@cognium-ai/mcp-server 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +3 -1
- package/dist/server.js.map +1 -1
- package/dist/tools/check-license-compliance.d.ts +11 -0
- package/dist/tools/check-license-compliance.d.ts.map +1 -0
- package/dist/tools/check-license-compliance.js +125 -0
- package/dist/tools/check-license-compliance.js.map +1 -0
- package/package.json +1 -1
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAOpE,wBAAgB,WAAW,IAAI,SAAS,CAavC"}
|
package/dist/server.js
CHANGED
|
@@ -6,15 +6,17 @@ import { registerVerifySpecConformance } from './tools/verify-spec-conformance.j
|
|
|
6
6
|
import { registerFindSpecDrift } from './tools/find-spec-drift.js';
|
|
7
7
|
import { registerFindPattern } from './tools/find-pattern.js';
|
|
8
8
|
import { registerFindCredentialExposure } from './tools/find-credential-exposure.js';
|
|
9
|
+
import { registerCheckLicenseCompliance } from './tools/check-license-compliance.js';
|
|
9
10
|
export function buildServer() {
|
|
10
11
|
const server = new McpServer({
|
|
11
12
|
name: 'cognium-mcp',
|
|
12
|
-
version: '0.2.
|
|
13
|
+
version: '0.2.1',
|
|
13
14
|
});
|
|
14
15
|
registerVerifySpecConformance(server);
|
|
15
16
|
registerFindSpecDrift(server);
|
|
16
17
|
registerFindPattern(server);
|
|
17
18
|
registerFindCredentialExposure(server);
|
|
19
|
+
registerCheckLicenseCompliance(server);
|
|
18
20
|
return server;
|
|
19
21
|
}
|
|
20
22
|
//# sourceMappingURL=server.js.map
|
package/dist/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,MAAM,UAAU,WAAW;IACzB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,6BAA6B,CAAC,MAAM,CAAC,CAAC;IACtC,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC9B,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC5B,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AACrF,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,MAAM,UAAU,WAAW;IACzB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,OAAO;KACjB,CAAC,CAAC;IAEH,6BAA6B,CAAC,MAAM,CAAC,CAAC;IACtC,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC9B,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC5B,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACvC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAEvC,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* check_license_compliance MCP tool (Pillar I, Workflow #2).
|
|
3
|
+
*
|
|
4
|
+
* Scans a code root for copyleft/restrictive license issues in dependencies.
|
|
5
|
+
* Supports Node.js (package.json) and Rust (Cargo.toml) ecosystems.
|
|
6
|
+
*
|
|
7
|
+
* @see https://github.com/cogniumhq/cognium-ai/issues/79
|
|
8
|
+
*/
|
|
9
|
+
import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
|
|
10
|
+
export declare function registerCheckLicenseCompliance(server: McpServer): void;
|
|
11
|
+
//# sourceMappingURL=check-license-compliance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"check-license-compliance.d.ts","sourceRoot":"","sources":["../../src/tools/check-license-compliance.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA0HzE,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAsDtE"}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* check_license_compliance MCP tool (Pillar I, Workflow #2).
|
|
3
|
+
*
|
|
4
|
+
* Scans a code root for copyleft/restrictive license issues in dependencies.
|
|
5
|
+
* Supports Node.js (package.json) and Rust (Cargo.toml) ecosystems.
|
|
6
|
+
*
|
|
7
|
+
* @see https://github.com/cogniumhq/cognium-ai/issues/79
|
|
8
|
+
*/
|
|
9
|
+
import { z } from 'zod';
|
|
10
|
+
import { scanLicenseCompliance, COPYLEFT_SEVERITY, } from 'circle-ir-ai';
|
|
11
|
+
const MAX_FINDINGS = 500;
|
|
12
|
+
const inputSchema = {
|
|
13
|
+
code_root: z.string().describe('Absolute path to the code root to scan'),
|
|
14
|
+
include_dev_deps: z.boolean().optional().default(false).describe('Include devDependencies (default: false)'),
|
|
15
|
+
severity_floor: z.enum(['info', 'low', 'medium', 'high', 'critical']).optional().default('low').describe('Minimum severity to report (default: low)'),
|
|
16
|
+
};
|
|
17
|
+
const findingSchema = z.object({
|
|
18
|
+
kind: z.literal('LICENSE_VIOLATION'),
|
|
19
|
+
severity: z.enum(['low', 'medium', 'high', 'critical']),
|
|
20
|
+
location: z.object({
|
|
21
|
+
file: z.string(),
|
|
22
|
+
span: z.tuple([z.number(), z.number()]),
|
|
23
|
+
}),
|
|
24
|
+
evidence: z.object({
|
|
25
|
+
rule_id: z.string(),
|
|
26
|
+
dependency: z.string(),
|
|
27
|
+
license: z.string(),
|
|
28
|
+
confidence: z.number(),
|
|
29
|
+
}),
|
|
30
|
+
suggested_action: z.string(),
|
|
31
|
+
});
|
|
32
|
+
const outputSchema = {
|
|
33
|
+
findings: z.array(findingSchema),
|
|
34
|
+
summary: z.object({
|
|
35
|
+
total: z.number(),
|
|
36
|
+
by_severity: z.object({
|
|
37
|
+
critical: z.number(),
|
|
38
|
+
high: z.number(),
|
|
39
|
+
medium: z.number(),
|
|
40
|
+
low: z.number(),
|
|
41
|
+
}),
|
|
42
|
+
by_ecosystem: z.object({
|
|
43
|
+
nodejs: z.number(),
|
|
44
|
+
rust: z.number(),
|
|
45
|
+
}),
|
|
46
|
+
truncated: z.boolean(),
|
|
47
|
+
}),
|
|
48
|
+
copyleft_reference: z.record(z.string(), z.string()).describe('Reference table: license to severity'),
|
|
49
|
+
};
|
|
50
|
+
const SEVERITY_ORDER = {
|
|
51
|
+
info: 0,
|
|
52
|
+
low: 1,
|
|
53
|
+
medium: 2,
|
|
54
|
+
high: 3,
|
|
55
|
+
critical: 4,
|
|
56
|
+
};
|
|
57
|
+
function licenseToFinding(finding) {
|
|
58
|
+
return {
|
|
59
|
+
kind: 'LICENSE_VIOLATION',
|
|
60
|
+
severity: finding.severity === 'info' ? 'low' : finding.severity,
|
|
61
|
+
location: {
|
|
62
|
+
file: finding.file,
|
|
63
|
+
span: [finding.line ?? 1, finding.line ?? 1],
|
|
64
|
+
},
|
|
65
|
+
evidence: {
|
|
66
|
+
rule_id: finding.ruleId,
|
|
67
|
+
dependency: finding.dependency,
|
|
68
|
+
license: finding.license,
|
|
69
|
+
confidence: finding.confidence,
|
|
70
|
+
},
|
|
71
|
+
suggested_action: finding.suggestedAction,
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
function buildCopyleftReference() {
|
|
75
|
+
const ref = {};
|
|
76
|
+
for (const [license, severity] of Object.entries(COPYLEFT_SEVERITY)) {
|
|
77
|
+
ref[license] = severity;
|
|
78
|
+
}
|
|
79
|
+
return ref;
|
|
80
|
+
}
|
|
81
|
+
export function registerCheckLicenseCompliance(server) {
|
|
82
|
+
server.registerTool('check_license_compliance', {
|
|
83
|
+
title: 'Check License Compliance',
|
|
84
|
+
description: 'Scan a code root for copyleft/restrictive license issues in dependencies. ' +
|
|
85
|
+
'Supports Node.js (package.json) and Rust (Cargo.toml). ' +
|
|
86
|
+
'Flags AGPL, GPL, LGPL, MPL, and other copyleft licenses with severity classification. ' +
|
|
87
|
+
'Returns findings with dependency info, license SPDX, and remediation guidance.',
|
|
88
|
+
inputSchema,
|
|
89
|
+
outputSchema,
|
|
90
|
+
}, async ({ code_root, include_dev_deps, severity_floor }) => {
|
|
91
|
+
const scanResult = await scanLicenseCompliance(code_root, {
|
|
92
|
+
includeDevDeps: include_dev_deps,
|
|
93
|
+
minSeverity: severity_floor,
|
|
94
|
+
});
|
|
95
|
+
const floorValue = SEVERITY_ORDER[severity_floor ?? 'low'];
|
|
96
|
+
const filteredFindings = scanResult.findings.filter((f) => SEVERITY_ORDER[f.severity] >= floorValue);
|
|
97
|
+
const truncated = filteredFindings.length > MAX_FINDINGS;
|
|
98
|
+
const findings = filteredFindings
|
|
99
|
+
.slice(0, MAX_FINDINGS)
|
|
100
|
+
.map(licenseToFinding);
|
|
101
|
+
const result = {
|
|
102
|
+
findings,
|
|
103
|
+
summary: {
|
|
104
|
+
total: filteredFindings.length,
|
|
105
|
+
by_severity: {
|
|
106
|
+
critical: filteredFindings.filter((f) => f.severity === 'critical').length,
|
|
107
|
+
high: filteredFindings.filter((f) => f.severity === 'high').length,
|
|
108
|
+
medium: filteredFindings.filter((f) => f.severity === 'medium').length,
|
|
109
|
+
low: filteredFindings.filter((f) => f.severity === 'low').length,
|
|
110
|
+
},
|
|
111
|
+
by_ecosystem: {
|
|
112
|
+
nodejs: filteredFindings.filter((f) => f.ecosystem === 'nodejs').length,
|
|
113
|
+
rust: filteredFindings.filter((f) => f.ecosystem === 'rust').length,
|
|
114
|
+
},
|
|
115
|
+
truncated,
|
|
116
|
+
},
|
|
117
|
+
copyleft_reference: buildCopyleftReference(),
|
|
118
|
+
};
|
|
119
|
+
return {
|
|
120
|
+
content: [{ type: 'text', text: JSON.stringify(result) }],
|
|
121
|
+
structuredContent: result,
|
|
122
|
+
};
|
|
123
|
+
});
|
|
124
|
+
}
|
|
125
|
+
//# sourceMappingURL=check-license-compliance.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"check-license-compliance.js","sourceRoot":"","sources":["../../src/tools/check-license-compliance.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,qBAAqB,EACrB,iBAAiB,GAGlB,MAAM,cAAc,CAAC;AAEtB,MAAM,YAAY,GAAG,GAAG,CAAC;AAIzB,MAAM,WAAW,GAAG;IAClB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wCAAwC,CAAC;IACxE,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,0CAA0C,CAAC;IAC5G,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACtJ,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC;IACpC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;IACvD,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;KACxC,CAAC;IACF,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;KACvB,CAAC;IACF,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;CAC7B,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG;IACnB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;QAChB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;QACjB,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE;YACpB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;YAChB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;YAClB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;SAChB,CAAC;QACF,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC;YACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;YAClB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;SACjB,CAAC;QACF,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;KACvB,CAAC;IACF,kBAAkB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,sCAAsC,CAAC;CACtG,CAAC;AAqCF,MAAM,cAAc,GAAkC;IACpD,IAAI,EAAE,CAAC;IACP,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,SAAS,gBAAgB,CAAC,OAAuB;IAC/C,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,QAAQ,EAAE,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAChE,QAAQ,EAAE;YACR,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;SAC7C;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,OAAO,CAAC,MAAM;YACvB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B;QACD,gBAAgB,EAAE,OAAO,CAAC,eAAe;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB;IAC7B,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACpE,GAAG,CAAC,OAAO,CAAC,GAAG,QAAQ,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,MAAiB;IAC9D,MAAM,CAAC,YAAY,CACjB,0BAA0B,EAC1B;QACE,KAAK,EAAE,0BAA0B;QACjC,WAAW,EACT,4EAA4E;YAC5E,yDAAyD;YACzD,wFAAwF;YACxF,gFAAgF;QAClF,WAAW;QACX,YAAY;KACb,EACD,KAAK,EAAE,EAAE,SAAS,EAAE,gBAAgB,EAAE,cAAc,EAAE,EAAE,EAAE;QACxD,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC,SAAS,EAAE;YACxD,cAAc,EAAE,gBAAgB;YAChC,WAAW,EAAE,cAA+B;SAC7C,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG,cAAc,CAAC,cAAc,IAAI,KAAK,CAAC,CAAC;QAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,CACjD,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,QAAyB,CAAC,IAAI,UAAU,CACjE,CAAC;QAEF,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,GAAG,YAAY,CAAC;QACzD,MAAM,QAAQ,GAAG,gBAAgB;aAC9B,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC;aACtB,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAEzB,MAAM,MAAM,GAAiC;YAC3C,QAAQ;YACR,OAAO,EAAE;gBACP,KAAK,EAAE,gBAAgB,CAAC,MAAM;gBAC9B,WAAW,EAAE;oBACX,QAAQ,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM;oBAC1E,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM;oBAClE,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM;oBACtE,GAAG,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM;iBACjE;gBACD,YAAY,EAAE;oBACZ,MAAM,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,MAAM;oBACvE,IAAI,EAAE,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,MAAM;iBACpE;gBACD,SAAS;aACV;YACD,kBAAkB,EAAE,sBAAsB,EAAE;SAC7C,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,iBAAiB,EAAE,MAA4C;SAChE,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED