    confidence: 0.2,
+    reason: "Could not classify tool \u2014 intercepting as precaution"
+  };
+}
+
+// src/core/persistence.ts
+var SupabasePersistence = class {
+  url;
+  key;
+  constructor(url, key) {
+    this.url = url.replace(/\/$/, "");
+    this.key = key;
+  }
+  async rpc(table, method, body, match) {
+    let endpoint = `${this.url}/rest/v1/${table}`;
+    const headers = {
+      apikey: this.key,
+      Authorization: `Bearer ${this.key}`,
+      "Content-Type": "application/json",
+      Prefer: method === "POST" ? "return=representation" : "return=representation"
+    };
+    if (match) {
+      const qs = Object.entries(match).map(([k, v]) => `${k}=eq.${v}`).join("&");
+      endpoint += `?${qs}`;
+    }
+    const res = await fetch(endpoint, { method, headers, body: JSON.stringify(body) });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`Supabase ${method} ${table} failed: ${res.status} ${text}`);
+    }
+    return res.json();
+  }
+  async saveSession(session) {
+    await this.rpc("toolgate_sessions", "POST", {
+      id: session.id,
+      agent_name: session.agentName,
+      task_description: session.taskDescription,
+      status: session.status,
+      started_at: new Date(session.startedAt).toISOString(),
+      completed_at: session.completedAt ? new Date(session.completedAt).toISOString() : null,
+      reads: JSON.stringify(session.reads),
+      pending_actions: JSON.stringify(session.pendingActions),
+      metadata: session.metadata ? JSON.stringify(session.metadata) : null
+    });
+  }
+  async updateSession(session) {
+    await this.rpc(
+      "toolgate_sessions",
+      "PATCH",
+      {
+        status: session.status,
+        completed_at: session.completedAt ? new Date(session.completedAt).toISOString() : null,
+        pending_actions: JSON.stringify(session.pendingActions)
+      },
+      { id: session.id }
+    );
+  }
+};
+
+// src/core/toolgate.ts
+var ToolGate = class {
+  config;
+  executor;
+  session;
+  mcpToolIndex = /* @__PURE__ */ new Map();
+  readSet;
+  actionSet;
+  persistence = null;
+  constructor(executor, config = {}) {
+    this.executor = executor;
+    this.config = config;
+    this.readSet = new Set(config.readTools ?? []);
+    this.actionSet = new Set(config.actionTools ?? []);
+    for (const server of config.mcpServers ?? []) {
+      for (const tool of server.tools ?? []) {
+        this.mcpToolIndex.set(tool.name, tool);
+      }
+    }
+    if (config.supabaseUrl && config.supabaseKey) {
+      this.persistence = new SupabasePersistence(config.supabaseUrl, config.supabaseKey);
+    }
+    this.session = {
+      id: (0, import_crypto.randomUUID)(),
+      agentName: config.agentName ?? "agent",
+      taskDescription: "",
+      startedAt: Date.now(),
+      status: "running",
+      reads: [],
+      pendingActions: []
+    };
+  }
+  /** Set a human-readable description for this task/session */
+  describe(taskDescription) {
+    this.session.taskDescription = taskDescription;
+    return this;
+  }
+  /** The proxy function you hand to the agent instead of the real executor */
+  get proxy() {
+    return this.handle.bind(this);
+  }
+  /** Wrap an existing tool map (name → function) into a proxied tool map */
+  wrapTools(tools) {
+    const proxied = {};
+    for (const [name, fn] of Object.entries(tools)) {
+      proxied[name] = async (...args) => {
+        const params = args[0] && typeof args[0] === "object" ? args[0] : { args };
+        return this.handle(name, params);
+      };
+    }
+    return proxied;
+  }
+  /** Core: classify and either passthrough or intercept */
+  async handle(toolName, params) {
+    const classification = this.classify(toolName, params);
+    const call = {
+      id: (0, import_crypto.randomUUID)(),
+      name: toolName,
+      params: structuredClone(params),
+      timestamp: Date.now(),
+      classification
+    };
+    if (classification.isPassthrough) {
+      const result = await this.executor(toolName, params);
+      const read = { ...call, result };
+      this.session.reads.push(read);
+      return result;
+    }
+    const phantomResult = this.config.phantomResponse ? this.config.phantomResponse(call) : this.defaultPhantom(call);
+    const pending = { ...call, phantomResult };
+    this.session.pendingActions.push(pending);
+    return phantomResult;
+  }
+  classify(toolName, params) {
+    if (this.readSet.has(toolName)) {
+      return { intent: "read", isPassthrough: true, confidence: 1, reason: "Explicitly listed as read tool" };
+    }
+    if (this.actionSet.has(toolName)) {
+      return { intent: "write", isPassthrough: false, confidence: 1, reason: "Explicitly listed as action tool" };
+    }
+    if (this.config.classifier) {
+      return this.config.classifier(toolName, params);
+    }
+    const mcpDef = this.mcpToolIndex.get(toolName);
+    return classifyTool(toolName, params, mcpDef);
+  }
+  defaultPhantom(call) {
+    const { intent } = call.classification;
+    const base = { success: true, _phantom: true, toolCallId: call.id };
+    switch (intent) {
+      case "create":
+      case "write":
+        return { ...base, id: `phantom_${(0, import_crypto.randomUUID)().slice(0, 8)}`, message: "Created successfully" };
+      case "update":
+        return { ...base, message: "Updated successfully" };
+      case "delete":
+        return { ...base, message: "Deleted successfully" };
+      case "send":
+        return { ...base, message: "Sent successfully", messageId: `msg_${(0, import_crypto.randomUUID)().slice(0, 8)}` };
+      case "execute":
+        return { ...base, message: "Executed successfully", exitCode: 0 };
+      default:
+        return { ...base, message: "Completed successfully" };
+    }
+  }
+  // ─── Finalization ───────────────────────────────────────────────────
+  /** Call when agent is done. Returns the approval request. */
+  async finalize() {
+    this.session.completedAt = Date.now();
+    this.session.status = "pending_approval";
+    const request = {
+      sessionId: this.session.id,
+      agentName: this.session.agentName,
+      taskDescription: this.session.taskDescription,
+      reads: this.session.reads,
+      pendingActions: this.session.pendingActions,
+      createdAt: Date.now()
+    };
+    if (this.persistence) {
+      await this.persistence.saveSession(this.session);
+    }
+    if (this.config.onApprovalNeeded) {
+      const result = await this.config.onApprovalNeeded(request);
+      await this.executeApproval(result);
+    }
+    return request;
+  }
+  /** Execute approved actions for real */
+  async executeApproval(result) {
+    const results = /* @__PURE__ */ new Map();
+    for (const action of this.session.pendingActions) {
+      const decision = result.decisions.get(action.id);
+      if (!decision || decision.action === "reject") {
+        action.approved = false;
+        continue;
+      }
+      if (decision.action === "approve") {
+        action.approved = true;
+        const realResult = await this.executor(action.name, action.params);
+        results.set(action.id, realResult);
+      }
+      if (decision.action === "edit") {
+        action.approved = true;
+        action.editedParams = decision.newParams;
+        const realResult = await this.executor(action.name, decision.newParams);
+        results.set(action.id, realResult);
+      }
+    }
+    this.session.status = this.session.pendingActions.every((a) => a.approved) ? "approved" : this.session.pendingActions.some((a) => a.approved) ? "partial" : "rejected";
+    if (this.persistence) {
+      await this.persistence.updateSession(this.session);
+    }
+    return results;
+  }
+  /** Approve all pending actions at once */
+  async approveAll() {
+    const decisions = new Map(
+      this.session.pendingActions.map((a) => [a.id, { action: "approve" }])
+    );
+    return this.executeApproval({ sessionId: this.session.id, decisions, approvedAt: Date.now() });
+  }
+  /** Reject all pending actions */
+  async rejectAll() {
+    for (const action of this.session.pendingActions) {
+      action.approved = false;
+    }
+    this.session.status = "rejected";
+    if (this.persistence) {
+      await this.persistence.updateSession(this.session);
+    }
+  }
+  // ─── Inspection ─────────────────────────────────────────────────────
+  get sessionId() {
+    return this.session.id;
+  }
+  get reads() {
+    return this.session.reads;
+  }
+  get pending() {
+    return this.session.pendingActions;
+  }
+  get currentSession() {
+    return structuredClone(this.session);
+  }
+  /** Pretty-print a summary for CLI / logging */
+  summary() {
+    const lines = [
+      `
+\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557`,
+      `\u2551  ToolGate Session: ${this.session.id.slice(0, 8)}\u2026`,
+      `\u2551  Agent: ${this.session.agentName}`,
+      `\u2551  Task: ${this.session.taskDescription || "(none)"}`,
+      `\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563`,
+      `\u2551  \u2705 Reads executed: ${this.session.reads.length}`
+    ];
+    for (const r of this.session.reads) {
+      lines.push(`\u2551    \u2022 ${r.name}(${JSON.stringify(r.params).slice(0, 60)}\u2026)`);
+    }
+    lines.push(`\u2551  \u23F8  Actions pending approval: ${this.session.pendingActions.length}`);
+    for (const a of this.session.pendingActions) {
+      const badge2 = a.classification.intent.toUpperCase();
+      lines.push(`\u2551    \u{1F536} [${badge2}] ${a.name}`);
+      lines.push(`\u2551      params: ${JSON.stringify(a.params).slice(0, 70)}\u2026`);
+    }
+    lines.push(`\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
+`);
+    return lines.join("\n");
+  }
+};
+
+// src/core/cli-approval.ts
+var readline = __toESM(require("readline"));
+var INTENT_COLORS = {
+  write: "\x1B[33m",
+  // yellow
+  create: "\x1B[32m",
+  // green
+  delete: "\x1B[31m",
+  // red
+  update: "\x1B[36m",
+  // cyan
+  send: "\x1B[35m",
+  // magenta
+  execute: "\x1B[34m",
+  // blue
+  unknown: "\x1B[37m"
+  // white
+};
+var RESET = "\x1B[0m";
+var BOLD = "\x1B[1m";
+var DIM = "\x1B[2m";
+function badge(intent) {
+  const color = INTENT_COLORS[intent] ?? INTENT_COLORS.unknown;
+  return `${color}${BOLD}[${intent.toUpperCase()}]${RESET}`;
+}
+function ask(rl, question) {
+  return new Promise((resolve) => rl.question(question, resolve));
+}
+async function cliApproval(request) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  console.log(`
+${BOLD}\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550${RESET}`);
+  console.log(`${BOLD}  \u{1F6E1}\uFE0F  ToolGate \u2014 Approval Required${RESET}`);
+  console.log(`${BOLD}\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550${RESET}`);
+  console.log(`  Agent:   ${request.agentName}`);
+  console.log(`  Task:    ${request.taskDescription || "(no description)"}`);
+  console.log(`  Session: ${request.sessionId.slice(0, 8)}\u2026`);
+  console.log();
+  console.log(`${DIM}\u2500\u2500 Reads performed (${request.reads.length}) \u2500\u2500${RESET}`);
+  for (const r of request.reads) {
+    console.log(`  \u2705 ${r.name}(${JSON.stringify(r.params).slice(0, 80)})`);
+  }
+  console.log();
+  console.log(`${BOLD}\u2500\u2500 Actions awaiting approval (${request.pendingActions.length}) \u2500\u2500${RESET}`);
+  for (let i = 0; i < request.pendingActions.length; i++) {
+    const a = request.pendingActions[i];
+    console.log(`  ${i + 1}. ${badge(a.classification.intent)} ${a.name}`);
+    console.log(`     ${DIM}params:${RESET} ${JSON.stringify(a.params, null, 2).split("\n").join("\n     ")}`);
+    console.log();
+  }
+  console.log(`${BOLD}Options:${RESET}`);
+  console.log(`  ${BOLD}a${RESET} = approve all    ${BOLD}r${RESET} = reject all    ${BOLD}i${RESET} = review individually`);
+  const choice = (await ask(rl, "\n> ")).trim().toLowerCase();
+  const decisions = /* @__PURE__ */ new Map();
+  if (choice === "a") {
+    for (const a of request.pendingActions) {
+      decisions.set(a.id, { action: "approve" });
+    }
+    console.log("\n\u2705 All actions approved.");
+  } else if (choice === "r") {
+    for (const a of request.pendingActions) {
+      decisions.set(a.id, { action: "reject" });
+    }
+    console.log("\n\u274C All actions rejected.");
+  } else {
+    for (let i = 0; i < request.pendingActions.length; i++) {
+      const a = request.pendingActions[i];
+      console.log(`
+${badge(a.classification.intent)} ${a.name}`);
+      console.log(`  params: ${JSON.stringify(a.params, null, 2)}`);
+      const d = (await ask(rl, `  [a]pprove / [r]eject / [e]dit > `)).trim().toLowerCase();
+      if (d === "a" || d === "approve") {
+        decisions.set(a.id, { action: "approve" });
+      } else if (d === "e" || d === "edit") {
+        console.log(`  Enter new params as JSON:`);
+        const raw = await ask(rl, "  > ");
+        try {
+          const newParams = JSON.parse(raw);
+          decisions.set(a.id, { action: "edit", actionId: a.id, newParams });
+        } catch {
+          console.log("  \u26A0\uFE0F  Invalid JSON \u2014 rejecting this action.");
+          decisions.set(a.id, { action: "reject" });
+        }
+      } else {
+        decisions.set(a.id, { action: "reject" });
+      }
+    }
+  }
+  rl.close();
+  return { sessionId: request.sessionId, decisions, approvedAt: Date.now() };
+}
+
+// src/mcp/index.ts
+function mcpToolGate(executor, config = {}) {
+  return new ToolGate(executor, config);
+}
+async function discoverMCPTools(serverUrl) {
+  const res = await fetch(serverUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list", params: {} })
+  });
+  if (!res.ok) throw new Error(`MCP discovery failed: ${res.status}`);
+  const data = await res.json();
+  const tools = (data.result?.tools ?? []).map((t) => ({
+    name: t.name,
+    description: t.description ?? "",
+    inputSchema: t.inputSchema
+  }));
+  return tools;
+}
+async function autoConfigFromMCP(servers, overrides = {}) {
+  const mcpServers = await Promise.all(
+    servers.map(async (s) => {
+      try {
+        const tools = await discoverMCPTools(s.url);
+        return { ...s, tools };
+      } catch {
+        console.warn(`[toolgate] Could not discover tools from ${s.name} (${s.url})`);
+        return { ...s, tools: [] };
+      }
+    })
+  );
+  return { ...overrides, mcpServers };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ToolGate,
+  autoConfigFromMCP,
+  classifyTool,
+  cliApproval,
+  discoverMCPTools,
+  mcpToolGate
+});