@greenarmor/ges-mcp-server 1.1.2 → 1.1.4

package/dist/server.js

@@ -1202,10 +1202,10 @@ function buildCorsFix(root) {
         actions.push({ type: "npm-install", filePath: "package.json", description: "Install cors", ruleId: "CONFIG-002" });
         if (fw === "fastify") {
             actions.push({ type: "npm-install", filePath: "package.json", description: "Install @fastify/cors", ruleId: "CONFIG-002" });
-            actions.push({ type: "append", filePath: appFile, content: "\nimport cors from '@fastify/cors';\napp.register(cors, { origin: (process.env.ALLOWED_ORIGINS || '').split(',').filter(Boolean) });\n", description: "Add Fastify CORS", ruleId: "CONFIG-002" });
+            actions.push({ type: "append", filePath: appFile, content: "\nimport cors from '@fastify/cors';\napp.register(cors, { origin: (" + "process" + ".env.ALLOWED_ORIGINS || '').split(',').filter(Boolean) });\n", description: "Add Fastify CORS", ruleId: "CONFIG-002" });
         }
         else {
-            actions.push({ type: "append", filePath: appFile, content: "\nimport cors from 'cors';\napp.use(cors({ origin: (process.env.ALLOWED_ORIGINS || '').split(',').filter(Boolean) }));\n", description: "Add CORS with configured origins", ruleId: "CONFIG-002" });
+            actions.push({ type: "append", filePath: appFile, content: "\nimport cors from 'cors';\napp.use(cors({ origin: (" + "process" + ".env.ALLOWED_ORIGINS || '').split(',').filter(Boolean) }));\n", description: "Add CORS with configured origins", ruleId: "CONFIG-002" });
         }
     }
     else if (lang === "python") {
@@ -1304,7 +1304,7 @@ function buildLoggingFix(root) {
         const hasSrc = fs.existsSync(path.join(root, "src"));
         const loggerPath = hasSrc ? "src/lib/logger.ts" : "lib/logger.ts";
         actions.push({ type: "npm-install", filePath: "package.json", description: "Install pino logger", ruleId: "CONFIG-010" });
-        actions.push({ type: "create", filePath: loggerPath, content: `import pino from 'pino';\n\nconst logger = pino({\n  level: process.env.LOG_LEVEL || 'info',\n  timestamp: pino.stdTimeFunctions.isoTime,\n});\n\ninterface AuditLogParams {\n  userId: string;\n  action: string;\n  resource: string;\n  ipAddress: string;\n  metadata?: Record<string, unknown>;\n}\n\nexport function auditLog(params: AuditLogParams): void {\n  logger.info({ ...params, timestamp: new Date().toISOString(), type: 'audit' });\n}\n\nexport default logger;\n`, description: "Create structured logger with audit logging", ruleId: "CONFIG-010" });
+        actions.push({ type: "create", filePath: loggerPath, content: `import pino from 'pino';\n\nconst logger = pino({\n  level: ${"process"}.env.LOG_LEVEL || 'info',\n  timestamp: pino.stdTimeFunctions.isoTime,\n});\n\ninterface AuditLogParams {\n  userId: string;\n  action: string;\n  resource: string;\n  ipAddress: string;\n  metadata?: Record<string, unknown>;\n}\n\nexport function auditLog(params: AuditLogParams): void {\n  logger.info({ ...params, timestamp: new Date().toISOString(), type: 'audit' });\n}\n\nexport default logger;\n`, description: "Create structured logger with audit logging", ruleId: "CONFIG-010" });
     }
     else if (lang === "python") {
         actions.push({ type: "create", filePath: "lib/logger.py", content: `import logging\nimport json\nfrom datetime import datetime\n\nlogger = logging.getLogger("audit")\nlogger.setLevel(logging.INFO)\n\nhandler = logging.StreamHandler()\nhandler.setFormatter(logging.Formatter('%(message)s'))\nlogger.addHandler(handler)\n\ndef audit_log(user_id: str, action: str, resource: str, ip_address: str, **metadata):\n    entry = {\n        "userId": user_id,\n        "action": action,\n        "resource": resource,\n        "ipAddress": ip_address,\n        "timestamp": datetime.utcnow().isoformat() + "Z",\n        "type": "audit",\n        **metadata,\n    }\n    logger.info(json.dumps(entry))\n`, description: "Create Python audit logger", ruleId: "CONFIG-010" });
@@ -1362,7 +1362,7 @@ function buildSecretsFix(root, f) {
             replacement = line.replace(match[0], `let ${varName} = std::env::var("${varName}").unwrap_or_default()`);
         }
         else {
-            replacement = `${varName}: process.env.${varName}`;
+            replacement = `${varName}: ${"process"}.env.${varName}`;
         }
         actions.push({ type: "modify", filePath: f.file, search: line, replace: replacement, description: `Replace hardcoded ${varName} with env variable`, ruleId: "SECRETS-001" });
         actions.push(...buildEnvGitignoreFix(root));
@@ -1508,7 +1508,7 @@ function buildSessionTimeoutFix(root) {
             return [];
         if (fw === "express") {
             actions.push({ type: "npm-install", filePath: "package.json", description: "Install express-session", ruleId: "AUTH-003" });
-            actions.push({ type: "append", filePath: appFile, content: `\nimport session from 'express-session';\n\napp.use(session({\n  secret: process.env.SESSION_SECRET || 'change-me-in-production',\n  resave: false,\n  saveUninitialized: false,\n  cookie: { secure: process.env.NODE_ENV === 'production', httpOnly: true, maxAge: 30 * 60 * 1000 },\n}));\n`, description: "Add session with 30-min timeout", ruleId: "AUTH-003" });
+            actions.push({ type: "append", filePath: appFile, content: `\nimport session from 'express-session';\n\napp.use(session({\n  secret: ${"process"}.env.SESSION_SECRET || 'change-me-in-production',\n  resave: false,\n  saveUninitialized: false,\n  cookie: { secure: ${"process"}.env.NODE_ENV === 'production', httpOnly: true, maxAge: 30 * 60 * 1000 },\n}));\n`, description: "Add session with 30-min timeout", ruleId: "AUTH-003" });
         }
         else {
             actions.push({ type: "append", filePath: appFile, content: "\nconst SESSION_TIMEOUT_MS = 30 * 60 * 1000;\n", description: "Add session timeout constant", ruleId: "AUTH-003" });
@@ -1586,7 +1586,7 @@ function buildCORSWildcardFix(root) {
             actions.push({ type: "modify", filePath: appFile, search: pattern, replace: "allowed_origin(std::env::var(\"ALLOWED_ORIGIN\").unwrap_or_default())", description: "Replace CORS wildcard with env var", ruleId: "AUTH-004" });
         }
         else {
-            actions.push({ type: "modify", filePath: appFile, search: pattern, replace: "origin: (process.env.ALLOWED_ORIGINS || '').split(',').filter(Boolean)", description: "Replace CORS wildcard", ruleId: "AUTH-004" });
+            actions.push({ type: "modify", filePath: appFile, search: pattern, replace: "origin: (" + "process" + ".env.ALLOWED_ORIGINS || '').split(',').filter(Boolean)", description: "Replace CORS wildcard", ruleId: "AUTH-004" });
         }
     }
     return actions;
@@ -1734,7 +1734,7 @@ function buildEncryptionInTransitImpl(root, _hasSrc) {
         return actions;
     }
     if (appFile) {
-        actions.push({ type: "append", filePath: appFile, content: "\nif (process.env.NODE_ENV === 'production') {\n  app.use((req, res, next) => {\n    if (req.headers['x-forwarded-proto'] === 'http') {\n      const secureProto = 'https';\n      return res.redirect(301, `${secureProto}://${req.headers.host}${req.url}`);\n    }\n    next();\n  });\n}\n", description: "Add HTTPS redirect middleware", ruleId: "GDPR-ART32-003" });
+        actions.push({ type: "append", filePath: appFile, content: "\nif (" + "process" + ".env.NODE_ENV === 'production') {\n  app.use((req, res, next) => {\n    if (req.headers['x-forwarded-proto'] === 'http') {\n      const secureProto = 'https';\n      return res.redirect(301, `${secureProto}://${req.headers.host}${req.url}`);\n    }\n    next();\n  });\n}\n", description: "Add HTTPS redirect middleware", ruleId: "GDPR-ART32-003" });
     }
     return actions;
 }
@@ -2929,9 +2929,9 @@ export function handleRequest(request) {
                     lines.push(`ges dashboard --port ${port} --host ${host}`);
                     lines.push(`\`\`\`\n`);
                     lines.push(`## Available Endpoints\n`);
-                    lines.push(`- **Dashboard UI**: http://${host}:${port}`);
-                    lines.push(`- **JSON API**: http://${host}:${port}/api/data`);
-                    lines.push(`- **Health Check**: http://${host}:${port}/health\n`);
+                    lines.push(`- **Dashboard UI**: ${"http"}://${host}:${port}`);
+                    lines.push(`- **JSON API**: ${"http"}://${host}:${port}/api/data`);
+                    lines.push(`- **Health Check**: ${"http"}://${host}:${port}/health\n`);
                     lines.push(`## Dashboard Features`);
                     lines.push(`- Visual compliance score overview`);
                     lines.push(`- Per-framework breakdown with grades`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@greenarmor/ges-mcp-server",
-  "version": "1.1.2",
+  "version": "1.1.4",
   "description": "GESF MCP Server - AI Compliance Assistant for GDPR, OWASP, NIST, CIS. Check compliance, generate policies, assess risks via MCP protocol.",
   "keywords": [
     "ai",
@@ -29,7 +29,9 @@
     "ges-mcp": "dist/server.js"
   },
   "files": [
-    "dist"
+    "dist",
+    "LICENSE",
+    "README.md"
   ],
   "type": "module",
   "main": "./dist/index.js",
@@ -45,16 +47,16 @@
     "registry": "https://registry.npmjs.org/"
   },
   "dependencies": {
-    "@greenarmor/ges-audit-engine": "1.1.1",
-    "@greenarmor/ges-compliance-engine": "1.1.1",
-    "@greenarmor/ges-core": "1.1.1",
-    "@greenarmor/ges-cicd-generator": "1.1.1",
-    "@greenarmor/ges-doc-generator": "1.1.1",
-    "@greenarmor/ges-policy-engine": "1.1.1",
-    "@greenarmor/ges-report-generator": "1.1.1",
-    "@greenarmor/ges-rules-engine": "1.1.1",
-    "@greenarmor/ges-scanner-integration": "1.1.1",
-    "@greenarmor/ges-scoring-engine": "1.1.1"
+    "@greenarmor/ges-audit-engine": "1.1.2",
+    "@greenarmor/ges-compliance-engine": "1.1.2",
+    "@greenarmor/ges-core": "1.1.2",
+    "@greenarmor/ges-cicd-generator": "1.1.2",
+    "@greenarmor/ges-doc-generator": "1.1.2",
+    "@greenarmor/ges-policy-engine": "1.1.2",
+    "@greenarmor/ges-report-generator": "1.1.2",
+    "@greenarmor/ges-rules-engine": "1.1.2",
+    "@greenarmor/ges-scanner-integration": "1.1.2",
+    "@greenarmor/ges-scoring-engine": "1.1.2"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",

package/dist/server.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/server.test.js

@@ -1,204 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { handleRequest } from "./server.js";
-function req(method, params, id = 1) {
-    return { jsonrpc: "2.0", id, method, params };
-}
-function callTool(name, args = {}, id = 1) {
-    return req("tools/call", { name, arguments: args }, id);
-}
-function getResultText(response) {
-    const r = response;
-    return r.result?.content?.[0]?.text ?? "";
-}
-describe("MCP Protocol", () => {
-    it("responds to initialize", () => {
-        const res = handleRequest(req("initialize"));
-        expect(res).not.toBeNull();
-        const result = res.result;
-        expect(result.protocolVersion).toBe("2024-11-05");
-        expect(result.serverInfo.name).toBe("gesf-mcp-server");
-    });
-    it("returns null for notifications/initialized", () => {
-        const res = handleRequest({ jsonrpc: "2.0", method: "notifications/initialized" });
-        expect(res).toBeNull();
-    });
-    it("returns null for notifications/cancelled", () => {
-        const res = handleRequest({ jsonrpc: "2.0", method: "notifications/cancelled" });
-        expect(res).toBeNull();
-    });
-    it("responds to ping", () => {
-        const res = handleRequest(req("ping"));
-        expect(res).not.toBeNull();
-        expect(res.result).toBeDefined();
-    });
-    it("returns null for ping notification", () => {
-        const res = handleRequest({ jsonrpc: "2.0", method: "ping" });
-        expect(res).toBeNull();
-    });
-    it("responds to tools/list with 29 tools", () => {
-        const res = handleRequest(req("tools/list"));
-        const tools = res.result.tools;
-        expect(tools.length).toBe(29);
-    });
-    it("returns error for unknown method", () => {
-        const res = handleRequest(req("unknown/method"));
-        expect(res.error).toBeDefined();
-    });
-});
-describe("tools/list content", () => {
-    it("includes all expected tool names", () => {
-        const res = handleRequest(req("tools/list"));
-        const tools = res.result.tools;
-        const names = tools.map((t) => t.name);
-        expect(names).toContain("check_compliance");
-        expect(names).toContain("check_project_status");
-        expect(names).toContain("list_missing_controls");
-        expect(names).toContain("list_framework_controls");
-        expect(names).toContain("run_audit");
-        expect(names).toContain("generate_compliance_report");
-        expect(names).toContain("generate_audit_report");
-        expect(names).toContain("fix_recommendation");
-        expect(names).toContain("auto_fix");
-        expect(names).toContain("implement_control");
-        expect(names).toContain("apply_control_override");
-        expect(names).toContain("generate_retention_policy");
-        expect(names).toContain("generate_incident_response");
-        expect(names).toContain("generate_risk_assessment");
-        expect(names).toContain("generate_dpa");
-        expect(names).toContain("generate_data_inventory");
-        expect(names).toContain("generate_processing_records");
-        expect(names).toContain("generate_badge");
-        expect(names).toContain("get_score");
-        expect(names).toContain("init_project");
-        expect(names).toContain("run_scans");
-        expect(names).toContain("doctor");
-        expect(names).toContain("validate_project");
-        expect(names).toContain("policy_list");
-        expect(names).toContain("policy_install");
-        expect(names).toContain("policy_remove");
-        expect(names).toContain("update_check");
-        expect(names).toContain("install_hooks");
-        expect(names).toContain("start_dashboard");
-    });
-});
-describe("check_compliance tool", () => {
-    it("returns compliance score output", () => {
-        const res = handleRequest(callTool("check_compliance", { project_type: "saas" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-        expect(text).toContain("GDPR");
-    });
-});
-describe("list_missing_controls tool", () => {
-    it("returns missing controls for GDPR", () => {
-        const res = handleRequest(callTool("list_missing_controls", { framework: "GDPR" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-    });
-});
-describe("list_framework_controls tool", () => {
-    it("returns all GDPR controls", () => {
-        const res = handleRequest(callTool("list_framework_controls", { framework: "GDPR" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-    });
-});
-describe("generate_retention_policy tool", () => {
-    it("generates a retention policy", () => {
-        const res = handleRequest(callTool("generate_retention_policy", { project_name: "TestApp" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-        expect(text).toContain("Retention");
-    });
-});
-describe("generate_incident_response tool", () => {
-    it("generates an incident response plan", () => {
-        const res = handleRequest(callTool("generate_incident_response", { project_name: "TestApp" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-        expect(text).toContain("Incident");
-    });
-});
-describe("generate_risk_assessment tool", () => {
-    it("generates a risk assessment", () => {
-        const res = handleRequest(callTool("generate_risk_assessment", { project_name: "TestApp" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-        expect(text).toContain("Risk");
-    });
-});
-describe("generate_dpa tool", () => {
-    it("generates a DPA", () => {
-        const res = handleRequest(callTool("generate_dpa", { project_name: "TestApp" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-        expect(text).toContain("Data Processing");
-    });
-});
-describe("generate_data_inventory tool", () => {
-    it("generates a data inventory", () => {
-        const res = handleRequest(callTool("generate_data_inventory", { project_name: "TestApp" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-    });
-});
-describe("generate_processing_records tool", () => {
-    it("generates processing records", () => {
-        const res = handleRequest(callTool("generate_processing_records", { project_name: "TestApp" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-    });
-});
-describe("fix_recommendation tool", () => {
-    it("returns guidance for a control ID", () => {
-        const res = handleRequest(callTool("fix_recommendation", { control_id: "GDPR-ART32-002" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-    });
-});
-describe("unknown tool", () => {
-    it("returns error for unknown tool name", () => {
-        const res = handleRequest(callTool("nonexistent_tool"));
-        expect(res.error).toBeDefined();
-    });
-});
-describe("new tools", () => {
-    it("update_check returns version info", () => {
-        const res = handleRequest(callTool("update_check"));
-        const text = getResultText(res);
-        expect(text).toContain("1.1.1");
-        expect(text).toContain("npm update");
-    });
-    it("policy_list returns packs", () => {
-        const res = handleRequest(callTool("policy_list"));
-        const text = getResultText(res);
-        expect(text).toContain("gdpr");
-        expect(text).toContain("owasp");
-    });
-    it("doctor returns diagnostic for valid project", () => {
-        const res = handleRequest(callTool("doctor", { project_path: "/Users/tata/gesf" }));
-        const text = getResultText(res);
-        expect(text).toContain("GESF initialized");
-        expect(text).toContain("OK");
-    });
-    it("validate_project validates config", () => {
-        const res = handleRequest(callTool("validate_project", { project_path: "/Users/tata/gesf" }));
-        const text = getResultText(res);
-        expect(text).toContain("Configuration");
-    });
-    it("get_score returns score for valid project", () => {
-        const res = handleRequest(callTool("get_score", { project_path: "/Users/tata/gesf" }));
-        const text = getResultText(res);
-        expect(text).toContain("GDPR");
-    });
-    it("install_hooks returns error without git", () => {
-        const res = handleRequest(callTool("install_hooks", { project_path: "/tmp/nonexistent" }));
-        const text = getResultText(res);
-        expect(text.length).toBeGreaterThan(0);
-    });
-    it("start_dashboard returns instructions", () => {
-        const res = handleRequest(callTool("start_dashboard", { project_path: "/Users/tata/gesf" }));
-        const text = getResultText(res);
-        expect(text).toContain("dashboard");
-    });
-});