@askmesh/mcp 0.10.7 → 0.11.0

package/dist/agent/askmeshignore.d.ts

@@ -0,0 +1,10 @@
+export interface IgnoreMatcher {
+    patterns: string[];
+    shouldIgnore: (filePath: string) => boolean;
+    describe: () => string;
+}
+/**
+ * Load .askmeshignore from the current working directory and merge with defaults.
+ * Returns a matcher with shouldIgnore() and a describe() helper for prompts.
+ */
+export declare function loadIgnore(cwd?: string): IgnoreMatcher;

package/dist/agent/askmeshignore.js

@@ -0,0 +1,97 @@
+import { readFileSync, existsSync } from 'node:fs';
+import { join, basename } from 'node:path';
+// Default exclusions — applied even when no .askmeshignore file exists.
+// These are patterns that almost no project should ever share via the mesh.
+const DEFAULT_PATTERNS = [
+    // Environment files
+    '.env',
+    '.env.*',
+    '*.env',
+    // Secrets folders
+    'secrets/',
+    'secret/',
+    'private/',
+    '.secrets/',
+    // Keys and certificates
+    '*.key',
+    '*.pem',
+    '*.p12',
+    '*.pfx',
+    '*.crt',
+    '*.csr',
+    '*.der',
+    'id_rsa',
+    'id_rsa.*',
+    'id_dsa',
+    'id_ecdsa',
+    'id_ed25519',
+    // Credentials
+    'credentials',
+    'credentials.*',
+    '.npmrc',
+    '.pypirc',
+    '.netrc',
+    '.aws/',
+    '.ssh/',
+    '.gnupg/',
+    // Cloud
+    'service-account.json',
+    'service-account-*.json',
+    'gcp-key.json',
+    'firebase-adminsdk-*.json',
+    // Common build/dep dirs
+    'node_modules/',
+    '.git/',
+];
+/**
+ * Load .askmeshignore from the current working directory and merge with defaults.
+ * Returns a matcher with shouldIgnore() and a describe() helper for prompts.
+ */
+export function loadIgnore(cwd = process.cwd()) {
+    const patterns = [...DEFAULT_PATTERNS];
+    const file = join(cwd, '.askmeshignore');
+    if (existsSync(file)) {
+        try {
+            const content = readFileSync(file, 'utf-8');
+            for (const rawLine of content.split('\n')) {
+                const line = rawLine.trim();
+                if (!line || line.startsWith('#'))
+                    continue;
+                patterns.push(line);
+            }
+        }
+        catch { }
+    }
+    const compiled = patterns.map(compile);
+    const shouldIgnore = (filePath) => {
+        const name = basename(filePath);
+        return compiled.some((re) => re.test(filePath) || re.test(name));
+    };
+    const describe = () => {
+        return patterns.join(', ');
+    };
+    return { patterns, shouldIgnore, describe };
+}
+/**
+ * Convert a glob-like pattern to a RegExp.
+ * Supports: *, **, trailing / (folder), leading * (suffix match)
+ */
+function compile(pattern) {
+    let p = pattern.trim();
+    // Folder pattern (trailing /)
+    const isFolder = p.endsWith('/');
+    if (isFolder)
+        p = p.slice(0, -1);
+    // Escape regex special chars except * and ?
+    let re = p.replace(/[.+^${}()|[\]\\]/g, '\\$&');
+    // ** matches anything (including /)
+    re = re.replace(/\*\*/g, '§§');
+    // * matches anything except /
+    re = re.replace(/\*/g, '[^/]*');
+    re = re.replace(/§§/g, '.*');
+    re = re.replace(/\?/g, '.');
+    if (isFolder) {
+        return new RegExp(`(^|/)${re}(/|$)`);
+    }
+    return new RegExp(`(^|/)${re}$`);
+}

package/dist/agent/auto_responder.d.ts

@@ -6,6 +6,12 @@ export declare class AutoResponder {
     private mcpServer;
     constructor(client: AskMeshClient);
     setServer(server: Server): void;
+    /**
+     * Send a reply through the AskMesh client with a pre-send redaction scan.
+     * If secrets are detected, the reply is blocked and a desktop notification +
+     * status line update inform the owner. Returns true if the reply was sent.
+     */
+    private safeReply;
     handleRequest(request: IncomingRequest): Promise<void>;
     private callAnthropicAPI;
 }

package/dist/agent/auto_responder.js

@@ -1,5 +1,6 @@
 import { readLocalContext } from './context_reader.js';
 import { sendDesktopNotification } from './notifier.js';
+import { scanForSecrets, formatBlockedMessage } from './redaction.js';
 const SYSTEM_PROMPT = `You are an AI coding agent responding on behalf of a developer through AskMesh.
 You have access to the developer's project context below.
 Use this context to answer accurately and concisely.
@@ -12,8 +13,12 @@ SECURITY RULES:
 - READ-ONLY: Never suggest or execute destructive operations (DELETE, DROP, rm, reset --hard, etc.)
 - NO SECRETS: Never include passwords, API keys, tokens, or credentials in your responses
 - NO SENSITIVE DATA: Never expose personal data, database connection strings, or internal URLs
+- HONOR .askmeshignore: Never read or share files listed by the project's privacy policy
 - If asked for sensitive information, respond: "I can't share this information via AskMesh for security reasons."
-- You may share: code patterns, architecture decisions, file structures, conventions, public configs`;
+- You may share: code patterns, architecture decisions, file structures, conventions, public configs
+
+A pre-send filter will block your response if it contains detectable secrets (API keys, JWTs, private keys, DB URLs, etc.).
+Avoid quoting raw config values — describe them instead.`;
 export class AutoResponder {
     client;
     mcpServer = null;
@@ -23,6 +28,37 @@ export class AutoResponder {
     setServer(server) {
         this.mcpServer = server;
     }
+    /**
+     * Send a reply through the AskMesh client with a pre-send redaction scan.
+     * If secrets are detected, the reply is blocked and a desktop notification +
+     * status line update inform the owner. Returns true if the reply was sent.
+     */
+    async safeReply(requestId, answer, source) {
+        const scan = scanForSecrets(answer);
+        if (!scan.safe) {
+            const samples = scan.hits.map((h) => `${h.pattern} (${h.sample})`).join(', ');
+            console.error(`[AskMesh] 🚫 BLOCKED reply #${requestId} (${source}) — secrets detected: ${samples}`);
+            // Notify the owner via desktop and via the MCP logging channel
+            sendDesktopNotification('AskMesh — réponse bloquée', `Secrets détectés: ${scan.hits.map((h) => h.pattern).join(', ')}`);
+            if (this.mcpServer) {
+                try {
+                    await this.mcpServer.sendLoggingMessage({
+                        level: 'warning',
+                        data: formatBlockedMessage(scan),
+                    });
+                }
+                catch { }
+            }
+            // Revert thread status to pending so the human can take over
+            try {
+                await this.client.updateThreadStatus(requestId, 'pending');
+            }
+            catch { }
+            return false;
+        }
+        await this.client.replyToThread(requestId, answer);
+        return true;
+    }
     async handleRequest(request) {
         console.error(`[AskMesh] Question from @${request.fromUsername}: "${request.question}"`);
         // Desktop notification
@@ -67,8 +103,9 @@ export class AutoResponder {
                 }, {}));
                 const answer = result?.content?.text || result?.content?.[0]?.text;
                 if (answer) {
-                    await this.client.replyToThread(request.id, answer);
-                    console.error(`[AskMesh] Responded to #${request.id} via Claude Code`);
+                    const sent = await this.safeReply(request.id, answer, 'Claude Code');
+                    if (sent)
+                        console.error(`[AskMesh] Responded to #${request.id} via Claude Code`);
                     return;
                 }
             }
@@ -83,8 +120,9 @@ export class AutoResponder {
                 const context = readLocalContext();
                 const answer = await this.callAnthropicAPI(apiKey, request, context);
                 if (answer) {
-                    await this.client.replyToThread(request.id, answer);
-                    console.error(`[AskMesh] Responded to #${request.id} via Anthropic API`);
+                    const sent = await this.safeReply(request.id, answer, 'Anthropic API');
+                    if (sent)
+                        console.error(`[AskMesh] Responded to #${request.id} via Anthropic API`);
                     return;
                 }
             }

package/dist/agent/context_reader.js

@@ -1,18 +1,22 @@
 import { readFileSync, readdirSync, existsSync } from 'node:fs';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
+import { loadIgnore } from './askmeshignore.js';
 export function readLocalContext() {
     const parts = [];
+    const ignore = loadIgnore();
     // 1. CLAUDE.md from current working directory
     const claudeMdPath = join(process.cwd(), 'CLAUDE.md');
-    if (existsSync(claudeMdPath)) {
+    if (existsSync(claudeMdPath) && !ignore.shouldIgnore('CLAUDE.md')) {
         parts.push('=== CLAUDE.md ===');
         parts.push(readSafe(claudeMdPath));
     }
     // 2. Global Claude Code memories
     const globalMemDir = join(homedir(), '.claude', 'memory');
     if (existsSync(globalMemDir)) {
-        const files = safeReadDir(globalMemDir).filter((f) => f.endsWith('.md'));
+        const files = safeReadDir(globalMemDir)
+            .filter((f) => f.endsWith('.md'))
+            .filter((f) => !ignore.shouldIgnore(f));
         if (files.length > 0) {
             parts.push('=== Global memories ===');
             for (const file of files.slice(0, 10)) {
@@ -32,7 +36,9 @@ export function readLocalContext() {
             if (dir.includes(cwdKey) || cwdKey.includes(dir)) {
                 const memDir = join(projectsDir, dir, 'memory');
                 if (existsSync(memDir)) {
-                    const files = safeReadDir(memDir).filter((f) => f.endsWith('.md'));
+                    const files = safeReadDir(memDir)
+                        .filter((f) => f.endsWith('.md'))
+                        .filter((f) => !ignore.shouldIgnore(f));
                     if (files.length > 0) {
                         parts.push('=== Project memories ===');
                         for (const file of files.slice(0, 10)) {
@@ -45,6 +51,9 @@ export function readLocalContext() {
             }
         }
     }
+    // 4. Append the active ignore policy so the agent knows what NOT to read
+    parts.push('=== Privacy policy (.askmeshignore) ===');
+    parts.push(`Never read or share contents of files matching these patterns: ${ignore.describe()}`);
     return parts.join('\n\n') || 'No local context available.';
 }
 function readSafe(path) {

package/dist/agent/redaction.d.ts

@@ -0,0 +1,16 @@
+export interface RedactionResult {
+    safe: boolean;
+    hits: Array<{
+        pattern: string;
+        sample: string;
+    }>;
+}
+/**
+ * Scan a reply for known secret patterns. Returns safe=false if any are found.
+ * The hits include the pattern name and a truncated sample for logging/audit.
+ */
+export declare function scanForSecrets(text: string): RedactionResult;
+/**
+ * Format a user-facing block message when redaction triggers.
+ */
+export declare function formatBlockedMessage(result: RedactionResult): string;

package/dist/agent/redaction.js

@@ -0,0 +1,101 @@
+// Pre-send redaction — scans outgoing replies for common secret patterns
+// and blocks them before they're sent through the mesh.
+//
+// This is a defense-in-depth layer. The agent is also instructed not to share
+// secrets, but we don't trust the LLM to never slip up.
+const PATTERNS = [
+    {
+        name: 'AWS Access Key',
+        detect: (t) => match(t, /\bAKIA[0-9A-Z]{16}\b/g),
+    },
+    {
+        name: 'AWS Secret Key (assignment)',
+        detect: (t) => match(t, /aws_secret_access_key\s*[=:]\s*['"][^'"]+['"]/gi),
+    },
+    {
+        name: 'OpenAI API Key',
+        detect: (t) => match(t, /\bsk-(?:proj-)?[A-Za-z0-9_\-]{32,}\b/g),
+    },
+    {
+        name: 'Anthropic API Key',
+        detect: (t) => match(t, /\bsk-ant-[A-Za-z0-9_\-]{20,}\b/g),
+    },
+    {
+        name: 'GitHub Token',
+        detect: (t) => match(t, /\bgh[poursa]_[A-Za-z0-9_]{36,}\b/g),
+    },
+    {
+        name: 'Slack Token',
+        detect: (t) => match(t, /\bxox[bpoars]-[A-Za-z0-9-]{10,}\b/g),
+    },
+    {
+        name: 'Stripe Key',
+        detect: (t) => match(t, /\b(?:sk|pk|rk)_(?:test|live)_[A-Za-z0-9]{20,}\b/g),
+    },
+    {
+        name: 'JWT',
+        detect: (t) => match(t, /\beyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g),
+    },
+    {
+        name: 'Private Key (PEM)',
+        detect: (t) => match(t, /-----BEGIN (?:RSA |EC |OPENSSH |DSA |PGP )?PRIVATE KEY-----/g),
+    },
+    {
+        name: 'Database URL',
+        detect: (t) => match(t, /\b(?:postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis|amqp):\/\/[^\s'"]*:[^\s'"@]+@[^\s'"]+/gi),
+    },
+    {
+        name: 'Generic API Key Assignment',
+        detect: (t) => match(t, /\b(?:api[_-]?key|apikey|secret(?:[_-]?key)?|access[_-]?token|auth[_-]?token|password)\s*[:=]\s*['"][A-Za-z0-9_\-+/=]{16,}['"]/gi),
+    },
+    {
+        name: 'Google API Key',
+        detect: (t) => match(t, /\bAIza[0-9A-Za-z\-_]{35}\b/g),
+    },
+    {
+        name: 'Square Token',
+        detect: (t) => match(t, /\bsq0(?:atp|csp|idp)-[A-Za-z0-9_-]{22,}\b/g),
+    },
+    {
+        name: 'Twilio API Key',
+        detect: (t) => match(t, /\bSK[a-f0-9]{32}\b/g),
+    },
+    {
+        name: 'SendGrid API Key',
+        detect: (t) => match(t, /\bSG\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\b/g),
+    },
+    {
+        name: 'Mailgun API Key',
+        detect: (t) => match(t, /\bkey-[a-f0-9]{32}\b/g),
+    },
+];
+function match(text, re) {
+    const found = text.match(re);
+    return found && found.length > 0 ? found : null;
+}
+/**
+ * Scan a reply for known secret patterns. Returns safe=false if any are found.
+ * The hits include the pattern name and a truncated sample for logging/audit.
+ */
+export function scanForSecrets(text) {
+    const hits = [];
+    for (const p of PATTERNS) {
+        const found = p.detect(text);
+        if (found) {
+            for (const f of found) {
+                hits.push({
+                    pattern: p.name,
+                    sample: f.length > 24 ? `${f.slice(0, 8)}…${f.slice(-4)}` : f,
+                });
+            }
+        }
+    }
+    return { safe: hits.length === 0, hits };
+}
+/**
+ * Format a user-facing block message when redaction triggers.
+ */
+export function formatBlockedMessage(result) {
+    const list = result.hits.map((h) => `  - ${h.pattern}: ${h.sample}`).join('\n');
+    return `🚫 Réponse bloquée par le filtre AskMesh — secrets détectés :\n${list}\n\nReformule ta réponse sans les valeurs sensibles.`;
+}

package/dist/index.js

@@ -11,7 +11,7 @@ const TOKEN = process.env.ASKMESH_TOKEN;
 const URL = process.env.ASKMESH_URL || 'https://api.askmesh.dev';
 const server = new McpServer({
     name: 'askmesh',
-    version: '0.10.7',
+    version: '0.11.0',
 });
 if (!TOKEN) {
     // No token — start in setup-only mode

package/dist/tools/askmesh.js

@@ -277,7 +277,7 @@ Si l'utilisateur n'a pas encore de compte, dirige-le vers https://askmesh.dev po
         return text('Action inconnue.');
     });
 }
-const CURRENT_VERSION = '0.10.7';
+const CURRENT_VERSION = '0.11.0';
 async function checkUpdateAndSetup() {
     const lines = [];
     lines.push(`Version actuelle : ${CURRENT_VERSION}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askmesh/mcp",
-  "version": "0.10.7",
+  "version": "0.11.0",
   "description": "AskMesh MCP server — connect your AI coding agent to your team's mesh network",
   "type": "module",
   "bin": {