@danielblomma/cortex-mcp 1.7.1 → 2.0.2

package/scaffold/mcp/src/cli/run.ts

@@ -0,0 +1,306 @@
+import { spawn } from "node:child_process";
+import {
+  existsSync,
+  readFileSync,
+  writeFileSync,
+  unlinkSync,
+  mkdirSync,
+  chmodSync,
+} from "node:fs";
+import { join, dirname } from "node:path";
+import { platform, tmpdir } from "node:os";
+import { randomUUID } from "node:crypto";
+
+export type RunCli = "claude" | "codex" | "copilot";
+export const RUN_CLIS: RunCli[] = ["claude", "codex", "copilot"];
+
+// Inline ANSI helper. Kept here (rather than imported from bin/style.mjs) so
+// the scaffold MCP stays self-contained — projects bundle scaffold/ on init
+// but do not pull bin/ into their tree. Style stays brand-aligned: cyan accent
+// (xterm-256 code 81), graceful degrade when the stream is not a TTY or when
+// NO_COLOR / CORTEX_NO_COLOR are set.
+function runHeaderSupportsColor(): boolean {
+  if (process.env.NO_COLOR) return false;
+  if (process.env.CORTEX_NO_COLOR) return false;
+  if (process.env.TERM === "dumb") return false;
+  return Boolean(process.stderr.isTTY);
+}
+
+function runHeaderUnicodeOk(): boolean {
+  if (process.env.CORTEX_NO_UNICODE) return false;
+  const locale = process.env.LC_ALL || process.env.LC_CTYPE || process.env.LANG || "";
+  if (!locale) return process.platform !== "win32";
+  return /UTF-?8/i.test(locale);
+}
+
+export function buildRunHeader(label: string): string {
+  const glyph = runHeaderUnicodeOk() ? "▸" : ">";
+  if (!runHeaderSupportsColor()) {
+    return `${glyph} ${label}`;
+  }
+  return `\x1b[38;5;81m${glyph}\x1b[0m ${label}`;
+}
+
+export const SHIM_MARKER = "# cortex-shim-v1";
+
+export function isCortexShim(filePath: string): boolean {
+  try {
+    return readFileSync(filePath, "utf8").includes(SHIM_MARKER);
+  } catch {
+    return false;
+  }
+}
+
+export function findRealBinary(name: string, excludePaths: string[] = []): string | null {
+  const exclusions = new Set(excludePaths);
+  const pathDirs = (process.env.PATH ?? "").split(":");
+  for (const dir of pathDirs) {
+    if (!dir) continue;
+    const candidate = join(dir, name);
+    if (exclusions.has(candidate)) continue;
+    if (!existsSync(candidate)) continue;
+    if (isCortexShim(candidate)) continue;
+    return candidate;
+  }
+  return null;
+}
+
+export function buildDarwinSandboxProfile(homeDir: string): string {
+  return [
+    "(version 1)",
+    "(allow default)",
+    "; Cortex Tier 2 (wrap) profile for Copilot CLI.",
+    "; Deny writes to Copilot's mutable config locations so AI cannot",
+    "; reconfigure itself out of governance.",
+    `(deny file-write* (subpath "${homeDir}/.copilot"))`,
+    `(deny file-write* (subpath "${homeDir}/.copilot.local"))`,
+    '(deny file-write* (regex #"^/etc/copilot"))',
+    "",
+  ].join("\n");
+}
+
+export function buildLinuxBwrapArgs(
+  homeDir: string,
+  realBinary: string,
+  args: string[],
+): string[] {
+  return [
+    "--die-with-parent",
+    "--unshare-user",
+    "--ro-bind",
+    "/",
+    "/",
+    "--proc",
+    "/proc",
+    "--dev",
+    "/dev",
+    "--bind",
+    homeDir,
+    homeDir,
+    "--tmpfs",
+    `${homeDir}/.copilot`,
+    "--tmpfs",
+    `${homeDir}/.copilot.local`,
+    "--ro-bind",
+    "/etc",
+    "/etc",
+    "--",
+    realBinary,
+    ...args,
+  ];
+}
+
+export type RunOptions = {
+  cli: RunCli;
+  args: string[];
+  realBinary?: string;
+  excludePaths?: string[];
+};
+
+function spawnAndWait(cmd: string, args: string[], extraEnv?: Record<string, string>): Promise<number> {
+  return new Promise((resolve) => {
+    const env = extraEnv ? { ...process.env, ...extraEnv } : process.env;
+    const child = spawn(cmd, args, { stdio: "inherit", env });
+    child.on("exit", (code, signal) => {
+      if (signal) resolve(128);
+      else resolve(code ?? 1);
+    });
+    child.on("error", (err) => {
+      console.error(`✗ Failed to spawn ${cmd}: ${err.message}`);
+      resolve(127);
+    });
+  });
+}
+
+export async function runAiCli(options: RunOptions): Promise<number> {
+  const { cli, args } = options;
+  const real =
+    options.realBinary ?? findRealBinary(cli, options.excludePaths ?? []);
+  if (!real) {
+    const exclusions = options.excludePaths?.length
+      ? ` (excluding ${options.excludePaths.join(", ")})`
+      : "";
+    console.error(`✗ Could not find '${cli}' binary in PATH${exclusions}.`);
+    return 127;
+  }
+
+  if (cli !== "copilot") {
+    return spawnAndWait(real, args);
+  }
+
+  const home = process.env.HOME ?? "";
+  if (!home) {
+    console.error("✗ HOME not set — required for Copilot wrap profile.");
+    return 1;
+  }
+
+  const proxyPort = process.env.CORTEX_EGRESS_PROXY_PORT ?? "18888";
+  const proxyEnv: Record<string, string> = {
+    HTTPS_PROXY: `http://127.0.0.1:${proxyPort}`,
+    HTTP_PROXY: `http://127.0.0.1:${proxyPort}`,
+    https_proxy: `http://127.0.0.1:${proxyPort}`,
+    http_proxy: `http://127.0.0.1:${proxyPort}`,
+  };
+
+  const os = platform();
+  if (os === "darwin") {
+    const profile = buildDarwinSandboxProfile(home);
+    const tmpProfile = join(tmpdir(), `cortex-copilot-${randomUUID()}.sb`);
+    writeFileSync(tmpProfile, profile);
+    try {
+      process.stderr.write(buildRunHeader("cortex run copilot — Tier 2 wrap (sandbox-exec)") + "\n");
+      return await spawnAndWait("sandbox-exec", ["-f", tmpProfile, real, ...args], proxyEnv);
+    } finally {
+      try {
+        unlinkSync(tmpProfile);
+      } catch {
+        // best-effort cleanup
+      }
+    }
+  }
+  if (os === "linux") {
+    process.stderr.write(buildRunHeader("cortex run copilot — Tier 2 wrap (bwrap)") + "\n");
+    return spawnAndWait("bwrap", buildLinuxBwrapArgs(home, real, args), proxyEnv);
+  }
+  console.error(`✗ Tier 2 (wrap) for copilot not yet supported on ${os}.`);
+  return 1;
+}
+
+const DEFAULT_COPILOT_SHIM_PATHS: Partial<Record<NodeJS.Platform, string>> = {
+  darwin: "/usr/local/bin/copilot",
+  linux: "/usr/local/bin/copilot",
+};
+
+export function getDefaultCopilotShimPath(os: NodeJS.Platform): string {
+  const path = DEFAULT_COPILOT_SHIM_PATHS[os];
+  if (!path) {
+    throw new Error(`copilot shim install not yet supported on ${os}`);
+  }
+  return path;
+}
+
+export function buildCopilotShim(realBinary: string): string {
+  return [
+    "#!/bin/sh",
+    SHIM_MARKER,
+    "# Cortex Tier 2 wrap shim — re-execs through 'cortex run copilot'.",
+    "# Direct invocations of copilot are routed through cortex's OS sandbox.",
+    `# Real binary captured at install time: ${realBinary}`,
+    "",
+    'CORTEX="${CORTEX_BIN:-cortex}"',
+    'exec "$CORTEX" run copilot "$@"',
+    "",
+  ].join("\n");
+}
+
+export type InstallShimOptions = {
+  shimPath?: string;
+  realBinary?: string;
+  searchPath?: string;
+};
+
+export type InstallShimResult = {
+  ok: boolean;
+  message: string;
+  shimPath?: string;
+  realBinary?: string;
+};
+
+export function installCopilotShim(options: InstallShimOptions = {}): InstallShimResult {
+  const shimPath = options.shimPath ?? getDefaultCopilotShimPath(platform());
+  const search = options.searchPath ?? process.env.PATH ?? "";
+  const real =
+    options.realBinary ??
+    findRealBinaryIn(search, "copilot", [shimPath]);
+  if (!real) {
+    return {
+      ok: false,
+      message:
+        `Copilot CLI not found in PATH (excluding ${shimPath}). ` +
+        "Install GitHub Copilot CLI first, then re-run cortex enterprise sync.",
+    };
+  }
+  if (existsSync(shimPath) && !isCortexShim(shimPath)) {
+    return {
+      ok: false,
+      message:
+        `${shimPath} exists and is not a cortex shim — refusing to overwrite. ` +
+        "Move/rename the existing file, then re-run.",
+    };
+  }
+  try {
+    mkdirSync(dirname(shimPath), { recursive: true });
+    writeFileSync(shimPath, buildCopilotShim(real));
+    chmodSync(shimPath, 0o755);
+  } catch (err) {
+    return {
+      ok: false,
+      message: `Failed to write shim at ${shimPath}: ${err instanceof Error ? err.message : String(err)}`,
+    };
+  }
+  return {
+    ok: true,
+    message: `Installed copilot shim at ${shimPath} (real binary: ${real})`,
+    shimPath,
+    realBinary: real,
+  };
+}
+
+function findRealBinaryIn(
+  searchPath: string,
+  name: string,
+  excludePaths: string[],
+): string | null {
+  const exclusions = new Set(excludePaths);
+  for (const dir of searchPath.split(":")) {
+    if (!dir) continue;
+    const candidate = join(dir, name);
+    if (exclusions.has(candidate)) continue;
+    if (!existsSync(candidate)) continue;
+    if (isCortexShim(candidate)) continue;
+    return candidate;
+  }
+  return null;
+}
+
+export function uninstallCopilotShim(shimPath?: string): { ok: boolean; message: string } {
+  const target = shimPath ?? getDefaultCopilotShimPath(platform());
+  if (!existsSync(target)) {
+    return { ok: true, message: `${target} already absent.` };
+  }
+  if (!isCortexShim(target)) {
+    return {
+      ok: false,
+      message: `${target} is no longer a cortex shim — refusing to delete (would clobber a real binary).`,
+    };
+  }
+  try {
+    unlinkSync(target);
+  } catch (err) {
+    return {
+      ok: false,
+      message: `Failed to remove ${target}: ${err instanceof Error ? err.message : String(err)}`,
+    };
+  }
+  return { ok: true, message: `Removed copilot shim at ${target}` };
+}

package/scaffold/mcp/src/cli/telemetry-test.ts

@@ -0,0 +1,158 @@
+import { basename, join } from "node:path";
+import { existsSync, readFileSync } from "node:fs";
+import { createHash } from "node:crypto";
+import { hostname, platform, arch } from "node:os";
+import {
+  loadEnterpriseConfig,
+  resolveEnterpriseActivation,
+} from "../core/config.js";
+import { pushMetrics } from "../enterprise/telemetry/sync.js";
+import type { TelemetryMetrics } from "../core/telemetry/collector.js";
+
+/**
+ * Smoke-test the telemetry pipeline end-to-end.
+ *
+ *   $ cortex telemetry test
+ *
+ * Reads .context/enterprise.yml, builds a synthetic-but-valid metrics
+ * payload, sends it to the configured endpoint, and reports the result
+ * with actionable diagnostics on failure.
+ *
+ * This exists because the silent-failure path (push fails, dashboard
+ * stays empty, no error surfaces anywhere) was the original v2.0.0
+ * motivator. The smoke-test gives users a single command to verify
+ * their entire pipeline.
+ */
+
+function readMachineId(contextDir: string): string {
+  const path = join(contextDir, "telemetry", "machine_id");
+  if (existsSync(path)) {
+    try {
+      const id = readFileSync(path, "utf8").trim();
+      if (id) return id;
+    } catch {
+      // fall through to compute one
+    }
+  }
+  return createHash("sha256")
+    .update(`${hostname()}|${platform()}|${arch()}|test`)
+    .digest("hex")
+    .slice(0, 16);
+}
+
+function buildSyntheticMetrics(instanceId: string, version: string): TelemetryMetrics {
+  const now = new Date();
+  const periodStart = new Date(now.getTime() - 60_000).toISOString();
+  const periodEnd = now.toISOString();
+  return {
+    period_start: periodStart,
+    period_end: periodEnd,
+    total_tool_calls: 1,
+    successful_tool_calls: 1,
+    failed_tool_calls: 0,
+    total_duration_ms: 100,
+    session_starts: 1,
+    session_ends: 1,
+    session_duration_ms_total: 100,
+    searches: 1,
+    related_lookups: 0,
+    caller_lookups: 0,
+    trace_lookups: 0,
+    impact_analyses: 0,
+    rule_lookups: 0,
+    reloads: 0,
+    total_results_returned: 1,
+    estimated_tokens_saved: 100,
+    estimated_tokens_total: 500,
+    client_version: version,
+    instance_id: instanceId,
+    tool_metrics: {
+      "telemetry.test": {
+        calls: 1,
+        failures: 0,
+        total_duration_ms: 100,
+        total_results_returned: 1,
+        estimated_tokens_saved: 100,
+      },
+    },
+  };
+}
+
+export async function runTelemetryTest(): Promise<number> {
+  const projectRoot = process.env.CORTEX_PROJECT_ROOT?.trim() || process.cwd();
+  const contextDir = join(projectRoot, ".context");
+
+  if (!existsSync(contextDir)) {
+    console.error(`No .context directory at ${projectRoot}`);
+    console.error(`Run 'cortex init --bootstrap' first.`);
+    return 1;
+  }
+
+  const config = loadEnterpriseConfig(contextDir);
+  const activation = resolveEnterpriseActivation(config);
+
+  console.log(`Project:           ${projectRoot}`);
+  console.log(`Enterprise active: ${activation.active} (${activation.reason})`);
+
+  if (!activation.active) {
+    console.error("");
+    console.error("Cannot run telemetry test in community mode.");
+    console.error("Configure .context/enterprise.yml with valid api_key + endpoint.");
+    return 1;
+  }
+
+  if (!config.telemetry.enabled) {
+    console.error("");
+    console.error("telemetry.enabled is false in enterprise.yml");
+    return 1;
+  }
+
+  console.log(`Endpoint:          ${config.telemetry.endpoint}`);
+  console.log(`API key prefix:    ${config.telemetry.api_key.slice(0, 8)}...`);
+
+  const instanceId = readMachineId(contextDir);
+  const version = process.env.CORTEX_VERSION ?? "telemetry-test";
+  const metrics = buildSyntheticMetrics(instanceId, version);
+
+  console.log("");
+  console.log("Sending synthetic metrics...");
+
+  const start = Date.now();
+  const result = await pushMetrics(
+    metrics,
+    config.telemetry.endpoint,
+    config.telemetry.api_key,
+    { repo: basename(projectRoot) },
+  );
+  const elapsed = Date.now() - start;
+
+  if (result.success) {
+    console.log("");
+    console.log(`✓ Push succeeded in ${elapsed}ms (HTTP ${result.status})`);
+    console.log("");
+    console.log("Next: open the dashboard. The synthetic event should appear within 60s.");
+    console.log("If it does not, the issue is on the server (ingest or read path),");
+    console.log("not the client.");
+    return 0;
+  }
+
+  console.error("");
+  console.error(`✗ Push failed after ${elapsed}ms: ${result.error ?? "unknown"}`);
+  console.error("");
+  if (result.status === 401) {
+    console.error("  → API key was rejected. Check that the key in enterprise.yml");
+    console.error("    matches a row in cortex-web's api_keys table and is not");
+    console.error("    revoked or expired.");
+  } else if (result.status === 403) {
+    console.error("  → API key lacks 'telemetry' scope. Add the scope in cortex-web.");
+  } else if (result.status === 400) {
+    console.error("  → Payload schema rejected. Likely a client/server version skew.");
+    console.error("    Check telemetryPushSchema vs TelemetryMetrics.");
+  } else if (result.status && result.status >= 500) {
+    console.error("  → Server error. Check cortex-web logs and DB connectivity.");
+  } else {
+    console.error("  → Network error. Verify endpoint is reachable from this machine.");
+    console.error(`     curl -I ${config.telemetry.endpoint}`);
+  }
+  return 1;
+}

package/scaffold/mcp/src/cli/ungoverned-detector.ts

@@ -0,0 +1,168 @@
+import { execSync } from "node:child_process";
+import { basename } from "node:path";
+import { hostname, userInfo } from "node:os";
+
+export type ProcessSnapshot = {
+  pid: number;
+  ppid: number;
+  user: string;
+  comm: string;
+  args: string;
+};
+
+export const DEFAULT_AI_BINARIES = [
+  "claude",
+  "codex",
+  "copilot",
+  "gemini-cli",
+  "gemini",
+  "aider",
+  "cursor",
+];
+
+export type UngovernedFinding = {
+  pid: number;
+  ppid: number;
+  user: string;
+  cli: string;
+  binary: string;
+  args: string;
+  parent_chain: number[];
+  detected_at: string;
+  host_id: string;
+};
+
+export type DetectorOptions = {
+  knownBinaries?: string[];
+  processes?: ProcessSnapshot[];
+  hostId?: string;
+};
+
+const PS_LINE_RE = /^\s*(\d+)\s+(\d+)\s+(\S+)\s+(\S+)\s*(.*)$/;
+
+export function listProcesses(): ProcessSnapshot[] {
+  try {
+    const out = execSync("ps -axo pid,ppid,user,comm,args", {
+      encoding: "utf8",
+      timeout: 5000,
+      maxBuffer: 8 * 1024 * 1024,
+    });
+    const lines = out.trim().split("\n").slice(1);
+    return lines
+      .map(parseProcessLine)
+      .filter((p): p is ProcessSnapshot => p !== null);
+  } catch {
+    return [];
+  }
+}
+
+export function parseProcessLine(line: string): ProcessSnapshot | null {
+  const m = line.match(PS_LINE_RE);
+  if (!m) return null;
+  const pid = parseInt(m[1], 10);
+  const ppid = parseInt(m[2], 10);
+  if (!Number.isFinite(pid) || !Number.isFinite(ppid)) return null;
+  return {
+    pid,
+    ppid,
+    user: m[3],
+    comm: m[4],
+    args: m[5] ?? "",
+  };
+}
+
+export function isCortexAncestor(args: string): boolean {
+  if (!args) return false;
+  // Accept invocations whose command line shows cortex orchestration:
+  //  - `cortex run ...`     → wrapper spawned the AI CLI (Tier 2 governed)
+  //  - `cortex enterprise`  → install-time orchestration
+  //  - `cortex daemon`      → daemon-supervised
+  //  - any path ending in `cortex.mjs` or named `cortex` followed by space/EOL
+  if (/\bcortex\s+run\b/.test(args)) return true;
+  if (/\bcortex\s+enterprise\b/.test(args)) return true;
+  if (/\bcortex\s+daemon\b/.test(args)) return true;
+  if (/\bcortex\s+hook\b/.test(args)) return true;
+  if (/\bcortex(\s|$)/.test(args)) return true;
+  if (/cortex\.mjs/.test(args)) return true;
+  return false;
+}
+
+function findCli(comm: string, knownBinaries: string[]): string | null {
+  const base = basename(comm);
+  return knownBinaries.includes(base) ? base : null;
+}
+
+export function detectUngoverned(options: DetectorOptions = {}): UngovernedFinding[] {
+  const known = options.knownBinaries ?? DEFAULT_AI_BINARIES;
+  const procs = options.processes ?? listProcesses();
+  const byPid = new Map<number, ProcessSnapshot>();
+  for (const p of procs) byPid.set(p.pid, p);
+
+  const hostId = options.hostId ?? hostname();
+  const findings: UngovernedFinding[] = [];
+
+  for (const proc of procs) {
+    const cli = findCli(proc.comm, known);
+    if (!cli) continue;
+    if (isCortexAncestor(proc.args)) continue;
+
+    const chain: number[] = [proc.pid];
+    let current: ProcessSnapshot | undefined = byPid.get(proc.ppid);
+    let governed = false;
+    let depth = 0;
+    while (current && current.pid > 1 && depth < 32) {
+      chain.push(current.pid);
+      if (isCortexAncestor(current.args)) {
+        governed = true;
+        break;
+      }
+      const next: ProcessSnapshot | undefined = byPid.get(current.ppid);
+      if (!next || next.pid === current.pid) break;
+      current = next;
+      depth += 1;
+    }
+
+    if (!governed) {
+      findings.push({
+        pid: proc.pid,
+        ppid: proc.ppid,
+        user: proc.user,
+        cli,
+        binary: proc.comm,
+        args: proc.args,
+        parent_chain: chain,
+        detected_at: new Date().toISOString(),
+        host_id: hostId,
+      });
+    }
+  }
+
+  return findings;
+}
+
+export type EnforcementMode = "advisory" | "enforced";
+export type EnforcementAction = "logged" | "sigterm" | "skipped_cross_user";
+
+export type EnforceOptions = {
+  mode: EnforcementMode;
+  sendSignal?: (pid: number, signal: NodeJS.Signals) => void;
+  currentUser?: string;
+};
+
+export function enforceFinding(
+  finding: UngovernedFinding,
+  options: EnforceOptions,
+): EnforcementAction {
+  if (options.mode !== "enforced") return "logged";
+  const me = options.currentUser ?? userInfo().username;
+  if (finding.user !== me) {
+    return "skipped_cross_user";
+  }
+  const send = options.sendSignal ?? ((pid, sig) => process.kill(pid, sig));
+  try {
+    send(finding.pid, "SIGTERM");
+  } catch {
+    // process exited between detection and signal — best-effort
+  }
+  return "sigterm";
+}

package/scaffold/mcp/src/core/audit/query.ts

@@ -0,0 +1,81 @@
+import { readFileSync, readdirSync } from "node:fs";
+import { join } from "node:path";
+import type { AuditEntry } from "./writer.js";
+
+export type AuditQuery = {
+  from?: string;
+  to?: string;
+  tool?: string;
+  event_type?: string;
+  evidence_level?: string;
+  status?: "success" | "error";
+  session_id?: string;
+  limit?: number;
+};
+
+const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
+
+export function queryAuditLog(contextDir: string, query: AuditQuery): AuditEntry[] {
+  const auditDir = join(contextDir, "audit");
+  const limit = query.limit ?? 50;
+
+  if (query.from && !DATE_RE.test(query.from)) return [];
+  if (query.to && !DATE_RE.test(query.to)) return [];
+
+  let files: string[];
+  try {
+    files = readdirSync(auditDir)
+      .filter(f => f.endsWith(".jsonl"))
+      .sort();
+  } catch {
+    return [];
+  }
+
+  // Filter files by date range
+  if (query.from) {
+    const fromFile = `${query.from}.jsonl`;
+    files = files.filter(f => f >= fromFile);
+  }
+  if (query.to) {
+    const toFile = `${query.to}.jsonl`;
+    files = files.filter(f => f <= toFile);
+  }
+
+  const results: AuditEntry[] = [];
+
+  // Read newest files first
+  for (const file of files.reverse()) {
+    if (results.length >= limit) break;
+
+    try {
+      const raw = readFileSync(join(auditDir, file), "utf8").trim();
+      if (!raw) continue;
+
+      const entries: AuditEntry[] = raw
+        .split("\n")
+        .map(line => {
+          try { return JSON.parse(line); }
+          catch { return null; }
+        })
+        .filter(Boolean)
+        .reverse(); // newest first within file
+
+      for (const entry of entries) {
+        if (results.length >= limit) break;
+
+        // Apply tool filter
+        if (query.tool && entry.tool !== query.tool) continue;
+        if (query.event_type && entry.event_type !== query.event_type) continue;
+        if (query.evidence_level && entry.evidence_level !== query.evidence_level) continue;
+        if (query.status && entry.status !== query.status) continue;
+        if (query.session_id && entry.session_id !== query.session_id) continue;
+
+        results.push(entry);
+      }
+    } catch {
+      // skip unreadable files
+    }
+  }
+
+  return results;
+}