@mneme-ai/core 2.59.0 → 2.60.0

package/dist/skeleton_key/index.d.ts

@@ -0,0 +1,142 @@
+/**
+ * v2.60.0 — SKELETON KEY: MCP server security auditor.
+ *
+ * MCP ecosystem reality (2026): ~500+ servers, mostly community-built,
+ * no central security review. Users wire 5-15 servers into Claude
+ * Desktop / Cursor / Continue / Cline without realizing the
+ * UNION of their capabilities = a much larger attack surface than any
+ * individual server.
+ *
+ * SKELETON KEY is the first MCP security auditor. Five wild innovations:
+ *
+ *  1. EMPIRICAL CAPABILITY PROBE — spawn each MCP server + read its
+ *     real tools/list (not name-guess). Hand-written rules can lie;
+ *     a tools/list cannot.
+ *
+ *  2. TRANSITIVE BYPASS GRAPH — model servers as graph nodes; edges =
+ *     capability overlap; compute paths to attacker goals (delete_repo,
+ *     exfiltrate_secret, drop_database, etc). Most audit tools stop at
+ *     single-server analysis. We compute the graph.
+ *
+ *  3. HMAC CONFIG PINNING — snapshot the user's MCP configs; detect
+ *     tampering / silent new-server-added on next audit. Tamper-evident
+ *     drift report.
+ *
+ *  4. RISK BUDGET — single score 0..N quantifying total surface. User
+ *     sets a budget (e.g. 5.0); new servers that push over budget are
+ *     refused at install time.
+ *
+ *  5. CWE COMPLIANCE MAPPING — every finding maps to a CWE id, making
+ *     the output audit-grade for security teams.
+ *
+ * Pure ESM. Defensive — never throws on disk / parse / spawn errors.
+ */
+import { type RiskHeuristic } from "./risk_heuristics.js";
+import { type BypassGraph } from "./bypass_graph.js";
+export interface McpServerConfig {
+    /** Server name (key in the host's mcpServers map). */
+    name: string;
+    /** spawn command. */
+    command?: string;
+    /** spawn args. */
+    args?: string[];
+    /** env map. */
+    env?: Record<string, string>;
+    /** Source file the config came from. */
+    source: string;
+}
+export interface SkeletonKeyAudit {
+    ok: boolean;
+    at: string;
+    totalServers: number;
+    /** All distinct config files that contributed servers. */
+    sources: string[];
+    /** Per-server risk findings, sorted by severity desc. */
+    findings: Array<{
+        server: string;
+        risk: RiskHeuristic;
+        /** "heuristic" if matched by name; "empirical" if capability-probe upgraded. */
+        source: "heuristic" | "empirical" | "unknown";
+        /** When empirical, the tool count we discovered. */
+        toolCount?: number;
+    }>;
+    /** Capability overlaps + bypass paths. */
+    graph: BypassGraph;
+    /** Total risk budget score (sum). */
+    riskBudget: number;
+    /** User-set budget cap (default 5.0). */
+    budgetCap: number;
+    /** True iff riskBudget ≤ budgetCap. */
+    withinBudget: boolean;
+    /** Plain-English summary. */
+    summary: string;
+    /** HMAC seal of the audit body for tamper detection. */
+    hmac: string;
+}
+export interface AuditOpts {
+    /** Override discovery paths. */
+    configPaths?: string[];
+    /** Set the budget cap (default 5.0). */
+    budgetCap?: number;
+    /** Run empirical capability probe on each server (slow; ~1-2s per server). */
+    empiricalProbe?: boolean;
+    /** Limit empirical probe to specific server names. */
+    probeOnly?: string[];
+}
+/** Default paths for Claude Desktop / Cursor / Continue / Cline configs. */
+export declare function defaultConfigPaths(): string[];
+/**
+ * Read each config file, extract MCP server declarations.
+ * Tolerates multiple known schemas: claude_desktop, cursor settings,
+ * continue, cline, windsurf.
+ */
+export declare function discoverServers(configPaths: string[]): McpServerConfig[];
+export declare function auditMcpConfigs(opts?: AuditOpts): Promise<SkeletonKeyAudit>;
+export declare function verifyAudit(a: SkeletonKeyAudit): boolean;
+export interface ConfigSnapshot {
+    at: string;
+    /** SHA-like digest of every discovered server (deterministic). */
+    servers: Array<{
+        name: string;
+        commandHash: string;
+        source: string;
+    }>;
+    hmac: string;
+}
+export declare function pinConfigSnapshot(cwd: string, configPaths?: string[]): ConfigSnapshot;
+export interface DriftReport {
+    ok: boolean;
+    hasSnapshot: boolean;
+    added: Array<{
+        name: string;
+        source: string;
+    }>;
+    removed: Array<{
+        name: string;
+        source: string;
+    }>;
+    modified: Array<{
+        name: string;
+        oldHash: string;
+        newHash: string;
+    }>;
+    snapshotAt?: string;
+    currentAt: string;
+    hint: string;
+}
+export declare function detectConfigDrift(cwd: string, configPaths?: string[]): DriftReport;
+export interface Recommendation {
+    server: string;
+    severity: number;
+    cwe: string;
+    action: string;
+}
+export declare function buildRecommendations(audit: SkeletonKeyAudit): Recommendation[];
+export declare function renderAuditBanner(a: SkeletonKeyAudit): string;
+export { RISK_HEURISTICS, UNKNOWN_HEURISTIC, matchHeuristic } from "./risk_heuristics.js";
+export type { RiskHeuristic } from "./risk_heuristics.js";
+export { buildBypassGraph, totalRiskBudget } from "./bypass_graph.js";
+export type { BypassGraph, BypassPath, CapabilityOverlap, ServerNode } from "./bypass_graph.js";
+export { probeServer } from "./capability_probe.js";
+export type { ProbeInput, ProbeResult, ProbedTool } from "./capability_probe.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/skeleton_key/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/skeleton_key/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAOH,OAAO,EAIL,KAAK,aAAa,EACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAGL,KAAK,WAAW,EAEjB,MAAM,mBAAmB,CAAC;AAO3B,MAAM,WAAW,eAAe;IAC9B,sDAAsD;IACtD,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,kBAAkB;IAClB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,eAAe;IACf,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,OAAO,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,0DAA0D;IAC1D,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,yDAAyD;IACzD,QAAQ,EAAE,KAAK,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,aAAa,CAAC;QACpB,gFAAgF;QAChF,MAAM,EAAE,WAAW,GAAG,WAAW,GAAG,SAAS,CAAC;QAC9C,oDAAoD;QACpD,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC,CAAC;IACH,0CAA0C;IAC1C,KAAK,EAAE,WAAW,CAAC;IACnB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,YAAY,EAAE,OAAO,CAAC;IACtB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,SAAS;IACxB,gCAAgC;IAChC,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,wCAAwC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,4EAA4E;AAC5E,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAmB7C;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,eAAe,EAAE,CAgCxE;AAmBD,wBAAsB,eAAe,CAAC,IAAI,GAAE,SAAc,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAsDrF;AAED,wBAAgB,WAAW,CAAC,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAKxD;AAID,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,kEAAkE;IAClE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACtE,IAAI,EAAE,MAAM,CAAC;CACd;AAWD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,cAAc,CAiBrF;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,OAAO,CAAC;IACZ,WAAW,EAAE,OAAO,CAAC;IACrB,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjD,QAAQ,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,GAAG,WAAW,CAyClF;AAID,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,gBAAgB,GAAG,cAAc,EAAE,CA4B9E;AAID,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,gBAAgB,GAAG,MAAM,CAoB7D;AAED,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1F,YAAY,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACtE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAChG,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/skeleton_key/index.js

@@ -0,0 +1,321 @@
+/**
+ * v2.60.0 — SKELETON KEY: MCP server security auditor.
+ *
+ * MCP ecosystem reality (2026): ~500+ servers, mostly community-built,
+ * no central security review. Users wire 5-15 servers into Claude
+ * Desktop / Cursor / Continue / Cline without realizing the
+ * UNION of their capabilities = a much larger attack surface than any
+ * individual server.
+ *
+ * SKELETON KEY is the first MCP security auditor. Five wild innovations:
+ *
+ *  1. EMPIRICAL CAPABILITY PROBE — spawn each MCP server + read its
+ *     real tools/list (not name-guess). Hand-written rules can lie;
+ *     a tools/list cannot.
+ *
+ *  2. TRANSITIVE BYPASS GRAPH — model servers as graph nodes; edges =
+ *     capability overlap; compute paths to attacker goals (delete_repo,
+ *     exfiltrate_secret, drop_database, etc). Most audit tools stop at
+ *     single-server analysis. We compute the graph.
+ *
+ *  3. HMAC CONFIG PINNING — snapshot the user's MCP configs; detect
+ *     tampering / silent new-server-added on next audit. Tamper-evident
+ *     drift report.
+ *
+ *  4. RISK BUDGET — single score 0..N quantifying total surface. User
+ *     sets a budget (e.g. 5.0); new servers that push over budget are
+ *     refused at install time.
+ *
+ *  5. CWE COMPLIANCE MAPPING — every finding maps to a CWE id, making
+ *     the output audit-grade for security teams.
+ *
+ * Pure ESM. Defensive — never throws on disk / parse / spawn errors.
+ */
+import { createHmac } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir, platform } from "node:os";
+import { dirname, join } from "node:path";
+import { UNKNOWN_HEURISTIC, matchHeuristic, } from "./risk_heuristics.js";
+import { buildBypassGraph, totalRiskBudget, } from "./bypass_graph.js";
+import { probeServer } from "./capability_probe.js";
+const KEY_ENV = "MNEME_SKELETON_KEY";
+const DEFAULT_KEY = "mneme-skeleton-key-v1";
+function keyOf() { return process.env[KEY_ENV] ?? DEFAULT_KEY; }
+/** Default paths for Claude Desktop / Cursor / Continue / Cline configs. */
+export function defaultConfigPaths() {
+    const home = homedir();
+    const paths = [];
+    const plat = platform();
+    if (plat === "darwin") {
+        paths.push(join(home, "Library/Application Support/Claude/claude_desktop_config.json"));
+        paths.push(join(home, "Library/Application Support/Cursor/User/settings.json"));
+    }
+    else if (plat === "win32") {
+        const appdata = process.env["APPDATA"] ?? join(home, "AppData/Roaming");
+        paths.push(join(appdata, "Claude/claude_desktop_config.json"));
+        paths.push(join(appdata, "Cursor/User/settings.json"));
+    }
+    else {
+        paths.push(join(home, ".config/Claude/claude_desktop_config.json"));
+        paths.push(join(home, ".config/Cursor/User/settings.json"));
+    }
+    paths.push(join(home, ".continue/config.json"));
+    paths.push(join(home, ".cline/config.json"));
+    paths.push(join(home, ".codeium/windsurf/mcp_config.json"));
+    return paths;
+}
+/**
+ * Read each config file, extract MCP server declarations.
+ * Tolerates multiple known schemas: claude_desktop, cursor settings,
+ * continue, cline, windsurf.
+ */
+export function discoverServers(configPaths) {
+    const out = [];
+    for (const p of configPaths) {
+        if (!existsSync(p))
+            continue;
+        let parsed = null;
+        try {
+            parsed = JSON.parse(readFileSync(p, "utf8"));
+        }
+        catch {
+            continue;
+        }
+        if (!parsed)
+            continue;
+        const candidates = [
+            parsed["mcpServers"],
+            parsed["claude.mcpServers"],
+            parsed["mcp"]?.["servers"],
+            parsed["mcp"]?.["mcpServers"],
+        ];
+        for (const block of candidates) {
+            if (!block || typeof block !== "object")
+                continue;
+            for (const [name, raw] of Object.entries(block)) {
+                if (!raw || typeof raw !== "object")
+                    continue;
+                const r = raw;
+                out.push({
+                    name,
+                    command: typeof r.command === "string" ? r.command : undefined,
+                    args: Array.isArray(r.args) ? r.args.filter((x) => typeof x === "string") : undefined,
+                    env: r.env && typeof r.env === "object" ? r.env : undefined,
+                    source: p,
+                });
+            }
+        }
+    }
+    // Deduplicate by name (later sources win — convention: most recent IDE wins).
+    const dedup = new Map();
+    for (const s of out)
+        dedup.set(s.name, s);
+    return Array.from(dedup.values());
+}
+/**
+ * Promote a heuristic risk with an empirical capability list. We MERGE
+ * (empirical wins on overlap, retain heuristic for tags we didn't see).
+ */
+function promoteRiskWithProbe(base, probe) {
+    if (!probe.reachable || probe.capabilities.length === 0)
+        return base;
+    const mergedCaps = Array.from(new Set([...probe.capabilities, ...base.capabilities]));
+    // If empirical exposes more dangerous capabilities than heuristic suggested,
+    // bump the severity slightly.
+    const hasExec = probe.capabilities.includes("exec");
+    const hasWrite = probe.capabilities.includes("write_fs") || probe.capabilities.includes("db_write") || probe.capabilities.includes("db_ddl");
+    let severity = base.severity;
+    if (hasExec && base.severity < 0.85)
+        severity = Math.max(severity, 0.92);
+    else if (hasWrite && base.severity < 0.65)
+        severity = Math.max(severity, 0.72);
+    return { ...base, severity, capabilities: mergedCaps };
+}
+export async function auditMcpConfigs(opts = {}) {
+    const at = new Date().toISOString();
+    const paths = opts.configPaths ?? defaultConfigPaths();
+    const servers = discoverServers(paths);
+    const budgetCap = opts.budgetCap ?? 5.0;
+    const findings = [];
+    const nodes = [];
+    for (const srv of servers) {
+        const heur = matchHeuristic(srv.name);
+        let risk;
+        let source;
+        let toolCount;
+        if (heur) {
+            risk = heur;
+            source = "heuristic";
+        }
+        else {
+            risk = UNKNOWN_HEURISTIC;
+            source = "unknown";
+        }
+        if (opts.empiricalProbe && srv.command && (!opts.probeOnly || opts.probeOnly.includes(srv.name))) {
+            const probe = await probeServer({
+                name: srv.name,
+                command: srv.command,
+                args: srv.args,
+                env: srv.env,
+            });
+            if (probe.reachable) {
+                risk = promoteRiskWithProbe(risk, probe);
+                source = "empirical";
+                toolCount = probe.tools.length;
+            }
+        }
+        findings.push({ server: srv.name, risk, source, toolCount });
+        nodes.push({ name: srv.name, risk, source: srv.source });
+    }
+    findings.sort((a, b) => b.risk.severity - a.risk.severity);
+    const graph = buildBypassGraph(nodes);
+    const riskBudget = totalRiskBudget(nodes);
+    const withinBudget = riskBudget <= budgetCap;
+    const sources = Array.from(new Set(servers.map((s) => s.source)));
+    const summary = servers.length === 0
+        ? "no MCP servers discovered — install Claude Desktop / Cursor + add at least one mcpServers entry"
+        : `${servers.length} MCP server(s) across ${sources.length} config(s); risk budget ${riskBudget}/${budgetCap}; ${graph.bypassPaths.length} bypass path(s); ${findings.filter((f) => f.risk.severity >= 0.85).length} critical finding(s).`;
+    const body = {
+        ok: withinBudget && findings.filter((f) => f.risk.severity >= 0.85).length === 0,
+        at, totalServers: servers.length, sources,
+        findings, graph, riskBudget, budgetCap, withinBudget, summary,
+    };
+    const hmac = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    return { ...body, hmac };
+}
+export function verifyAudit(a) {
+    if (!a || typeof a.hmac !== "string")
+        return false;
+    const { hmac, ...body } = a;
+    const expected = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    return expected === hmac;
+}
+function digestCommand(cmd, args) {
+    const blob = `${cmd ?? ""}|${(args ?? []).join("|")}`;
+    return createHmac("sha256", keyOf()).update(blob).digest("hex").slice(0, 16);
+}
+function snapshotPath(cwd) {
+    return join(cwd, ".mneme", "skeleton_key", "config_snapshot.json");
+}
+export function pinConfigSnapshot(cwd, configPaths) {
+    const servers = discoverServers(configPaths ?? defaultConfigPaths());
+    const body = {
+        at: new Date().toISOString(),
+        servers: servers.map((s) => ({
+            name: s.name,
+            commandHash: digestCommand(s.command, s.args),
+            source: s.source,
+        })),
+    };
+    const hmac = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
+    const snap = { ...body, hmac };
+    try {
+        mkdirSync(dirname(snapshotPath(cwd)), { recursive: true });
+        writeFileSync(snapshotPath(cwd), JSON.stringify(snap, null, 2));
+    }
+    catch { /* noop */ }
+    return snap;
+}
+export function detectConfigDrift(cwd, configPaths) {
+    const path = snapshotPath(cwd);
+    const currentAt = new Date().toISOString();
+    if (!existsSync(path)) {
+        return {
+            ok: false, hasSnapshot: false,
+            added: [], removed: [], modified: [], currentAt,
+            hint: "no snapshot pinned — run `mneme skeleton_key pin` to lock current config",
+        };
+    }
+    let snap;
+    try {
+        snap = JSON.parse(readFileSync(path, "utf8"));
+    }
+    catch {
+        return {
+            ok: false, hasSnapshot: false,
+            added: [], removed: [], modified: [], currentAt,
+            hint: "snapshot file unreadable / corrupted",
+        };
+    }
+    const current = discoverServers(configPaths ?? defaultConfigPaths());
+    const currentMap = new Map(current.map((s) => [s.name, { commandHash: digestCommand(s.command, s.args), source: s.source }]));
+    const snapMap = new Map(snap.servers.map((s) => [s.name, s]));
+    const added = [];
+    const removed = [];
+    const modified = [];
+    for (const [name, cur] of currentMap.entries()) {
+        const old = snapMap.get(name);
+        if (!old)
+            added.push({ name, source: cur.source });
+        else if (old.commandHash !== cur.commandHash)
+            modified.push({ name, oldHash: old.commandHash, newHash: cur.commandHash });
+    }
+    for (const [name, old] of snapMap.entries()) {
+        if (!currentMap.has(name))
+            removed.push({ name, source: old.source });
+    }
+    const ok = added.length === 0 && removed.length === 0 && modified.length === 0;
+    return {
+        ok, hasSnapshot: true, added, removed, modified,
+        snapshotAt: snap.at, currentAt,
+        hint: ok
+            ? "config unchanged since pin"
+            : `drift detected: ${added.length} added · ${removed.length} removed · ${modified.length} modified (re-pin with \`mneme skeleton_key pin\` after review)`,
+    };
+}
+export function buildRecommendations(audit) {
+    const recs = [];
+    for (const f of audit.findings) {
+        if (f.risk.severity < 0.55)
+            continue;
+        recs.push({
+            server: f.server,
+            severity: f.risk.severity,
+            cwe: f.risk.cwe,
+            action: f.risk.mitigation,
+        });
+    }
+    if (audit.graph.bypassPaths.length > 0) {
+        recs.push({
+            server: "BYPASS GRAPH",
+            severity: audit.graph.bypassPaths[0].weakestSeverity,
+            cwe: "CWE-269",
+            action: `${audit.graph.bypassPaths.length} bypass path(s) detected — narrow capability scope across servers; wrap with PASSPORT mediation.`,
+        });
+    }
+    if (!audit.withinBudget) {
+        recs.push({
+            server: "RISK BUDGET",
+            severity: 0.80,
+            cwe: "CWE-1059",
+            action: `risk budget ${audit.riskBudget} exceeds cap ${audit.budgetCap} — remove a high-severity server OR raise the cap with explicit justification.`,
+        });
+    }
+    return recs;
+}
+/* ── Render banner ───────────────────────────────────────────────── */
+export function renderAuditBanner(a) {
+    const lines = [
+        `🦴 SKELETON KEY · ${a.summary}`,
+        `   risk budget: ${a.riskBudget}/${a.budgetCap} ${a.withinBudget ? "✓" : "✗ OVER BUDGET"}`,
+        `   sources: ${a.sources.join(", ") || "(none)"}`,
+        "",
+    ];
+    for (const f of a.findings.slice(0, 10)) {
+        const sym = f.risk.severity >= 0.85 ? "🚨" : f.risk.severity >= 0.65 ? "⚠ " : "·";
+        const evidence = f.source === "empirical" ? `[empirical · ${f.toolCount} tools]` : "[heuristic]";
+        lines.push(`   ${sym} ${f.server.padEnd(22)} ${(f.risk.severity * 100).toFixed(0).padStart(3)}%  ${f.risk.cwe}  ${f.risk.riskName} ${evidence}`);
+    }
+    if (a.graph.bypassPaths.length > 0) {
+        lines.push("");
+        lines.push(`   BYPASS PATHS (${a.graph.bypassPaths.length}):`);
+        for (const bp of a.graph.bypassPaths.slice(0, 5)) {
+            lines.push(`     → ${bp.narrative}`);
+        }
+    }
+    return lines.join("\n");
+}
+export { RISK_HEURISTICS, UNKNOWN_HEURISTIC, matchHeuristic } from "./risk_heuristics.js";
+export { buildBypassGraph, totalRiskBudget } from "./bypass_graph.js";
+export { probeServer } from "./capability_probe.js";
+//# sourceMappingURL=index.js.map

package/dist/skeleton_key/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skeleton_key/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAY,aAAa,EAAE,MAAM,SAAS,CAAC;AACvF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAEL,iBAAiB,EACjB,cAAc,GAEf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,gBAAgB,EAChB,eAAe,GAGhB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAoB,MAAM,uBAAuB,CAAC;AAEtE,MAAM,OAAO,GAAG,oBAAoB,CAAC;AACrC,MAAM,WAAW,GAAG,uBAAuB,CAAC;AAC5C,SAAS,KAAK,KAAa,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;AAuDxE,4EAA4E;AAC5E,MAAM,UAAU,kBAAkB;IAChC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,+DAA+D,CAAC,CAAC,CAAC;QACxF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uDAAuD,CAAC,CAAC,CAAC;IAClF,CAAC;SAAM,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QACxE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mCAAmC,CAAC,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,2CAA2C,CAAC,CAAC,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,WAAqB;IACnD,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,MAAM,GAAmC,IAAI,CAAC;QAClD,IAAI,CAAC;YAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAA4B,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;QACpG,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,MAAM,UAAU,GAA+C;YAC7D,MAAM,CAAC,YAAY,CAAwC;YAC3D,MAAM,CAAC,mBAAmB,CAAwC;YACjE,MAAM,CAAC,KAAK,CAAyC,EAAE,CAAC,SAAS,CAAwC;YACzG,MAAM,CAAC,KAAK,CAAyC,EAAE,CAAC,YAAY,CAAwC;SAC9G,CAAC;QACF,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAClD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;oBAAE,SAAS;gBAC9C,MAAM,CAAC,GAAG,GAA2D,CAAC;gBACtE,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI;oBACJ,OAAO,EAAE,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC9D,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;oBAClG,GAAG,EAAE,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAA6B,CAAC,CAAC,CAAC,SAAS;oBACrF,MAAM,EAAE,CAAC;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,8EAA8E;IAC9E,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,GAAG;QAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,IAAmB,EAAE,KAAkB;IACnE,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtF,6EAA6E;IAC7E,8BAA8B;IAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7I,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC7B,IAAI,OAAO,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI;QAAE,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;SACpE,IAAI,QAAQ,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI;QAAE,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC/E,OAAO,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAkB,EAAE;IACxD,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC;IACvD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC;IACxC,MAAM,QAAQ,GAAiC,EAAE,CAAC;IAClD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,IAAmB,CAAC;QACxB,IAAI,MAA6C,CAAC;QAClD,IAAI,SAA6B,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,GAAG,IAAI,CAAC;YACZ,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,iBAAiB,CAAC;YACzB,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,IAAI,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACjG,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC;gBAC9B,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,GAAG,EAAE,GAAG,CAAC,GAAG;aACb,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpB,IAAI,GAAG,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACzC,MAAM,GAAG,WAAW,CAAC;gBACrB,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;YACjC,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,UAAU,IAAI,SAAS,CAAC;IAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC;QAClC,CAAC,CAAC,iGAAiG;QACnG,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,yBAAyB,OAAO,CAAC,MAAM,2BAA2B,UAAU,IAAI,SAAS,KAAK,KAAK,CAAC,WAAW,CAAC,MAAM,oBAAoB,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,MAAM,uBAAuB,CAAC;IAE7O,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,YAAY,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAChF,EAAE,EAAE,YAAY,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO;QACzC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO;KAC9D,CAAC;IACF,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAmB;IAC7C,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACnD,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1F,OAAO,QAAQ,KAAK,IAAI,CAAC;AAC3B,CAAC;AAWD,SAAS,aAAa,CAAC,GAAY,EAAE,IAAe;IAClD,MAAM,IAAI,GAAG,GAAG,GAAG,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACtD,OAAO,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,WAAsB;IACnE,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC;YAC7C,MAAM,EAAE,CAAC,CAAC,MAAM;SACjB,CAAC,CAAC;KACJ,CAAC;IACF,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,MAAM,IAAI,GAAmB,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;IAC/C,IAAI,CAAC;QACH,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,WAAsB;IACnE,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YAC7B,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS;YAC/C,IAAI,EAAE,0EAA0E;SACjF,CAAC;IACJ,CAAC;IACD,IAAI,IAAoB,CAAC;IACzB,IAAI,CAAC;QAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAmB,CAAC;IAAC,CAAC;IACxE,MAAM,CAAC;QACL,OAAO;YACL,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YAC7B,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS;YAC/C,IAAI,EAAE,sCAAsC;SAC7C,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9H,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAyB,EAAE,CAAC;IACvC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;QAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;aAC9C,IAAI,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,WAAW;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC5H,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/E,OAAO;QACL,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ;QAC/C,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS;QAC9B,IAAI,EAAE,EAAE;YACN,CAAC,CAAC,4BAA4B;YAC9B,CAAC,CAAC,mBAAmB,KAAK,CAAC,MAAM,YAAY,OAAO,CAAC,MAAM,cAAc,QAAQ,CAAC,MAAM,iEAAiE;KAC5J,CAAC;AACJ,CAAC;AAWD,MAAM,UAAU,oBAAoB,CAAC,KAAuB;IAC1D,MAAM,IAAI,GAAqB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI;YAAE,SAAS;QACrC,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YACzB,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG;YACf,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;IACD,IAAI,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,eAAe;YACrD,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,kGAAkG;SAC5I,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,aAAa;YACrB,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,UAAU;YACf,MAAM,EAAE,eAAe,KAAK,CAAC,UAAU,gBAAgB,KAAK,CAAC,SAAS,gFAAgF;SACvJ,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,wEAAwE;AAExE,MAAM,UAAU,iBAAiB,CAAC,CAAmB;IACnD,MAAM,KAAK,GAAG;QACZ,qBAAqB,CAAC,CAAC,OAAO,EAAE;QAChC,mBAAmB,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE;QAC1F,eAAe,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE;QACjD,EAAE;KACH,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAClF,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC;QACjG,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IACnJ,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC;QAC/D,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE1F,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/skeleton_key/risk_heuristics.d.ts

@@ -0,0 +1,46 @@
+/**
+ * v2.60.0 — SKELETON KEY risk heuristics.
+ *
+ * Pattern-based risk scoring for MCP servers, name-only path. Used as
+ * the fast first pass; CAPABILITY PROBE upgrades the scoring with
+ * empirical evidence (real tools/list result from spawning the server).
+ *
+ * Severity scale 0..1:
+ *   0.0-0.3  → low (read-only / sandboxed)
+ *   0.3-0.6  → medium (scoped mutations)
+ *   0.6-0.85 → high (broad mutations)
+ *   0.85-1.0 → critical (arbitrary execution / unrestricted FS / DB DDL)
+ *
+ * Every entry maps to a CWE (Common Weakness Enumeration) for
+ * compliance audit-grade output.
+ */
+export interface RiskHeuristic {
+    /** Lowercase substring to match against server name. */
+    match: string;
+    /** Human-readable risk class. */
+    riskName: string;
+    /** 0..1 severity. */
+    severity: number;
+    /** Suggested mitigation. */
+    mitigation: string;
+    /** CWE id for compliance mapping. */
+    cwe: string;
+    /** Capability tags exposed (used by bypass graph). */
+    capabilities: string[];
+}
+/**
+ * Ordered most-specific → least-specific. First match wins per server.
+ * Each entry curated from MCP ecosystem observation (2026-05).
+ */
+export declare const RISK_HEURISTICS: RiskHeuristic[];
+/**
+ * Match a server name against heuristics. Returns the highest-severity
+ * matching heuristic, or null if no match (= unknown → conservative HIGH).
+ */
+export declare function matchHeuristic(serverName: string): RiskHeuristic | null;
+/**
+ * Unknown / unmatched server. Conservative default: treat as medium risk
+ * with hint to run capability probe for exact assessment.
+ */
+export declare const UNKNOWN_HEURISTIC: RiskHeuristic;
+//# sourceMappingURL=risk_heuristics.d.ts.map

package/dist/skeleton_key/risk_heuristics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk_heuristics.d.ts","sourceRoot":"","sources":["../../src/skeleton_key/risk_heuristics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,WAAW,aAAa;IAC5B,wDAAwD;IACxD,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EAiK1C,CAAC;AAEF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAKvE;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,aAO/B,CAAC"}