@mneme-ai/core 2.59.0 → 2.61.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/dist/agent_manifest.d.ts.map +1 -1
  2. package/dist/agent_manifest.js +12 -0
  3. package/dist/agent_manifest.js.map +1 -1
  4. package/dist/index.d.ts +2 -0
  5. package/dist/index.d.ts.map +1 -1
  6. package/dist/index.js +10 -0
  7. package/dist/index.js.map +1 -1
  8. package/dist/passport/index.d.ts +166 -0
  9. package/dist/passport/index.d.ts.map +1 -0
  10. package/dist/passport/index.js +369 -0
  11. package/dist/passport/index.js.map +1 -0
  12. package/dist/passport/policy.d.ts +34 -0
  13. package/dist/passport/policy.d.ts.map +1 -0
  14. package/dist/passport/policy.js +75 -0
  15. package/dist/passport/policy.js.map +1 -0
  16. package/dist/passport/trust_score.d.ts +46 -0
  17. package/dist/passport/trust_score.d.ts.map +1 -0
  18. package/dist/passport/trust_score.js +64 -0
  19. package/dist/passport/trust_score.js.map +1 -0
  20. package/dist/skeleton_key/bypass_graph.d.ts +56 -0
  21. package/dist/skeleton_key/bypass_graph.d.ts.map +1 -0
  22. package/dist/skeleton_key/bypass_graph.js +89 -0
  23. package/dist/skeleton_key/bypass_graph.js.map +1 -0
  24. package/dist/skeleton_key/capability_probe.d.ts +58 -0
  25. package/dist/skeleton_key/capability_probe.d.ts.map +1 -0
  26. package/dist/skeleton_key/capability_probe.js +149 -0
  27. package/dist/skeleton_key/capability_probe.js.map +1 -0
  28. package/dist/skeleton_key/index.d.ts +142 -0
  29. package/dist/skeleton_key/index.d.ts.map +1 -0
  30. package/dist/skeleton_key/index.js +321 -0
  31. package/dist/skeleton_key/index.js.map +1 -0
  32. package/dist/skeleton_key/risk_heuristics.d.ts +46 -0
  33. package/dist/skeleton_key/risk_heuristics.d.ts.map +1 -0
  34. package/dist/skeleton_key/risk_heuristics.js +206 -0
  35. package/dist/skeleton_key/risk_heuristics.js.map +1 -0
  36. package/dist/truth_gate/claims.d.ts.map +1 -1
  37. package/dist/truth_gate/claims.js +38 -0
  38. package/dist/truth_gate/claims.js.map +1 -1
  39. package/dist/truth_gate/probes.d.ts.map +1 -1
  40. package/dist/truth_gate/probes.js +115 -0
  41. package/dist/truth_gate/probes.js.map +1 -1
  42. package/package.json +1 -1
package/dist/skeleton_key/index.js ADDED
@@ -0,0 +1,321 @@
1
+ /**
2
+ * v2.60.0 — SKELETON KEY: MCP server security auditor.
3
+ *
4
+ * MCP ecosystem reality (2026): ~500+ servers, mostly community-built,
5
+ * no central security review. Users wire 5-15 servers into Claude
6
+ * Desktop / Cursor / Continue / Cline without realizing the
7
+ * UNION of their capabilities = a much larger attack surface than any
8
+ * individual server.
9
+ *
10
+ * SKELETON KEY is the first MCP security auditor. Five wild innovations:
11
+ *
12
+ * 1. EMPIRICAL CAPABILITY PROBE — spawn each MCP server + read its
13
+ * real tools/list (not name-guess). Hand-written rules can lie;
14
+ * a tools/list cannot.
15
+ *
16
+ * 2. TRANSITIVE BYPASS GRAPH — model servers as graph nodes; edges =
17
+ * capability overlap; compute paths to attacker goals (delete_repo,
18
+ * exfiltrate_secret, drop_database, etc). Most audit tools stop at
19
+ * single-server analysis. We compute the graph.
20
+ *
21
+ * 3. HMAC CONFIG PINNING — snapshot the user's MCP configs; detect
22
+ * tampering / silent new-server-added on next audit. Tamper-evident
23
+ * drift report.
24
+ *
25
+ * 4. RISK BUDGET — single score 0..N quantifying total surface. User
26
+ * sets a budget (e.g. 5.0); new servers that push over budget are
27
+ * refused at install time.
28
+ *
29
+ * 5. CWE COMPLIANCE MAPPING — every finding maps to a CWE id, making
30
+ * the output audit-grade for security teams.
31
+ *
32
+ * Pure ESM. Defensive — never throws on disk / parse / spawn errors.
33
+ */
34
+ import { createHmac } from "node:crypto";
35
+ import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
36
+ import { homedir, platform } from "node:os";
37
+ import { dirname, join } from "node:path";
38
+ import { UNKNOWN_HEURISTIC, matchHeuristic, } from "./risk_heuristics.js";
39
+ import { buildBypassGraph, totalRiskBudget, } from "./bypass_graph.js";
40
+ import { probeServer } from "./capability_probe.js";
41
+ const KEY_ENV = "MNEME_SKELETON_KEY";
42
+ const DEFAULT_KEY = "mneme-skeleton-key-v1";
43
+ function keyOf() { return process.env[KEY_ENV] ?? DEFAULT_KEY; }
44
+ /** Default paths for Claude Desktop / Cursor / Continue / Cline configs. */
45
+ export function defaultConfigPaths() {
46
+ const home = homedir();
47
+ const paths = [];
48
+ const plat = platform();
49
+ if (plat === "darwin") {
50
+ paths.push(join(home, "Library/Application Support/Claude/claude_desktop_config.json"));
51
+ paths.push(join(home, "Library/Application Support/Cursor/User/settings.json"));
52
+ }
53
+ else if (plat === "win32") {
54
+ const appdata = process.env["APPDATA"] ?? join(home, "AppData/Roaming");
55
+ paths.push(join(appdata, "Claude/claude_desktop_config.json"));
56
+ paths.push(join(appdata, "Cursor/User/settings.json"));
57
+ }
58
+ else {
59
+ paths.push(join(home, ".config/Claude/claude_desktop_config.json"));
60
+ paths.push(join(home, ".config/Cursor/User/settings.json"));
61
+ }
62
+ paths.push(join(home, ".continue/config.json"));
63
+ paths.push(join(home, ".cline/config.json"));
64
+ paths.push(join(home, ".codeium/windsurf/mcp_config.json"));
65
+ return paths;
66
+ }
67
+ /**
68
+ * Read each config file, extract MCP server declarations.
69
+ * Tolerates multiple known schemas: claude_desktop, cursor settings,
70
+ * continue, cline, windsurf.
71
+ */
72
+ export function discoverServers(configPaths) {
73
+ const out = [];
74
+ for (const p of configPaths) {
75
+ if (!existsSync(p))
76
+ continue;
77
+ let parsed = null;
78
+ try {
79
+ parsed = JSON.parse(readFileSync(p, "utf8"));
80
+ }
81
+ catch {
82
+ continue;
83
+ }
84
+ if (!parsed)
85
+ continue;
86
+ const candidates = [
87
+ parsed["mcpServers"],
88
+ parsed["claude.mcpServers"],
89
+ parsed["mcp"]?.["servers"],
90
+ parsed["mcp"]?.["mcpServers"],
91
+ ];
92
+ for (const block of candidates) {
93
+ if (!block || typeof block !== "object")
94
+ continue;
95
+ for (const [name, raw] of Object.entries(block)) {
96
+ if (!raw || typeof raw !== "object")
97
+ continue;
98
+ const r = raw;
99
+ out.push({
100
+ name,
101
+ command: typeof r.command === "string" ? r.command : undefined,
102
+ args: Array.isArray(r.args) ? r.args.filter((x) => typeof x === "string") : undefined,
103
+ env: r.env && typeof r.env === "object" ? r.env : undefined,
104
+ source: p,
105
+ });
106
+ }
107
+ }
108
+ }
109
+ // Deduplicate by name (later sources win — convention: most recent IDE wins).
110
+ const dedup = new Map();
111
+ for (const s of out)
112
+ dedup.set(s.name, s);
113
+ return Array.from(dedup.values());
114
+ }
115
+ /**
116
+ * Promote a heuristic risk with an empirical capability list. We MERGE
117
+ * (empirical wins on overlap, retain heuristic for tags we didn't see).
118
+ */
119
+ function promoteRiskWithProbe(base, probe) {
120
+ if (!probe.reachable || probe.capabilities.length === 0)
121
+ return base;
122
+ const mergedCaps = Array.from(new Set([...probe.capabilities, ...base.capabilities]));
123
+ // If empirical exposes more dangerous capabilities than heuristic suggested,
124
+ // bump the severity slightly.
125
+ const hasExec = probe.capabilities.includes("exec");
126
+ const hasWrite = probe.capabilities.includes("write_fs") || probe.capabilities.includes("db_write") || probe.capabilities.includes("db_ddl");
127
+ let severity = base.severity;
128
+ if (hasExec && base.severity < 0.85)
129
+ severity = Math.max(severity, 0.92);
130
+ else if (hasWrite && base.severity < 0.65)
131
+ severity = Math.max(severity, 0.72);
132
+ return { ...base, severity, capabilities: mergedCaps };
133
+ }
134
+ export async function auditMcpConfigs(opts = {}) {
135
+ const at = new Date().toISOString();
136
+ const paths = opts.configPaths ?? defaultConfigPaths();
137
+ const servers = discoverServers(paths);
138
+ const budgetCap = opts.budgetCap ?? 5.0;
139
+ const findings = [];
140
+ const nodes = [];
141
+ for (const srv of servers) {
142
+ const heur = matchHeuristic(srv.name);
143
+ let risk;
144
+ let source;
145
+ let toolCount;
146
+ if (heur) {
147
+ risk = heur;
148
+ source = "heuristic";
149
+ }
150
+ else {
151
+ risk = UNKNOWN_HEURISTIC;
152
+ source = "unknown";
153
+ }
154
+ if (opts.empiricalProbe && srv.command && (!opts.probeOnly || opts.probeOnly.includes(srv.name))) {
155
+ const probe = await probeServer({
156
+ name: srv.name,
157
+ command: srv.command,
158
+ args: srv.args,
159
+ env: srv.env,
160
+ });
161
+ if (probe.reachable) {
162
+ risk = promoteRiskWithProbe(risk, probe);
163
+ source = "empirical";
164
+ toolCount = probe.tools.length;
165
+ }
166
+ }
167
+ findings.push({ server: srv.name, risk, source, toolCount });
168
+ nodes.push({ name: srv.name, risk, source: srv.source });
169
+ }
170
+ findings.sort((a, b) => b.risk.severity - a.risk.severity);
171
+ const graph = buildBypassGraph(nodes);
172
+ const riskBudget = totalRiskBudget(nodes);
173
+ const withinBudget = riskBudget <= budgetCap;
174
+ const sources = Array.from(new Set(servers.map((s) => s.source)));
175
+ const summary = servers.length === 0
176
+ ? "no MCP servers discovered — install Claude Desktop / Cursor + add at least one mcpServers entry"
177
+ : `${servers.length} MCP server(s) across ${sources.length} config(s); risk budget ${riskBudget}/${budgetCap}; ${graph.bypassPaths.length} bypass path(s); ${findings.filter((f) => f.risk.severity >= 0.85).length} critical finding(s).`;
178
+ const body = {
179
+ ok: withinBudget && findings.filter((f) => f.risk.severity >= 0.85).length === 0,
180
+ at, totalServers: servers.length, sources,
181
+ findings, graph, riskBudget, budgetCap, withinBudget, summary,
182
+ };
183
+ const hmac = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
184
+ return { ...body, hmac };
185
+ }
186
+ export function verifyAudit(a) {
187
+ if (!a || typeof a.hmac !== "string")
188
+ return false;
189
+ const { hmac, ...body } = a;
190
+ const expected = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
191
+ return expected === hmac;
192
+ }
193
+ function digestCommand(cmd, args) {
194
+ const blob = `${cmd ?? ""}|${(args ?? []).join("|")}`;
195
+ return createHmac("sha256", keyOf()).update(blob).digest("hex").slice(0, 16);
196
+ }
197
+ function snapshotPath(cwd) {
198
+ return join(cwd, ".mneme", "skeleton_key", "config_snapshot.json");
199
+ }
200
+ export function pinConfigSnapshot(cwd, configPaths) {
201
+ const servers = discoverServers(configPaths ?? defaultConfigPaths());
202
+ const body = {
203
+ at: new Date().toISOString(),
204
+ servers: servers.map((s) => ({
205
+ name: s.name,
206
+ commandHash: digestCommand(s.command, s.args),
207
+ source: s.source,
208
+ })),
209
+ };
210
+ const hmac = createHmac("sha256", keyOf()).update(JSON.stringify(body)).digest("hex");
211
+ const snap = { ...body, hmac };
212
+ try {
213
+ mkdirSync(dirname(snapshotPath(cwd)), { recursive: true });
214
+ writeFileSync(snapshotPath(cwd), JSON.stringify(snap, null, 2));
215
+ }
216
+ catch { /* noop */ }
217
+ return snap;
218
+ }
219
+ export function detectConfigDrift(cwd, configPaths) {
220
+ const path = snapshotPath(cwd);
221
+ const currentAt = new Date().toISOString();
222
+ if (!existsSync(path)) {
223
+ return {
224
+ ok: false, hasSnapshot: false,
225
+ added: [], removed: [], modified: [], currentAt,
226
+ hint: "no snapshot pinned — run `mneme skeleton_key pin` to lock current config",
227
+ };
228
+ }
229
+ let snap;
230
+ try {
231
+ snap = JSON.parse(readFileSync(path, "utf8"));
232
+ }
233
+ catch {
234
+ return {
235
+ ok: false, hasSnapshot: false,
236
+ added: [], removed: [], modified: [], currentAt,
237
+ hint: "snapshot file unreadable / corrupted",
238
+ };
239
+ }
240
+ const current = discoverServers(configPaths ?? defaultConfigPaths());
241
+ const currentMap = new Map(current.map((s) => [s.name, { commandHash: digestCommand(s.command, s.args), source: s.source }]));
242
+ const snapMap = new Map(snap.servers.map((s) => [s.name, s]));
243
+ const added = [];
244
+ const removed = [];
245
+ const modified = [];
246
+ for (const [name, cur] of currentMap.entries()) {
247
+ const old = snapMap.get(name);
248
+ if (!old)
249
+ added.push({ name, source: cur.source });
250
+ else if (old.commandHash !== cur.commandHash)
251
+ modified.push({ name, oldHash: old.commandHash, newHash: cur.commandHash });
252
+ }
253
+ for (const [name, old] of snapMap.entries()) {
254
+ if (!currentMap.has(name))
255
+ removed.push({ name, source: old.source });
256
+ }
257
+ const ok = added.length === 0 && removed.length === 0 && modified.length === 0;
258
+ return {
259
+ ok, hasSnapshot: true, added, removed, modified,
260
+ snapshotAt: snap.at, currentAt,
261
+ hint: ok
262
+ ? "config unchanged since pin"
263
+ : `drift detected: ${added.length} added · ${removed.length} removed · ${modified.length} modified (re-pin with \`mneme skeleton_key pin\` after review)`,
264
+ };
265
+ }
266
+ export function buildRecommendations(audit) {
267
+ const recs = [];
268
+ for (const f of audit.findings) {
269
+ if (f.risk.severity < 0.55)
270
+ continue;
271
+ recs.push({
272
+ server: f.server,
273
+ severity: f.risk.severity,
274
+ cwe: f.risk.cwe,
275
+ action: f.risk.mitigation,
276
+ });
277
+ }
278
+ if (audit.graph.bypassPaths.length > 0) {
279
+ recs.push({
280
+ server: "BYPASS GRAPH",
281
+ severity: audit.graph.bypassPaths[0].weakestSeverity,
282
+ cwe: "CWE-269",
283
+ action: `${audit.graph.bypassPaths.length} bypass path(s) detected — narrow capability scope across servers; wrap with PASSPORT mediation.`,
284
+ });
285
+ }
286
+ if (!audit.withinBudget) {
287
+ recs.push({
288
+ server: "RISK BUDGET",
289
+ severity: 0.80,
290
+ cwe: "CWE-1059",
291
+ action: `risk budget ${audit.riskBudget} exceeds cap ${audit.budgetCap} — remove a high-severity server OR raise the cap with explicit justification.`,
292
+ });
293
+ }
294
+ return recs;
295
+ }
296
+ /* ── Render banner ───────────────────────────────────────────────── */
297
+ export function renderAuditBanner(a) {
298
+ const lines = [
299
+ `🦴 SKELETON KEY · ${a.summary}`,
300
+ ` risk budget: ${a.riskBudget}/${a.budgetCap} ${a.withinBudget ? "✓" : "✗ OVER BUDGET"}`,
301
+ ` sources: ${a.sources.join(", ") || "(none)"}`,
302
+ "",
303
+ ];
304
+ for (const f of a.findings.slice(0, 10)) {
305
+ const sym = f.risk.severity >= 0.85 ? "🚨" : f.risk.severity >= 0.65 ? "⚠ " : "·";
306
+ const evidence = f.source === "empirical" ? `[empirical · ${f.toolCount} tools]` : "[heuristic]";
307
+ lines.push(` ${sym} ${f.server.padEnd(22)} ${(f.risk.severity * 100).toFixed(0).padStart(3)}% ${f.risk.cwe} ${f.risk.riskName} ${evidence}`);
308
+ }
309
+ if (a.graph.bypassPaths.length > 0) {
310
+ lines.push("");
311
+ lines.push(` BYPASS PATHS (${a.graph.bypassPaths.length}):`);
312
+ for (const bp of a.graph.bypassPaths.slice(0, 5)) {
313
+ lines.push(` → ${bp.narrative}`);
314
+ }
315
+ }
316
+ return lines.join("\n");
317
+ }
318
+ export { RISK_HEURISTICS, UNKNOWN_HEURISTIC, matchHeuristic } from "./risk_heuristics.js";
319
+ export { buildBypassGraph, totalRiskBudget } from "./bypass_graph.js";
320
+ export { probeServer } from "./capability_probe.js";
321
+ //# sourceMappingURL=index.js.map
package/dist/skeleton_key/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skeleton_key/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAY,aAAa,EAAE,MAAM,SAAS,CAAC;AACvF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAE1C,OAAO,EAEL,iBAAiB,EACjB,cAAc,GAEf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,gBAAgB,EAChB,eAAe,GAGhB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,WAAW,EAAoB,MAAM,uBAAuB,CAAC;AAEtE,MAAM,OAAO,GAAG,oBAAoB,CAAC;AACrC,MAAM,WAAW,GAAG,uBAAuB,CAAC;AAC5C,SAAS,KAAK,KAAa,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;AAuDxE,4EAA4E;AAC5E,MAAM,UAAU,kBAAkB;IAChC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,QAAQ,EAAE,CAAC;IACxB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,+DAA+D,CAAC,CAAC,CAAC;QACxF,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uDAAuD,CAAC,CAAC,CAAC;IAClF,CAAC;SAAM,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;QACxE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mCAAmC,CAAC,CAAC,CAAC;QAC/D,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC,CAAC;IACzD,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,2CAA2C,CAAC,CAAC,CAAC;QACpE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC,CAAC;IAChD,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,mCAAmC,CAAC,CAAC,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,WAAqB;IACnD,MAAM,GAAG,GAAsB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7B,IAAI,MAAM,GAAmC,IAAI,CAAC;QAClD,IAAI,CAAC;YAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAA4B,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;QACpG,IAAI,CAAC,MAAM;YAAE,SAAS;QACtB,MAAM,UAAU,GAA+C;YAC7D,MAAM,CAAC,YAAY,CAAwC;YAC3D,MAAM,CAAC,mBAAmB,CAAwC;YACjE,MAAM,CAAC,KAAK,CAAyC,EAAE,CAAC,SAAS,CAAwC;YACzG,MAAM,CAAC,KAAK,CAAyC,EAAE,CAAC,YAAY,CAAwC;SAC9G,CAAC;QACF,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,SAAS;YAClD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;oBAAE,SAAS;gBAC9C,MAAM,CAAC,GAAG,GAA2D,CAAC;gBACtE,GAAG,CAAC,IAAI,CAAC;oBACP,IAAI;oBACJ,OAAO,EAAE,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;oBAC9D,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;oBAClG,GAAG,EAAE,CAAC,CAAC,GAAG,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAA6B,CAAC,CAAC,CAAC,SAAS;oBACrF,MAAM,EAAE,CAAC;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IACD,8EAA8E;IAC9E,MAAM,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IACjD,KAAK,MAAM,CAAC,IAAI,GAAG;QAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,IAAmB,EAAE,KAAkB;IACnE,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrE,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtF,6EAA6E;IAC7E,8BAA8B;IAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7I,IAAI,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;IAC7B,IAAI,OAAO,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI;QAAE,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;SACpE,IAAI,QAAQ,IAAI,IAAI,CAAC,QAAQ,GAAG,IAAI;QAAE,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAC/E,OAAO,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;AACzD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAkB,EAAE;IACxD,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC;IACvD,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,GAAG,CAAC;IACxC,MAAM,QAAQ,GAAiC,EAAE,CAAC;IAClD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACtC,IAAI,IAAmB,CAAC;QACxB,IAAI,MAA6C,CAAC;QAClD,IAAI,SAA6B,CAAC;QAClC,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,GAAG,IAAI,CAAC;YACZ,MAAM,GAAG,WAAW,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,iBAAiB,CAAC;YACzB,MAAM,GAAG,SAAS,CAAC;QACrB,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,IAAI,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACjG,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC;gBAC9B,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,GAAG,EAAE,GAAG,CAAC,GAAG;aACb,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;gBACpB,IAAI,GAAG,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;gBACzC,MAAM,GAAG,WAAW,CAAC;gBACrB,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC;YACjC,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;IACD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,UAAU,IAAI,SAAS,CAAC;IAC7C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAElE,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC;QAClC,CAAC,CAAC,iGAAiG;QACnG,CAAC,CAAC,GAAG,OAAO,CAAC,MAAM,yBAAyB,OAAO,CAAC,MAAM,2BAA2B,UAAU,IAAI,SAAS,KAAK,KAAK,CAAC,WAAW,CAAC,MAAM,oBAAoB,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,MAAM,uBAAuB,CAAC;IAE7O,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,YAAY,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAChF,EAAE,EAAE,YAAY,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO;QACzC,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO;KAC9D,CAAC;IACF,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,CAAmB;IAC7C,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACnD,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1F,OAAO,QAAQ,KAAK,IAAI,CAAC;AAC3B,CAAC;AAWD,SAAS,aAAa,CAAC,GAAY,EAAE,IAAe;IAClD,MAAM,IAAI,GAAG,GAAG,GAAG,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;IACtD,OAAO,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,OAAO,IAAI,CAAC,GAAG,EAAE,QAAQ,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,WAAsB;IACnE,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG;QACX,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3B,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC;YAC7C,MAAM,EAAE,CAAC,CAAC,MAAM;SACjB,CAAC,CAAC;KACJ,CAAC;IACF,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACtF,MAAM,IAAI,GAAmB,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC;IAC/C,IAAI,CAAC;QACH,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAaD,MAAM,UAAU,iBAAiB,CAAC,GAAW,EAAE,WAAsB;IACnE,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YAC7B,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS;YAC/C,IAAI,EAAE,0EAA0E;SACjF,CAAC;IACJ,CAAC;IACD,IAAI,IAAoB,CAAC;IACzB,IAAI,CAAC;QAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAmB,CAAC;IAAC,CAAC;IACxE,MAAM,CAAC;QACL,OAAO;YACL,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK;YAC7B,KAAK,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS;YAC/C,IAAI,EAAE,sCAAsC;SAC7C,CAAC;IACJ,CAAC;IACD,MAAM,OAAO,GAAG,eAAe,CAAC,WAAW,IAAI,kBAAkB,EAAE,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9H,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAyB,EAAE,CAAC;IACvC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC;QAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,CAAC,GAAG;YAAE,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;aAC9C,IAAI,GAAG,CAAC,WAAW,KAAK,GAAG,CAAC,WAAW;YAAE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,EAAE,OAAO,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IAC5H,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/E,OAAO;QACL,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ;QAC/C,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS;QAC9B,IAAI,EAAE,EAAE;YACN,CAAC,CAAC,4BAA4B;YAC9B,CAAC,CAAC,mBAAmB,KAAK,CAAC,MAAM,YAAY,OAAO,CAAC,MAAM,cAAc,QAAQ,CAAC,MAAM,iEAAiE;KAC5J,CAAC;AACJ,CAAC;AAWD,MAAM,UAAU,oBAAoB,CAAC,KAAuB;IAC1D,MAAM,IAAI,GAAqB,EAAE,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI;YAAE,SAAS;QACrC,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YACzB,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG;YACf,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;IACD,IAAI,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,eAAe;YACrD,GAAG,EAAE,SAAS;YACd,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,kGAAkG;SAC5I,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;QACxB,IAAI,CAAC,IAAI,CAAC;YACR,MAAM,EAAE,aAAa;YACrB,QAAQ,EAAE,IAAI;YACd,GAAG,EAAE,UAAU;YACf,MAAM,EAAE,eAAe,KAAK,CAAC,UAAU,gBAAgB,KAAK,CAAC,SAAS,gFAAgF;SACvJ,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,wEAAwE;AAExE,MAAM,UAAU,iBAAiB,CAAC,CAAmB;IACnD,MAAM,KAAK,GAAG;QACZ,qBAAqB,CAAC,CAAC,OAAO,EAAE;QAChC,mBAAmB,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE;QAC1F,eAAe,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,EAAE;QACjD,EAAE;KACH,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC;QAClF,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,SAAS,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC;QACjG,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,EAAE,CAAC,CAAC;IACnJ,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC;QAC/D,KAAK,MAAM,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACjD,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAE1F,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEtE,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC"}
package/dist/skeleton_key/risk_heuristics.d.ts ADDED
@@ -0,0 +1,46 @@
1
+ /**
2
+ * v2.60.0 — SKELETON KEY risk heuristics.
3
+ *
4
+ * Pattern-based risk scoring for MCP servers, name-only path. Used as
5
+ * the fast first pass; CAPABILITY PROBE upgrades the scoring with
6
+ * empirical evidence (real tools/list result from spawning the server).
7
+ *
8
+ * Severity scale 0..1:
9
+ * 0.0-0.3 → low (read-only / sandboxed)
10
+ * 0.3-0.6 → medium (scoped mutations)
11
+ * 0.6-0.85 → high (broad mutations)
12
+ * 0.85-1.0 → critical (arbitrary execution / unrestricted FS / DB DDL)
13
+ *
14
+ * Every entry maps to a CWE (Common Weakness Enumeration) for
15
+ * compliance audit-grade output.
16
+ */
17
+ export interface RiskHeuristic {
18
+ /** Lowercase substring to match against server name. */
19
+ match: string;
20
+ /** Human-readable risk class. */
21
+ riskName: string;
22
+ /** 0..1 severity. */
23
+ severity: number;
24
+ /** Suggested mitigation. */
25
+ mitigation: string;
26
+ /** CWE id for compliance mapping. */
27
+ cwe: string;
28
+ /** Capability tags exposed (used by bypass graph). */
29
+ capabilities: string[];
30
+ }
31
+ /**
32
+ * Ordered most-specific → least-specific. First match wins per server.
33
+ * Each entry curated from MCP ecosystem observation (2026-05).
34
+ */
35
+ export declare const RISK_HEURISTICS: RiskHeuristic[];
36
+ /**
37
+ * Match a server name against heuristics. Returns the highest-severity
38
+ * matching heuristic, or null if no match (= unknown → conservative HIGH).
39
+ */
40
+ export declare function matchHeuristic(serverName: string): RiskHeuristic | null;
41
+ /**
42
+ * Unknown / unmatched server. Conservative default: treat as medium risk
43
+ * with hint to run capability probe for exact assessment.
44
+ */
45
+ export declare const UNKNOWN_HEURISTIC: RiskHeuristic;
46
+ //# sourceMappingURL=risk_heuristics.d.ts.map
package/dist/skeleton_key/risk_heuristics.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"risk_heuristics.d.ts","sourceRoot":"","sources":["../../src/skeleton_key/risk_heuristics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,WAAW,aAAa;IAC5B,wDAAwD;IACxD,KAAK,EAAE,MAAM,CAAC;IACd,iCAAiC;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,4BAA4B;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,aAAa,EAiK1C,CAAC;AAEF;;;GAGG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAKvE;AAED;;;GAGG;AACH,eAAO,MAAM,iBAAiB,EAAE,aAO/B,CAAC"}
package/dist/skeleton_key/risk_heuristics.js ADDED
@@ -0,0 +1,206 @@
1
+ /**
2
+ * v2.60.0 — SKELETON KEY risk heuristics.
3
+ *
4
+ * Pattern-based risk scoring for MCP servers, name-only path. Used as
5
+ * the fast first pass; CAPABILITY PROBE upgrades the scoring with
6
+ * empirical evidence (real tools/list result from spawning the server).
7
+ *
8
+ * Severity scale 0..1:
9
+ * 0.0-0.3 → low (read-only / sandboxed)
10
+ * 0.3-0.6 → medium (scoped mutations)
11
+ * 0.6-0.85 → high (broad mutations)
12
+ * 0.85-1.0 → critical (arbitrary execution / unrestricted FS / DB DDL)
13
+ *
14
+ * Every entry maps to a CWE (Common Weakness Enumeration) for
15
+ * compliance audit-grade output.
16
+ */
17
+ /**
18
+ * Ordered most-specific → least-specific. First match wins per server.
19
+ * Each entry curated from MCP ecosystem observation (2026-05).
20
+ */
21
+ export const RISK_HEURISTICS = [
22
+ // Shell / exec — the highest risk class
23
+ {
24
+ match: "shell-mcp",
25
+ riskName: "arbitrary command execution",
26
+ severity: 0.95,
27
+ mitigation: "allowlist commands; require PASSPORT token for destructive ops; sandbox via container",
28
+ cwe: "CWE-78", // OS command injection
29
+ capabilities: ["exec", "write_fs", "network", "process_kill"],
30
+ },
31
+ {
32
+ match: "exec-mcp",
33
+ riskName: "arbitrary command execution",
34
+ severity: 0.95,
35
+ mitigation: "allowlist commands; require PASSPORT token for destructive ops",
36
+ cwe: "CWE-78",
37
+ capabilities: ["exec", "write_fs", "network"],
38
+ },
39
+ {
40
+ match: "shell",
41
+ riskName: "shell access (broad)",
42
+ severity: 0.90,
43
+ mitigation: "allowlist commands; refuse rm/format/dd by policy",
44
+ cwe: "CWE-78",
45
+ capabilities: ["exec", "write_fs"],
46
+ },
47
+ // Filesystem
48
+ {
49
+ match: "filesystem",
50
+ riskName: "unrestricted FS read/write",
51
+ severity: 0.85,
52
+ mitigation: "scope to specific dirs via allowlist; gate writes via PASSPORT token",
53
+ cwe: "CWE-22", // path traversal
54
+ capabilities: ["read_fs", "write_fs"],
55
+ },
56
+ // Cloud / infra
57
+ {
58
+ match: "kubernetes",
59
+ riskName: "cluster mutation (apply / delete)",
60
+ severity: 0.85,
61
+ mitigation: "RBAC scope; require explicit ServiceAccount with no cluster-admin",
62
+ cwe: "CWE-269", // improper privilege management
63
+ capabilities: ["cluster_mutate", "exec"],
64
+ },
65
+ {
66
+ match: "aws",
67
+ riskName: "AWS resource creation/destruction",
68
+ severity: 0.80,
69
+ mitigation: "IAM scope down; require --dry-run first; deny iam:* / *:Delete",
70
+ cwe: "CWE-269",
71
+ capabilities: ["cloud_mutate", "billing"],
72
+ },
73
+ {
74
+ match: "gcp",
75
+ riskName: "GCP resource creation/destruction",
76
+ severity: 0.80,
77
+ mitigation: "scope service account; deny billing.* / iam.*",
78
+ cwe: "CWE-269",
79
+ capabilities: ["cloud_mutate", "billing"],
80
+ },
81
+ {
82
+ match: "azure",
83
+ riskName: "Azure resource creation/destruction",
84
+ severity: 0.80,
85
+ mitigation: "scope service principal; deny role assignments",
86
+ cwe: "CWE-269",
87
+ capabilities: ["cloud_mutate", "billing"],
88
+ },
89
+ // DB
90
+ {
91
+ match: "postgres",
92
+ riskName: "DB DDL/DML allowed",
93
+ severity: 0.78,
94
+ mitigation: "use read-only user; deny DROP/TRUNCATE/DELETE via grants",
95
+ cwe: "CWE-89", // SQL injection class
96
+ capabilities: ["db_read", "db_write", "db_ddl"],
97
+ },
98
+ {
99
+ match: "mysql",
100
+ riskName: "DB DDL/DML allowed",
101
+ severity: 0.78,
102
+ mitigation: "use read-only user; revoke ALTER/DROP",
103
+ cwe: "CWE-89",
104
+ capabilities: ["db_read", "db_write", "db_ddl"],
105
+ },
106
+ {
107
+ match: "mongodb",
108
+ riskName: "DB write/dropCollection allowed",
109
+ severity: 0.75,
110
+ mitigation: "role-scope to read-only or specific db; deny dropDatabase",
111
+ cwe: "CWE-89",
112
+ capabilities: ["db_read", "db_write"],
113
+ },
114
+ {
115
+ match: "redis",
116
+ riskName: "DB write + FLUSHDB risk",
117
+ severity: 0.70,
118
+ mitigation: "ACL with read-only; deny FLUSHDB/FLUSHALL/CONFIG SET",
119
+ cwe: "CWE-89",
120
+ capabilities: ["db_read", "db_write"],
121
+ },
122
+ // Source control
123
+ {
124
+ match: "github",
125
+ riskName: "write to any repo",
126
+ severity: 0.75,
127
+ mitigation: "scope token to specific repos; deny repo-creation / repo-deletion",
128
+ cwe: "CWE-285", // improper authorization
129
+ capabilities: ["git_write", "network"],
130
+ },
131
+ {
132
+ match: "gitlab",
133
+ riskName: "write to any project",
134
+ severity: 0.75,
135
+ mitigation: "scope token to specific projects; deny project deletion",
136
+ cwe: "CWE-285",
137
+ capabilities: ["git_write", "network"],
138
+ },
139
+ // Browser automation
140
+ {
141
+ match: "playwright",
142
+ riskName: "headless browser to any URL",
143
+ severity: 0.65,
144
+ mitigation: "allowlist domains; deny localhost/127.* (SSRF surface)",
145
+ cwe: "CWE-918", // SSRF
146
+ capabilities: ["network", "browser_automation"],
147
+ },
148
+ {
149
+ match: "puppeteer",
150
+ riskName: "headless browser to any URL",
151
+ severity: 0.65,
152
+ mitigation: "allowlist domains; deny localhost/127.*",
153
+ cwe: "CWE-918",
154
+ capabilities: ["network", "browser_automation"],
155
+ },
156
+ {
157
+ match: "browser",
158
+ riskName: "browser automation",
159
+ severity: 0.60,
160
+ mitigation: "allowlist domains; deny credential prompts",
161
+ cwe: "CWE-918",
162
+ capabilities: ["network", "browser_automation"],
163
+ },
164
+ // Generic write-capable
165
+ {
166
+ match: "write",
167
+ riskName: "generic write tool (name suggests mutations)",
168
+ severity: 0.55,
169
+ mitigation: "inspect actual tool schema; scope via PASSPORT",
170
+ cwe: "CWE-285",
171
+ capabilities: ["write_fs"],
172
+ },
173
+ // Memory / RAG read-only
174
+ {
175
+ match: "memory",
176
+ riskName: "read-only memory (low risk)",
177
+ severity: 0.20,
178
+ mitigation: "verify it doesn't shell out; pin source paths",
179
+ cwe: "CWE-200", // info exposure (if memory contains secrets)
180
+ capabilities: ["read_memory"],
181
+ },
182
+ ];
183
+ /**
184
+ * Match a server name against heuristics. Returns the highest-severity
185
+ * matching heuristic, or null if no match (= unknown → conservative HIGH).
186
+ */
187
+ export function matchHeuristic(serverName) {
188
+ const lower = serverName.toLowerCase();
189
+ const matches = RISK_HEURISTICS.filter((h) => lower.includes(h.match));
190
+ if (matches.length === 0)
191
+ return null;
192
+ return matches.sort((a, b) => b.severity - a.severity)[0];
193
+ }
194
+ /**
195
+ * Unknown / unmatched server. Conservative default: treat as medium risk
196
+ * with hint to run capability probe for exact assessment.
197
+ */
198
+ export const UNKNOWN_HEURISTIC = {
199
+ match: "*",
200
+ riskName: "unknown server (no heuristic match)",
201
+ severity: 0.50,
202
+ mitigation: "run `mneme skeleton_key probe --server <name>` for empirical capability assessment",
203
+ cwe: "CWE-1059", // insufficient documentation
204
+ capabilities: ["unknown"],
205
+ };
206
+ //# sourceMappingURL=risk_heuristics.js.map
package/dist/skeleton_key/risk_heuristics.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"risk_heuristics.js","sourceRoot":"","sources":["../../src/skeleton_key/risk_heuristics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAiBH;;;GAGG;AACH,MAAM,CAAC,MAAM,eAAe,GAAoB;IAC9C,wCAAwC;IACxC;QACE,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,uFAAuF;QACnG,GAAG,EAAE,QAAQ,EAAE,uBAAuB;QACtC,YAAY,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,CAAC;KAC9D;IACD;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gEAAgE;QAC5E,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC;KAC9C;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,mDAAmD;QAC/D,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,MAAM,EAAE,UAAU,CAAC;KACnC;IACD,aAAa;IACb;QACE,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,4BAA4B;QACtC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,sEAAsE;QAClF,GAAG,EAAE,QAAQ,EAAE,iBAAiB;QAChC,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KACtC;IACD,gBAAgB;IAChB;QACE,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,mCAAmC;QAC7C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,mEAAmE;QAC/E,GAAG,EAAE,SAAS,EAAE,gCAAgC;QAChD,YAAY,EAAE,CAAC,gBAAgB,EAAE,MAAM,CAAC;KACzC;IACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,mCAAmC;QAC7C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gEAAgE;QAC5E,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,mCAAmC;QAC7C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,+CAA+C;QAC3D,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,SAAS,CAAC;KAC1C;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,qCAAqC;QAC/C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gDAAgD;QAC5D,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,cAAc,EAAE,SAAS,CAAC;KAC1C;IACD,KAAK;IACL;QACE,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,0DAA0D;QACtE,GAAG,EAAE,QAAQ,EAAE,sBAAsB;QACrC,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC;KAChD;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,uCAAuC;QACnD,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,QAAQ,CAAC;KAChD;IACD;QACE,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,iCAAiC;QAC3C,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,2DAA2D;QACvE,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KACtC;IACD;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,yBAAyB;QACnC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,sDAAsD;QAClE,GAAG,EAAE,QAAQ;QACb,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC;KACtC;IACD,iBAAiB;IACjB;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,mBAAmB;QAC7B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,mEAAmE;QAC/E,GAAG,EAAE,SAAS,EAAE,yBAAyB;QACzC,YAAY,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;KACvC;IACD;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,sBAAsB;QAChC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,yDAAyD;QACrE,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,WAAW,EAAE,SAAS,CAAC;KACvC;IACD,qBAAqB;IACrB;QACE,KAAK,EAAE,YAAY;QACnB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,wDAAwD;QACpE,GAAG,EAAE,SAAS,EAAE,OAAO;QACvB,YAAY,EAAE,CAAC,SAAS,EAAE,oBAAoB,CAAC;KAChD;IACD;QACE,KAAK,EAAE,WAAW;QAClB,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,yCAAyC;QACrD,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,SAAS,EAAE,oBAAoB,CAAC;KAChD;IACD;QACE,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,oBAAoB;QAC9B,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,4CAA4C;QACxD,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,SAAS,EAAE,oBAAoB,CAAC;KAChD;IACD,wBAAwB;IACxB;QACE,KAAK,EAAE,OAAO;QACd,QAAQ,EAAE,8CAA8C;QACxD,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,gDAAgD;QAC5D,GAAG,EAAE,SAAS;QACd,YAAY,EAAE,CAAC,UAAU,CAAC;KAC3B;IACD,yBAAyB;IACzB;QACE,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,6BAA6B;QACvC,QAAQ,EAAE,IAAI;QACd,UAAU,EAAE,+CAA+C;QAC3D,GAAG,EAAE,SAAS,EAAE,6CAA6C;QAC7D,YAAY,EAAE,CAAC,aAAa,CAAC;KAC9B;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,UAAkB;IAC/C,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACvE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC;AAC7D,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAkB;IAC9C,KAAK,EAAE,GAAG;IACV,QAAQ,EAAE,qCAAqC;IAC/C,QAAQ,EAAE,IAAI;IACd,UAAU,EAAE,oFAAoF;IAChG,GAAG,EAAE,UAAU,EAAE,6BAA6B;IAC9C,YAAY,EAAE,CAAC,SAAS,CAAC;CAC1B,CAAC"}
package/dist/truth_gate/claims.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"claims.d.ts","sourceRoot":"","sources":["../../src/truth_gate/claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,eAAO,MAAM,aAAa,EAAE,aAAa,CAAC,KAAK,CAgc9C,CAAC"}
1
+ {"version":3,"file":"claims.d.ts","sourceRoot":"","sources":["../../src/truth_gate/claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,eAAO,MAAM,aAAa,EAAE,aAAa,CAAC,KAAK,CAwe9C,CAAC"}
package/dist/truth_gate/claims.js CHANGED
@@ -250,6 +250,44 @@ export const CLAIM_CATALOG = [
250
250
  probeId: "probe.coverage.smart_auto_exemption",
251
251
  severity: "block",
252
252
  },
253
+ // ── v2.61.0 — PASSPORT (capability-based security for MCP) ──────────
254
+ {
255
+ id: "claim.passport.issue_verify_revoke_round_trip",
256
+ source: "v2.61.0 release notes",
257
+ text: "PASSPORT capability-based security primitive: issuePassport with high trust returns HMAC-signed token + correct TTL → verifyPassport reports valid → revokePassport with cascade=true succeeds → re-verify reports revoked. End-to-end round-trip works on a fresh ledger. First capability-based security layer for MCP",
258
+ kind: "numeric",
259
+ asserted: { value: 1, op: "=", unit: "boolean" },
260
+ probeId: "probe.passport.issue_verify_revoke_round_trip",
261
+ severity: "block",
262
+ },
263
+ {
264
+ id: "claim.passport.ledger_chain_intact",
265
+ source: "v2.61.0 release notes",
266
+ text: "PASSPORT audit ledger is HMAC-chained — every issue/verify/revoke entry's HMAC depends on the previous row's HMAC. Tamper-evident; chain verification can detect any mid-stream edit. Court-admissible audit trail",
267
+ kind: "numeric",
268
+ asserted: { value: 1, op: "=", unit: "boolean" },
269
+ probeId: "probe.passport.ledger_chain_intact",
270
+ severity: "block",
271
+ },
272
+ // ── v2.60.0 — SKELETON KEY (MCP security auditor) ───────────────────
273
+ {
274
+ id: "claim.skeleton_key.audit_runs",
275
+ source: "v2.60.0 release notes",
276
+ text: "SKELETON KEY (the first MCP server security auditor) runs end-to-end: discovers MCP servers across Claude Desktop / Cursor / Continue / Cline configs, scores per-server risk with CWE mapping, computes transitive bypass graph + risk budget, returns HMAC-sealed envelope that re-verifies. Pure / defensive — never throws even on missing configs",
277
+ kind: "numeric",
278
+ asserted: { value: 1, op: "=", unit: "boolean" },
279
+ probeId: "probe.skeleton_key.audit_runs",
280
+ severity: "block",
281
+ },
282
+ {
283
+ id: "claim.skeleton_key.bypass_graph_works",
284
+ source: "v2.60.0 release notes",
285
+ text: "SKELETON KEY's transitive bypass graph derives multi-server attack paths from capability overlap. Fixture: 3 servers (shell-mcp / filesystem-mcp / github-mcp) → ≥3 distinct attacker-goal bypass paths (delete_repo, modify_ci_pipeline, exfiltrate_secret). Most MCP audit tools stop at single-server analysis — SKELETON KEY computes the GRAPH",
286
+ kind: "numeric",
287
+ asserted: { value: 1, op: "=", unit: "boolean" },
288
+ probeId: "probe.skeleton_key.bypass_graph_works",
289
+ severity: "block",
290
+ },
253
291
  // ── v2.59.0 — GATE SELF-VERIFICATION (SDK_AUDITOR) ──────────────────
254
292
  {
255
293
  id: "claim.sdk.external_surface_complete",