@mcp-shark/mcp-shark 1.5.13 → 1.7.2

package/core/cli/data/rule-packs/owasp-mcp-2026.json

@@ -0,0 +1,244 @@
+{
+  "schema_version": "1.0",
+  "pack_id": "owasp-mcp-2026",
+  "pack_name": "OWASP MCP Top 10 (2026)",
+  "version": "1.0.0",
+  "updated": "2026-03-15",
+  "source_url": "https://owasp.org/www-project-mcp-top-10/",
+  "rules": [
+    {
+      "id": "mcp01-token-mismanagement",
+      "name": "Token Mismanagement & Secret Exposure",
+      "owasp_id": "MCP01",
+      "severity": "high",
+      "type": "owasp-mcp",
+      "description": "Detects hard-coded credentials, API keys, and secrets that could be exposed through prompt injection or compromised context.",
+      "recommendation": "Move all tokens and secrets to secure storage (environment variables, secret managers). Never embed credentials in MCP server configurations.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        { "regex": "sk-[A-Za-z0-9]{20}T3BlbkFJ[A-Za-z0-9]{20}", "label": "OpenAI", "flags": "" },
+        { "regex": "github_pat_[0-9A-Za-z_]{40,90}", "label": "GitHub PAT", "flags": "" },
+        { "regex": "(ghp|gho|ghs|ghu)_[A-Za-z0-9]{36}", "label": "GitHub Token", "flags": "" },
+        { "regex": "glpat-[0-9A-Za-z\\-_]{20}", "label": "GitLab Token", "flags": "" },
+        { "regex": "xox[baprs]-[A-Za-z0-9-]{10,120}", "label": "Slack Token", "flags": "" },
+        {
+          "regex": "https:\\/\\/hooks\\.slack\\.com\\/services\\/[A-Za-z0-9+/]{30,}",
+          "label": "Slack Webhook",
+          "flags": ""
+        },
+        {
+          "regex": "[A-Za-z0-9]{24}\\.[A-Za-z0-9]{6}\\.[A-Za-z0-9_-]{27}",
+          "label": "Discord Token",
+          "flags": ""
+        },
+        { "regex": "AKIA[0-9A-Z]{16}", "label": "AWS Access Key", "flags": "" },
+        {
+          "regex": "(?<![A-Za-z0-9])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9])",
+          "label": "AWS Secret Key",
+          "flags": ""
+        },
+        { "regex": "AIza[0-9A-Za-z\\-_]{35}", "label": "Google API Key", "flags": "" },
+        { "regex": "sk_live_[0-9a-zA-Z]{24}", "label": "Stripe Secret", "flags": "" },
+        { "regex": "rk_live_[0-9a-zA-Z]{24}", "label": "Stripe Restricted", "flags": "" },
+        { "regex": "SK[0-9a-fA-F]{32}", "label": "Twilio API Key", "flags": "" },
+        {
+          "regex": "SG\\.[0-9A-Za-z\\-_]{22}\\.[0-9A-Za-z\\-_]{43}",
+          "label": "SendGrid",
+          "flags": ""
+        },
+        { "regex": "key-[0-9a-fA-F]{32}", "label": "Mailgun", "flags": "" },
+        { "regex": "[A-Z0-9]{32}-[A-Z0-9]{10}", "label": "Algolia", "flags": "" },
+        {
+          "regex": "heroku[_a-z]*[:=]\\s*['\\\"]?[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}",
+          "label": "Heroku API token",
+          "flags": "i"
+        },
+        {
+          "regex": "pscale_(?:tkn|pw|oauth)_[A-Za-z0-9._=-]{30,60}",
+          "label": "PlanetScale",
+          "flags": ""
+        },
+        { "regex": "PMAK-[0-9a-f]{24}-[0-9a-f]{34}", "label": "Postman", "flags": "" },
+        { "regex": "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}", "label": "Firebase", "flags": "" }
+      ]
+    },
+    {
+      "id": "mcp02-scope-creep",
+      "name": "Scope Creep Detection",
+      "owasp_id": "MCP02",
+      "severity": "medium",
+      "type": "owasp-mcp",
+      "description": "Detects potential privilege escalation via scope creep in tool definitions.",
+      "recommendation": "Implement strict scope boundaries for tools. Monitor for unauthorized scope expansion and enforce least privilege principles.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "low" },
+      "patterns": [
+        "(?:expand|extend|increase|broaden|widen)\\s+(?:scope|permission|access|capability|authority)",
+        "(?:additional|extra|more|further)\\s+(?:privilege|permission|access|right)",
+        "(?:escalate|elevate|raise|upgrade)\\s+(?:privilege|permission|access|level)",
+        "(?:unrestricted|unlimited|full|complete|total)\\s+(?:access|permission|privilege|control)",
+        "(?:bypass|override|circumvent)\\s+(?:restriction|limit|constraint|control)"
+      ]
+    },
+    {
+      "id": "mcp03-tool-poisoning",
+      "name": "Tool Poisoning Detection",
+      "owasp_id": "MCP03",
+      "severity": "high",
+      "type": "owasp-mcp",
+      "description": "Detects malicious patterns that could indicate tool poisoning attacks.",
+      "recommendation": "Verify tool authenticity and integrity. Implement tool signing and verification mechanisms. Monitor for suspicious tool behavior.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:malicious|harmful|dangerous|exploit|attack|backdoor|trojan|virus)",
+        "(?:unauthorized|illegitimate|fake|spoofed|forged|tampered)",
+        "(?:steal|exfiltrate|leak|extract)\\s+(?:data|information|credentials|secrets)",
+        "(?:delete|remove|destroy|wipe|erase)\\s+(?:file|data|information)",
+        "(?:override|bypass|disable)\\s+(?:security|protection|safeguard|control)",
+        "(?:hidden|concealed|obfuscated|encoded)\\s+(?:functionality|behavior|action)"
+      ]
+    },
+    {
+      "id": "mcp04-supply-chain",
+      "name": "Supply Chain Vulnerability Detection",
+      "owasp_id": "MCP04",
+      "severity": "high",
+      "type": "owasp-mcp",
+      "description": "Detects potential supply chain vulnerabilities in MCP configurations.",
+      "recommendation": "Pin all dependencies to specific versions. Verify package integrity and signatures. Use trusted repositories and registries.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:unsigned|unverified|untrusted|unauthenticated)\\s+(?:package|dependency|module|library)",
+        "(?:tampered|modified|altered|compromised)\\s+(?:package|dependency|module|library)",
+        "(?:dependency|package|module)\\s+(?:confusion|substitution|hijacking)",
+        "(?:typosquatting|brandjacking|namespace)\\s+(?:package|dependency|module)",
+        "(?:unpinned|floating|wildcard)\\s+(?:version|dependency|package)",
+        "(?:from|source)\\s+(?:unknown|unverified|suspicious|untrusted)\\s+(?:source|repository|registry)"
+      ]
+    },
+    {
+      "id": "mcp06-prompt-injection",
+      "name": "Prompt Injection Detection",
+      "owasp_id": "MCP06",
+      "severity": "high",
+      "type": "owasp-mcp",
+      "description": "Detects prompt injection attempts via contextual payloads and suspicious tool names.",
+      "recommendation": "Implement prompt injection defenses. Validate and sanitize all user inputs. Use prompt isolation and output filtering.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "critical" },
+      "patterns": [
+        "(?:ignore|forget|disregard)\\s+(?:\\w+\\s+)*(?:previous|prior|earlier|above|instructions|prompts|system)",
+        "(?:new|different|override|replace)\\s+(?:instructions|prompt|system|rules)",
+        "(?:you\\s+are|act\\s+as|pretend\\s+to\\s+be|roleplay\\s+as)",
+        "(?:system|admin|root|sudo)\\s+(?:access|privilege|permission|command)",
+        "(?:extract|reveal|show|display|output)\\s+(?:system|prompt|instruction|secret|password|token)",
+        "(?:execute|run|perform)\\s+(?:arbitrary|any|unrestricted|unlimited)\\s+(?:command|action|code)"
+      ],
+      "tool_name_patterns": [
+        {
+          "regex": "instruction_?override",
+          "label": "Instruction Override Tool",
+          "severity": "critical"
+        },
+        {
+          "regex": "system_?prompt|systemprompt",
+          "label": "System Prompt Access Tool",
+          "severity": "critical"
+        },
+        {
+          "regex": "ignore_?instruction",
+          "label": "Ignore Instruction Tool",
+          "severity": "critical"
+        },
+        { "regex": "bypass_?security", "label": "Security Bypass Tool", "severity": "critical" },
+        { "regex": "admin_?override", "label": "Admin Override Tool", "severity": "critical" },
+        { "regex": "privilege_?escalat", "label": "Privilege Escalation Tool", "severity": "high" },
+        { "regex": "sudo|root_?access", "label": "Elevated Privilege Tool", "severity": "high" },
+        { "regex": "hidden_?command", "label": "Hidden Command Tool", "severity": "high" },
+        { "regex": "secret_?access", "label": "Secret Access Tool", "severity": "high" }
+      ]
+    },
+    {
+      "id": "mcp07-insufficient-auth",
+      "name": "Insufficient Authentication Detection",
+      "owasp_id": "MCP07",
+      "severity": "high",
+      "type": "owasp-mcp",
+      "description": "Detects potential authentication and authorization weaknesses.",
+      "recommendation": "Implement proper authentication and authorization mechanisms. Enforce access controls for all tools and resources.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:no|missing|lack|absent|without)\\s+(?:authentication|auth|authorization|authz|access\\s+control)",
+        "(?:public|open|unrestricted|unprotected|unsecured)\\s+(?:access|endpoint|api|tool|resource)",
+        "(?:anonymous|guest|unauthenticated)\\s+(?:user|access|request)",
+        "(?:skip|bypass|ignore|disable)\\s+(?:authentication|auth|authorization|check|validation)",
+        "(?:weak|insecure|poor|insufficient)\\s+(?:authentication|auth|authorization|security)"
+      ]
+    },
+    {
+      "id": "mcp08-lack-audit",
+      "name": "Lack of Audit Detection",
+      "owasp_id": "MCP08",
+      "severity": "medium",
+      "type": "owasp-mcp",
+      "description": "Detects potential lack of audit trails and telemetry.",
+      "recommendation": "Implement comprehensive logging, audit trails, and telemetry. Monitor all tool usage and resource access.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "low" },
+      "patterns": [
+        "(?:no|missing|lack|absent|without)\\s+(?:logging|log|audit|telemetry|monitoring|tracking)",
+        "(?:disable|turn\\s+off|remove)\\s+(?:logging|log|audit|telemetry|monitoring)",
+        "(?:silent|quiet|no\\s+output)\\s+(?:mode|operation|execution)",
+        "(?:unlogged|unmonitored|untracked)\\s+(?:action|operation|event|access)"
+      ]
+    },
+    {
+      "id": "mcp09-shadow-servers",
+      "name": "Shadow Server Detection",
+      "owasp_id": "MCP09",
+      "severity": "high",
+      "type": "owasp-mcp",
+      "description": "Detects potential unauthorized or shadow MCP server deployments.",
+      "recommendation": "Maintain an inventory of all MCP servers. Implement server registration and approval processes. Monitor for unauthorized deployments.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "medium" },
+      "patterns": [
+        "(?:unauthorized|unmanaged|unapproved|unofficial)\\s+(?:server|service|instance|deployment)",
+        "(?:shadow|rogue|hidden|concealed|undocumented)\\s+(?:server|service|instance|deployment)",
+        "(?:bypass|circumvent|avoid)\\s+(?:approval|review|governance|management|control)",
+        "(?:unregistered|unlisted|unmonitored)\\s+(?:server|service|instance|deployment)"
+      ]
+    },
+    {
+      "id": "mcp10-context-injection",
+      "name": "Context Injection Detection",
+      "owasp_id": "MCP10",
+      "severity": "medium",
+      "type": "owasp-mcp",
+      "description": "Detects context injection and over-sharing vulnerabilities.",
+      "recommendation": "Implement context isolation and filtering. Limit context sharing between tools and servers. Validate all context data.",
+      "scope": ["tool", "prompt", "resource", "packet"],
+      "match_mode": "all_matches",
+      "severity_overrides": { "prompt": "high" },
+      "patterns": [
+        "(?:over-share|overshare|excessive|too\\s+much)\\s+(?:context|information|data|details)",
+        "(?:share|expose|reveal|leak)\\s+(?:all|entire|full|complete|everything)\\s+(?:context|information|data)",
+        "(?:inject|insert)\\s+(?:context|information|data|payload)\\s+(?:into|to|in)",
+        "(?:context|information|data)\\s+(?:injection|manipulation|tampering|poisoning)",
+        "(?:unrestricted|unlimited|unfiltered)\\s+(?:context|information|data)\\s+(?:sharing|access|transfer)"
+      ]
+    }
+  ]
+}

package/core/cli/data/rule-packs/toxic-flow-heuristics.json

@@ -0,0 +1,21 @@
+{
+  "schema_version": "1.0",
+  "pack_id": "toxic-flow-heuristics",
+  "pack_name": "Toxic flow capability-pair heuristics",
+  "version": "1.0.0",
+  "updated": "2026-04-05",
+  "source_url": "https://github.com/mcp-shark/rule-packs",
+  "description": "Cross-server toxic flow rules consumed by analyzeToxicFlows (CLI, HTML report, proxy traffic panel). Declarative rules[] is empty; heuristics live in toxic_flow_rules.",
+  "rules": [],
+  "toxic_flow_rules": [
+    {
+      "source": "writes_code",
+      "target": "sends_external",
+      "risk": "HIGH",
+      "title": "Code change \u2192 external disclosure",
+      "scenario": "The agent could alter code or repos via {source} and leak implementation details, tokens, or other sensitive context through {target}.",
+      "catalog": "\u00a71.2, \u00a71.10",
+      "owasp": "MCP03 + MCP06"
+    }
+  ]
+}

package/core/cli/data/rule-sources.json

@@ -0,0 +1,5 @@
+{
+  "registry_url": "https://raw.githubusercontent.com/mcp-shark/rule-packs/main/manifest.json",
+  "cache_dir": ".mcp-shark/rule-packs",
+  "default_auto_update_max_age_hours": 168
+}

package/core/cli/data/secret-patterns.json

@@ -0,0 +1,18 @@
+[
+  { "pattern": "^ghp_[a-zA-Z0-9]{36,}$", "name": "GitHub PAT", "severity": "high" },
+  { "pattern": "^gho_[a-zA-Z0-9]{36,}$", "name": "GitHub OAuth", "severity": "high" },
+  { "pattern": "^sk-[a-zA-Z0-9]{20,}$", "name": "API Key (sk-)", "severity": "high" },
+  { "pattern": "^xoxb-", "name": "Slack Bot Token", "severity": "high" },
+  { "pattern": "^xoxp-", "name": "Slack User Token", "severity": "critical" },
+  { "pattern": "^AKIA[A-Z0-9]{16}$", "name": "AWS Access Key", "severity": "critical" },
+  { "pattern": "^glpat-", "name": "GitLab PAT", "severity": "high" },
+  { "pattern": "^npm_[a-zA-Z0-9]{36,}$", "name": "npm Token", "severity": "high" },
+  { "pattern": "^[a-f0-9]{40}$", "name": "Hex Token (40 chars)", "severity": "medium" },
+  { "pattern": "^AIza[a-zA-Z0-9_-]{35}$", "name": "Google API Key", "severity": "high" },
+  {
+    "pattern": "^SG\\.[a-zA-Z0-9_-]+\\.[a-zA-Z0-9_-]+$",
+    "name": "SendGrid Key",
+    "severity": "high"
+  },
+  { "pattern": "^sk_live_[a-zA-Z0-9]+$", "name": "Stripe Live Key", "severity": "critical" }
+]

package/core/cli/data/tool-classifications.json

@@ -0,0 +1,111 @@
+{
+  "mcp-server-github": {
+    "get_issue": "ingests_untrusted",
+    "get_pull_request": "ingests_untrusted",
+    "search_issues": "ingests_untrusted",
+    "list_issues": "ingests_untrusted",
+    "search_code": "ingests_untrusted",
+    "get_file_contents": "reads_secrets",
+    "create_pull_request": "writes_code",
+    "push_files": "writes_code",
+    "create_issue": "writes_code",
+    "update_issue": "writes_code",
+    "create_or_update_file": "writes_code",
+    "fork_repository": "writes_code",
+    "create_branch": "writes_code"
+  },
+  "mcp-server-slack": {
+    "list_messages": "ingests_untrusted",
+    "get_channel_history": "ingests_untrusted",
+    "search_messages": "ingests_untrusted",
+    "send_message": "sends_external",
+    "post_message": "sends_external",
+    "upload_file": "sends_external"
+  },
+  "mcp-server-filesystem": {
+    "read_file": "reads_secrets",
+    "read_multiple_files": "reads_secrets",
+    "list_directory": "reads_secrets",
+    "search_files": "reads_secrets",
+    "get_file_info": "reads_secrets",
+    "write_file": "writes_code",
+    "create_directory": "writes_code",
+    "move_file": "writes_code",
+    "edit_file": "writes_code"
+  },
+  "mcp-server-git": {
+    "git_log": "reads_secrets",
+    "git_diff": "reads_secrets",
+    "git_status": "reads_secrets",
+    "git_show": "reads_secrets",
+    "git_commit": "writes_code",
+    "git_add": "writes_code",
+    "git_push": "writes_code",
+    "git_init": "writes_code"
+  },
+  "mcp-server-postgres": {
+    "query": "reads_secrets",
+    "list_tables": "reads_secrets",
+    "describe_table": "reads_secrets"
+  },
+  "mcp-server-sqlite": {
+    "read_query": "reads_secrets",
+    "write_query": "writes_code",
+    "list_tables": "reads_secrets"
+  },
+  "mcp-server-fetch": {
+    "fetch": "ingests_untrusted"
+  },
+  "mcp-server-brave-search": {
+    "brave_web_search": "ingests_untrusted",
+    "brave_local_search": "ingests_untrusted"
+  },
+  "mcp-server-puppeteer": {
+    "navigate": "ingests_untrusted",
+    "screenshot": "ingests_untrusted",
+    "click": "ingests_untrusted",
+    "evaluate": "writes_code"
+  },
+  "@playwright/mcp": {
+    "browser_navigate": "ingests_untrusted",
+    "browser_snapshot": "ingests_untrusted",
+    "browser_click": "ingests_untrusted",
+    "browser_type": "ingests_untrusted"
+  },
+  "mcp-server-kubernetes": {
+    "kubectl_get": "reads_secrets",
+    "kubectl_apply": "modifies_infra",
+    "kubectl_delete": "modifies_infra",
+    "kubectl_scale": "modifies_infra",
+    "kubectl_patch": "modifies_infra"
+  },
+  "heroku-mcp-server": {
+    "list_apps": "reads_secrets",
+    "transfer_app": "modifies_infra",
+    "scale_formation": "modifies_infra",
+    "create_app": "modifies_infra",
+    "delete_app": "modifies_infra"
+  },
+  "mcp-server-docker": {
+    "list_containers": "reads_secrets",
+    "container_run": "modifies_infra",
+    "container_stop": "modifies_infra",
+    "container_remove": "modifies_infra",
+    "image_pull": "modifies_infra"
+  },
+  "google-docs-mcp": {
+    "get_document": "ingests_untrusted",
+    "search_documents": "ingests_untrusted",
+    "create_document": "writes_code"
+  },
+  "jira-mcp-server": {
+    "get_issue": "ingests_untrusted",
+    "search_issues": "ingests_untrusted",
+    "get_ticket": "ingests_untrusted",
+    "create_issue": "writes_code"
+  },
+  "mcp-server-memory": {
+    "store": "writes_code",
+    "retrieve": "reads_secrets"
+  }
+}

package/core/cli/data/toxic-flow-rules.json

@@ -0,0 +1,47 @@
+[
+  {
+    "source": "ingests_untrusted",
+    "target": "writes_code",
+    "risk": "HIGH",
+    "title": "Prompt injection \u2192 code modification",
+    "scenario": "A {source_ide} message with prompt injection processed by {source} could cause your agent to push malicious code via {target}.",
+    "catalog": "\u00a71.3, \u00a71.10, \u00a71.12",
+    "owasp": "MCP03 + MCP10"
+  },
+  {
+    "source": "ingests_untrusted",
+    "target": "sends_external",
+    "risk": "HIGH",
+    "title": "Prompt injection \u2192 data exfiltration",
+    "scenario": "Untrusted content ingested by {source} could instruct the agent to exfiltrate sensitive data through {target}.",
+    "catalog": "\u00a71.2",
+    "owasp": "MCP03 + MCP06"
+  },
+  {
+    "source": "reads_secrets",
+    "target": "sends_external",
+    "risk": "HIGH",
+    "title": "Secret theft via external channel",
+    "scenario": "Your agent can read sensitive files via {source} and exfiltrate them through {target}.",
+    "catalog": "\u00a71.1, \u00a71.14",
+    "owasp": "MCP01 + MCP10"
+  },
+  {
+    "source": "ingests_untrusted",
+    "target": "modifies_infra",
+    "risk": "HIGH",
+    "title": "Prompt injection \u2192 infrastructure takeover",
+    "scenario": "Attacker-controlled content from {source} could cause infrastructure changes via {target}.",
+    "catalog": "\u00a71.13",
+    "owasp": "MCP03 + MCP05"
+  },
+  {
+    "source": "reads_secrets",
+    "target": "ingests_untrusted",
+    "risk": "MEDIUM",
+    "title": "Sensitive data leakage to untrusted channel",
+    "scenario": "Sensitive data from {source} could leak into context shared with untrusted content from {target}.",
+    "catalog": "\u00a71.7",
+    "owasp": "MCP10"
+  }
+]

package/core/cli/index.js

@@ -0,0 +1,23 @@
+/**
+ * CLI module barrel file
+ */
+export { applyFixes, renderFixResults } from './AutoFixEngine.js';
+export { scanIdeConfigs, getAllServers } from './ConfigScanner.js';
+export { loadBuiltinJson, loadUserYamlList, loadUserYamlMap } from './DataLoader.js';
+export { loadDeclarativeRules } from './DeclarativeRuleEngine.js';
+export { executeDoctor } from './DoctorCommand.js';
+export { applyFix, createEnvExample, undoFixes } from './FixHandlers.js';
+export { generateHtmlReport } from './HtmlReportGenerator.js';
+export { executeList } from './ListCommand.js';
+export { computeDiff, renderDiff, hashToolDefinition } from './LockDiffEngine.js';
+export { executeLock, executeLockVerify, executeDiff } from './LockCommand.js';
+export { executeScan } from './ScanCommand.js';
+export { runScan } from './ScanService.js';
+export { detectHardcodedSecrets } from './SecretDetector.js';
+export { S } from './symbols.js';
+export { calculateSharkScore, countBySeverity } from './SharkScoreCalculator.js';
+export { analyzeToxicFlows } from './ToxicFlowAnalyzer.js';
+export { executeUpdateRules } from './UpdateCommand.js';
+export { executeWatch } from './WatchCommand.js';
+export { generateWalkthroughs } from './WalkthroughGenerator.js';
+export { loadYamlRules, applyYamlRules } from './YamlRuleEngine.js';

package/core/cli/output/Banner.js

@@ -0,0 +1,52 @@
+/**
+ * CLI banner — clean, text-only
+ */
+import { readFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import kleur from 'kleur';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const rootDir = resolve(__dirname, '..', '..', '..');
+
+function getVersion() {
+  try {
+    const pkgPath = join(rootDir, 'package.json');
+    const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+    return pkg.version;
+  } catch (_err) {
+    return 'unknown';
+  }
+}
+
+/**
+ * Display the scan banner — minimal, Biome-style
+ */
+export function displayScanBanner() {
+  const version = getVersion();
+
+  console.log('');
+  console.log(`  ${kleur.bold('mcp-shark')} ${kleur.dim(`v${version}`)}`);
+  console.log(kleur.dim('  ─────────────────────────────────────'));
+  console.log('');
+}
+
+/**
+ * Display the serve banner (existing ASCII art style)
+ */
+export function displayServeBanner() {
+  const version = getVersion();
+  const banner = `
+   ███╗   ███╗ ██████╗ ██████╗      ███████╗██╗  ██╗ █████╗ ██████╗ ██╗  ██╗
+   ████╗ ████║██╔════╝██╔══██╗     ██╔════╝██║  ██║██╔══██╗██╔══██╗██║ ██╔╝
+   ██╔████╔██║██║     ██████╔╝     ███████╗███████║███████║██████╔╝█████╔╝ 
+   ██║╚██╔╝██║██║     ██╔═══╝      ╚════██║██╔══██║██╔══██║██╔══██╗██╔═██╗ 
+   ██║ ╚═╝ ██║╚██████╗██║          ███████║██║  ██║██║  ██║██║  ██║██║  ██╗
+   ╚═╝     ╚═╝ ╚═════╝╚═╝          ╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝╚═╝  ╚═╝
+   
+   Aggregate multiple MCP servers into a unified interface
+   Version: ${version} | Homepage: https://mcpshark.sh
+`;
+  console.log(banner);
+}