@agent-wall/cli 0.1.0

package/dist/index.js

@@ -0,0 +1,1074 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { Command } from "commander";
+
+// src/commands/wrap.ts
+import * as fs from "fs";
+import * as path from "path";
+import { createRequire } from "module";
+import {
+  StdioProxy,
+  PolicyEngine,
+  AuditLogger,
+  ResponseScanner,
+  InjectionDetector,
+  EgressControl,
+  KillSwitch,
+  ChainDetector,
+  DashboardServer,
+  loadPolicy,
+  createTerminalPromptHandler
+} from "@agent-wall/core";
+import chalk from "chalk";
+async function wrapCommand(serverArgs, options) {
+  if (serverArgs.length === 0) {
+    process.stderr.write(
+      chalk.red(
+        "Error: No server command specified.\nUsage: agent-wall wrap -- <command> [args...]\n\nExample:\n  agent-wall wrap -- npx @modelcontextprotocol/server-filesystem /home/user\n"
+      )
+    );
+    process.exit(1);
+  }
+  const command = serverArgs[0];
+  const args = serverArgs.slice(1);
+  const { config, filePath } = loadPolicy(options.config);
+  if (!options.silent) {
+    process.stderr.write(
+      chalk.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n")
+    );
+    process.stderr.write(
+      chalk.cyan("\u2551  ") + chalk.bold.white("Agent Wall") + chalk.cyan(" \u2014 Security Firewall for AI Agents  \u2551\n")
+    );
+    process.stderr.write(
+      chalk.cyan("\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563\n")
+    );
+    process.stderr.write(
+      chalk.cyan("\u2551  ") + chalk.gray("Policy: ") + chalk.white(filePath ?? "built-in defaults") + "\n"
+    );
+    process.stderr.write(
+      chalk.cyan("\u2551  ") + chalk.gray("Rules:  ") + chalk.white(`${config.rules.length} loaded`) + "\n"
+    );
+    const rspScan = config.responseScanning;
+    if (rspScan?.enabled !== false) {
+      process.stderr.write(
+        chalk.cyan("\u2551  ") + chalk.gray("Scanner:") + chalk.white(" response scanning ON") + (rspScan?.detectPII ? chalk.yellow(" +PII") : "") + "\n"
+      );
+    }
+    process.stderr.write(
+      chalk.cyan("\u2551  ") + chalk.gray("Server: ") + chalk.white(`${command} ${args.join(" ")}`) + "\n"
+    );
+    process.stderr.write(
+      chalk.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D\n\n")
+    );
+  }
+  if (options.dryRun) {
+    process.stderr.write(
+      chalk.yellow("  --dry-run mode: preview only, server will not start\n\n")
+    );
+    process.stderr.write(
+      chalk.gray("  Default action: ") + chalk.white(config.defaultAction) + "\n"
+    );
+    if (config.globalRateLimit) {
+      process.stderr.write(
+        chalk.gray("  Rate limit:     ") + chalk.white(
+          `${config.globalRateLimit.maxCalls} calls / ${config.globalRateLimit.windowSeconds}s`
+        ) + "\n"
+      );
+    }
+    process.stderr.write(
+      chalk.gray("  Rules loaded:   ") + chalk.white(String(config.rules.length)) + "\n\n"
+    );
+    for (let i = 0; i < config.rules.length; i++) {
+      const rule = config.rules[i];
+      const icon = rule.action === "deny" ? chalk.red("\u2717") : rule.action === "allow" ? chalk.green("\u2713") : chalk.yellow("?");
+      process.stderr.write(
+        `  ${icon} ${chalk.bold(rule.name ?? `rule[${i}]`)}` + chalk.gray(` \u2192 ${rule.action}`) + chalk.gray(` (tool: ${rule.tool})`) + "\n"
+      );
+    }
+    process.stderr.write("\n");
+    process.exit(0);
+  }
+  const policyEngine = new PolicyEngine(config);
+  const securityConfig = config.security;
+  const logger = new AuditLogger({
+    stdout: !options.silent,
+    filePath: options.logFile,
+    redact: true,
+    signing: securityConfig?.signing ?? false,
+    signingKey: securityConfig?.signingKey
+  });
+  const responseScanner = config.responseScanning?.enabled !== false ? new ResponseScanner({
+    enabled: true,
+    maxResponseSize: config.responseScanning?.maxResponseSize,
+    oversizeAction: config.responseScanning?.oversizeAction,
+    detectSecrets: config.responseScanning?.detectSecrets ?? true,
+    detectPII: config.responseScanning?.detectPII ?? false,
+    base64Action: config.responseScanning?.base64Action,
+    maxPatterns: config.responseScanning?.maxPatterns,
+    patterns: config.responseScanning?.patterns
+  }) : void 0;
+  const injectionDetector = new InjectionDetector(securityConfig?.injectionDetection);
+  const egressControl = new EgressControl(securityConfig?.egressControl);
+  const killSwitch = new KillSwitch({
+    ...securityConfig?.killSwitch,
+    registerSignal: true
+  });
+  const chainDetector = new ChainDetector(securityConfig?.chainDetection);
+  if (!options.silent) {
+    const modules = [];
+    if (securityConfig?.injectionDetection?.enabled !== false) modules.push("injection");
+    if (securityConfig?.egressControl?.enabled !== false) modules.push("egress");
+    if (securityConfig?.killSwitch?.enabled !== false) modules.push("kill-switch");
+    if (securityConfig?.chainDetection?.enabled !== false) modules.push("chain");
+    if (securityConfig?.signing) modules.push("signing");
+    if (modules.length > 0) {
+      process.stderr.write(
+        chalk.cyan("\u2551  ") + chalk.gray("Security:") + chalk.white(` ${modules.join(", ")}`) + "\n"
+      );
+    }
+  }
+  const proxy = new StdioProxy({
+    command,
+    args,
+    policyEngine,
+    responseScanner,
+    logger,
+    injectionDetector,
+    egressControl,
+    killSwitch,
+    chainDetector,
+    onPrompt: createTerminalPromptHandler(),
+    onReady: () => {
+      if (!options.silent) {
+        process.stderr.write(
+          chalk.green("\u2713 ") + chalk.gray("MCP server started. Agent Wall is protecting.\n\n")
+        );
+      }
+    },
+    onExit: (code) => {
+      if (!options.silent) {
+        const stats = proxy.getStats();
+        process.stderr.write("\n");
+        process.stderr.write(
+          chalk.cyan("\u2500\u2500\u2500 Agent Wall Session Summary \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n")
+        );
+        process.stderr.write(
+          chalk.gray("  Total calls:    ") + chalk.white(String(stats.total)) + "\n"
+        );
+        process.stderr.write(
+          chalk.gray("  Forwarded:      ") + chalk.green(String(stats.forwarded)) + "\n"
+        );
+        process.stderr.write(
+          chalk.gray("  Denied:         ") + chalk.red(String(stats.denied)) + "\n"
+        );
+        process.stderr.write(
+          chalk.gray("  Prompted:       ") + chalk.yellow(String(stats.prompted)) + "\n"
+        );
+        if (stats.scanned > 0) {
+          process.stderr.write(
+            chalk.gray("  Responses scanned: ") + chalk.white(String(stats.scanned)) + "\n"
+          );
+          if (stats.responseBlocked > 0) {
+            process.stderr.write(
+              chalk.gray("  Resp. blocked:  ") + chalk.red(String(stats.responseBlocked)) + "\n"
+            );
+          }
+          if (stats.responseRedacted > 0) {
+            process.stderr.write(
+              chalk.gray("  Resp. redacted: ") + chalk.yellow(String(stats.responseRedacted)) + "\n"
+            );
+          }
+        }
+        process.stderr.write(
+          chalk.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n")
+        );
+      }
+      process.exit(code ?? 0);
+    },
+    onError: (error) => {
+      process.stderr.write(
+        chalk.red(`
+Agent Wall Error: ${error.message}
+`)
+      );
+    }
+  });
+  let policyWatcher = null;
+  if (filePath) {
+    try {
+      let debounceTimer = null;
+      policyWatcher = fs.watch(filePath, (eventType) => {
+        if (eventType !== "change") return;
+        if (debounceTimer) clearTimeout(debounceTimer);
+        debounceTimer = setTimeout(() => {
+          try {
+            const { config: newConfig } = loadPolicy(filePath);
+            policyEngine.updateConfig(newConfig);
+            if (responseScanner && newConfig.responseScanning) {
+              responseScanner.updateConfig(newConfig.responseScanning);
+            }
+            if (!options.silent) {
+              process.stderr.write(
+                chalk.green("\u2713 ") + chalk.gray("Policy reloaded from ") + chalk.white(filePath) + chalk.gray(` (${newConfig.rules.length} rules)
+`)
+              );
+            }
+          } catch (err) {
+            if (!options.silent) {
+              const msg = err instanceof Error ? err.message : String(err);
+              process.stderr.write(
+                chalk.yellow(`\u26A0 Policy reload failed: ${msg}
+`)
+              );
+            }
+          }
+        }, 300);
+      });
+    } catch {
+    }
+  }
+  let dashboardServer = null;
+  if (options.dashboard || options.dashboardPort) {
+    const dashboardPort = options.dashboardPort ?? 61100;
+    const staticDir = resolveDashboardAssets();
+    dashboardServer = new DashboardServer({
+      port: dashboardPort,
+      proxy,
+      killSwitch,
+      policyEngine,
+      logger,
+      staticDir
+    });
+    logger.setOnEntry((entry) => {
+      dashboardServer.handleAuditEntry(entry);
+    });
+    try {
+      await dashboardServer.start();
+      if (!options.silent) {
+        process.stderr.write(
+          chalk.cyan("\u2551  ") + chalk.gray("Dashboard:") + chalk.white(` http://localhost:${dashboardPort}`) + "\n"
+        );
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(
+        chalk.yellow(`\u26A0 Dashboard failed to start: ${msg}
+`)
+      );
+      dashboardServer = null;
+    }
+  }
+  const shutdown = () => {
+    if (policyWatcher) {
+      policyWatcher.close();
+      policyWatcher = null;
+    }
+    dashboardServer?.stop();
+    proxy.stop();
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+  try {
+    await proxy.start();
+  } catch (error) {
+    const msg = error instanceof Error ? error.message : String(error);
+    process.stderr.write(
+      chalk.red(
+        `
+Failed to start MCP server: ${msg}
+
+Make sure the server command is correct:
+  ${command} ${args.join(" ")}
+`
+      )
+    );
+    process.exit(1);
+  }
+}
+function resolveDashboardAssets() {
+  const bundledDir = path.join(path.dirname(new URL(import.meta.url).pathname), "dashboard");
+  if (fs.existsSync(path.join(bundledDir, "index.html"))) {
+    return bundledDir;
+  }
+  try {
+    const require2 = createRequire(import.meta.url);
+    const pkgPath = require2.resolve("@agent-wall/dashboard/package.json");
+    const distDir = path.join(path.dirname(pkgPath), "dist");
+    if (fs.existsSync(path.join(distDir, "index.html"))) {
+      return distDir;
+    }
+  } catch {
+  }
+  const monorepoDist = path.resolve(
+    path.dirname(new URL(import.meta.url).pathname),
+    "../../dashboard/dist"
+  );
+  if (fs.existsSync(path.join(monorepoDist, "index.html"))) {
+    return monorepoDist;
+  }
+  return void 0;
+}
+
+// src/commands/init.ts
+import * as fs2 from "fs";
+import * as path2 from "path";
+import { generateDefaultConfigYaml } from "@agent-wall/core";
+import chalk2 from "chalk";
+function initCommand(options) {
+  const outputPath = path2.resolve(options.path ?? "agent-wall.yaml");
+  if (fs2.existsSync(outputPath) && !options.force) {
+    process.stderr.write(
+      chalk2.yellow(
+        `
+\u26A0  File already exists: ${outputPath}
+   Use --force to overwrite.
+
+`
+      )
+    );
+    process.exit(1);
+  }
+  const content = generateDefaultConfigYaml();
+  const dir = path2.dirname(outputPath);
+  if (!fs2.existsSync(dir)) {
+    fs2.mkdirSync(dir, { recursive: true });
+  }
+  fs2.writeFileSync(outputPath, content, "utf-8");
+  process.stderr.write(
+    chalk2.green("\n\u2713 ") + chalk2.white("Created ") + chalk2.bold(outputPath) + "\n\n" + chalk2.gray("  Next steps:\n") + chalk2.gray("  1. Edit the rules to fit your project\n") + chalk2.gray("  2. Wrap your MCP server:\n\n") + chalk2.white(
+      "     agent-wall wrap -- npx @modelcontextprotocol/server-filesystem /path\n"
+    ) + "\n"
+  );
+}
+
+// src/commands/test.ts
+import { PolicyEngine as PolicyEngine2, loadPolicy as loadPolicy2 } from "@agent-wall/core";
+import chalk3 from "chalk";
+function testCommand(options) {
+  if (!options.tool) {
+    process.stderr.write(
+      chalk3.red(
+        'Error: --tool is required.\n\nUsage:\n  agent-wall test --tool shell_exec --arg command="curl https://evil.com"\n  agent-wall test --tool read_file --arg path=/home/.ssh/id_rsa\n'
+      )
+    );
+    process.exit(1);
+  }
+  const { config, filePath } = loadPolicy2(options.config);
+  const engine = new PolicyEngine2(config);
+  const args = {};
+  if (options.arg) {
+    for (const a of options.arg) {
+      const eqIndex = a.indexOf("=");
+      if (eqIndex === -1) {
+        process.stderr.write(
+          chalk3.red(`Invalid argument format: "${a}" (expected key=value)
+`)
+        );
+        process.exit(1);
+      }
+      args[a.slice(0, eqIndex)] = a.slice(eqIndex + 1);
+    }
+  }
+  const toolCall = {
+    name: options.tool,
+    arguments: args
+  };
+  const verdict = engine.evaluate(toolCall);
+  process.stderr.write("\n");
+  process.stderr.write(
+    chalk3.gray("Policy: ") + chalk3.white(filePath ?? "built-in defaults") + "\n"
+  );
+  process.stderr.write(
+    chalk3.gray("Tool:   ") + chalk3.white(toolCall.name) + "\n"
+  );
+  process.stderr.write(
+    chalk3.gray("Args:   ") + chalk3.white(JSON.stringify(toolCall.arguments)) + "\n"
+  );
+  process.stderr.write("\n");
+  const actionColors = {
+    allow: chalk3.green,
+    deny: chalk3.red,
+    prompt: chalk3.yellow
+  };
+  const actionSymbols = {
+    allow: "\u2713 ALLOWED",
+    deny: "\u2717 DENIED",
+    prompt: "? PROMPT"
+  };
+  const color = actionColors[verdict.action];
+  process.stderr.write(
+    color(`  ${actionSymbols[verdict.action]}`) + "\n"
+  );
+  if (verdict.rule) {
+    process.stderr.write(
+      chalk3.gray("  Rule:    ") + chalk3.white(verdict.rule) + "\n"
+    );
+  }
+  process.stderr.write(
+    chalk3.gray("  Message: ") + chalk3.white(verdict.message) + "\n"
+  );
+  process.stderr.write("\n");
+  process.exit(verdict.action === "deny" ? 1 : 0);
+}
+
+// src/commands/audit.ts
+import * as fs3 from "fs";
+import chalk4 from "chalk";
+function auditCommand(options) {
+  if (!options.log) {
+    process.stderr.write(
+      chalk4.red(
+        "Error: --log is required.\n\nUsage:\n  agent-wall audit --log ./agent-wall.log\n  agent-wall audit --log ./agent-wall.log --filter denied\n"
+      )
+    );
+    process.exit(1);
+  }
+  if (!fs3.existsSync(options.log)) {
+    process.stderr.write(
+      chalk4.red(`Error: Log file not found: ${options.log}
+`)
+    );
+    process.exit(1);
+  }
+  const content = fs3.readFileSync(options.log, "utf-8");
+  const lines = content.trim().split("\n").filter(Boolean);
+  let entries = [];
+  for (const line of lines) {
+    try {
+      entries.push(JSON.parse(line));
+    } catch {
+    }
+  }
+  const filterAction = options.filter ?? "all";
+  if (filterAction !== "all") {
+    const actionMap = {
+      denied: "deny",
+      allowed: "allow",
+      prompted: "prompt"
+    };
+    const targetAction = actionMap[filterAction];
+    entries = entries.filter((e) => e.verdict?.action === targetAction);
+  }
+  if (options.last && options.last > 0) {
+    entries = entries.slice(-options.last);
+  }
+  if (entries.length === 0) {
+    process.stderr.write(chalk4.gray("\n  No matching audit entries found.\n\n"));
+    process.exit(0);
+  }
+  if (options.json) {
+    process.stdout.write(JSON.stringify(entries, null, 2) + "\n");
+    process.exit(0);
+  }
+  process.stderr.write("\n");
+  process.stderr.write(
+    chalk4.cyan("\u2500\u2500\u2500 Agent Wall Audit Log \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n")
+  );
+  process.stderr.write(
+    chalk4.gray(`  File: ${options.log}  |  Entries: ${entries.length}
+`)
+  );
+  process.stderr.write(
+    chalk4.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+  const actionColors = {
+    allow: chalk4.green,
+    deny: chalk4.red,
+    prompt: chalk4.yellow
+  };
+  const actionIcons = {
+    allow: "\u2713",
+    deny: "\u2717",
+    prompt: "?"
+  };
+  for (const entry of entries) {
+    const action = entry.verdict?.action ?? "unknown";
+    const color = actionColors[action] ?? chalk4.gray;
+    const icon = actionIcons[action] ?? "\xB7";
+    const time = entry.timestamp ? new Date(entry.timestamp).toLocaleTimeString() : "??:??:??";
+    process.stderr.write(
+      chalk4.gray(`  ${time} `) + color(`${icon} ${action.toUpperCase().padEnd(6)} `) + chalk4.white(entry.tool ?? entry.method ?? "unknown") + "\n"
+    );
+    if (entry.arguments && Object.keys(entry.arguments).length > 0) {
+      const argStr = JSON.stringify(entry.arguments, null, 0);
+      process.stderr.write(
+        chalk4.gray(`           Args: ${argStr.slice(0, 100)}${argStr.length > 100 ? "..." : ""}`) + "\n"
+      );
+    }
+    if (entry.verdict?.rule) {
+      process.stderr.write(
+        chalk4.gray(`           Rule: ${entry.verdict.rule}`) + "\n"
+      );
+    }
+    process.stderr.write("\n");
+  }
+  const stats = {
+    allowed: entries.filter((e) => e.verdict?.action === "allow").length,
+    denied: entries.filter((e) => e.verdict?.action === "deny").length,
+    prompted: entries.filter((e) => e.verdict?.action === "prompt").length
+  };
+  process.stderr.write(
+    chalk4.cyan("\u2500\u2500\u2500 Summary \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n")
+  );
+  process.stderr.write(
+    chalk4.green(`  Allowed: ${stats.allowed}`) + "  " + chalk4.red(`Denied: ${stats.denied}`) + "  " + chalk4.yellow(`Prompted: ${stats.prompted}`) + "\n"
+  );
+  process.stderr.write(
+    chalk4.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+}
+
+// src/commands/scan.ts
+import * as fs4 from "fs";
+import * as path3 from "path";
+import * as os from "os";
+import chalk5 from "chalk";
+var RISKY_TOOLS = [
+  // ── Execution (Critical) ──────────────────────────────────────────
+  { pattern: "shell", risk: "critical", reason: "Arbitrary shell command execution" },
+  { pattern: "bash", risk: "critical", reason: "Arbitrary bash execution" },
+  { pattern: "exec", risk: "critical", reason: "Process execution" },
+  { pattern: "terminal", risk: "critical", reason: "Terminal access" },
+  // ── Filesystem ────────────────────────────────────────────────────
+  { pattern: "filesystem", risk: "high", reason: "Full filesystem read/write access" },
+  // ── Browser / Web ─────────────────────────────────────────────────
+  { pattern: "playwright", risk: "high", reason: "Browser automation via Playwright (prompt injection target)" },
+  { pattern: "puppeteer", risk: "high", reason: "Browser automation via Puppeteer (prompt injection target)" },
+  { pattern: "browser", risk: "high", reason: "Browser automation (prompt injection target)" },
+  { pattern: "fetch", risk: "medium", reason: "Outbound HTTP requests (exfiltration vector)" },
+  // ── Source Control ────────────────────────────────────────────────
+  { pattern: "github", risk: "medium", reason: "GitHub API access (code/issues/PRs)" },
+  { pattern: "gitlab", risk: "medium", reason: "GitLab API access (code/issues/MRs)" },
+  { pattern: "git", risk: "medium", reason: "Repository access and modification" },
+  // ── Databases ─────────────────────────────────────────────────────
+  { pattern: "postgres", risk: "high", reason: "PostgreSQL access" },
+  { pattern: "mysql", risk: "high", reason: "MySQL database access" },
+  { pattern: "mongodb", risk: "high", reason: "MongoDB database access" },
+  { pattern: "redis", risk: "medium", reason: "Redis data store access" },
+  { pattern: "sqlite", risk: "medium", reason: "SQLite database access" },
+  { pattern: "supabase", risk: "high", reason: "Supabase database/auth/storage access" },
+  { pattern: "neon", risk: "high", reason: "Neon serverless Postgres access" },
+  { pattern: "snowflake", risk: "high", reason: "Snowflake data warehouse access" },
+  { pattern: "database", risk: "high", reason: "Database query execution" },
+  // ── Infrastructure / Cloud ────────────────────────────────────────
+  { pattern: "docker", risk: "critical", reason: "Container management" },
+  { pattern: "kubernetes", risk: "critical", reason: "Cluster management" },
+  { pattern: "terraform", risk: "critical", reason: "Infrastructure-as-code provisioning" },
+  { pattern: "aws", risk: "critical", reason: "AWS cloud resource access" },
+  { pattern: "gcp", risk: "critical", reason: "Google Cloud resource access" },
+  { pattern: "azure", risk: "critical", reason: "Azure cloud resource access" },
+  { pattern: "cloudflare", risk: "high", reason: "Cloudflare infrastructure management" },
+  { pattern: "vercel", risk: "high", reason: "Vercel deployment/project management" },
+  { pattern: "netlify", risk: "high", reason: "Netlify deployment/project management" },
+  // ── Communication ─────────────────────────────────────────────────
+  { pattern: "slack", risk: "medium", reason: "Slack workspace messaging access" },
+  { pattern: "email", risk: "medium", reason: "Email send/read access" },
+  { pattern: "gmail", risk: "medium", reason: "Gmail account access" },
+  { pattern: "discord", risk: "medium", reason: "Discord messaging access" },
+  // ── Payment / Secrets ─────────────────────────────────────────────
+  { pattern: "stripe", risk: "critical", reason: "Payment processing / financial data" },
+  { pattern: "razorpay", risk: "critical", reason: "Payment processing / financial data" },
+  { pattern: "vault", risk: "critical", reason: "Secret management (HashiCorp Vault)" },
+  { pattern: "1password", risk: "critical", reason: "Password manager access" },
+  // ── Remote Access ─────────────────────────────────────────────────
+  { pattern: "ssh", risk: "critical", reason: "Remote server access via SSH" },
+  { pattern: "rdp", risk: "critical", reason: "Remote desktop access" },
+  // ── AI / LLM ──────────────────────────────────────────────────────
+  { pattern: "openai", risk: "medium", reason: "OpenAI API access (cost / data)" },
+  { pattern: "anthropic", risk: "medium", reason: "Anthropic API access (cost / data)" }
+];
+function detectConfigPaths() {
+  const home = os.homedir();
+  const platform3 = os.platform();
+  const candidates = [
+    // ── Claude ────────────────────────────────────────────────────
+    // Claude Code
+    path3.join(home, ".claude", "mcp_servers.json"),
+    // Claude Desktop (macOS)
+    path3.join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json"),
+    // Claude Desktop (Windows)
+    path3.join(home, "AppData", "Roaming", "Claude", "claude_desktop_config.json"),
+    // Claude Desktop (Linux)
+    path3.join(home, ".config", "Claude", "claude_desktop_config.json"),
+    // ── Cursor ────────────────────────────────────────────────────
+    path3.join(home, ".cursor", "mcp.json"),
+    // ── VS Code / Copilot ─────────────────────────────────────────
+    // VS Code workspace-level MCP (vscode 1.99+)
+    path3.join(process.cwd(), ".vscode", "mcp.json"),
+    // ── Windsurf (Codeium) ────────────────────────────────────────
+    path3.join(home, ".codeium", "windsurf", "mcp_config.json"),
+    // ── Cline ─────────────────────────────────────────────────────
+    path3.join(home, ".cline", "mcp_settings.json"),
+    // ── Continue.dev ──────────────────────────────────────────────
+    path3.join(home, ".continue", "config.json"),
+    // ── Generic / project-level ───────────────────────────────────
+    path3.join(process.cwd(), ".mcp.json"),
+    path3.join(process.cwd(), "mcp.json")
+  ];
+  if (platform3 === "win32") {
+    candidates.push(
+      path3.join(home, "AppData", "Roaming", "Code", "User", "settings.json")
+    );
+  } else if (platform3 === "darwin") {
+    candidates.push(
+      path3.join(home, "Library", "Application Support", "Code", "User", "settings.json")
+    );
+  } else {
+    candidates.push(
+      path3.join(home, ".config", "Code", "User", "settings.json")
+    );
+  }
+  return candidates.filter((p) => fs4.existsSync(p));
+}
+function scanCommand(options) {
+  let configPaths = [];
+  if (options.config) {
+    if (!fs4.existsSync(options.config)) {
+      process.stderr.write(
+        chalk5.red(`Error: Config not found: ${options.config}
+`)
+      );
+      process.exit(1);
+    }
+    configPaths = [options.config];
+  } else {
+    configPaths = detectConfigPaths();
+  }
+  if (configPaths.length === 0) {
+    if (options.json) {
+      process.stdout.write(JSON.stringify({ servers: [], totalRisks: 0 }, null, 2) + "\n");
+    } else {
+      process.stderr.write(
+        chalk5.yellow(
+          "\n\u26A0  No MCP configuration files found.\n\n" + chalk5.gray(
+            "  Looked for config files from:\n    \u2022 Claude Code      ~/.claude/mcp_servers.json\n    \u2022 Claude Desktop   ~/Library/.../claude_desktop_config.json\n    \u2022 Cursor           ~/.cursor/mcp.json\n    \u2022 VS Code / Copilot .vscode/mcp.json\n    \u2022 Windsurf         ~/.codeium/windsurf/mcp_config.json\n    \u2022 Cline            ~/.cline/mcp_settings.json\n    \u2022 Continue.dev     ~/.continue/config.json\n    \u2022 Project-level    .mcp.json, mcp.json\n\n  Tip: pass --config <path> to scan a specific file.\n\n"
+          )
+        )
+      );
+    }
+    process.exit(0);
+  }
+  const results = [];
+  let totalRisks = 0;
+  for (const configPath of configPaths) {
+    let raw;
+    try {
+      const content = fs4.readFileSync(configPath, "utf-8");
+      raw = JSON.parse(content);
+    } catch {
+      if (!options.json) {
+        process.stderr.write(
+          chalk5.red(`  Failed to parse: ${configPath}
+
+`)
+        );
+      }
+      continue;
+    }
+    const servers = raw.mcpServers ?? raw;
+    for (const [name, config] of Object.entries(servers)) {
+      if (!config || typeof config !== "object" || !config.command) continue;
+      const serverStr = `${config.command} ${(config.args ?? []).join(" ")}`;
+      const risks = [];
+      for (const risky of RISKY_TOOLS) {
+        if (serverStr.toLowerCase().includes(risky.pattern)) {
+          risks.push({ level: risky.risk, reason: risky.reason });
+        }
+      }
+      const isProtected = serverStr.includes("agent-wall");
+      if (!isProtected) totalRisks += risks.length;
+      results.push({
+        name,
+        configFile: configPath,
+        command: serverStr,
+        protected: isProtected,
+        risks
+      });
+    }
+  }
+  if (options.json) {
+    process.stdout.write(
+      JSON.stringify({ servers: results, totalRisks }, null, 2) + "\n"
+    );
+    return;
+  }
+  process.stderr.write("\n");
+  process.stderr.write(
+    chalk5.cyan("\u2500\u2500\u2500 Agent Wall Security Scan \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+  let lastConfig = "";
+  for (const server of results) {
+    if (server.configFile !== lastConfig) {
+      lastConfig = server.configFile;
+      process.stderr.write(
+        chalk5.gray("  Config: ") + chalk5.white(server.configFile) + "\n\n"
+      );
+    }
+    const riskColor = server.risks.some((r) => r.level === "critical") ? chalk5.red : server.risks.some((r) => r.level === "high") ? chalk5.yellow : server.risks.length > 0 ? chalk5.gray : chalk5.green;
+    const statusIcon = server.protected ? chalk5.green("\u{1F6E1}") : server.risks.length > 0 ? chalk5.red("\u26A0") : chalk5.green("\u2713");
+    process.stderr.write(
+      `  ${statusIcon} ${chalk5.bold.white(server.name)}
+`
+    );
+    process.stderr.write(
+      chalk5.gray(`     Command: ${server.command.slice(0, 80)}
+`)
+    );
+    if (server.protected) {
+      process.stderr.write(
+        chalk5.green("     Protected by Agent Wall \u2713\n")
+      );
+    } else if (server.risks.length > 0) {
+      for (const risk of server.risks) {
+        process.stderr.write(
+          riskColor(
+            `     ${risk.level.toUpperCase()}: ${risk.reason}
+`
+          )
+        );
+      }
+      process.stderr.write(
+        chalk5.gray(
+          `     Fix: agent-wall wrap -- ${server.command}
+`
+        )
+      );
+    } else {
+      process.stderr.write(chalk5.green("     No known risks detected\n"));
+    }
+    process.stderr.write("\n");
+  }
+  process.stderr.write(
+    chalk5.cyan("\u2500\u2500\u2500 Scan Results \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n")
+  );
+  process.stderr.write(
+    chalk5.gray("  MCP Servers: ") + chalk5.white(String(results.length)) + "\n"
+  );
+  process.stderr.write(
+    chalk5.gray("  Risks found: ") + (totalRisks > 0 ? chalk5.red(String(totalRisks)) : chalk5.green("0")) + "\n"
+  );
+  process.stderr.write(
+    chalk5.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+  if (totalRisks > 0) {
+    process.stderr.write(
+      chalk5.yellow(
+        "  Run 'agent-wall init' to create a policy config,\n  then wrap your servers with 'agent-wall wrap'.\n\n"
+      )
+    );
+  }
+}
+
+// src/commands/validate.ts
+import { loadPolicy as loadPolicy3, PolicyEngine as PolicyEngine3 } from "@agent-wall/core";
+import chalk6 from "chalk";
+function validateCommand(options) {
+  process.stderr.write("\n");
+  process.stderr.write(
+    chalk6.cyan("\u2500\u2500\u2500 Agent Wall Config Validation \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+  let config;
+  let filePath;
+  try {
+    const result = loadPolicy3(options.config);
+    config = result.config;
+    filePath = result.filePath;
+  } catch (error) {
+    process.stderr.write(
+      chalk6.red("  \u2717 ") + chalk6.red(`Failed to load config: ${error.message}
+
+`)
+    );
+    process.exit(1);
+  }
+  process.stderr.write(
+    chalk6.green("  \u2713 ") + chalk6.white("Config loaded: ") + chalk6.gray(filePath ?? "built-in defaults") + "\n"
+  );
+  if (config.version !== 1) {
+    process.stderr.write(
+      chalk6.yellow("  \u26A0 ") + chalk6.yellow(`Unknown config version: ${config.version} (expected 1)
+`)
+    );
+  } else {
+    process.stderr.write(
+      chalk6.green("  \u2713 ") + chalk6.white("Version: 1\n")
+    );
+  }
+  const validActions = ["allow", "deny", "prompt"];
+  if (!config.defaultAction || !validActions.includes(config.defaultAction)) {
+    process.stderr.write(
+      chalk6.red("  \u2717 ") + chalk6.red(`Invalid defaultAction: "${config.defaultAction}" (expected: allow, deny, prompt)
+`)
+    );
+  } else {
+    process.stderr.write(
+      chalk6.green("  \u2713 ") + chalk6.white(`Default action: ${config.defaultAction}
+`)
+    );
+  }
+  if (config.globalRateLimit) {
+    if (config.globalRateLimit.maxCalls <= 0) {
+      process.stderr.write(
+        chalk6.yellow("  \u26A0 ") + chalk6.yellow("Global rate limit maxCalls should be > 0\n")
+      );
+    } else {
+      process.stderr.write(
+        chalk6.green("  \u2713 ") + chalk6.white(
+          `Global rate limit: ${config.globalRateLimit.maxCalls} calls / ${config.globalRateLimit.windowSeconds}s
+`
+        )
+      );
+    }
+  }
+  process.stderr.write(
+    chalk6.green("  \u2713 ") + chalk6.white(`Rules: ${config.rules.length} loaded
+`)
+  );
+  let warnings = 0;
+  let errors = 0;
+  const ruleNames = /* @__PURE__ */ new Set();
+  for (let i = 0; i < config.rules.length; i++) {
+    const rule = config.rules[i];
+    const label = rule.name ?? `rule[${i}]`;
+    if (rule.name) {
+      if (ruleNames.has(rule.name)) {
+        process.stderr.write(
+          chalk6.yellow("  \u26A0 ") + chalk6.yellow(`Duplicate rule name: "${rule.name}"
+`)
+        );
+        warnings++;
+      }
+      ruleNames.add(rule.name);
+    } else {
+      process.stderr.write(
+        chalk6.yellow("  \u26A0 ") + chalk6.yellow(`Rule at index ${i} has no name (recommended for audit logs)
+`)
+      );
+      warnings++;
+    }
+    if (!validActions.includes(rule.action)) {
+      process.stderr.write(
+        chalk6.red("  \u2717 ") + chalk6.red(`${label}: invalid action "${rule.action}"
+`)
+      );
+      errors++;
+    }
+    if (rule.tool && rule.tool.includes(" ")) {
+      process.stderr.write(
+        chalk6.yellow("  \u26A0 ") + chalk6.yellow(`${label}: tool pattern contains spaces \u2014 use "|" to separate alternatives
+`)
+      );
+      warnings++;
+    }
+    if (rule.rateLimit) {
+      if (rule.rateLimit.maxCalls <= 0 || rule.rateLimit.windowSeconds <= 0) {
+        process.stderr.write(
+          chalk6.yellow("  \u26A0 ") + chalk6.yellow(`${label}: rate limit values should be > 0
+`)
+        );
+        warnings++;
+      }
+    }
+  }
+  try {
+    new PolicyEngine3(config);
+    process.stderr.write(
+      chalk6.green("  \u2713 ") + chalk6.white("Policy engine: OK\n")
+    );
+  } catch (error) {
+    process.stderr.write(
+      chalk6.red("  \u2717 ") + chalk6.red(`Policy engine failed: ${error.message}
+`)
+    );
+    errors++;
+  }
+  process.stderr.write("\n");
+  if (errors > 0) {
+    process.stderr.write(
+      chalk6.red(`  ${errors} error(s), ${warnings} warning(s)
+
+`)
+    );
+    process.exit(1);
+  } else if (warnings > 0) {
+    process.stderr.write(
+      chalk6.yellow(`  ${warnings} warning(s), 0 errors \u2014 config is valid
+
+`)
+    );
+  } else {
+    process.stderr.write(
+      chalk6.green("  \u2713 Config is valid \u2014 no issues found\n\n")
+    );
+  }
+}
+
+// src/commands/doctor.ts
+import * as fs5 from "fs";
+import * as os2 from "os";
+import * as path4 from "path";
+import chalk7 from "chalk";
+import { loadPolicy as loadPolicy4, PolicyEngine as PolicyEngine4 } from "@agent-wall/core";
+function doctorCommand(options) {
+  const checks = [];
+  process.stderr.write("\n");
+  process.stderr.write(
+    chalk7.cyan("\u2500\u2500\u2500 Agent Wall Doctor \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+  const nodeVersion = process.versions.node;
+  const [major] = nodeVersion.split(".").map(Number);
+  checks.push({
+    label: "Node.js version",
+    ok: major >= 18,
+    detail: `v${nodeVersion}${major < 18 ? " (requires >= 18)" : ""}`
+  });
+  let configOk = false;
+  let configDetail = "";
+  let ruleCount = 0;
+  try {
+    const { config, filePath } = loadPolicy4(options.config);
+    configOk = true;
+    ruleCount = config.rules.length;
+    configDetail = `${filePath ?? "built-in defaults"} (${ruleCount} rules)`;
+    const engine = new PolicyEngine4(config);
+    engine.evaluate({ name: "__doctor_test__", arguments: {} });
+  } catch (err) {
+    configDetail = err instanceof Error ? err.message : String(err);
+  }
+  checks.push({
+    label: "Policy config",
+    ok: configOk,
+    detail: configDetail
+  });
+  const home = os2.homedir();
+  const platform3 = os2.platform();
+  const mcpClients = [
+    { name: "Claude Code", path: path4.join(home, ".claude", "mcp_servers.json") },
+    { name: "Cursor", path: path4.join(home, ".cursor", "mcp.json") },
+    { name: "VS Code", path: path4.join(process.cwd(), ".vscode", "mcp.json") },
+    { name: "Windsurf", path: path4.join(home, ".codeium", "windsurf", "mcp_config.json") },
+    { name: "Cline", path: path4.join(home, ".cline", "mcp_settings.json") }
+  ];
+  if (platform3 === "win32") {
+    mcpClients.push({
+      name: "Claude Desktop",
+      path: path4.join(home, "AppData", "Roaming", "Claude", "claude_desktop_config.json")
+    });
+  } else if (platform3 === "darwin") {
+    mcpClients.push({
+      name: "Claude Desktop",
+      path: path4.join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json")
+    });
+  } else {
+    mcpClients.push({
+      name: "Claude Desktop",
+      path: path4.join(home, ".config", "Claude", "claude_desktop_config.json")
+    });
+  }
+  const detected = mcpClients.filter((c) => fs5.existsSync(c.path));
+  checks.push({
+    label: "MCP clients found",
+    ok: detected.length > 0,
+    detail: detected.length > 0 ? detected.map((c) => c.name).join(", ") : "None detected (run 'agent-wall scan' for details)"
+  });
+  const envVars = [];
+  if (process.env.AGENT_WALL_CONFIG) envVars.push("AGENT_WALL_CONFIG");
+  if (process.env.AGENT_WALL_LOG) envVars.push("AGENT_WALL_LOG");
+  checks.push({
+    label: "Env overrides",
+    ok: true,
+    // Always "ok" — just informational
+    detail: envVars.length > 0 ? envVars.join(", ") : "None set"
+  });
+  for (const check of checks) {
+    const icon = check.ok ? chalk7.green("\u2713") : chalk7.red("\u2717");
+    process.stderr.write(
+      `  ${icon} ${chalk7.bold.white(check.label)}
+`
+    );
+    process.stderr.write(chalk7.gray(`    ${check.detail}
+
+`));
+  }
+  const failures = checks.filter((c) => !c.ok);
+  process.stderr.write(
+    chalk7.cyan("\u2500\u2500\u2500 Summary \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n")
+  );
+  if (failures.length === 0) {
+    process.stderr.write(
+      chalk7.green("  All checks passed. Agent Wall is ready.\n\n")
+    );
+  } else {
+    process.stderr.write(
+      chalk7.yellow(
+        `  ${failures.length} issue(s) found:
+`
+      )
+    );
+    for (const f of failures) {
+      process.stderr.write(chalk7.yellow(`    \u2022 ${f.label}: ${f.detail}
+`));
+    }
+    process.stderr.write("\n");
+  }
+  process.stderr.write(
+    chalk7.cyan("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\n\n")
+  );
+}
+
+// src/index.ts
+function envConfig(explicit) {
+  return explicit ?? process.env.AGENT_WALL_CONFIG ?? void 0;
+}
+function envLogFile(explicit) {
+  return explicit ?? process.env.AGENT_WALL_LOG ?? void 0;
+}
+var program = new Command();
+program.name("agent-wall").description(
+  "Security firewall for AI agents \u2014 intercept MCP tool calls, enforce policies, block attacks."
+).version("0.1.0");
+program.command("wrap").description("Wrap an MCP server with Agent Wall policy enforcement").option("-c, --config <path>", "Path to agent-wall.yaml config file").option("-l, --log-file <path>", "Path to write audit log (JSON lines)").option("-s, --silent", "Suppress Agent Wall output (only MCP protocol on stdout)").option("--dry-run", "Preview policy evaluation without starting the server").option("-d, --dashboard", "Launch real-time security dashboard").option("--dashboard-port <port>", "Dashboard port (default: 61100)", parseInt).argument("[serverArgs...]", "Server command and arguments (after --)").allowUnknownOption(true).action((serverArgs, opts) => {
+  wrapCommand(serverArgs, {
+    config: envConfig(opts.config),
+    logFile: envLogFile(opts.logFile),
+    silent: opts.silent,
+    dryRun: opts.dryRun,
+    dashboard: opts.dashboard,
+    dashboardPort: opts.dashboardPort
+  });
+});
+program.command("init").description("Generate a starter agent-wall.yaml configuration file").option("-p, --path <path>", "Output path (default: ./agent-wall.yaml)").option("-f, --force", "Overwrite existing file").action((opts) => {
+  initCommand({ path: opts.path, force: opts.force });
+});
+program.command("test").description("Dry-run a tool call against your policy rules").option("-c, --config <path>", "Path to agent-wall.yaml config file").requiredOption("-t, --tool <name>", "Tool name to test").option(
+  "-a, --arg <key=value>",
+  "Tool argument (repeatable)",
+  (val, prev) => [...prev, val],
+  []
+).action((opts) => {
+  testCommand({ config: envConfig(opts.config), tool: opts.tool, arg: opts.arg });
+});
+program.command("audit").description("Display and analyze audit logs").requiredOption("-l, --log <path>", "Path to the audit log file").option(
+  "-f, --filter <action>",
+  "Filter by action: allowed, denied, prompted, all",
+  "all"
+).option("-n, --last <count>", "Show only the last N entries", parseInt).option("--json", "Output raw JSON").action((opts) => {
+  auditCommand({
+    log: opts.log,
+    filter: opts.filter,
+    last: opts.last,
+    json: opts.json
+  });
+});
+program.command("scan").description("Scan your MCP configuration for security risks").option("-c, --config <path>", "Path to MCP config file").option("--json", "Output results as JSON").action((opts) => {
+  scanCommand({ config: opts.config, json: opts.json });
+});
+program.command("validate").description("Validate your policy configuration file").option("-c, --config <path>", "Path to agent-wall.yaml config file").action((opts) => {
+  validateCommand({ config: envConfig(opts.config) });
+});
+program.command("doctor").description("Health check \u2014 verify config, environment, and MCP setup").option("-c, --config <path>", "Path to agent-wall.yaml config file").action((opts) => {
+  doctorCommand({ config: envConfig(opts.config) });
+});
+program.parse();
+//# sourceMappingURL=index.js.map