@mneme-ai/core 2.58.0 → 2.60.0

package/dist/skeleton_key/index.js

@@ -0,0 +1,321 @@
+/**
+ * v2.60.0 — SKELETON KEY: MCP server security auditor.
+ *
+ * MCP ecosystem reality (2026): ~500+ servers, mostly community-built,
+ * no central security review. Users wire 5-15 servers into Claude
+ * Desktop / Cursor / Continue / Cline without realizing the
+ * UNION of their capabilities = a much larger attack surface than any
+ * individual server.
+ *
+ * SKELETON KEY is the first MCP security auditor. Five wild innovations:
+ *
+ *  1. EMPIRICAL CAPABILITY PROBE — spawn each MCP server + read its
+ *     real tools/list (not name-guess). Hand-written rules can lie;
+ *     a tools/list cannot.
+ *
+ *  2. TRANSITIVE BYPASS GRAPH — model servers as graph nodes; edges =
+ *     capability overlap; compute paths to attacker goals (delete_repo,
+ *     exfiltrate_secret, drop_database, etc). Most audit tools stop at
+ *     single-server analysis. We compute the graph.
+ *
+ *  3. HMAC CONFIG PINNING — snapshot the user's MCP configs; detect
+ *     tampering / silent new-server-added on next audit. Tamper-evident
+ *     drift report.
+ *
+ *  4. RISK BUDGET — single score 0..N quantifying total surface. User
+ *     sets a budget (e.g. 5.0); new servers that push over budget are
+ *     refused at install time.
+ *
+ *  5. CWE COMPLIANCE MAPPING — every finding maps to a CWE id, making
+ *     the output audit-grade for security teams.
+ *
+ * Pure ESM. Defensive — never throws on disk / parse / spawn errors.
+ */
+import { createHmac } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir, platform } from "node:os";
+import { dirname, join } from "node:path";
+import { UNKNOWN_HEURISTIC, matchHeuristic, } from "./risk_heuristics.js";
+import { buildBypassGraph, totalRiskBudget, } from "./bypass_graph.js";
+import { probeServer } from "./capability_probe.js";
+const KEY_ENV = "MNEME_SKELETON_KEY";
+const DEFAULT_KEY = "mneme-skeleton-key-v1";
+function keyOf() { return process.env[KEY_ENV] ?? DEFAULT_KEY; }
+/** Default paths for Claude Desktop / Cursor / Continue / Cline configs. */
+export function defaultConfigPaths() {
+    const home = homedir();
+    const paths = [];
+    const plat = platform();
+    if (plat === "darwin") {
+        paths.push(join(home, "Library/Application Support/Claude/claude_desktop_config.json"));
+        paths.push(join(home, "Library/Application Support/Cursor/User/settings.json"));
+    }
+    else if (plat === "win32") {
+        const appdata = process.env["APPDATA"] ?? join(home, "AppData/Roaming");
+        paths.push(join(appdata, "Claude/claude_desktop_config.json"));
+        paths.push(join(appdata, "Cursor/User/settings.json"));
+    }
+    else {
+        paths.push(join(home, ".config/Claude/claude_desktop_config.json"));
+        paths.push(join(home, ".config/Cursor/User/settings.json"));
+    }
+    paths.push(join(home, ".continue/config.json"));
+    paths.push(join(home, ".cline/config.json"));
+    paths.push(join(home, ".codeium/windsurf/mcp_config.json"));
+    return paths;
+}
+/**
+ * Read each config file, extract MCP server declarations.
+ * Tolerates multiple known schemas: claude_desktop, cursor settings,
+ * continue, cline, windsurf.
+ */
+export function discoverServers(configPaths) {
+    const out = [];
+    for (const p of configPaths) {
+        if (!existsSync(p))
+            continue;
+        let parsed = null;
+        try {
+            parsed = JSON.parse(readFileSync(p, "utf8"));
+        }
+        catch {
+            continue;
+        }
+        if (!parsed)
+            continue;
+        const candidates = [
+            parsed["mcpServers"],
+            parsed["claude.mcpServers"],
+            parsed["mcp"]?.["servers"],
+            parsed["mcp"]?.["mcpServers"],
+        ];
+        for (const block of candidates) {
+            if (!block || typeof block !== "object")
+                continue;
+            for (const [name, raw] of Object.entries(block)) {
+                if (!raw || typeof raw !== "object")
+                    continue;
+                const r = raw;
+                out.push({
+                    name,
+                    command: typeof r.command === "string" ? r.command : undefined,
+                    args: Array.isArray(r.args) ? r.args.filter((x) => typeof x === "string") : undefined,
+                    env: r.env && typeof r.env === "object" ? r.env : undefined,
+                    source: p,
+                });
+            }
+        }
+    }
+    // Deduplicate by name (later sources win — convention: most recent IDE wins).
+    const dedup = new Map();
+    for (const s of out)
+        dedup.set(s.name, s);
+    return Array.from(dedup.values());
+}
+/**
+ * Promote a heuristic risk with an empirical capability list. We MERGE
+ * (empirical wins on overlap, retain heuristic for tags we didn't see).
+ */
+function promoteRiskWithProbe(base, probe) {
+    if (!probe.reachable || probe.capabilities.length === 0)
+        return base;
+    const mergedCaps = Array.from(new Set([...probe.capabilities, ...base.capabilities]));
+    // If empirical exposes more dangerous capabilities than heuristic suggested,
+    // bump the severity slightly.
+    const hasExec = probe.capabilities.includes("exec");
+    const hasWrite = probe.capabilities.includes("write_fs") || probe.capabilities.includes("db_write") || probe.capabilities.includes("db_ddl");
+    let severity = base.severity;
+    if (hasExec && base.severity < 0.85)
+        severity = Math.max(severity, 0.92);
+    else if (hasWrite && base.severity < 0.65)
+        severity = Math.max(severity, 0.72);
+    return { ...base, severity, capabilities: mergedCaps };
+}
+export async function auditMcpConfigs(opts = {}) {
+    const at = new Date().toISOString();
+    const paths = opts.configPaths ?? defaultConfigPaths();
+    const servers = discoverServers(paths);
+    const budgetCap = opts.budgetCap ?? 5.0;
+    const findings = [];
+    const nodes = [];
+    for (const srv of servers) {
+        const heur = matchHeuristic(srv.name);
+        let risk;
+        let source;
+        let toolCount;
+        if (heur) {
+            risk = heur;
+            source = "heuristic";
+        }
+        else {
+            risk = UNKNOWN_HEURISTIC;
+            source = "unknown";
+        }
+        if (opts.empiricalProbe && srv.command && (!opts.probeOnly || opts.probeOnly.includes(srv.name))) {
+            const probe = await probeServer({
+                name: srv.name,
+                command: srv.command,
+                args: srv.args,
+                env: srv.env,
+            });
+            if (probe.reachable) {
+                risk = promoteRiskWithProbe(risk, probe);
+                source = "empirical";
+                toolCount = probe.tools.length;
+            }
+        }
+        findings.push({ server: srv.name, risk, source, toolCount });
+        nodes.push({ name: srv.name, risk, source: srv.source });
+    }
+    findings.sort((a, b) => b.risk.severity - a.risk.severity);
+    const graph = buildBypassGraph(nodes);
+    const riskBudget = totalRiskBudget(nodes);
+    const withinBudget = riskBudget <= budgetCap;
+    const sources = Array.from(new Set(servers.map((s) => s.source)));
+    const summary = servers.length === 0
+        ? "no MCP servers discovered — install Claude Desktop / Cursor + add at least one mcpServers entry"
+        : `${servers.length} MCP server(s) across ${sources.length} config(s); risk budget ${riskBudget}/${budgetCap}; ${graph.bypassPaths.length} bypass path(s); ${findings.filter((f) => f.risk.severity >= 0.85).length} critical finding(s).`;
+    const body = {
+        ok: withinBudget && findings.filter((f) => f.risk.severity >= 0.85).length === 0,
+        at, totalServers: servers.length, sources,
+        findings, graph, riskBudget, budgetCap, withinBudget, summary,
+    };
+    const hmac = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    return { ...body, hmac };
+}
+export function verifyAudit(a) {
+    if (!a || typeof a.hmac !== "string")
+        return false;
+    const { hmac, ...body } = a;
+    const expected = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    return expected === hmac;
+}
+function digestCommand(cmd, args) {
+    const blob = `${cmd ?? ""}|${(args ?? []).join("|")}`;
+    return createHmac("sha256", keyOf()).update(blob).digest("hex").slice(0, 16);
+}
+function snapshotPath(cwd) {
+    return join(cwd, ".mneme", "skeleton_key", "config_snapshot.json");
+}
+export function pinConfigSnapshot(cwd, configPaths) {
+    const servers = discoverServers(configPaths ?? defaultConfigPaths());
+    const body = {
+        at: new Date().toISOString(),
+        servers: servers.map((s) => ({
+            name: s.name,
+            commandHash: digestCommand(s.command, s.args),
+            source: s.source,
+        })),
+    };
+    const hmac = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    const snap = { ...body, hmac };
+    try {
+        mkdirSync(dirname(snapshotPath(cwd)), { recursive: true });
+        writeFileSync(snapshotPath(cwd), JSON.stringify(snap, null, 2));
+    }
+    catch { /* noop */ }
+    return snap;
+}
+export function detectConfigDrift(cwd, configPaths) {
+    const path = snapshotPath(cwd);
+    const currentAt = new Date().toISOString();
+    if (!existsSync(path)) {
+        return {
+            ok: false, hasSnapshot: false,
+            added: [], removed: [], modified: [], currentAt,
+            hint: "no snapshot pinned — run `mneme skeleton_key pin` to lock current config",
+        };
+    }
+    let snap;
+    try {
+        snap = JSON.parse(readFileSync(path, "utf8"));
+    }
+    catch {
+        return {
+            ok: false, hasSnapshot: false,
+            added: [], removed: [], modified: [], currentAt,
+            hint: "snapshot file unreadable / corrupted",
+        };
+    }
+    const current = discoverServers(configPaths ?? defaultConfigPaths());
+    const currentMap = new Map(current.map((s) => [s.name, { commandHash: digestCommand(s.command, s.args), source: s.source }]));
+    const snapMap = new Map(snap.servers.map((s) => [s.name, s]));
+    const added = [];
+    const removed = [];
+    const modified = [];
+    for (const [name, cur] of currentMap.entries()) {
+        const old = snapMap.get(name);
+        if (!old)
+            added.push({ name, source: cur.source });
+        else if (old.commandHash !== cur.commandHash)
+            modified.push({ name, oldHash: old.commandHash, newHash: cur.commandHash });
+    }
+    for (const [name, old] of snapMap.entries()) {
+        if (!currentMap.has(name))
+            removed.push({ name, source: old.source });
+    }
+    const ok = added.length === 0 && removed.length === 0 && modified.length === 0;
+    return {
+        ok, hasSnapshot: true, added, removed, modified,
+        snapshotAt: snap.at, currentAt,
+        hint: ok
+            ? "config unchanged since pin"
+            : `drift detected: ${added.length} added · ${removed.length} removed · ${modified.length} modified (re-pin with \`mneme skeleton_key pin\` after review)`,
+    };
+}
+export function buildRecommendations(audit) {
+    const recs = [];
+    for (const f of audit.findings) {
+        if (f.risk.severity < 0.55)
+            continue;
+        recs.push({
+            server: f.server,
+            severity: f.risk.severity,
+            cwe: f.risk.cwe,
+            action: f.risk.mitigation,
+        });
+    }
+    if (audit.graph.bypassPaths.length > 0) {
+        recs.push({
+            server: "BYPASS GRAPH",
+            severity: audit.graph.bypassPaths[0].weakestSeverity,
+            cwe: "CWE-269",
+            action: `${audit.graph.bypassPaths.length} bypass path(s) detected — narrow capability scope across servers; wrap with PASSPORT mediation.`,
+        });
+    }
+    if (!audit.withinBudget) {
+        recs.push({
+            server: "RISK BUDGET",
+            severity: 0.80,
+            cwe: "CWE-1059",
+            action: `risk budget ${audit.riskBudget} exceeds cap ${audit.budgetCap} — remove a high-severity server OR raise the cap with explicit justification.`,
+        });
+    }
+    return recs;
+}
+/* ── Render banner ───────────────────────────────────────────────── */
+export function renderAuditBanner(a) {
+    const lines = [
+        `🦴 SKELETON KEY · ${a.summary}`,
+        `   risk budget: ${a.riskBudget}/${a.budgetCap} ${a.withinBudget ? "✓" : "✗ OVER BUDGET"}`,
+        `   sources: ${a.sources.join(", ") || "(none)"}`,
+        "",
+    ];
+    for (const f of a.findings.slice(0, 10)) {
+        const sym = f.risk.severity >= 0.85 ? "🚨" : f.risk.severity >= 0.65 ? "⚠ " : "·";
+        const evidence = f.source === "empirical" ? `[empirical · ${f.toolCount} tools]` : "[heuristic]";
+        lines.push(`   ${sym} ${f.server.padEnd(22)} ${(f.risk.severity * 100).toFixed(0).padStart(3)}%  ${f.risk.cwe}  ${f.risk.riskName} ${evidence}`);
+    }
+    if (a.graph.bypassPaths.length > 0) {
+        lines.push("");
+        lines.push(`   BYPASS PATHS (${a.graph.bypassPaths.length}):`);
+        for (const bp of a.graph.bypassPaths.slice(0, 5)) {
+            lines.push(`     → ${bp.narrative}`);
+        }
+    }
+    return lines.join("\n");
+}
+export { RISK_HEURISTICS, UNKNOWN_HEURISTIC, matchHeuristic } from "./risk_heuristics.js";
+export { buildBypassGraph, totalRiskBudget } from "./bypass_graph.js";
+export { probeServer } from "./capability_probe.js";
+//# sourceMappingURL=index.js.map

package/dist/skeleton_key/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skeleton_key/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAY,aAAa,EAAE,MAAM,SAAS,CAAC;AACvF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAEL,iBAAiB,EACjB,cAAc,GAEf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,gBAAgB,EAChB,eAAe,GAGhB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAoB,MAAM,uBAAuB,CAAC;AAEtE,MAAM,OAAO,GAAG,oBAAoB,CAAC;AACrC,MAAM,WAAW,GAAG,uBAAuB,CAAC;AAC5C,SAAS,KAAK,KAAa,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;AAuDxE,4EAA4E;AAC5E,MAAM,UAAU,kBAAkB;IAChC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,+DAA+D,CAAC,CAAC,CAAC;QACxF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uDAAuD,CAAC,CAAC,CAAC;IAClF,CAAC;SAAM,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QACxE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mCAAmC,CAAC,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,2CAA2C,CAAC,CAAC,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,WAAqB;IACnD,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,MAAM,GAAmC,IAAI,CAAC;QAClD,IAAI,CAAC;YAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAA4B,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;QACpG,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,MAAM,UAAU,GAA+C;YAC7D,MAAM,CAAC,YAAY,CAAwC;YAC3D,MAAM,CAAC,mBAAmB,CAAwC;YACjE,MAAM,CAAC,KAAK,CAAyC,EAAE,CAAC,SAAS,CAAwC;YACzG,MAAM,CAAC,KAAK,CAAyC,EAAE,CAAC,YAAY,CAAwC;SAC9G,CAAC;QACF,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAClD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;oBAAE,SAAS;gBAC9C,MAAM,CAAC,GAAG,GAA2D,CAAC;gBACtE,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI;oBACJ,OAAO,EAAE,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC9D,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;oBAClG,GAAG,EAAE,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAA6B,CAAC,CAAC,CAAC,SAAS;oBACrF,MAAM,EAAE,CAAC;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,8EAA8E;IAC9E,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,GAAG;QAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,IAAmB,EAAE,KAAkB;IACnE,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtF,6EAA6E;IAC7E,8BAA8B;IAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7I,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC7B,IAAI,OAAO,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI;QAAE,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;SACpE,IAAI,QAAQ,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI;QAAE,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC/E,OAAO,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAkB,EAAE;IACxD,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC;IACvD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC;IACxC,MAAM,QAAQ,GAAiC,EAAE,CAAC;IAClD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,IAAmB,CAAC;QACxB,IAAI,MAA6C,CAAC;QAClD,IAAI,SAA6B,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,GAAG,IAAI,CAAC;YACZ,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,iBAAiB,CAAC;YACzB,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,IAAI,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACjG,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC;gBAC9B,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,GAAG,EAAE,GAAG,CAAC,GAAG;aACb,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpB,IAAI,GAAG,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACzC,MAAM,GAAG,WAAW,CAAC;gBACrB,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;YACjC,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,UAAU,IAAI,SAAS,CAAC;IAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC;QAClC,CAAC,CAAC,iGAAiG;QACnG,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,yBAAyB,OAAO,CAAC,MAAM,2BAA2B,UAAU,IAAI,SAAS,KAAK,KAAK,CAAC,WAAW,CAAC,MAAM,oBAAoB,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,MAAM,uBAAuB,CAAC;IAE7O,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,YAAY,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAChF,EAAE,EAAE,YAAY,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO;QACzC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO;KAC9D,CAAC;IACF,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAmB;IAC7C,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACnD,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1F,OAAO,QAAQ,KAAK,IAAI,CAAC;AAC3B,CAAC;AAWD,SAAS,aAAa,CAAC,GAAY,EAAE,IAAe;IAClD,MAAM,IAAI,GAAG,GAAG,GAAG,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACtD,OAAO,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,WAAsB;IACnE,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC;YAC7C,MAAM,EAAE,CAAC,CAAC,MAAM;SACjB,CAAC,CAAC;KACJ,CAAC;IACF,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,MAAM,IAAI,GAAmB,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;IAC/C,IAAI,CAAC;QACH,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,WAAsB;IACnE,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YAC7B,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS;YAC/C,IAAI,EAAE,0EAA0E;SACjF,CAAC;IACJ,CAAC;IACD,IAAI,IAAoB,CAAC;IACzB,IAAI,CAAC;QAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAmB,CAAC;IAAC,CAAC;IACxE,MAAM,CAAC;QACL,OAAO;YACL,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YAC7B,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS;YAC/C,IAAI,EAAE,sCAAsC;SAC7C,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9H,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAyB,EAAE,CAAC;IACvC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;QAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;aAC9C,IAAI,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,WAAW;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC5H,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/E,OAAO;QACL,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ;QAC/C,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS;QAC9B,IAAI,EAAE,EAAE;YACN,CAAC,CAAC,4BAA4B;YAC9B,CAAC,CAAC,mBAAmB,KAAK,CAAC,MAAM,YAAY,OAAO,CAAC,MAAM,cAAc,QAAQ,CAAC,MAAM,iEAAiE;KAC5J,CAAC;AACJ,CAAC;AAWD,MAAM,UAAU,oBAAoB,CAAC,KAAuB;IAC1D,MAAM,IAAI,GAAqB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI;YAAE,SAAS;QACrC,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YACzB,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG;YACf,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;IACD,IAAI,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,eAAe;YACrD,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,kGAAkG;SAC5I,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,aAAa;YACrB,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,UAAU;YACf,MAAM,EAAE,eAAe,KAAK,CAAC,UAAU,gBAAgB,KAAK,CAAC,SAAS,gFAAgF;SACvJ,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,wEAAwE;AAExE,MAAM,UAAU,iBAAiB,CAAC,CAAmB;IACnD,MAAM,KAAK,GAAG;QACZ,qBAAqB,CAAC,CAAC,OAAO,EAAE;QAChC,mBAAmB,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE;QAC1F,eAAe,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE;QACjD,EAAE;KACH,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAClF,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC;QACjG,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IACnJ,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC;QAC/D,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE1F,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/skeleton_key/risk_heuristics.d.ts

@@ -0,0 +1,46 @@
+/**
+ * v2.60.0 — SKELETON KEY risk heuristics.
+ *
+ * Pattern-based risk scoring for MCP servers, name-only path. Used as
+ * the fast first pass; CAPABILITY PROBE upgrades the scoring with
+ * empirical evidence (real tools/list result from spawning the server).
+ *
+ * Severity scale 0..1:
+ *   0.0-0.3  → low (read-only / sandboxed)
+ *   0.3-0.6  → medium (scoped mutations)
+ *   0.6-0.85 → high (broad mutations)
+ *   0.85-1.0 → critical (arbitrary execution / unrestricted FS / DB DDL)
+ *
+ * Every entry maps to a CWE (Common Weakness Enumeration) for
+ * compliance audit-grade output.
+ */
+export interface RiskHeuristic {
+    /** Lowercase substring to match against server name. */
+    match: string;
+    /** Human-readable risk class. */
+    riskName: string;
+    /** 0..1 severity. */
+    severity: number;
+    /** Suggested mitigation. */
+    mitigation: string;
+    /** CWE id for compliance mapping. */
+    cwe: string;
+    /** Capability tags exposed (used by bypass graph). */
+    capabilities: string[];
+}
+/**
+ * Ordered most-specific → least-specific. First match wins per server.
+ * Each entry curated from MCP ecosystem observation (2026-05).
+ */
+export declare const RISK_HEURISTICS: RiskHeuristic[];
+/**
+ * Match a server name against heuristics. Returns the highest-severity
+ * matching heuristic, or null if no match (= unknown → conservative HIGH).
+ */
+export declare function matchHeuristic(serverName: string): RiskHeuristic | null;
+/**
+ * Unknown / unmatched server. Conservative default: treat as medium risk
+ * with hint to run capability probe for exact assessment.
+ */
+export declare const UNKNOWN_HEURISTIC: RiskHeuristic;
+//# sourceMappingURL=risk_heuristics.d.ts.map

package/dist/skeleton_key/risk_heuristics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk_heuristics.d.ts","sourceRoot":"","sources":["../../src/skeleton_key/risk_heuristics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,WAAW,aAAa;IAC5B,wDAAwD;IACxD,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EAiK1C,CAAC;AAEF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAKvE;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,aAO/B,CAAC"}

package/dist/skeleton_key/risk_heuristics.js

@@ -0,0 +1,206 @@
+/**
+ * v2.60.0 — SKELETON KEY risk heuristics.
+ *
+ * Pattern-based risk scoring for MCP servers, name-only path. Used as
+ * the fast first pass; CAPABILITY PROBE upgrades the scoring with
+ * empirical evidence (real tools/list result from spawning the server).
+ *
+ * Severity scale 0..1:
+ *   0.0-0.3  → low (read-only / sandboxed)
+ *   0.3-0.6  → medium (scoped mutations)
+ *   0.6-0.85 → high (broad mutations)
+ *   0.85-1.0 → critical (arbitrary execution / unrestricted FS / DB DDL)
+ *
+ * Every entry maps to a CWE (Common Weakness Enumeration) for
+ * compliance audit-grade output.
+ */
+/**
+ * Ordered most-specific → least-specific. First match wins per server.
+ * Each entry curated from MCP ecosystem observation (2026-05).
+ */
+export const RISK_HEURISTICS = [
+    // Shell / exec — the highest risk class
+    {
+        match: "shell-mcp",
+        riskName: "arbitrary command execution",
+        severity: 0.95,
+        mitigation: "allowlist commands; require PASSPORT token for destructive ops; sandbox via container",
+        cwe: "CWE-78", // OS command injection
+        capabilities: ["exec", "write_fs", "network", "process_kill"],
+    },
+    {
+        match: "exec-mcp",
+        riskName: "arbitrary command execution",
+        severity: 0.95,
+        mitigation: "allowlist commands; require PASSPORT token for destructive ops",
+        cwe: "CWE-78",
+        capabilities: ["exec", "write_fs", "network"],
+    },
+    {
+        match: "shell",
+        riskName: "shell access (broad)",
+        severity: 0.90,
+        mitigation: "allowlist commands; refuse rm/format/dd by policy",
+        cwe: "CWE-78",
+        capabilities: ["exec", "write_fs"],
+    },
+    // Filesystem
+    {
+        match: "filesystem",
+        riskName: "unrestricted FS read/write",
+        severity: 0.85,
+        mitigation: "scope to specific dirs via allowlist; gate writes via PASSPORT token",
+        cwe: "CWE-22", // path traversal
+        capabilities: ["read_fs", "write_fs"],
+    },
+    // Cloud / infra
+    {
+        match: "kubernetes",
+        riskName: "cluster mutation (apply / delete)",
+        severity: 0.85,
+        mitigation: "RBAC scope; require explicit ServiceAccount with no cluster-admin",
+        cwe: "CWE-269", // improper privilege management
+        capabilities: ["cluster_mutate", "exec"],
+    },
+    {
+        match: "aws",
+        riskName: "AWS resource creation/destruction",
+        severity: 0.80,
+        mitigation: "IAM scope down; require --dry-run first; deny iam:* / *:Delete",
+        cwe: "CWE-269",
+        capabilities: ["cloud_mutate", "billing"],
+    },
+    {
+        match: "gcp",
+        riskName: "GCP resource creation/destruction",
+        severity: 0.80,
+        mitigation: "scope service account; deny billing.* / iam.*",
+        cwe: "CWE-269",
+        capabilities: ["cloud_mutate", "billing"],
+    },
+    {
+        match: "azure",
+        riskName: "Azure resource creation/destruction",
+        severity: 0.80,
+        mitigation: "scope service principal; deny role assignments",
+        cwe: "CWE-269",
+        capabilities: ["cloud_mutate", "billing"],
+    },
+    // DB
+    {
+        match: "postgres",
+        riskName: "DB DDL/DML allowed",
+        severity: 0.78,
+        mitigation: "use read-only user; deny DROP/TRUNCATE/DELETE via grants",
+        cwe: "CWE-89", // SQL injection class
+        capabilities: ["db_read", "db_write", "db_ddl"],
+    },
+    {
+        match: "mysql",
+        riskName: "DB DDL/DML allowed",
+        severity: 0.78,
+        mitigation: "use read-only user; revoke ALTER/DROP",
+        cwe: "CWE-89",
+        capabilities: ["db_read", "db_write", "db_ddl"],
+    },
+    {
+        match: "mongodb",
+        riskName: "DB write/dropCollection allowed",
+        severity: 0.75,
+        mitigation: "role-scope to read-only or specific db; deny dropDatabase",
+        cwe: "CWE-89",
+        capabilities: ["db_read", "db_write"],
+    },
+    {
+        match: "redis",
+        riskName: "DB write + FLUSHDB risk",
+        severity: 0.70,
+        mitigation: "ACL with read-only; deny FLUSHDB/FLUSHALL/CONFIG SET",
+        cwe: "CWE-89",
+        capabilities: ["db_read", "db_write"],
+    },
+    // Source control
+    {
+        match: "github",
+        riskName: "write to any repo",
+        severity: 0.75,
+        mitigation: "scope token to specific repos; deny repo-creation / repo-deletion",
+        cwe: "CWE-285", // improper authorization
+        capabilities: ["git_write", "network"],
+    },
+    {
+        match: "gitlab",
+        riskName: "write to any project",
+        severity: 0.75,
+        mitigation: "scope token to specific projects; deny project deletion",
+        cwe: "CWE-285",
+        capabilities: ["git_write", "network"],
+    },
+    // Browser automation
+    {
+        match: "playwright",
+        riskName: "headless browser to any URL",
+        severity: 0.65,
+        mitigation: "allowlist domains; deny localhost/127.* (SSRF surface)",
+        cwe: "CWE-918", // SSRF
+        capabilities: ["network", "browser_automation"],
+    },
+    {
+        match: "puppeteer",
+        riskName: "headless browser to any URL",
+        severity: 0.65,
+        mitigation: "allowlist domains; deny localhost/127.*",
+        cwe: "CWE-918",
+        capabilities: ["network", "browser_automation"],
+    },
+    {
+        match: "browser",
+        riskName: "browser automation",
+        severity: 0.60,
+        mitigation: "allowlist domains; deny credential prompts",
+        cwe: "CWE-918",
+        capabilities: ["network", "browser_automation"],
+    },
+    // Generic write-capable
+    {
+        match: "write",
+        riskName: "generic write tool (name suggests mutations)",
+        severity: 0.55,
+        mitigation: "inspect actual tool schema; scope via PASSPORT",
+        cwe: "CWE-285",
+        capabilities: ["write_fs"],
+    },
+    // Memory / RAG read-only
+    {
+        match: "memory",
+        riskName: "read-only memory (low risk)",
+        severity: 0.20,
+        mitigation: "verify it doesn't shell out; pin source paths",
+        cwe: "CWE-200", // info exposure (if memory contains secrets)
+        capabilities: ["read_memory"],
+    },
+];
+/**
+ * Match a server name against heuristics. Returns the highest-severity
+ * matching heuristic, or null if no match (= unknown → conservative HIGH).
+ */
+export function matchHeuristic(serverName) {
+    const lower = serverName.toLowerCase();
+    const matches = RISK_HEURISTICS.filter((h) => lower.includes(h.match));
+    if (matches.length === 0)
+        return null;
+    return matches.sort((a, b) => b.severity - a.severity)[0];
+}
+/**
+ * Unknown / unmatched server. Conservative default: treat as medium risk
+ * with hint to run capability probe for exact assessment.
+ */
+export const UNKNOWN_HEURISTIC = {
+    match: "*",
+    riskName: "unknown server (no heuristic match)",
+    severity: 0.50,
+    mitigation: "run `mneme skeleton_key probe --server <name>` for empirical capability assessment",
+    cwe: "CWE-1059", // insufficient documentation
+    capabilities: ["unknown"],
+};
+//# sourceMappingURL=risk_heuristics.js.map

package/dist/skeleton_key/risk_heuristics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk_heuristics.js","sourceRoot":"","sources":["../../src/skeleton_key/risk_heuristics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAiBH;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,wCAAwC;IACxC;QACE,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,uFAAuF;QACnG,GAAG,EAAE,QAAQ,EAAE,uBAAuB;QACtC,YAAY,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC;KAC9D;IACD;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gEAAgE;QAC5E,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC;KAC9C;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,mDAAmD;QAC/D,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;KACnC;IACD,aAAa;IACb;QACE,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,4BAA4B;QACtC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,sEAAsE;QAClF,GAAG,EAAE,QAAQ,EAAE,iBAAiB;QAChC,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KACtC;IACD,gBAAgB;IAChB;QACE,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,mCAAmC;QAC7C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,mEAAmE;QAC/E,GAAG,EAAE,SAAS,EAAE,gCAAgC;QAChD,YAAY,EAAE,CAAC,gBAAgB,EAAE,MAAM,CAAC;KACzC;IACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,mCAAmC;QAC7C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gEAAgE;QAC5E,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,mCAAmC;QAC7C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,+CAA+C;QAC3D,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,qCAAqC;QAC/C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gDAAgD;QAC5D,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,SAAS,CAAC;KAC1C;IACD,KAAK;IACL;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,0DAA0D;QACtE,GAAG,EAAE,QAAQ,EAAE,sBAAsB;QACrC,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC;KAChD;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,uCAAuC;QACnD,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC;KAChD;IACD;QACE,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,iCAAiC;QAC3C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,2DAA2D;QACvE,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KACtC;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,yBAAyB;QACnC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,sDAAsD;QAClE,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KACtC;IACD,iBAAiB;IACjB;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,mEAAmE;QAC/E,GAAG,EAAE,SAAS,EAAE,yBAAyB;QACzC,YAAY,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;KACvC;IACD;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,yDAAyD;QACrE,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;KACvC;IACD,qBAAqB;IACrB;QACE,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,wDAAwD;QACpE,GAAG,EAAE,SAAS,EAAE,OAAO;QACvB,YAAY,EAAE,CAAC,SAAS,EAAE,oBAAoB,CAAC;KAChD;IACD;QACE,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,yCAAyC;QACrD,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,SAAS,EAAE,oBAAoB,CAAC;KAChD;IACD;QACE,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,4CAA4C;QACxD,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,SAAS,EAAE,oBAAoB,CAAC;KAChD;IACD,wBAAwB;IACxB;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,8CAA8C;QACxD,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gDAAgD;QAC5D,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,UAAU,CAAC;KAC3B;IACD,yBAAyB;IACzB;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,+CAA+C;QAC3D,GAAG,EAAE,SAAS,EAAE,6CAA6C;QAC7D,YAAY,EAAE,CAAC,aAAa,CAAC;KAC9B;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACvE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC;AAC7D,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAkB;IAC9C,KAAK,EAAE,GAAG;IACV,QAAQ,EAAE,qCAAqC;IAC/C,QAAQ,EAAE,IAAI;IACd,UAAU,EAAE,oFAAoF;IAChG,GAAG,EAAE,UAAU,EAAE,6BAA6B;IAC9C,YAAY,EAAE,CAAC,SAAS,CAAC;CAC1B,CAAC"}

package/dist/truth_gate/claims.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"claims.d.ts","sourceRoot":"","sources":["../../src/truth_gate/claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,eAAO,MAAM,aAAa,EAAE,aAAa,CAAC,KAAK,CA4a9C,CAAC"}
+{"version":3,"file":"claims.d.ts","sourceRoot":"","sources":["../../src/truth_gate/claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,eAAO,MAAM,aAAa,EAAE,aAAa,CAAC,KAAK,CAod9C,CAAC"}

package/dist/truth_gate/claims.js

@@ -250,6 +250,44 @@ export const CLAIM_CATALOG = [
         probeId: "probe.coverage.smart_auto_exemption",
         severity: "block",
     },
+    // ── v2.60.0 — SKELETON KEY (MCP security auditor) ───────────────────
+    {
+        id: "claim.skeleton_key.audit_runs",
+        source: "v2.60.0 release notes",
+        text: "SKELETON KEY (the first MCP server security auditor) runs end-to-end: discovers MCP servers across Claude Desktop / Cursor / Continue / Cline configs, scores per-server risk with CWE mapping, computes transitive bypass graph + risk budget, returns HMAC-sealed envelope that re-verifies. Pure / defensive — never throws even on missing configs",
+        kind: "numeric",
+        asserted: { value: 1, op: "=", unit: "boolean" },
+        probeId: "probe.skeleton_key.audit_runs",
+        severity: "block",
+    },
+    {
+        id: "claim.skeleton_key.bypass_graph_works",
+        source: "v2.60.0 release notes",
+        text: "SKELETON KEY's transitive bypass graph derives multi-server attack paths from capability overlap. Fixture: 3 servers (shell-mcp / filesystem-mcp / github-mcp) → ≥3 distinct attacker-goal bypass paths (delete_repo, modify_ci_pipeline, exfiltrate_secret). Most MCP audit tools stop at single-server analysis — SKELETON KEY computes the GRAPH",
+        kind: "numeric",
+        asserted: { value: 1, op: "=", unit: "boolean" },
+        probeId: "probe.skeleton_key.bypass_graph_works",
+        severity: "block",
+    },
+    // ── v2.59.0 — GATE SELF-VERIFICATION (SDK_AUDITOR) ──────────────────
+    {
+        id: "claim.sdk.external_surface_complete",
+        source: "v2.59.0 release notes",
+        text: "@mneme-ai/sdk's external public surface (what `import { ... } from \"@mneme-ai/sdk\"` returns) has every expected feature: standalone `letheForget` / `gavelPack` / `nimbusPublish` functions + convenience groups `lethe` / `gavel` / `nimbus` + NemesisSdk class with janusObserve / janusSwap / stealthScore / capillary / alibi / sibylCommit / sibylReveal methods. SDK_AUDITOR empirically imports the SDK + verifies — no static grep that can mock",
+        kind: "numeric",
+        asserted: { value: 1, op: "=", unit: "boolean" },
+        probeId: "probe.sdk.external_surface_complete",
+        severity: "block",
+    },
+    {
+        id: "claim.gate.consistency",
+        source: "v2.59.0 release notes",
+        text: "WIRING DOCTOR and SDK_AUDITOR agree on every feature. Pre-v2.59 WIRING DOCTOR reported '13/13 wired' but external `import { letheForget } from \"@mneme-ai/sdk\"` was undefined (gate checked internal class file instead of external surface). v2.59 cross-checks both gates: contradictions = release block",
+        kind: "numeric",
+        asserted: { value: 1, op: "=", unit: "boolean" },
+        probeId: "probe.gate.consistency",
+        severity: "block",
+    },
     // ── v2.58.0 — REAL 100% COVERAGE + LIVING LAB ───────────────────────
     {
         id: "claim.coverage.real_100_percent",