@offgridsec/kira-lite-mcp 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/INSTALL.md +6 -6
  2. package/README.md +4 -4
  3. package/config/settings.local.json +1 -1
  4. package/dist/config.js +1 -1
  5. package/dist/core/engines/osv.js +1 -1
  6. package/dist/core/engines/runner.js +1 -1
  7. package/dist/core/scanner.js +1 -1
  8. package/dist/core/utils.js +1 -1
  9. package/dist/index.js +1 -1
  10. package/dist/rules/c-cpp.js +1 -1
  11. package/dist/rules/cicd.js +1 -1
  12. package/dist/rules/csharp-extended.js +1 -1
  13. package/dist/rules/csharp.js +1 -1
  14. package/dist/rules/docker.js +1 -1
  15. package/dist/rules/go-extended.js +1 -1
  16. package/dist/rules/go.js +1 -1
  17. package/dist/rules/graphql-extended.js +1 -1
  18. package/dist/rules/index.js +1 -1
  19. package/dist/rules/java-extended.js +1 -1
  20. package/dist/rules/java.js +1 -1
  21. package/dist/rules/javascript-extended.js +1 -1
  22. package/dist/rules/javascript.js +1 -1
  23. package/dist/rules/kotlin.js +1 -1
  24. package/dist/rules/kubernetes.js +1 -1
  25. package/dist/rules/php-extended.js +1 -1
  26. package/dist/rules/php.js +1 -1
  27. package/dist/rules/python-extended.js +1 -1
  28. package/dist/rules/python.js +1 -1
  29. package/dist/rules/ruby-extended.js +1 -1
  30. package/dist/rules/ruby.js +1 -1
  31. package/dist/rules/rust.js +1 -1
  32. package/dist/rules/secrets-extended.js +1 -1
  33. package/dist/rules/secrets.js +1 -1
  34. package/dist/rules/shell.js +1 -1
  35. package/dist/rules/swift.js +1 -1
  36. package/dist/rules/terraform.js +1 -1
  37. package/dist/telemetry.js +1 -1
  38. package/dist/tools/fix-vulnerability.js +1 -1
  39. package/dist/tools/scan-code.js +1 -1
  40. package/dist/tools/scan-dependencies.js +1 -1
  41. package/dist/tools/scan-diff.js +1 -1
  42. package/dist/tools/scan-file.js +1 -1
  43. package/dist/tools/scan-new-imports.js +1 -1
  44. package/hook.mjs +17 -25
  45. package/package.json +1 -1
package/hook.mjs CHANGED
@@ -1,8 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
 
3
- // Kira-Lite pre-write hook for Claude Code
4
- // Fires via PreToolUse BEFORE Write/Edit hits disk exits 2 to block vulnerable code.
5
- // Falls back to report-only mode when running under PostToolUse (legacy installs).
3
+ // Kira-Lite post-write hook for Claude Code
4
+ // Scans files after Edit/Write to catch anything the MCP pre-scan missed.
6
5
 
7
6
  import { KiraScanner } from "./dist/core/scanner.js";
8
7
  import { readFileSync } from "node:fs";
@@ -29,26 +28,21 @@ process.stdin.on("data", (chunk) => (input += chunk));
29
28
  process.stdin.on("end", async () => {
30
29
  try {
31
30
  const hookData = JSON.parse(input);
32
- const toolName = hookData?.tool_name;
33
- const toolInput = hookData?.tool_input;
34
- const filePath = toolInput?.file_path;
35
- const isPreHook = hookData?.hook_event_name === "PreToolUse";
31
+ const filePath = hookData?.tool_input?.file_path;
36
32
 
37
- if (!toolInput) process.exit(0);
33
+ if (!filePath) process.exit(0);
38
34
 
39
- // Extract the code being written from tool_input (available in both Pre and PostToolUse)
40
- let code = null;
41
- if (toolName === "Write") {
42
- code = toolInput?.content;
43
- } else if (toolName === "Edit") {
44
- code = toolInput?.new_string;
45
- } else if (toolName === "MultiEdit") {
46
- code = (toolInput?.edits || []).map((e) => e.new_string).join("\n");
35
+ // Read the file that was just written
36
+ let code;
37
+ try {
38
+ code = readFileSync(filePath, "utf-8");
39
+ } catch {
40
+ process.exit(0); // file doesn't exist or can't read — skip
47
41
  }
48
42
 
49
- if (!code || !filePath) process.exit(0);
50
-
51
43
  const language = detectLanguage(filePath);
44
+
45
+ // Use regex-only scan for speed (hooks should be fast)
52
46
  const result = scanner.scanRegex({ code, language, filename: filePath });
53
47
 
54
48
  const critical = result.findings.filter(
@@ -56,16 +50,14 @@ process.stdin.on("end", async () => {
56
50
  );
57
51
 
58
52
  if (critical.length > 0) {
59
- const action = isPreHook ? "BLOCKED" : "WARNING (fix manually)";
60
- process.stdout.write(
61
- `\n⚠ Kira-Lite ${action}: ${critical.length} critical/high vulnerabilities in ${filePath}:\n`
53
+ console.error(
54
+ `\n⚠ Kira-Lite: ${critical.length} critical/high vulnerabilities in ${filePath}:`
62
55
  );
63
56
  for (const f of critical) {
64
- process.stdout.write(` [${f.severity.toUpperCase()}] ${f.title} (line ${f.line})\n`);
57
+ console.error(` [${f.severity.toUpperCase()}] ${f.title} (line ${f.line})`);
65
58
  }
66
- process.stdout.write("\nFix these vulnerabilities before writing the code.\n\n");
67
- // PreToolUse: exit 2 blocks the write. PostToolUse: exit 0 (write already happened).
68
- process.exit(isPreHook ? 2 : 0);
59
+ console.error("");
60
+ process.exit(1);
69
61
  }
70
62
 
71
63
  process.exit(0);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@offgridsec/kira-lite-mcp",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "description": "Kira-Lite MCP Server — Real-time security scanning for AI coding assistants",
5
5
  "author": "Offgrid Security <contact@offgridsec.com>",
6
6
  "homepage": "https://offgridsec.com",