@emilia-protocol/fire-drill 0.1.1 → 0.3.0

package/cli.mjs

@@ -12,7 +12,7 @@
  * @license Apache-2.0
  */
 import fs from 'node:fs';
-import { scan, TAGLINE } from './index.js';
+import { scan, TAGLINE, generatePullRequest } from './index.js';
 
 const argv = process.argv.slice(2);
 const flags = new Set(argv.filter((a) => a.startsWith('--')));
@@ -43,6 +43,12 @@ if (flags.has('--json')) {
   process.exit(report.eg1 === 'pass' ? 0 : 1);
 }
 
+if (flags.has('--pr')) {
+  const pr = generatePullRequest(report);
+  console.log(`# ${pr.title}\n\n${pr.body}`);
+  process.exit(report.eg1 === 'pass' ? 0 : 1);
+}
+
 const G = (s) => `\x1b[32m${s}\x1b[0m`;
 const R = (s) => `\x1b[31m${s}\x1b[0m`;
 const Y = (s) => `\x1b[33m${s}\x1b[0m`;

package/corpus.js

@@ -0,0 +1,53 @@
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * A representative sample of common MCP server tool surfaces, modeled on the
+ * publicly-documented tools of widely-used servers. This is a SAMPLE for the
+ * Report's computed figure — not the whole ecosystem. Point `corpus.mjs` at a
+ * directory of real manifests to compute the index over a larger corpus.
+ *
+ * Each entry is { name, manifest } where manifest is an MCP-style { tools }.
+ */
+export const REPRESENTATIVE_CORPUS = [
+  {
+    name: 'filesystem',
+    manifest: { tools: [{ name: 'read_file' }, { name: 'write_file' }, { name: 'list_directory' }, { name: 'delete_file', description: 'delete a file from disk' }, { name: 'move_file' }] },
+  },
+  {
+    name: 'github',
+    manifest: { tools: [{ name: 'get_repo' }, { name: 'create_issue' }, { name: 'delete_repository', description: 'delete a repo' }, { name: 'add_collaborator', description: 'grant access' }] },
+  },
+  {
+    name: 'postgres',
+    manifest: { tools: [{ name: 'query', description: 'run a read query' }, { name: 'execute_sql', description: 'run arbitrary SQL including DELETE and DROP' }] },
+  },
+  {
+    name: 'stripe',
+    manifest: { tools: [{ name: 'list_charges' }, { name: 'create_payout', description: 'pay out funds' }, { name: 'refund_charge', description: 'refund a charge' }] },
+  },
+  {
+    name: 'shopify',
+    manifest: { tools: [{ name: 'get_product' }, { name: 'delete_product', description: 'remove a product' }, { name: 'cancel_order', description: 'cancel a customer order' }] },
+  },
+  {
+    name: 'slack',
+    manifest: { tools: [{ name: 'post_message' }, { name: 'list_channels' }, { name: 'delete_message', description: 'delete a message' }] },
+  },
+  {
+    name: 'google-drive',
+    manifest: { tools: [{ name: 'search_files' }, { name: 'export_file', description: 'export and download a document' }, { name: 'delete_file' }] },
+  },
+  {
+    name: 'aws',
+    manifest: { tools: [{ name: 'describe_instances' }, { name: 'attach_user_policy', description: 'grant IAM permissions' }, { name: 'delete_user' }] },
+  },
+  {
+    name: 'notion',
+    manifest: { tools: [{ name: 'search' }, { name: 'create_page' }, { name: 'delete_block', description: 'delete content' }] },
+  },
+  {
+    name: 'weather (read-only)',
+    manifest: { tools: [{ name: 'get_forecast' }, { name: 'get_alerts' }, { name: 'list_stations' }] },
+  },
+];
+
+export default { REPRESENTATIVE_CORPUS };

package/corpus.mjs

@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+// SPDX-License-Identifier: Apache-2.0
+/**
+ * Agent Action Firewall Index — scan a corpus of MCP manifests / OpenAPI specs
+ * and aggregate. The number behind the Report.
+ *
+ *   node corpus.mjs <dir>     scan every *.json under <dir>
+ *   node corpus.mjs           scan the bundled representative sample
+ *   node corpus.mjs <dir> --json
+ *
+ * @license Apache-2.0
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { scan, aggregate } from './index.js';
+import { REPRESENTATIVE_CORPUS } from './corpus.js';
+
+const argv = process.argv.slice(2);
+const json = argv.includes('--json');
+const dir = argv.find((a) => !a.startsWith('--'));
+
+const reports = [];
+const labels = [];
+if (dir) {
+  const files = fs.readdirSync(dir).filter((f) => f.endsWith('.json'));
+  for (const f of files) {
+    try {
+      reports.push(scan(JSON.parse(fs.readFileSync(path.join(dir, f), 'utf8'))));
+      labels.push(f);
+    } catch (e) {
+      console.error(`skip ${f}: ${e.message}`);
+    }
+  }
+} else {
+  for (const { name, manifest } of REPRESENTATIVE_CORPUS) {
+    reports.push(scan(manifest));
+    labels.push(name);
+  }
+}
+
+const agg = aggregate(reports);
+
+if (json) {
+  console.log(JSON.stringify(agg, null, 2));
+  process.exit(0);
+}
+
+const R = (s) => `\x1b[31m${s}\x1b[0m`;
+const G = (s) => `\x1b[32m${s}\x1b[0m`;
+console.log('='.repeat(66));
+console.log('  Agent Action Firewall Index');
+console.log('='.repeat(66));
+reports.forEach((r, i) => {
+  const tag = r.eg1 === 'pass' ? G('EG-1') : R(`${r.summary.ungated} unguarded`);
+  console.log(`  ${String(r.score).padStart(3)}/100  ${labels[i].padEnd(22)} ${tag}`);
+});
+console.log('  ' + '-'.repeat(62));
+console.log(`  ${agg.servers} servers · ${R(`${agg.pct_servers_with_unguarded_action}%`)} expose a dangerous action with NO receipt requirement`);
+console.log(`  ${agg.unguarded_operations} unguarded dangerous operations · mean score ${agg.mean_score}/100`);
+console.log(`  by family: ${Object.entries(agg.by_family).map(([k, v]) => `${k}=${v}`).join(' · ') || 'none'}`);
+console.log('='.repeat(66));

package/index.js

@@ -188,8 +188,108 @@ export function buildReport(operations, targetType = 'unknown') {
 
 export const TAGLINE = 'If your agent can take an irreversible action without a receipt, you do not have control. You have hope.';
 
+// ── Shareable badge ──────────────────────────────────────────────────────────
+
+/** Approximate pixel width of a label segment (flat-badge sizing, no font metrics). */
+function segWidth(text) {
+  return Math.max(40, Math.round(String(text).length * 6.6) + 20);
+}
+
+/**
+ * A shields-style flat SVG badge: "agent action firewall | EG-1 Enforced".
+ * Green when EG-1 passes / score 100, amber for partial, red for fail.
+ * @param {object} o
+ * @param {'pass'|'fail'} [o.eg1]
+ * @param {number} [o.score]   0..100 — overrides the message with "N/100" when given
+ * @param {string} [o.label='agent action firewall']
+ */
+export function badgeSvg({ eg1, score, label = 'agent action firewall' } = {}) {
+  const hasScore = typeof score === 'number' && Number.isFinite(score);
+  const pass = eg1 === 'pass' || score === 100;
+  const message = hasScore ? `${score}/100` : (pass ? 'EG-1 Enforced' : 'EG-1 not earned');
+  const color = pass ? '#16A34A' : (hasScore && score >= 50 ? '#D97706' : '#DC2626');
+  const lw = segWidth(label);
+  const mw = segWidth(message);
+  const w = lw + mw;
+  const esc = (s) => String(s).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="${w}" height="20" role="img" aria-label="${esc(label)}: ${esc(message)}">`
+    + `<linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient>`
+    + `<rect rx="3" width="${w}" height="20" fill="#555"/>`
+    + `<rect rx="3" x="${lw}" width="${mw}" height="20" fill="${color}"/>`
+    + `<rect rx="3" width="${w}" height="20" fill="url(#s)"/>`
+    + `<g fill="#fff" text-anchor="middle" font-family="Verdana,DejaVu Sans,sans-serif" font-size="11">`
+    + `<text x="${lw / 2}" y="14">${esc(label)}</text>`
+    + `<text x="${lw + mw / 2}" y="14">${esc(message)}</text>`
+    + `</g></svg>`;
+}
+
+// ── Corpus aggregation (the Report) ──────────────────────────────────────────
+
+/**
+ * Aggregate many scan reports into one Agent Action Firewall Index — the figure
+ * behind the Report. Honest by construction: it only summarizes the reports it
+ * was given; the caller decides the corpus.
+ * @param {object[]} reports  buildReport() results
+ */
+export function aggregate(reports = []) {
+  const servers = reports.length;
+  let dangerous = 0;
+  let ungated = 0;
+  let withUnguarded = 0;
+  let scoreSum = 0;
+  const byFamily = {};
+  for (const r of reports) {
+    dangerous += r.summary.dangerous;
+    ungated += r.summary.ungated;
+    if (r.summary.ungated > 0) withUnguarded += 1;
+    scoreSum += r.score;
+    for (const f of (r.findings || [])) byFamily[f.family] = (byFamily[f.family] || 0) + 1;
+  }
+  return {
+    '@version': FIRE_DRILL_VERSION,
+    servers,
+    servers_with_unguarded_action: withUnguarded,
+    pct_servers_with_unguarded_action: servers ? Math.round((withUnguarded / servers) * 100) : 0,
+    dangerous_operations: dangerous,
+    unguarded_operations: ungated,
+    mean_score: servers ? Math.round(scoreSum / servers) : 100,
+    by_family: byFamily,
+  };
+}
+
+// ── Generate-PR ──────────────────────────────────────────────────────────────
+
+/**
+ * Turn a report into a ready-to-open pull request (title + Markdown body) that
+ * tells a maintainer exactly which dangerous tools to gate and how to earn EG-1.
+ * @param {object} report  a buildReport() result
+ * @param {object} [o]
+ * @param {string} [o.project] project/repo name for the title
+ */
+export function generatePullRequest(report, { project } = {}) {
+  const name = project ? ` for ${project}` : '';
+  const failing = report.findings || [];
+  const title = failing.length
+    ? `Require an EMILIA receipt for ${failing.length} high-risk action${failing.length > 1 ? 's' : ''}${name} (earn EG-1)`
+    : `Confirm EG-1 Enforced${name}`;
+  const lines = [];
+  lines.push(`## Agent Action Firewall: ${report.score}/100 (EG-1 ${report.eg1.toUpperCase()})`, '');
+  if (!failing.length) {
+    lines.push('No dangerous action can run without a receipt. This integration is **EG-1 Enforced**.', '');
+  } else {
+    lines.push('These tool calls can mutate money, data, permissions, or production **without an accountable human receipt**:', '');
+    for (const f of failing) lines.push(`- \`${f.operation}\` — ${f.family} — ${f.fix}`);
+    lines.push('', '### Fix', '', '```js', `import { createGate } from '@emilia-protocol/gate';`, `import { gateMcpTool } from '@emilia-protocol/gate/mcp';`, '', `const gate = createGate({ manifest, trustedKeys: [process.env.EMILIA_ISSUER] });`);
+    for (const f of failing) lines.push(`server.tool('${f.operation}', gateMcpTool(gate, { tool: '${f.operation}' }, handler));`);
+    lines.push('```', '', `Then \`npx @emilia-protocol/fire-drill <manifest>\` should report **EG-1 Enforced**.`);
+  }
+  lines.push('', '---', `_Generated by [@emilia-protocol/fire-drill](https://www.npmjs.com/package/@emilia-protocol/fire-drill) — the Agent Action Firewall Test._`);
+  return { title, body: lines.join('\n') };
+}
+
 export default {
   FIRE_DRILL_VERSION, TAGLINE,
   classifyOperation, detectReceiptGate, buildReport,
   scan, scanMcpManifest, scanOpenApi, scanToolList,
+  badgeSvg, generatePullRequest, aggregate,
 };

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@emilia-protocol/fire-drill",
-  "version": "0.1.1",
+  "version": "0.3.0",
   "description": "The Agent Action Firewall Test. Scan any MCP server manifest, OpenAPI spec, or tool list for dangerous actions an AI agent can take without an accountable human receipt — money movement, data destruction, production deploy, permission change, bulk export, regulated override. Reports an Agent Action Firewall score, the failing operations, the fix (EMILIA Gate), and EG-1 pass/fail. Static, zero-dependency, CI-friendly.",
   "license": "Apache-2.0",
   "type": "module",
   "main": "index.js",
   "bin": { "fire-drill": "cli.mjs" },
-  "exports": { ".": "./index.js", "./package.json": "./package.json" },
-  "files": ["index.js", "cli.mjs", "README.md"],
+  "exports": { ".": "./index.js", "./corpus.js": "./corpus.js", "./package.json": "./package.json" },
+  "files": ["index.js", "cli.mjs", "corpus.js", "corpus.mjs", "README.md"],
   "scripts": { "test": "node --test" },
   "keywords": ["emilia", "mcp", "mcp-security", "agent", "ai-safety", "ai-agent-security", "firewall", "openapi", "scanner", "fire-drill", "authorization", "receipt", "eg-1"]
 }