@guardion/guardion 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +202 -0
- package/dist/bin/cli.d.ts.map +1 -0
- package/dist/bin/cli.js +590 -0
- package/dist/bin/cli.js.map +1 -0
- package/dist/connectors/claude-code/hooks/enforce.cjs +58 -0
- package/dist/connectors/claude-code/hooks/guardion-hook.cjs +355 -0
- package/dist/connectors/claude-code/hooks/tool-scanner.cjs +272 -0
- package/dist/connectors/claude-code/src/collect.d.ts +5 -0
- package/dist/connectors/claude-code/src/collect.d.ts.map +1 -0
- package/dist/connectors/claude-code/src/collect.js +17 -0
- package/dist/connectors/claude-code/src/collect.js.map +1 -0
- package/dist/{installer.d.ts → connectors/claude-code/src/installer.d.ts} +2 -1
- package/dist/connectors/claude-code/src/installer.d.ts.map +1 -0
- package/dist/connectors/claude-code/src/installer.js +190 -0
- package/dist/connectors/claude-code/src/installer.js.map +1 -0
- package/dist/connectors/claude-code/src/scanner.d.ts.map +1 -0
- package/dist/{scanner.js → connectors/claude-code/src/scanner.js} +1 -1
- package/dist/connectors/claude-code/src/scanner.js.map +1 -0
- package/dist/core/config.d.ts +239 -0
- package/dist/core/config.d.ts.map +1 -0
- package/dist/core/config.js +154 -0
- package/dist/core/config.js.map +1 -0
- package/dist/{constants.d.ts → core/constants.d.ts} +8 -3
- package/dist/core/constants.d.ts.map +1 -0
- package/dist/core/constants.js +54 -0
- package/dist/core/constants.js.map +1 -0
- package/dist/core/discover.d.ts +36 -0
- package/dist/core/discover.d.ts.map +1 -0
- package/dist/core/discover.js +154 -0
- package/dist/core/discover.js.map +1 -0
- package/dist/core/fingerprint.cjs +84 -0
- package/dist/core/inventory.d.ts +35 -0
- package/dist/core/inventory.d.ts.map +1 -0
- package/dist/core/inventory.js +69 -0
- package/dist/core/inventory.js.map +1 -0
- package/dist/core/keychain.d.ts.map +1 -0
- package/dist/{keychain.js → core/keychain.js} +53 -15
- package/dist/core/keychain.js.map +1 -0
- package/dist/core/mcp/guard-client.cjs +86 -0
- package/dist/core/mcp/interceptor.cjs +238 -0
- package/dist/core/mcp/jsonrpc.cjs +194 -0
- package/dist/core/mcp/transport/http-server-side.cjs +89 -0
- package/dist/core/mcp/transport/http-upstream.cjs +111 -0
- package/dist/core/mcp/transport/http_forward.cjs +40 -0
- package/dist/core/mcp/transport/http_input.cjs +46 -0
- package/dist/core/mcp/transport/http_reverse.cjs +33 -0
- package/dist/core/mcp/transport/index.cjs +32 -0
- package/dist/core/mcp/transport/sse_bridge.cjs +101 -0
- package/dist/core/mcp/transport/stdio.cjs +60 -0
- package/dist/core/mcp-interpose.cjs +141 -0
- package/dist/core/mcp-protect.d.ts +69 -0
- package/dist/core/mcp-protect.d.ts.map +1 -0
- package/dist/core/mcp-protect.js +205 -0
- package/dist/core/mcp-protect.js.map +1 -0
- package/dist/core/mcp-scan.d.ts +40 -0
- package/dist/core/mcp-scan.d.ts.map +1 -0
- package/dist/core/mcp-scan.js +201 -0
- package/dist/core/mcp-scan.js.map +1 -0
- package/dist/core/mock-server.d.ts.map +1 -0
- package/dist/{mock-server.js → core/mock-server.js} +60 -4
- package/dist/core/mock-server.js.map +1 -0
- package/package.json +9 -10
- package/config.yaml.example +0 -26
- package/dist/cli.d.ts.map +0 -1
- package/dist/cli.js +0 -289
- package/dist/cli.js.map +0 -1
- package/dist/config.d.ts +0 -28
- package/dist/config.d.ts.map +0 -1
- package/dist/config.js +0 -63
- package/dist/config.js.map +0 -1
- package/dist/constants.d.ts.map +0 -1
- package/dist/constants.js +0 -44
- package/dist/constants.js.map +0 -1
- package/dist/installer.d.ts.map +0 -1
- package/dist/installer.js +0 -137
- package/dist/installer.js.map +0 -1
- package/dist/keychain.d.ts.map +0 -1
- package/dist/keychain.js.map +0 -1
- package/dist/mock-server.d.ts.map +0 -1
- package/dist/mock-server.js.map +0 -1
- package/dist/scanner.d.ts.map +0 -1
- package/dist/scanner.js.map +0 -1
- package/hooks/guardion-hook.cjs +0 -202
- /package/dist/{cli.d.ts → bin/cli.d.ts} +0 -0
- /package/dist/{scanner.d.ts → connectors/claude-code/src/scanner.d.ts} +0 -0
- /package/dist/{keychain.d.ts → core/keychain.d.ts} +0 -0
- /package/{hooks → dist/core}/metadata.cjs +0 -0
- /package/dist/{mock-server.d.ts → core/mock-server.d.ts} +0 -0
|
@@ -0,0 +1,201 @@
|
|
|
1
|
+
// `guardion mcp-scan` — connect to each configured MCP server, fetch its LIVE
|
|
2
|
+
// tool definitions (tools/list), and submit them to Guard for tool-poisoning +
|
|
3
|
+
// rug-pull (P1 fingerprint) scanning. This is the one thing the PreToolUse/
|
|
4
|
+
// PostToolUse hooks can't see (they get calls, not the server's declared tools),
|
|
5
|
+
// and is the mcp-scan / AGT-SDK static-scan equivalent — no proxy.
|
|
6
|
+
import fs from 'node:fs';
|
|
7
|
+
import os from 'node:os';
|
|
8
|
+
import path from 'node:path';
|
|
9
|
+
import http from 'node:http';
|
|
10
|
+
import https from 'node:https';
|
|
11
|
+
import { spawn } from 'node:child_process';
|
|
12
|
+
import { pinInventory, submitInventory } from './inventory.js';
|
|
13
|
+
/** Read configured MCP servers (name → raw config) from settings.json / .mcp.json. */
|
|
14
|
+
export function discoverMcpServers(cwd) {
|
|
15
|
+
const out = {};
|
|
16
|
+
const paths = [
|
|
17
|
+
path.join(os.homedir(), '.claude', 'settings.json'),
|
|
18
|
+
path.join(cwd, '.mcp.json'),
|
|
19
|
+
path.join(cwd, '.claude', 'settings.json'),
|
|
20
|
+
];
|
|
21
|
+
for (const p of paths) {
|
|
22
|
+
try {
|
|
23
|
+
const json = JSON.parse(fs.readFileSync(p, 'utf8'));
|
|
24
|
+
const servers = json.mcpServers || (p.endsWith('.mcp.json') ? json : null);
|
|
25
|
+
if (servers && typeof servers === 'object') {
|
|
26
|
+
for (const [name, cfg] of Object.entries(servers)) {
|
|
27
|
+
if (!out[name] && cfg && typeof cfg === 'object')
|
|
28
|
+
out[name] = cfg;
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
catch { /* skip missing/invalid */ }
|
|
33
|
+
}
|
|
34
|
+
return out;
|
|
35
|
+
}
|
|
36
|
+
/** JSON-Schema inputSchema → our {name,type,description} param list (for schema_hash). */
|
|
37
|
+
export function inputSchemaToParams(schema) {
|
|
38
|
+
const props = schema && schema.properties && typeof schema.properties === 'object' ? schema.properties : {};
|
|
39
|
+
return Object.keys(props).map((k) => ({
|
|
40
|
+
name: k,
|
|
41
|
+
type: typeof props[k]?.type === 'string' ? props[k].type : (Array.isArray(props[k]?.type) ? props[k].type.join('|') : ''),
|
|
42
|
+
description: typeof props[k]?.description === 'string' ? props[k].description : '',
|
|
43
|
+
}));
|
|
44
|
+
}
|
|
45
|
+
const INIT = {
|
|
46
|
+
jsonrpc: '2.0', id: 1, method: 'initialize',
|
|
47
|
+
params: { protocolVersion: '2025-06-18', capabilities: {}, clientInfo: { name: 'guardion-mcp-scan', version: '0.3.0' } },
|
|
48
|
+
};
|
|
49
|
+
const INITED = { jsonrpc: '2.0', method: 'notifications/initialized' };
|
|
50
|
+
const LIST = { jsonrpc: '2.0', id: 2, method: 'tools/list', params: {} };
|
|
51
|
+
/** stdio MCP client: spawn the server, handshake, tools/list. Never throws. */
|
|
52
|
+
export function fetchToolsStdio(cfg, timeoutMs = 8000) {
|
|
53
|
+
return new Promise((resolve) => {
|
|
54
|
+
let child;
|
|
55
|
+
try {
|
|
56
|
+
child = spawn(cfg.command, cfg.args || [], { env: { ...process.env, ...(cfg.env || {}) }, stdio: ['pipe', 'pipe', 'ignore'] });
|
|
57
|
+
}
|
|
58
|
+
catch {
|
|
59
|
+
return resolve([]);
|
|
60
|
+
}
|
|
61
|
+
let buf = '';
|
|
62
|
+
let done = false;
|
|
63
|
+
const finish = (tools) => {
|
|
64
|
+
if (done)
|
|
65
|
+
return;
|
|
66
|
+
done = true;
|
|
67
|
+
clearTimeout(timer);
|
|
68
|
+
try {
|
|
69
|
+
child.kill();
|
|
70
|
+
}
|
|
71
|
+
catch { /* ignore */ }
|
|
72
|
+
resolve(tools);
|
|
73
|
+
};
|
|
74
|
+
const timer = setTimeout(() => finish([]), timeoutMs);
|
|
75
|
+
const send = (o) => { try {
|
|
76
|
+
child.stdin.write(JSON.stringify(o) + '\n');
|
|
77
|
+
}
|
|
78
|
+
catch { /* ignore */ } };
|
|
79
|
+
child.stdout.setEncoding('utf8');
|
|
80
|
+
child.stdout.on('data', (d) => {
|
|
81
|
+
buf += d;
|
|
82
|
+
let nl;
|
|
83
|
+
while ((nl = buf.indexOf('\n')) >= 0) {
|
|
84
|
+
const line = buf.slice(0, nl).trim();
|
|
85
|
+
buf = buf.slice(nl + 1);
|
|
86
|
+
if (!line)
|
|
87
|
+
continue;
|
|
88
|
+
let msg;
|
|
89
|
+
try {
|
|
90
|
+
msg = JSON.parse(line);
|
|
91
|
+
}
|
|
92
|
+
catch {
|
|
93
|
+
continue;
|
|
94
|
+
}
|
|
95
|
+
if (msg.id === 1 && msg.result) {
|
|
96
|
+
send(INITED);
|
|
97
|
+
send(LIST);
|
|
98
|
+
}
|
|
99
|
+
if (msg.id === 2 && msg.result && Array.isArray(msg.result.tools))
|
|
100
|
+
finish(msg.result.tools);
|
|
101
|
+
}
|
|
102
|
+
});
|
|
103
|
+
child.on('error', () => finish([]));
|
|
104
|
+
send(INIT);
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
/** http (Streamable HTTP) MCP client — best-effort JSON; handles SSE-wrapped replies. */
|
|
108
|
+
export function fetchToolsHttp(cfg, timeoutMs = 8000) {
|
|
109
|
+
const post = (body, sessionId) => new Promise((resolve) => {
|
|
110
|
+
let url;
|
|
111
|
+
try {
|
|
112
|
+
url = new URL(cfg.url);
|
|
113
|
+
}
|
|
114
|
+
catch {
|
|
115
|
+
return resolve({ json: null });
|
|
116
|
+
}
|
|
117
|
+
const transport = url.protocol === 'https:' ? https : http;
|
|
118
|
+
const data = JSON.stringify(body);
|
|
119
|
+
const req = transport.request({
|
|
120
|
+
hostname: url.hostname, port: url.port, path: url.pathname + url.search, method: 'POST',
|
|
121
|
+
timeout: timeoutMs,
|
|
122
|
+
headers: {
|
|
123
|
+
'Content-Type': 'application/json',
|
|
124
|
+
'Accept': 'application/json, text/event-stream',
|
|
125
|
+
'Content-Length': Buffer.byteLength(data),
|
|
126
|
+
...(cfg.headers || {}),
|
|
127
|
+
...(sessionId ? { 'Mcp-Session-Id': sessionId } : {}),
|
|
128
|
+
},
|
|
129
|
+
}, (res) => {
|
|
130
|
+
const sid = res.headers['mcp-session-id'] || sessionId;
|
|
131
|
+
let raw = '';
|
|
132
|
+
res.setEncoding('utf8');
|
|
133
|
+
res.on('data', (c) => { raw += c; });
|
|
134
|
+
res.on('end', () => {
|
|
135
|
+
// SSE frames: take the last `data:` line; else parse as JSON.
|
|
136
|
+
let json = null;
|
|
137
|
+
const sse = raw.split('\n').filter((l) => l.startsWith('data:')).map((l) => l.slice(5).trim());
|
|
138
|
+
const candidate = sse.length ? sse[sse.length - 1] : raw;
|
|
139
|
+
try {
|
|
140
|
+
json = JSON.parse(candidate);
|
|
141
|
+
}
|
|
142
|
+
catch {
|
|
143
|
+
json = null;
|
|
144
|
+
}
|
|
145
|
+
resolve({ json, sessionId: sid });
|
|
146
|
+
});
|
|
147
|
+
});
|
|
148
|
+
req.on('error', () => resolve({ json: null }));
|
|
149
|
+
req.on('timeout', () => { req.destroy(); resolve({ json: null }); });
|
|
150
|
+
req.write(data);
|
|
151
|
+
req.end();
|
|
152
|
+
});
|
|
153
|
+
return (async () => {
|
|
154
|
+
const init = await post(INIT);
|
|
155
|
+
const sid = init.sessionId;
|
|
156
|
+
await post(INITED, sid);
|
|
157
|
+
const list = await post(LIST, sid);
|
|
158
|
+
const tools = list.json && list.json.result && Array.isArray(list.json.result.tools) ? list.json.result.tools : [];
|
|
159
|
+
return tools;
|
|
160
|
+
})();
|
|
161
|
+
}
|
|
162
|
+
function fetchTools(cfg, timeoutMs) {
|
|
163
|
+
if (cfg.url)
|
|
164
|
+
return fetchToolsHttp(cfg, timeoutMs);
|
|
165
|
+
if (cfg.command)
|
|
166
|
+
return fetchToolsStdio(cfg, timeoutMs);
|
|
167
|
+
return Promise.resolve([]);
|
|
168
|
+
}
|
|
169
|
+
/** Connect to every configured MCP server and collect its live tools as ScannedTool[]. */
|
|
170
|
+
export async function mcpScan(cwd, timeoutMs = 8000) {
|
|
171
|
+
const servers = discoverMcpServers(cwd);
|
|
172
|
+
const results = [];
|
|
173
|
+
for (const [server, cfg] of Object.entries(servers)) {
|
|
174
|
+
let live = [];
|
|
175
|
+
try {
|
|
176
|
+
live = await fetchTools(cfg, timeoutMs);
|
|
177
|
+
}
|
|
178
|
+
catch {
|
|
179
|
+
live = [];
|
|
180
|
+
}
|
|
181
|
+
const tools = live.map((t) => ({
|
|
182
|
+
name: t.name,
|
|
183
|
+
description: t.description || '',
|
|
184
|
+
server,
|
|
185
|
+
source: 'mcp',
|
|
186
|
+
snapshot_source: 'mcp_scan',
|
|
187
|
+
parameters: inputSchemaToParams(t.inputSchema),
|
|
188
|
+
}));
|
|
189
|
+
results.push({ server, tools, error: live.length === 0 ? 'no tools (unreachable or empty)' : undefined });
|
|
190
|
+
}
|
|
191
|
+
return results;
|
|
192
|
+
}
|
|
193
|
+
/** Fingerprint+pin (P1) and submit the live tools to Guard for poisoning/rug-pull. */
|
|
194
|
+
export async function submitMcpScan(apiUrl, token, results, policy, application) {
|
|
195
|
+
const tools = pinInventory(results.flatMap((r) => r.tools));
|
|
196
|
+
if (tools.length === 0)
|
|
197
|
+
return { status: 0, count: 0 };
|
|
198
|
+
const res = await submitInventory({ apiUrl, token, tools, policy, application });
|
|
199
|
+
return { status: res.status, count: tools.length };
|
|
200
|
+
}
|
|
201
|
+
//# sourceMappingURL=mcp-scan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-scan.js","sourceRoot":"","sources":["../../core/mcp-scan.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,+EAA+E;AAC/E,4EAA4E;AAC5E,iFAAiF;AACjF,mEAAmE;AACnE,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,KAAK,MAAM,YAAY,CAAC;AAC/B,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE3C,OAAO,EAAoB,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAajF,sFAAsF;AACtF,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,GAAG,GAAoC,EAAE,CAAC;IAChD,MAAM,KAAK,GAAG;QACZ,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,eAAe,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,eAAe,CAAC;KAC3C,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YACpD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC3E,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;oBAClD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;wBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,GAAsB,CAAC;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,0FAA0F;AAC1F,MAAM,UAAU,mBAAmB,CAAC,MAAW;IAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5G,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,IAAI,EAAE,CAAC;QACP,IAAI,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACzH,WAAW,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE;KACnF,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,IAAI,GAAG;IACX,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY;IAC3C,MAAM,EAAE,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;CACzH,CAAC;AACF,MAAM,MAAM,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,CAAC;AACvE,MAAM,IAAI,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;AAEzE,+EAA+E;AAC/E,MAAM,UAAU,eAAe,CAAC,GAAoB,EAAE,SAAS,GAAG,IAAI;IACpE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAI,KAA+B,CAAC;QACpC,IAAI,CAAC;YACH,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,OAAiB,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,EACjD,EAAE,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC;QACxF,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;QAAC,CAAC;QAE/B,IAAI,GAAG,GAAG,EAAE,CAAC;QACb,IAAI,IAAI,GAAG,KAAK,CAAC;QACjB,MAAM,MAAM,GAAG,CAAC,KAAgB,EAAE,EAAE;YAClC,IAAI,IAAI;gBAAE,OAAO;YAAC,IAAI,GAAG,IAAI,CAAC;YAC9B,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAC5C,OAAO,CAAC,KAAK,CAAC,CAAC;QACjB,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,CAAC,CAAM,EAAE,EAAE,GAAG,IAAI,CAAC;YAAC,KAAK,CAAC,KAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;QAE1G,KAAK,CAAC,MAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,CAAC,MAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE;YACrC,GAAG,IAAI,CAAC,CAAC;YACT,IAAI,EAAU,CAAC;YACf,OAAO,CAAC,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAAC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAC9D,IAAI,CAAC,IAAI;oBAAE,SAAS;gBACpB,IAAI,GAAQ,CAAC;gBAAC,IAAI,CAAC;oBAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,SAAS;gBAAC,CAAC;gBACjE,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;oBAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAAC,CAAC;gBAC7D,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC;oBAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI,CAAC,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yFAAyF;AACzF,MAAM,UAAU,cAAc,CAAC,GAAoB,EAAE,SAAS,GAAG,IAAI;IACnE,MAAM,IAAI,GAAG,CAAC,IAAS,EAAE,SAAkB,EAA8C,EAAE,CACzF,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QACtB,IAAI,GAAQ,CAAC;QAAC,IAAI,CAAC;YAAC,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAa,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAAC,CAAC;QACjG,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC;YAC5B,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM;YACvF,OAAO,EAAE,SAAS;YAClB,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,qCAAqC;gBAC/C,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACzC,GAAG,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;gBACtB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtD;SACF,EAAE,CAAC,GAAG,EAAE,EAAE;YACT,MAAM,GAAG,GAAI,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAY,IAAI,SAAS,CAAC;YACnE,IAAI,GAAG,GAAG,EAAE,CAAC;YAAC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACtC,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACrC,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,8DAA8D;gBAC9D,IAAI,IAAI,GAAQ,IAAI,CAAC;gBACrB,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC/F,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;gBACzD,IAAI,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,IAAI,GAAG,IAAI,CAAC;gBAAC,CAAC;gBAC5D,OAAO,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC/C,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrE,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAAC,GAAG,CAAC,GAAG,EAAE,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEL,OAAO,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC;QAC3B,MAAM,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACnC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACnH,OAAO,KAAkB,CAAC;IAC5B,CAAC,CAAC,EAAE,CAAC;AACP,CAAC;AAED,SAAS,UAAU,CAAC,GAAoB,EAAE,SAAiB;IACzD,IAAI,GAAG,CAAC,GAAG;QAAE,OAAO,cAAc,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACnD,IAAI,GAAG,CAAC,OAAO;QAAE,OAAO,eAAe,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;IACxD,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;AAC7B,CAAC;AAID,0FAA0F;AAC1F,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,GAAW,EAAE,SAAS,GAAG,IAAI;IACzD,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,OAAO,GAAoB,EAAE,CAAC;IACpC,KAAK,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,IAAI,IAAI,GAAc,EAAE,CAAC;QACzB,IAAI,CAAC;YAAC,IAAI,GAAG,MAAM,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,IAAI,GAAG,EAAE,CAAC;QAAC,CAAC;QACrE,MAAM,KAAK,GAAkB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5C,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE;YAChC,MAAM;YACN,MAAM,EAAE,KAAK;YACb,eAAe,EAAE,UAAU;YAC3B,UAAU,EAAE,mBAAmB,CAAC,CAAC,CAAC,WAAW,CAAC;SAC/C,CAAC,CAAC,CAAC;QACJ,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5G,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sFAAsF;AACtF,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAc,EAAE,KAAa,EAAE,OAAwB,EAAE,MAAe,EAAE,WAAoB;IAE9F,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC5D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IACvD,MAAM,GAAG,GAAG,MAAM,eAAe,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IACjF,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;AACrD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mock-server.d.ts","sourceRoot":"","sources":["../../core/mock-server.ts"],"names":[],"mappings":"AA2DA,wBAAgB,eAAe,CAAC,IAAI,SAAe,QAwJlD"}
|
|
@@ -2,12 +2,33 @@ import express from 'express';
|
|
|
2
2
|
import chalk from 'chalk';
|
|
3
3
|
const DEFAULT_PORT = 4100;
|
|
4
4
|
const EVENTS_PATH = '/v1/hooks/events'; // matches real Guard API — fixed from v1
|
|
5
|
+
const GUARD_PATH = '/v1/guard'; // policy evaluation (DLP / interposer)
|
|
5
6
|
const HEALTH_PATH = '/health';
|
|
7
|
+
// Mirror Guard's MessagesRole enum (guard/guard/core/schemas.py) so the mock
|
|
8
|
+
// rejects an invalid role exactly like real Guard would (422). This is what
|
|
9
|
+
// catches the `tool_output` (should be `tool_response`) class of contract bug —
|
|
10
|
+
// the unit suite hits fakes, but anything pointed at the mock is held to the
|
|
11
|
+
// real role contract.
|
|
12
|
+
const VALID_ROLES = new Set([
|
|
13
|
+
'user', 'assistant', 'system', 'developer', 'context',
|
|
14
|
+
'tool', 'tool_input', 'tool_response', 'tool_schema',
|
|
15
|
+
]);
|
|
6
16
|
let nextId = 1;
|
|
7
17
|
const logs = [];
|
|
8
|
-
function ts() {
|
|
18
|
+
function ts() {
|
|
19
|
+
return new Date().toISOString().slice(11, 23);
|
|
20
|
+
}
|
|
9
21
|
function addLog(method, p, status, duration_ms, body, meta = {}) {
|
|
10
|
-
const entry = {
|
|
22
|
+
const entry = {
|
|
23
|
+
id: nextId++,
|
|
24
|
+
timestamp: new Date().toISOString(),
|
|
25
|
+
method,
|
|
26
|
+
path: p,
|
|
27
|
+
status,
|
|
28
|
+
duration_ms,
|
|
29
|
+
body,
|
|
30
|
+
meta,
|
|
31
|
+
};
|
|
11
32
|
logs.push(entry);
|
|
12
33
|
if (logs.length > 2000)
|
|
13
34
|
logs.splice(0, logs.length - 2000);
|
|
@@ -42,7 +63,9 @@ export function startMockServer(port = DEFAULT_PORT) {
|
|
|
42
63
|
console.log(chalk.red(` ✗ ${body.error_type}: ${String(body.error_message).slice(0, 120)}`));
|
|
43
64
|
if (body.metadata && typeof body.metadata === 'object') {
|
|
44
65
|
const m = body.metadata;
|
|
45
|
-
const who = [m.os_user, m.hostname, m.git_user_email]
|
|
66
|
+
const who = [m.os_user, m.hostname, m.git_user_email]
|
|
67
|
+
.filter(Boolean)
|
|
68
|
+
.join(' @ ');
|
|
46
69
|
if (who)
|
|
47
70
|
console.log(chalk.cyan(` user: ${who}`));
|
|
48
71
|
if (m.git_branch)
|
|
@@ -56,6 +79,37 @@ export function startMockServer(port = DEFAULT_PORT) {
|
|
|
56
79
|
});
|
|
57
80
|
res.json({ action: 'allow' });
|
|
58
81
|
});
|
|
82
|
+
// ── Policy evaluation (/v1/guard) ────────────────────────────────────────────
|
|
83
|
+
// Validates the role contract and echoes a simple verdict. Redacts any leaf
|
|
84
|
+
// whose content matches a demo PII pattern (email) so the interposer's
|
|
85
|
+
// structure-preserving write-back can be exercised end-to-end against the mock.
|
|
86
|
+
app.post(GUARD_PATH, (req, res) => {
|
|
87
|
+
const start = Date.now();
|
|
88
|
+
const body = (req.body ?? {});
|
|
89
|
+
const messages = Array.isArray(body.messages) ? body.messages : [];
|
|
90
|
+
const bad = messages.find((m) => !VALID_ROLES.has(String(m?.role)));
|
|
91
|
+
if (bad) {
|
|
92
|
+
const detail = `invalid role: ${String(bad.role)}`;
|
|
93
|
+
console.log(chalk.red(`[${ts()}] 422 ${GUARD_PATH} — ${detail}`));
|
|
94
|
+
addLog('POST', GUARD_PATH, 422, Date.now() - start, body, { error: detail });
|
|
95
|
+
return res.status(422).json({ detail });
|
|
96
|
+
}
|
|
97
|
+
const EMAIL = /\b[\w.+-]+@[\w-]+\.[\w.-]+\b/g;
|
|
98
|
+
const choices = messages.map((m) => {
|
|
99
|
+
const content = typeof m.content === 'string' ? m.content : '';
|
|
100
|
+
return { role: m.role, name: m.name, content: content.replace(EMAIL, '[EMAIL]') };
|
|
101
|
+
});
|
|
102
|
+
const redacted = choices.some((c, i) => c.content !== (messages[i].content ?? ''));
|
|
103
|
+
console.log(`${chalk.dim(`[${ts()}]`)} ${chalk.bold(chalk.green('guard'))} ${chalk.dim(`msgs=${messages.length} redacted=${redacted}`)}`);
|
|
104
|
+
addLog('POST', GUARD_PATH, 200, Date.now() - start, body, { messages: messages.length, redacted });
|
|
105
|
+
res.json({
|
|
106
|
+
id: `eval-${Date.now()}`,
|
|
107
|
+
flagged: redacted,
|
|
108
|
+
deny: false,
|
|
109
|
+
redacted,
|
|
110
|
+
...(redacted ? { correction: { choices } } : {}),
|
|
111
|
+
});
|
|
112
|
+
});
|
|
59
113
|
// ── Log queries ────────────────────────────────────────────────────────────
|
|
60
114
|
app.get('/api/logs/stream', (req, res) => {
|
|
61
115
|
res.setHeader('Content-Type', 'text/event-stream');
|
|
@@ -73,7 +127,9 @@ export function startMockServer(port = DEFAULT_PORT) {
|
|
|
73
127
|
});
|
|
74
128
|
app.get('/api/logs', (req, res) => {
|
|
75
129
|
const event = req.query.event;
|
|
76
|
-
const filtered = event
|
|
130
|
+
const filtered = event
|
|
131
|
+
? logs.filter((l) => l.meta.hook_event_name === event)
|
|
132
|
+
: logs;
|
|
77
133
|
res.json({ count: filtered.length, logs: filtered.slice(-200) });
|
|
78
134
|
});
|
|
79
135
|
// ── Dashboard ──────────────────────────────────────────────────────────────
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mock-server.js","sourceRoot":"","sources":["../../core/mock-server.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,MAAM,YAAY,GAAG,IAAI,CAAC;AAC1B,MAAM,WAAW,GAAG,kBAAkB,CAAC,CAAC,yCAAyC;AACjF,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,uCAAuC;AACvE,MAAM,WAAW,GAAG,SAAS,CAAC;AAE9B,6EAA6E;AAC7E,4EAA4E;AAC5E,gFAAgF;AAChF,6EAA6E;AAC7E,sBAAsB;AACtB,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS;IACrD,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,aAAa;CACrD,CAAC,CAAC;AAaH,IAAI,MAAM,GAAG,CAAC,CAAC;AACf,MAAM,IAAI,GAAe,EAAE,CAAC;AAE5B,SAAS,EAAE;IACT,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,MAAM,CACb,MAAc,EACd,CAAS,EACT,MAAc,EACd,WAAmB,EACnB,IAAa,EACb,OAAgC,EAAE;IAElC,MAAM,KAAK,GAAa;QACtB,EAAE,EAAE,MAAM,EAAE;QACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM;QACN,IAAI,EAAE,CAAC;QACP,MAAM;QACN,WAAW;QACX,IAAI;QACJ,IAAI;KACL,CAAC;IACF,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjB,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI;QAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAI,GAAG,YAAY;IACjD,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;IAEzC,8EAA8E;IAE9E,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACjC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAE9E,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;QACjD,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC,CAAC;QACtE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAElE,OAAO,CAAC,GAAG,CACT,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,GAAG,CAAC,WAAW,OAAO,EAAE,CAAC,EAAE,CAC1G,CAAC;QAEF,IAAI,IAAI,CAAC,UAAU,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;YAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,UAAqC,CAAC;YACzD,MAAM,OAAO,GAAG,MAAM,CACpB,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,CACvE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAChB,IAAI,OAAO;gBAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,OAAO,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,IAAI,CAAC,MAAM;YACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3E,IAAI,IAAI,CAAC,UAAU;YACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,aAAa;YACpB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CACP,OAAO,IAAI,CAAC,UAAU,KAAK,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CACtE,CACF,CAAC;QAEJ,IAAI,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACvD,MAAM,CAAC,GAAG,IAAI,CAAC,QAAmC,CAAC;YACnD,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,cAAc,CAAC;iBAClD,MAAM,CAAC,OAAO,CAAC;iBACf,IAAI,CAAC,KAAK,CAAC,CAAC;YACf,IAAI,GAAG;gBAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,UAAU;gBACd,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC,CAC5D,CAAC;QACN,CAAC;QAED,MAAM,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE;YACzD,eAAe,EAAE,KAAK;YACtB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACxB,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,gFAAgF;IAChF,4EAA4E;IAC5E,uEAAuE;IACvE,gFAAgF;IAEhF,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;QACzD,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,QAA2C,CAAC,CAAC,CAAC,EAAE,CAAC;QAEvG,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;QACpE,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,iBAAiB,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,SAAS,UAAU,MAAM,MAAM,EAAE,CAAC,CAAC,CAAC;YAClE,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,KAAK,GAAG,+BAA+B,CAAC;QAC9C,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACjC,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC;QACpF,CAAC,CAAC,CAAC;QACH,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAEnF,OAAO,CAAC,GAAG,CACT,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,QAAQ,QAAQ,CAAC,MAAM,aAAa,QAAQ,EAAE,CAAC,EAAE,CAC7H,CAAC;QACF,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QAEnG,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE;YACxB,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,KAAK;YACX,QAAQ;YACR,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAE9E,GAAG,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC;QACnD,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAC3C,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAC1C,GAAG,CAAC,YAAY,EAAE,CAAC;QACnB,IAAI,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC;QACvB,MAAM,EAAE,GAAG,WAAW,CAAC,GAAG,EAAE;YAC1B,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAClD,CAAC;YACD,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC;QACrB,CAAC,EAAE,GAAG,CAAC,CAAC;QACR,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAChC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAA2B,CAAC;QACpD,MAAM,QAAQ,GAAG,KAAK;YACpB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAE,CAAC,CAAC,IAAI,CAAC,eAA0B,KAAK,KAAK,CAAC;YAClE,CAAC,CAAC,IAAI,CAAC;QACT,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAE9E,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACzB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QAC3C,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,SAAS,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;QACpB,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,IAAI,CAAC,oBAAoB,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,CACT,mBAAmB,KAAK,CAAC,IAAI,CAAC,oBAAoB,IAAI,GAAG,WAAW,EAAE,CAAC,EAAE,CAC1E,CAAC;QACF,OAAO,CAAC,GAAG,CACT,mBAAmB,KAAK,CAAC,IAAI,CAAC,oBAAoB,IAAI,GAAG,WAAW,EAAE,CAAC,EAAE,CAC1E,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa;IACpB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAuED,CAAC;AACT,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@guardion/guardion",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"type": "module",
|
|
5
|
-
"description": "
|
|
5
|
+
"description": "Guardion — Agent runtime governance: DLP for MCPs and agents",
|
|
6
6
|
"bin": {
|
|
7
|
-
"guardion": "dist/cli.js"
|
|
7
|
+
"guardion": "dist/bin/cli.js"
|
|
8
8
|
},
|
|
9
9
|
"publishConfig": {
|
|
10
10
|
"access": "public"
|
|
@@ -31,10 +31,10 @@
|
|
|
31
31
|
"url": "https://guardion.ai"
|
|
32
32
|
},
|
|
33
33
|
"scripts": {
|
|
34
|
-
"build": "tsc",
|
|
35
|
-
"dev": "tsx
|
|
36
|
-
"hook": "tsx
|
|
37
|
-
"mock": "tsx
|
|
34
|
+
"build": "tsc && node scripts/copy-assets.mjs",
|
|
35
|
+
"dev": "tsx bin/cli.ts",
|
|
36
|
+
"hook": "tsx bin/cli.ts hook",
|
|
37
|
+
"mock": "tsx bin/cli.ts mock",
|
|
38
38
|
"test": "vitest run",
|
|
39
39
|
"test:watch": "vitest",
|
|
40
40
|
"test:integration": "vitest run --reporter=verbose __tests__/integration"
|
|
@@ -59,9 +59,8 @@
|
|
|
59
59
|
},
|
|
60
60
|
"files": [
|
|
61
61
|
"dist",
|
|
62
|
-
"
|
|
63
|
-
"
|
|
64
|
-
"config.yaml.example"
|
|
62
|
+
"README.md",
|
|
63
|
+
"LICENSE"
|
|
65
64
|
],
|
|
66
65
|
"license": "MIT"
|
|
67
66
|
}
|
package/config.yaml.example
DELETED
|
@@ -1,26 +0,0 @@
|
|
|
1
|
-
# Guardion Claude Code Connector — config file
|
|
2
|
-
# Location: ~/.guardion/config.yaml
|
|
3
|
-
#
|
|
4
|
-
# Generate with: npx guardion init
|
|
5
|
-
# Edit manually: any text editor
|
|
6
|
-
#
|
|
7
|
-
# Token is stored separately in your OS keychain — never in this file.
|
|
8
|
-
# Set GUARDION_TOKEN env var to override for CI/testing.
|
|
9
|
-
|
|
10
|
-
version: 1
|
|
11
|
-
|
|
12
|
-
# Deployment tier.
|
|
13
|
-
# "hooks" — sends all Claude Code hook events to Guard API (monitoring only, MVP).
|
|
14
|
-
# Future values: "full" (+ LLM gateway proxy), "otel" (+ OTLP traces), "action" (+ blocking)
|
|
15
|
-
tier: hooks
|
|
16
|
-
|
|
17
|
-
# Guard API base URL.
|
|
18
|
-
# Production: https://api.guardion.ai
|
|
19
|
-
# Local dev: http://localhost:8082
|
|
20
|
-
api_url: https://api.guardion.ai
|
|
21
|
-
|
|
22
|
-
# Policy slug to evaluate hook events against.
|
|
23
|
-
policy: prompt-defense
|
|
24
|
-
|
|
25
|
-
# Application label attached to every event (shows in Console).
|
|
26
|
-
application: claude-code
|
package/dist/cli.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}
|