npm - @mcp-shark/mcp-shark - Versions diffs - 1.5.13 → 1.7.2 - Mend

@mcp-shark/mcp-shark 1.5.13 → 1.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/README.md +482 -56
package/bin/mcp-shark.js +146 -52
package/core/cli/AutoFixEngine.js +93 -0
package/core/cli/ConfigScanner.js +193 -0
package/core/cli/DataLoader.js +200 -0
package/core/cli/DeclarativeRuleEngine.js +363 -0
package/core/cli/DoctorCommand.js +218 -0
package/core/cli/FixHandlers.js +222 -0
package/core/cli/HtmlReportGenerator.js +203 -0
package/core/cli/IdeConfigPaths.js +175 -0
package/core/cli/ListCommand.js +255 -0
package/core/cli/LockCommand.js +164 -0
package/core/cli/LockDiffEngine.js +152 -0
package/core/cli/RuleRegistryConfig.js +131 -0
package/core/cli/ScanCommand.js +244 -0
package/core/cli/ScanService.js +200 -0
package/core/cli/SecretDetector.js +92 -0
package/core/cli/SharkScoreCalculator.js +109 -0
package/core/cli/ToolClassifications.js +51 -0
package/core/cli/ToxicFlowAnalyzer.js +212 -0
package/core/cli/UpdateCommand.js +188 -0
package/core/cli/WalkthroughGenerator.js +195 -0
package/core/cli/WatchCommand.js +129 -0
package/core/cli/YamlRuleEngine.js +197 -0
package/core/cli/data/rule-packs/aauth-visibility.json +117 -0
package/core/cli/data/rule-packs/agentic-security-2026.json +180 -0
package/core/cli/data/rule-packs/general-security.json +173 -0
package/core/cli/data/rule-packs/owasp-mcp-2026.json +244 -0
package/core/cli/data/rule-packs/toxic-flow-heuristics.json +21 -0
package/core/cli/data/rule-sources.json +5 -0
package/core/cli/data/secret-patterns.json +18 -0
package/core/cli/data/tool-classifications.json +111 -0
package/core/cli/data/toxic-flow-rules.json +47 -0
package/core/cli/index.js +23 -0
package/core/cli/output/Banner.js +52 -0
package/core/cli/output/Formatter.js +183 -0
package/core/cli/output/JsonFormatter.js +106 -0
package/core/cli/output/index.js +16 -0
package/core/cli/secureRegistryFetch.js +157 -0
package/core/cli/symbols.js +16 -0
package/core/configs/environment.js +3 -1
package/core/configs/index.js +3 -64
package/core/container/DependencyContainer.js +4 -1
package/core/mcp-server/index.js +4 -1
package/core/mcp-server/server/external/all.js +10 -3
package/core/mcp-server/server/external/config.js +62 -5
package/core/models/RequestFilters.js +3 -0
package/core/repositories/PacketRepository.js +16 -0
package/core/services/AuditService.js +2 -0
package/core/services/ConfigService.js +9 -1
package/core/services/ConfigTransformService.js +34 -2
package/core/services/RequestService.js +58 -5
package/core/services/ServerManagementService.js +59 -4
package/core/services/security/StaticRulesService.js +69 -13
package/core/services/security/TrafficAnalysisService.js +19 -1
package/core/services/security/TrafficToxicFlowService.js +154 -0
package/core/services/security/aauthGraph.js +199 -0
package/core/services/security/aauthParser.js +274 -0
package/core/services/security/aauthSelfTest.js +346 -0
package/core/services/security/index.js +2 -1
package/core/services/security/rules/index.js +25 -59
package/core/services/security/rules/scans/configPermissions.js +91 -0
package/core/services/security/rules/scans/duplicateToolNames.js +85 -0
package/core/services/security/rules/scans/insecureTransport.js +148 -0
package/core/services/security/rules/scans/missingContainment.js +123 -0
package/core/services/security/rules/scans/shellEnvInjection.js +101 -0
package/core/services/security/rules/scans/unsafeDefaults.js +99 -0
package/core/services/security/toolsListFromTrafficParser.js +70 -0
package/core/tui/App.js +144 -0
package/core/tui/FindingsPanel.js +115 -0
package/core/tui/FixPanel.js +132 -0
package/core/tui/Header.js +51 -0
package/core/tui/HelpBar.js +42 -0
package/core/tui/ServersPanel.js +109 -0
package/core/tui/ToxicFlowsPanel.js +100 -0
package/core/tui/h.js +8 -0
package/core/tui/index.js +11 -0
package/core/tui/render.js +22 -0
package/package.json +24 -16
package/ui/dist/assets/index-D6zDrtMV.js +81 -0
package/ui/dist/index.html +1 -1
package/ui/server/controllers/AauthController.js +279 -0
package/ui/server/controllers/RequestController.js +12 -1
package/ui/server/controllers/SecurityFindingsController.js +46 -1
package/ui/server/routes/aauth.js +18 -0
package/ui/server/routes/requests.js +8 -1
package/ui/server/routes/security.js +5 -1
package/ui/server/setup.js +224 -6
package/ui/server/swagger/paths/components.js +55 -0
package/ui/server/swagger/paths/securityTrafficFlows.js +59 -0
package/ui/server/swagger/paths.js +2 -2
package/ui/server/swagger/swagger.js +5 -2
package/ui/server.js +1 -1
package/ui/src/App.jsx +26 -52
package/ui/src/PacketFilters.jsx +31 -1
package/ui/src/PacketList.jsx +2 -2
package/ui/src/Security.jsx +10 -0
package/ui/src/TabNavigation.jsx +8 -0
package/ui/src/components/AAuthBadge.jsx +92 -0
package/ui/src/components/AauthExplorer/AauthExplorerGraph.jsx +231 -0
package/ui/src/components/AauthExplorer/AauthExplorerView.jsx +387 -0
package/ui/src/components/AauthExplorer/NodeDetailPanel.jsx +272 -0
package/ui/src/components/App/ActionMenu.jsx +4 -31
package/ui/src/components/App/ApiDocsButton.jsx +0 -1
package/ui/src/components/App/ShutdownButton.jsx +0 -1
package/ui/src/components/App/useAppState.js +19 -26
package/ui/src/components/DetailsTab/AAuthIdentitySection.jsx +119 -0
package/ui/src/components/DetailsTab/RequestDetailsSection.jsx +2 -0
package/ui/src/components/DetailsTab/ResponseDetailsSection.jsx +2 -0
package/ui/src/components/DetectedPathsList.jsx +1 -5
package/ui/src/components/FileInput.jsx +0 -1
package/ui/src/components/PacketFilters/AAuthPostureFilter.jsx +81 -0
package/ui/src/components/RequestRow/RequestRowMain.jsx +7 -1
package/ui/src/components/Security/AAuthPosturePanel.jsx +360 -0
package/ui/src/components/Security/ScannerContent.jsx +33 -1
package/ui/src/components/Security/TrafficToxicFlowsPanel.jsx +253 -0
package/ui/src/components/Security/securityApi.js +15 -0
package/ui/src/components/Security/useSecurity.js +60 -3
package/ui/src/components/ServerControl.jsx +0 -1
package/ui/src/components/TabNavigation/DesktopTabs.jsx +0 -11
package/ui/src/components/TabNavigationIcons.jsx +5 -0
package/ui/src/components/ViewModeTabs.jsx +0 -1
package/ui/src/utils/animations.js +26 -9
package/core/services/security/rules/scans/agentic01GoalHijack.js +0 -130
package/core/services/security/rules/scans/agentic02ToolMisuse.js +0 -129
package/core/services/security/rules/scans/agentic03IdentityAbuse.js +0 -130
package/core/services/security/rules/scans/agentic04SupplyChain.js +0 -130
package/core/services/security/rules/scans/agentic06MemoryPoisoning.js +0 -130
package/core/services/security/rules/scans/agentic07InsecureCommunication.js +0 -135
package/core/services/security/rules/scans/agentic08CascadingFailures.js +0 -135
package/core/services/security/rules/scans/agentic09TrustExploitation.js +0 -135
package/core/services/security/rules/scans/agentic10RogueAgent.js +0 -130
package/core/services/security/rules/scans/hardcodedSecrets.js +0 -130
package/core/services/security/rules/scans/mcp01TokenMismanagement.js +0 -127
package/core/services/security/rules/scans/mcp02ScopeCreep.js +0 -130
package/core/services/security/rules/scans/mcp03ToolPoisoning.js +0 -132
package/core/services/security/rules/scans/mcp04SupplyChain.js +0 -131
package/core/services/security/rules/scans/mcp06PromptInjection.js +0 -200
package/core/services/security/rules/scans/mcp07InsufficientAuth.js +0 -130
package/core/services/security/rules/scans/mcp08LackAudit.js +0 -129
package/core/services/security/rules/scans/mcp09ShadowServers.js +0 -129
package/core/services/security/rules/scans/mcp10ContextInjection.js +0 -130
package/ui/dist/assets/index-CiCSDYf-.js +0 -97
package/ui/server/routes/help.js +0 -44
package/ui/server/swagger/paths/help.js +0 -82
package/ui/src/HelpGuide/HelpGuideContent.jsx +0 -118
package/ui/src/HelpGuide/HelpGuideFooter.jsx +0 -59
package/ui/src/HelpGuide/HelpGuideHeader.jsx +0 -57
package/ui/src/HelpGuide.jsx +0 -78
package/ui/src/IntroTour.jsx +0 -154
package/ui/src/components/App/HelpButton.jsx +0 -90
package/ui/src/components/TourOverlay.jsx +0 -117
package/ui/src/components/TourTooltip/TourTooltipButtons.jsx +0 -120
package/ui/src/components/TourTooltip/TourTooltipHeader.jsx +0 -71
package/ui/src/components/TourTooltip/TourTooltipIcons.jsx +0 -54
package/ui/src/components/TourTooltip/useTooltipPosition.js +0 -135
package/ui/src/components/TourTooltip.jsx +0 -91
package/ui/src/config/tourSteps.jsx +0 -140

package/ui/src/config/tourSteps.jsx DELETED Viewed

@@ -1,140 +0,0 @@
-export const tourSteps = [
-  {
-    target: '[data-tour="tabs"]',
-    title: 'Welcome to MCP Shark!',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 12px 0' }}>
-          MCP Shark is a powerful tool for monitoring and analyzing Model Context Protocol (MCP)
-          communications. Let's get you started!
-        </p>
-        <p style={{ margin: 0 }}>
-          First, you'll need to set up the MCP Shark server. Click on the{' '}
-          <strong>MCP Server Setup</strong> tab to begin.
-        </p>
-      </div>
-    ),
-    position: 'bottom',
-  },
-  {
-    target: '[data-tour="setup-tab"]',
-    title: 'Step 1: Open MCP Server Setup',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          Click on the <strong>MCP Server Setup</strong> tab to configure and start the MCP Shark
-          server.
-        </p>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          This is where you'll configure your MCP servers and start monitoring.
-        </p>
-      </div>
-    ),
-    position: 'bottom',
-  },
-  {
-    target: '[data-tour="detected-editors"]',
-    title: 'Step 2: Select Your Configuration',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          MCP Shark automatically detects your IDE's MCP configuration files. You have two options:
-        </p>
-        <ul style={{ margin: '0 0 8px 0', paddingLeft: '20px', fontSize: '13px' }}>
-          <li>
-            Click on any <strong>detected editor</strong> (like Cursor or Windsurf) to use its
-            config
-          </li>
-          <li>
-            Or click <strong>"Select File"</strong> to upload your own config file
-          </li>
-        </ul>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          When you click a detected editor, the file path will automatically populate in the text
-          box.
-        </p>
-      </div>
-    ),
-    position: 'bottom',
-  },
-  {
-    target: '[data-tour="select-file"]',
-    title: 'Alternative: Upload Your Config',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          If you prefer, you can click <strong>"Select File"</strong> to upload your MCP
-          configuration file directly.
-        </p>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          Or manually enter the file path in the text box next to it.
-        </p>
-      </div>
-    ),
-    position: 'bottom',
-  },
-  {
-    target: '[data-tour="start-button"]',
-    title: 'Step 3: Start MCP Shark',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          Once you've selected a configuration file (either from detected editors or uploaded),
-          click <strong>"Start MCP Shark"</strong> to begin monitoring.
-        </p>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          The server will start and begin capturing all MCP traffic between your IDE and servers.
-        </p>
-      </div>
-    ),
-    position: 'top',
-  },
-  {
-    target: '[data-tour="traffic-tab"]',
-    title: 'View Your Traffic',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          After starting the server, switch to the <strong>Traffic Capture</strong> tab to see all
-          HTTP requests and responses in real-time.
-        </p>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          You can view traffic as a flat list, grouped by session, or grouped by server.
-        </p>
-      </div>
-    ),
-    position: 'bottom',
-  },
-  {
-    target: '[data-tour="smart-scan-tab"]',
-    title: 'Smart Scan - AI Security Analysis',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          <strong>Smart Scan</strong> uses AI-powered analysis via remote API to detect security
-          vulnerabilities in your MCP servers. For offline scanning, use the{' '}
-          <strong>Local Analysis</strong> tab.
-        </p>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          Scan results are cached automatically, so you won't waste API calls on unchanged servers.
-        </p>
-      </div>
-    ),
-    position: 'bottom',
-  },
-  {
-    target: '[data-tour="help-button"]',
-    title: 'Need Help?',
-    content: (
-      <div>
-        <p style={{ margin: '0 0 8px 0' }}>
-          Click the <strong>Start Tour</strong> button anytime to restart this guide or get help.
-        </p>
-        <p style={{ margin: 0, fontSize: '12px', color: '#858585' }}>
-          You're all set! Start by configuring your MCP server, then watch the traffic flow.
-        </p>
-      </div>
-    ),
-    position: 'left',
-  },
-];