@1claw/mcp 0.16.1 → 0.16.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -1
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +6 -1
- package/dist/security/index.js.map +1 -1
- package/dist/tools/inspect_content.d.ts +4 -0
- package/dist/tools/inspect_content.d.ts.map +1 -1
- package/dist/tools/inspect_content.js +38 -17
- package/dist/tools/inspect_content.js.map +1 -1
- package/package.json +7 -1
package/README.md
CHANGED
|
@@ -4,6 +4,8 @@ An MCP (Model Context Protocol) server that gives AI agents secure, just-in-time
|
|
|
4
4
|
|
|
5
5
|
**Local-only mode**: Run without vault credentials for security-only tools (e.g., `inspect_content`). Ideal for users running local models (Ollama, LM Studio, llama.cpp) who want prompt injection and threat detection without a 1claw account.
|
|
6
6
|
|
|
7
|
+
**API contract:** Vault-facing tools use the REST API described in [@1claw/openapi-spec](https://www.npmjs.com/package/@1claw/openapi-spec). LLM traffic through **Shroud** is not MCP — agents call `https://shroud.1claw.xyz` directly with `X-Shroud-Agent-Key` and **`X-Shroud-Provider`** (required; e.g. `openai`). When the MCP server exchanges an agent API key for a JWT, that token may carry **`shroud_config`** for Shroud’s PolicyEngine; MCP itself does not proxy LLM requests.
|
|
8
|
+
|
|
7
9
|
## Transport Modes
|
|
8
10
|
|
|
9
11
|
The server supports two transport modes:
|
|
@@ -32,7 +34,7 @@ pnpm run build
|
|
|
32
34
|
| `ONECLAW_AGENT_API_KEY` | stdio* | — | Agent API key (`ocv_...`). Server exchanges this for a JWT and auto-refreshes. |
|
|
33
35
|
| `ONECLAW_AGENT_TOKEN` | stdio* | — | Static Bearer JWT (alternative to ID+key; expires in ~1 h). |
|
|
34
36
|
| `ONECLAW_VAULT_ID` | stdio only | — | UUID of the vault to operate on. |
|
|
35
|
-
| `ONECLAW_BASE_URL` | No | `https://api.1claw.xyz` | API base URL (
|
|
37
|
+
| `ONECLAW_BASE_URL` | No | `https://api.1claw.xyz` | Vault API base URL. Intents tools (`simulate_transaction`, `submit_transaction`, etc.) call this host; for TEE signing, point it at **Shroud** or **Intents** (e.g. `https://shroud.1claw.xyz` or `https://intents.1claw.xyz`) if your deployment routes signing there. Self-hosted: your Vault/Shroud URL. |
|
|
36
38
|
| `MCP_TRANSPORT` | No | `stdio` | Transport mode: `stdio` or `httpStream`. |
|
|
37
39
|
| `PORT` | No | `8080` | HTTP port (httpStream mode only). |
|
|
38
40
|
|
|
@@ -55,6 +57,9 @@ pnpm run build
|
|
|
55
57
|
| `share_secret` | Share a secret with your creator, a user/agent by ID, or create an open link |
|
|
56
58
|
| `simulate_transaction` | Simulate a transaction via Tenderly without signing or broadcasting |
|
|
57
59
|
| `submit_transaction` | Submit a transaction intent to be signed and optionally broadcast. Auto-generates an `Idempotency-Key` header for replay protection. |
|
|
60
|
+
| `sign_transaction` | Sign-only (no broadcast); returns `signed_tx` for client-side `eth_sendRawTransaction`. |
|
|
61
|
+
| `list_transactions` | List transaction intents for the agent. |
|
|
62
|
+
| `get_transaction` | Get one transaction by id (optional `include_signed_tx`). |
|
|
58
63
|
| `inspect_content` | Analyze arbitrary text for prompt injection, command injection, social engineering, PII, encoding tricks, and more. Works without vault credentials. |
|
|
59
64
|
|
|
60
65
|
## Resources
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,eAAe;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CACpD;AAED,MAAM,WAAW,gBAAgB;IAC7B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,WAAW,eAAe;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;CACpD;AAED,MAAM,WAAW,gBAAgB;IAC7B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AA4ED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAIhE;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,IAAI,CAEnC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAID,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED,wBAAgB,wBAAwB,IAAI,OAAO,CAGlD;AAED,wBAAgB,qBAAqB,IAAI,OAAO,CAG/C;AAED,wBAAgB,sBAAsB,IAAI,OAAO,GAAG,MAAM,GAAG,KAAK,CAKjE;AAED,wBAAgB,mBAAmB,IAAI,OAAO,GAAG,UAAU,GAAG,UAAU,CAMvE;AAID,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAA;CAAE,CAcxF;AAoFD;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,gBAAgB,CA0C9E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,gBAAgB,CAuBhF"}
|
package/dist/security/index.js
CHANGED
|
@@ -28,7 +28,12 @@ const NETWORK_PATTERNS = [
|
|
|
28
28
|
{ name: "ngrok", pattern: /(?:ngrok\.io|ngrok\.app)/i, severity: "high" },
|
|
29
29
|
{ name: "pastebin", pattern: /pastebin\.com/i, severity: "high" },
|
|
30
30
|
{ name: "ip_url", pattern: /https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/, severity: "medium" },
|
|
31
|
-
|
|
31
|
+
// Allow HTTP verbs after flags (e.g. curl -X POST https://...) — otherwise "POST" breaks the URL match
|
|
32
|
+
{
|
|
33
|
+
name: "data_exfil",
|
|
34
|
+
pattern: /(?:curl|wget|nc)\s+(?:(?:-[a-zA-Z]*\s+)|(?:GET|POST|PUT|PATCH|DELETE|HEAD|OPTIONS)\s+)*https?:\/\//i,
|
|
35
|
+
severity: "critical",
|
|
36
|
+
},
|
|
32
37
|
];
|
|
33
38
|
const PII_PATTERNS = [
|
|
34
39
|
{ name: "email", pattern: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/, severity: "medium" },
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH,wDAAwD;AAExD,MAAM,0BAA0B,GAAG;IAC/B,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0EAA0E,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC3I,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC/F,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,qEAAqE,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACxI,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAe,EAAE;IAChF,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,sEAAsE,EAAE,QAAQ,EAAE,MAAe,EAAE;CAC1I,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACtB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,mEAAmE,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAClI,uFAAuF;IACvF,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAC3F,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAiB,EAAE;CAClG,CAAC;AAEF,MAAM,2BAA2B,GAAG;IAChC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,+DAA+D,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAC1H,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,2EAA2E,EAAE,QAAQ,EAAE,MAAe,EAAE;IACtI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,sEAAsE,EAAE,QAAQ,EAAE,MAAe,EAAE;IAC/H,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,4GAA4G,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACxK,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,8GAA8G,EAAE,QAAQ,EAAE,UAAmB,EAAE;CACzL,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACrB,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAe,EAAE;IAClF,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAe,EAAE;IAC1E,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAiB,EAAE;IACzG,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH,wDAAwD;AAExD,MAAM,0BAA0B,GAAG;IAC/B,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,0EAA0E,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC3I,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC/F,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,qEAAqE,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACxI,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAe,EAAE;IAChF,EAAE,IAAI,EAAE,iBAAiB,EAAE,OAAO,EAAE,sEAAsE,EAAE,QAAQ,EAAE,MAAe,EAAE;CAC1I,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACtB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,mEAAmE,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAClI,uFAAuF;IACvF,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAC3F,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,6BAA6B,EAAE,QAAQ,EAAE,QAAiB,EAAE;CAClG,CAAC;AAEF,MAAM,2BAA2B,GAAG;IAChC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,+DAA+D,EAAE,QAAQ,EAAE,QAAiB,EAAE;IAC1H,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,2EAA2E,EAAE,QAAQ,EAAE,MAAe,EAAE;IACtI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,sEAAsE,EAAE,QAAQ,EAAE,MAAe,EAAE;IAC/H,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,4GAA4G,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACxK,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,8GAA8G,EAAE,QAAQ,EAAE,UAAmB,EAAE;CACzL,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACrB,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAe,EAAE;IAClF,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAe,EAAE;IAC1E,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,+CAA+C,EAAE,QAAQ,EAAE,QAAiB,EAAE;IACzG,uGAAuG;IACvG;QACI,IAAI,EAAE,YAAY;QAClB,OAAO,EACH,qGAAqG;QACzG,QAAQ,EAAE,UAAmB;KAChC;CACJ,CAAC;AAEF,MAAM,YAAY,GAAG;IACjB,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,gDAAgD,EAAE,QAAQ,EAAE,QAAiB,EAAE;IACzG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAChF,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,uFAAuF,EAAE,QAAQ,EAAE,UAAmB,EAAE;IACxJ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,kDAAkD,EAAE,QAAQ,EAAE,KAAc,EAAE;IAC3G,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,+BAA+B,EAAE,QAAQ,EAAE,UAAmB,EAAE;IAC5F,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,wDAAwD,EAAE,QAAQ,EAAE,UAAmB,EAAE;CACnI,CAAC;AAEF,sCAAsC;AACtC,MAAM,gBAAgB,GAAG,gFAAgF,CAAC;AAE1G,6BAA6B;AAC7B,MAAM,WAAW,GAA2B;IACxC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAC1D,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAC1D,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAC1D,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;IAC1D,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG;CAC7D,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAEnF,gEAAgE;AAEhE,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;AAE/C,8DAA8D;AAC9D,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC;IACzB,YAAY;IACZ,gBAAgB;IAChB,YAAY;IACZ,kBAAkB;CACrB,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,IAAY,EAAE,KAAa;IACtD,IAAI,KAAK,CAAC,MAAM,IAAI,iBAAiB,EAAE,CAAC;QACpC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IACxB,YAAY,CAAC,KAAK,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAC9B,OAAO,YAAY,CAAC,IAAI,CAAC;AAC7B,CAAC;AAED,wDAAwD;AAExD,MAAM,UAAU,iBAAiB;IAC7B,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,OAAO,CAAC;AAChE,CAAC;AAED,MAAM,UAAU,wBAAwB;IACpC,IAAI,CAAC,iBAAiB,EAAE;QAAE,OAAO,KAAK,CAAC;IACvC,OAAO,OAAO,CAAC,GAAG,CAAC,0BAA0B,KAAK,OAAO,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,qBAAqB;IACjC,IAAI,CAAC,iBAAiB,EAAE;QAAE,OAAO,KAAK,CAAC;IACvC,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,KAAK,OAAO,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,sBAAsB;IAClC,IAAI,CAAC,iBAAiB,EAAE;QAAE,OAAO,KAAK,CAAC;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC;IACtD,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,MAAM,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,mBAAmB;IAC/B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;IACvD,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7C,OAAO,IAAI,CAAC;IAChB,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,wDAAwD;AAExD,MAAM,UAAU,gBAAgB,CAAC,IAAY;IACzC,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,IAAI,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,EAAE;QACjD,QAAQ,GAAG,IAAI,CAAC;QAChB,OAAO,EAAE,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,IAAI,EAAE,EAAE;QACvD,QAAQ,GAAG,IAAI,CAAC;QAChB,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AACpC,CAAC;AAED,wDAAwD;AAExD,SAAS,aAAa,CAAC,IAAY;IAC/B,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,0BAA0B,EAAE,CAAC;QACnE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7F,CAAC;IACL,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,iBAAiB,EAAE,CAAC;QAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7G,CAAC;IACL,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,2BAA2B,EAAE,CAAC;QACpE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC9F,CAAC;IACL,CAAC;IAED,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,gBAAgB,EAAE,CAAC;QACzD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1F,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC3B,IAAI,CAAC,qBAAqB,EAAE;QAAE,OAAO,EAAE,CAAC;IACxC,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACR,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5F,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,wDAAwD;AAExD,SAAS,aAAa,CAAC,IAAY;IAC/B,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,IAAI,QAAQ,GAAG,IAAI,CAAC;IACpB,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,aAAa,IAAI,GAAG,CAAC,CAAC;YAC5D,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3B,CAAC;IACL,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AACjC,CAAC;AAED,wDAAwD;AAExD,SAAS,kBAAkB,CAAC,IAAY;IACpC,MAAM,IAAI,GAAG,sBAAsB,EAAE,CAAC;IACtC,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,YAAY,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE,gBAAgB,IAAI,EAAE;gBAC/B,QAAQ,EAAE,UAAU;aACvB,CAAC,CAAC;QACP,CAAC;IACL,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,wDAAwD;AAExD;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,IAAa;IACxD,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACvB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACzC,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,OAAO,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IAE1C,IAAI,QAAQ,EAAE,CAAC;QACX,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,2BAA2B,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;IAEvC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;QACvB,MAAM,SAAS,GAAG,sBAAsB,EAAE,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;YAC5C,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;QACtC,CAAC;IACL,CAAC;IAED,MAAM,IAAI,GAAG,mBAAmB,EAAE,CAAC;IACnC,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,IAAI,KAAK,qBAAqB,CAAC,CAAC;IACvG,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAE3D,IAAI,IAAI,KAAK,OAAO,IAAI,CAAC,WAAW,IAAI,OAAO,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IACtC,CAAC;IAED,IAAI,IAAI,KAAK,UAAU,IAAI,QAAQ,EAAE,CAAC;QAClC,IAAI,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YAC7C,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/E,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACrC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB,EAAE,MAAc;IAC1D,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACvB,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACzC,CAAC;IAED,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtC,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAEnC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,wBAAwB,EAAE,EAAE,CAAC;QAC5D,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;gBACtB,OAAO,CAAC,IAAI,CAAC;oBACT,IAAI,EAAE,aAAa;oBACnB,OAAO,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE;oBAC7B,QAAQ,EAAE,UAAU;iBACvB,CAAC,CAAC;YACP,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QAC/C,CAAC;IACL,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACrC,CAAC"}
|
|
@@ -4,13 +4,17 @@ export declare function inspectContentTool(): {
|
|
|
4
4
|
description: string;
|
|
5
5
|
parameters: z.ZodObject<{
|
|
6
6
|
content: z.ZodString;
|
|
7
|
+
context: z.ZodOptional<z.ZodEnum<["input", "output"]>>;
|
|
7
8
|
}, "strip", z.ZodTypeAny, {
|
|
8
9
|
content: string;
|
|
10
|
+
context?: "input" | "output" | undefined;
|
|
9
11
|
}, {
|
|
10
12
|
content: string;
|
|
13
|
+
context?: "input" | "output" | undefined;
|
|
11
14
|
}>;
|
|
12
15
|
execute: (args: {
|
|
13
16
|
content: string;
|
|
17
|
+
context?: "input" | "output";
|
|
14
18
|
}, { log }: {
|
|
15
19
|
log: {
|
|
16
20
|
info: (msg: string) => void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"inspect_content.d.ts","sourceRoot":"","sources":["../../src/tools/inspect_content.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"inspect_content.d.ts","sourceRoot":"","sources":["../../src/tools/inspect_content.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAiDxB,wBAAgB,kBAAkB;;;;;;;;;;;;;oBAatB;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,GAAG,QAAQ,CAAA;KAAE,WAC9C;QAAE,GAAG,EAAE;YAAE,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;SAAE,CAAA;KAAE,KAChD,OAAO,CAAC,MAAM,CAAC;EAarB"}
|
|
@@ -1,29 +1,50 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
-
import { inspectInput } from "../security/index.js";
|
|
2
|
+
import { inspectInput, normalizeUnicode, } from "../security/index.js";
|
|
3
|
+
/** Structured result returned as JSON (tests + programmatic callers). */
|
|
4
|
+
function buildInspectContentReport(result, unicode) {
|
|
5
|
+
const threats = result.threats;
|
|
6
|
+
const malicious = threats.some((t) => t.type === "command_injection" ||
|
|
7
|
+
t.type === "social_engineering" ||
|
|
8
|
+
(t.type === "pii" && (t.pattern === "ssn" || t.severity === "critical")) ||
|
|
9
|
+
(t.type === "network_threat" && t.severity === "critical"));
|
|
10
|
+
const verdict = malicious ? "malicious" : "clean";
|
|
11
|
+
const safe = !malicious && result.passed;
|
|
12
|
+
const base = {
|
|
13
|
+
safe,
|
|
14
|
+
verdict,
|
|
15
|
+
threat_count: threats.length,
|
|
16
|
+
threats,
|
|
17
|
+
};
|
|
18
|
+
if (unicode.modified) {
|
|
19
|
+
return {
|
|
20
|
+
...base,
|
|
21
|
+
unicode_normalized: true,
|
|
22
|
+
normalized_content: unicode.normalized,
|
|
23
|
+
};
|
|
24
|
+
}
|
|
25
|
+
return base;
|
|
26
|
+
}
|
|
3
27
|
export function inspectContentTool() {
|
|
4
28
|
return {
|
|
5
29
|
name: "inspect_content",
|
|
6
|
-
description: "Inspect text content for security threats including command injection, encoding obfuscation, social engineering, and PII. Returns a threat report
|
|
30
|
+
description: "Inspect text content for security threats including command injection, encoding obfuscation, social engineering, and PII. Returns a JSON threat report (safe, verdict, threat_count, threats). Use before processing untrusted input.",
|
|
7
31
|
parameters: z.object({
|
|
8
32
|
content: z.string().describe("The text content to inspect for threats"),
|
|
33
|
+
context: z
|
|
34
|
+
.enum(["input", "output"])
|
|
35
|
+
.optional()
|
|
36
|
+
.describe("Whether this is model input or output (affects inspection context)"),
|
|
9
37
|
}),
|
|
10
38
|
execute: async (args, { log }) => {
|
|
11
|
-
const
|
|
39
|
+
const context = args.context ?? "output";
|
|
40
|
+
const unicode = normalizeUnicode(args.content);
|
|
41
|
+
const result = inspectInput("inspect_content", {
|
|
42
|
+
content: args.content,
|
|
43
|
+
context,
|
|
44
|
+
});
|
|
12
45
|
log.info(`inspection: ${result.threats.length} threat(s) detected`);
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
}
|
|
16
|
-
const lines = [
|
|
17
|
-
result.passed ? "Content PASSED inspection (warnings below):" : "Content BLOCKED — threats detected:",
|
|
18
|
-
"",
|
|
19
|
-
];
|
|
20
|
-
for (const threat of result.threats) {
|
|
21
|
-
lines.push(`[${threat.severity.toUpperCase()}] ${threat.type}: "${threat.pattern}"${threat.location ? ` (${threat.location})` : ""}`);
|
|
22
|
-
}
|
|
23
|
-
if (result.sanitized && result.sanitized !== args.content) {
|
|
24
|
-
lines.push("", "Sanitized version available (threats removed/neutralized).");
|
|
25
|
-
}
|
|
26
|
-
return lines.join("\n");
|
|
46
|
+
const report = buildInspectContentReport(result, unicode);
|
|
47
|
+
return JSON.stringify(report);
|
|
27
48
|
},
|
|
28
49
|
};
|
|
29
50
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"inspect_content.js","sourceRoot":"","sources":["../../src/tools/inspect_content.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,
|
|
1
|
+
{"version":3,"file":"inspect_content.js","sourceRoot":"","sources":["../../src/tools/inspect_content.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,gBAAgB,GAGjB,MAAM,sBAAsB,CAAC;AAE9B,yEAAyE;AACzE,SAAS,yBAAyB,CAChC,MAAwB,EACxB,OAAkD;IASlD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,KAAK,mBAAmB;QAC9B,CAAC,CAAC,IAAI,KAAK,oBAAoB;QAC/B,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC,IAAI,KAAK,gBAAgB,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAC7D,CAAC;IACF,MAAM,OAAO,GAA0B,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC;IACzE,MAAM,IAAI,GAAG,CAAC,SAAS,IAAI,MAAM,CAAC,MAAM,CAAC;IAEzC,MAAM,IAAI,GAAG;QACX,IAAI;QACJ,OAAO;QACP,YAAY,EAAE,OAAO,CAAC,MAAM;QAC5B,OAAO;KACR,CAAC;IAEF,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO;YACL,GAAG,IAAI;YACP,kBAAkB,EAAE,IAAI;YACxB,kBAAkB,EAAE,OAAO,CAAC,UAAU;SACvC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO;QACL,IAAI,EAAE,iBAA0B;QAChC,WAAW,EACT,uOAAuO;QACzO,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;YACvE,OAAO,EAAE,CAAC;iBACP,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;iBACzB,QAAQ,EAAE;iBACV,QAAQ,CAAC,oEAAoE,CAAC;SAClF,CAAC;QACF,OAAO,EAAE,KAAK,EACZ,IAAuD,EACvD,EAAE,GAAG,EAA4C,EAChC,EAAE;YACnB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,QAAQ,CAAC;YACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC/C,MAAM,MAAM,GAAqB,YAAY,CAAC,iBAAiB,EAAE;gBAC/D,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO;aACR,CAAC,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,MAAM,qBAAqB,CAAC,CAAC;YAEpE,MAAM,MAAM,GAAG,yBAAyB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@1claw/mcp",
|
|
3
|
-
"version": "0.16.
|
|
3
|
+
"version": "0.16.8",
|
|
4
4
|
"description": "MCP server for the 1claw secrets vault — lets AI agents fetch, store, and manage secrets at runtime",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -55,7 +55,13 @@
|
|
|
55
55
|
"homepage": "https://1claw.xyz",
|
|
56
56
|
"license": "MIT",
|
|
57
57
|
"dependencies": {
|
|
58
|
+
"@hono/node-server": "^1.19.10",
|
|
59
|
+
"express-rate-limit": "^8.2.2",
|
|
58
60
|
"fastmcp": "^3.33.0",
|
|
61
|
+
"glob": "^11.1.0",
|
|
62
|
+
"hono": "^4.12.4",
|
|
63
|
+
"koa": "^3.1.2",
|
|
64
|
+
"undici": "^7.24.0",
|
|
59
65
|
"zod": "^3.24.0"
|
|
60
66
|
},
|
|
61
67
|
"devDependencies": {
|