npm - @panguard-ai/panguard-mcp - Versions diffs - 1.2.0 → 1.3.1 - Mend

@panguard-ai/panguard-mcp 1.2.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/dist/cli/index.js +67 -0
package/dist/cli/index.js.map +1 -0
package/dist/config/index.d.ts +1 -1
package/dist/config/index.d.ts.map +1 -1
package/dist/config/index.js +1 -1
package/dist/config/index.js.map +1 -1
package/dist/config/mcp-config-reader.d.ts +3 -2
package/dist/config/mcp-config-reader.d.ts.map +1 -1
package/dist/config/mcp-config-reader.js +81 -4
package/dist/config/mcp-config-reader.js.map +1 -1
package/dist/config/mcp-injector.d.ts +40 -0
package/dist/config/mcp-injector.d.ts.map +1 -1
package/dist/config/mcp-injector.js +305 -0
package/dist/config/mcp-injector.js.map +1 -0
package/dist/config/platform-detector.d.ts +31 -0
package/dist/config/platform-detector.d.ts.map +1 -1
package/dist/config/platform-detector.js +396 -0
package/dist/config/platform-detector.js.map +1 -0
package/dist/index.js +12 -0
package/dist/index.js.map +1 -0
package/dist/server.js +323 -0
package/dist/server.js.map +1 -0
package/dist/tools/guard-tools.d.ts.map +1 -0
package/dist/tools/guard-tools.js +356 -0
package/dist/tools/guard-tools.js.map +1 -0
package/dist/tools/manage-tools.js +299 -0
package/dist/tools/manage-tools.js.map +1 -0
package/dist/tools/scan-tools.js +157 -0
package/dist/tools/scan-tools.js.map +1 -0
package/package.json +5 -5

package/dist/server.js ADDED Viewed

@@ -0,0 +1,323 @@
+/**
+ * Panguard MCP - Server
+ * Panguard MCP - 伺服器
+ *
+ * Main MCP server entry: registers all tools and dispatches incoming requests.
+ * 主要 MCP 伺服器入口：註冊所有工具並分派傳入請求。
+ *
+ * @module @panguard-ai/panguard-mcp/server
+ */
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import { createLogger } from '@panguard-ai/core';
+import { executeScan, executeScanCode } from './tools/scan-tools.js';
+import { executeGuardStart, executeGuardStop, executeStatus, executeAlerts, } from './tools/guard-tools.js';
+import { executeBlockIP, executeGenerateReport, executeInit, executeDeploy, } from './tools/manage-tools.js';
+const logger = createLogger('panguard-mcp:server');
+import { createRequire } from 'node:module';
+const _require = createRequire(import.meta.url);
+const _pkg = _require('../package.json');
+/** MCP server version / MCP 伺服器版本 */
+export const PANGUARD_MCP_VERSION = _pkg.version;
+/**
+ * All MCP tool definitions.
+ * 所有 MCP 工具定義。
+ *
+ * Each tool has a name, description (bilingual EN/ZH-TW), and inputSchema.
+ * 每個工具都有名稱、雙語描述（EN/ZH-TW）和輸入結構。
+ */
+const TOOL_DEFINITIONS = [
+    {
+        name: 'panguard_scan',
+        description: 'Run a security health check scan on the local system. Returns risk score (0-100), grade (A-F), and list of security findings. / 在本機執行資安健檢掃描，回傳風險分數、等級和安全發現清單。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                depth: {
+                    type: 'string',
+                    enum: ['quick', 'full'],
+                    description: 'Scan depth: quick (~30s) or full (~60s)',
+                    default: 'quick',
+                },
+                lang: {
+                    type: 'string',
+                    enum: ['en', 'zh-TW'],
+                    description: 'Output language',
+                    default: 'en',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_scan_code',
+        description: 'Scan source code directory for security vulnerabilities (SAST). Detects SQL injection, XSS, hardcoded secrets, command injection, and more. / 掃描原始碼目錄的安全漏洞（SAST）。偵測 SQL 注入、XSS、硬編碼密鑰等。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                dir: {
+                    type: 'string',
+                    description: 'Source code directory to scan',
+                    default: '.',
+                },
+                lang: {
+                    type: 'string',
+                    enum: ['en', 'zh-TW'],
+                    default: 'en',
+                },
+            },
+            required: ['dir'],
+        },
+    },
+    {
+        name: 'panguard_guard_start',
+        description: 'Start the Panguard Guard real-time threat monitoring daemon. / 啟動 Panguard Guard 即時威脅監控常駐程式。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                dataDir: {
+                    type: 'string',
+                    description: 'Data directory (default: ~/.panguard-guard)',
+                },
+                mode: {
+                    type: 'string',
+                    enum: ['learning', 'protection'],
+                    description: 'Operating mode',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_guard_stop',
+        description: 'Stop the Panguard Guard daemon. / 停止 Panguard Guard 常駐程式。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                dataDir: {
+                    type: 'string',
+                    description: 'Data directory (default: ~/.panguard-guard)',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_status',
+        description: 'Get the current status of all Panguard services (guard, scan, manager). Returns running state, threat counts, and system info. / 取得所有 Panguard 服務的當前狀態。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                dataDir: {
+                    type: 'string',
+                    description: 'Data directory (default: ~/.panguard-guard)',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_alerts',
+        description: 'Get recent security alerts detected by Panguard Guard. Returns the latest threat events with severity and details. / 取得 Panguard Guard 偵測到的近期安全告警。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                limit: {
+                    type: 'number',
+                    description: 'Maximum number of alerts to return',
+                    default: 20,
+                },
+                severity: {
+                    type: 'string',
+                    enum: ['critical', 'high', 'medium', 'low', 'all'],
+                    default: 'all',
+                },
+                dataDir: {
+                    type: 'string',
+                    description: 'Data directory (default: ~/.panguard-guard)',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_block_ip',
+        description: 'Manually block an IP address from accessing the system. / 手動封鎖 IP 位址存取系統。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                ip: {
+                    type: 'string',
+                    description: 'IP address to block (IPv4 or IPv6)',
+                },
+                duration: {
+                    type: 'string',
+                    description: 'Block duration (e.g., "1h", "24h", "permanent")',
+                    default: '1h',
+                },
+                reason: {
+                    type: 'string',
+                    description: 'Reason for blocking',
+                },
+            },
+            required: ['ip'],
+        },
+    },
+    {
+        name: 'panguard_generate_report',
+        description: 'Generate a PDF compliance report from scan results. Returns the path to the generated PDF. / 從掃描結果生成 PDF 合規報告。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                output: {
+                    type: 'string',
+                    description: 'Output PDF path',
+                    default: './panguard-report.pdf',
+                },
+                lang: {
+                    type: 'string',
+                    enum: ['en', 'zh-TW'],
+                    default: 'en',
+                },
+                depth: {
+                    type: 'string',
+                    enum: ['quick', 'full'],
+                    default: 'full',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_init',
+        description: 'Initialize Panguard configuration interactively (non-interactive mode with defaults). / 以非互動模式初始化 Panguard 配置。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                dataDir: {
+                    type: 'string',
+                    description: 'Data directory (default: ~/.panguard-guard)',
+                },
+                lang: {
+                    type: 'string',
+                    enum: ['en', 'zh-TW'],
+                    default: 'en',
+                },
+                mode: {
+                    type: 'string',
+                    enum: ['learning', 'protection'],
+                    default: 'learning',
+                },
+            },
+        },
+    },
+    {
+        name: 'panguard_audit_skill',
+        description: 'Audit an OpenClaw/AgentSkills SKILL.md directory for security issues. Checks manifest validity, prompt injection, tool poisoning, code vulnerabilities, dependencies, and permissions. Returns risk score (0-100) and detailed findings. / 審計 OpenClaw 技能目錄的安全問題。檢查清單有效性、提示注入、工具投毒、程式碼漏洞、依賴和權限。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                path: {
+                    type: 'string',
+                    description: 'Path to skill directory containing SKILL.md',
+                },
+            },
+            required: ['path'],
+        },
+    },
+    {
+        name: 'panguard_deploy',
+        description: 'Deploy Panguard services: scan for vulnerabilities, start guard monitoring, and generate initial report. This is the one-click setup for protection. / 部署 Panguard 服務：掃描漏洞、啟動監控並生成初始報告。一鍵設定防護。',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                dataDir: {
+                    type: 'string',
+                    description: 'Data directory (default: ~/.panguard-guard)',
+                },
+                lang: {
+                    type: 'string',
+                    enum: ['en', 'zh-TW'],
+                    default: 'en',
+                },
+                mode: {
+                    type: 'string',
+                    enum: ['learning', 'protection'],
+                    default: 'learning',
+                },
+                generateReport: {
+                    type: 'boolean',
+                    description: 'Generate PDF report after scan',
+                    default: true,
+                },
+            },
+        },
+    },
+];
+/**
+ * Returns the complete list of all MCP tool definitions.
+ * 返回所有 MCP 工具定義的完整清單。
+ */
+export function getAllToolDefinitions() {
+    return TOOL_DEFINITIONS;
+}
+/**
+ * Dispatch an incoming tool call to the appropriate handler.
+ * 將傳入的工具呼叫分派給適當的處理程序。
+ *
+ * @param name - Tool name / 工具名稱
+ * @param args - Tool arguments / 工具參數
+ */
+export async function dispatchTool(name, args) {
+    switch (name) {
+        case 'panguard_scan':
+            return executeScan(args);
+        case 'panguard_scan_code':
+            return executeScanCode(args);
+        case 'panguard_guard_start':
+            return executeGuardStart(args);
+        case 'panguard_guard_stop':
+            return executeGuardStop(args);
+        case 'panguard_status':
+            return executeStatus(args);
+        case 'panguard_alerts':
+            return executeAlerts(args);
+        case 'panguard_block_ip':
+            return executeBlockIP(args);
+        case 'panguard_generate_report':
+            return executeGenerateReport(args);
+        case 'panguard_init':
+            return executeInit(args);
+        case 'panguard_deploy':
+            return executeDeploy(args);
+        case 'panguard_audit_skill': {
+            const { auditSkill } = await import('@panguard-ai/panguard-skill-auditor');
+            const skillPath = args['path'] ?? '.';
+            const report = await auditSkill(skillPath);
+            return {
+                content: [{ type: 'text', text: JSON.stringify(report, null, 2) }],
+            };
+        }
+        default:
+            return {
+                content: [{ type: 'text', text: `Unknown tool: ${name}` }],
+                isError: true,
+            };
+    }
+}
+/**
+ * Create and start the MCP server using stdio transport.
+ * 使用 stdio 傳輸建立並啟動 MCP 伺服器。
+ *
+ * This is the main entry point for the MCP server process.
+ * 這是 MCP 伺服器進程的主要入口點。
+ */
+export async function startMCPServer() {
+    const server = new Server({ name: 'panguard-mcp', version: PANGUARD_MCP_VERSION }, { capabilities: { tools: {} } });
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: getAllToolDefinitions(),
+    }));
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        return await dispatchTool(name, args ?? {});
+    });
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    logger.info('Panguard MCP server started / Panguard MCP 伺服器已啟動');
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,oCAAoC,CAAC;AACnG,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACb,aAAa,GACd,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,WAAW,EACX,aAAa,GACd,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,GAAG,YAAY,CAAC,qBAAqB,CAAC,CAAC;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,iBAAiB,CAAwB,CAAC;AAEhE,qCAAqC;AACrC,MAAM,CAAC,MAAM,oBAAoB,GAAW,IAAI,CAAC,OAAO,CAAC;AAEzD;;;;;;GAMG;AACH,MAAM,gBAAgB,GAAG;IACvB;QACE,IAAI,EAAE,eAAe;QACrB,WAAW,EACT,+JAA+J;QACjK,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;oBACvB,WAAW,EAAE,yCAAyC;oBACtD,OAAO,EAAE,OAAO;iBACjB;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC;oBACrB,WAAW,EAAE,iBAAiB;oBAC9B,OAAO,EAAE,IAAI;iBACd;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EACT,wLAAwL;QAC1L,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,GAAG,EAAE;oBACH,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,+BAA+B;oBAC5C,OAAO,EAAE,GAAG;iBACb;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC;oBACrB,OAAO,EAAE,IAAI;iBACd;aACF;YACD,QAAQ,EAAE,CAAC,KAAK,CAAC;SAClB;KACF;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EACT,8FAA8F;QAChG,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;oBAChC,WAAW,EAAE,gBAAgB;iBAC9B;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,2DAA2D;QACxE,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACT,yJAAyJ;QAC3J,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACT,oJAAoJ;QACtJ,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,oCAAoC;oBACjD,OAAO,EAAE,EAAE;iBACZ;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC;oBAClD,OAAO,EAAE,KAAK;iBACf;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,2EAA2E;QAC7E,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,EAAE,EAAE;oBACF,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,oCAAoC;iBAClD;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iDAAiD;oBAC9D,OAAO,EAAE,IAAI;iBACd;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,qBAAqB;iBACnC;aACF;YACD,QAAQ,EAAE,CAAC,IAAI,CAAC;SACjB;KACF;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EACT,gHAAgH;QAClH,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iBAAiB;oBAC9B,OAAO,EAAE,uBAAuB;iBACjC;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC;oBACrB,OAAO,EAAE,IAAI;iBACd;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;oBACvB,OAAO,EAAE,MAAM;iBAChB;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,eAAe;QACrB,WAAW,EACT,gHAAgH;QAClH,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC;oBACrB,OAAO,EAAE,IAAI;iBACd;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;oBAChC,OAAO,EAAE,UAAU;iBACpB;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EACT,iSAAiS;QACnS,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EACT,gMAAgM;QAClM,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,6CAA6C;iBAC3D;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC;oBACrB,OAAO,EAAE,IAAI;iBACd;gBACD,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;oBAChC,OAAO,EAAE,UAAU;iBACpB;gBACD,cAAc,EAAE;oBACd,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,gCAAgC;oBAC7C,OAAO,EAAE,IAAI;iBACd;aACF;SACF;KACF;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY,EAAE,IAA6B;IAC5E,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,eAAe;YAClB,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,oBAAoB;YACvB,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;QAC/B,KAAK,sBAAsB;YACzB,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACjC,KAAK,qBAAqB;YACxB,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAChC,KAAK,iBAAiB;YACpB,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;QAC7B,KAAK,iBAAiB;YACpB,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;QAC7B,KAAK,mBAAmB;YACtB,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;QAC9B,KAAK,0BAA0B;YAC7B,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC;QACrC,KAAK,eAAe;YAClB,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3B,KAAK,iBAAiB;YACpB,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;QAC7B,KAAK,sBAAsB,CAAC,CAAC,CAAC;YAC5B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,qCAAqC,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAI,IAAI,CAAC,MAAM,CAAY,IAAI,GAAG,CAAC;YAClD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAC5E,CAAC;QACJ,CAAC;QACD;YACE,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBACnE,OAAO,EAAE,IAAI;aACd,CAAC;IACN,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,oBAAoB,EAAE,EACvD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE,qBAAqB,EAAE;KAC/B,CAAC,CAAC,CAAC;IAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACjD,OAAO,MAAM,YAAY,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;AACnE,CAAC"}

package/dist/tools/guard-tools.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"guard-tools.d.ts","sourceRoot":"","sources":["../../src/tools/guard-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAiBH;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;;;;;;;;;;;;GAgMpE;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;;;;;GA6CnE;AAED;;;GAGG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;;;;;GAiEhE;AAED;;;GAGG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;;;;;GAiDhE"}

package/dist/tools/guard-tools.js ADDED Viewed

@@ -0,0 +1,356 @@
+/**
+ * Panguard MCP - Guard Tools
+ * Panguard MCP - 守護工具
+ *
+ * Implements panguard_guard_start, panguard_guard_stop, panguard_status,
+ * and panguard_alerts MCP tools.
+ * 實作 panguard_guard_start、panguard_guard_stop、panguard_status 和 panguard_alerts MCP 工具。
+ *
+ * @module @panguard-ai/panguard-mcp/tools/guard-tools
+ */
+import { promises as fs, existsSync, readFileSync, openSync, closeSync } from 'node:fs';
+import { spawn } from 'node:child_process';
+import { createRequire } from 'node:module';
+import { fileURLToPath } from 'node:url';
+import os from 'node:os';
+import path from 'node:path';
+/**
+ * Resolve the guard data directory from args or default.
+ * 從參數或預設值解析守護資料目錄。
+ */
+function resolveDataDir(args) {
+    return args['dataDir'] ?? path.join(os.homedir(), '.panguard-guard');
+}
+/**
+ * Execute panguard_guard_start — start the real-time threat monitoring daemon.
+ * 執行 panguard_guard_start — 啟動即時威脅監控常駐程式。
+ *
+ * Spawns the guard daemon as a detached background process with stdio
+ * redirected to a log file, so it does not interfere with MCP stdio transport.
+ * 將守護常駐程式作為分離的背景進程啟動，stdio 重導向到日誌檔案。
+ */
+export async function executeGuardStart(args) {
+    const dataDir = resolveDataDir(args);
+    const mode = args['mode'] ?? 'learning';
+    try {
+        await fs.mkdir(dataDir, { recursive: true });
+    }
+    catch {
+        // Directory may already exist
+    }
+    // Check if guard is already running
+    const pidFile = path.join(dataDir, 'panguard-guard.pid');
+    try {
+        const pidContent = await fs.readFile(pidFile, 'utf-8');
+        const existingPid = parseInt(pidContent.trim(), 10);
+        if (!isNaN(existingPid)) {
+            try {
+                process.kill(existingPid, 0);
+                // Process exists — guard is already running
+                return {
+                    content: [
+                        {
+                            type: 'text',
+                            text: JSON.stringify({
+                                status: 'already_running',
+                                pid: existingPid,
+                                dataDir,
+                                mode,
+                                message: `Guard engine is already running (PID: ${existingPid}).`,
+                            }, null, 2),
+                        },
+                    ],
+                };
+            }
+            catch {
+                // Process not found — stale PID file, continue to start
+                await fs.unlink(pidFile).catch(() => undefined);
+            }
+        }
+    }
+    catch {
+        // No PID file — proceed to start
+    }
+    // Resolve the panguard-guard CLI script path
+    let guardCliScript;
+    try {
+        const _require = createRequire(import.meta.url);
+        const guardMainPath = _require.resolve('@panguard-ai/panguard-guard');
+        guardCliScript = path.join(path.dirname(guardMainPath), 'cli', 'index.js');
+    }
+    catch {
+        // Fallback: try resolving via import.meta.resolve
+        try {
+            const guardMainUrl = import.meta.resolve('@panguard-ai/panguard-guard');
+            guardCliScript = path.join(fileURLToPath(guardMainUrl), '..', 'cli', 'index.js');
+        }
+        catch {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            status: 'error',
+                            message: 'Could not resolve @panguard-ai/panguard-guard package. Is it installed?',
+                        }, null, 2),
+                    },
+                ],
+                isError: true,
+            };
+        }
+    }
+    // Spawn guard as a detached background process
+    const logPath = path.join(dataDir, 'guard.log');
+    let logFd;
+    try {
+        logFd = openSync(logPath, 'a');
+    }
+    catch (err) {
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify({
+                        status: 'error',
+                        message: `Failed to open log file: ${err instanceof Error ? err.message : String(err)}`,
+                    }, null, 2),
+                },
+            ],
+            isError: true,
+        };
+    }
+    try {
+        const child = spawn(process.execPath, [guardCliScript, 'start'], {
+            detached: true,
+            stdio: ['ignore', logFd, logFd],
+            env: { ...process.env },
+        });
+        child.unref();
+        closeSync(logFd);
+        // Wait for PID file to confirm startup (up to 5 seconds)
+        let started = false;
+        let newPid = null;
+        const deadline = Date.now() + 5000;
+        while (Date.now() < deadline) {
+            if (existsSync(pidFile)) {
+                try {
+                    const content = readFileSync(pidFile, 'utf-8').trim();
+                    const parsed = parseInt(content, 10);
+                    if (!isNaN(parsed)) {
+                        process.kill(parsed, 0);
+                        started = true;
+                        newPid = parsed;
+                        break;
+                    }
+                }
+                catch {
+                    // Not ready yet
+                }
+            }
+            await new Promise((r) => setTimeout(r, 300));
+        }
+        if (started) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            status: 'started',
+                            pid: newPid,
+                            dataDir,
+                            mode,
+                            logFile: logPath,
+                            message: `Guard engine started successfully (PID: ${newPid}).`,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        else {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: JSON.stringify({
+                            status: 'timeout',
+                            dataDir,
+                            mode,
+                            logFile: logPath,
+                            message: 'Guard engine was spawned but did not confirm startup within 5 seconds. Check the log file for details.',
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+    }
+    catch (err) {
+        closeSync(logFd);
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify({
+                        status: 'error',
+                        message: `Failed to spawn guard process: ${err instanceof Error ? err.message : String(err)}`,
+                    }, null, 2),
+                },
+            ],
+            isError: true,
+        };
+    }
+}
+/**
+ * Execute panguard_guard_stop — stop the real-time threat monitoring daemon.
+ * 執行 panguard_guard_stop — 停止即時威脅監控常駐程式。
+ */
+export async function executeGuardStop(args) {
+    const dataDir = resolveDataDir(args);
+    const pidFile = path.join(dataDir, 'guard.pid');
+    let pid = null;
+    let stopped = false;
+    try {
+        const pidContent = await fs.readFile(pidFile, 'utf-8');
+        pid = parseInt(pidContent.trim(), 10);
+        if (!isNaN(pid)) {
+            try {
+                process.kill(pid, 'SIGTERM');
+                stopped = true;
+                // Remove stale PID file
+                await fs.unlink(pidFile).catch(() => undefined);
+            }
+            catch {
+                // Process not running — clean up stale PID file
+                await fs.unlink(pidFile).catch(() => undefined);
+                stopped = false;
+            }
+        }
+    }
+    catch {
+        // No PID file found
+    }
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify({
+                    status: stopped ? 'stopped' : 'not_running',
+                    pid,
+                    message: stopped
+                        ? `Guard engine (PID: ${pid}) has been sent SIGTERM.`
+                        : 'Guard engine was not running (no PID file found).',
+                }, null, 2),
+            },
+        ],
+    };
+}
+/**
+ * Execute panguard_status — get current status of all Panguard services.
+ * 執行 panguard_status — 取得所有 Panguard 服務的當前狀態。
+ */
+export async function executeStatus(args) {
+    const dataDir = resolveDataDir(args);
+    const pidFile = path.join(dataDir, 'guard.pid');
+    let isRunning = false;
+    let pid = null;
+    try {
+        const pidContent = await fs.readFile(pidFile, 'utf-8');
+        pid = parseInt(pidContent.trim(), 10);
+        if (!isNaN(pid)) {
+            // Sending signal 0 checks if process exists without killing it
+            process.kill(pid, 0);
+            isRunning = true;
+        }
+    }
+    catch {
+        isRunning = false;
+    }
+    // Try to read guard config
+    let config = {};
+    try {
+        const configPath = path.join(dataDir, 'config.json');
+        const configContent = await fs.readFile(configPath, 'utf-8');
+        config = JSON.parse(configContent);
+    }
+    catch {
+        // No config file yet
+    }
+    // Count recent events as a proxy for threat activity
+    let eventCount = 0;
+    try {
+        const eventsFile = path.join(dataDir, 'events.jsonl');
+        const content = await fs.readFile(eventsFile, 'utf-8');
+        eventCount = content.trim().split('\n').filter(Boolean).length;
+    }
+    catch {
+        // No events file
+    }
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify({
+                    guard: {
+                        running: isRunning,
+                        pid,
+                        dataDir,
+                        mode: config['mode'] ?? 'unknown',
+                        lang: config['lang'] ?? 'en',
+                    },
+                    events: {
+                        total_logged: eventCount,
+                    },
+                    summary: isRunning
+                        ? `Panguard Guard is RUNNING (PID: ${pid}, mode: ${config['mode'] ?? 'unknown'}).`
+                        : 'Panguard Guard is NOT running. Use panguard_guard_start to start it.',
+                }, null, 2),
+            },
+        ],
+    };
+}
+/**
+ * Execute panguard_alerts — get recent security alerts from guard event log.
+ * 執行 panguard_alerts — 從守護事件日誌取得近期安全告警。
+ */
+export async function executeAlerts(args) {
+    const limit = args['limit'] ?? 20;
+    const severity = args['severity'] ?? 'all';
+    const dataDir = resolveDataDir(args);
+    const eventsFile = path.join(dataDir, 'events.jsonl');
+    const alerts = [];
+    try {
+        const content = await fs.readFile(eventsFile, 'utf-8');
+        const lines = content.trim().split('\n').filter(Boolean);
+        for (const line of lines) {
+            try {
+                const event = JSON.parse(line);
+                if (severity === 'all' || event['severity'] === severity) {
+                    alerts.push(event);
+                }
+            }
+            catch {
+                // Skip malformed JSONL lines
+            }
+        }
+    }
+    catch {
+        // No events file yet — guard may not have started
+    }
+    // Return the most recent `limit` alerts
+    const recentAlerts = alerts.slice(-Math.max(1, limit));
+    return {
+        content: [
+            {
+                type: 'text',
+                text: JSON.stringify({
+                    total_alerts: recentAlerts.length,
+                    filter: { severity, limit },
+                    alerts: recentAlerts,
+                    summary: recentAlerts.length === 0
+                        ? 'No recent alerts. System appears clean.'
+                        : `${recentAlerts.length} recent alert(s) detected.`,
+                }, null, 2),
+            },
+        ],
+    };
+}
+//# sourceMappingURL=guard-tools.js.map