@blacksandscyber/mcp-server-bursar 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +230 -0
- package/build/config.d.ts +45 -0
- package/build/config.js +177 -0
- package/build/http-transport.d.ts +16 -0
- package/build/http-transport.js +191 -0
- package/build/index.d.ts +16 -0
- package/build/index.js +31 -0
- package/build/server.d.ts +41 -0
- package/build/server.js +902 -0
- package/build/shared/errors.d.ts +50 -0
- package/build/shared/errors.js +69 -0
- package/build/shared/linkBuilder.d.ts +93 -0
- package/build/shared/linkBuilder.js +148 -0
- package/build/shared/logger.d.ts +10 -0
- package/build/shared/logger.js +28 -0
- package/build/shield/bootRole.d.ts +60 -0
- package/build/shield/bootRole.js +145 -0
- package/build/shield/client.d.ts +265 -0
- package/build/shield/client.js +656 -0
- package/build/shield/deploy/index.d.ts +69 -0
- package/build/shield/deploy/index.js +569 -0
- package/build/shield/discovery/dataStoreDetector.d.ts +3 -0
- package/build/shield/discovery/dataStoreDetector.js +125 -0
- package/build/shield/discovery/dockerScanner.d.ts +34 -0
- package/build/shield/discovery/dockerScanner.js +543 -0
- package/build/shield/discovery/endpointScanner.d.ts +3 -0
- package/build/shield/discovery/endpointScanner.js +306 -0
- package/build/shield/discovery/environmentScanner.d.ts +86 -0
- package/build/shield/discovery/environmentScanner.js +545 -0
- package/build/shield/discovery/externalServiceDetector.d.ts +3 -0
- package/build/shield/discovery/externalServiceDetector.js +98 -0
- package/build/shield/discovery/frameworkDetector.d.ts +3 -0
- package/build/shield/discovery/frameworkDetector.js +114 -0
- package/build/shield/discovery/manifestGenerator.d.ts +12 -0
- package/build/shield/discovery/manifestGenerator.js +124 -0
- package/build/shield/discovery/piiDetector.d.ts +5 -0
- package/build/shield/discovery/piiDetector.js +203 -0
- package/build/shield/discovery/severity.d.ts +47 -0
- package/build/shield/discovery/severity.js +138 -0
- package/build/shield/discovery/topologyNormalizer.d.ts +109 -0
- package/build/shield/discovery/topologyNormalizer.js +416 -0
- package/build/shield/identity.d.ts +53 -0
- package/build/shield/identity.js +70 -0
- package/build/shield/install/configMerge.d.ts +91 -0
- package/build/shield/install/configMerge.js +324 -0
- package/build/shield/install/keystore.d.ts +25 -0
- package/build/shield/install/keystore.js +156 -0
- package/build/shield/install/orchestrator.d.ts +33 -0
- package/build/shield/install/orchestrator.js +404 -0
- package/build/shield/install/transports/awsSsm.d.ts +43 -0
- package/build/shield/install/transports/awsSsm.js +378 -0
- package/build/shield/install/transports/bootstrapToken.d.ts +39 -0
- package/build/shield/install/transports/bootstrapToken.js +117 -0
- package/build/shield/install/transports/ssh.d.ts +50 -0
- package/build/shield/install/transports/ssh.js +569 -0
- package/build/shield/install/types.d.ts +139 -0
- package/build/shield/install/types.js +10 -0
- package/build/shield/protocol-walkthrough.d.ts +65 -0
- package/build/shield/protocol-walkthrough.js +392 -0
- package/build/shield/provision/appProvisioner.d.ts +15 -0
- package/build/shield/provision/appProvisioner.js +25 -0
- package/build/shield/types.d.ts +261 -0
- package/build/shield/types.js +4 -0
- package/build/shield/verify/postureReporter.d.ts +4 -0
- package/build/shield/verify/postureReporter.js +31 -0
- package/dxt/blacksands-ca.crt +67 -0
- package/dxt/scripts/setup.js +520 -0
- package/package.json +76 -0
package/build/index.js
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
/**
|
|
4
|
+
* @blacksandscyber/mcp-server-bursar
|
|
5
|
+
*
|
|
6
|
+
* Blacksands Bursar MCP Server.
|
|
7
|
+
* 39 tools exposing the human-admin surface via the Blacksands Broker.
|
|
8
|
+
*
|
|
9
|
+
* Usage:
|
|
10
|
+
* node build/index.js # Start via stdio transport
|
|
11
|
+
* npx -y @blacksandscyber/mcp-server-bursar # Run via npx
|
|
12
|
+
*
|
|
13
|
+
* Credentials are issued by a human administrator through Overwatch or
|
|
14
|
+
* SysAdmin and provided here as configuration. See README.md for details.
|
|
15
|
+
*/
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
|
|
18
|
+
const server_1 = require("./server");
|
|
19
|
+
const logger_1 = require("./shared/logger");
|
|
20
|
+
async function main() {
|
|
21
|
+
logger_1.logger.info("Starting Blacksands Bursar MCP Server v0.2.0 (broker-only)");
|
|
22
|
+
const server = (0, server_1.createServer)();
|
|
23
|
+
const transport = new stdio_js_1.StdioServerTransport();
|
|
24
|
+
await server.connect(transport);
|
|
25
|
+
logger_1.logger.info("MCP Server connected via stdio transport — ready for tool calls");
|
|
26
|
+
}
|
|
27
|
+
main().catch((err) => {
|
|
28
|
+
logger_1.logger.error("Fatal: MCP Server failed to start", { error: err.message, stack: err.stack });
|
|
29
|
+
process.exit(1);
|
|
30
|
+
});
|
|
31
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Blacksands Bursar MCP Server — 52 tools across 8 categories.
|
|
3
|
+
*
|
|
4
|
+
* The Shield MCP Server exposes the same operational surface a human
|
|
5
|
+
* administrator reaches through Overwatch or SysAdmin. Every call is
|
|
6
|
+
* authenticated and proxied through the full Broker handshake — there is
|
|
7
|
+
* no direct Shield API access, no API-key bootstrap, and no internal
|
|
8
|
+
* system access (Kafka, LDAP, AWS SDK, iptables, Route 53 are all internal
|
|
9
|
+
* to Blacksands and never touched by the Agent).
|
|
10
|
+
*/
|
|
11
|
+
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
|
|
12
|
+
import { type ClaimSummaryInput } from "./shared/linkBuilder";
|
|
13
|
+
/**
|
|
14
|
+
* Build the ANONYMIZED claim summary for a free local scan. Deliberately
|
|
15
|
+
* contains NO paths, hostnames, snippets, or service names — the Shield API
|
|
16
|
+
* rejects payloads that fail its anonymization schema, so we only ever send
|
|
17
|
+
* derived counts/severities and generic finding titles.
|
|
18
|
+
*/
|
|
19
|
+
export declare function buildAnonymizedScanSummary(scan: {
|
|
20
|
+
bySeverity?: Record<string, number>;
|
|
21
|
+
highestSeverity?: string;
|
|
22
|
+
framework?: {
|
|
23
|
+
name?: string;
|
|
24
|
+
language?: string;
|
|
25
|
+
packageManager?: string;
|
|
26
|
+
};
|
|
27
|
+
endpoints?: Array<{
|
|
28
|
+
method?: string;
|
|
29
|
+
auth_method?: string;
|
|
30
|
+
severity?: string;
|
|
31
|
+
}>;
|
|
32
|
+
piiFields?: Array<{
|
|
33
|
+
type?: string;
|
|
34
|
+
severity?: string;
|
|
35
|
+
sensitivity?: string;
|
|
36
|
+
}>;
|
|
37
|
+
externalServices?: unknown[];
|
|
38
|
+
dataStores?: unknown[];
|
|
39
|
+
}): ClaimSummaryInput;
|
|
40
|
+
export declare function createServer(): McpServer;
|
|
41
|
+
//# sourceMappingURL=server.d.ts.map
|