@askmesh/mcp 0.10.7 → 0.11.1

package/dist/agent/askmeshignore.d.ts

@@ -0,0 +1,11 @@
+export declare const DEFAULT_PATTERNS: string[];
+export interface IgnoreMatcher {
+    patterns: string[];
+    shouldIgnore: (filePath: string) => boolean;
+    describe: () => string;
+}
+/**
+ * Load .askmeshignore from the current working directory and merge with defaults.
+ * Returns a matcher with shouldIgnore() and a describe() helper for prompts.
+ */
+export declare function loadIgnore(cwd?: string): IgnoreMatcher;

package/dist/agent/askmeshignore.js

@@ -0,0 +1,97 @@
+import { readFileSync, existsSync } from 'node:fs';
+import { join, basename } from 'node:path';
+// Default exclusions — applied even when no .askmeshignore file exists.
+// These are patterns that almost no project should ever share via the mesh.
+export const DEFAULT_PATTERNS = [
+    // Environment files
+    '.env',
+    '.env.*',
+    '*.env',
+    // Secrets folders
+    'secrets/',
+    'secret/',
+    'private/',
+    '.secrets/',
+    // Keys and certificates
+    '*.key',
+    '*.pem',
+    '*.p12',
+    '*.pfx',
+    '*.crt',
+    '*.csr',
+    '*.der',
+    'id_rsa',
+    'id_rsa.*',
+    'id_dsa',
+    'id_ecdsa',
+    'id_ed25519',
+    // Credentials
+    'credentials',
+    'credentials.*',
+    '.npmrc',
+    '.pypirc',
+    '.netrc',
+    '.aws/',
+    '.ssh/',
+    '.gnupg/',
+    // Cloud
+    'service-account.json',
+    'service-account-*.json',
+    'gcp-key.json',
+    'firebase-adminsdk-*.json',
+    // Common build/dep dirs
+    'node_modules/',
+    '.git/',
+];
+/**
+ * Load .askmeshignore from the current working directory and merge with defaults.
+ * Returns a matcher with shouldIgnore() and a describe() helper for prompts.
+ */
+export function loadIgnore(cwd = process.cwd()) {
+    const patterns = [...DEFAULT_PATTERNS];
+    const file = join(cwd, '.askmeshignore');
+    if (existsSync(file)) {
+        try {
+            const content = readFileSync(file, 'utf-8');
+            for (const rawLine of content.split('\n')) {
+                const line = rawLine.trim();
+                if (!line || line.startsWith('#'))
+                    continue;
+                patterns.push(line);
+            }
+        }
+        catch { }
+    }
+    const compiled = patterns.map(compile);
+    const shouldIgnore = (filePath) => {
+        const name = basename(filePath);
+        return compiled.some((re) => re.test(filePath) || re.test(name));
+    };
+    const describe = () => {
+        return patterns.join(', ');
+    };
+    return { patterns, shouldIgnore, describe };
+}
+/**
+ * Convert a glob-like pattern to a RegExp.
+ * Supports: *, **, trailing / (folder), leading * (suffix match)
+ */
+function compile(pattern) {
+    let p = pattern.trim();
+    // Folder pattern (trailing /)
+    const isFolder = p.endsWith('/');
+    if (isFolder)
+        p = p.slice(0, -1);
+    // Escape regex special chars except * and ?
+    let re = p.replace(/[.+^${}()|[\]\\]/g, '\\$&');
+    // ** matches anything (including /)
+    re = re.replace(/\*\*/g, '§§');
+    // * matches anything except /
+    re = re.replace(/\*/g, '[^/]*');
+    re = re.replace(/§§/g, '.*');
+    re = re.replace(/\?/g, '.');
+    if (isFolder) {
+        return new RegExp(`(^|/)${re}(/|$)`);
+    }
+    return new RegExp(`(^|/)${re}$`);
+}

package/dist/agent/auto_responder.d.ts

@@ -6,6 +6,12 @@ export declare class AutoResponder {
     private mcpServer;
     constructor(client: AskMeshClient);
     setServer(server: Server): void;
+    /**
+     * Send a reply through the AskMesh client with a pre-send redaction scan.
+     * If secrets are detected, the reply is blocked and a desktop notification +
+     * status line update inform the owner. Returns true if the reply was sent.
+     */
+    private safeReply;
     handleRequest(request: IncomingRequest): Promise<void>;
     private callAnthropicAPI;
 }

package/dist/agent/auto_responder.js

@@ -1,5 +1,6 @@
 import { readLocalContext } from './context_reader.js';
 import { sendDesktopNotification } from './notifier.js';
+import { scanForSecrets, formatBlockedMessage } from './redaction.js';
 const SYSTEM_PROMPT = `You are an AI coding agent responding on behalf of a developer through AskMesh.
 You have access to the developer's project context below.
 Use this context to answer accurately and concisely.
@@ -12,8 +13,12 @@ SECURITY RULES:
 - READ-ONLY: Never suggest or execute destructive operations (DELETE, DROP, rm, reset --hard, etc.)
 - NO SECRETS: Never include passwords, API keys, tokens, or credentials in your responses
 - NO SENSITIVE DATA: Never expose personal data, database connection strings, or internal URLs
+- HONOR .askmeshignore: Never read or share files listed by the project's privacy policy
 - If asked for sensitive information, respond: "I can't share this information via AskMesh for security reasons."
-- You may share: code patterns, architecture decisions, file structures, conventions, public configs`;
+- You may share: code patterns, architecture decisions, file structures, conventions, public configs
+
+A pre-send filter will block your response if it contains detectable secrets (API keys, JWTs, private keys, DB URLs, etc.).
+Avoid quoting raw config values — describe them instead.`;
 export class AutoResponder {
     client;
     mcpServer = null;
@@ -23,6 +28,37 @@ export class AutoResponder {
     setServer(server) {
         this.mcpServer = server;
     }
+    /**
+     * Send a reply through the AskMesh client with a pre-send redaction scan.
+     * If secrets are detected, the reply is blocked and a desktop notification +
+     * status line update inform the owner. Returns true if the reply was sent.
+     */
+    async safeReply(requestId, answer, source) {
+        const scan = scanForSecrets(answer);
+        if (!scan.safe) {
+            const samples = scan.hits.map((h) => `${h.pattern} (${h.sample})`).join(', ');
+            console.error(`[AskMesh] 🚫 BLOCKED reply #${requestId} (${source}) — secrets detected: ${samples}`);
+            // Notify the owner via desktop and via the MCP logging channel
+            sendDesktopNotification('AskMesh — réponse bloquée', `Secrets détectés: ${scan.hits.map((h) => h.pattern).join(', ')}`);
+            if (this.mcpServer) {
+                try {
+                    await this.mcpServer.sendLoggingMessage({
+                        level: 'warning',
+                        data: formatBlockedMessage(scan),
+                    });
+                }
+                catch { }
+            }
+            // Revert thread status to pending so the human can take over
+            try {
+                await this.client.updateThreadStatus(requestId, 'pending');
+            }
+            catch { }
+            return false;
+        }
+        await this.client.replyToThread(requestId, answer);
+        return true;
+    }
     async handleRequest(request) {
         console.error(`[AskMesh] Question from @${request.fromUsername}: "${request.question}"`);
         // Desktop notification
@@ -67,8 +103,9 @@ export class AutoResponder {
                 }, {}));
                 const answer = result?.content?.text || result?.content?.[0]?.text;
                 if (answer) {
-                    await this.client.replyToThread(request.id, answer);
-                    console.error(`[AskMesh] Responded to #${request.id} via Claude Code`);
+                    const sent = await this.safeReply(request.id, answer, 'Claude Code');
+                    if (sent)
+                        console.error(`[AskMesh] Responded to #${request.id} via Claude Code`);
                     return;
                 }
             }
@@ -83,8 +120,9 @@ export class AutoResponder {
                 const context = readLocalContext();
                 const answer = await this.callAnthropicAPI(apiKey, request, context);
                 if (answer) {
-                    await this.client.replyToThread(request.id, answer);
-                    console.error(`[AskMesh] Responded to #${request.id} via Anthropic API`);
+                    const sent = await this.safeReply(request.id, answer, 'Anthropic API');
+                    if (sent)
+                        console.error(`[AskMesh] Responded to #${request.id} via Anthropic API`);
                     return;
                 }
             }

package/dist/agent/context_reader.js

@@ -1,18 +1,22 @@
 import { readFileSync, readdirSync, existsSync } from 'node:fs';
 import { join } from 'node:path';
 import { homedir } from 'node:os';
+import { loadIgnore } from './askmeshignore.js';
 export function readLocalContext() {
     const parts = [];
+    const ignore = loadIgnore();
     // 1. CLAUDE.md from current working directory
     const claudeMdPath = join(process.cwd(), 'CLAUDE.md');
-    if (existsSync(claudeMdPath)) {
+    if (existsSync(claudeMdPath) && !ignore.shouldIgnore('CLAUDE.md')) {
         parts.push('=== CLAUDE.md ===');
         parts.push(readSafe(claudeMdPath));
     }
     // 2. Global Claude Code memories
     const globalMemDir = join(homedir(), '.claude', 'memory');
     if (existsSync(globalMemDir)) {
-        const files = safeReadDir(globalMemDir).filter((f) => f.endsWith('.md'));
+        const files = safeReadDir(globalMemDir)
+            .filter((f) => f.endsWith('.md'))
+            .filter((f) => !ignore.shouldIgnore(f));
         if (files.length > 0) {
             parts.push('=== Global memories ===');
             for (const file of files.slice(0, 10)) {
@@ -32,7 +36,9 @@ export function readLocalContext() {
             if (dir.includes(cwdKey) || cwdKey.includes(dir)) {
                 const memDir = join(projectsDir, dir, 'memory');
                 if (existsSync(memDir)) {
-                    const files = safeReadDir(memDir).filter((f) => f.endsWith('.md'));
+                    const files = safeReadDir(memDir)
+                        .filter((f) => f.endsWith('.md'))
+                        .filter((f) => !ignore.shouldIgnore(f));
                     if (files.length > 0) {
                         parts.push('=== Project memories ===');
                         for (const file of files.slice(0, 10)) {
@@ -45,6 +51,9 @@ export function readLocalContext() {
             }
         }
     }
+    // 4. Append the active ignore policy so the agent knows what NOT to read
+    parts.push('=== Privacy policy (.askmeshignore) ===');
+    parts.push(`Never read or share contents of files matching these patterns: ${ignore.describe()}`);
     return parts.join('\n\n') || 'No local context available.';
 }
 function readSafe(path) {

package/dist/agent/redaction.d.ts

@@ -0,0 +1,16 @@
+export interface RedactionResult {
+    safe: boolean;
+    hits: Array<{
+        pattern: string;
+        sample: string;
+    }>;
+}
+/**
+ * Scan a reply for known secret patterns. Returns safe=false if any are found.
+ * The hits include the pattern name and a truncated sample for logging/audit.
+ */
+export declare function scanForSecrets(text: string): RedactionResult;
+/**
+ * Format a user-facing block message when redaction triggers.
+ */
+export declare function formatBlockedMessage(result: RedactionResult): string;

package/dist/agent/redaction.js

@@ -0,0 +1,101 @@
+// Pre-send redaction — scans outgoing replies for common secret patterns
+// and blocks them before they're sent through the mesh.
+//
+// This is a defense-in-depth layer. The agent is also instructed not to share
+// secrets, but we don't trust the LLM to never slip up.
+const PATTERNS = [
+    {
+        name: 'AWS Access Key',
+        detect: (t) => match(t, /\bAKIA[0-9A-Z]{16}\b/g),
+    },
+    {
+        name: 'AWS Secret Key (assignment)',
+        detect: (t) => match(t, /aws_secret_access_key\s*[=:]\s*['"][^'"]+['"]/gi),
+    },
+    {
+        name: 'OpenAI API Key',
+        detect: (t) => match(t, /\bsk-(?:proj-)?[A-Za-z0-9_\-]{32,}\b/g),
+    },
+    {
+        name: 'Anthropic API Key',
+        detect: (t) => match(t, /\bsk-ant-[A-Za-z0-9_\-]{20,}\b/g),
+    },
+    {
+        name: 'GitHub Token',
+        detect: (t) => match(t, /\bgh[poursa]_[A-Za-z0-9_]{36,}\b/g),
+    },
+    {
+        name: 'Slack Token',
+        detect: (t) => match(t, /\bxox[bpoars]-[A-Za-z0-9-]{10,}\b/g),
+    },
+    {
+        name: 'Stripe Key',
+        detect: (t) => match(t, /\b(?:sk|pk|rk)_(?:test|live)_[A-Za-z0-9]{20,}\b/g),
+    },
+    {
+        name: 'JWT',
+        detect: (t) => match(t, /\beyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g),
+    },
+    {
+        name: 'Private Key (PEM)',
+        detect: (t) => match(t, /-----BEGIN (?:RSA |EC |OPENSSH |DSA |PGP )?PRIVATE KEY-----/g),
+    },
+    {
+        name: 'Database URL',
+        detect: (t) => match(t, /\b(?:postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis|amqp):\/\/[^\s'"]*:[^\s'"@]+@[^\s'"]+/gi),
+    },
+    {
+        name: 'Generic API Key Assignment',
+        detect: (t) => match(t, /\b(?:api[_-]?key|apikey|secret(?:[_-]?key)?|access[_-]?token|auth[_-]?token|password)\s*[:=]\s*['"][A-Za-z0-9_\-+/=]{16,}['"]/gi),
+    },
+    {
+        name: 'Google API Key',
+        detect: (t) => match(t, /\bAIza[0-9A-Za-z\-_]{35}\b/g),
+    },
+    {
+        name: 'Square Token',
+        detect: (t) => match(t, /\bsq0(?:atp|csp|idp)-[A-Za-z0-9_-]{22,}\b/g),
+    },
+    {
+        name: 'Twilio API Key',
+        detect: (t) => match(t, /\bSK[a-f0-9]{32}\b/g),
+    },
+    {
+        name: 'SendGrid API Key',
+        detect: (t) => match(t, /\bSG\.[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}\b/g),
+    },
+    {
+        name: 'Mailgun API Key',
+        detect: (t) => match(t, /\bkey-[a-f0-9]{32}\b/g),
+    },
+];
+function match(text, re) {
+    const found = text.match(re);
+    return found && found.length > 0 ? found : null;
+}
+/**
+ * Scan a reply for known secret patterns. Returns safe=false if any are found.
+ * The hits include the pattern name and a truncated sample for logging/audit.
+ */
+export function scanForSecrets(text) {
+    const hits = [];
+    for (const p of PATTERNS) {
+        const found = p.detect(text);
+        if (found) {
+            for (const f of found) {
+                hits.push({
+                    pattern: p.name,
+                    sample: f.length > 24 ? `${f.slice(0, 8)}…${f.slice(-4)}` : f,
+                });
+            }
+        }
+    }
+    return { safe: hits.length === 0, hits };
+}
+/**
+ * Format a user-facing block message when redaction triggers.
+ */
+export function formatBlockedMessage(result) {
+    const list = result.hits.map((h) => `  - ${h.pattern}: ${h.sample}`).join('\n');
+    return `🚫 Réponse bloquée par le filtre AskMesh — secrets détectés :\n${list}\n\nReformule ta réponse sans les valeurs sensibles.`;
+}

package/dist/index.js

@@ -11,7 +11,7 @@ const TOKEN = process.env.ASKMESH_TOKEN;
 const URL = process.env.ASKMESH_URL || 'https://api.askmesh.dev';
 const server = new McpServer({
     name: 'askmesh',
-    version: '0.10.7',
+    version: '0.11.1',
 });
 if (!TOKEN) {
     // No token — start in setup-only mode

package/dist/tools/askmesh.js

@@ -5,6 +5,7 @@ import { homedir } from 'os';
 import { createHash } from 'crypto';
 import { fileURLToPath } from 'url';
 import * as statusCache from '../statusline/cache.js';
+import { DEFAULT_PATTERNS, loadIgnore } from '../agent/askmeshignore.js';
 export function registerAskMesh(server, client) {
     server.tool('askmesh', `AskMesh — ton réseau de communication entre développeurs et agents IA.
 Utilise cet outil pour envoyer et recevoir des messages, vérifier qui est connecté/online,
@@ -37,8 +38,9 @@ Actions disponibles :
 - "setup" : installer les slash commands (/ask-inbox, /ask-broadcast, etc.) et la status line dans le projet courant
 - "update" : vérifier les mises à jour du MCP, mettre à jour les skills et la status line
 - "loop-start" : marquer le loop comme actif (utilisé par /ask-loop)
-- "loop-stop" : arrêter le loop (utilisé par /ask-loop-stop)`, {
-        action: z.enum(['ask', 'list', 'status', 'pending', 'inbox', 'answer', 'reply', 'thread', 'close', 'my-threads', 'board', 'progress', 'broadcast', 'context', 'setup', 'update', 'loop-start', 'loop-stop']).describe('Action à effectuer'),
+- "loop-stop" : arrêter le loop (utilisé par /ask-loop-stop)
+- "privacy" : afficher la politique .askmeshignore active (defaults + fichier projet)`, {
+        action: z.enum(['ask', 'list', 'status', 'pending', 'inbox', 'answer', 'reply', 'thread', 'close', 'my-threads', 'board', 'progress', 'broadcast', 'context', 'setup', 'update', 'loop-start', 'loop-stop', 'privacy']).describe('Action à effectuer'),
         username: z.string().optional().describe("Username de l'agent cible (pour ask/status)"),
         question: z.string().optional().describe('Question à poser (pour ask)'),
         requestId: z.number().optional().describe('ID de la requête (pour answer/reply/thread/close/progress)'),
@@ -246,6 +248,9 @@ Actions disponibles :
                 statusCache.setLoopActive(false);
                 return text('Loop arrêté.');
             }
+            case 'privacy': {
+                return showPrivacyPolicy();
+            }
             default:
                 return text('Action inconnue.');
         }
@@ -277,7 +282,7 @@ Si l'utilisateur n'a pas encore de compte, dirige-le vers https://askmesh.dev po
         return text('Action inconnue.');
     });
 }
-const CURRENT_VERSION = '0.10.7';
+const CURRENT_VERSION = '0.11.1';
 async function checkUpdateAndSetup() {
     const lines = [];
     lines.push(`Version actuelle : ${CURRENT_VERSION}`);
@@ -306,6 +311,55 @@ async function checkUpdateAndSetup() {
     lines.push(setupText);
     return text(lines.join('\n'));
 }
+function showPrivacyPolicy() {
+    const cwd = process.cwd();
+    const filePath = join(cwd, '.askmeshignore');
+    const fileExists = existsSync(filePath);
+    let userPatterns = [];
+    if (fileExists) {
+        try {
+            const content = readFileSync(filePath, 'utf-8');
+            userPatterns = content
+                .split('\n')
+                .map((l) => l.trim())
+                .filter((l) => l && !l.startsWith('#'));
+        }
+        catch { }
+    }
+    const matcher = loadIgnore(cwd);
+    const lines = [];
+    lines.push('🔒 AskMesh Privacy Policy');
+    lines.push('');
+    lines.push('Your agent will NEVER read or share files matching these patterns.');
+    lines.push('');
+    lines.push(`📋 Default patterns (${DEFAULT_PATTERNS.length}, baked into the MCP):`);
+    for (const p of DEFAULT_PATTERNS) {
+        lines.push(`  • ${p}`);
+    }
+    lines.push('');
+    if (fileExists) {
+        lines.push(`📁 .askmeshignore (${filePath}) — ${userPatterns.length} custom pattern(s):`);
+        if (userPatterns.length > 0) {
+            for (const p of userPatterns) {
+                lines.push(`  • ${p}`);
+            }
+        }
+        else {
+            lines.push('  (no custom patterns yet — file is empty or only comments)');
+        }
+    }
+    else {
+        lines.push(`📁 .askmeshignore — not found in this project`);
+        lines.push(`  Create it to add custom patterns:`);
+        lines.push(`  echo "private-docs/" > ${filePath}`);
+    }
+    lines.push('');
+    lines.push(`🛡  Total active patterns: ${matcher.patterns.length}`);
+    lines.push('');
+    lines.push('🚫 Pre-send redaction filter is also active — replies containing API keys,');
+    lines.push('   JWTs, private keys, DB connection strings, etc. will be blocked automatically.');
+    return text(lines.join('\n'));
+}
 function text(t) {
     return { content: [{ type: 'text', text: t }] };
 }
@@ -334,6 +388,7 @@ function setupSkillsAndStatusLine(token, pollInterval, url) {
         'ask-update.md': `Utilise l'outil MCP askmesh avec l'action "update" pour vérifier les mises à jour et mettre à jour les skills et la status line.\n\nCela va :\n- Vérifier si une nouvelle version du MCP est disponible sur npm\n- Mettre à jour les slash commands\n- Mettre à jour le script de status line\n\nSi une mise à jour est disponible, indique à l'utilisateur comment l'installer (relancer Claude Code ou npx clear-npx-cache).`,
         'ask-loop.md': `Lance une boucle de vérification périodique des messages AskMesh.\n\nÉtapes :\n1. D'abord, utilise l'outil MCP askmesh avec l'action "loop-start" pour vérifier qu'aucun loop n'est déjà actif et marquer le loop comme actif\n2. Si le loop-start réussit, lance : /loop <intervalle ou 2m> /ask-inbox\n\nArguments optionnels : $ARGUMENTS (intervalle, ex: "2m", "5m", "30s")\nPar défaut : 2m\n\nSi un loop est déjà actif, préviens l'utilisateur et propose /ask-loop-stop.`,
         'ask-loop-stop.md': `Arrête la boucle de vérification périodique des messages AskMesh.\n\nÉtapes :\n1. Utilise l'outil MCP askmesh avec l'action "loop-stop" pour marquer le loop comme inactif\n2. Indique à l'utilisateur que le loop est arrêté\n\nNote : cela met à jour la status line pour retirer l'indicateur "loop".`,
+        'ask-privacy.md': `Utilise l'outil MCP askmesh avec l'action "privacy" pour afficher la politique de confidentialité active du projet.\n\nCela montre :\n- Les patterns par défaut bakés dans le MCP (jamais lus ni partagés via le mesh)\n- Les patterns custom du fichier .askmeshignore du projet (s'il existe)\n- Le nombre total de patterns actifs\n- Un rappel que le filtre de redaction pré-envoi est actif\n\nC'est l'outil pour répondre aux questions du type "qu'est-ce qui peut sortir de mon projet via askmesh ?".`,
     };
     // Create commands directory
     try {
@@ -419,6 +474,32 @@ function setupSkillsAndStatusLine(token, pollInterval, url) {
             gitignoreStatus = '.gitignore : .env ajouté';
         }
     }
+    // Create a .askmeshignore template if it doesn't exist
+    const askmeshIgnorePath = join(cwd, '.askmeshignore');
+    let askmeshIgnoreStatus = '';
+    if (!existsSync(askmeshIgnorePath)) {
+        const template = `# AskMesh privacy policy
+# Patterns listed here will NEVER be read or shared via the mesh.
+#
+# The MCP also has built-in defaults that are ALWAYS active, even
+# without this file. Run /ask-privacy to see the full active policy.
+#
+# Built-in defaults include: .env, .env.*, secrets/, *.key, *.pem,
+# id_rsa*, .aws/, .ssh/, service-account.json, node_modules/, .git/
+#
+# Use this file to add project-specific exclusions:
+
+# private-docs/
+# config/production.yml
+# *.dump
+# customers/
+`;
+        writeFileSync(askmeshIgnorePath, template);
+        askmeshIgnoreStatus = '.askmeshignore template créé — édite-le pour ajouter tes patterns custom';
+    }
+    else {
+        askmeshIgnoreStatus = '.askmeshignore : présent (run /ask-privacy pour voir la policy active)';
+    }
     // Auto-configure status line — per-project, not global
     // Copy statusline.sh to ~/.claude/ (stable location), configure per-project with agent hash
     const mcpDir = dirname(fileURLToPath(import.meta.url));
@@ -486,6 +567,7 @@ function setupSkillsAndStatusLine(token, pollInterval, url) {
     lines.push(envStatus);
     if (gitignoreStatus)
         lines.push(gitignoreStatus);
+    lines.push(askmeshIgnoreStatus);
     lines.push(statusLineStatus);
     if (token) {
         lines.push('');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@askmesh/mcp",
-  "version": "0.10.7",
+  "version": "0.11.1",
   "description": "AskMesh MCP server — connect your AI coding agent to your team's mesh network",
   "type": "module",
   "bin": {