npm - @costrinity/vigil-compliance-mcp - Versions diffs - 0.1.1 → 0.1.2 - Mend

@costrinity/vigil-compliance-mcp 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -4,13 +4,14 @@
 Pair with [`@costrinity/vigil-mcp`](https://www.npmjs.com/package/@costrinity/vigil-mcp) (the JSON-RPC observer): the observer captures what your agent does, this server gives your agent compliance superpowers before it acts.
-**Signed audit records:** every decision tool here (consent, AI Act, breach, DPIA, sectoral) writes an HMAC-signed, tamper-evident record of its verdict the moment it runs, retrievable and verifiable via `GET /api/compliance/preflight-audit`. Pure validators and lookups make no decision and are not recorded.
+**Signed audit records:** every decision tool here (consent, AI Act, breach, DPIA, sectoral, action pre-flight) writes an HMAC-signed, tamper-evident record of its verdict the moment it runs, retrievable and verifiable via `GET /api/compliance/preflight-audit`. Pure validators and lookups make no decision and are not recorded.
 ## What it gives your agent
 | Tool | Purpose |
 |---|---|
 | `consent_check` | Is processing allowed for this principal + purpose? (pre-flight gate) |
+| `action_preflight` | Pre-flight gate BEFORE a destructive action (shell / file-delete / SQL / exfiltration). Heuristic, cooperative, not a sandbox |
 | `breach_classify` | Is this incident reportable? Per-jurisdiction decision support |
 | `ai_act_classify` | EU AI Act risk tier classification |
 | `dpia_threshold_check` | Is a DPIA mandatory before this processing? |

package/dist/index.js CHANGED Viewed

@@ -299,6 +299,20 @@ const TOOLS = [
                 : '/api/india/regulators',
         }),
     },
+    // ─── Destructive-action pre-flight gate ──────────────────────────
+    {
+        name: 'action_preflight',
+        description: "Pre-flight check BEFORE a sensitive / destructive action (shell command, file deletion, DB statement, network call). Runs VIGIL's heuristic threat classifier (sql_destructive / shell_dangerous / secret_leak / prompt_injection / exfiltration / suspicious_network) over the proposed action and returns { decision: allowed|blocked|flagged, threat_category, reason } plus a signed audit record. Heuristic pattern match and a cooperative guardrail, not a sandbox: it cannot enforce on its own and novel or obfuscated payloads can pass.",
+        inputSchema: {
+            type: 'object',
+            properties: {
+                action: { type: 'string', description: 'The proposed action / command text, e.g. "rm -rf /" or "DROP TABLE users".' },
+                payload: { type: 'object', description: 'Optional structured payload to scan alongside the action text.' },
+                action_type: { type: 'string', description: 'Optional short label for the action kind (shell, file_delete, db_query, network).' },
+            },
+        },
+        call: (input) => ({ method: 'POST', path: '/api/preflight/action-check', body: input }),
+    },
 ];
 // ─── HTTP transport ────────────────────────────────────────────────
 async function callVigil(method, path, body) {

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@costrinity/vigil-compliance-mcp",
   "mcpName": "io.github.COSTRINITY/vigil-compliance-mcp",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "MCP server exposing VIGIL's compliance fabric (consent, breach, DPIA, AI Act, identifier validators, cross-border) as tools LLM agents can call mid-task; decision checks write signed, tamper-evident audit records. 13 jurisdictions, 28+ regulatory regimes.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",