@guava-parity/guard-scanner 16.0.0 → 16.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/README.md +21 -8
  2. package/README_ja.md +21 -8
  3. package/SECURITY.md +6 -6
  4. package/SKILL.md +13 -5
  5. package/dist/cli.cjs +2644 -2218
  6. package/dist/cli.d.cts +2 -0
  7. package/dist/cli.d.ts +2 -1
  8. package/dist/cli.mjs +2622 -2219
  9. package/dist/index.cjs +4616 -4252
  10. package/dist/index.d.cts +214 -0
  11. package/dist/index.d.ts +210 -13
  12. package/dist/index.mjs +4594 -4243
  13. package/dist/mcp-server.cjs +4161 -3751
  14. package/dist/mcp-server.d.cts +318 -0
  15. package/dist/mcp-server.d.ts +318 -1
  16. package/dist/mcp-server.mjs +4597 -4229
  17. package/dist/openclaw-plugin.cjs +4622 -4258
  18. package/dist/openclaw-plugin.mjs +4604 -4251
  19. package/dist/{types.d.mts → types.d.cts} +97 -2
  20. package/dist/types.d.ts +97 -2
  21. package/docs/data/benchmark-ledger.json +449 -19
  22. package/docs/data/corpus-metrics.json +1 -1
  23. package/docs/data/fp-ledger.json +2 -2
  24. package/docs/data/quality-contract.json +15 -5
  25. package/docs/generated/openclaw-upstream-status.json +13 -13
  26. package/docs/openclaw-continuous-compatibility-plan.md +1 -1
  27. package/docs/spec/capabilities.json +24 -6
  28. package/guard-scanner +2 -0
  29. package/openclaw-plugin.mts +3 -2
  30. package/openclaw.plugin.json +1 -1
  31. package/package.json +14 -10
  32. package/dist/cli.d.mts +0 -1
  33. package/dist/index.d.mts +0 -17
  34. package/dist/mcp-server.d.mts +0 -1
  35. /package/dist/{openclaw-plugin.d.mts → openclaw-plugin.d.cts} +0 -0
package/dist/mcp-server.d.cts ADDED
@@ -0,0 +1,318 @@
1
+ /**
2
+ * guard-scanner MCP Server — Lightweight stdio JSON-RPC 2.0
3
+ *
4
+ * @security-manifest
5
+ * env-read: [VT_API_KEY (optional, for audit vt-scan)]
6
+ * env-write: []
7
+ * network: [npm registry, GitHub API, VirusTotal API — only for audit_assets]
8
+ * fs-read: [scan target directories, openclaw config]
9
+ * fs-write: [~/.openclaw/guard-scanner/audit.jsonl]
10
+ * exec: none
11
+ * purpose: MCP server exposing guard-scanner static/runtime analysis over stdio
12
+ *
13
+ * Protocol: MCP (Model Context Protocol) over stdio transport
14
+ * Implements: initialize, tools/list, tools/call, notifications
15
+ *
16
+ * Tools:
17
+ * scan_skill — Scan a directory for security threats
18
+ * scan_text — Scan a code/text snippet inline
19
+ * check_tool_call — Runtime check before a tool call (26 checks, 5 layers)
20
+ * audit_assets — Audit npm/GitHub/ClawHub assets for exposure
21
+ * get_stats — Get scanner capabilities and statistics
22
+ *
23
+ * @author Guava 🍈 & Dee
24
+ * @license MIT
25
+ */
26
+ declare const TOOLS: ({
27
+ name: string;
28
+ description: string;
29
+ inputSchema: {
30
+ type: string;
31
+ properties: {
32
+ path: {
33
+ type: string;
34
+ description: string;
35
+ };
36
+ verbose: {
37
+ type: string;
38
+ description: string;
39
+ default: boolean;
40
+ };
41
+ strict: {
42
+ type: string;
43
+ description: string;
44
+ default: boolean;
45
+ };
46
+ compliance: {
47
+ type: string;
48
+ enum: string[];
49
+ description: string;
50
+ };
51
+ text?: undefined;
52
+ filename?: undefined;
53
+ tool?: undefined;
54
+ args?: undefined;
55
+ mode?: undefined;
56
+ policy?: undefined;
57
+ username?: undefined;
58
+ scope?: undefined;
59
+ taskId?: undefined;
60
+ reason?: undefined;
61
+ };
62
+ required: string[];
63
+ };
64
+ } | {
65
+ name: string;
66
+ description: string;
67
+ inputSchema: {
68
+ type: string;
69
+ properties: {
70
+ text: {
71
+ type: string;
72
+ description: string;
73
+ };
74
+ filename: {
75
+ type: string;
76
+ description: string;
77
+ default: string;
78
+ };
79
+ compliance: {
80
+ type: string;
81
+ enum: string[];
82
+ description: string;
83
+ };
84
+ path?: undefined;
85
+ verbose?: undefined;
86
+ strict?: undefined;
87
+ tool?: undefined;
88
+ args?: undefined;
89
+ mode?: undefined;
90
+ policy?: undefined;
91
+ username?: undefined;
92
+ scope?: undefined;
93
+ taskId?: undefined;
94
+ reason?: undefined;
95
+ };
96
+ required: string[];
97
+ };
98
+ } | {
99
+ name: string;
100
+ description: string;
101
+ inputSchema: {
102
+ type: string;
103
+ properties: {
104
+ tool: {
105
+ type: string;
106
+ description: string;
107
+ enum?: undefined;
108
+ };
109
+ args: {
110
+ type: string;
111
+ description: string;
112
+ additionalProperties: boolean;
113
+ default?: undefined;
114
+ };
115
+ mode: {
116
+ type: string;
117
+ enum: string[];
118
+ description: string;
119
+ default: string;
120
+ };
121
+ policy: {
122
+ type: string;
123
+ description: string;
124
+ additionalProperties: boolean;
125
+ properties: {
126
+ id: {
127
+ type: string;
128
+ };
129
+ allowed_tools: {
130
+ type: string;
131
+ items: {
132
+ type: string;
133
+ };
134
+ };
135
+ blocked_tools: {
136
+ type: string;
137
+ items: {
138
+ type: string;
139
+ };
140
+ };
141
+ max_network_scope: {
142
+ type: string;
143
+ enum: string[];
144
+ };
145
+ secret_bearing_context: {
146
+ type: string;
147
+ };
148
+ memory_write_permission: {
149
+ type: string;
150
+ };
151
+ };
152
+ };
153
+ path?: undefined;
154
+ verbose?: undefined;
155
+ strict?: undefined;
156
+ compliance?: undefined;
157
+ text?: undefined;
158
+ filename?: undefined;
159
+ username?: undefined;
160
+ scope?: undefined;
161
+ taskId?: undefined;
162
+ reason?: undefined;
163
+ };
164
+ required: string[];
165
+ };
166
+ } | {
167
+ name: string;
168
+ description: string;
169
+ inputSchema: {
170
+ type: string;
171
+ properties: {
172
+ username: {
173
+ type: string;
174
+ description: string;
175
+ };
176
+ scope: {
177
+ type: string;
178
+ enum: string[];
179
+ description: string;
180
+ default: string;
181
+ };
182
+ path?: undefined;
183
+ verbose?: undefined;
184
+ strict?: undefined;
185
+ compliance?: undefined;
186
+ text?: undefined;
187
+ filename?: undefined;
188
+ tool?: undefined;
189
+ args?: undefined;
190
+ mode?: undefined;
191
+ policy?: undefined;
192
+ taskId?: undefined;
193
+ reason?: undefined;
194
+ };
195
+ required: string[];
196
+ };
197
+ } | {
198
+ name: string;
199
+ description: string;
200
+ inputSchema: {
201
+ type: string;
202
+ properties: {
203
+ path?: undefined;
204
+ verbose?: undefined;
205
+ strict?: undefined;
206
+ compliance?: undefined;
207
+ text?: undefined;
208
+ filename?: undefined;
209
+ tool?: undefined;
210
+ args?: undefined;
211
+ mode?: undefined;
212
+ policy?: undefined;
213
+ username?: undefined;
214
+ scope?: undefined;
215
+ taskId?: undefined;
216
+ reason?: undefined;
217
+ };
218
+ required?: undefined;
219
+ };
220
+ } | {
221
+ name: string;
222
+ description: string;
223
+ inputSchema: {
224
+ type: string;
225
+ properties: {
226
+ tool: {
227
+ type: string;
228
+ enum: string[];
229
+ description?: undefined;
230
+ };
231
+ args: {
232
+ type: string;
233
+ additionalProperties: boolean;
234
+ default: {};
235
+ description?: undefined;
236
+ };
237
+ path?: undefined;
238
+ verbose?: undefined;
239
+ strict?: undefined;
240
+ compliance?: undefined;
241
+ text?: undefined;
242
+ filename?: undefined;
243
+ mode?: undefined;
244
+ policy?: undefined;
245
+ username?: undefined;
246
+ scope?: undefined;
247
+ taskId?: undefined;
248
+ reason?: undefined;
249
+ };
250
+ required: string[];
251
+ };
252
+ } | {
253
+ name: string;
254
+ description: string;
255
+ inputSchema: {
256
+ type: string;
257
+ properties: {
258
+ taskId: {
259
+ type: string;
260
+ };
261
+ path?: undefined;
262
+ verbose?: undefined;
263
+ strict?: undefined;
264
+ compliance?: undefined;
265
+ text?: undefined;
266
+ filename?: undefined;
267
+ tool?: undefined;
268
+ args?: undefined;
269
+ mode?: undefined;
270
+ policy?: undefined;
271
+ username?: undefined;
272
+ scope?: undefined;
273
+ reason?: undefined;
274
+ };
275
+ required: string[];
276
+ };
277
+ } | {
278
+ name: string;
279
+ description: string;
280
+ inputSchema: {
281
+ type: string;
282
+ properties: {
283
+ taskId: {
284
+ type: string;
285
+ };
286
+ reason: {
287
+ type: string;
288
+ };
289
+ path?: undefined;
290
+ verbose?: undefined;
291
+ strict?: undefined;
292
+ compliance?: undefined;
293
+ text?: undefined;
294
+ filename?: undefined;
295
+ tool?: undefined;
296
+ args?: undefined;
297
+ mode?: undefined;
298
+ policy?: undefined;
299
+ username?: undefined;
300
+ scope?: undefined;
301
+ };
302
+ required: string[];
303
+ };
304
+ })[];
305
+ declare class MCPServer {
306
+ constructor();
307
+ start(): void;
308
+ _onData(chunk: any): void;
309
+ _handleContentLength(headerLine: any): void;
310
+ _tryParseContentLength(): void;
311
+ _handleMessage(msg: any): Promise<void>;
312
+ _dispatch(method: any, params: any): Promise<any>;
313
+ _callTool(name: any, args: any): Promise<any>;
314
+ _send(msg: any): void;
315
+ }
316
+ declare function startServer(): void;
317
+
318
+ export { MCPServer, TOOLS, startServer };
package/dist/mcp-server.d.ts CHANGED
@@ -1 +1,318 @@
1
- #!/usr/bin/env node
1
+ /**
2
+ * guard-scanner MCP Server — Lightweight stdio JSON-RPC 2.0
3
+ *
4
+ * @security-manifest
5
+ * env-read: [VT_API_KEY (optional, for audit vt-scan)]
6
+ * env-write: []
7
+ * network: [npm registry, GitHub API, VirusTotal API — only for audit_assets]
8
+ * fs-read: [scan target directories, openclaw config]
9
+ * fs-write: [~/.openclaw/guard-scanner/audit.jsonl]
10
+ * exec: none
11
+ * purpose: MCP server exposing guard-scanner static/runtime analysis over stdio
12
+ *
13
+ * Protocol: MCP (Model Context Protocol) over stdio transport
14
+ * Implements: initialize, tools/list, tools/call, notifications
15
+ *
16
+ * Tools:
17
+ * scan_skill — Scan a directory for security threats
18
+ * scan_text — Scan a code/text snippet inline
19
+ * check_tool_call — Runtime check before a tool call (26 checks, 5 layers)
20
+ * audit_assets — Audit npm/GitHub/ClawHub assets for exposure
21
+ * get_stats — Get scanner capabilities and statistics
22
+ *
23
+ * @author Guava 🍈 & Dee
24
+ * @license MIT
25
+ */
26
+ declare const TOOLS: ({
27
+ name: string;
28
+ description: string;
29
+ inputSchema: {
30
+ type: string;
31
+ properties: {
32
+ path: {
33
+ type: string;
34
+ description: string;
35
+ };
36
+ verbose: {
37
+ type: string;
38
+ description: string;
39
+ default: boolean;
40
+ };
41
+ strict: {
42
+ type: string;
43
+ description: string;
44
+ default: boolean;
45
+ };
46
+ compliance: {
47
+ type: string;
48
+ enum: string[];
49
+ description: string;
50
+ };
51
+ text?: undefined;
52
+ filename?: undefined;
53
+ tool?: undefined;
54
+ args?: undefined;
55
+ mode?: undefined;
56
+ policy?: undefined;
57
+ username?: undefined;
58
+ scope?: undefined;
59
+ taskId?: undefined;
60
+ reason?: undefined;
61
+ };
62
+ required: string[];
63
+ };
64
+ } | {
65
+ name: string;
66
+ description: string;
67
+ inputSchema: {
68
+ type: string;
69
+ properties: {
70
+ text: {
71
+ type: string;
72
+ description: string;
73
+ };
74
+ filename: {
75
+ type: string;
76
+ description: string;
77
+ default: string;
78
+ };
79
+ compliance: {
80
+ type: string;
81
+ enum: string[];
82
+ description: string;
83
+ };
84
+ path?: undefined;
85
+ verbose?: undefined;
86
+ strict?: undefined;
87
+ tool?: undefined;
88
+ args?: undefined;
89
+ mode?: undefined;
90
+ policy?: undefined;
91
+ username?: undefined;
92
+ scope?: undefined;
93
+ taskId?: undefined;
94
+ reason?: undefined;
95
+ };
96
+ required: string[];
97
+ };
98
+ } | {
99
+ name: string;
100
+ description: string;
101
+ inputSchema: {
102
+ type: string;
103
+ properties: {
104
+ tool: {
105
+ type: string;
106
+ description: string;
107
+ enum?: undefined;
108
+ };
109
+ args: {
110
+ type: string;
111
+ description: string;
112
+ additionalProperties: boolean;
113
+ default?: undefined;
114
+ };
115
+ mode: {
116
+ type: string;
117
+ enum: string[];
118
+ description: string;
119
+ default: string;
120
+ };
121
+ policy: {
122
+ type: string;
123
+ description: string;
124
+ additionalProperties: boolean;
125
+ properties: {
126
+ id: {
127
+ type: string;
128
+ };
129
+ allowed_tools: {
130
+ type: string;
131
+ items: {
132
+ type: string;
133
+ };
134
+ };
135
+ blocked_tools: {
136
+ type: string;
137
+ items: {
138
+ type: string;
139
+ };
140
+ };
141
+ max_network_scope: {
142
+ type: string;
143
+ enum: string[];
144
+ };
145
+ secret_bearing_context: {
146
+ type: string;
147
+ };
148
+ memory_write_permission: {
149
+ type: string;
150
+ };
151
+ };
152
+ };
153
+ path?: undefined;
154
+ verbose?: undefined;
155
+ strict?: undefined;
156
+ compliance?: undefined;
157
+ text?: undefined;
158
+ filename?: undefined;
159
+ username?: undefined;
160
+ scope?: undefined;
161
+ taskId?: undefined;
162
+ reason?: undefined;
163
+ };
164
+ required: string[];
165
+ };
166
+ } | {
167
+ name: string;
168
+ description: string;
169
+ inputSchema: {
170
+ type: string;
171
+ properties: {
172
+ username: {
173
+ type: string;
174
+ description: string;
175
+ };
176
+ scope: {
177
+ type: string;
178
+ enum: string[];
179
+ description: string;
180
+ default: string;
181
+ };
182
+ path?: undefined;
183
+ verbose?: undefined;
184
+ strict?: undefined;
185
+ compliance?: undefined;
186
+ text?: undefined;
187
+ filename?: undefined;
188
+ tool?: undefined;
189
+ args?: undefined;
190
+ mode?: undefined;
191
+ policy?: undefined;
192
+ taskId?: undefined;
193
+ reason?: undefined;
194
+ };
195
+ required: string[];
196
+ };
197
+ } | {
198
+ name: string;
199
+ description: string;
200
+ inputSchema: {
201
+ type: string;
202
+ properties: {
203
+ path?: undefined;
204
+ verbose?: undefined;
205
+ strict?: undefined;
206
+ compliance?: undefined;
207
+ text?: undefined;
208
+ filename?: undefined;
209
+ tool?: undefined;
210
+ args?: undefined;
211
+ mode?: undefined;
212
+ policy?: undefined;
213
+ username?: undefined;
214
+ scope?: undefined;
215
+ taskId?: undefined;
216
+ reason?: undefined;
217
+ };
218
+ required?: undefined;
219
+ };
220
+ } | {
221
+ name: string;
222
+ description: string;
223
+ inputSchema: {
224
+ type: string;
225
+ properties: {
226
+ tool: {
227
+ type: string;
228
+ enum: string[];
229
+ description?: undefined;
230
+ };
231
+ args: {
232
+ type: string;
233
+ additionalProperties: boolean;
234
+ default: {};
235
+ description?: undefined;
236
+ };
237
+ path?: undefined;
238
+ verbose?: undefined;
239
+ strict?: undefined;
240
+ compliance?: undefined;
241
+ text?: undefined;
242
+ filename?: undefined;
243
+ mode?: undefined;
244
+ policy?: undefined;
245
+ username?: undefined;
246
+ scope?: undefined;
247
+ taskId?: undefined;
248
+ reason?: undefined;
249
+ };
250
+ required: string[];
251
+ };
252
+ } | {
253
+ name: string;
254
+ description: string;
255
+ inputSchema: {
256
+ type: string;
257
+ properties: {
258
+ taskId: {
259
+ type: string;
260
+ };
261
+ path?: undefined;
262
+ verbose?: undefined;
263
+ strict?: undefined;
264
+ compliance?: undefined;
265
+ text?: undefined;
266
+ filename?: undefined;
267
+ tool?: undefined;
268
+ args?: undefined;
269
+ mode?: undefined;
270
+ policy?: undefined;
271
+ username?: undefined;
272
+ scope?: undefined;
273
+ reason?: undefined;
274
+ };
275
+ required: string[];
276
+ };
277
+ } | {
278
+ name: string;
279
+ description: string;
280
+ inputSchema: {
281
+ type: string;
282
+ properties: {
283
+ taskId: {
284
+ type: string;
285
+ };
286
+ reason: {
287
+ type: string;
288
+ };
289
+ path?: undefined;
290
+ verbose?: undefined;
291
+ strict?: undefined;
292
+ compliance?: undefined;
293
+ text?: undefined;
294
+ filename?: undefined;
295
+ tool?: undefined;
296
+ args?: undefined;
297
+ mode?: undefined;
298
+ policy?: undefined;
299
+ username?: undefined;
300
+ scope?: undefined;
301
+ };
302
+ required: string[];
303
+ };
304
+ })[];
305
+ declare class MCPServer {
306
+ constructor();
307
+ start(): void;
308
+ _onData(chunk: any): void;
309
+ _handleContentLength(headerLine: any): void;
310
+ _tryParseContentLength(): void;
311
+ _handleMessage(msg: any): Promise<void>;
312
+ _dispatch(method: any, params: any): Promise<any>;
313
+ _callTool(name: any, args: any): Promise<any>;
314
+ _send(msg: any): void;
315
+ }
316
+ declare function startServer(): void;
317
+
318
+ export { MCPServer, TOOLS, startServer };