npm - @danielblomma/cortex-mcp - Versions diffs - 1.7.1 → 2.0.2 - Mend

@danielblomma/cortex-mcp 1.7.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/bin/cortex.mjs +679 -32
package/bin/style.mjs +349 -0
package/package.json +4 -3
package/scaffold/mcp/package-lock.json +834 -671
package/scaffold/mcp/package.json +1 -1
package/scaffold/mcp/src/cli/enterprise-setup.ts +124 -0
package/scaffold/mcp/src/cli/govern.ts +987 -0
package/scaffold/mcp/src/cli/run.ts +306 -0
package/scaffold/mcp/src/cli/telemetry-test.ts +158 -0
package/scaffold/mcp/src/cli/ungoverned-detector.ts +168 -0
package/scaffold/mcp/src/core/audit/query.ts +81 -0
package/scaffold/mcp/src/core/audit/writer.ts +68 -0
package/scaffold/mcp/src/core/config.ts +329 -0
package/scaffold/mcp/src/core/index.ts +34 -0
package/scaffold/mcp/src/core/license.ts +202 -0
package/scaffold/mcp/src/core/policy/enforce.ts +98 -0
package/scaffold/mcp/src/core/policy/injection.ts +229 -0
package/scaffold/mcp/src/core/policy/store.ts +197 -0
package/scaffold/mcp/src/core/rbac/check.ts +40 -0
package/scaffold/mcp/src/core/telemetry/collector.ts +234 -0
package/scaffold/mcp/src/core/validators/builtins.ts +711 -0
package/scaffold/mcp/src/core/validators/config.ts +47 -0
package/scaffold/mcp/src/core/validators/engine.ts +199 -0
package/scaffold/mcp/src/core/validators/evaluators/code_comments.ts +294 -0
package/scaffold/mcp/src/core/validators/evaluators/regex.ts +144 -0
package/scaffold/mcp/src/daemon/client.ts +155 -0
package/scaffold/mcp/src/daemon/egress-proxy.ts +331 -0
package/scaffold/mcp/src/daemon/heartbeat-pusher.ts +147 -0
package/scaffold/mcp/src/daemon/heartbeat-tracker.ts +223 -0
package/scaffold/mcp/src/daemon/host-events-pusher.ts +285 -0
package/scaffold/mcp/src/daemon/main.ts +300 -0
package/scaffold/mcp/src/daemon/paths.ts +41 -0
package/scaffold/mcp/src/daemon/protocol.ts +101 -0
package/scaffold/mcp/src/daemon/server.ts +227 -0
package/scaffold/mcp/src/daemon/sync-checker.ts +213 -0
package/scaffold/mcp/src/daemon/ungoverned-scanner.ts +149 -0
package/scaffold/mcp/src/embed.ts +1 -1
package/scaffold/mcp/src/embeddings.ts +1 -1
package/scaffold/mcp/src/enterprise/audit/push.ts +84 -0
package/scaffold/mcp/src/enterprise/index.ts +415 -0
package/scaffold/mcp/src/enterprise/model/deploy.ts +33 -0
package/scaffold/mcp/src/enterprise/policy/sync.ts +146 -0
package/scaffold/mcp/src/enterprise/privacy/boundary.ts +212 -0
package/scaffold/mcp/src/enterprise/reviews/push.ts +79 -0
package/scaffold/mcp/src/enterprise/telemetry/sync.ts +72 -0
package/scaffold/mcp/src/enterprise/tools/enterprise.ts +1031 -0
package/scaffold/mcp/src/enterprise/tools/walk.ts +79 -0
package/scaffold/mcp/src/enterprise/violations/push.ts +102 -0
package/scaffold/mcp/src/enterprise/workflow/push.ts +60 -0
package/scaffold/mcp/src/enterprise/workflow/state.ts +535 -0
package/scaffold/mcp/src/hooks/pre-compact.ts +54 -0
package/scaffold/mcp/src/hooks/pre-tool-use.ts +96 -0
package/scaffold/mcp/src/hooks/session-end.ts +73 -0
package/scaffold/mcp/src/hooks/session-start.ts +78 -0
package/scaffold/mcp/src/hooks/shared.ts +134 -0
package/scaffold/mcp/src/hooks/stop.ts +60 -0
package/scaffold/mcp/src/hooks/user-prompt-submit.ts +64 -0
package/scaffold/mcp/src/plugin.ts +150 -0
package/scaffold/mcp/src/server.ts +218 -7
package/scaffold/mcp/tests/copilot-shim.test.mjs +146 -0
package/scaffold/mcp/tests/daemon-client.test.mjs +32 -0
package/scaffold/mcp/tests/egress-proxy.test.mjs +239 -0
package/scaffold/mcp/tests/enterprise-config.test.mjs +154 -0
package/scaffold/mcp/tests/govern-install.test.mjs +320 -0
package/scaffold/mcp/tests/govern-repair.test.mjs +157 -0
package/scaffold/mcp/tests/govern-status.test.mjs +538 -0
package/scaffold/mcp/tests/govern.test.mjs +74 -0
package/scaffold/mcp/tests/heartbeat-pusher.test.mjs +154 -0
package/scaffold/mcp/tests/heartbeat-tracker.test.mjs +237 -0
package/scaffold/mcp/tests/host-events-pusher.test.mjs +347 -0
package/scaffold/mcp/tests/policy-check.test.mjs +220 -0
package/scaffold/mcp/tests/repo-name.test.mjs +134 -0
package/scaffold/mcp/tests/run.test.mjs +109 -0
package/scaffold/mcp/tests/sync-checker.test.mjs +188 -0
package/scaffold/mcp/tests/ungoverned-detector.test.mjs +191 -0
package/scaffold/mcp/tests/ungoverned-scanner.test.mjs +198 -0
package/scaffold/scripts/bootstrap.sh +0 -11
package/scaffold/scripts/doctor.sh +24 -4
package/types.js +5 -0

package/scaffold/mcp/tests/run.test.mjs ADDED Viewed

@@ -0,0 +1,109 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import {
+  isCortexShim,
+  findRealBinary,
+  buildDarwinSandboxProfile,
+  buildLinuxBwrapArgs,
+  SHIM_MARKER,
+  RUN_CLIS,
+  runAiCli,
+} from "../dist/cli/run.js";
+function makeBinDir() {
+  return fs.mkdtempSync(path.join(os.tmpdir(), "cortex-run-"));
+}
+test("RUN_CLIS lists exactly claude, codex, copilot", () => {
+  assert.deepEqual(RUN_CLIS.sort(), ["claude", "codex", "copilot"]);
+});
+test("isCortexShim: detects shim marker", () => {
+  const dir = makeBinDir();
+  try {
+    const shim = path.join(dir, "fake-shim");
+    fs.writeFileSync(shim, `#!/bin/sh\n${SHIM_MARKER}\nexec real "$@"\n`, { mode: 0o755 });
+    assert.equal(isCortexShim(shim), true);
+    const notShim = path.join(dir, "real-bin");
+    fs.writeFileSync(notShim, "#!/bin/sh\necho hi\n");
+    assert.equal(isCortexShim(notShim), false);
+    assert.equal(isCortexShim(path.join(dir, "missing")), false);
+  } finally {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+test("findRealBinary: returns path to executable; skips cortex shims and exclusion list", () => {
+  const dir1 = makeBinDir();
+  const dir2 = makeBinDir();
+  try {
+    const shimPath = path.join(dir1, "copilot");
+    fs.writeFileSync(shimPath, `#!/bin/sh\n${SHIM_MARKER}\nexec /opt/copilot "$@"\n`, { mode: 0o755 });
+    const realPath = path.join(dir2, "copilot");
+    fs.writeFileSync(realPath, "#!/bin/sh\necho real\n", { mode: 0o755 });
+    const origPath = process.env.PATH;
+    process.env.PATH = `${dir1}:${dir2}`;
+    try {
+      assert.equal(findRealBinary("copilot"), realPath);
+      assert.equal(findRealBinary("copilot", [shimPath]), realPath);
+      assert.equal(findRealBinary("copilot", [shimPath, realPath]), null);
+      assert.equal(findRealBinary("nonexistent"), null);
+    } finally {
+      process.env.PATH = origPath;
+    }
+  } finally {
+    fs.rmSync(dir1, { recursive: true, force: true });
+    fs.rmSync(dir2, { recursive: true, force: true });
+  }
+});
+test("buildDarwinSandboxProfile: denies writes to copilot config locations", () => {
+  const profile = buildDarwinSandboxProfile("/Users/dan");
+  assert.match(profile, /\(version 1\)/);
+  assert.match(profile, /\(allow default\)/);
+  assert.match(profile, /\(deny file-write\* \(subpath "\/Users\/dan\/\.copilot"\)\)/);
+  assert.match(profile, /\(deny file-write\* \(subpath "\/Users\/dan\/\.copilot\.local"\)\)/);
+  assert.match(profile, /\(deny file-write\* \(regex #"\^\/etc\/copilot"\)\)/);
+});
+test("buildLinuxBwrapArgs: tmpfs-mounts copilot config dirs and binds home", () => {
+  const args = buildLinuxBwrapArgs("/home/dan", "/usr/local/bin/copilot", ["--prompt", "hi"]);
+  assert.ok(args.includes("--die-with-parent"), "should die with parent");
+  const tmpfsCount = args.filter((a) => a === "--tmpfs").length;
+  assert.equal(tmpfsCount, 2, "should tmpfs both ~/.copilot and ~/.copilot.local");
+  assert.ok(args.includes("/home/dan/.copilot"));
+  assert.ok(args.includes("/home/dan/.copilot.local"));
+  // Real binary + args after `--`
+  const dashIdx = args.indexOf("--");
+  assert.ok(dashIdx > 0);
+  assert.equal(args[dashIdx + 1], "/usr/local/bin/copilot");
+  assert.deepEqual(args.slice(dashIdx + 2), ["--prompt", "hi"]);
+});
+test("runAiCli: claude/codex passthrough exec with provided realBinary", async () => {
+  // Use /bin/echo as a safe stand-in: it exists everywhere, prints args, exits 0.
+  const exit = await runAiCli({
+    cli: "claude",
+    args: ["hello", "world"],
+    realBinary: "/bin/echo",
+  });
+  assert.equal(exit, 0);
+});
+test("runAiCli: missing binary returns 127", async () => {
+  const orig = process.env.PATH;
+  process.env.PATH = "";
+  try {
+    const exit = await runAiCli({ cli: "claude", args: [] });
+    assert.equal(exit, 127);
+  } finally {
+    process.env.PATH = orig;
+  }
+});

package/scaffold/mcp/tests/sync-checker.test.mjs ADDED Viewed

@@ -0,0 +1,188 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import http from "node:http";
+import { checkSyncForCli, runSyncCheckOnce } from "../dist/daemon/sync-checker.js";
+function startMockServer(handlers) {
+  const server = http.createServer((req, res) => {
+    const u = new URL(req.url, `http://${req.headers.host}`);
+    const handler = handlers[`${req.method} ${u.pathname}`];
+    if (!handler) {
+      res.statusCode = 404;
+      res.end();
+      return;
+    }
+    let body = "";
+    req.on("data", (c) => (body += c));
+    req.on("end", () => handler(req, res, u, body));
+  });
+  return new Promise((resolve) => {
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      resolve({ server, baseUrl: `http://127.0.0.1:${addr.port}` });
+    });
+  });
+}
+function makeProject({ baseUrl, installVersion }) {
+  const root = fs.mkdtempSync(path.join(os.tmpdir(), "cortex-sync-"));
+  const ctx = path.join(root, ".context");
+  fs.mkdirSync(ctx, { recursive: true });
+  fs.writeFileSync(
+    path.join(ctx, "enterprise.yml"),
+    [
+      "enterprise:",
+      "  api_key: ent_test_key_12345678",
+      `  base_url: ${baseUrl}`,
+      "compliance:",
+      "  frameworks: [iso27001]",
+      "",
+    ].join("\n"),
+  );
+  if (installVersion) {
+    fs.writeFileSync(
+      path.join(ctx, "govern.local.json"),
+      JSON.stringify({
+        installs: {
+          claude: {
+            path: "/managed",
+            version: installVersion,
+            frameworks: [{ id: "iso27001", version: "0.1" }],
+            installed_at: new Date().toISOString(),
+            mode: "advisory",
+          },
+        },
+      }),
+    );
+  }
+  return { root, ctx };
+}
+test("checkSyncForCli: 304 maps to unchanged", async () => {
+  const { server, baseUrl } = await startMockServer({
+    "GET /api/v1/govern/config": (req, res) => {
+      assert.equal(req.headers["if-none-match"], '"v123"', "should send If-None-Match");
+      res.statusCode = 304;
+      res.end();
+    },
+  });
+  const { root } = makeProject({ baseUrl, installVersion: "v123" });
+  try {
+    const outcome = await checkSyncForCli({ cwd: root, cli: "claude" });
+    assert.equal(outcome.kind, "unchanged");
+    assert.equal(outcome.version, "v123");
+  } finally {
+    server.close();
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("checkSyncForCli: 200 with new ETag maps to available", async () => {
+  const { server, baseUrl } = await startMockServer({
+    "GET /api/v1/govern/config": (req, res) => {
+      res.setHeader("ETag", '"v999"');
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({ cli: "claude", managed_settings: {}, deny_rules: [], tamper_config: {}, frameworks: [] }));
+    },
+  });
+  const { root } = makeProject({ baseUrl, installVersion: "v123" });
+  try {
+    const outcome = await checkSyncForCli({ cwd: root, cli: "claude" });
+    assert.equal(outcome.kind, "available");
+    assert.equal(outcome.latest_version, "v999");
+    assert.equal(outcome.current_version, "v123");
+  } finally {
+    server.close();
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("checkSyncForCli: 500 maps to failed", async () => {
+  const { server, baseUrl } = await startMockServer({
+    "GET /api/v1/govern/config": (req, res) => {
+      res.statusCode = 500;
+      res.end();
+    },
+  });
+  const { root } = makeProject({ baseUrl, installVersion: "v1" });
+  try {
+    const outcome = await checkSyncForCli({ cwd: root, cli: "claude" });
+    assert.equal(outcome.kind, "failed");
+    assert.match(outcome.error, /HTTP 500/);
+  } finally {
+    server.close();
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("checkSyncForCli: errors when enterprise not configured", async () => {
+  const root = fs.mkdtempSync(path.join(os.tmpdir(), "cortex-sync-bare-"));
+  fs.mkdirSync(path.join(root, ".context"));
+  try {
+    const outcome = await checkSyncForCli({ cwd: root, cli: "claude" });
+    assert.equal(outcome.kind, "failed");
+    assert.match(outcome.error, /enterprise not configured/);
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("runSyncCheckOnce: writes update notification when new version is available", async () => {
+  const { server, baseUrl } = await startMockServer({
+    "GET /api/v1/govern/config": (req, res) => {
+      res.setHeader("ETag", '"newer"');
+      res.end(JSON.stringify({ cli: "claude" }));
+    },
+  });
+  const { root, ctx } = makeProject({ baseUrl, installVersion: "older" });
+  try {
+    const outcomes = await runSyncCheckOnce(root, ["claude"]);
+    assert.equal(outcomes.length, 1);
+    assert.equal(outcomes[0].kind, "available");
+    const notif = path.join(ctx, ".govern-update-available.json");
+    assert.equal(fs.existsSync(notif), true);
+    const parsed = JSON.parse(fs.readFileSync(notif, "utf8"));
+    assert.equal(parsed.cli, "claude");
+    assert.equal(parsed.latest_version, "newer");
+    // Audit jsonl should contain a govern_config_available event
+    const date = new Date().toISOString().slice(0, 10);
+    const audit = path.join(ctx, "audit", `host-events-${date}.jsonl`);
+    assert.equal(fs.existsSync(audit), true);
+    const lines = fs.readFileSync(audit, "utf8").trim().split("\n").map(JSON.parse);
+    const availableLine = lines.find((l) => l.event_type === "govern_config_available");
+    assert.ok(availableLine, "expected govern_config_available event");
+    assert.equal(typeof availableLine.host_id, "string");
+    assert.ok(availableLine.host_id.length > 0, "host_id should be non-empty");
+  } finally {
+    server.close();
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("runSyncCheckOnce: writes govern_config_unchanged event on 304", async () => {
+  const { server, baseUrl } = await startMockServer({
+    "GET /api/v1/govern/config": (req, res) => {
+      res.statusCode = 304;
+      res.end();
+    },
+  });
+  const { root, ctx } = makeProject({ baseUrl, installVersion: "current" });
+  try {
+    await runSyncCheckOnce(root, ["claude"]);
+    const date = new Date().toISOString().slice(0, 10);
+    const audit = path.join(ctx, "audit", `host-events-${date}.jsonl`);
+    const lines = fs.readFileSync(audit, "utf8").trim().split("\n").map(JSON.parse);
+    assert.ok(lines.some((l) => l.event_type === "govern_config_unchanged"));
+    // No notification file written for unchanged
+    assert.equal(fs.existsSync(path.join(ctx, ".govern-update-available.json")), false);
+  } finally {
+    server.close();
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});

package/scaffold/mcp/tests/ungoverned-detector.test.mjs ADDED Viewed

@@ -0,0 +1,191 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import {
+  detectUngoverned,
+  enforceFinding,
+  isCortexAncestor,
+  parseProcessLine,
+  DEFAULT_AI_BINARIES,
+} from "../dist/cli/ungoverned-detector.js";
+function p(pid, ppid, user, comm, args = "") {
+  return { pid, ppid, user, comm, args: args || comm };
+}
+test("DEFAULT_AI_BINARIES covers known agentic CLIs", () => {
+  for (const cli of ["claude", "codex", "copilot", "gemini-cli", "aider", "cursor"]) {
+    assert.ok(DEFAULT_AI_BINARIES.includes(cli), `expected ${cli} in defaults`);
+  }
+});
+test("isCortexAncestor recognises common cortex invocations", () => {
+  assert.equal(isCortexAncestor("cortex run copilot --prompt hi"), true);
+  assert.equal(isCortexAncestor("cortex enterprise ent_xxx"), true);
+  assert.equal(isCortexAncestor("cortex daemon"), true);
+  assert.equal(isCortexAncestor("cortex hook pre-tool-use"), true);
+  assert.equal(isCortexAncestor("/usr/bin/cortex run claude"), true);
+  assert.equal(isCortexAncestor("node /Users/dan/.npm-global/lib/node_modules/@x/bin/cortex.mjs"), true);
+  assert.equal(isCortexAncestor("/usr/bin/zsh"), false);
+  assert.equal(isCortexAncestor("npm run dev"), false);
+  assert.equal(isCortexAncestor(""), false);
+});
+test("parseProcessLine handles ps -axo output with multi-word args", () => {
+  const line = "  1234   100  alice    claude       claude --prompt hello world";
+  const proc = parseProcessLine(line);
+  assert.deepEqual(proc, {
+    pid: 1234,
+    ppid: 100,
+    user: "alice",
+    comm: "claude",
+    args: "claude --prompt hello world",
+  });
+});
+test("parseProcessLine returns null for malformed lines", () => {
+  assert.equal(parseProcessLine(""), null);
+  assert.equal(parseProcessLine("garbage"), null);
+});
+test("detectUngoverned: AI CLI with shell parent is flagged", () => {
+  const procs = [
+    p(1, 0, "root", "/sbin/launchd", "/sbin/launchd"),
+    p(100, 1, "alice", "zsh", "-zsh"),
+    p(200, 100, "alice", "claude", "claude --prompt hi"),
+  ];
+  const findings = detectUngoverned({ processes: procs, hostId: "test-host" });
+  assert.equal(findings.length, 1);
+  assert.equal(findings[0].cli, "claude");
+  assert.equal(findings[0].pid, 200);
+  assert.equal(findings[0].host_id, "test-host");
+});
+test("detectUngoverned: AI CLI spawned via 'cortex run' is NOT flagged", () => {
+  const procs = [
+    p(1, 0, "root", "/sbin/launchd", "/sbin/launchd"),
+    p(100, 1, "alice", "zsh", "-zsh"),
+    p(150, 100, "alice", "node", "node /usr/local/bin/cortex run copilot --prompt hi"),
+    p(160, 150, "alice", "sandbox-exec", "sandbox-exec -f /tmp/copilot.sb /usr/local/bin/copilot --prompt hi"),
+    p(170, 160, "alice", "copilot", "copilot --prompt hi"),
+  ];
+  const findings = detectUngoverned({ processes: procs });
+  assert.equal(findings.length, 0, "copilot should be governed via cortex run ancestor");
+});
+test("detectUngoverned: AI CLI with shim invocation in own args is recognised", () => {
+  // The shim execs cortex run; after exec the process args show 'cortex run copilot ...'
+  const procs = [
+    p(100, 1, "alice", "cortex", "/usr/bin/cortex run copilot --prompt hi"),
+    p(110, 100, "alice", "copilot", "/path/to/copilot --prompt hi"),
+  ];
+  const findings = detectUngoverned({ processes: procs });
+  assert.equal(findings.length, 0);
+});
+test("detectUngoverned: ignores non-AI binaries", () => {
+  const procs = [
+    p(100, 1, "alice", "zsh", "-zsh"),
+    p(200, 100, "alice", "node", "node app.js"),
+    p(300, 100, "alice", "python", "python script.py"),
+  ];
+  const findings = detectUngoverned({ processes: procs });
+  assert.equal(findings.length, 0);
+});
+test("detectUngoverned: handles deep parent chain without exploding", () => {
+  // 50-deep chain ending in shell. Should be flagged once.
+  const procs = [];
+  for (let i = 1; i <= 50; i++) {
+    procs.push(p(i, i - 1, "alice", `intermediate${i}`, `intermediate${i}`));
+  }
+  procs.push(p(999, 50, "alice", "claude", "claude --prompt hi"));
+  const findings = detectUngoverned({ processes: procs });
+  assert.equal(findings.length, 1);
+  assert.equal(findings[0].pid, 999);
+});
+test("detectUngoverned: custom knownBinaries list", () => {
+  const procs = [
+    p(100, 1, "alice", "claude", "claude --prompt hi"),
+    p(200, 1, "alice", "myllm", "myllm --prompt hi"),
+  ];
+  const findings = detectUngoverned({
+    processes: procs,
+    knownBinaries: ["myllm"],
+  });
+  assert.equal(findings.length, 1);
+  assert.equal(findings[0].cli, "myllm");
+});
+test("enforceFinding: advisory mode never sends signal", () => {
+  let signalled = null;
+  const action = enforceFinding(
+    {
+      pid: 100,
+      ppid: 1,
+      user: "alice",
+      cli: "claude",
+      binary: "claude",
+      args: "claude",
+      parent_chain: [100],
+      detected_at: new Date().toISOString(),
+      host_id: "h",
+    },
+    {
+      mode: "advisory",
+      sendSignal: (pid, sig) => {
+        signalled = [pid, sig];
+      },
+      currentUser: "alice",
+    },
+  );
+  assert.equal(action, "logged");
+  assert.equal(signalled, null);
+});
+test("enforceFinding: enforced mode SIGTERMs same-user processes only", () => {
+  let signalled = null;
+  const send = (pid, sig) => {
+    signalled = [pid, sig];
+  };
+  const action = enforceFinding(
+    {
+      pid: 100,
+      ppid: 1,
+      user: "alice",
+      cli: "claude",
+      binary: "claude",
+      args: "claude",
+      parent_chain: [100],
+      detected_at: new Date().toISOString(),
+      host_id: "h",
+    },
+    { mode: "enforced", sendSignal: send, currentUser: "alice" },
+  );
+  assert.equal(action, "sigterm");
+  assert.deepEqual(signalled, [100, "SIGTERM"]);
+});
+test("enforceFinding: cross-user finding is skipped (would require root)", () => {
+  let signalled = null;
+  const send = (pid, sig) => {
+    signalled = [pid, sig];
+  };
+  const action = enforceFinding(
+    {
+      pid: 100,
+      ppid: 1,
+      user: "bob",
+      cli: "claude",
+      binary: "claude",
+      args: "claude",
+      parent_chain: [100],
+      detected_at: new Date().toISOString(),
+      host_id: "h",
+    },
+    { mode: "enforced", sendSignal: send, currentUser: "alice" },
+  );
+  assert.equal(action, "skipped_cross_user");
+  assert.equal(signalled, null);
+});

package/scaffold/mcp/tests/ungoverned-scanner.test.mjs ADDED Viewed

@@ -0,0 +1,198 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { runScanOnce, writeHostAuditEvent, startUngovernedScanner } from "../dist/daemon/ungoverned-scanner.js";
+function makeWorkspace(governMode, installs = null) {
+  const root = fs.mkdtempSync(path.join(os.tmpdir(), "cortex-ungoverned-"));
+  const ctx = path.join(root, ".context");
+  fs.mkdirSync(ctx, { recursive: true });
+  if (governMode) {
+    const defaultInstalls = {
+      claude: { mode: governMode, path: "/x", version: "v", frameworks: [], installed_at: "now" },
+    };
+    fs.writeFileSync(
+      path.join(ctx, "govern.local.json"),
+      JSON.stringify({
+        installs: installs ?? defaultInstalls,
+      }),
+    );
+  }
+  return { root, ctx };
+}
+test("writeHostAuditEvent appends one JSONL line per call", async () => {
+  const { root } = makeWorkspace();
+  try {
+    await writeHostAuditEvent(root, { event_type: "ungoverned_ai_session_detected", pid: 100 });
+    await writeHostAuditEvent(root, { event_type: "ungoverned_ai_session_detected", pid: 200 });
+    const date = new Date().toISOString().slice(0, 10);
+    const file = path.join(root, ".context", "audit", `host-events-${date}.jsonl`);
+    const content = fs.readFileSync(file, "utf8").trim().split("\n");
+    assert.equal(content.length, 2);
+    assert.equal(JSON.parse(content[0]).pid, 100);
+    assert.equal(JSON.parse(content[1]).pid, 200);
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("runScanOnce: writes audit event with action=logged in advisory mode", async () => {
+  const { root } = makeWorkspace("advisory");
+  try {
+    const fakeProcs = [
+      { pid: 1, ppid: 0, user: "root", comm: "init", args: "init" },
+      { pid: 100, ppid: 1, user: os.userInfo().username, comm: "claude", args: "claude --prompt hi" },
+    ];
+    const findings = await runScanOnce({
+      cwd: root,
+      detectorOptions: { processes: fakeProcs, hostId: "test-host" },
+    });
+    assert.equal(findings.length, 1);
+    const date = new Date().toISOString().slice(0, 10);
+    const file = path.join(root, ".context", "audit", `host-events-${date}.jsonl`);
+    const events = fs.readFileSync(file, "utf8").trim().split("\n").map(JSON.parse);
+    assert.equal(events.length, 1);
+    assert.equal(events[0].event_type, "ungoverned_ai_session_detected");
+    assert.equal(events[0].cli, "claude");
+    assert.equal(events[0].mode, "advisory");
+    assert.equal(events[0].action, "logged");
+    assert.equal(events[0].host_id, "test-host");
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("runScanOnce: enforced mode marks action=sigterm but our mock doesn't actually signal real procs", async () => {
+  const { root } = makeWorkspace("enforced");
+  try {
+    const me = os.userInfo().username;
+    const fakeProcs = [
+      { pid: 99999, ppid: 1, user: me, comm: "claude", args: "claude --prompt hi" },
+    ];
+    let killed = null;
+    // Monkey-patch process.kill for the test (the enforce function uses it as default).
+    const origKill = process.kill;
+    process.kill = (pid, sig) => {
+      killed = [pid, sig];
+    };
+    try {
+      const findings = await runScanOnce({
+        cwd: root,
+        detectorOptions: { processes: fakeProcs, hostId: "test-host" },
+      });
+      assert.equal(findings.length, 1);
+    } finally {
+      process.kill = origKill;
+    }
+    const date = new Date().toISOString().slice(0, 10);
+    const file = path.join(root, ".context", "audit", `host-events-${date}.jsonl`);
+    const events = fs.readFileSync(file, "utf8").trim().split("\n").map(JSON.parse);
+    assert.equal(events[0].mode, "enforced");
+    assert.equal(events[0].action, "sigterm");
+    assert.deepEqual(killed, [99999, "SIGTERM"]);
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("runScanOnce: emits onFinding callback per detection", async () => {
+  const { root } = makeWorkspace("advisory");
+  try {
+    const fakeProcs = [
+      { pid: 200, ppid: 1, user: "alice", comm: "codex", args: "codex --prompt hi" },
+      { pid: 300, ppid: 1, user: "alice", comm: "copilot", args: "copilot --prompt hi" },
+    ];
+    const seen = [];
+    await runScanOnce({
+      cwd: root,
+      mode: "advisory",
+      detectorOptions: { processes: fakeProcs },
+      onFinding: (f) => seen.push({ cli: f.cli, action: f.action }),
+    });
+    assert.equal(seen.length, 2);
+    assert.deepEqual(seen.map((s) => s.cli).sort(), ["codex", "copilot"]);
+    for (const s of seen) assert.equal(s.action, "logged");
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("runScanOnce: skips Tier 1 CLIs that already have managed installs", async () => {
+  const { root } = makeWorkspace("enforced");
+  const managedClaudePath = path.join(root, "managed-settings.json");
+  fs.writeFileSync(managedClaudePath, "{}\n");
+  const managedCodexPath = path.join(root, "requirements.toml");
+  fs.writeFileSync(managedCodexPath, "# managed\n");
+  fs.writeFileSync(
+    path.join(root, ".context", "govern.local.json"),
+    JSON.stringify({
+      installs: {
+        claude: {
+          mode: "enforced",
+          path: managedClaudePath,
+          version: "v1",
+          frameworks: [],
+          installed_at: "now",
+        },
+        codex: {
+          mode: "enforced",
+          path: managedCodexPath,
+          version: "v2",
+          frameworks: [],
+          installed_at: "now",
+        },
+      },
+    }),
+  );
+  try {
+    const fakeProcs = [
+      { pid: 200, ppid: 1, user: os.userInfo().username, comm: "claude", args: "claude --prompt hi" },
+      { pid: 300, ppid: 1, user: os.userInfo().username, comm: "codex", args: "codex exec hi" },
+      { pid: 400, ppid: 1, user: os.userInfo().username, comm: "copilot", args: "copilot suggest" },
+    ];
+    const findings = await runScanOnce({
+      cwd: root,
+      mode: "enforced",
+      detectorOptions: { processes: fakeProcs, hostId: "test-host" },
+    });
+    assert.equal(findings.length, 1);
+    assert.equal(findings[0].cli, "copilot");
+    const date = new Date().toISOString().slice(0, 10);
+    const file = path.join(root, ".context", "audit", `host-events-${date}.jsonl`);
+    const events = fs.readFileSync(file, "utf8").trim().split("\n").map(JSON.parse);
+    assert.equal(events.length, 1);
+    assert.equal(events[0].cli, "copilot");
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});
+test("startUngovernedScanner: stop() halts further ticks", async () => {
+  const { root } = makeWorkspace("advisory");
+  try {
+    let calls = 0;
+    const handle = startUngovernedScanner({
+      cwd: root,
+      intervalMs: 50,
+      mode: "advisory",
+      detectorOptions: { processes: [] },
+      onFinding: () => {
+        calls += 1;
+      },
+    });
+    // Wait a moment to allow at least the immediate tick.
+    await new Promise((resolve) => setTimeout(resolve, 20));
+    handle.stop();
+    assert.equal(handle.isRunning(), false);
+  } finally {
+    fs.rmSync(root, { recursive: true, force: true });
+  }
+});