triflux 3.3.0-dev.3 → 3.3.0-dev.5

package/scripts/lib/mcp-filter.mjs

@@ -0,0 +1,637 @@
+#!/usr/bin/env node
+// scripts/lib/mcp-filter.mjs
+// 역할/컨텍스트 기반 MCP 도구 노출 정책의 단일 소스.
+
+import { readFileSync } from 'node:fs';
+import process from 'node:process';
+import { fileURLToPath } from 'node:url';
+
+import {
+  DOMAIN_TAG_KEYWORDS,
+  MCP_SERVER_TOOL_CATALOG,
+  SEARCH_SERVER_ORDER,
+  SERVER_EXPLICIT_KEYWORDS,
+  normalizeServerMetadata,
+  uniqueStrings,
+} from './mcp-server-catalog.mjs';
+
+export const KNOWN_MCP_SERVERS = Object.freeze(Object.keys(MCP_SERVER_TOOL_CATALOG));
+
+const SEARCH_INTENT_PATTERNS = Object.freeze([
+  /\b(search|web|browse|look ?up|find|latest|recent|news|current|today|release(?: note)?s?|changelog|announcement|pricing|status|verify|fact[- ]?check)\b/i,
+  /(검색|웹|브라우즈|찾아|조회|최신|최근|뉴스|현재|오늘|릴리즈|배포|변경사항|공지|가격|상태|검증)/u,
+]);
+
+const PROFILE_DEFINITIONS = Object.freeze({
+  default: Object.freeze({
+    description: '보수적 기본 프로필. 문서 조회 + 최소 검색만 허용',
+    allowedServers: Object.freeze(['context7', 'brave-search']),
+    alwaysOnServers: Object.freeze(['context7']),
+    maxSearchServers: 1,
+    allowedToolsByServer: Object.freeze({
+      context7: Object.freeze(['resolve-library-id', 'query-docs']),
+      'brave-search': Object.freeze(['brave_web_search', 'brave_news_search']),
+    }),
+  }),
+  executor: Object.freeze({
+    description: '구현 워커용. 문서/검색/브라우징 보조 MCP 허용',
+    allowedServers: Object.freeze(['context7', 'playwright', 'brave-search', 'tavily', 'exa']),
+    alwaysOnServers: Object.freeze(['context7']),
+    maxSearchServers: 2,
+    allowedToolsByServer: Object.freeze({
+      context7: Object.freeze(['resolve-library-id', 'query-docs']),
+      'brave-search': Object.freeze(['brave_web_search', 'brave_news_search']),
+      exa: Object.freeze(['web_search_exa', 'get_code_context_exa']),
+      tavily: Object.freeze(['tavily_search', 'tavily_extract']),
+      playwright: Object.freeze([
+        'browser_navigate',
+        'browser_navigate_back',
+        'browser_snapshot',
+        'browser_take_screenshot',
+        'browser_wait_for',
+      ]),
+    }),
+  }),
+  designer: Object.freeze({
+    description: '디자인/UI 워커용. 브라우저 관찰 + 문서 조회 중심 MCP 허용',
+    allowedServers: Object.freeze(['context7', 'playwright', 'tavily', 'exa', 'brave-search']),
+    alwaysOnServers: Object.freeze(['context7']),
+    maxSearchServers: 2,
+    allowedToolsByServer: Object.freeze({
+      context7: Object.freeze(['resolve-library-id', 'query-docs']),
+      'brave-search': Object.freeze(['brave_web_search', 'brave_news_search']),
+      exa: Object.freeze(['web_search_exa', 'get_code_context_exa']),
+      tavily: Object.freeze(['tavily_search', 'tavily_extract']),
+      playwright: Object.freeze([
+        'browser_navigate',
+        'browser_navigate_back',
+        'browser_snapshot',
+        'browser_take_screenshot',
+        'browser_wait_for',
+      ]),
+    }),
+  }),
+  explore: Object.freeze({
+    description: '탐색 워커용. 읽기/검색 중심 MCP만 허용',
+    allowedServers: Object.freeze(['context7', 'brave-search', 'tavily', 'exa']),
+    alwaysOnServers: Object.freeze(['context7']),
+    maxSearchServers: 2,
+    allowedToolsByServer: Object.freeze({
+      context7: Object.freeze(['resolve-library-id', 'query-docs']),
+      'brave-search': Object.freeze(['brave_web_search', 'brave_news_search']),
+      exa: Object.freeze(['web_search_exa', 'get_code_context_exa']),
+      tavily: Object.freeze(['tavily_search', 'tavily_extract']),
+    }),
+  }),
+  reviewer: Object.freeze({
+    description: '리뷰 워커용. 문서 조회 + 분석 전용 MCP만 허용',
+    allowedServers: Object.freeze(['context7', 'brave-search', 'sequential-thinking']),
+    alwaysOnServers: Object.freeze(['context7', 'sequential-thinking']),
+    maxSearchServers: 1,
+    allowedToolsByServer: Object.freeze({
+      context7: Object.freeze(['resolve-library-id', 'query-docs']),
+      'brave-search': Object.freeze(['brave_web_search']),
+      'sequential-thinking': Object.freeze(['sequentialthinking']),
+    }),
+  }),
+  writer: Object.freeze({
+    description: '문서/작성 워커용. 공식 문서와 최소 검색 MCP만 허용',
+    allowedServers: Object.freeze(['context7', 'brave-search', 'exa']),
+    alwaysOnServers: Object.freeze(['context7']),
+    maxSearchServers: 2,
+    allowedToolsByServer: Object.freeze({
+      context7: Object.freeze(['resolve-library-id', 'query-docs']),
+      'brave-search': Object.freeze(['brave_web_search', 'brave_news_search']),
+      exa: Object.freeze(['web_search_exa']),
+    }),
+  }),
+  none: Object.freeze({
+    description: '모든 선택적 MCP 서버 비활성화',
+    allowedServers: Object.freeze([]),
+    alwaysOnServers: Object.freeze([]),
+    maxSearchServers: 0,
+    allowedToolsByServer: Object.freeze({}),
+  }),
+});
+
+export const LEGACY_PROFILE_ALIASES = Object.freeze({
+  implement: 'executor',
+  analyze: 'explore',
+  review: 'reviewer',
+  docs: 'writer',
+  minimal: 'default',
+});
+
+export const SUPPORTED_MCP_PROFILES = Object.freeze([
+  'auto',
+  ...Object.keys(PROFILE_DEFINITIONS),
+  ...Object.keys(LEGACY_PROFILE_ALIASES),
+]);
+
+function normalizeTaskText(taskText = '') {
+  if (typeof taskText !== 'string') return '';
+  return taskText.replace(/\s+/g, ' ').trim();
+}
+
+function normalizeProfileName(profile) {
+  const raw = typeof profile === 'string' && profile.trim() ? profile.trim() : 'auto';
+  if (raw === 'auto') return raw;
+  if (PROFILE_DEFINITIONS[raw]) return raw;
+  if (LEGACY_PROFILE_ALIASES[raw]) return LEGACY_PROFILE_ALIASES[raw];
+  throw new Error(`지원하지 않는 MCP 프로필: ${raw}`);
+}
+
+function resolveAutoProfile(agentType = '') {
+  switch (agentType) {
+    case 'executor':
+    case 'build-fixer':
+    case 'debugger':
+    case 'deep-executor':
+    case 'test-engineer':
+    case 'qa-tester':
+      return 'executor';
+    case 'designer':
+      return 'designer';
+    case 'architect':
+    case 'planner':
+    case 'critic':
+    case 'analyst':
+    case 'scientist':
+    case 'scientist-deep':
+    case 'document-specialist':
+    case 'explore':
+      return 'explore';
+    case 'code-reviewer':
+    case 'security-reviewer':
+    case 'quality-reviewer':
+    case 'verifier':
+      return 'reviewer';
+    case 'writer':
+      return 'writer';
+    default:
+      return 'default';
+  }
+}
+
+function escapeRegExp(value) {
+  return String(value).replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+function countKeywordMatches(text, keywords = []) {
+  let matches = 0;
+  for (const keyword of keywords) {
+    const source = String(keyword || '').trim();
+    if (!source) continue;
+    const pattern = /^[a-z0-9- ]+$/i.test(source)
+      ? new RegExp(`\\b${escapeRegExp(source)}\\b`, 'i')
+      : new RegExp(escapeRegExp(source), 'iu');
+    if (pattern.test(text)) matches += 1;
+  }
+  return matches;
+}
+
+function loadInventory(inventoryFile = '') {
+  if (typeof inventoryFile !== 'string' || !inventoryFile.trim()) return null;
+  try {
+    return JSON.parse(readFileSync(inventoryFile, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function buildInventoryIndex(inventory = null) {
+  const index = new Map();
+  if (!inventory || typeof inventory !== 'object') return index;
+
+  for (const client of ['codex', 'gemini']) {
+    const servers = Array.isArray(inventory[client]?.servers) ? inventory[client].servers : [];
+    for (const server of servers) {
+      if (!server || typeof server.name !== 'string' || !server.name.trim()) continue;
+      const name = server.name.trim();
+      const previous = index.get(name) || {};
+      index.set(name, {
+        ...previous,
+        tool_count: Number.isFinite(server.tool_count)
+          ? Math.max(previous.tool_count ?? 0, Math.trunc(server.tool_count))
+          : previous.tool_count,
+        domain_tags: uniqueStrings([
+          ...(Array.isArray(previous.domain_tags) ? previous.domain_tags : []),
+          ...(Array.isArray(server.domain_tags) ? server.domain_tags : []),
+        ]),
+      });
+    }
+  }
+
+  return index;
+}
+
+function getServerMetadata(server, inventoryIndex) {
+  return normalizeServerMetadata(server, inventoryIndex.get(server) || {});
+}
+
+function scoreServer(server, taskText = '', inventoryIndex = new Map()) {
+  const normalized = normalizeTaskText(taskText);
+  const metadata = getServerMetadata(server, inventoryIndex);
+  if (!normalized) {
+    return {
+      server,
+      score: 0,
+      toolCount: metadata.tool_count,
+      matchedTags: [],
+      explicitMatch: false,
+    };
+  }
+
+  let score = 0;
+  const matchedTags = [];
+  for (const tag of metadata.domain_tags) {
+    const matches = countKeywordMatches(normalized, DOMAIN_TAG_KEYWORDS[tag] || []);
+    if (matches > 0) {
+      matchedTags.push(tag);
+      score += matches * 2;
+    }
+  }
+
+  const explicitMatches = countKeywordMatches(normalized, SERVER_EXPLICIT_KEYWORDS[server] || []);
+  if (explicitMatches > 0) {
+    score += explicitMatches * 4;
+  }
+
+  const toolKeywords = (MCP_SERVER_TOOL_CATALOG[server] || [])
+    .flatMap((toolName) => String(toolName).split(/[_-]+/))
+    .filter((token) => token.length >= 4);
+  score += countKeywordMatches(normalized, toolKeywords);
+
+  return {
+    server,
+    score,
+    toolCount: metadata.tool_count,
+    matchedTags,
+    explicitMatch: explicitMatches > 0,
+  };
+}
+
+function compareRankedServers(left, right, workerIndex, availableOrder = []) {
+  if (right.explicitMatch !== left.explicitMatch) {
+    return Number(right.explicitMatch) - Number(left.explicitMatch);
+  }
+  if (right.score !== left.score) return right.score - left.score;
+  if (left.toolCount !== right.toolCount) return left.toolCount - right.toolCount;
+
+  if (Number.isInteger(workerIndex) && workerIndex > 0 && availableOrder.length > 1) {
+    const offset = (workerIndex - 1) % availableOrder.length;
+    const rotated = availableOrder.slice(offset).concat(availableOrder.slice(0, offset));
+    return rotated.indexOf(left.server) - rotated.indexOf(right.server);
+  }
+
+  return availableOrder.indexOf(left.server) - availableOrder.indexOf(right.server);
+}
+
+function rankServers(servers = [], options = {}) {
+  const inventoryIndex = options.inventoryIndex instanceof Map
+    ? options.inventoryIndex
+    : buildInventoryIndex(options.inventory);
+  return servers
+    .map((server) => scoreServer(server, options.taskText, inventoryIndex))
+    .sort((left, right) => compareRankedServers(left, right, options.workerIndex, servers));
+}
+
+function hasContextSignals(servers = [], options = {}) {
+  return rankServers(servers, options).some((server) => server.score > 0);
+}
+
+function inferPreferredSearchTool(taskText = '', inventoryIndex = new Map(), allowedServers = SEARCH_SERVER_ORDER) {
+  const ranked = rankServers(
+    SEARCH_SERVER_ORDER.filter((server) => allowedServers.includes(server)),
+    { taskText, inventoryIndex },
+  );
+  return ranked.find((server) => server.score > 0)?.server || '';
+}
+
+function selectContextualServers(baseServers, profile, options = {}) {
+  const taskText = normalizeTaskText(options.taskText);
+  if (!taskText || !baseServers.length) return [...baseServers];
+
+  const inventoryIndex = options.inventoryIndex instanceof Map
+    ? options.inventoryIndex
+    : buildInventoryIndex(options.inventory);
+  if (!hasContextSignals(baseServers, { ...options, inventoryIndex })) return [...baseServers];
+
+  const selected = new Set(
+    (profile.alwaysOnServers || []).filter((server) => baseServers.includes(server)),
+  );
+  const requestedSearchTool = typeof options.searchTool === 'string' ? options.searchTool : '';
+
+  const rankedServers = rankServers(
+    baseServers.filter((server) => !SEARCH_SERVER_ORDER.includes(server) && !selected.has(server)),
+    { ...options, inventoryIndex },
+  );
+  for (const ranked of rankedServers) {
+    if (ranked.score > 0 || ranked.explicitMatch) {
+      selected.add(ranked.server);
+    }
+  }
+
+  const wantsSearchFallback = SEARCH_INTENT_PATTERNS.some((pattern) => {
+    pattern.lastIndex = 0;
+    return pattern.test(taskText);
+  });
+  const orderedSearchServers = resolveSearchToolOrder(
+    requestedSearchTool,
+    Number.isInteger(options.workerIndex) ? options.workerIndex : undefined,
+    baseServers.filter((server) => SEARCH_SERVER_ORDER.includes(server)),
+    taskText,
+    { inventoryIndex },
+  );
+  const rankedSearchSet = new Set(orderedSearchServers.filter((server) => {
+    if (requestedSearchTool === server) return true;
+    const ranked = scoreServer(server, taskText, inventoryIndex);
+    return ranked.score > 0 || ranked.explicitMatch;
+  }));
+  const maxSearchServers = Number.isInteger(profile.maxSearchServers)
+    ? profile.maxSearchServers
+    : orderedSearchServers.length;
+  const chosenSearchServers = (
+    rankedSearchSet.size
+      ? orderedSearchServers.filter((server) => rankedSearchSet.has(server))
+      : wantsSearchFallback
+        ? orderedSearchServers.slice(0, 1)
+        : []
+  ).slice(0, maxSearchServers);
+
+  for (const server of chosenSearchServers) {
+    selected.add(server);
+  }
+
+  const alwaysOnServers = baseServers.filter((server) => selected.has(server) && (profile.alwaysOnServers || []).includes(server));
+  const contextualNonSearch = rankServers(
+    baseServers.filter((server) => selected.has(server) && !SEARCH_SERVER_ORDER.includes(server) && !alwaysOnServers.includes(server)),
+    { ...options, inventoryIndex },
+  ).map((entry) => entry.server);
+  const contextualSearch = orderedSearchServers.filter((server) => selected.has(server));
+  const contextualServers = uniqueStrings([
+    ...alwaysOnServers,
+    ...contextualNonSearch,
+    ...contextualSearch,
+  ]);
+  return contextualServers.length ? contextualServers : [...baseServers];
+}
+
+export function resolveMcpProfile(agentType = '', requestedProfile = 'auto') {
+  const normalized = normalizeProfileName(requestedProfile);
+  return normalized === 'auto' ? resolveAutoProfile(agentType) : normalized;
+}
+
+export function parseAvailableServers(rawAvailableServers = '') {
+  if (Array.isArray(rawAvailableServers)) return uniqueStrings(rawAvailableServers);
+  if (typeof rawAvailableServers !== 'string' || !rawAvailableServers.trim()) return [];
+  return uniqueStrings(rawAvailableServers.split(/[,\s]+/));
+}
+
+export function resolveSearchToolOrder(searchTool = '', workerIndex, allowedServers = SEARCH_SERVER_ORDER, taskText = '', options = {}) {
+  const available = SEARCH_SERVER_ORDER.filter((tool) => allowedServers.includes(tool));
+  if (!available.length) return [];
+
+  const inventoryIndex = options.inventoryIndex instanceof Map
+    ? options.inventoryIndex
+    : buildInventoryIndex(options.inventory);
+  const preferredSearchTool = searchTool && available.includes(searchTool)
+    ? searchTool
+    : inferPreferredSearchTool(taskText, inventoryIndex, available);
+
+  const ranked = rankServers(available, { taskText, workerIndex, inventoryIndex }).map((entry) => entry.server);
+  if (!preferredSearchTool || !available.includes(preferredSearchTool)) {
+    return ranked;
+  }
+
+  return [preferredSearchTool, ...ranked.filter((tool) => tool !== preferredSearchTool)];
+}
+
+function getProfileDefinition(resolvedProfile) {
+  return PROFILE_DEFINITIONS[resolvedProfile] || PROFILE_DEFINITIONS.default;
+}
+
+export function resolveAllowedServers(options = {}) {
+  const resolvedProfile = resolveMcpProfile(options.agentType, options.requestedProfile);
+  const profile = getProfileDefinition(resolvedProfile);
+  const availableServers = parseAvailableServers(options.availableServers);
+  const inventory = options.inventory || loadInventory(options.inventoryFile);
+  const inventoryIndex = buildInventoryIndex(inventory);
+  const baseServers = availableServers.length
+    ? profile.allowedServers.filter((server) => availableServers.includes(server))
+    : [...profile.allowedServers];
+  return selectContextualServers(baseServers, profile, { ...options, inventory, inventoryIndex });
+}
+
+export function buildPromptHint(options = {}) {
+  const resolvedProfile = resolveMcpProfile(options.agentType, options.requestedProfile);
+  if (resolvedProfile === 'none') return '';
+
+  const inventory = options.inventory || loadInventory(options.inventoryFile);
+  const inventoryIndex = buildInventoryIndex(inventory);
+  const allowedServers = resolveAllowedServers({ ...options, inventory, inventoryIndex });
+  const orderedTools = resolveSearchToolOrder(
+    options.searchTool,
+    Number.isInteger(options.workerIndex) ? options.workerIndex : undefined,
+    allowedServers,
+    options.taskText,
+    { inventory, inventoryIndex },
+  );
+  const has = (server) => allowedServers.includes(server);
+  const orderedSearchHint = orderedTools.length > 1
+    ? `웹 검색 우선순위: ${orderedTools.join(', ')}.`
+    : orderedTools[0]
+      ? `웹 검색은 ${orderedTools[0]}를 사용하세요.`
+      : '';
+  const searchFallbackHint = orderedTools.length > 1
+    ? '검색 도구 실패 시 402, 429, 432, 433, quota 에러에서 재시도하지 말고 다음 도구로 전환하세요.'
+    : '';
+  return [
+    has('context7') ? 'context7으로 관련 문서를 조회하세요.' : '',
+    has('playwright')
+      ? resolvedProfile === 'designer'
+        ? '화면/레이아웃 확인은 playwright를 우선 사용하세요.'
+        : '브라우저/UI 검증이 필요하면 playwright를 사용하세요.'
+      : '',
+    has('sequential-thinking') ? 'sequential-thinking으로 체계적으로 분석하세요.' : '',
+    resolvedProfile === 'reviewer' && orderedTools[0] ? `외부 근거가 더 필요하면 ${orderedTools[0]}를 사용하세요.` : '',
+    resolvedProfile !== 'reviewer' ? orderedSearchHint : '',
+    resolvedProfile !== 'reviewer' ? searchFallbackHint : '',
+    resolvedProfile === 'explore' ? '검색 깊이를 제한하고 읽기 전용 조사에 집중하세요.' : '',
+    resolvedProfile === 'writer' ? '검색 결과의 출처 URL을 함께 제시하세요.' : '',
+  ].filter(Boolean).join(' ');
+}
+
+export function getGeminiAllowedServers(options = {}) {
+  return resolveAllowedServers(options);
+}
+
+export function getCodexMcpConfig(options = {}) {
+  const allowedServers = new Set(resolveAllowedServers(options));
+  const resolvedProfile = resolveMcpProfile(options.agentType, options.requestedProfile);
+  if (resolvedProfile === 'none') {
+    return {
+      mcp_servers: Object.fromEntries(KNOWN_MCP_SERVERS.map((server) => [server, { enabled: false }])),
+    };
+  }
+
+  const config = { mcp_servers: {} };
+  const allowedToolsByServer = getProfileDefinition(resolvedProfile).allowedToolsByServer;
+  for (const server of KNOWN_MCP_SERVERS) {
+    if (!allowedServers.has(server)) {
+      config.mcp_servers[server] = { enabled: false };
+      continue;
+    }
+
+    config.mcp_servers[server] = {
+      enabled: true,
+      enabled_tools: [...(allowedToolsByServer[server] || [])],
+    };
+  }
+  return config;
+}
+
+function toTomlLiteral(value) {
+  if (Array.isArray(value)) {
+    return `[${value.map((item) => toTomlLiteral(item)).join(',')}]`;
+  }
+  if (typeof value === 'string') return JSON.stringify(value);
+  if (typeof value === 'number' || typeof value === 'boolean') return String(value);
+  throw new Error(`지원하지 않는 TOML 값 타입: ${typeof value}`);
+}
+
+function flattenConfig(prefix, value, output) {
+  if (value && typeof value === 'object' && !Array.isArray(value)) {
+    for (const [key, nestedValue] of Object.entries(value)) {
+      flattenConfig(prefix ? `${prefix}.${key}` : key, nestedValue, output);
+    }
+    return;
+  }
+  output.push(`${prefix}=${toTomlLiteral(value)}`);
+}
+
+export function getCodexConfigOverrides(options = {}) {
+  const config = getCodexMcpConfig(options);
+  const overrides = [];
+  flattenConfig('', config, overrides);
+  return overrides;
+}
+
+export function buildMcpPolicy(options = {}) {
+  const inventory = options.inventory || loadInventory(options.inventoryFile);
+  const inventoryIndex = buildInventoryIndex(inventory);
+  const resolvedOptions = { ...options, inventory, inventoryIndex };
+  const resolvedProfile = resolveMcpProfile(options.agentType, options.requestedProfile);
+  const allowedServers = resolveAllowedServers(resolvedOptions);
+  const hint = buildPromptHint(resolvedOptions);
+  return {
+    requestedProfile: typeof options.requestedProfile === 'string' && options.requestedProfile
+      ? options.requestedProfile
+      : 'auto',
+    resolvedProfile,
+    allowedServers,
+    hint,
+    geminiAllowedServers: getGeminiAllowedServers(resolvedOptions),
+    codexConfig: getCodexMcpConfig(resolvedOptions),
+    codexConfigOverrides: getCodexConfigOverrides(resolvedOptions),
+  };
+}
+
+function shellEscape(value) {
+  return `'${String(value).replace(/'/g, `'\"'\"'`)}'`;
+}
+
+function shellArray(name, values) {
+  return `${name}=(${values.map((value) => shellEscape(value)).join(' ')})`;
+}
+
+export function toShellExports(policy) {
+  return [
+    `MCP_PROFILE_REQUESTED=${shellEscape(policy.requestedProfile)}`,
+    `MCP_RESOLVED_PROFILE=${shellEscape(policy.resolvedProfile)}`,
+    `MCP_HINT=${shellEscape(policy.hint)}`,
+    shellArray('GEMINI_ALLOWED_SERVERS', policy.geminiAllowedServers),
+    shellArray('CODEX_CONFIG_FLAGS', policy.codexConfigOverrides.flatMap((override) => ['-c', override])),
+    `CODEX_CONFIG_JSON=${shellEscape(JSON.stringify(policy.codexConfig))}`,
+  ].join('\n');
+}
+
+function parseCliArgs(argv) {
+  const args = {
+    command: 'json',
+    agentType: '',
+    requestedProfile: 'auto',
+    availableServers: [],
+    inventoryFile: '',
+    searchTool: '',
+    taskText: '',
+    workerIndex: undefined,
+  };
+
+  const [first = 'json'] = argv;
+  if (!first.startsWith('--')) {
+    args.command = first;
+    argv = argv.slice(1);
+  }
+
+  for (let i = 0; i < argv.length; i += 1) {
+    const token = argv[i];
+    const next = () => {
+      const value = argv[i + 1];
+      if (value === undefined) throw new Error(`${token} 값이 필요합니다.`);
+      i += 1;
+      return value;
+    };
+
+    switch (token) {
+      case '--agent':
+        args.agentType = next();
+        break;
+      case '--profile':
+        args.requestedProfile = next();
+        break;
+      case '--available':
+        args.availableServers = parseAvailableServers(next());
+        break;
+      case '--inventory-file':
+        args.inventoryFile = next();
+        break;
+      case '--search-tool':
+        args.searchTool = next();
+        break;
+      case '--task-text':
+        args.taskText = next();
+        break;
+      case '--worker-index':
+        args.workerIndex = Number.parseInt(next(), 10);
+        break;
+      default:
+        throw new Error(`알 수 없는 옵션: ${token}`);
+    }
+  }
+
+  return args;
+}
+
+export async function runCli(argv = process.argv.slice(2)) {
+  let args;
+  try {
+    args = parseCliArgs(argv);
+  } catch (error) {
+    console.error(`[mcp-filter] ${error instanceof Error ? error.message : String(error)}`);
+    process.exitCode = 64;
+    return;
+  }
+
+  const policy = buildMcpPolicy(args);
+  if (args.command === 'shell') {
+    process.stdout.write(`${toShellExports(policy)}\n`);
+    return;
+  }
+
+  process.stdout.write(`${JSON.stringify(policy, null, 2)}\n`);
+}
+
+if (process.argv[1] && fileURLToPath(import.meta.url) === process.argv[1]) {
+  await runCli();
+}