@polygraphso/litmus 0.8.1 → 0.9.0

package/dist/mcp.js

@@ -3,141 +3,61 @@ import {
   RUN_LITMUS_TOOL_DESCRIPTION,
   RUN_LITMUS_TOOL_NAME,
   RUN_LITMUS_TOOL_TITLE,
+  RUN_SKILL_LITMUS_TOOL_DESCRIPTION,
+  RUN_SKILL_LITMUS_TOOL_NAME,
+  RUN_SKILL_LITMUS_TOOL_TITLE,
+  VERIFY_SKILL_TOOL_DESCRIPTION,
+  VERIFY_SKILL_TOOL_NAME,
+  VERIFY_SKILL_TOOL_TITLE,
+  VERIFY_TOOL_DESCRIPTION,
+  VERIFY_TOOL_NAME,
+  VERIFY_TOOL_TITLE,
   handleRunLitmus,
-  readAttestation,
+  handleRunSkillLitmus,
+  handleVerify,
+  handleVerifySkill,
   runLitmusInputShape,
-  selectedNetwork
-} from "./chunk-BPS4YCDL.js";
-import "./chunk-VOPISHBU.js";
-import "./chunk-35UOPCBW.js";
+  runSkillLitmusInputShape,
+  verifyInputShape,
+  verifySkillInputShape
+} from "./chunk-AVF3GYCS.js";
+import "./chunk-M5HXKZVN.js";
 import {
-  parseServerRef,
-  serverKey
-} from "./chunk-ZR6XRGMQ.js";
+  judgeFromEnv
+} from "./chunk-DN2OX4RT.js";
+import "./chunk-44R4ZYOE.js";
 
 // src/mcp.ts
 import { realpathSync } from "fs";
 import { fileURLToPath } from "url";
-import { McpServer as McpServer2 } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { z as z2 } from "zod";
-
-// ../mcp/src/index.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-
-// ../mcp/src/tools/verify-attestation.ts
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
-function canonicalRef(ref) {
-  try {
-    return serverKey(parseServerRef(ref)).toLowerCase();
-  } catch {
-    return ref.trim().toLowerCase();
-  }
+
+// src/sampling-judge.ts
+function clientSupportsSampling(server) {
+  return Boolean(server.server.getClientCapabilities()?.sampling);
 }
-var VERIFY_TOOL_NAME = "verify_attestation";
-var VERIFY_TOOL_TITLE = "Verify a server's polygraph attestation";
-var VERIFY_TOOL_DESCRIPTION = [
-  "Read a server's already-published polygraph (litmus) grade \u2014 without running",
-  "anything \u2014 before an agent trusts or, in agentic commerce, pays it.",
-  "",
-  "When a grade is published it returns the behavioral grade (A\u2013F), the attestation",
-  "UID, the evidence CID, and the graded tool-surface fingerprint. The caller must",
-  "still recompute the LIVE fingerprint and require it to equal the attested one",
-  "before paying \u2014 a passing attestation can otherwise front for a tool surface the",
-  "server no longer serves (rug pull).",
-  "",
-  "Grade publishing is still rolling out, so this commonly returns not_available",
-  "today: that means UNEVALUATED (neither safe nor unsafe), not a failing grade \u2014 to",
-  "grade the server yourself right now, use `run_litmus`. A `lookup_failed` result",
-  "means the lookup itself failed (the index or chain was unreachable); the grade is",
-  "unknown, which is not the same as unevaluated.",
-  "",
-  "Input: server_ref \u2014 e.g. npm/@modelcontextprotocol/server-filesystem."
-].join("\n");
-var verifyInputShape = {
-  server_ref: z.string().min(1).max(512).describe("Registry-prefixed server identifier, e.g. npm/@scope/server.")
-};
-async function handleVerify({ server_ref }) {
-  const found = await resolveUid(server_ref);
-  if (found.kind === "error") {
-    return {
-      isError: true,
-      content: [
-        {
-          type: "text",
-          text: `lookup_failed \u2014 could not reach the polygraph grade index for ${server_ref} (${found.detail}). The lookup itself failed, so the grade is unknown \u2014 retry or report it as unchecked, NOT as unevaluated.`
-        }
-      ]
-    };
-  }
-  let att = null;
-  if (found.kind === "found") {
-    try {
-      att = await readAttestation(found.uid);
-    } catch (err) {
-      return {
-        isError: true,
-        content: [
-          {
-            type: "text",
-            text: `lookup_failed \u2014 the onchain read failed for ${server_ref} (${err instanceof Error ? err.message : String(err)}). Treat as unchecked (the chain/RPC was unreachable), not as "no grade".`
-          }
-        ]
-      };
+function samplingJudge(server) {
+  return {
+    id: "mcp-sampling",
+    async complete(system, user) {
+      if (!clientSupportsSampling(server)) {
+        throw new Error("MCP client does not support sampling");
+      }
+      const res = await server.server.createMessage({
+        systemPrompt: system,
+        maxTokens: 1024,
+        messages: [{ role: "user", content: { type: "text", text: user } }]
+      });
+      return res.content.type === "text" ? res.content.text : "";
     }
-  }
-  if (!att) {
-    return {
-      content: [
-        {
-          type: "text",
-          text: `not_available \u2014 no published polygraph grade for ${server_ref}. Grade publishing is still rolling out, so this is expected for most servers; it means unevaluated (neither safe nor unsafe), not a failing grade. To grade it now, use run_litmus.`
-        }
-      ]
-    };
-  }
-  if (canonicalRef(att.serverRef) !== canonicalRef(server_ref)) {
-    return {
-      content: [
-        {
-          type: "text",
-          text: `not_available \u2014 the resolved attestation is for ${att.serverRef}, not ${server_ref} (discovery mismatch; treat as unevaluated)`
-        }
-      ]
-    };
-  }
-  const payload = {
-    status: "attested",
-    grade: att.overallGrade,
-    attestationUid: att.uid,
-    serverRef: att.serverRef,
-    // The version the grade was run against (null for HTTP/unresolved targets).
-    // Advisory: the live fingerprint, not this string, is the trust anchor.
-    resolvedVersion: att.resolvedVersion,
-    reportCID: att.reportCID,
-    toolDefsFingerprint: att.toolDefsFingerprint,
-    revoked: att.revoked,
-    network: selectedNetwork(),
-    liveFingerprintCheckRequired: "Recompute the live tool-surface fingerprint and require it to equal toolDefsFingerprint before paying."
   };
-  return { content: [{ type: "text", text: JSON.stringify(payload, null, 2) }] };
-}
-async function resolveUid(serverRef) {
-  const base = process.env.POLYGRAPH_API_URL ?? "https://polygraph.so";
-  try {
-    const res = await fetch(`${base}/api/attestations?ref=${encodeURIComponent(serverRef)}`);
-    if (res.status === 404) return { kind: "none" };
-    if (!res.ok) return { kind: "error", detail: `grade index returned HTTP ${res.status}` };
-    const row = await res.json();
-    return row?.attestation_uid ? { kind: "found", uid: row.attestation_uid } : { kind: "none" };
-  } catch (err) {
-    return { kind: "error", detail: err instanceof Error ? err.message : String(err) };
-  }
 }
 
 // src/mcp.ts
 function buildServer() {
-  const server = new McpServer2(
+  const server = new McpServer(
     { name: "polygraph-litmus", version: "0.1.0" },
     {
       instructions: [
@@ -155,7 +75,12 @@ function buildServer() {
         "server, without running anything. Grade publishing is still rolling out, so",
         "it commonly returns not_available today \u2014 that means unevaluated (neither",
         "safe nor unsafe), not a failing grade; to grade the server yourself, use",
-        "`run_litmus`."
+        "`run_litmus`.",
+        "",
+        "Use `run_skill_litmus` to grade a Claude Code / Agent Skill (a SKILL.md +",
+        "bundle) A/B/D/F. This is a STATIC read of the skill's text and bundled files \u2014",
+        "no execution, no network \u2014 so it is fast but not behavioral proof. Pass",
+        "`skill_ref` as a local path to the skill directory."
       ].join("\n")
     }
   );
@@ -179,6 +104,30 @@ function buildServer() {
     },
     handleRunLitmus
   );
+  server.registerTool(
+    RUN_SKILL_LITMUS_TOOL_NAME,
+    {
+      title: RUN_SKILL_LITMUS_TOOL_TITLE,
+      description: RUN_SKILL_LITMUS_TOOL_DESCRIPTION,
+      inputSchema: runSkillLitmusInputShape,
+      annotations: {
+        title: RUN_SKILL_LITMUS_TOOL_TITLE,
+        readOnlyHint: true,
+        // never mutates: the safety scan reads files; quality judging is host-mediated
+        destructiveHint: false,
+        idempotentHint: false,
+        // the optional LLM-judged quality axes are non-deterministic
+        openWorldHint: true
+        // the optional quality judge may use the host model (sampling) or a configured endpoint
+      }
+    },
+    // Resolve the judge per call (the client connection is known now): the host
+    // agent's model via sampling if it's offered, else an operator-set env key,
+    // else null ⇒ deterministic quality only. The litmus core never needs a key.
+    (args) => handleRunSkillLitmus(args, {
+      judge: clientSupportsSampling(server) ? samplingJudge(server) : judgeFromEnv()
+    })
+  );
   server.registerTool(
     VERIFY_TOOL_NAME,
     {
@@ -195,13 +144,30 @@ function buildServer() {
     },
     handleVerify
   );
+  server.registerTool(
+    VERIFY_SKILL_TOOL_NAME,
+    {
+      title: VERIFY_SKILL_TOOL_TITLE,
+      description: VERIFY_SKILL_TOOL_DESCRIPTION,
+      inputSchema: verifySkillInputShape,
+      annotations: {
+        title: VERIFY_SKILL_TOOL_TITLE,
+        readOnlyHint: true,
+        destructiveHint: false,
+        idempotentHint: true,
+        openWorldHint: true
+        // reads the grade index + chain
+      }
+    },
+    handleVerifySkill
+  );
   server.registerPrompt(
     "grade",
     {
       title: "Grade an MCP server",
       description: "Run the open behavioral litmus against an MCP server and report its grade A\u2013F with the evidence.",
       argsSchema: {
-        server_ref: z2.string().min(1).max(512).describe("npm/@scope/server, an https:// MCP URL, or a local path to an MCP entry file")
+        server_ref: z.string().min(1).max(512).describe("npm/@scope/server, an https:// MCP URL, or a local path to an MCP entry file")
       }
     },
     ({ server_ref }) => ({
@@ -222,7 +188,7 @@ function buildServer() {
       title: "Check a server's published grade",
       description: "Read a server's already-published polygraph grade without running anything.",
       argsSchema: {
-        server_ref: z2.string().min(1).max(512).describe("Registry-prefixed server identifier, e.g. npm/@scope/server")
+        server_ref: z.string().min(1).max(512).describe("Registry-prefixed server identifier, e.g. npm/@scope/server")
       }
     },
     ({ server_ref }) => ({
@@ -237,6 +203,48 @@ function buildServer() {
       ]
     })
   );
+  server.registerPrompt(
+    "grade-skill",
+    {
+      title: "Grade a Claude Code skill",
+      description: "Run the open static safety litmus over a skill (SKILL.md + bundle) and report its grade A/B/D/F with the evidence.",
+      argsSchema: {
+        skill_ref: z.string().min(1).max(1024).describe("Local path to a skill directory containing SKILL.md")
+      }
+    },
+    ({ skill_ref }) => ({
+      messages: [
+        {
+          role: "user",
+          content: {
+            type: "text",
+            text: `Run the polygraph skill litmus on ${skill_ref} using the run_skill_litmus tool. Report the letter grade, the one-line summary, any failed category with its findings, and the contentHash. State plainly that this is a static scan, not behavioral proof.`
+          }
+        }
+      ]
+    })
+  );
+  server.registerPrompt(
+    "check-skill",
+    {
+      title: "Check a skill's published grade",
+      description: "Read a skill's already-published polygraph grade without running anything.",
+      argsSchema: {
+        skill_ref: z.string().min(1).max(1024).describe("Skill identifier, e.g. github/<owner>/<repo>#<path> or marketplace/<owner>/<name>")
+      }
+    },
+    ({ skill_ref }) => ({
+      messages: [
+        {
+          role: "user",
+          content: {
+            type: "text",
+            text: `Use the verify_skill_attestation tool to read the published polygraph grade for ${skill_ref}. If it returns not_available, say the skill is unevaluated (neither safe nor unsafe) and offer to grade a local copy with run_skill_litmus. If a grade is returned, report it and remind the user to recompute the skill's contentHash before installing.`
+          }
+        }
+      ]
+    })
+  );
   return server;
 }
 async function main() {

package/dist/src-TG44QXFV.js

@@ -0,0 +1,67 @@
+import {
+  SKILL_BUNDLE_SCHEMA_VERSION,
+  SKILL_METHODOLOGY_VERSION,
+  SKILL_QUALITY_VERSION,
+  SkillLoadError,
+  assembleBundle,
+  canaryMatch,
+  classifyTool,
+  connectTarget,
+  dangerousCommand,
+  exfilInstruction,
+  fingerprintToolDefs,
+  gradeFromCategories,
+  gradeSkillCategories,
+  hasHighSeverity,
+  instructionMimicry,
+  internalsLeak,
+  invisibleUnicode,
+  judgeFromEnv,
+  judgeSkillQuality,
+  loadSkill,
+  markdownTricks,
+  openAICompatJudge,
+  overBroadTrigger,
+  runLitmus,
+  runSkillLitmus,
+  runSkillQuality,
+  runSkillQualityJudged,
+  skillInjection,
+  skillInjectionFails,
+  stateChangingToolNames,
+  stripExamples
+} from "./chunk-DN2OX4RT.js";
+import "./chunk-44R4ZYOE.js";
+export {
+  SKILL_BUNDLE_SCHEMA_VERSION,
+  SKILL_METHODOLOGY_VERSION,
+  SKILL_QUALITY_VERSION,
+  SkillLoadError,
+  assembleBundle,
+  canaryMatch,
+  classifyTool,
+  connectTarget,
+  dangerousCommand,
+  exfilInstruction,
+  fingerprintToolDefs,
+  gradeFromCategories,
+  gradeSkillCategories,
+  hasHighSeverity,
+  instructionMimicry,
+  internalsLeak,
+  invisibleUnicode,
+  judgeFromEnv,
+  judgeSkillQuality,
+  loadSkill,
+  markdownTricks,
+  openAICompatJudge,
+  overBroadTrigger,
+  runLitmus,
+  runSkillLitmus,
+  runSkillQuality,
+  runSkillQualityJudged,
+  skillInjection,
+  skillInjectionFails,
+  stateChangingToolNames,
+  stripExamples
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@polygraphso/litmus",
-  "version": "0.8.1",
+  "version": "0.9.0",
   "description": "Behavioral litmus harness for MCP servers — grade a server A–F (tool-output injection, egress, sensitive-data, adversarial-input) with reproducible, content-addressed evidence. Ships a CLI and an MCP server with a run_litmus tool for AI agents.",
   "license": "Apache-2.0",
   "homepage": "https://polygraph.so",
@@ -40,6 +40,7 @@
   },
   "bin": {
     "polygraphso-litmus": "dist/cli.js",
+    "polygraphso-litmus-skill": "dist/cli-skill.js",
     "polygraphso-litmus-mcp": "dist/mcp.js"
   },
   "files": [
@@ -62,11 +63,11 @@
     "typescript": "^5.9.3",
     "vitest": "^2.1.0",
     "@polygraph/core": "0.0.0",
+    "@polygraph/probes": "0.0.0",
     "@polygraph/onchain": "0.0.0",
     "@polygraph/agent": "0.0.0",
-    "@polygraph/probes": "0.0.0",
-    "@polygraph/mcp": "0.0.0",
-    "@polygraph/cli": "0.0.0"
+    "@polygraph/cli": "0.0.0",
+    "@polygraph/mcp": "0.0.0"
   },
   "publishConfig": {
     "access": "public"

package/dist/chunk-BPS4YCDL.js

@@ -1,250 +0,0 @@
-import {
-  parseAuthFlags,
-  resolveTarget
-} from "./chunk-VOPISHBU.js";
-import {
-  runLitmus
-} from "./chunk-35UOPCBW.js";
-import {
-  CATEGORY_STATUS_UINT8,
-  METHODOLOGY_VERSION
-} from "./chunk-ZR6XRGMQ.js";
-
-// ../onchain/src/networks.ts
-var NETWORKS = {
-  "base-sepolia": {
-    chainId: 84532,
-    rpc: "https://sepolia.base.org",
-    eas: "0x4200000000000000000000000000000000000021",
-    schemaRegistry: "0x4200000000000000000000000000000000000020",
-    easscan: "https://base-sepolia.easscan.org"
-  },
-  base: {
-    chainId: 8453,
-    rpc: "https://mainnet.base.org",
-    eas: "0x4200000000000000000000000000000000000021",
-    schemaRegistry: "0x4200000000000000000000000000000000000020",
-    easscan: "https://base.easscan.org"
-  }
-};
-function selectedNetwork() {
-  return process.env.NEXT_PUBLIC_POLYGRAPH_NETWORK === "base" ? "base" : "base-sepolia";
-}
-function networkConfig(net = selectedNetwork()) {
-  return NETWORKS[net];
-}
-function rpcUrl(net = selectedNetwork()) {
-  const override = net === "base" ? process.env.BASE_MAINNET_RPC_URL : process.env.BASE_SEPOLIA_RPC_URL;
-  return override && override.length > 0 ? override : NETWORKS[net].rpc;
-}
-
-// ../onchain/src/eas.ts
-import { AbiCoder } from "ethers";
-var LITMUS_SCHEMA = "string serverRef,bytes32 toolDefsFingerprint,uint8 gradeC01,uint8 gradeC02,uint8 gradeC03,string overallGrade,string reportCID,string methodologyVersion,uint64 ranAt,string resolvedVersion";
-var LITMUS_ABI_TYPES = [
-  "string",
-  // serverRef
-  "bytes32",
-  // toolDefsFingerprint
-  "uint8",
-  // gradeC01
-  "uint8",
-  // gradeC02
-  "uint8",
-  // gradeC03
-  "string",
-  // overallGrade
-  "string",
-  // reportCID
-  "string",
-  // methodologyVersion
-  "uint64",
-  // ranAt
-  "string"
-  // resolvedVersion
-];
-var LITMUS_ABI_NAMES = [
-  "serverRef",
-  "toolDefsFingerprint",
-  "gradeC01",
-  "gradeC02",
-  "gradeC03",
-  "overallGrade",
-  "reportCID",
-  "methodologyVersion",
-  "ranAt",
-  "resolvedVersion"
-];
-function categoryUint8(bundle, code) {
-  const status = bundle.categories.find((c) => c.code === code)?.status;
-  return status ? CATEGORY_STATUS_UINT8[status] : CATEGORY_STATUS_UINT8.skipped;
-}
-function litmusFields(bundle, reportCID) {
-  return {
-    serverRef: bundle.serverRef,
-    toolDefsFingerprint: bundle.toolDefsFingerprint,
-    gradeC01: categoryUint8(bundle, "C-01"),
-    gradeC02: categoryUint8(bundle, "C-02"),
-    gradeC03: categoryUint8(bundle, "C-03"),
-    overallGrade: bundle.grade,
-    reportCID,
-    methodologyVersion: bundle.methodologyVersion || METHODOLOGY_VERSION,
-    ranAt: BigInt(Math.floor(Date.parse(bundle.ranAt) / 1e3)),
-    resolvedVersion: bundle.resolvedVersion ?? ""
-  };
-}
-function encodeLitmusAttestation(bundle, reportCID) {
-  const f = litmusFields(bundle, reportCID);
-  return AbiCoder.defaultAbiCoder().encode(
-    [...LITMUS_ABI_TYPES],
-    [
-      f.serverRef,
-      f.toolDefsFingerprint,
-      f.gradeC01,
-      f.gradeC02,
-      f.gradeC03,
-      f.overallGrade,
-      f.reportCID,
-      f.methodologyVersion,
-      f.ranAt,
-      f.resolvedVersion
-    ]
-  );
-}
-function decodeLitmusAttestation(encoded) {
-  const values = AbiCoder.defaultAbiCoder().decode([...LITMUS_ABI_TYPES], encoded);
-  const out = {};
-  LITMUS_ABI_NAMES.forEach((name, i) => {
-    out[name] = values[i];
-  });
-  return out;
-}
-
-// ../onchain/src/read.ts
-import { Contract, JsonRpcProvider, ZeroHash } from "ethers";
-var EAS_ABI = [
-  "function getAttestation(bytes32 uid) view returns ((bytes32 uid, bytes32 schema, uint64 time, uint64 expirationTime, uint64 revocationTime, bytes32 refUID, address recipient, address attester, bool revocable, bytes data))"
-];
-function litmusSchemaUID() {
-  const uid = process.env.NEXT_PUBLIC_EAS_SCHEMA_UID;
-  if (!uid) throw new Error("NEXT_PUBLIC_EAS_SCHEMA_UID is required \u2014 register the schema first.");
-  return uid;
-}
-async function readAttestation(uid) {
-  const cfg = networkConfig();
-  const provider = new JsonRpcProvider(rpcUrl(), cfg.chainId);
-  const eas = new Contract(cfg.eas, EAS_ABI, provider);
-  const att = await eas.getAttestation(uid);
-  if (!att || att.uid === ZeroHash) return null;
-  if (String(att.schema).toLowerCase() !== litmusSchemaUID().toLowerCase()) return null;
-  const d = decodeLitmusAttestation(att.data);
-  return {
-    uid: att.uid,
-    serverRef: String(d.serverRef),
-    toolDefsFingerprint: String(d.toolDefsFingerprint),
-    overallGrade: String(d.overallGrade),
-    reportCID: String(d.reportCID),
-    resolvedVersion: d.resolvedVersion || null,
-    revoked: att.revocationTime > 0n,
-    attester: String(att.attester),
-    expirationTime: BigInt(att.expirationTime ?? 0n)
-  };
-}
-
-// src/tools/run-litmus.ts
-import { z } from "zod";
-var RUN_LITMUS_TOOL_NAME = "run_litmus";
-var RUN_LITMUS_TOOL_TITLE = "Run a behavioral litmus on an MCP server";
-var RUN_LITMUS_TOOL_DESCRIPTION = [
-  `Grade an MCP server A\u2013F against the open behavioral litmus (${METHODOLOGY_VERSION}).`,
-  "The harness connects the way an agent would, fingerprints the tool surface, and",
-  "runs four checks: C-01 tool-output injection, C-02 permission/egress overreach",
-  "(egress in a hardened default-deny Docker sandbox, plus a declared-permission",
-  "honesty check), C-03 sensitive-data handling (planted canaries), and C-04",
-  "adversarial-input handling (malformed/oversized and jailbreak inputs).",
-  "",
-  "This is ACTIVE: it launches the target server's code to exercise it (egress-",
-  "sandboxed when Docker is available) and takes ~20\u201360s. It is not a lookup \u2014 for",
-  "a server's already-published grade, use `verify_attestation`. No wallet or RPC",
-  "needed.",
-  "",
-  "server_ref examples: npm/@modelcontextprotocol/server-filesystem \xB7",
-  "https://example.com/mcp \xB7 ./build/index.js. For a token-gated https:// target,",
-  "pass `bearer`. If Docker is unavailable, C-02 is skipped and the grade is capped",
-  "at B for that run."
-].join("\n");
-var runLitmusInputShape = {
-  server_ref: z.string().min(1).max(512).describe("What to grade: a registry ref (npm/@scope/server), an https:// MCP URL, or a local path to an MCP entry file."),
-  bearer: z.string().min(1).max(8192).optional().describe("Bearer token for a token-gated https:// MCP server. Sent as `Authorization: Bearer <token>` to the target origin only. Ignored for stdio/local targets."),
-  header: z.array(z.string()).max(20).optional().describe('Extra HTTP headers for a gated https:// target, each "Key: Value" (e.g. "X-Api-Key: \u2026"). Overrides the bearer-derived Authorization for the same key. Ignored for stdio/local targets.')
-};
-var PROGRESS_TOTAL = 5;
-async function handleRunLitmus({ server_ref, bearer, header }, extra) {
-  try {
-    const argv = [
-      ...bearer ? ["--bearer", bearer] : [],
-      ...(header ?? []).flatMap((h) => ["--header", h])
-    ];
-    const { headers } = parseAuthFlags(argv, {});
-    const progressToken = extra._meta?.progressToken;
-    const sendProgress = progressToken !== void 0 ? (progress, message) => void extra.sendNotification({
-      method: "notifications/progress",
-      params: { progressToken, progress, total: PROGRESS_TOTAL, message }
-    }) : void 0;
-    sendProgress?.(0, `Connecting to ${server_ref}\u2026`);
-    const bundle = await runLitmus(resolveTarget(server_ref), {
-      ...Object.keys(headers).length ? { headers } : {},
-      ...sendProgress ? { onProgress: (done, _total, label) => sendProgress(done, label) } : {}
-    });
-    const payload = summarize(bundle);
-    return { content: [{ type: "text", text: JSON.stringify(payload, null, 2) }] };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { isError: true, content: [{ type: "text", text: `run_litmus failed: ${message}` }] };
-  }
-}
-var CATEGORY_LABEL = {
-  "C-01": "tool-output injection",
-  "C-02": "permission / egress overreach",
-  "C-03": "sensitive-data handling",
-  "C-04": "adversarial-input handling"
-};
-function summarize(b) {
-  const find = (code) => b.categories.find((c) => c.code === code);
-  const categories = ["C-01", "C-02", "C-03", "C-04"].map((code) => {
-    const c = find(code);
-    const findings = c?.status === "fail" ? c.probes.flatMap((p) => p.findings).filter((f) => f.severity === "high").slice(0, 5).map((f) => ({ tool: f.tool, kind: f.kind, match: truncate(f.match, 120), host: f.host, port: f.port })) : [];
-    return { code, check: CATEGORY_LABEL[code], status: c?.status ?? "unknown", reason: c?.reason ?? null, findings };
-  });
-  return {
-    grade: b.grade,
-    summary: b.gradeRationale,
-    serverRef: b.serverRef,
-    resolvedVersion: b.resolvedVersion,
-    fingerprint: b.toolDefsFingerprint,
-    ranAt: b.ranAt,
-    methodologyVersion: b.methodologyVersion,
-    categories
-  };
-}
-function truncate(s, n) {
-  return s.length > n ? `${s.slice(0, n)}\u2026` : s;
-}
-
-export {
-  NETWORKS,
-  selectedNetwork,
-  networkConfig,
-  rpcUrl,
-  LITMUS_SCHEMA,
-  litmusFields,
-  encodeLitmusAttestation,
-  decodeLitmusAttestation,
-  litmusSchemaUID,
-  readAttestation,
-  RUN_LITMUS_TOOL_NAME,
-  RUN_LITMUS_TOOL_TITLE,
-  RUN_LITMUS_TOOL_DESCRIPTION,
-  runLitmusInputShape,
-  handleRunLitmus
-};

package/dist/src-RSTPCEYU.js

@@ -1,31 +0,0 @@
-import {
-  assembleBundle,
-  canaryMatch,
-  classifyTool,
-  connectTarget,
-  fingerprintToolDefs,
-  gradeFromCategories,
-  hasHighSeverity,
-  instructionMimicry,
-  internalsLeak,
-  invisibleUnicode,
-  markdownTricks,
-  runLitmus,
-  stateChangingToolNames
-} from "./chunk-35UOPCBW.js";
-import "./chunk-ZR6XRGMQ.js";
-export {
-  assembleBundle,
-  canaryMatch,
-  classifyTool,
-  connectTarget,
-  fingerprintToolDefs,
-  gradeFromCategories,
-  hasHighSeverity,
-  instructionMimicry,
-  internalsLeak,
-  invisibleUnicode,
-  markdownTricks,
-  runLitmus,
-  stateChangingToolNames
-};