@jacobmolz/mcpguard 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +31 -22
  2. package/package.json +4 -2
package/README.md CHANGED
@@ -27,7 +27,7 @@ MCP-Guard sits between your MCP client (Cursor, Claude Desktop, Claude Code, VS
27
27
  ## Quick Start
28
28
 
29
29
  ```bash
30
- npm install -g mcp-guard
30
+ npm install -g @jacobmolz/mcpguard
31
31
  ```
32
32
 
33
33
  ### Option A: Auto-discover existing configs
@@ -91,32 +91,41 @@ Config merge uses **floor-based semantics**: personal configs can restrict but n
91
91
 
92
92
  ## Benchmark Results
93
93
 
94
- The benchmark suite tests against 4,500+ attack scenarios across 10 categories and 10,000+ legitimate requests.
95
-
96
- | Metric | Result | Target | Status |
97
- |--------|--------|--------|--------|
98
- | Detection rate | 92.5% | >95% | In progress |
99
- | False positive rate | 0.000% | <0.1% | Pass |
100
- | p50 latency overhead | 0.19ms | <5ms | Pass |
101
- | p99 latency overhead | 1.22ms | — | — |
102
- | Throughput | 7,042 req/s | — | — |
94
+ The benchmark suite is open-source and fully reproducible (`pnpm benchmark`). It tests MCP-Guard's deterministic interceptor pipeline — policy enforcement, pattern matching, and access control — against 7,095 programmatically generated attack scenarios across 10 categories and 10,168 legitimate requests. See [Benchmark Methodology](docs/benchmark-methodology.md) for threat model, statistical interpretation, and known limitations.
103
95
 
104
96
  ### Per-Category Detection
105
97
 
106
98
  | Category | Rate | Status |
107
99
  |----------|------|--------|
108
- | Permission bypass | 100% | Pass |
109
- | PII response leak | 100% | Pass |
110
- | Sampling injection | 100% | Pass |
111
- | Config override | 100% | Pass |
112
- | Capability probe | 96% | Pass |
113
- | Resource traversal | 94% | In progress |
114
- | Rate limit evasion | 92% | In progress |
115
- | PII request leak | 84% | In progress |
116
- | PII evasion | 82% | In progress |
117
- | Auth bypass | 80% | In progress |
118
-
119
- > Results from quick-mode stratified sample (1,004 scenarios). Full suite numbers may differ. Run `pnpm benchmark` for full results or see [latest report](benchmarks/results/REPORT.md) for charts.
100
+ | PII response leak | 100.0% | Pass |
101
+ | Auth bypass | 100.0% | Pass |
102
+ | Sampling injection | 100.0% | Pass |
103
+ | Config override | 100.0% | Pass |
104
+ | Permission bypass | 98.9% | Pass |
105
+ | Capability probe | 97.4% | Pass |
106
+ | Resource traversal | 95.4% | Pass |
107
+ | PII evasion | 94.7% | Pass |
108
+ | PII request leak | 93.8% | Pass |
109
+ | Rate limit evasion | 92.4% | Pass |
110
+
111
+ ### Summary
112
+
113
+ | Metric | Result | Target | Status |
114
+ |--------|--------|--------|--------|
115
+ | Detection rate | 97.0% | >95% | Pass |
116
+ | False positive rate | 0 in 10,168 requests (<0.03% at 95% CI) | <0.1% | Pass |
117
+ | Audit integrity | No raw PII in logs | Pass | Pass |
118
+ | p50 latency overhead | 0.17ms (deterministic pipeline, no network hop) | <5ms | Pass |
119
+
120
+ ### Limitations
121
+
122
+ - Tested against own generated scenarios, not an independent corpus — [methodology explains mitigations](docs/benchmark-methodology.md#self-testing-honesty-about-our-own-test-suite)
123
+ - Regex PII detection misses semantic encoding (spelling out digits, splitting across fields)
124
+ - Does not address LLM-level prompt injection — complementary tools like those evaluated by [MCPSecBench](https://arxiv.org/abs/2508.13220) operate at the agent layer
125
+ - No coverage for network-layer attacks (MITM, DNS rebinding)
126
+ - ML-based detection planned but not yet implemented
127
+
128
+ > Full-suite results from `pnpm benchmark`. Quick mode (`pnpm benchmark:quick`) uses stratified sampling and typically reports ~89-93% detection. See [latest report](benchmarks/results/REPORT.md) for charts.
120
129
 
121
130
  ## CLI Reference
122
131
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@jacobmolz/mcpguard",
3
- "version": "0.1.0",
3
+ "version": "0.3.0",
4
4
  "description": "Security proxy daemon for MCP servers — adds auth, rate limiting, PII detection, and audit logging",
5
5
  "author": "Jacob Molz",
6
6
  "license": "MIT",
@@ -48,7 +48,7 @@
48
48
  "benchmark:security": "tsx benchmarks/runner.ts --suite security",
49
49
  "benchmark:legitimate": "tsx benchmarks/runner.ts --suite legitimate",
50
50
  "benchmark:performance": "tsx benchmarks/runner.ts --suite performance",
51
- "prepublishOnly": "pnpm lint && pnpm typecheck && pnpm test && pnpm build"
51
+ "prepublishOnly": "pnpm build"
52
52
  },
53
53
  "dependencies": {
54
54
  "@modelcontextprotocol/sdk": "^1.12.1",
@@ -64,8 +64,10 @@
64
64
  "@types/better-sqlite3": "^7.6.13",
65
65
  "@types/js-yaml": "^4.0.9",
66
66
  "@types/node": "^22.15.2",
67
+ "conventional-changelog-conventionalcommits": "^9.3.1",
67
68
  "eslint": "^9.25.0",
68
69
  "prettier": "^3.5.3",
70
+ "semantic-release": "^25.0.3",
69
71
  "tsup": "^8.4.0",
70
72
  "tsx": "^4.19.4",
71
73
  "typescript": "^5.8.3",