@mcp-shark/mcp-shark 1.5.13 → 1.7.2

package/ui/src/components/Security/useSecurity.js

@@ -5,8 +5,10 @@ import {
   fetchRunningServersCount,
   fetchScanHistory,
   fetchSummary,
+  fetchTrafficToxicFlows,
   postAnalyseRunningServers,
   postClearFindings,
+  postReplayTrafficToxicFlows,
 } from './securityApi.js';
 import { useYaraRules } from './useYaraRules.js';
 
@@ -30,6 +32,11 @@ export function useSecurity() {
   // Track whether a scan has been completed (to show appropriate empty state)
   const [scanComplete, setScanComplete] = useState(false);
 
+  // Traffic-derived toxic flows (tools/list via HTTP proxy)
+  const [trafficToxicSnapshot, setTrafficToxicSnapshot] = useState(null);
+  const [trafficToxicLoading, setTrafficToxicLoading] = useState(false);
+  const [trafficToxicError, setTrafficToxicError] = useState(null);
+
   // Use YARA rules hook
   const yaraRules = useYaraRules();
 
@@ -88,6 +95,48 @@ export function useSecurity() {
     }
   }, []);
 
+  const loadTrafficToxicFlows = useCallback(async () => {
+    setTrafficToxicLoading(true);
+    setTrafficToxicError(null);
+    try {
+      const data = await fetchTrafficToxicFlows();
+      if (data && data.success === false) {
+        setTrafficToxicError(data.error || 'Could not load traffic toxic flows');
+        setTrafficToxicSnapshot(null);
+      } else if (data?.error && !data.toxicFlows) {
+        setTrafficToxicError(data.error);
+        setTrafficToxicSnapshot(null);
+      } else {
+        setTrafficToxicSnapshot(data);
+      }
+    } catch (err) {
+      console.error('Traffic toxic flows:', err);
+      setTrafficToxicError(err.message || 'Request failed');
+      setTrafficToxicSnapshot(null);
+    } finally {
+      setTrafficToxicLoading(false);
+    }
+  }, []);
+
+  const replayTrafficToxicFlows = useCallback(async () => {
+    setTrafficToxicLoading(true);
+    setTrafficToxicError(null);
+    try {
+      const data = await postReplayTrafficToxicFlows();
+      if (data.success === false || data.error) {
+        setTrafficToxicError(data.error || 'Replay failed');
+        setTrafficToxicSnapshot(null);
+      } else {
+        setTrafficToxicSnapshot(data);
+      }
+    } catch (err) {
+      console.error('Traffic toxic replay:', err);
+      setTrafficToxicError(err.message || 'Request failed');
+    } finally {
+      setTrafficToxicLoading(false);
+    }
+  }, []);
+
   const discoverAndScan = useCallback(async () => {
     setScanning(true);
     setError(null);
@@ -109,6 +158,7 @@ export function useSecurity() {
         await loadSummary();
         await loadScanHistory(); // Refresh history
         setScanComplete(true); // Mark scan as complete
+        await loadTrafficToxicFlows();
       }
     } catch (err) {
       console.error('Analysis error:', err);
@@ -116,7 +166,7 @@ export function useSecurity() {
     } finally {
       setScanning(false);
     }
-  }, [loadFindings, loadSummary, loadScanHistory]);
+  }, [loadFindings, loadSummary, loadScanHistory, loadTrafficToxicFlows]);
 
   const clearFindings = useCallback(async () => {
     setClearing(true);
@@ -130,13 +180,14 @@ export function useSecurity() {
         setError(null);
         setScanComplete(false); // Reset scan complete state
         await loadScanHistory(); // Refresh history after clear
+        await loadTrafficToxicFlows(); // Server cleared in-memory toxic-flow registry
       }
     } catch (err) {
       console.error('Failed to clear findings:', err);
     } finally {
       setClearing(false);
     }
-  }, [loadScanHistory]);
+  }, [loadScanHistory, loadTrafficToxicFlows]);
 
   const selectHistoricalScan = useCallback(async (scanId) => {
     setSelectedScanId(scanId);
@@ -160,7 +211,8 @@ export function useSecurity() {
     loadRules();
     loadScanHistory();
     checkRunningServers();
-  }, [loadRules, loadScanHistory, checkRunningServers]);
+    loadTrafficToxicFlows();
+  }, [loadRules, loadScanHistory, checkRunningServers, loadTrafficToxicFlows]);
 
   return {
     rules,
@@ -183,6 +235,11 @@ export function useSecurity() {
     runningServersCount,
     checkRunningServers,
     scanComplete,
+    trafficToxicSnapshot,
+    trafficToxicLoading,
+    trafficToxicError,
+    loadTrafficToxicFlows,
+    replayTrafficToxicFlows,
     // YARA rules (spread from useYaraRules)
     ...yaraRules,
   };

package/ui/src/components/ServerControl.jsx

@@ -62,7 +62,6 @@ function ServerControl({ status, loading, onStart, onStop, canStart }) {
         ) : (
           <button
             type="button"
-            data-tour="start-button"
             onClick={onStart}
             disabled={loading || !canStart}
             style={{

package/ui/src/components/TabNavigation/DesktopTabs.jsx

@@ -28,17 +28,6 @@ export default function DesktopTabs({ tabs, activeTab, onTabChange, tabRefs, ind
               tabRefs.current[tab.id] = el;
             }
           }}
-          data-tour={
-            tab.id === 'traffic'
-              ? 'traffic-tab'
-              : tab.id === 'logs'
-                ? 'logs-tab'
-                : tab.id === 'setup'
-                  ? 'setup-tab'
-                  : tab.id === 'playground'
-                    ? 'playground-tab'
-                    : 'smart-scan-tab'
-          }
           onClick={() => onTabChange(tab.id)}
           style={{
             padding: '14px 24px',

package/ui/src/components/TabNavigationIcons.jsx

@@ -4,6 +4,7 @@ import {
   IconBrandStackoverflow,
   IconChevronDown,
   IconFileText,
+  IconKey,
   IconMenu2,
   IconNetwork,
   IconSettings,
@@ -43,3 +44,7 @@ export const ChevronDownIcon = ({ size = 16, color = 'currentColor' }) => (
 export const SecurityIcon = ({ size = 16, color = 'currentColor' }) => (
   <IconShieldCheck size={size} stroke={1.5} color={color} />
 );
+
+export const AauthIcon = ({ size = 16, color = 'currentColor' }) => (
+  <IconKey size={size} stroke={1.5} color={color} />
+);

package/ui/src/components/ViewModeTabs.jsx

@@ -4,7 +4,6 @@ import { colors, fonts } from '../theme';
 function ViewModeTabs({ viewMode, onViewModeChange }) {
   return (
     <div
-      data-tour="view-modes"
       style={{
         display: 'flex',
         borderBottom: `1px solid ${colors.borderLight}`,

package/ui/src/utils/animations.js

@@ -5,18 +5,35 @@ import anime from 'animejs';
  */
 
 /**
- * Stagger animation for list items
+ * Stagger animation for list items.
+ * @param {object} [options]
+ * @param {boolean} [options.fade=true] When false, rows stay at full opacity so
+ *   traffic tables are never invisible during the tween (fixes empty screenshots
+ *   and reduces flash for long lists).
  */
 export const staggerIn = (selector, options = {}) => {
-  return anime({
+  const {
+    fade = true,
+    duration = 400,
+    delay = 50,
+    easing = 'easeOutExpo',
+    translateY = [20, 0],
+    ...rest
+  } = options;
+  const cfg = {
     targets: selector,
-    opacity: [0, 1],
-    translateY: [20, 0],
-    duration: options.duration || 400,
-    delay: anime.stagger(options.delay || 50),
-    easing: options.easing || 'easeOutExpo',
-    ...options,
-  });
+    translateY,
+    duration,
+    delay: anime.stagger(delay),
+    easing,
+    ...rest,
+  };
+  if (fade) {
+    cfg.opacity = [0, 1];
+  } else {
+    cfg.opacity = 1;
+  }
+  return anime(cfg);
 };
 
 /**

package/core/services/security/rules/scans/agentic01GoalHijack.js

@@ -1,130 +0,0 @@
-import { convertPacketFinding, createRuleAdapter } from '../utils/adapter.js';
-import { packetToText, promptToText, resourceToText, toolToText } from '../utils/text.js';
-
-const RULE_ID = 'asi01-goal-hijack';
-const OWASP_ID = 'ASI01';
-const RECOMMENDATION =
-  'Implement goal validation and verification. Monitor for unauthorized goal changes. Use goal isolation and protection mechanisms.';
-
-const GOAL_HIJACK_PATTERNS = [
-  /(?:hijack|override|replace|change|modify)\s+(?:goal|objective|purpose|mission|task)/i,
-  /(?:ignore|forget|disregard)\s+(?:original|initial|intended|primary)\s+(?:goal|objective|purpose)/i,
-  /(?:new|different|alternative|malicious)\s+(?:goal|objective|purpose|mission)/i,
-  /(?:steer|redirect|manipulate)\s+(?:agent|system)\s+(?:toward|to|into)/i,
-  /(?:unauthorized|malicious|harmful)\s+(?:goal|objective|purpose|action)/i,
-];
-
-function scanText(text) {
-  if (!text) {
-    return null;
-  }
-  const matches = [];
-  for (const pattern of GOAL_HIJACK_PATTERNS) {
-    const match = text.match(pattern);
-    if (match) {
-      matches.push(match[0]);
-    }
-  }
-  return matches.length > 0 ? matches : null;
-}
-
-function buildReason(entity, matches) {
-  return `Potential agent goal hijack in ${entity}: ${matches.join(', ')}`;
-}
-
-export function scanAgentic01GoalHijack(mcpData = {}) {
-  const results = {
-    toolFindings: [],
-    resourceFindings: [],
-    promptFindings: [],
-    notablePatterns: [],
-    recommendations: [RECOMMENDATION],
-  };
-
-  for (const tool of mcpData.tools || []) {
-    const matches = scanText(toolToText(tool));
-    if (matches) {
-      results.toolFindings.push({
-        issueType: 'Goal Hijack',
-        name: tool?.name || 'tool',
-        severity: 'high',
-        reasons: [buildReason(`tool "${tool?.name || 'unknown'}"`, matches)],
-        tags: ['goal-hijack', 'agent-manipulation'],
-        agenticCategory: OWASP_ID,
-        safeUseNotes:
-          'Review tool behavior for goal hijacking vulnerabilities. Ensure agent goals cannot be modified by tools.',
-      });
-    }
-  }
-
-  for (const resource of mcpData.resources || []) {
-    const matches = scanText(resourceToText(resource));
-    if (matches) {
-      results.resourceFindings.push({
-        issueType: 'Goal Hijack',
-        uri: resource?.uri || resource?.name || 'resource',
-        severity: 'high',
-        reasons: [
-          buildReason(`resource "${resource?.name || resource?.uri || 'unknown'}"`, matches),
-        ],
-        tags: ['goal-hijack', 'agent-manipulation'],
-        agenticCategory: OWASP_ID,
-      });
-    }
-  }
-
-  for (const prompt of mcpData.prompts || []) {
-    const matches = scanText(promptToText(prompt));
-    if (matches) {
-      results.promptFindings.push({
-        issueType: 'Goal Hijack',
-        name: prompt?.name || 'prompt',
-        severity: 'critical',
-        reasons: [buildReason(`prompt "${prompt?.name || 'unknown'}"`, matches)],
-        tags: ['goal-hijack', 'agent-manipulation'],
-        agenticCategory: OWASP_ID,
-      });
-    }
-  }
-
-  return results;
-}
-
-const adapter = createRuleAdapter(scanAgentic01GoalHijack, RULE_ID, OWASP_ID, RECOMMENDATION);
-
-export const analyzeTool = adapter.analyzeTool;
-export const analyzePrompt = adapter.analyzePrompt;
-export const analyzeResource = adapter.analyzeResource;
-
-export function analyzePacket(packet) {
-  const text = packetToText(packet);
-  const matches = scanText(text);
-  if (!matches) {
-    return [];
-  }
-  return [
-    convertPacketFinding(
-      {
-        issueType: 'Goal Hijack',
-        severity: 'high',
-        title: 'Goal Hijack Pattern in Traffic',
-        description: `Potential agent goal hijack in packet: ${matches.join(', ')}`,
-        evidence: matches[0]?.substring(0, 50) || '',
-      },
-      RULE_ID,
-      OWASP_ID,
-      RECOMMENDATION,
-      packet
-    ),
-  ];
-}
-
-export const ruleMetadata = {
-  id: RULE_ID,
-  name: 'Agent Goal Hijack Detection',
-  owasp_id: OWASP_ID,
-  severity: 'high',
-  description: 'Detects attempts to hijack or modify agent goals.',
-  source: 'static',
-  type: 'agentic-security',
-};

package/core/services/security/rules/scans/agentic02ToolMisuse.js

@@ -1,129 +0,0 @@
-import { convertPacketFinding, createRuleAdapter } from '../utils/adapter.js';
-import { packetToText, promptToText, resourceToText, toolToText } from '../utils/text.js';
-
-const RULE_ID = 'asi02-tool-misuse';
-const OWASP_ID = 'ASI02';
-const RECOMMENDATION =
-  'Implement tool usage monitoring and restrictions. Enforce scope boundaries for tool usage. Monitor for unauthorized tool combinations.';
-
-const TOOL_MISUSE_PATTERNS = [
-  /(?:misuse|abuse|exploit|manipulate)\s+(?:tool|function|capability|feature)/i,
-  /(?:use|utilize|invoke)\s+(?:tool|function)\s+(?:outside|beyond|outside\s+of)\s+(?:intended|authorized|allowed)\s+(?:scope|purpose|context)/i,
-  /(?:unauthorized|illegitimate|improper)\s+(?:tool|function)\s+(?:usage|use|invocation)/i,
-  /(?:combine|chain|sequence)\s+(?:tools|functions)\s+(?:to|for)\s+(?:achieve|perform|execute)\s+(?:unauthorized|malicious)/i,
-];
-
-function scanText(text) {
-  if (!text) {
-    return null;
-  }
-  const matches = [];
-  for (const pattern of TOOL_MISUSE_PATTERNS) {
-    const match = text.match(pattern);
-    if (match) {
-      matches.push(match[0]);
-    }
-  }
-  return matches.length > 0 ? matches : null;
-}
-
-function buildReason(entity, matches) {
-  return `Potential tool misuse/exploitation in ${entity}: ${matches.join(', ')}`;
-}
-
-export function scanAgentic02ToolMisuse(mcpData = {}) {
-  const results = {
-    toolFindings: [],
-    resourceFindings: [],
-    promptFindings: [],
-    notablePatterns: [],
-    recommendations: [RECOMMENDATION],
-  };
-
-  for (const tool of mcpData.tools || []) {
-    const matches = scanText(toolToText(tool));
-    if (matches) {
-      results.toolFindings.push({
-        issueType: 'Tool Misuse',
-        name: tool?.name || 'tool',
-        severity: 'high',
-        reasons: [buildReason(`tool "${tool?.name || 'unknown'}"`, matches)],
-        tags: ['tool-misuse', 'exploitation'],
-        agenticCategory: OWASP_ID,
-        safeUseNotes:
-          'Review tool usage patterns. Ensure tools are used only within their intended scope.',
-      });
-    }
-  }
-
-  for (const resource of mcpData.resources || []) {
-    const matches = scanText(resourceToText(resource));
-    if (matches) {
-      results.resourceFindings.push({
-        issueType: 'Tool Misuse',
-        uri: resource?.uri || resource?.name || 'resource',
-        severity: 'medium',
-        reasons: [
-          buildReason(`resource "${resource?.name || resource?.uri || 'unknown'}"`, matches),
-        ],
-        tags: ['tool-misuse', 'exploitation'],
-        agenticCategory: OWASP_ID,
-      });
-    }
-  }
-
-  for (const prompt of mcpData.prompts || []) {
-    const matches = scanText(promptToText(prompt));
-    if (matches) {
-      results.promptFindings.push({
-        issueType: 'Tool Misuse',
-        name: prompt?.name || 'prompt',
-        severity: 'high',
-        reasons: [buildReason(`prompt "${prompt?.name || 'unknown'}"`, matches)],
-        tags: ['tool-misuse', 'exploitation'],
-        agenticCategory: OWASP_ID,
-      });
-    }
-  }
-
-  return results;
-}
-
-const adapter = createRuleAdapter(scanAgentic02ToolMisuse, RULE_ID, OWASP_ID, RECOMMENDATION);
-
-export const analyzeTool = adapter.analyzeTool;
-export const analyzePrompt = adapter.analyzePrompt;
-export const analyzeResource = adapter.analyzeResource;
-
-export function analyzePacket(packet) {
-  const text = packetToText(packet);
-  const matches = scanText(text);
-  if (!matches) {
-    return [];
-  }
-  return [
-    convertPacketFinding(
-      {
-        issueType: 'Tool Misuse',
-        severity: 'high',
-        title: 'Tool Misuse Pattern in Traffic',
-        description: `Potential tool misuse in packet: ${matches.join(', ')}`,
-        evidence: matches[0]?.substring(0, 50) || '',
-      },
-      RULE_ID,
-      OWASP_ID,
-      RECOMMENDATION,
-      packet
-    ),
-  ];
-}
-
-export const ruleMetadata = {
-  id: RULE_ID,
-  name: 'Tool Misuse Detection',
-  owasp_id: OWASP_ID,
-  severity: 'high',
-  description: 'Detects tool misuse and exploitation patterns.',
-  source: 'static',
-  type: 'agentic-security',
-};

package/core/services/security/rules/scans/agentic03IdentityAbuse.js

@@ -1,130 +0,0 @@
-import { convertPacketFinding, createRuleAdapter } from '../utils/adapter.js';
-import { packetToText, promptToText, resourceToText, toolToText } from '../utils/text.js';
-
-const RULE_ID = 'asi03-identity-abuse';
-const OWASP_ID = 'ASI03';
-const RECOMMENDATION =
-  'Implement strict identity and privilege management. Monitor for privilege escalation. Enforce least privilege principles.';
-
-const IDENTITY_ABUSE_PATTERNS = [
-  /(?:abuse|misuse|exploit|impersonate|spoof)\s+(?:identity|privilege|permission|access|role)/i,
-  /(?:escalate|elevate|raise|upgrade)\s+(?:privilege|permission|access|authority)/i,
-  /(?:assume|take|steal|hijack)\s+(?:identity|role|privilege|permission)/i,
-  /(?:unauthorized|illegitimate|improper)\s+(?:privilege|permission|access|authority)\s+(?:use|usage|exercise)/i,
-  /(?:bypass|circumvent|override)\s+(?:identity|authentication|authorization|access\s+control)/i,
-];
-
-function scanText(text) {
-  if (!text) {
-    return null;
-  }
-  const matches = [];
-  for (const pattern of IDENTITY_ABUSE_PATTERNS) {
-    const match = text.match(pattern);
-    if (match) {
-      matches.push(match[0]);
-    }
-  }
-  return matches.length > 0 ? matches : null;
-}
-
-function buildReason(entity, matches) {
-  return `Potential identity/privilege abuse in ${entity}: ${matches.join(', ')}`;
-}
-
-export function scanAgentic03IdentityAbuse(mcpData = {}) {
-  const results = {
-    toolFindings: [],
-    resourceFindings: [],
-    promptFindings: [],
-    notablePatterns: [],
-    recommendations: [RECOMMENDATION],
-  };
-
-  for (const tool of mcpData.tools || []) {
-    const matches = scanText(toolToText(tool));
-    if (matches) {
-      results.toolFindings.push({
-        issueType: 'Identity Abuse',
-        name: tool?.name || 'tool',
-        severity: 'high',
-        reasons: [buildReason(`tool "${tool?.name || 'unknown'}"`, matches)],
-        tags: ['identity-abuse', 'privilege-abuse'],
-        agenticCategory: OWASP_ID,
-        safeUseNotes:
-          'Review tool privilege requirements. Ensure agents cannot abuse their assigned identities or privileges.',
-      });
-    }
-  }
-
-  for (const resource of mcpData.resources || []) {
-    const matches = scanText(resourceToText(resource));
-    if (matches) {
-      results.resourceFindings.push({
-        issueType: 'Identity Abuse',
-        uri: resource?.uri || resource?.name || 'resource',
-        severity: 'high',
-        reasons: [
-          buildReason(`resource "${resource?.name || resource?.uri || 'unknown'}"`, matches),
-        ],
-        tags: ['identity-abuse', 'privilege-abuse'],
-        agenticCategory: OWASP_ID,
-      });
-    }
-  }
-
-  for (const prompt of mcpData.prompts || []) {
-    const matches = scanText(promptToText(prompt));
-    if (matches) {
-      results.promptFindings.push({
-        issueType: 'Identity Abuse',
-        name: prompt?.name || 'prompt',
-        severity: 'medium',
-        reasons: [buildReason(`prompt "${prompt?.name || 'unknown'}"`, matches)],
-        tags: ['identity-abuse', 'privilege-abuse'],
-        agenticCategory: OWASP_ID,
-      });
-    }
-  }
-
-  return results;
-}
-
-const adapter = createRuleAdapter(scanAgentic03IdentityAbuse, RULE_ID, OWASP_ID, RECOMMENDATION);
-
-export const analyzeTool = adapter.analyzeTool;
-export const analyzePrompt = adapter.analyzePrompt;
-export const analyzeResource = adapter.analyzeResource;
-
-export function analyzePacket(packet) {
-  const text = packetToText(packet);
-  const matches = scanText(text);
-  if (!matches) {
-    return [];
-  }
-  return [
-    convertPacketFinding(
-      {
-        issueType: 'Identity Abuse',
-        severity: 'high',
-        title: 'Identity Abuse Pattern in Traffic',
-        description: `Potential identity/privilege abuse in packet: ${matches.join(', ')}`,
-        evidence: matches[0]?.substring(0, 50) || '',
-      },
-      RULE_ID,
-      OWASP_ID,
-      RECOMMENDATION,
-      packet
-    ),
-  ];
-}
-
-export const ruleMetadata = {
-  id: RULE_ID,
-  name: 'Identity Abuse Detection',
-  owasp_id: OWASP_ID,
-  severity: 'high',
-  description: 'Detects identity and privilege abuse patterns.',
-  source: 'static',
-  type: 'agentic-security',
-};