@easonwumac/computer-linker 0.1.2

package/dist/security.js

@@ -0,0 +1,108 @@
+import { execFileSync } from "node:child_process";
+import { loadConfig } from "./config.js";
+import { executableCommand, windowsVerbatimArgumentsOption } from "./platform-shell.js";
+export function securityDiagnostics(config = loadConfig()) {
+    const findings = [];
+    const host = config.host ?? "127.0.0.1";
+    const ownerTokenConfigured = Boolean(config.ownerToken);
+    if (!ownerTokenConfigured) {
+        findings.push({
+            id: "owner-token-missing",
+            severity: isLoopbackHost(host) ? "info" : "critical",
+            title: "Owner token is not configured",
+            detail: isLoopbackHost(host)
+                ? "HTTP mode is loopback-only without an owner token. Configure one before using a tunnel."
+                : "A non-loopback HTTP server without an owner token must not be exposed.",
+        });
+    }
+    if (ownerTokenConfigured && !config.publicBaseUrl) {
+        findings.push({
+            id: "public-base-url-missing",
+            severity: "warning",
+            title: "Public base URL is not configured",
+            detail: "OAuth clients behind Cloudflare or Tailscale need publicBaseUrl to match the reachable origin.",
+        });
+    }
+    if (config.publicBaseUrl && !isHttpsUrl(config.publicBaseUrl)) {
+        findings.push({
+            id: "public-base-url-not-https",
+            severity: "warning",
+            title: "Public base URL is not HTTPS",
+            detail: "Cloud-hosted MCP clients such as ChatGPT need a reachable HTTPS origin rather than localhost or plain HTTP.",
+        });
+    }
+    if (!isLoopbackHost(host)) {
+        findings.push({
+            id: "non-loopback-host",
+            severity: "warning",
+            title: "HTTP server listens beyond loopback",
+            detail: `host is ${host}. Use owner token, OAuth, and a network layer such as Tailscale or Cloudflare Access.`,
+        });
+    }
+    for (const workspace of config.workspaces) {
+        if (workspace.permissions.shell) {
+            findings.push({
+                id: "shell-broad-access",
+                severity: "warning",
+                title: "Shell permission is broad",
+                detail: "Computer Linker starts commands in the workspace, but the OS shell itself is not a filesystem sandbox.",
+                workspaceId: workspace.id,
+            });
+        }
+        if ((workspace.permissions.shell || workspace.permissions.codex) && !workspace.policy?.allowedCommands?.length) {
+            findings.push({
+                id: "command-allowlist-missing",
+                severity: "warning",
+                title: "Command allowlist is missing",
+                detail: "This scope allows local execution without an allowedCommands policy. Commands remain cwd-bound, not filesystem-sandboxed.",
+                workspaceId: workspace.id,
+            });
+        }
+        if (workspace.permissions.codex) {
+            findings.push({
+                id: "codex-broad-access",
+                severity: commandAvailable("codex") ? "warning" : "critical",
+                title: "Codex permission is broad",
+                detail: commandAvailable("codex")
+                    ? "Computer Linker starts codex in the workspace, but codex may invoke tools with broader OS access."
+                    : "This workspace allows codex, but the codex CLI was not found on PATH.",
+                workspaceId: workspace.id,
+            });
+        }
+    }
+    if (findings.length === 0) {
+        findings.push({
+            id: "security-baseline-ok",
+            severity: "info",
+            title: "No immediate security findings",
+            detail: "Workspace access is limited to read/write operations unless shell or codex permissions are enabled.",
+        });
+    }
+    return findings;
+}
+function isLoopbackHost(host) {
+    return host === "127.0.0.1" || host === "localhost" || host === "::1";
+}
+function isHttpsUrl(value) {
+    try {
+        return new URL(value).protocol === "https:";
+    }
+    catch {
+        return false;
+    }
+}
+function commandAvailable(command) {
+    try {
+        const invocation = executableCommand(command, ["--version"]);
+        execFileSync(invocation.command, invocation.args, {
+            encoding: "utf8",
+            timeout: 1500,
+            stdio: ["ignore", "pipe", "pipe"],
+            ...windowsVerbatimArgumentsOption(invocation),
+        });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/sensitive-files.d.ts

@@ -0,0 +1,4 @@
+export declare const SENSITIVE_FILE_RG_GLOBS: string[];
+export declare function sensitiveFileRgGlobArgs(): string[];
+export declare function isSensitiveWorkspacePath(path: string): boolean;
+export declare function assertNonSensitiveWorkspacePath(path: string, operation?: string): void;

package/dist/sensitive-files.js

@@ -0,0 +1,96 @@
+import { basename, dirname } from "node:path";
+const SENSITIVE_DIRECTORY_NAMES = new Set([
+    ".aws",
+    ".azure",
+    ".docker",
+    ".gcloud",
+    ".gnupg",
+    ".ssh",
+]);
+const SENSITIVE_FILE_NAMES = new Set([
+    ".env",
+    ".netrc",
+    ".npmrc",
+    ".pypirc",
+    "credentials",
+    "credentials.json",
+    "id_dsa",
+    "id_ecdsa",
+    "id_ed25519",
+    "id_rsa",
+    "secrets.json",
+    "service-account.json",
+]);
+const ALLOWED_EXAMPLE_FILE_NAMES = new Set([
+    ".env.example",
+    ".env.sample",
+    ".env.template",
+]);
+const SENSITIVE_EXTENSIONS = [
+    ".key",
+    ".kdbx",
+    ".p12",
+    ".pem",
+    ".pfx",
+];
+export const SENSITIVE_FILE_RG_GLOBS = [
+    "!**/.aws/**",
+    "!**/.azure/**",
+    "!**/.docker/config.json",
+    "!**/.env",
+    "!**/.env.*",
+    "!**/.gcloud/**",
+    "!**/.gnupg/**",
+    "!**/.netrc",
+    "!**/.npmrc",
+    "!**/.pypirc",
+    "!**/.ssh/**",
+    "!**/*credentials*.json",
+    "!**/*secret*.json",
+    "!**/*.kdbx",
+    "!**/*.key",
+    "!**/*.p12",
+    "!**/*.pem",
+    "!**/*.pfx",
+    "!**/id_dsa",
+    "!**/id_ecdsa",
+    "!**/id_ed25519",
+    "!**/id_rsa",
+    "!**/service-account*.json",
+];
+export function sensitiveFileRgGlobArgs() {
+    return SENSITIVE_FILE_RG_GLOBS.flatMap((glob) => ["--glob", glob]);
+}
+export function isSensitiveWorkspacePath(path) {
+    const portablePath = path.replaceAll("\\", "/");
+    const parts = portablePath.split("/").filter(Boolean);
+    if (parts.length === 0)
+        return false;
+    if (parts.some((part) => SENSITIVE_DIRECTORY_NAMES.has(part.toLowerCase()))) {
+        const base = parts.at(-1)?.toLowerCase() ?? "";
+        if (base === "known_hosts" || base.endsWith(".pub"))
+            return false;
+        return true;
+    }
+    const name = basename(portablePath).toLowerCase();
+    if (ALLOWED_EXAMPLE_FILE_NAMES.has(name))
+        return false;
+    if (SENSITIVE_FILE_NAMES.has(name))
+        return true;
+    if (name.startsWith(".env."))
+        return true;
+    if (SENSITIVE_EXTENSIONS.some((extension) => name.endsWith(extension)))
+        return true;
+    if (/(^|[-_.])(secret|secrets|credential|credentials)([-_.]|$)/i.test(name))
+        return true;
+    if (/^service-account[-_.].*\.json$/i.test(name))
+        return true;
+    const parent = basename(dirname(portablePath)).toLowerCase();
+    return parent === ".docker" && name === "config.json";
+}
+export function assertNonSensitiveWorkspacePath(path, operation = "read") {
+    if (!isSensitiveWorkspacePath(path))
+        return;
+    throw new Error(`Sensitive file ${operation} is blocked by default: ${path}. ` +
+        "Move secrets outside the workspace before exposing it to an MCP client.");
+}

package/dist/server.d.ts

@@ -0,0 +1,9 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function createLocalPortMcpServer(): McpServer;
+export declare function serveStdio(): Promise<void>;
+export declare function serveHttp(): {
+    url: string;
+    publicUrl: string;
+    apiUrl: string;
+    close(): void;
+};