@inkog-io/mcp 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE +190 -0
  2. package/README.md +265 -0
  3. package/dist/api/client.d.ts +108 -0
  4. package/dist/api/client.d.ts.map +1 -0
  5. package/dist/api/client.js +288 -0
  6. package/dist/api/client.js.map +1 -0
  7. package/dist/api/types.d.ts +286 -0
  8. package/dist/api/types.d.ts.map +1 -0
  9. package/dist/api/types.js +21 -0
  10. package/dist/api/types.js.map +1 -0
  11. package/dist/config.d.ts +68 -0
  12. package/dist/config.d.ts.map +1 -0
  13. package/dist/config.js +130 -0
  14. package/dist/config.js.map +1 -0
  15. package/dist/index.d.ts +19 -0
  16. package/dist/index.d.ts.map +1 -0
  17. package/dist/index.js +203 -0
  18. package/dist/index.js.map +1 -0
  19. package/dist/tools/audit-a2a.d.ts +20 -0
  20. package/dist/tools/audit-a2a.d.ts.map +1 -0
  21. package/dist/tools/audit-a2a.js +382 -0
  22. package/dist/tools/audit-a2a.js.map +1 -0
  23. package/dist/tools/audit-mcp.d.ts +16 -0
  24. package/dist/tools/audit-mcp.d.ts.map +1 -0
  25. package/dist/tools/audit-mcp.js +259 -0
  26. package/dist/tools/audit-mcp.js.map +1 -0
  27. package/dist/tools/compliance.d.ts +14 -0
  28. package/dist/tools/compliance.d.ts.map +1 -0
  29. package/dist/tools/compliance.js +255 -0
  30. package/dist/tools/compliance.js.map +1 -0
  31. package/dist/tools/explain.d.ts +14 -0
  32. package/dist/tools/explain.d.ts.map +1 -0
  33. package/dist/tools/explain.js +202 -0
  34. package/dist/tools/explain.js.map +1 -0
  35. package/dist/tools/governance.d.ts +16 -0
  36. package/dist/tools/governance.d.ts.map +1 -0
  37. package/dist/tools/governance.js +200 -0
  38. package/dist/tools/governance.js.map +1 -0
  39. package/dist/tools/index.d.ts +50 -0
  40. package/dist/tools/index.d.ts.map +1 -0
  41. package/dist/tools/index.js +94 -0
  42. package/dist/tools/index.js.map +1 -0
  43. package/dist/tools/mlbom.d.ts +18 -0
  44. package/dist/tools/mlbom.d.ts.map +1 -0
  45. package/dist/tools/mlbom.js +344 -0
  46. package/dist/tools/mlbom.js.map +1 -0
  47. package/dist/tools/scan.d.ts +15 -0
  48. package/dist/tools/scan.d.ts.map +1 -0
  49. package/dist/tools/scan.js +270 -0
  50. package/dist/tools/scan.js.map +1 -0
  51. package/dist/utils/file-reader.d.ts +55 -0
  52. package/dist/utils/file-reader.d.ts.map +1 -0
  53. package/dist/utils/file-reader.js +269 -0
  54. package/dist/utils/file-reader.js.map +1 -0
  55. package/package.json +64 -0
package/dist/tools/audit-mcp.js ADDED
@@ -0,0 +1,259 @@
1
+ /**
2
+ * inkog_audit_mcp_server Tool
3
+ *
4
+ * P1 - MCP Server Security Auditing (THE ECOSYSTEM PLAY)
5
+ *
6
+ * Security audit any MCP server from the registry or GitHub repository.
7
+ * Checks for:
8
+ * - Excessive permissions (file system, network, exec)
9
+ * - Data exfiltration risks
10
+ * - Input validation gaps
11
+ * - Credential handling issues
12
+ * - Tool permission boundaries
13
+ */
14
+ import { z } from 'zod';
15
+ import { getClient, InkogAuthError, InkogNetworkError } from '../api/client.js';
16
+ // =============================================================================
17
+ // Schema
18
+ // =============================================================================
19
+ const AuditMcpArgsSchema = z
20
+ .object({
21
+ server_name: z
22
+ .string()
23
+ .optional()
24
+ .describe('MCP server name from registry (e.g., "github", "slack", "postgres")'),
25
+ repository_url: z
26
+ .string()
27
+ .url()
28
+ .optional()
29
+ .describe('Direct GitHub repository URL to audit'),
30
+ })
31
+ .refine((data) => data.server_name !== undefined || data.repository_url !== undefined, {
32
+ message: 'Either server_name or repository_url must be provided',
33
+ });
34
+ // =============================================================================
35
+ // Helpers
36
+ // =============================================================================
37
+ function formatSeverityIcon(severity) {
38
+ switch (severity) {
39
+ case 'CRITICAL':
40
+ return '🔴';
41
+ case 'HIGH':
42
+ return '🟠';
43
+ case 'MEDIUM':
44
+ return '🟡';
45
+ case 'LOW':
46
+ return '🟢';
47
+ default:
48
+ return '⚪';
49
+ }
50
+ }
51
+ function formatSecurityScore(score) {
52
+ if (score >= 90) {
53
+ return `✅ ${score}/100 (Excellent)`;
54
+ }
55
+ else if (score >= 70) {
56
+ return `🟢 ${score}/100 (Good)`;
57
+ }
58
+ else if (score >= 50) {
59
+ return `🟡 ${score}/100 (Fair)`;
60
+ }
61
+ else if (score >= 30) {
62
+ return `🟠 ${score}/100 (Poor)`;
63
+ }
64
+ else {
65
+ return `🔴 ${score}/100 (Critical)`;
66
+ }
67
+ }
68
+ function formatIssue(issue) {
69
+ const icon = formatSeverityIcon(issue.severity);
70
+ let output = `${icon} [${issue.severity}] ${issue.title}\n`;
71
+ output += ` Category: ${issue.category}\n`;
72
+ output += ` ${issue.description}\n`;
73
+ if (issue.file !== undefined) {
74
+ const location = issue.line !== undefined ? `${issue.file}:${issue.line}` : issue.file;
75
+ output += ` 📍 ${location}\n`;
76
+ }
77
+ output += ` 💡 ${issue.recommendation}`;
78
+ return output;
79
+ }
80
+ function formatToolPermissions(permissions) {
81
+ let output = '';
82
+ for (const [tool, perms] of Object.entries(permissions)) {
83
+ output += `\n🔧 ${tool}:\n`;
84
+ if (perms.reads.length > 0) {
85
+ output += ` 📖 Reads: ${perms.reads.join(', ')}\n`;
86
+ }
87
+ if (perms.writes.length > 0) {
88
+ output += ` ✏️ Writes: ${perms.writes.join(', ')}\n`;
89
+ }
90
+ if (perms.executes.length > 0) {
91
+ output += ` ⚡ Executes: ${perms.executes.join(', ')}\n`;
92
+ }
93
+ if (perms.network.length > 0) {
94
+ output += ` 🌐 Network: ${perms.network.join(', ')}\n`;
95
+ }
96
+ }
97
+ return output;
98
+ }
99
+ // =============================================================================
100
+ // Handler
101
+ // =============================================================================
102
+ async function auditMcpHandler(rawArgs) {
103
+ // Validate arguments
104
+ const parseResult = AuditMcpArgsSchema.safeParse(rawArgs);
105
+ if (!parseResult.success) {
106
+ return {
107
+ content: [
108
+ {
109
+ type: 'text',
110
+ text: `Invalid arguments: ${parseResult.error.message}\n\nProvide either server_name (from MCP registry) or repository_url (GitHub URL).`,
111
+ },
112
+ ],
113
+ isError: true,
114
+ };
115
+ }
116
+ const args = parseResult.data;
117
+ try {
118
+ // Call Inkog API
119
+ const client = getClient();
120
+ const auditOptions = {};
121
+ if (args.server_name !== undefined) {
122
+ auditOptions.serverName = args.server_name;
123
+ }
124
+ if (args.repository_url !== undefined) {
125
+ auditOptions.repositoryUrl = args.repository_url;
126
+ }
127
+ const response = await client.auditMcpServer(auditOptions);
128
+ // Build formatted output
129
+ let output = '╔══════════════════════════════════════════════════════╗\n';
130
+ output += '║ 🔒 MCP Server Security Audit ║\n';
131
+ output += '╚══════════════════════════════════════════════════════╝\n\n';
132
+ // Server info
133
+ output += `📦 Server: ${response.serverInfo.displayName ?? response.serverInfo.name}\n`;
134
+ if (response.serverInfo.description !== undefined) {
135
+ output += ` ${response.serverInfo.description}\n`;
136
+ }
137
+ output += `🔗 Repository: ${response.serverInfo.repository}\n`;
138
+ if (response.serverInfo.license !== undefined) {
139
+ output += `📄 License: ${response.serverInfo.license}\n`;
140
+ }
141
+ output += `🔧 Tools: ${response.serverInfo.tools.join(', ')}\n\n`;
142
+ // Security score
143
+ output += `📊 Security Score: ${formatSecurityScore(response.securityScore)}\n\n`;
144
+ // Issues summary
145
+ const critical = response.issues.filter((i) => i.severity === 'CRITICAL').length;
146
+ const high = response.issues.filter((i) => i.severity === 'HIGH').length;
147
+ const medium = response.issues.filter((i) => i.severity === 'MEDIUM').length;
148
+ const low = response.issues.filter((i) => i.severity === 'LOW').length;
149
+ if (response.issues.length === 0) {
150
+ output += '✅ No security issues detected!\n\n';
151
+ }
152
+ else {
153
+ output += `📋 Security Issues: ${response.issues.length}\n`;
154
+ output += ` 🔴 Critical: ${critical} | 🟠 High: ${high} | 🟡 Medium: ${medium} | 🟢 Low: ${low}\n\n`;
155
+ }
156
+ // Data flow risks
157
+ if (response.dataFlowRisks.length > 0) {
158
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
159
+ output += '⚠️ DATA FLOW RISKS\n\n';
160
+ for (const risk of response.dataFlowRisks) {
161
+ output += ` • ${risk}\n`;
162
+ }
163
+ output += '\n';
164
+ }
165
+ // Tool permissions
166
+ if (Object.keys(response.toolPermissions).length > 0) {
167
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
168
+ output += '🔐 TOOL PERMISSIONS ANALYSIS\n';
169
+ output += formatToolPermissions(response.toolPermissions);
170
+ output += '\n';
171
+ }
172
+ // Detailed issues
173
+ if (response.issues.length > 0) {
174
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
175
+ output += '🔍 SECURITY ISSUES\n\n';
176
+ // Critical and high first
177
+ const criticalHigh = response.issues.filter((i) => i.severity === 'CRITICAL' || i.severity === 'HIGH');
178
+ const mediumLow = response.issues.filter((i) => i.severity === 'MEDIUM' || i.severity === 'LOW');
179
+ for (const issue of criticalHigh) {
180
+ output += formatIssue(issue) + '\n\n';
181
+ }
182
+ if (mediumLow.length > 0 && criticalHigh.length > 0) {
183
+ output += '--- Lower Severity ---\n\n';
184
+ }
185
+ for (const issue of mediumLow) {
186
+ output += formatIssue(issue) + '\n\n';
187
+ }
188
+ }
189
+ // Recommendations
190
+ if (response.recommendations.length > 0) {
191
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
192
+ output += '💡 RECOMMENDATIONS\n\n';
193
+ for (let i = 0; i < response.recommendations.length; i++) {
194
+ output += `${i + 1}. ${response.recommendations[i]}\n`;
195
+ }
196
+ }
197
+ // Footer
198
+ output += '\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n';
199
+ output += 'MCP Server Audit powered by Inkog AI Security Platform\n';
200
+ output += 'Learn more: https://inkog.io/mcp-security\n';
201
+ return {
202
+ content: [
203
+ {
204
+ type: 'text',
205
+ text: output,
206
+ },
207
+ ],
208
+ };
209
+ }
210
+ catch (error) {
211
+ if (error instanceof InkogAuthError) {
212
+ return {
213
+ content: [
214
+ {
215
+ type: 'text',
216
+ text: '🔐 API Key Required\n\nGet your free key at https://app.inkog.io',
217
+ },
218
+ ],
219
+ isError: true,
220
+ };
221
+ }
222
+ if (error instanceof InkogNetworkError) {
223
+ return {
224
+ content: [
225
+ {
226
+ type: 'text',
227
+ text: `Network error: ${error.message}`,
228
+ },
229
+ ],
230
+ isError: true,
231
+ };
232
+ }
233
+ throw error;
234
+ }
235
+ }
236
+ // =============================================================================
237
+ // Tool Definition
238
+ // =============================================================================
239
+ export const auditMcpTool = {
240
+ tool: {
241
+ name: 'inkog_audit_mcp_server',
242
+ description: 'Security audit any MCP server from the registry or GitHub. Analyzes tool permissions, data flow risks, input validation, and potential vulnerabilities. Essential for vetting third-party MCP servers before installation.',
243
+ inputSchema: {
244
+ type: 'object',
245
+ properties: {
246
+ server_name: {
247
+ type: 'string',
248
+ description: 'MCP server name from registry (e.g., "github", "slack", "postgres")',
249
+ },
250
+ repository_url: {
251
+ type: 'string',
252
+ description: 'Direct GitHub repository URL to audit',
253
+ },
254
+ },
255
+ },
256
+ },
257
+ handler: auditMcpHandler,
258
+ };
259
+ //# sourceMappingURL=audit-mcp.js.map
package/dist/tools/audit-mcp.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"audit-mcp.js","sourceRoot":"","sources":["../../src/tools/audit-mcp.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAIhF,gFAAgF;AAChF,SAAS;AACT,gFAAgF;AAEhF,MAAM,kBAAkB,GAAG,CAAC;KACzB,MAAM,CAAC;IACN,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,qEAAqE,CAAC;IAClF,cAAc,EAAE,CAAC;SACd,MAAM,EAAE;SACR,GAAG,EAAE;SACL,QAAQ,EAAE;SACV,QAAQ,CAAC,uCAAuC,CAAC;CACrD,CAAC;KACD,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE;IACrF,OAAO,EAAE,uDAAuD;CACjE,CAAC,CAAC;AAIL,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,SAAS,kBAAkB,CAAC,QAAkB;IAC5C,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,UAAU;YACb,OAAO,IAAI,CAAC;QACd,KAAK,MAAM;YACT,OAAO,IAAI,CAAC;QACd,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC;QACd,KAAK,KAAK;YACR,OAAO,IAAI,CAAC;QACd;YACE,OAAO,GAAG,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QAChB,OAAO,KAAK,KAAK,kBAAkB,CAAC;IACtC,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,OAAO,MAAM,KAAK,aAAa,CAAC;IAClC,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,OAAO,MAAM,KAAK,aAAa,CAAC;IAClC,CAAC;SAAM,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC;QACvB,OAAO,MAAM,KAAK,aAAa,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,OAAO,MAAM,KAAK,iBAAiB,CAAC;IACtC,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAuB;IAC1C,MAAM,IAAI,GAAG,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,MAAM,GAAG,GAAG,IAAI,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,KAAK,IAAI,CAAC;IAC5D,MAAM,IAAI,gBAAgB,KAAK,CAAC,QAAQ,IAAI,CAAC;IAC7C,MAAM,IAAI,MAAM,KAAK,CAAC,WAAW,IAAI,CAAC;IAEtC,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC;QACvF,MAAM,IAAI,SAAS,QAAQ,IAAI,CAAC;IAClC,CAAC;IAED,MAAM,IAAI,SAAS,KAAK,CAAC,cAAc,EAAE,CAAC;IAC1C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,qBAAqB,CAC5B,WAQC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,QAAQ,IAAI,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,gBAAgB,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,kBAAkB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC1D,CAAC;QACD,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,kBAAkB,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC5D,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,kBAAkB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,KAAK,UAAU,eAAe,CAAC,OAAgC;IAC7D,qBAAqB;IACrB,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,sBAAsB,WAAW,CAAC,KAAK,CAAC,OAAO,oFAAoF;iBAC1I;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAiB,WAAW,CAAC,IAAI,CAAC;IAE5C,IAAI,CAAC;QACH,iBAAiB;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,YAAY,GAAoD,EAAE,CAAC;QACzE,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACnC,YAAY,CAAC,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;QAC7C,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;YACtC,YAAY,CAAC,aAAa,GAAG,IAAI,CAAC,cAAc,CAAC;QACnD,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QAE3D,yBAAyB;QACzB,IAAI,MAAM,GAAG,4DAA4D,CAAC;QAC1E,MAAM,IAAI,6DAA6D,CAAC;QACxE,MAAM,IAAI,8DAA8D,CAAC;QAEzE,cAAc;QACd,MAAM,IAAI,cAAc,QAAQ,CAAC,UAAU,CAAC,WAAW,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC;QACxF,IAAI,QAAQ,CAAC,UAAU,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAClD,MAAM,IAAI,MAAM,QAAQ,CAAC,UAAU,CAAC,WAAW,IAAI,CAAC;QACtD,CAAC;QACD,MAAM,IAAI,kBAAkB,QAAQ,CAAC,UAAU,CAAC,UAAU,IAAI,CAAC;QAC/D,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,eAAe,QAAQ,CAAC,UAAU,CAAC,OAAO,IAAI,CAAC;QAC3D,CAAC;QACD,MAAM,IAAI,aAAa,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;QAElE,iBAAiB;QACjB,MAAM,IAAI,sBAAsB,mBAAmB,CAAC,QAAQ,CAAC,aAAa,CAAC,MAAM,CAAC;QAElF,iBAAiB;QACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;QACjF,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACzE,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;QAC7E,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC,MAAM,CAAC;QAEvE,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,oCAAoC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,uBAAuB,QAAQ,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC;YAC5D,MAAM,IAAI,mBAAmB,QAAQ,eAAe,IAAI,iBAAiB,MAAM,cAAc,GAAG,MAAM,CAAC;QACzG,CAAC;QAED,kBAAkB;QAClB,IAAI,QAAQ,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,6CAA6C,CAAC;YACxD,MAAM,IAAI,yBAAyB,CAAC;YACpC,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;gBAC1C,MAAM,IAAI,QAAQ,IAAI,IAAI,CAAC;YAC7B,CAAC;YACD,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,6CAA6C,CAAC;YACxD,MAAM,IAAI,gCAAgC,CAAC;YAC3C,MAAM,IAAI,qBAAqB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;YAC1D,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,kBAAkB;QAClB,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,6CAA6C,CAAC;YACxD,MAAM,IAAI,wBAAwB,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CACzC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM,CAC1D,CAAC;YACF,MAAM,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CACtC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,KAAK,CACvD,CAAC;YAEF,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;gBACjC,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC;YACxC,CAAC;YAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpD,MAAM,IAAI,4BAA4B,CAAC;YACzC,CAAC;YAED,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;gBAC9B,MAAM,IAAI,WAAW,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC;YACxC,CAAC;QACH,CAAC;QAED,kBAAkB;QAClB,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,6CAA6C,CAAC;YACxD,MAAM,IAAI,wBAAwB,CAAC;YACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACzD,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC;YACzD,CAAC;QACH,CAAC;QAED,SAAS;QACT,MAAM,IAAI,6CAA6C,CAAC;QACxD,MAAM,IAAI,0DAA0D,CAAC;QACrE,MAAM,IAAI,6CAA6C,CAAC;QAExD,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM;iBACb;aACF;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,kEAAkE;qBACzE;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;YACvC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,kBAAkB,KAAK,CAAC,OAAO,EAAE;qBACxC;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF,MAAM,CAAC,MAAM,YAAY,GAAmB;IAC1C,IAAI,EAAE;QACJ,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EACT,4NAA4N;QAC9N,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,qEAAqE;iBACnF;gBACD,cAAc,EAAE;oBACd,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uCAAuC;iBACrD;aACF;SACF;KACF;IACD,OAAO,EAAE,eAAe;CACzB,CAAC"}
package/dist/tools/compliance.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ /**
2
+ * inkog_compliance_report Tool
3
+ *
4
+ * P1 - Compliance Report Generation
5
+ *
6
+ * Generates compliance reports for regulatory frameworks:
7
+ * - EU AI Act (Articles 12, 14, 15)
8
+ * - NIST AI Risk Management Framework
9
+ * - ISO 42001 AI Management System
10
+ * - OWASP LLM Top 10
11
+ */
12
+ import type { ToolDefinition } from './index.js';
13
+ export declare const complianceTool: ToolDefinition;
14
+ //# sourceMappingURL=compliance.d.ts.map
package/dist/tools/compliance.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/tools/compliance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,YAAY,CAAC;AAuP7D,eAAO,MAAM,cAAc,EAAE,cA8B5B,CAAC"}
package/dist/tools/compliance.js ADDED
@@ -0,0 +1,255 @@
1
+ /**
2
+ * inkog_compliance_report Tool
3
+ *
4
+ * P1 - Compliance Report Generation
5
+ *
6
+ * Generates compliance reports for regulatory frameworks:
7
+ * - EU AI Act (Articles 12, 14, 15)
8
+ * - NIST AI Risk Management Framework
9
+ * - ISO 42001 AI Management System
10
+ * - OWASP LLM Top 10
11
+ */
12
+ import { z } from 'zod';
13
+ import { getClient, InkogAuthError, InkogNetworkError } from '../api/client.js';
14
+ import { getRelativePaths, readDirectory } from '../utils/file-reader.js';
15
+ // =============================================================================
16
+ // Schema
17
+ // =============================================================================
18
+ const ComplianceArgsSchema = z.object({
19
+ path: z.string().describe('Path to scan for compliance analysis'),
20
+ framework: z
21
+ .enum(['eu-ai-act', 'nist-ai-rmf', 'iso-42001', 'owasp-llm-top-10', 'all'])
22
+ .optional()
23
+ .default('eu-ai-act')
24
+ .describe('Compliance framework: eu-ai-act (default), nist-ai-rmf, iso-42001, owasp-llm-top-10, or all'),
25
+ format: z
26
+ .enum(['markdown', 'json', 'pdf'])
27
+ .optional()
28
+ .default('markdown')
29
+ .describe('Output format: markdown (default), json, or pdf'),
30
+ });
31
+ // =============================================================================
32
+ // Helpers
33
+ // =============================================================================
34
+ function getFrameworkDisplayName(framework) {
35
+ switch (framework) {
36
+ case 'eu-ai-act':
37
+ return 'EU AI Act';
38
+ case 'nist-ai-rmf':
39
+ return 'NIST AI Risk Management Framework';
40
+ case 'iso-42001':
41
+ return 'ISO 42001 AI Management System';
42
+ case 'owasp-llm-top-10':
43
+ return 'OWASP LLM Top 10';
44
+ case 'all':
45
+ return 'All Frameworks';
46
+ default:
47
+ return framework;
48
+ }
49
+ }
50
+ function getStatusIcon(status) {
51
+ switch (status) {
52
+ case 'COMPLIANT':
53
+ return '✅';
54
+ case 'NON_COMPLIANT':
55
+ return '❌';
56
+ case 'PARTIAL':
57
+ return '⚠️';
58
+ case 'NOT_APPLICABLE':
59
+ return '➖';
60
+ default:
61
+ return '❓';
62
+ }
63
+ }
64
+ function formatArticle(article) {
65
+ const icon = getStatusIcon(article.status);
66
+ let output = `${icon} ${article.id}: ${article.title}\n`;
67
+ output += ` Status: ${article.status}\n`;
68
+ if (article.findings.length > 0) {
69
+ output += ` Findings: ${article.findings.length}\n`;
70
+ for (const finding of article.findings.slice(0, 3)) {
71
+ output += ` • ${finding.message} (${finding.file}:${finding.line})\n`;
72
+ }
73
+ if (article.findings.length > 3) {
74
+ output += ` ... and ${article.findings.length - 3} more\n`;
75
+ }
76
+ }
77
+ if (article.recommendations.length > 0) {
78
+ output += ` Recommendations:\n`;
79
+ for (const rec of article.recommendations) {
80
+ output += ` 💡 ${rec}\n`;
81
+ }
82
+ }
83
+ return output;
84
+ }
85
+ // =============================================================================
86
+ // Handler
87
+ // =============================================================================
88
+ async function complianceHandler(rawArgs) {
89
+ // Validate arguments
90
+ const parseResult = ComplianceArgsSchema.safeParse(rawArgs);
91
+ if (!parseResult.success) {
92
+ return {
93
+ content: [
94
+ {
95
+ type: 'text',
96
+ text: `Invalid arguments: ${parseResult.error.message}`,
97
+ },
98
+ ],
99
+ isError: true,
100
+ };
101
+ }
102
+ const args = parseResult.data;
103
+ try {
104
+ // Read files from path
105
+ const readResult = readDirectory(args.path);
106
+ if (readResult.files.length === 0) {
107
+ return {
108
+ content: [
109
+ {
110
+ type: 'text',
111
+ text: `No scannable files found in: ${args.path}`,
112
+ },
113
+ ],
114
+ isError: true,
115
+ };
116
+ }
117
+ // Get relative paths
118
+ const files = getRelativePaths(readResult.files, args.path);
119
+ // Call Inkog API
120
+ const client = getClient();
121
+ const response = await client.generateComplianceReport(files, {
122
+ framework: args.framework,
123
+ format: args.format,
124
+ });
125
+ // If format is markdown or pdf, return the pre-formatted content
126
+ if (args.format !== 'json' && response.reportContent !== undefined) {
127
+ return {
128
+ content: [
129
+ {
130
+ type: 'text',
131
+ text: response.reportContent,
132
+ },
133
+ ],
134
+ };
135
+ }
136
+ // Build formatted output
137
+ const frameworkName = getFrameworkDisplayName(response.framework);
138
+ const overallIcon = getStatusIcon(response.overallStatus);
139
+ let output = '╔══════════════════════════════════════════════════════╗\n';
140
+ output += '║ 📋 Compliance Report ║\n';
141
+ output += '╚══════════════════════════════════════════════════════╝\n\n';
142
+ output += `🏛️ Framework: ${frameworkName}\n`;
143
+ output += `📊 Compliance Score: ${response.complianceScore}/100\n`;
144
+ output += `${overallIcon} Overall Status: ${response.overallStatus}\n`;
145
+ output += `📅 Generated: ${response.generatedAt}\n\n`;
146
+ // Executive Summary
147
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
148
+ output += '📝 EXECUTIVE SUMMARY\n\n';
149
+ output += response.executiveSummary + '\n\n';
150
+ // Article breakdown
151
+ if (response.articles.length > 0) {
152
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
153
+ output += '📑 ARTICLE BREAKDOWN\n\n';
154
+ // Group by status
155
+ const compliant = response.articles.filter((a) => a.status === 'COMPLIANT');
156
+ const nonCompliant = response.articles.filter((a) => a.status === 'NON_COMPLIANT');
157
+ const partial = response.articles.filter((a) => a.status === 'PARTIAL');
158
+ if (nonCompliant.length > 0) {
159
+ output += '❌ NON-COMPLIANT:\n\n';
160
+ for (const article of nonCompliant) {
161
+ output += formatArticle(article) + '\n';
162
+ }
163
+ }
164
+ if (partial.length > 0) {
165
+ output += '⚠️ PARTIAL COMPLIANCE:\n\n';
166
+ for (const article of partial) {
167
+ output += formatArticle(article) + '\n';
168
+ }
169
+ }
170
+ if (compliant.length > 0) {
171
+ output += '✅ COMPLIANT:\n\n';
172
+ for (const article of compliant) {
173
+ output += ` ${article.id}: ${article.title}\n`;
174
+ }
175
+ output += '\n';
176
+ }
177
+ }
178
+ // EU AI Act specific note
179
+ if (response.framework === 'eu-ai-act') {
180
+ output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
181
+ output += '📌 EU AI ACT NOTE\n\n';
182
+ output += 'Article 14 (Human Oversight) deadline: August 2, 2026\n';
183
+ output += 'Ensure all high-risk AI systems have:\n';
184
+ output += '• Human-in-the-loop controls\n';
185
+ output += '• Ability to interrupt operations\n';
186
+ output += '• Audit logging of all actions\n';
187
+ }
188
+ return {
189
+ content: [
190
+ {
191
+ type: 'text',
192
+ text: output,
193
+ },
194
+ ],
195
+ };
196
+ }
197
+ catch (error) {
198
+ if (error instanceof InkogAuthError) {
199
+ return {
200
+ content: [
201
+ {
202
+ type: 'text',
203
+ text: '🔐 API Key Required\n\nGet your free key at https://app.inkog.io',
204
+ },
205
+ ],
206
+ isError: true,
207
+ };
208
+ }
209
+ if (error instanceof InkogNetworkError) {
210
+ return {
211
+ content: [
212
+ {
213
+ type: 'text',
214
+ text: `Network error: ${error.message}`,
215
+ },
216
+ ],
217
+ isError: true,
218
+ };
219
+ }
220
+ throw error;
221
+ }
222
+ }
223
+ // =============================================================================
224
+ // Tool Definition
225
+ // =============================================================================
226
+ export const complianceTool = {
227
+ tool: {
228
+ name: 'inkog_compliance_report',
229
+ description: 'Generate a compliance report for EU AI Act, NIST AI RMF, ISO 42001, or OWASP LLM Top 10. Analyzes agent code and maps findings to regulatory requirements.',
230
+ inputSchema: {
231
+ type: 'object',
232
+ properties: {
233
+ path: {
234
+ type: 'string',
235
+ description: 'Path to scan for compliance analysis',
236
+ },
237
+ framework: {
238
+ type: 'string',
239
+ enum: ['eu-ai-act', 'nist-ai-rmf', 'iso-42001', 'owasp-llm-top-10', 'all'],
240
+ default: 'eu-ai-act',
241
+ description: 'Compliance framework: eu-ai-act (default), nist-ai-rmf, iso-42001, owasp-llm-top-10, or all',
242
+ },
243
+ format: {
244
+ type: 'string',
245
+ enum: ['markdown', 'json', 'pdf'],
246
+ default: 'markdown',
247
+ description: 'Output format: markdown (default), json, or pdf',
248
+ },
249
+ },
250
+ required: ['path'],
251
+ },
252
+ },
253
+ handler: complianceHandler,
254
+ };
255
+ //# sourceMappingURL=compliance.js.map
package/dist/tools/compliance.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/tools/compliance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAEhF,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAG1E,gFAAgF;AAChF,SAAS;AACT,gFAAgF;AAEhF,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sCAAsC,CAAC;IACjE,SAAS,EAAE,CAAC;SACT,IAAI,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAAC;SAC1E,QAAQ,EAAE;SACV,OAAO,CAAC,WAAW,CAAC;SACpB,QAAQ,CACP,6FAA6F,CAC9F;IACH,MAAM,EAAE,CAAC;SACN,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;SACjC,QAAQ,EAAE;SACV,OAAO,CAAC,UAAU,CAAC;SACnB,QAAQ,CAAC,iDAAiD,CAAC;CAC/D,CAAC,CAAC;AAIH,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,SAAS,uBAAuB,CAAC,SAAsC;IACrE,QAAQ,SAAS,EAAE,CAAC;QAClB,KAAK,WAAW;YACd,OAAO,WAAW,CAAC;QACrB,KAAK,aAAa;YAChB,OAAO,mCAAmC,CAAC;QAC7C,KAAK,WAAW;YACd,OAAO,gCAAgC,CAAC;QAC1C,KAAK,kBAAkB;YACrB,OAAO,kBAAkB,CAAC;QAC5B,KAAK,KAAK;YACR,OAAO,gBAAgB,CAAC;QAC1B;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAc;IACnC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,WAAW;YACd,OAAO,GAAG,CAAC;QACb,KAAK,eAAe;YAClB,OAAO,GAAG,CAAC;QACb,KAAK,SAAS;YACZ,OAAO,IAAI,CAAC;QACd,KAAK,gBAAgB;YACnB,OAAO,GAAG,CAAC;QACb;YACE,OAAO,GAAG,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,OAA0B;IAC/C,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC3C,IAAI,MAAM,GAAG,GAAG,IAAI,IAAI,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC,KAAK,IAAI,CAAC;IACzD,MAAM,IAAI,cAAc,OAAO,CAAC,MAAM,IAAI,CAAC;IAE3C,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,gBAAgB,OAAO,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC;QACtD,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,UAAU,OAAO,CAAC,OAAO,KAAK,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAC5E,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,gBAAgB,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,SAAS,CAAC;QACjE,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,uBAAuB,CAAC;QAClC,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;YAC1C,MAAM,IAAI,WAAW,GAAG,IAAI,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,KAAK,UAAU,iBAAiB,CAAC,OAAgC;IAC/D,qBAAqB;IACrB,MAAM,WAAW,GAAG,oBAAoB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC5D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,sBAAsB,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE;iBACxD;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAmB,WAAW,CAAC,IAAI,CAAC;IAE9C,IAAI,CAAC;QACH,uBAAuB;QACvB,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE5C,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,gCAAgC,IAAI,CAAC,IAAI,EAAE;qBAClD;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,qBAAqB;QACrB,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAE5D,iBAAiB;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,KAAK,EAAE;YAC5D,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QAEH,iEAAiE;QACjE,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,IAAI,QAAQ,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACnE,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,QAAQ,CAAC,aAAa;qBAC7B;iBACF;aACF,CAAC;QACJ,CAAC;QAED,yBAAyB;QACzB,MAAM,aAAa,GAAG,uBAAuB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAE1D,IAAI,MAAM,GAAG,4DAA4D,CAAC;QAC1E,MAAM,IAAI,6DAA6D,CAAC;QACxE,MAAM,IAAI,8DAA8D,CAAC;QAEzE,MAAM,IAAI,mBAAmB,aAAa,IAAI,CAAC;QAC/C,MAAM,IAAI,wBAAwB,QAAQ,CAAC,eAAe,QAAQ,CAAC;QACnE,MAAM,IAAI,GAAG,WAAW,oBAAoB,QAAQ,CAAC,aAAa,IAAI,CAAC;QACvE,MAAM,IAAI,iBAAiB,QAAQ,CAAC,WAAW,MAAM,CAAC;QAEtD,oBAAoB;QACpB,MAAM,IAAI,6CAA6C,CAAC;QACxD,MAAM,IAAI,0BAA0B,CAAC;QACrC,MAAM,IAAI,QAAQ,CAAC,gBAAgB,GAAG,MAAM,CAAC;QAE7C,oBAAoB;QACpB,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,6CAA6C,CAAC;YACxD,MAAM,IAAI,0BAA0B,CAAC;YAErC,kBAAkB;YAClB,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC;YAC5E,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC;YACnF,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;YAExE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,sBAAsB,CAAC;gBACjC,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;oBACnC,MAAM,IAAI,aAAa,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,6BAA6B,CAAC;gBACxC,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;oBAC9B,MAAM,IAAI,aAAa,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;gBAC1C,CAAC;YACH,CAAC;YAED,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,kBAAkB,CAAC;gBAC7B,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;oBAChC,MAAM,IAAI,MAAM,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC,KAAK,IAAI,CAAC;gBACnD,CAAC;gBACD,MAAM,IAAI,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,SAAS,KAAK,WAAW,EAAE,CAAC;YACvC,MAAM,IAAI,6CAA6C,CAAC;YACxD,MAAM,IAAI,uBAAuB,CAAC;YAClC,MAAM,IAAI,yDAAyD,CAAC;YACpE,MAAM,IAAI,yCAAyC,CAAC;YACpD,MAAM,IAAI,gCAAgC,CAAC;YAC3C,MAAM,IAAI,qCAAqC,CAAC;YAChD,MAAM,IAAI,kCAAkC,CAAC;QAC/C,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,MAAM;iBACb;aACF;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,kEAAkE;qBACzE;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,YAAY,iBAAiB,EAAE,CAAC;YACvC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,kBAAkB,KAAK,CAAC,OAAO,EAAE;qBACxC;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,kBAAkB;AAClB,gFAAgF;AAEhF,MAAM,CAAC,MAAM,cAAc,GAAmB;IAC5C,IAAI,EAAE;QACJ,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EACT,4JAA4J;QAC9J,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,sCAAsC;iBACpD;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,kBAAkB,EAAE,KAAK,CAAC;oBAC1E,OAAO,EAAE,WAAW;oBACpB,WAAW,EACT,6FAA6F;iBAChG;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC;oBACjC,OAAO,EAAE,UAAU;oBACnB,WAAW,EAAE,iDAAiD;iBAC/D;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD,OAAO,EAAE,iBAAiB;CAC3B,CAAC"}
package/dist/tools/explain.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ /**
2
+ * inkog_explain_finding Tool
3
+ *
4
+ * P1 - Finding Explanation and Remediation Guidance
5
+ *
6
+ * Provides detailed explanations for security findings including:
7
+ * - What the vulnerability is
8
+ * - Why it's dangerous
9
+ * - How to fix it
10
+ * - Code examples (vulnerable vs secure)
11
+ */
12
+ import type { ToolDefinition } from './index.js';
13
+ export declare const explainTool: ToolDefinition;
14
+ //# sourceMappingURL=explain.d.ts.map
package/dist/tools/explain.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"explain.d.ts","sourceRoot":"","sources":["../../src/tools/explain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAc,MAAM,YAAY,CAAC;AAuM7D,eAAO,MAAM,WAAW,EAAE,cAqBzB,CAAC"}