npm - @oculum/scanner - Versions diffs - 1.0.9 → 1.0.11 - Mend

@oculum/scanner 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (365) hide show

package/dist/baseline/diff.d.ts +32 -0
package/dist/baseline/diff.d.ts.map +1 -0
package/dist/baseline/diff.js +119 -0
package/dist/baseline/diff.js.map +1 -0
package/dist/baseline/index.d.ts +9 -0
package/dist/baseline/index.d.ts.map +1 -0
package/dist/baseline/index.js +19 -0
package/dist/baseline/index.js.map +1 -0
package/dist/baseline/manager.d.ts +67 -0
package/dist/baseline/manager.d.ts.map +1 -0
package/dist/baseline/manager.js +180 -0
package/dist/baseline/manager.js.map +1 -0
package/dist/baseline/types.d.ts +91 -0
package/dist/baseline/types.d.ts.map +1 -0
package/dist/baseline/types.js +12 -0
package/dist/baseline/types.js.map +1 -0
package/dist/formatters/cli-terminal.d.ts +38 -0
package/dist/formatters/cli-terminal.d.ts.map +1 -1
package/dist/formatters/cli-terminal.js +365 -42
package/dist/formatters/cli-terminal.js.map +1 -1
package/dist/formatters/github-comment.d.ts +1 -1
package/dist/formatters/github-comment.d.ts.map +1 -1
package/dist/formatters/github-comment.js +75 -11
package/dist/formatters/github-comment.js.map +1 -1
package/dist/formatters/index.d.ts +1 -1
package/dist/formatters/index.d.ts.map +1 -1
package/dist/formatters/index.js +4 -1
package/dist/formatters/index.js.map +1 -1
package/dist/index.d.ts +7 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +155 -16
package/dist/index.js.map +1 -1
package/dist/layer1/config-audit.d.ts.map +1 -1
package/dist/layer1/config-audit.js +20 -3
package/dist/layer1/config-audit.js.map +1 -1
package/dist/layer1/config-mcp-audit.d.ts +20 -0
package/dist/layer1/config-mcp-audit.d.ts.map +1 -0
package/dist/layer1/config-mcp-audit.js +239 -0
package/dist/layer1/config-mcp-audit.js.map +1 -0
package/dist/layer1/index.d.ts +1 -0
package/dist/layer1/index.d.ts.map +1 -1
package/dist/layer1/index.js +9 -1
package/dist/layer1/index.js.map +1 -1
package/dist/layer2/ai-agent-tools.d.ts.map +1 -1
package/dist/layer2/ai-agent-tools.js +303 -0
package/dist/layer2/ai-agent-tools.js.map +1 -1
package/dist/layer2/ai-endpoint-protection.d.ts.map +1 -1
package/dist/layer2/ai-endpoint-protection.js +17 -3
package/dist/layer2/ai-endpoint-protection.js.map +1 -1
package/dist/layer2/ai-execution-sinks.d.ts.map +1 -1
package/dist/layer2/ai-execution-sinks.js +462 -12
package/dist/layer2/ai-execution-sinks.js.map +1 -1
package/dist/layer2/ai-fingerprinting.d.ts.map +1 -1
package/dist/layer2/ai-fingerprinting.js +3 -0
package/dist/layer2/ai-fingerprinting.js.map +1 -1
package/dist/layer2/ai-mcp-security.d.ts +17 -0
package/dist/layer2/ai-mcp-security.d.ts.map +1 -0
package/dist/layer2/ai-mcp-security.js +679 -0
package/dist/layer2/ai-mcp-security.js.map +1 -0
package/dist/layer2/ai-package-hallucination.d.ts +19 -0
package/dist/layer2/ai-package-hallucination.d.ts.map +1 -0
package/dist/layer2/ai-package-hallucination.js +696 -0
package/dist/layer2/ai-package-hallucination.js.map +1 -0
package/dist/layer2/ai-prompt-hygiene.d.ts.map +1 -1
package/dist/layer2/ai-prompt-hygiene.js +495 -9
package/dist/layer2/ai-prompt-hygiene.js.map +1 -1
package/dist/layer2/ai-rag-safety.d.ts.map +1 -1
package/dist/layer2/ai-rag-safety.js +372 -1
package/dist/layer2/ai-rag-safety.js.map +1 -1
package/dist/layer2/auth-antipatterns.d.ts.map +1 -1
package/dist/layer2/auth-antipatterns.js +4 -0
package/dist/layer2/auth-antipatterns.js.map +1 -1
package/dist/layer2/byok-patterns.d.ts.map +1 -1
package/dist/layer2/byok-patterns.js +3 -0
package/dist/layer2/byok-patterns.js.map +1 -1
package/dist/layer2/dangerous-functions/child-process.d.ts +16 -0
package/dist/layer2/dangerous-functions/child-process.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/child-process.js +74 -0
package/dist/layer2/dangerous-functions/child-process.js.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts +29 -0
package/dist/layer2/dangerous-functions/dom-xss.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/dom-xss.js +179 -0
package/dist/layer2/dangerous-functions/dom-xss.js.map +1 -0
package/dist/layer2/dangerous-functions/index.d.ts +13 -0
package/dist/layer2/dangerous-functions/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/index.js +621 -0
package/dist/layer2/dangerous-functions/index.js.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts +31 -0
package/dist/layer2/dangerous-functions/json-parse.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/json-parse.js +319 -0
package/dist/layer2/dangerous-functions/json-parse.js.map +1 -0
package/dist/layer2/dangerous-functions/math-random.d.ts +61 -0
package/dist/layer2/dangerous-functions/math-random.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/math-random.js +459 -0
package/dist/layer2/dangerous-functions/math-random.js.map +1 -0
package/dist/layer2/dangerous-functions/patterns.d.ts +21 -0
package/dist/layer2/dangerous-functions/patterns.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/patterns.js +161 -0
package/dist/layer2/dangerous-functions/patterns.js.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts +13 -0
package/dist/layer2/dangerous-functions/request-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/request-validation.js +119 -0
package/dist/layer2/dangerous-functions/request-validation.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts +23 -0
package/dist/layer2/dangerous-functions/utils/control-flow.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js +149 -0
package/dist/layer2/dangerous-functions/utils/control-flow.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts +31 -0
package/dist/layer2/dangerous-functions/utils/helpers.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/helpers.js +124 -0
package/dist/layer2/dangerous-functions/utils/helpers.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts +9 -0
package/dist/layer2/dangerous-functions/utils/index.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/index.js +23 -0
package/dist/layer2/dangerous-functions/utils/index.js.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts +22 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.d.ts.map +1 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js +89 -0
package/dist/layer2/dangerous-functions/utils/schema-validation.js.map +1 -0
package/dist/layer2/data-exposure.d.ts.map +1 -1
package/dist/layer2/data-exposure.js +3 -0
package/dist/layer2/data-exposure.js.map +1 -1
package/dist/layer2/framework-checks.d.ts.map +1 -1
package/dist/layer2/framework-checks.js +3 -0
package/dist/layer2/framework-checks.js.map +1 -1
package/dist/layer2/index.d.ts +3 -0
package/dist/layer2/index.d.ts.map +1 -1
package/dist/layer2/index.js +61 -2
package/dist/layer2/index.js.map +1 -1
package/dist/layer2/logic-gates.d.ts.map +1 -1
package/dist/layer2/logic-gates.js +4 -0
package/dist/layer2/logic-gates.js.map +1 -1
package/dist/layer2/model-supply-chain.d.ts +20 -0
package/dist/layer2/model-supply-chain.d.ts.map +1 -0
package/dist/layer2/model-supply-chain.js +376 -0
package/dist/layer2/model-supply-chain.js.map +1 -0
package/dist/layer2/risky-imports.d.ts.map +1 -1
package/dist/layer2/risky-imports.js +4 -0
package/dist/layer2/risky-imports.js.map +1 -1
package/dist/layer2/variables.d.ts.map +1 -1
package/dist/layer2/variables.js +4 -0
package/dist/layer2/variables.js.map +1 -1
package/dist/layer3/anthropic/auto-dismiss.d.ts +24 -0
package/dist/layer3/anthropic/auto-dismiss.d.ts.map +1 -0
package/dist/layer3/anthropic/auto-dismiss.js +188 -0
package/dist/layer3/anthropic/auto-dismiss.js.map +1 -0
package/dist/layer3/anthropic/clients.d.ts +44 -0
package/dist/layer3/anthropic/clients.d.ts.map +1 -0
package/dist/layer3/anthropic/clients.js +81 -0
package/dist/layer3/anthropic/clients.js.map +1 -0
package/dist/layer3/anthropic/index.d.ts +41 -0
package/dist/layer3/anthropic/index.d.ts.map +1 -0
package/dist/layer3/anthropic/index.js +141 -0
package/dist/layer3/anthropic/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/index.d.ts +8 -0
package/dist/layer3/anthropic/prompts/index.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/index.js +14 -0
package/dist/layer3/anthropic/prompts/index.js.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts +15 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js +169 -0
package/dist/layer3/anthropic/prompts/semantic-analysis.js.map +1 -0
package/dist/layer3/anthropic/prompts/validation.d.ts +12 -0
package/dist/layer3/anthropic/prompts/validation.d.ts.map +1 -0
package/dist/layer3/anthropic/prompts/validation.js +421 -0
package/dist/layer3/anthropic/prompts/validation.js.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts +21 -0
package/dist/layer3/anthropic/providers/anthropic.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/anthropic.js +266 -0
package/dist/layer3/anthropic/providers/anthropic.js.map +1 -0
package/dist/layer3/anthropic/providers/index.d.ts +8 -0
package/dist/layer3/anthropic/providers/index.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/index.js +15 -0
package/dist/layer3/anthropic/providers/index.js.map +1 -0
package/dist/layer3/anthropic/providers/openai.d.ts +18 -0
package/dist/layer3/anthropic/providers/openai.d.ts.map +1 -0
package/dist/layer3/anthropic/providers/openai.js +340 -0
package/dist/layer3/anthropic/providers/openai.js.map +1 -0
package/dist/layer3/anthropic/request-builder.d.ts +20 -0
package/dist/layer3/anthropic/request-builder.d.ts.map +1 -0
package/dist/layer3/anthropic/request-builder.js +134 -0
package/dist/layer3/anthropic/request-builder.js.map +1 -0
package/dist/layer3/anthropic/types.d.ts +88 -0
package/dist/layer3/anthropic/types.d.ts.map +1 -0
package/dist/layer3/anthropic/types.js +38 -0
package/dist/layer3/anthropic/types.js.map +1 -0
package/dist/layer3/anthropic/utils/index.d.ts +9 -0
package/dist/layer3/anthropic/utils/index.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/index.js +24 -0
package/dist/layer3/anthropic/utils/index.js.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts +21 -0
package/dist/layer3/anthropic/utils/path-helpers.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/path-helpers.js +69 -0
package/dist/layer3/anthropic/utils/path-helpers.js.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts +40 -0
package/dist/layer3/anthropic/utils/response-parser.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/response-parser.js +285 -0
package/dist/layer3/anthropic/utils/response-parser.js.map +1 -0
package/dist/layer3/anthropic/utils/retry.d.ts +15 -0
package/dist/layer3/anthropic/utils/retry.d.ts.map +1 -0
package/dist/layer3/anthropic/utils/retry.js +62 -0
package/dist/layer3/anthropic/utils/retry.js.map +1 -0
package/dist/layer3/index.d.ts +1 -0
package/dist/layer3/index.d.ts.map +1 -1
package/dist/layer3/index.js +16 -6
package/dist/layer3/index.js.map +1 -1
package/dist/layer3/osv-check.d.ts +75 -0
package/dist/layer3/osv-check.d.ts.map +1 -0
package/dist/layer3/osv-check.js +308 -0
package/dist/layer3/osv-check.js.map +1 -0
package/dist/rules/framework-fixes.d.ts +48 -0
package/dist/rules/framework-fixes.d.ts.map +1 -0
package/dist/rules/framework-fixes.js +439 -0
package/dist/rules/framework-fixes.js.map +1 -0
package/dist/rules/index.d.ts +8 -0
package/dist/rules/index.d.ts.map +1 -0
package/dist/rules/index.js +18 -0
package/dist/rules/index.js.map +1 -0
package/dist/rules/metadata.d.ts +43 -0
package/dist/rules/metadata.d.ts.map +1 -0
package/dist/rules/metadata.js +734 -0
package/dist/rules/metadata.js.map +1 -0
package/dist/suppression/config-loader.d.ts +74 -0
package/dist/suppression/config-loader.d.ts.map +1 -0
package/dist/suppression/config-loader.js +424 -0
package/dist/suppression/config-loader.js.map +1 -0
package/dist/suppression/hash.d.ts +48 -0
package/dist/suppression/hash.d.ts.map +1 -0
package/dist/suppression/hash.js +88 -0
package/dist/suppression/hash.js.map +1 -0
package/dist/suppression/index.d.ts +11 -0
package/dist/suppression/index.d.ts.map +1 -0
package/dist/suppression/index.js +39 -0
package/dist/suppression/index.js.map +1 -0
package/dist/suppression/inline-parser.d.ts +39 -0
package/dist/suppression/inline-parser.d.ts.map +1 -0
package/dist/suppression/inline-parser.js +218 -0
package/dist/suppression/inline-parser.js.map +1 -0
package/dist/suppression/manager.d.ts +94 -0
package/dist/suppression/manager.d.ts.map +1 -0
package/dist/suppression/manager.js +292 -0
package/dist/suppression/manager.js.map +1 -0
package/dist/suppression/types.d.ts +151 -0
package/dist/suppression/types.d.ts.map +1 -0
package/dist/suppression/types.js +28 -0
package/dist/suppression/types.js.map +1 -0
package/dist/tiers.d.ts +1 -1
package/dist/tiers.d.ts.map +1 -1
package/dist/tiers.js +27 -0
package/dist/tiers.js.map +1 -1
package/dist/types.d.ts +62 -1
package/dist/types.d.ts.map +1 -1
package/dist/types.js.map +1 -1
package/dist/utils/context-helpers.d.ts +4 -0
package/dist/utils/context-helpers.d.ts.map +1 -1
package/dist/utils/context-helpers.js +13 -9
package/dist/utils/context-helpers.js.map +1 -1
package/package.json +4 -2
package/src/__tests__/benchmark/fixtures/layer1/mcp-config-audit.json +31 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-execution-sinks.ts +1489 -82
package/src/__tests__/benchmark/fixtures/layer2/ai-mcp-security.ts +495 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-package-hallucination.ts +255 -0
package/src/__tests__/benchmark/fixtures/layer2/ai-prompt-hygiene.ts +300 -1
package/src/__tests__/benchmark/fixtures/layer2/ai-rag-safety.ts +139 -0
package/src/__tests__/benchmark/fixtures/layer2/byok-patterns.ts +7 -0
package/src/__tests__/benchmark/fixtures/layer2/data-exposure.ts +63 -0
package/src/__tests__/benchmark/fixtures/layer2/excessive-agency.ts +221 -0
package/src/__tests__/benchmark/fixtures/layer2/index.ts +18 -0
package/src/__tests__/benchmark/fixtures/layer2/model-supply-chain.ts +204 -0
package/src/__tests__/benchmark/fixtures/layer2/phase1-enhancements.ts +157 -0
package/src/__tests__/snapshots/__snapshots__/anthropic-validation-refactor.test.ts.snap +758 -0
package/src/__tests__/snapshots/__snapshots__/dangerous-functions-refactor.test.ts.snap +503 -0
package/src/__tests__/snapshots/anthropic-validation-refactor.test.ts +321 -0
package/src/__tests__/snapshots/dangerous-functions-refactor.test.ts +439 -0
package/src/baseline/__tests__/diff.test.ts +261 -0
package/src/baseline/__tests__/manager.test.ts +225 -0
package/src/baseline/diff.ts +135 -0
package/src/baseline/index.ts +29 -0
package/src/baseline/manager.ts +230 -0
package/src/baseline/types.ts +97 -0
package/src/formatters/cli-terminal.ts +444 -41
package/src/formatters/github-comment.ts +79 -11
package/src/formatters/index.ts +4 -0
package/src/index.ts +197 -14
package/src/layer1/config-audit.ts +24 -3
package/src/layer1/config-mcp-audit.ts +276 -0
package/src/layer1/index.ts +16 -6
package/src/layer2/ai-agent-tools.ts +336 -0
package/src/layer2/ai-endpoint-protection.ts +16 -3
package/src/layer2/ai-execution-sinks.ts +516 -12
package/src/layer2/ai-fingerprinting.ts +5 -1
package/src/layer2/ai-mcp-security.ts +730 -0
package/src/layer2/ai-package-hallucination.ts +791 -0
package/src/layer2/ai-prompt-hygiene.ts +547 -9
package/src/layer2/ai-rag-safety.ts +382 -3
package/src/layer2/auth-antipatterns.ts +5 -0
package/src/layer2/byok-patterns.ts +5 -1
package/src/layer2/dangerous-functions/child-process.ts +98 -0
package/src/layer2/dangerous-functions/dom-xss.ts +220 -0
package/src/layer2/dangerous-functions/index.ts +949 -0
package/src/layer2/dangerous-functions/json-parse.ts +385 -0
package/src/layer2/dangerous-functions/math-random.ts +537 -0
package/src/layer2/dangerous-functions/patterns.ts +174 -0
package/src/layer2/dangerous-functions/request-validation.ts +145 -0
package/src/layer2/dangerous-functions/utils/control-flow.ts +162 -0
package/src/layer2/dangerous-functions/utils/helpers.ts +170 -0
package/src/layer2/dangerous-functions/utils/index.ts +25 -0
package/src/layer2/dangerous-functions/utils/schema-validation.ts +91 -0
package/src/layer2/data-exposure.ts +5 -1
package/src/layer2/framework-checks.ts +5 -0
package/src/layer2/index.ts +63 -1
package/src/layer2/logic-gates.ts +5 -0
package/src/layer2/model-supply-chain.ts +456 -0
package/src/layer2/risky-imports.ts +5 -0
package/src/layer2/variables.ts +5 -0
package/src/layer3/__tests__/osv-check.test.ts +384 -0
package/src/layer3/anthropic/auto-dismiss.ts +212 -0
package/src/layer3/anthropic/clients.ts +84 -0
package/src/layer3/anthropic/index.ts +170 -0
package/src/layer3/anthropic/prompts/index.ts +14 -0
package/src/layer3/anthropic/prompts/semantic-analysis.ts +173 -0
package/src/layer3/anthropic/prompts/validation.ts +419 -0
package/src/layer3/anthropic/providers/anthropic.ts +310 -0
package/src/layer3/anthropic/providers/index.ts +8 -0
package/src/layer3/anthropic/providers/openai.ts +384 -0
package/src/layer3/anthropic/request-builder.ts +150 -0
package/src/layer3/anthropic/types.ts +148 -0
package/src/layer3/anthropic/utils/index.ts +26 -0
package/src/layer3/anthropic/utils/path-helpers.ts +68 -0
package/src/layer3/anthropic/utils/response-parser.ts +322 -0
package/src/layer3/anthropic/utils/retry.ts +75 -0
package/src/layer3/index.ts +18 -5
package/src/layer3/osv-check.ts +420 -0
package/src/rules/__tests__/framework-fixes.test.ts +689 -0
package/src/rules/__tests__/metadata.test.ts +218 -0
package/src/rules/framework-fixes.ts +470 -0
package/src/rules/index.ts +21 -0
package/src/rules/metadata.ts +831 -0
package/src/suppression/__tests__/config-loader.test.ts +382 -0
package/src/suppression/__tests__/hash.test.ts +166 -0
package/src/suppression/__tests__/inline-parser.test.ts +212 -0
package/src/suppression/__tests__/manager.test.ts +415 -0
package/src/suppression/config-loader.ts +462 -0
package/src/suppression/hash.ts +95 -0
package/src/suppression/index.ts +51 -0
package/src/suppression/inline-parser.ts +273 -0
package/src/suppression/manager.ts +379 -0
package/src/suppression/types.ts +174 -0
package/src/tiers.ts +36 -0
package/src/types.ts +90 -0
package/src/utils/context-helpers.ts +13 -9
package/dist/layer2/dangerous-functions.d.ts +0 -7
package/dist/layer2/dangerous-functions.d.ts.map +0 -1
package/dist/layer2/dangerous-functions.js +0 -1701
package/dist/layer2/dangerous-functions.js.map +0 -1
package/dist/layer3/anthropic.d.ts +0 -87
package/dist/layer3/anthropic.d.ts.map +0 -1
package/dist/layer3/anthropic.js +0 -1948
package/dist/layer3/anthropic.js.map +0 -1
package/dist/layer3/openai.d.ts +0 -25
package/dist/layer3/openai.d.ts.map +0 -1
package/dist/layer3/openai.js +0 -238
package/dist/layer3/openai.js.map +0 -1
package/src/layer2/dangerous-functions.ts +0 -1940
package/src/layer3/anthropic.ts +0 -2257

package/src/__tests__/benchmark/fixtures/layer2/ai-mcp-security.ts ADDED Viewed

@@ -0,0 +1,495 @@
+/**
+ * MCP Security Test Fixtures
+ * Tests for detecting security issues in Model Context Protocol (MCP) tools
+ *
+ * Background: MCP enables AI agents to call external tools. Security risks include:
+ * - Tool Poisoning: External content returned without validation
+ * - Credential Issues: Credentials in tool parameters/responses
+ * - Confused Deputy: Operations without proper user context
+ *
+ * Reference: CVE-2025-6514, 13,000+ MCP servers deployed
+ */
+import type { TestGroup } from '../../types'
+export const aiMcpSecurityTests: TestGroup = {
+  name: 'MCP Tool Security',
+  tier: 'A',
+  layer: 2,
+  description: 'Detection of security issues in Model Context Protocol tools',
+  truePositives: [
+    {
+      name: 'MCP Security - Tool Poisoning True Positives',
+      expectFindings: true,
+      expectedCategories: ['ai_mcp_tool_poisoning'],
+      description: 'MCP tools returning unvalidated external content',
+      file: {
+        path: 'src/mcp/tools/fetch-tool.ts',
+        content: `
+import { McpServer, Tool } from '@modelcontextprotocol/sdk'
+const server = new McpServer({ name: 'fetch-server' })
+// Dangerous: Returns raw external content without sanitization
+server.tool('fetch_webpage', async ({ url }: { url: string }) => {
+  const response = await fetch(url)
+  const html = await response.text()
+  // Returning raw HTML - could contain prompt injection payloads
+  return { content: html }
+})
+// Dangerous: Raw file content returned without validation
+server.tool('read_file', async ({ path }: { path: string }) => {
+  const content = await fs.readFile(path, 'utf-8')
+  // No validation of file content
+  return { content }
+})
+// Dangerous: Database query results returned directly
+server.tool('query_database', async ({ query }: { query: string }) => {
+  const results = await db.query(query)
+  // Raw database content could contain injected instructions
+  return { data: results.rows }
+})
+// Dangerous: Email content without sanitization
+server.tool('get_email', async ({ id }: { id: string }) => {
+  const email = await emailClient.getMessage(id)
+  return {
+    subject: email.subject,
+    body: email.body,  // Raw email body - could contain malicious instructions
+    attachments: email.attachments
+  }
+})
+// Dangerous: RSS feed content
+server.tool('fetch_rss', async ({ feedUrl }: { feedUrl: string }) => {
+  const feed = await parser.parseURL(feedUrl)
+  // Entire feed content returned - titles, descriptions could be poisoned
+  return { items: feed.items }
+})
+`,
+        language: 'typescript',
+        size: 1300,
+      },
+    },
+    {
+      name: 'MCP Security - Credential Issues True Positives',
+      expectFindings: true,
+      expectedCategories: ['ai_mcp_credential_issue'],
+      description: 'MCP tools with credential exposure in parameters or responses',
+      file: {
+        path: 'src/mcp/tools/auth-tool.ts',
+        content: `
+import { McpServer } from '@modelcontextprotocol/sdk'
+const server = new McpServer({ name: 'auth-server' })
+// Dangerous: API key passed as tool parameter
+server.tool('call_api', async ({ apiKey, endpoint }: { apiKey: string; endpoint: string }) => {
+  const response = await fetch(endpoint, {
+    headers: { 'Authorization': \`Bearer \${apiKey}\` }
+  })
+  return { data: await response.json() }
+})
+// Dangerous: Returning credentials in response
+server.tool('create_user', async ({ email }: { email: string }) => {
+  const user = await db.createUser(email)
+  const password = generatePassword()
+  await db.setPassword(user.id, password)
+  // Returning password to the model!
+  return { userId: user.id, password, apiKey: user.apiKey }
+})
+// Dangerous: Token in response
+server.tool('authenticate', async ({ username, password }: { username: string; password: string }) => {
+  const result = await auth.login(username, password)
+  // JWT token exposed to model
+  return { token: result.jwt, refreshToken: result.refreshToken }
+})
+// Dangerous: Database connection string in parameter
+server.tool('connect_db', async ({ connectionString }: { connectionString: string }) => {
+  const client = await Database.connect(connectionString)
+  return { status: 'connected' }
+})
+// Dangerous: Private key parameter
+server.tool('sign_message', async ({ privateKey, message }: { privateKey: string; message: string }) => {
+  const signature = crypto.sign(privateKey, message)
+  return { signature }
+})
+// Dangerous: Returning secrets from environment
+server.tool('get_config', async () => {
+  return {
+    apiUrl: process.env.API_URL,
+    apiKey: process.env.API_KEY,  // Secret exposed!
+    secretKey: process.env.SECRET_KEY,  // Secret exposed!
+  }
+})
+`,
+        language: 'typescript',
+        size: 1500,
+      },
+    },
+    {
+      name: 'MCP Security - Confused Deputy True Positives',
+      expectFindings: true,
+      expectedCategories: ['ai_mcp_confused_deputy'],
+      description: 'MCP tools performing operations without user context',
+      file: {
+        path: 'src/mcp/tools/data-tool.ts',
+        content: `
+import { McpServer } from '@modelcontextprotocol/sdk'
+const server = new McpServer({ name: 'data-server' })
+// Dangerous: No user context - can access any user's files
+server.tool('read_user_file', async ({ fileId }: { fileId: string }) => {
+  // No user authentication/authorization
+  const file = await db.files.findById(fileId)
+  return { content: file.content }
+})
+// Dangerous: Delete without user verification
+server.tool('delete_record', async ({ recordId }: { recordId: string }) => {
+  // No check if user owns this record
+  await db.records.delete(recordId)
+  return { success: true }
+})
+// Dangerous: Update any user's data
+server.tool('update_profile', async ({ userId, data }: { userId: string; data: any }) => {
+  // Can update ANY user's profile, not just the current user
+  await db.users.update(userId, data)
+  return { success: true }
+})
+// Dangerous: Cross-tenant data access
+server.tool('get_organization_data', async ({ orgId }: { orgId: string }) => {
+  // No tenant verification - can access any org's data
+  const data = await db.organizations.findById(orgId)
+  return { data }
+})
+// Dangerous: Admin action without auth
+server.tool('grant_admin', async ({ userId }: { userId: string }) => {
+  // No authorization check - any agent can make users admin
+  await db.users.update(userId, { role: 'admin' })
+  return { success: true }
+})
+// Dangerous: Sending email as any user
+server.tool('send_email', async ({ from, to, subject, body }: { from: string; to: string; subject: string; body: string }) => {
+  // No verification that 'from' is the actual user
+  await emailService.send({ from, to, subject, body })
+  return { sent: true }
+})
+// Dangerous: Accessing financial data without scope
+server.tool('get_transactions', async ({ accountId }: { accountId: string }) => {
+  // Can access any account's transactions
+  const transactions = await financeService.getTransactions(accountId)
+  return { transactions }
+})
+`,
+        language: 'typescript',
+        size: 1700,
+      },
+    },
+    {
+      name: 'MCP Security - Python MCP Tools True Positives',
+      expectFindings: true,
+      expectedCategories: ['ai_mcp_tool_poisoning', 'ai_mcp_credential_issue', 'ai_mcp_confused_deputy'],
+      description: 'Python MCP server with security issues',
+      file: {
+        path: 'src/mcp/server.py',
+        content: `
+from mcp import McpServer
+from mcp.server import Tool
+server = McpServer(name="python-mcp")
+# Tool poisoning: raw external content
+@server.tool("fetch_url")
+async def fetch_url(url: str) -> dict:
+    response = await httpx.get(url)
+    # Raw content returned without sanitization
+    return {"content": response.text}
+# Credential issue: API key parameter
+@server.tool("api_call")
+async def api_call(api_key: str, endpoint: str) -> dict:
+    response = await httpx.get(endpoint, headers={"Authorization": f"Bearer {api_key}"})
+    return {"data": response.json()}
+# Confused deputy: no user context
+@server.tool("delete_file")
+async def delete_file(file_id: str) -> dict:
+    # No user verification
+    await storage.delete(file_id)
+    return {"deleted": True}
+# Tool poisoning: returning database content
+@server.tool("search_documents")
+async def search_documents(query: str) -> dict:
+    results = await db.search(query)
+    return {"documents": results}
+# Credential in response
+@server.tool("create_api_key")
+async def create_api_key(name: str) -> dict:
+    key = await keys.create(name)
+    return {"api_key": key.secret}  # Exposing secret!
+`,
+        language: 'python',
+        size: 1100,
+      },
+    },
+  ],
+  falseNegatives: [
+    {
+      name: 'MCP Security - Safe Patterns',
+      expectFindings: false,
+      description: 'Safe MCP tool implementations that should NOT be flagged',
+allowedInfoFindings: [
+        {
+          category: 'ai_mcp_tool_poisoning',
+          maxCount: 5,
+          reason: 'Some safe patterns may still flag at info level for hygiene',
+        },
+        {
+          category: 'ai_mcp_confused_deputy',
+          maxCount: 5,
+          reason: 'User context patterns may still flag at info level',
+        },
+        {
+          category: 'ai_overpermissive_tool',
+          maxCount: 10,
+          reason: 'ai-agent-tools detector flags MCP tool registrations (separate detector)',
+        },
+        {
+          category: 'high_entropy_string',
+          maxCount: 2,
+          reason: 'DOMPurify import may trigger entropy detection',
+        },
+      ],
+      file: {
+        path: 'src/mcp/tools/safe-tools.ts',
+        content: `
+import { McpServer } from '@modelcontextprotocol/sdk'
+import { sanitize } from 'dompurify'
+import { validateSchema } from 'zod'
+const server = new McpServer({ name: 'safe-server' })
+// Safe: Content sanitized before return
+server.tool('fetch_safe', async ({ url }: { url: string }, context) => {
+  const userId = context.user.id  // User context!
+  const response = await fetch(url)
+  const html = await response.text()
+  // Content is sanitized
+  const sanitized = sanitize(html, { ALLOWED_TAGS: ['p', 'a', 'b'] })
+  return { content: sanitized }
+})
+// Safe: User context properly validated
+server.tool('get_my_files', async (_params, context) => {
+  const userId = context.user.id
+  // Only getting the current user's files
+  const files = await db.files.findByUser(userId)
+  return { files: files.map(f => ({ id: f.id, name: f.name })) }
+})
+// Safe: Server-side auth, no credentials exposed
+server.tool('call_external_api', async ({ endpoint }: { endpoint: string }) => {
+  // API key from environment, not passed as parameter
+  const response = await fetch(endpoint, {
+    headers: { 'Authorization': \`Bearer \${process.env.INTERNAL_API_KEY}\` }
+  })
+  // Only returning safe data, no credentials
+  return { data: await response.json() }
+})
+// Safe: Proper authorization check
+server.tool('delete_my_record', async ({ recordId }: { recordId: string }, context) => {
+  const userId = context.user.id
+  const record = await db.records.findById(recordId)
+  // Authorization check
+  if (record.ownerId !== userId) {
+    throw new Error('Not authorized')
+  }
+  await db.records.delete(recordId)
+  return { success: true }
+})
+// Safe: Content validation with schema
+server.tool('search_public_data', async ({ query }: { query: string }, context) => {
+  const userId = context.user.id
+  const results = await db.publicData.search(query)
+  // Returning only safe fields, validated structure
+  return {
+    results: results.map(r => ({
+      id: r.id,
+      title: sanitize(r.title),  // Sanitized
+      summary: sanitize(r.summary)  // Sanitized
+    }))
+  }
+})
+// Safe: Tenant-scoped operations
+server.tool('get_org_report', async ({ reportId }: { reportId: string }, context) => {
+  const tenantId = context.user.tenantId
+  const report = await db.reports.findById(reportId)
+  // Tenant check
+  if (report.tenantId !== tenantId) {
+    throw new Error('Not authorized')
+  }
+  return { report }
+})
+// Safe: Pure computation, no external data
+server.tool('calculate', async ({ expression }: { expression: string }) => {
+  // Safe math evaluation, no external content
+  const result = mathjs.evaluate(expression)
+  return { result }
+})
+// Safe: Static data only
+server.tool('get_documentation', async ({ topic }: { topic: string }) => {
+  // Returns static documentation, not user content
+  const docs = await loadStaticDocs(topic)
+  return { content: docs }
+})
+`,
+        language: 'typescript',
+        size: 2500,
+      },
+    },
+    {
+      name: 'MCP Security - Test File Patterns',
+      expectFindings: false,
+      description: 'Test files should not be flagged',
+      allowedInfoFindings: [
+        {
+          category: 'ai_mcp_tool_poisoning',
+          maxCount: 3,
+          reason: 'Test file may have info-level findings for review',
+        },
+        {
+          category: 'ai_mcp_credential_issue',
+          maxCount: 3,
+          reason: 'Test file may have info-level findings for review',
+        },
+        {
+          category: 'ai_mcp_confused_deputy',
+          maxCount: 3,
+          reason: 'Test file may have info-level findings for review',
+        },
+        {
+          category: 'ai_overpermissive_tool',
+          maxCount: 3,
+          reason: 'ai-agent-tools detector may flag MCP patterns',
+        },
+      ],
+      file: {
+        path: 'src/mcp/__tests__/tools.test.ts',
+        content: `
+import { McpServer } from '@modelcontextprotocol/sdk'
+describe('MCP Tools', () => {
+  it('should handle raw content in tests', async () => {
+    const server = new McpServer({ name: 'test-server' })
+    server.tool('fetch_test', async ({ url }) => {
+      const response = await fetch(url)
+      return { content: await response.text() }
+    })
+    // Test assertions
+  })
+  it('should test credential handling', async () => {
+    const server = new McpServer({ name: 'test-server' })
+    server.tool('auth_test', async ({ apiKey }) => {
+      return { token: 'test-token', apiKey }
+    })
+  })
+  it('should test user operations', async () => {
+    const server = new McpServer({ name: 'test-server' })
+    server.tool('delete_test', async ({ id }) => {
+      await mockDb.delete(id)
+      return { success: true }
+    })
+  })
+})
+`,
+        language: 'typescript',
+        size: 900,
+      },
+    },
+    {
+      name: 'MCP Security - Example/Demo Files',
+      expectFindings: false,
+      description: 'Example files in documentation should be downgraded',
+      allowedInfoFindings: [
+        {
+          category: 'ai_mcp_tool_poisoning',
+          maxCount: 5,
+          reason: 'Example files may have info-level findings',
+        },
+        {
+          category: 'ai_mcp_credential_issue',
+          maxCount: 3,
+          reason: 'Example files may have info-level findings',
+        },
+        {
+          category: 'ai_mcp_confused_deputy',
+          maxCount: 3,
+          reason: 'Example files may have info-level findings',
+        },
+        {
+          category: 'ai_overpermissive_tool',
+          maxCount: 3,
+          reason: 'ai-agent-tools detector may flag MCP patterns',
+        },
+      ],
+      file: {
+        path: 'examples/mcp-quickstart/server.ts',
+        content: `
+// This is an example file for documentation
+import { McpServer } from '@modelcontextprotocol/sdk'
+const server = new McpServer({ name: 'example-server' })
+// Example: Simple fetch tool
+server.tool('example_fetch', async ({ url }) => {
+  const response = await fetch(url)
+  return { content: await response.text() }
+})
+// Example: Data retrieval
+server.tool('example_query', async ({ query }) => {
+  const results = await db.query(query)
+  return { data: results }
+})
+console.log('Example server started')
+`,
+        language: 'typescript',
+        size: 500,
+      },
+    },
+  ],
+}