@praxis.guard/auditor-cli 0.0.9 → 0.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/cursor-config.d.ts +2 -0
- package/dist/cli/cursor-config.d.ts.map +1 -1
- package/dist/cli/cursor-config.js +42 -4
- package/dist/cli/cursor-config.js.map +1 -1
- package/dist/cli/doctor.d.ts.map +1 -1
- package/dist/cli/doctor.js +3 -1
- package/dist/cli/doctor.js.map +1 -1
- package/dist/cli/main.d.ts.map +1 -1
- package/dist/cli/main.js +6 -0
- package/dist/cli/main.js.map +1 -1
- package/dist/cli/setup-doctor.d.ts.map +1 -1
- package/dist/cli/setup-doctor.js +3 -1
- package/dist/cli/setup-doctor.js.map +1 -1
- package/dist/cli.js +8 -0
- package/dist/cli.js.map +1 -1
- package/dist/hooks/run-before-mcp.d.ts +31 -0
- package/dist/hooks/run-before-mcp.d.ts.map +1 -0
- package/dist/hooks/run-before-mcp.js +232 -0
- package/dist/hooks/run-before-mcp.js.map +1 -0
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp/server.d.ts.map +1 -1
- package/dist/mcp/server.js +7 -3
- package/dist/mcp/server.js.map +1 -1
- package/dist/policies.v1.json +10 -0
- package/dist/policy/index.d.ts +4 -0
- package/dist/policy/index.d.ts.map +1 -1
- package/dist/policy/index.js +11 -2
- package/dist/policy/index.js.map +1 -1
- package/dist/shell/evaluate.d.ts +8 -1
- package/dist/shell/evaluate.d.ts.map +1 -1
- package/dist/shell/evaluate.js +25 -1
- package/dist/shell/evaluate.js.map +1 -1
- package/package.json +1 -1
|
@@ -7,10 +7,12 @@ export type SetupResult = {
|
|
|
7
7
|
export declare function resolveProjectHooksPath(projectDir: string): string;
|
|
8
8
|
export declare function resolveUserMcpConfigPath(explicitPath?: string): string;
|
|
9
9
|
export declare function hasConfiguredHook(config: JsonMap | null): boolean;
|
|
10
|
+
export declare function hasConfiguredBeforeMcpHook(config: JsonMap | null): boolean;
|
|
10
11
|
export declare function upsertHookConfig(projectDir: string, dryRun?: boolean): Promise<SetupResult>;
|
|
11
12
|
export declare function hasConfiguredMcpServer(config: JsonMap | null): boolean;
|
|
12
13
|
export declare function upsertMcpConfig(explicitPath?: string, dryRun?: boolean): Promise<SetupResult>;
|
|
13
14
|
export declare function readHookConfigured(projectDir: string): Promise<boolean>;
|
|
15
|
+
export declare function readBeforeMcpHookConfigured(projectDir: string): Promise<boolean>;
|
|
14
16
|
export declare function readMcpConfigured(explicitPath?: string): Promise<boolean>;
|
|
15
17
|
export declare function resolveEnvironmentJsonPath(projectDir: string): string;
|
|
16
18
|
export declare function detectInstallCommand(projectDir: string): string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cursor-config.d.ts","sourceRoot":"","sources":["../../src/cli/cursor-config.ts"],"names":[],"mappings":"AAKA,KAAK,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEvC,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;
|
|
1
|
+
{"version":3,"file":"cursor-config.d.ts","sourceRoot":"","sources":["../../src/cli/cursor-config.ts"],"names":[],"mappings":"AAKA,KAAK,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEvC,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAMF,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAElE;AAED,wBAAgB,wBAAwB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAGtE;AA0CD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,GAAG,OAAO,CAYjE;AAED,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,GAAG,OAAO,CAY1E;AAED,wBAAsB,gBAAgB,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,UAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,CAgE/F;AAED,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,GAAG,OAAO,CAQtE;AAED,wBAAsB,eAAe,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,MAAM,UAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,CA8BjG;AAED,wBAAsB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG7E;AAED,wBAAsB,2BAA2B,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGtF;AAED,wBAAsB,iBAAiB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAG/E;AAID,wBAAgB,0BAA0B,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAErE;AAmBD,wBAAgB,oBAAoB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAc/D;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,GAAG,OAAO,CAExE;AAED,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,MAAM,EAClB,MAAM,UAAQ,GACb,OAAO,CAAC,WAAW,CAAC,CA6BtB;AAED,wBAAsB,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAGpF"}
|
|
@@ -2,7 +2,8 @@ import fs from "node:fs";
|
|
|
2
2
|
import os from "node:os";
|
|
3
3
|
import path from "node:path";
|
|
4
4
|
import { mkdir, readFile, writeFile } from "node:fs/promises";
|
|
5
|
-
const
|
|
5
|
+
const HOOK_COMMAND_SHELL = "auditor hook before-shell";
|
|
6
|
+
const HOOK_COMMAND_MCP = "auditor hook before-mcp";
|
|
6
7
|
const MCP_SERVER_KEY = "praxis-guard";
|
|
7
8
|
export function resolveProjectHooksPath(projectDir) {
|
|
8
9
|
return path.join(projectDir, ".cursor", "hooks.json");
|
|
@@ -59,7 +60,19 @@ export function hasConfiguredHook(config) {
|
|
|
59
60
|
return false;
|
|
60
61
|
return arr.some((entry) => entry &&
|
|
61
62
|
typeof entry === "object" &&
|
|
62
|
-
entry.command ===
|
|
63
|
+
entry.command === HOOK_COMMAND_SHELL &&
|
|
64
|
+
entry.failClosed === true);
|
|
65
|
+
}
|
|
66
|
+
export function hasConfiguredBeforeMcpHook(config) {
|
|
67
|
+
if (!config)
|
|
68
|
+
return false;
|
|
69
|
+
const hooks = (config.hooks ?? {});
|
|
70
|
+
const arr = hooks.beforeMCPExecution;
|
|
71
|
+
if (!Array.isArray(arr))
|
|
72
|
+
return false;
|
|
73
|
+
return arr.some((entry) => entry &&
|
|
74
|
+
typeof entry === "object" &&
|
|
75
|
+
entry.command === HOOK_COMMAND_MCP &&
|
|
63
76
|
entry.failClosed === true);
|
|
64
77
|
}
|
|
65
78
|
export async function upsertHookConfig(projectDir, dryRun = false) {
|
|
@@ -77,7 +90,7 @@ export async function upsertHookConfig(projectDir, dryRun = false) {
|
|
|
77
90
|
continue;
|
|
78
91
|
}
|
|
79
92
|
const map = item;
|
|
80
|
-
if (map.command ===
|
|
93
|
+
if (map.command === HOOK_COMMAND_SHELL) {
|
|
81
94
|
if (!found) {
|
|
82
95
|
found = true;
|
|
83
96
|
rewritten.push({ ...map, failClosed: true });
|
|
@@ -87,8 +100,29 @@ export async function upsertHookConfig(projectDir, dryRun = false) {
|
|
|
87
100
|
rewritten.push(item);
|
|
88
101
|
}
|
|
89
102
|
if (!found)
|
|
90
|
-
rewritten.push({ command:
|
|
103
|
+
rewritten.push({ command: HOOK_COMMAND_SHELL, failClosed: true });
|
|
91
104
|
hooks.beforeShellExecution = rewritten;
|
|
105
|
+
const beforeMcp = Array.isArray(hooks.beforeMCPExecution) ? [...hooks.beforeMCPExecution] : [];
|
|
106
|
+
const rewrittenMcp = [];
|
|
107
|
+
let foundMcp = false;
|
|
108
|
+
for (const item of beforeMcp) {
|
|
109
|
+
if (!item || typeof item !== "object") {
|
|
110
|
+
rewrittenMcp.push(item);
|
|
111
|
+
continue;
|
|
112
|
+
}
|
|
113
|
+
const map = item;
|
|
114
|
+
if (map.command === HOOK_COMMAND_MCP) {
|
|
115
|
+
if (!foundMcp) {
|
|
116
|
+
foundMcp = true;
|
|
117
|
+
rewrittenMcp.push({ ...map, failClosed: true });
|
|
118
|
+
}
|
|
119
|
+
continue;
|
|
120
|
+
}
|
|
121
|
+
rewrittenMcp.push(item);
|
|
122
|
+
}
|
|
123
|
+
if (!foundMcp)
|
|
124
|
+
rewrittenMcp.push({ command: HOOK_COMMAND_MCP, failClosed: true });
|
|
125
|
+
hooks.beforeMCPExecution = rewrittenMcp;
|
|
92
126
|
const changed = beforeJson !== JSON.stringify(config);
|
|
93
127
|
if (changed && !dryRun) {
|
|
94
128
|
await writeJson(hooksPath, config);
|
|
@@ -147,6 +181,10 @@ export async function readHookConfigured(projectDir) {
|
|
|
147
181
|
const config = await readJson(resolveProjectHooksPath(projectDir));
|
|
148
182
|
return hasConfiguredHook(config);
|
|
149
183
|
}
|
|
184
|
+
export async function readBeforeMcpHookConfigured(projectDir) {
|
|
185
|
+
const config = await readJson(resolveProjectHooksPath(projectDir));
|
|
186
|
+
return hasConfiguredBeforeMcpHook(config);
|
|
187
|
+
}
|
|
150
188
|
export async function readMcpConfigured(explicitPath) {
|
|
151
189
|
const config = await readJson(resolveUserMcpConfigPath(explicitPath));
|
|
152
190
|
return hasConfiguredMcpServer(config);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cursor-config.js","sourceRoot":"","sources":["../../src/cli/cursor-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAU9D,MAAM,
|
|
1
|
+
{"version":3,"file":"cursor-config.js","sourceRoot":"","sources":["../../src/cli/cursor-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAU9D,MAAM,kBAAkB,GAAG,2BAA2B,CAAC;AACvD,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AACnD,MAAM,cAAc,GAAG,cAAc,CAAC;AAEtC,MAAM,UAAU,uBAAuB,CAAC,UAAkB;IACxD,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,YAAqB;IAC5D,IAAI,YAAY,EAAE,IAAI,EAAE;QAAE,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;IACrD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;AACxD,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,QAAgB;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,MAAiB,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,IAAK,CAA2B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAChE,MAAM,IAAI,KAAK,CACb;YACE,mBAAmB,QAAQ,KAAK,GAAG,EAAE;YACrC,sCAAsC;YACtC,6DAA6D;SAC9D,CAAC,IAAI,CAAC,GAAG,CAAC,CACZ,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,QAAgB,EAAE,IAAa;IACtD,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,YAAY,CAAC,QAAwB;IAC5C,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IACzB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAY,CAAC;AACzD,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAwB;IACpD,MAAM,IAAI,GAAG,QAAQ,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACnD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;QAAE,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;IACvD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/E,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,MAAsB;IACtD,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAY,CAAC;IAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,oBAAoB,CAAC;IACvC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,CAAC,IAAI,CACb,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;QACL,OAAO,KAAK,KAAK,QAAQ;QACxB,KAAiB,CAAC,OAAO,KAAK,kBAAkB;QAChD,KAAiB,CAAC,UAAU,KAAK,IAAI,CACzC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,MAAsB;IAC/D,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAY,CAAC;IAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,kBAAkB,CAAC;IACrC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,GAAG,CAAC,IAAI,CACb,CAAC,KAAK,EAAE,EAAE,CACR,KAAK;QACL,OAAO,KAAK,KAAK,QAAQ;QACxB,KAAiB,CAAC,OAAO,KAAK,gBAAgB;QAC9C,KAAiB,CAAC,UAAU,KAAK,IAAI,CACzC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,UAAkB,EAAE,MAAM,GAAG,KAAK;IACvE,MAAM,SAAS,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,oBAAoB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAgB,CAAC;IACtC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhG,MAAM,SAAS,GAAc,EAAE,CAAC;IAChC,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,IAAe,CAAC;QAC5B,IAAI,GAAG,CAAC,OAAO,KAAK,kBAAkB,EAAE,CAAC;YACvC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,KAAK,GAAG,IAAI,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,SAAS;QACX,CAAC;QACD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IACD,IAAI,CAAC,KAAK;QAAE,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,KAAK,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAEvC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/F,MAAM,YAAY,GAAc,EAAE,CAAC;IACnC,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxB,SAAS;QACX,CAAC;QACD,MAAM,GAAG,GAAG,IAAe,CAAC;QAC5B,IAAI,GAAG,CAAC,OAAO,KAAK,gBAAgB,EAAE,CAAC;YACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,IAAI,CAAC;gBAChB,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAClD,CAAC;YACD,SAAS;QACX,CAAC;QACD,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IACD,IAAI,CAAC,QAAQ;QAAE,YAAY,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;IAClF,KAAK,CAAC,kBAAkB,GAAG,YAAY,CAAC;IAExC,MAAM,OAAO,GAAG,UAAU,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACrC,CAAC;IAED,OAAO;QACL,IAAI,EAAE,SAAS;QACf,OAAO;QACP,OAAO,EAAE,OAAO;YACd,CAAC,CAAC,MAAM;gBACN,CAAC,CAAC,2BAA2B;gBAC7B,CAAC,CAAC,sBAAsB;YAC1B,CAAC,CAAC,iCAAiC;KACtC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,MAAsB;IAC3D,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAY,CAAC;IACrD,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACvC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACxD,MAAM,GAAG,GAAG,MAAiB,CAAC;IAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACtB,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC;AACpG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,YAAqB,EAAE,MAAM,GAAG,KAAK;IACzE,MAAM,OAAO,GAAG,wBAAwB,CAAC,YAAY,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACpG,MAAM,CAAC,UAAU,GAAG,EAAE,CAAC;IACzB,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,UAAqB,CAAC;IAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACxC,OAAO,CAAC,cAAc,CAAC,GAAG;QACxB,GAAG,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAE,OAAmB,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,OAAO,EAAE,SAAS;QAClB,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC;IAEF,MAAM,OAAO,GAAG,UAAU,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,OAAO,EAAE,OAAO;YACd,CAAC,CAAC,MAAM;gBACN,CAAC,CAAC,yBAAyB;gBAC3B,CAAC,CAAC,oBAAoB;YACxB,CAAC,CAAC,+BAA+B;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,UAAkB;IACzD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,OAAO,iBAAiB,CAAC,MAAM,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,UAAkB;IAClE,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,uBAAuB,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,OAAO,0BAA0B,CAAC,MAAM,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,YAAqB;IAC3D,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC,CAAC;IACtE,OAAO,sBAAsB,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC;AAED,kDAAkD;AAElD,MAAM,UAAU,0BAA0B,CAAC,UAAkB;IAC3D,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;AAC9D,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAkB;IAC9C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,IAAI,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACpF,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;IACtD,CAAC;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACvE,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IAC1E,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAAE,OAAO,MAAM,CAAC;IACrE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,UAAkB;IACrD,MAAM,EAAE,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC5C,QAAQ,EAAE,EAAE,CAAC;QACX,KAAK,MAAM;YACT,OAAO,gCAAgC,CAAC;QAC1C,KAAK,MAAM;YACT,OAAO,gCAAgC,CAAC;QAC1C,KAAK,KAAK;YACR,OAAO,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;gBAC9D,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,aAAa,CAAC;QACpB;YACE,OAAO,0CAA0C,CAAC;IACtD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,MAAsB;IAC7D,OAAO,CAAC,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;AACrF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,UAAkB,EAClB,MAAM,GAAG,KAAK;IAEd,MAAM,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;IAEzC,IAAI,QAAQ,EAAE,OAAO,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC9D,OAAO;YACL,IAAI,EAAE,OAAO;YACb,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,8CAA8C;SACxD,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,MAAM,GAAY,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;IAC7F,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE1E,IAAI,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,OAAO,EAAE,OAAO;YACd,CAAC,CAAC,MAAM;gBACN,CAAC,CAAC,+BAA+B;gBACjC,CAAC,CAAC,0BAA0B;YAC9B,CAAC,CAAC,qCAAqC;KAC1C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,UAAkB;IAChE,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,0BAA0B,CAAC,UAAU,CAAC,CAAC,CAAC;IACtE,OAAO,wBAAwB,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC"}
|
package/dist/cli/doctor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAqBA,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CA2G/C"}
|
package/dist/cli/doctor.js
CHANGED
|
@@ -5,7 +5,7 @@ import { defaultPoliciesMetaPath, defaultPoliciesV1Path } from "../policy/index.
|
|
|
5
5
|
import { shellBridgeDir } from "../bridge/shell-approval-bridge.js";
|
|
6
6
|
import { fetchJson } from "./http-fetch.js";
|
|
7
7
|
import { credentialsPath, readCredentialsFileMode, resolveGuardToken } from "./credentials.js";
|
|
8
|
-
import { readHookConfigured, readMcpConfigured, readEnvironmentConfigured, resolveUserMcpConfigPath, resolveEnvironmentJsonPath, } from "./cursor-config.js";
|
|
8
|
+
import { readHookConfigured, readBeforeMcpHookConfigured, readMcpConfigured, readEnvironmentConfigured, resolveUserMcpConfigPath, resolveEnvironmentJsonPath, } from "./cursor-config.js";
|
|
9
9
|
import { getInstallId } from "./install-id.js";
|
|
10
10
|
import { functionsHttpUrl } from "./policies-callable-url.js";
|
|
11
11
|
import { readPoliciesMetaFile } from "./policies-meta.js";
|
|
@@ -38,9 +38,11 @@ export async function runDoctor() {
|
|
|
38
38
|
`PRAXIS_GUARD_AUDIT_LOG: ${process.env.PRAXIS_GUARD_AUDIT_LOG ?? "(unset; default above)"}`,
|
|
39
39
|
];
|
|
40
40
|
const hookConfigured = await readHookConfigured(cwd).catch(() => false);
|
|
41
|
+
const beforeMcpHookConfigured = await readBeforeMcpHookConfigured(cwd).catch(() => false);
|
|
41
42
|
const mcpPath = resolveUserMcpConfigPath();
|
|
42
43
|
const mcpConfigured = await readMcpConfigured().catch(() => false);
|
|
43
44
|
lines.push(`Hook setup: ${hookConfigured ? "configured" : "missing (run \`auditor setup hook\`)"} (${path.resolve(cwd, ".cursor/hooks.json")})`);
|
|
45
|
+
lines.push(`beforeMCP hook: ${beforeMcpHookConfigured ? "configured" : "missing (add beforeMCPExecution in .cursor/hooks.json or run \`auditor setup hook\`)"} (${path.resolve(cwd, ".cursor/hooks.json")})`);
|
|
44
46
|
lines.push(`MCP setup: ${mcpConfigured ? "configured" : "missing (run \`auditor setup mcp\`)"} (${mcpPath})`);
|
|
45
47
|
const envPath = resolveEnvironmentJsonPath(cwd);
|
|
46
48
|
const envConfigured = await readEnvironmentConfigured(cwd).catch(() => false);
|
package/dist/cli/doctor.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"doctor.js","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAEpF,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,2BAA2B,CAAC,CAAC;IAEvF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,IAAI,qBAAqB,EAAE,CAAC;IAC1F,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;IAC5F,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE;QAC9D,CAAC,CAAC,6BAA6B;QAC/B,CAAC,CAAC,IAAI,EAAE,MAAM,KAAK,mBAAmB;YACpC,CAAC,CAAC,8CAA8C;YAChD,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;gBACtB,CAAC,CAAC,kCAAkC;gBACpC,CAAC,CAAC,qDAAqD,CAAC;IAE9D,MAAM,KAAK,GAAG;QACZ,gBAAgB;QAChB,eAAe,YAAY,EAAE,EAAE;QAC/B,gEAAgE;QAChE,SAAS,OAAO,CAAC,OAAO,EAAE;QAC1B,gBAAgB,UAAU,EAAE;QAC5B,kBAAkB,YAAY,EAAE;QAChC,kBAAkB,QAAQ,EAAE;QAC5B,IAAI;YACF,CAAC,CAAC,4BAA4B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7F,CAAC,CAAC,uEAAuE;QAC3E,eAAe,cAAc,CAAC,GAAG,CAAC,EAAE;QACpC,cAAc,SAAS,EAAE;QACzB,2BAA2B,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,wBAAwB,EAAE;KAC5F,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,MAAM,aAAa,GAAG,MAAM,iBAAiB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACnE,KAAK,CAAC,IAAI,CACR,eAAe,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sCAAsC,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CACrI,CAAC;IACF,KAAK,CAAC,IAAI,CACR,cAAc,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,qCAAqC,KAAK,OAAO,GAAG,CAClG,CAAC;IAEF,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CACR,sBAAsB,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,uCAAuC,KAAK,OAAO,GAAG,CAC5G,CAAC;IAEF,MAAM,KAAK,GAAG,iBAAiB,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE;QACxD,CAAC,CAAC,wBAAwB;QAC1B,CAAC,CAAC,KAAK;YACL,CAAC,CAAC,QAAQ,eAAe,EAAE,EAAE;YAC7B,CAAC,CAAC,IAAI,CAAC;IACX,KAAK,CAAC,IAAI,CACR,WAAW;QACT,CAAC,CAAC,SAAS,WAAW,YAAY,KAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;QAC7E,CAAC,CAAC,oCAAoC,CACzC,CAAC;IACF,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,SAAS,KAAK,KAAK;YACjB,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAClE,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,yBAAyB,CAAC,CAAC;IAEpE,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAuB;gBAChD,GAAG,EAAE,eAAe;gBACpB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;YACnD,IAAI,IAAI,EAAE,CAAC;gBACT,KAAK,CAAC,IAAI,CACR,IAAI,CAAC,QAAQ,KAAK,MAAM;oBACtB,CAAC,CAAC,4CAA4C;oBAC9C,CAAC,CAAC,qCAAqC,IAAI,CAAC,QAAQ,cAAc,MAAM,IAAI,CAC/E,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,wBAAwB,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,IAAI,aAAa,CAAC;IACnD,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,UAAU,IAAI,SAAS,CAAC;IACtC,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,WAAW,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,UAAU,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,GAAG,CAChH,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChD,CAAC"}
|
|
1
|
+
{"version":3,"file":"doctor.js","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAEpF,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,iBAAiB,EACjB,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,2BAA2B,CAAC,CAAC;IAEvF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,IAAI,qBAAqB,EAAE,CAAC;IAC1F,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;IAC5F,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE;QAC9D,CAAC,CAAC,6BAA6B;QAC/B,CAAC,CAAC,IAAI,EAAE,MAAM,KAAK,mBAAmB;YACpC,CAAC,CAAC,8CAA8C;YAChD,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;gBACtB,CAAC,CAAC,kCAAkC;gBACpC,CAAC,CAAC,qDAAqD,CAAC;IAE9D,MAAM,KAAK,GAAG;QACZ,gBAAgB;QAChB,eAAe,YAAY,EAAE,EAAE;QAC/B,gEAAgE;QAChE,SAAS,OAAO,CAAC,OAAO,EAAE;QAC1B,gBAAgB,UAAU,EAAE;QAC5B,kBAAkB,YAAY,EAAE;QAChC,kBAAkB,QAAQ,EAAE;QAC5B,IAAI;YACF,CAAC,CAAC,4BAA4B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7F,CAAC,CAAC,uEAAuE;QAC3E,eAAe,cAAc,CAAC,GAAG,CAAC,EAAE;QACpC,cAAc,SAAS,EAAE;QACzB,2BAA2B,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,wBAAwB,EAAE;KAC5F,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACxE,MAAM,uBAAuB,GAAG,MAAM,2BAA2B,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC1F,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,MAAM,aAAa,GAAG,MAAM,iBAAiB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACnE,KAAK,CAAC,IAAI,CACR,eAAe,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sCAAsC,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CACrI,CAAC;IACF,KAAK,CAAC,IAAI,CACR,mBAAmB,uBAAuB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sFAAsF,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CAClM,CAAC;IACF,KAAK,CAAC,IAAI,CACR,cAAc,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,qCAAqC,KAAK,OAAO,GAAG,CAClG,CAAC;IAEF,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CACR,sBAAsB,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,uCAAuC,KAAK,OAAO,GAAG,CAC5G,CAAC;IAEF,MAAM,KAAK,GAAG,iBAAiB,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE;QACxD,CAAC,CAAC,wBAAwB;QAC1B,CAAC,CAAC,KAAK;YACL,CAAC,CAAC,QAAQ,eAAe,EAAE,EAAE;YAC7B,CAAC,CAAC,IAAI,CAAC;IACX,KAAK,CAAC,IAAI,CACR,WAAW;QACT,CAAC,CAAC,SAAS,WAAW,YAAY,KAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;QAC7E,CAAC,CAAC,oCAAoC,CACzC,CAAC;IACF,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,SAAS,KAAK,KAAK;YACjB,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAClE,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,yBAAyB,CAAC,CAAC;IAEpE,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAuB;gBAChD,GAAG,EAAE,eAAe;gBACpB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;YACnD,IAAI,IAAI,EAAE,CAAC;gBACT,KAAK,CAAC,IAAI,CACR,IAAI,CAAC,QAAQ,KAAK,MAAM;oBACtB,CAAC,CAAC,4CAA4C;oBAC9C,CAAC,CAAC,qCAAqC,IAAI,CAAC,QAAQ,cAAc,MAAM,IAAI,CAC/E,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,wBAAwB,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,IAAI,aAAa,CAAC;IACnD,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,UAAU,IAAI,SAAS,CAAC;IACtC,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,WAAW,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,UAAU,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,GAAG,CAChH,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChD,CAAC"}
|
package/dist/cli/main.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AAuDA,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAwI1D"}
|
package/dist/cli/main.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import process from "node:process";
|
|
2
2
|
import { runDoctor } from "./doctor.js";
|
|
3
3
|
import { runBeforeShellHookFromStdin } from "../hooks/run-before-shell.js";
|
|
4
|
+
import { runBeforeMcpHookFromStdin } from "../hooks/run-before-mcp.js";
|
|
4
5
|
import { runVersion } from "./version.js";
|
|
5
6
|
function printHelp() {
|
|
6
7
|
process.stdout.write(`auditor — Praxis guard CLI
|
|
@@ -17,6 +18,7 @@ Usage:
|
|
|
17
18
|
auditor whoami Show signed-in uid, email, and token source (calls Cloud Function)
|
|
18
19
|
auditor mcp MCP stdio server (tool: guard) — use in Cursor mcp.json
|
|
19
20
|
auditor hook before-shell Cursor beforeShellExecution (stdin JSON → stdout JSON)
|
|
21
|
+
auditor hook before-mcp Cursor beforeMCPExecution (stdin JSON → stdout JSON)
|
|
20
22
|
auditor doctor Show policy path, sync revision, auth status
|
|
21
23
|
auditor policies sync Fetch policies from Cloud Functions → local policies.v1.json + meta
|
|
22
24
|
auditor version Package version and git short SHA when available
|
|
@@ -170,6 +172,10 @@ export async function runCli(argv) {
|
|
|
170
172
|
await runBeforeShellHookFromStdin();
|
|
171
173
|
return;
|
|
172
174
|
}
|
|
175
|
+
if (a0 === "hook" && a1 === "before-mcp") {
|
|
176
|
+
await runBeforeMcpHookFromStdin();
|
|
177
|
+
return;
|
|
178
|
+
}
|
|
173
179
|
process.stderr.write(`Unknown command: ${argv.join(" ")}\n\n`);
|
|
174
180
|
printHelp();
|
|
175
181
|
process.exitCode = 1;
|
package/dist/cli/main.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,SAAS,SAAS;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC
|
|
1
|
+
{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,SAAS,SAAS;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4CtB,CAAC,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAc;IACzC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnB,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC3D,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,QAAQ,EAAE,CAAC;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACvD,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;gBACzD,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACvD,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBACpB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBAC3D,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;gBAC1B,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrB,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;gBAC7D,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO;YACT,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,IAAI,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;QAC1D,UAAU,EAAE,CAAC;QACb,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,SAAS,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,UAAU,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;QACvC,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,eAAe,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACjB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC/D,MAAM,iBAAiB,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,cAAc,EAAE,CAAC;QAC3C,MAAM,2BAA2B,EAAE,CAAC;QACpC,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,YAAY,EAAE,CAAC;QACzC,MAAM,yBAAyB,EAAE,CAAC;QAClC,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,SAAS,EAAE,CAAC;IACZ,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup-doctor.d.ts","sourceRoot":"","sources":["../../src/cli/setup-doctor.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"setup-doctor.d.ts","sourceRoot":"","sources":["../../src/cli/setup-doctor.ts"],"names":[],"mappings":"AAUA,KAAK,kBAAkB,GAAG;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAwB1E;AAED,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBlE"}
|
package/dist/cli/setup-doctor.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import process from "node:process";
|
|
2
|
-
import { readHookConfigured, readMcpConfigured, resolveProjectHooksPath, resolveUserMcpConfigPath, } from "./cursor-config.js";
|
|
2
|
+
import { readHookConfigured, readBeforeMcpHookConfigured, readMcpConfigured, resolveProjectHooksPath, resolveUserMcpConfigPath, } from "./cursor-config.js";
|
|
3
3
|
export function parseSetupDoctorOptions(args) {
|
|
4
4
|
let projectDir = process.cwd();
|
|
5
5
|
let userConfigPath;
|
|
@@ -30,9 +30,11 @@ export async function runSetupDoctor(args) {
|
|
|
30
30
|
const hookPath = resolveProjectHooksPath(opts.projectDir);
|
|
31
31
|
const mcpPath = resolveUserMcpConfigPath(opts.userConfigPath);
|
|
32
32
|
const hookConfigured = await readHookConfigured(opts.projectDir).catch(() => false);
|
|
33
|
+
const beforeMcpConfigured = await readBeforeMcpHookConfigured(opts.projectDir).catch(() => false);
|
|
33
34
|
const mcpConfigured = await readMcpConfigured(opts.userConfigPath).catch(() => false);
|
|
34
35
|
process.stdout.write("setup doctor:\n");
|
|
35
36
|
process.stdout.write(` hook: ${hookConfigured ? "configured" : "missing"} (${hookPath})\n`);
|
|
37
|
+
process.stdout.write(` hook (beforeMCPExecution): ${beforeMcpConfigured ? "configured" : "missing"} (${hookPath})\n`);
|
|
36
38
|
process.stdout.write(` mcp: ${mcpConfigured ? "configured" : "missing"} (${mcpPath})\n`);
|
|
37
39
|
if (!hookConfigured || !mcpConfigured) {
|
|
38
40
|
process.stdout.write(" suggestion: run `auditor setup all`\n");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup-doctor.js","sourceRoot":"","sources":["../../src/cli/setup-doctor.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC;AAO5B,MAAM,UAAU,uBAAuB,CAAC,IAAc;IACpD,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,IAAI,cAAkC,CAAC;IAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC3D,UAAU,GAAG,KAAK,CAAC;YACnB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAC/D,cAAc,GAAG,KAAK,CAAC;YACvB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAc;IACjD,MAAM,IAAI,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,wBAAwB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE9D,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACpF,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAEtF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,WAAW,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,KAAK,CACvE,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,KAAK,OAAO,KAAK,CACpE,CAAC;IAEF,IAAI,CAAC,cAAc,IAAI,CAAC,aAAa,EAAE,CAAC;QACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"setup-doctor.js","sourceRoot":"","sources":["../../src/cli/setup-doctor.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,iBAAiB,EACjB,uBAAuB,EACvB,wBAAwB,GACzB,MAAM,oBAAoB,CAAC;AAO5B,MAAM,UAAU,uBAAuB,CAAC,IAAc;IACpD,IAAI,UAAU,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,IAAI,cAAkC,CAAC;IAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACxB,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC3D,UAAU,GAAG,KAAK,CAAC;YACnB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IAAI,GAAG,KAAK,eAAe,EAAE,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAC/D,cAAc,GAAG,KAAK,CAAC;YACvB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAc;IACjD,MAAM,IAAI,GAAG,uBAAuB,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,wBAAwB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE9D,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACpF,MAAM,mBAAmB,GAAG,MAAM,2BAA2B,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAClG,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAEtF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACxC,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,WAAW,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,KAAK,CACvE,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gCAAgC,mBAAmB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,KAAK,CACjG,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,UAAU,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,KAAK,OAAO,KAAK,CACpE,CAAC;IAEF,IAAI,CAAC,cAAc,IAAI,CAAC,aAAa,EAAE,CAAC;QACtC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC"}
|
package/dist/cli.js
CHANGED
|
@@ -2,14 +2,22 @@
|
|
|
2
2
|
import process from "node:process";
|
|
3
3
|
import { runCli } from "./cli/main.js";
|
|
4
4
|
import { failClosedHookErrorResponse } from "./hooks/run-before-shell.js";
|
|
5
|
+
import { failClosedBeforeMcpHookErrorResponse } from "./hooks/run-before-mcp.js";
|
|
5
6
|
const argv = process.argv.slice(2);
|
|
6
7
|
const isBeforeShellHook = argv[0] === "hook" && argv[1] === "before-shell";
|
|
8
|
+
const isBeforeMcpHook = argv[0] === "hook" && argv[1] === "before-mcp";
|
|
7
9
|
if (isBeforeShellHook) {
|
|
8
10
|
void runCli(argv).catch((err) => {
|
|
9
11
|
process.stdout.write(JSON.stringify(failClosedHookErrorResponse(err), null, 2));
|
|
10
12
|
process.exit(0);
|
|
11
13
|
});
|
|
12
14
|
}
|
|
15
|
+
else if (isBeforeMcpHook) {
|
|
16
|
+
void runCli(argv).catch((err) => {
|
|
17
|
+
process.stdout.write(JSON.stringify(failClosedBeforeMcpHookErrorResponse(err), null, 2));
|
|
18
|
+
process.exit(0);
|
|
19
|
+
});
|
|
20
|
+
}
|
|
13
21
|
else {
|
|
14
22
|
void runCli(argv).catch((err) => {
|
|
15
23
|
console.error(err);
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAC1E,OAAO,EAAE,oCAAoC,EAAE,MAAM,2BAA2B,CAAC;AAEjF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,MAAM,iBAAiB,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,cAAc,CAAC;AAC3E,MAAM,eAAe,GAAG,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,YAAY,CAAC;AAEvE,IAAI,iBAAiB,EAAE,CAAC;IACtB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;KAAM,IAAI,eAAe,EAAE,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,oCAAoC,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;KAAM,CAAC;IACN,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC9B,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/** Cursor `beforeMCPExecution` stdin (see https://cursor.com/docs/hooks.md). */
|
|
2
|
+
export type BeforeMCPExecutionPayload = {
|
|
3
|
+
tool_name?: unknown;
|
|
4
|
+
tool_input?: unknown;
|
|
5
|
+
url?: unknown;
|
|
6
|
+
command?: unknown;
|
|
7
|
+
};
|
|
8
|
+
export type BeforeMCPExecutionResponse = {
|
|
9
|
+
permission: "allow" | "deny" | "ask";
|
|
10
|
+
user_message?: string;
|
|
11
|
+
agent_message?: string;
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* When Cursor encodes MCP tools as `MCP:<server>:<tool>` (see Cursor hooks docs / preToolUse), split into
|
|
15
|
+
* server + bare tool name for policy rows under `policies.mcp.<server>.<tool>`.
|
|
16
|
+
*/
|
|
17
|
+
export declare function splitMcpToolName(raw: string): {
|
|
18
|
+
serverGuess: string | null;
|
|
19
|
+
tool: string;
|
|
20
|
+
};
|
|
21
|
+
/**
|
|
22
|
+
* Maps hook payload → argv for `policies.v1.json` under tool key `mcp`.
|
|
23
|
+
* Omits raw `tool_input` from argv tokens so JSON metacharacters do not trip shell metachar heuristics.
|
|
24
|
+
*/
|
|
25
|
+
export declare function mcpHookArgvFromPayload(payload: BeforeMCPExecutionPayload): string[];
|
|
26
|
+
/**
|
|
27
|
+
* Cursor `beforeMCPExecution`: stdin JSON → stdout JSON (`permission` only contract).
|
|
28
|
+
*/
|
|
29
|
+
export declare function runBeforeMcpHookFromStdin(): Promise<void>;
|
|
30
|
+
export declare function failClosedBeforeMcpHookErrorResponse(err: unknown): BeforeMCPExecutionResponse;
|
|
31
|
+
//# sourceMappingURL=run-before-mcp.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"run-before-mcp.d.ts","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAQA,gFAAgF;AAChF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAiBF;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAa1F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,MAAM,EAAE,CAkBnF;AA0BD;;GAEG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CA+I/D;AAOD,wBAAgB,oCAAoC,CAAC,GAAG,EAAE,OAAO,GAAG,0BAA0B,CAM7F"}
|
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
import { loadPoliciesV1, readPoliciesV1Revision } from "../policy/index.js";
|
|
2
|
+
import { appendAuditJsonl } from "../audit/jsonl.js";
|
|
3
|
+
import { getInstallId } from "../cli/install-id.js";
|
|
4
|
+
import { evaluateMcpProposal } from "../shell/evaluate.js";
|
|
5
|
+
import { tryConsumeShellApprovalBridge } from "../bridge/shell-approval-bridge.js";
|
|
6
|
+
import { sendGuardEvent } from "../telemetry/guard-events.js";
|
|
7
|
+
function tierToPermission(tier) {
|
|
8
|
+
if (tier === "READ")
|
|
9
|
+
return "allow";
|
|
10
|
+
return "deny";
|
|
11
|
+
}
|
|
12
|
+
function stringifyToolInput(raw) {
|
|
13
|
+
if (raw === undefined || raw === null)
|
|
14
|
+
return "";
|
|
15
|
+
if (typeof raw === "string")
|
|
16
|
+
return raw;
|
|
17
|
+
try {
|
|
18
|
+
return JSON.stringify(raw);
|
|
19
|
+
}
|
|
20
|
+
catch {
|
|
21
|
+
return String(raw);
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* When Cursor encodes MCP tools as `MCP:<server>:<tool>` (see Cursor hooks docs / preToolUse), split into
|
|
26
|
+
* server + bare tool name for policy rows under `policies.mcp.<server>.<tool>`.
|
|
27
|
+
*/
|
|
28
|
+
export function splitMcpToolName(raw) {
|
|
29
|
+
const t = raw.trim();
|
|
30
|
+
if (!t)
|
|
31
|
+
return { serverGuess: null, tool: "_" };
|
|
32
|
+
if (t.startsWith("MCP:")) {
|
|
33
|
+
const body = t.slice(4).trim();
|
|
34
|
+
const idx = body.lastIndexOf(":");
|
|
35
|
+
if (idx !== -1) {
|
|
36
|
+
const serverPart = body.slice(0, idx).trim();
|
|
37
|
+
const toolPart = body.slice(idx + 1).trim();
|
|
38
|
+
if (serverPart && toolPart)
|
|
39
|
+
return { serverGuess: serverPart, tool: toolPart };
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
return { serverGuess: null, tool: t };
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Maps hook payload → argv for `policies.v1.json` under tool key `mcp`.
|
|
46
|
+
* Omits raw `tool_input` from argv tokens so JSON metacharacters do not trip shell metachar heuristics.
|
|
47
|
+
*/
|
|
48
|
+
export function mcpHookArgvFromPayload(payload) {
|
|
49
|
+
const rawName = typeof payload.tool_name === "string" ? payload.tool_name.trim() : "";
|
|
50
|
+
const { serverGuess, tool } = splitMcpToolName(rawName);
|
|
51
|
+
let server = "stdio";
|
|
52
|
+
if (typeof payload.url === "string" && payload.url.trim()) {
|
|
53
|
+
const u = payload.url.trim();
|
|
54
|
+
try {
|
|
55
|
+
server = new URL(u).host || u;
|
|
56
|
+
}
|
|
57
|
+
catch {
|
|
58
|
+
server = u;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
else if (serverGuess) {
|
|
62
|
+
server = serverGuess;
|
|
63
|
+
}
|
|
64
|
+
else if (typeof payload.command === "string" && payload.command.trim()) {
|
|
65
|
+
server = payload.command.trim().slice(0, 400);
|
|
66
|
+
}
|
|
67
|
+
return ["mcp", server, tool || "_"];
|
|
68
|
+
}
|
|
69
|
+
async function readStdinJson() {
|
|
70
|
+
return await new Promise((resolve, reject) => {
|
|
71
|
+
let data = "";
|
|
72
|
+
process.stdin.setEncoding("utf8");
|
|
73
|
+
process.stdin.on("data", (chunk) => (data += chunk));
|
|
74
|
+
process.stdin.on("end", () => {
|
|
75
|
+
try {
|
|
76
|
+
resolve(JSON.parse(data));
|
|
77
|
+
}
|
|
78
|
+
catch (e) {
|
|
79
|
+
reject(e);
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
}
|
|
84
|
+
async function tryAppendAuditEvent(evt, auditLogRoot) {
|
|
85
|
+
try {
|
|
86
|
+
await appendAuditJsonl(evt, auditLogRoot);
|
|
87
|
+
}
|
|
88
|
+
catch (e) {
|
|
89
|
+
const msg = e instanceof Error ? e.message : String(e);
|
|
90
|
+
process.stderr.write(`[auditor] audit log append failed: ${msg}\n`);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Cursor `beforeMCPExecution`: stdin JSON → stdout JSON (`permission` only contract).
|
|
95
|
+
*/
|
|
96
|
+
export async function runBeforeMcpHookFromStdin() {
|
|
97
|
+
const payload = await readStdinJson();
|
|
98
|
+
const decisionStarted = performance.now();
|
|
99
|
+
const rawToolName = typeof payload.tool_name === "string" ? payload.tool_name.trim() : "";
|
|
100
|
+
if (!rawToolName) {
|
|
101
|
+
const response = {
|
|
102
|
+
permission: "deny",
|
|
103
|
+
user_message: "Guard: missing tool_name in beforeMCPExecution payload.",
|
|
104
|
+
agent_message: "beforeMCPExecution hook received invalid JSON (no tool_name).",
|
|
105
|
+
};
|
|
106
|
+
process.stdout.write(JSON.stringify(response, null, 2));
|
|
107
|
+
return;
|
|
108
|
+
}
|
|
109
|
+
const argv = mcpHookArgvFromPayload(payload);
|
|
110
|
+
const bareTool = argv[2] ?? "_";
|
|
111
|
+
const toolInputStr = stringifyToolInput(payload.tool_input);
|
|
112
|
+
const policy = await loadPoliciesV1();
|
|
113
|
+
const policyRevision = await readPoliciesV1Revision();
|
|
114
|
+
const { skipped, evaluation } = evaluateMcpProposal(policy, argv);
|
|
115
|
+
const { classification, flags, tier } = evaluation;
|
|
116
|
+
const reasons = evaluation.reasons.map((r) => r.message);
|
|
117
|
+
const auditLogRoot = pathResolveCwd();
|
|
118
|
+
const latency_ms = performance.now() - decisionStarted;
|
|
119
|
+
if (skipped) {
|
|
120
|
+
await tryAppendAuditEvent({
|
|
121
|
+
ts: new Date().toISOString(),
|
|
122
|
+
hook: "beforeMCPExecution",
|
|
123
|
+
tool_name: rawToolName,
|
|
124
|
+
bare_tool: bareTool,
|
|
125
|
+
tool_input: toolInputStr.slice(0, 8000),
|
|
126
|
+
argv,
|
|
127
|
+
status: "skipped",
|
|
128
|
+
skipped: true,
|
|
129
|
+
skip_reason: "mcp_policy_unmatched",
|
|
130
|
+
tier,
|
|
131
|
+
permission: "allow",
|
|
132
|
+
bridgeConsumed: false,
|
|
133
|
+
reasons,
|
|
134
|
+
latency_ms,
|
|
135
|
+
}, auditLogRoot);
|
|
136
|
+
const skipResponse = { permission: "allow" };
|
|
137
|
+
process.stdout.write(JSON.stringify(skipResponse, null, 2));
|
|
138
|
+
await sendGuardEvent({
|
|
139
|
+
ts: new Date().toISOString(),
|
|
140
|
+
status: "skipped",
|
|
141
|
+
skipped: true,
|
|
142
|
+
skip_reason: "mcp_policy_unmatched",
|
|
143
|
+
tool: "auditor-hook-mcp",
|
|
144
|
+
command_path: argv[1] ?? null,
|
|
145
|
+
verb: argv[2] ?? null,
|
|
146
|
+
resource: toolInputStr ? toolInputStr.slice(0, 500) : null,
|
|
147
|
+
reason: reasons[0] ?? "mcp_policy_unmatched",
|
|
148
|
+
cmd: `${rawToolName}`,
|
|
149
|
+
tier,
|
|
150
|
+
decision: "allow",
|
|
151
|
+
latency_ms,
|
|
152
|
+
installId: getInstallId(),
|
|
153
|
+
kind: "mcp",
|
|
154
|
+
...(policyRevision !== null ? { policy_revision: policyRevision } : {}),
|
|
155
|
+
meta: {
|
|
156
|
+
hook: "beforeMCPExecution",
|
|
157
|
+
bridgeConsumed: false,
|
|
158
|
+
},
|
|
159
|
+
});
|
|
160
|
+
return;
|
|
161
|
+
}
|
|
162
|
+
let permission = tierToPermission(tier);
|
|
163
|
+
let bridgeConsumed = false;
|
|
164
|
+
if (permission === "deny" && tier === "MUTATE") {
|
|
165
|
+
bridgeConsumed = await tryConsumeShellApprovalBridge(argv, { cwd: process.cwd() });
|
|
166
|
+
if (bridgeConsumed)
|
|
167
|
+
permission = "allow";
|
|
168
|
+
}
|
|
169
|
+
const response = permission === "allow"
|
|
170
|
+
? {
|
|
171
|
+
permission,
|
|
172
|
+
...(bridgeConsumed
|
|
173
|
+
? {
|
|
174
|
+
agent_message: "Allowed via shell approval bridge (MCP guard token redeemed for this argv; one-shot consumed).",
|
|
175
|
+
}
|
|
176
|
+
: {}),
|
|
177
|
+
}
|
|
178
|
+
: {
|
|
179
|
+
permission,
|
|
180
|
+
user_message: `MCP tool call blocked by guard (tier=${tier}).`,
|
|
181
|
+
agent_message: `Blocked by guard. tier=${tier} tool_name=${rawToolName} argv=${JSON.stringify(argv)} reasons=${reasons.join(";") || "policy"}`,
|
|
182
|
+
};
|
|
183
|
+
await tryAppendAuditEvent({
|
|
184
|
+
ts: new Date().toISOString(),
|
|
185
|
+
hook: "beforeMCPExecution",
|
|
186
|
+
tool_name: rawToolName,
|
|
187
|
+
bare_tool: bareTool,
|
|
188
|
+
tool_input: toolInputStr.slice(0, 8000),
|
|
189
|
+
argv,
|
|
190
|
+
classification,
|
|
191
|
+
flags,
|
|
192
|
+
tier,
|
|
193
|
+
permission,
|
|
194
|
+
bridgeConsumed,
|
|
195
|
+
reasons,
|
|
196
|
+
latency_ms,
|
|
197
|
+
}, auditLogRoot);
|
|
198
|
+
process.stdout.write(JSON.stringify(response, null, 2));
|
|
199
|
+
const status = permission === "allow" ? "passed" : "blocked";
|
|
200
|
+
await sendGuardEvent({
|
|
201
|
+
ts: new Date().toISOString(),
|
|
202
|
+
status,
|
|
203
|
+
tool: "auditor-hook-mcp",
|
|
204
|
+
command_path: argv[1] ?? null,
|
|
205
|
+
verb: argv[2] ?? null,
|
|
206
|
+
resource: toolInputStr ? toolInputStr.slice(0, 500) : null,
|
|
207
|
+
reason: reasons[0] ?? null,
|
|
208
|
+
cmd: `${rawToolName}`,
|
|
209
|
+
tier,
|
|
210
|
+
decision: permission === "allow" ? "allow" : "block",
|
|
211
|
+
latency_ms,
|
|
212
|
+
installId: getInstallId(),
|
|
213
|
+
kind: "mcp",
|
|
214
|
+
...(policyRevision !== null ? { policy_revision: policyRevision } : {}),
|
|
215
|
+
meta: {
|
|
216
|
+
hook: "beforeMCPExecution",
|
|
217
|
+
bridgeConsumed,
|
|
218
|
+
},
|
|
219
|
+
});
|
|
220
|
+
}
|
|
221
|
+
function pathResolveCwd() {
|
|
222
|
+
const cwd = process.cwd();
|
|
223
|
+
return cwd?.trim() ? cwd.trim() : undefined;
|
|
224
|
+
}
|
|
225
|
+
export function failClosedBeforeMcpHookErrorResponse(err) {
|
|
226
|
+
return {
|
|
227
|
+
permission: "deny",
|
|
228
|
+
user_message: "Guard MCP hook crashed; blocking MCP call (failClosed).",
|
|
229
|
+
agent_message: `Guard beforeMCPExecution hook crashed: ${String(err)}`,
|
|
230
|
+
};
|
|
231
|
+
}
|
|
232
|
+
//# sourceMappingURL=run-before-mcp.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"run-before-mcp.js","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAa,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,6BAA6B,EAAE,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAgB9D,SAAS,gBAAgB,CAAC,IAAU;IAClC,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACpC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAY;IACtC,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IACjD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IACrB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAChD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,UAAU,IAAI,QAAQ;gBAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACjF,CAAC;IACH,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAkC;IACvE,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,MAAM,GAAG,OAAO,CAAC;IACrB,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,GAAG,CAAC,CAAC;QACb,CAAC;IACH,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,MAAM,GAAG,WAAW,CAAC;IACvB,CAAC;SAAM,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,IAAI,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,aAAa;IAC1B,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,GAA4B,EAAE,YAAqB;IACpF,IAAI,CAAC;QACH,MAAM,gBAAgB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,MAAM,OAAO,GAAG,MAAM,aAAa,EAA6B,CAAC;IACjE,MAAM,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;IAE1C,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,QAAQ,GAA+B;YAC3C,UAAU,EAAE,MAAM;YAClB,YAAY,EAAE,yDAAyD;YACvE,aAAa,EAAE,+DAA+D;SAC/E,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC;IAChC,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IACtC,MAAM,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;IACtD,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAClE,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC;IACnD,MAAM,OAAO,GAAa,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAEnE,MAAM,YAAY,GAAG,cAAc,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IAEvD,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,mBAAmB,CACvB;YACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,oBAAoB;YAC1B,SAAS,EAAE,WAAW;YACtB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;YACvC,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,sBAAsB;YACnC,IAAI;YACJ,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,OAAO;YACP,UAAU;SACX,EACD,YAAY,CACb,CAAC;QAEF,MAAM,YAAY,GAA+B,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;QACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAE5D,MAAM,cAAc,CAAC;YACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,sBAAsB;YACnC,IAAI,EAAE,kBAAkB;YACxB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;YAC7B,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;YACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;YAC1D,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,sBAAsB;YAC5C,GAAG,EAAE,GAAG,WAAW,EAAE;YACrB,IAAI;YACJ,QAAQ,EAAE,OAAO;YACjB,UAAU;YACV,SAAS,EAAE,YAAY,EAAE;YACzB,IAAI,EAAE,KAAK;YACX,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,IAAI,EAAE;gBACJ,IAAI,EAAE,oBAAoB;gBAC1B,cAAc,EAAE,KAAK;aACtB;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,IAAI,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,UAAU,KAAK,MAAM,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/C,cAAc,GAAG,MAAM,6BAA6B,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACnF,IAAI,cAAc;YAAE,UAAU,GAAG,OAAO,CAAC;IAC3C,CAAC;IAED,MAAM,QAAQ,GACZ,UAAU,KAAK,OAAO;QACpB,CAAC,CAAC;YACE,UAAU;YACV,GAAG,CAAC,cAAc;gBAChB,CAAC,CAAC;oBACE,aAAa,EACX,gGAAgG;iBACnG;gBACH,CAAC,CAAC,EAAE,CAAC;SACR;QACH,CAAC,CAAC;YACE,UAAU;YACV,YAAY,EAAE,wCAAwC,IAAI,IAAI;YAC9D,aAAa,EAAE,0BAA0B,IAAI,cAAc,WAAW,SAAS,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,EAAE;SAC/I,CAAC;IAER,MAAM,mBAAmB,CACvB;QACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,IAAI,EAAE,oBAAoB;QAC1B,SAAS,EAAE,WAAW;QACtB,SAAS,EAAE,QAAQ;QACnB,UAAU,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;QACvC,IAAI;QACJ,cAAc;QACd,KAAK;QACL,IAAI;QACJ,UAAU;QACV,cAAc;QACd,OAAO;QACP,UAAU;KACX,EACD,YAAY,CACb,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExD,MAAM,MAAM,GAAG,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7D,MAAM,cAAc,CAAC;QACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,MAAM;QACN,IAAI,EAAE,kBAAkB;QACxB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QAC7B,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC1D,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,IAAI;QAC1B,GAAG,EAAE,GAAG,WAAW,EAAE;QACrB,IAAI;QACJ,QAAQ,EAAE,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;QACpD,UAAU;QACV,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,KAAK;QACX,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,IAAI,EAAE;YACJ,IAAI,EAAE,oBAAoB;YAC1B,cAAc;SACf;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc;IACrB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,OAAO,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,GAAY;IAC/D,OAAO;QACL,UAAU,EAAE,MAAM;QAClB,YAAY,EAAE,yDAAyD;QACvE,aAAa,EAAE,0CAA0C,MAAM,CAAC,GAAG,CAAC,EAAE;KACvE,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,6 +2,6 @@ export { loadPoliciesV1 } from "./policy/index.js";
|
|
|
2
2
|
export type { PoliciesV1, Tier, Classification } from "./policy/index.js";
|
|
3
3
|
export { appendAuditJsonl } from "./audit/jsonl.js";
|
|
4
4
|
export { DEFAULT_SHELL_BRIDGE_TTL_MS, recordShellApprovalBridge, shellArgvApprovalId, shellBridgeDir, shouldRecordShellBridge, tryConsumeShellApprovalBridge, } from "./bridge/shell-approval-bridge.js";
|
|
5
|
-
export { DEFAULT_GOVERNED_SHELL_TOOLS, evaluateArgv, evaluateShellProposal, gateShellCommand, parseCommandToArgv, type GuardEvaluation, type GuardReason, type ShellGateDecision, } from "./shell/evaluate.js";
|
|
5
|
+
export { DEFAULT_GOVERNED_SHELL_TOOLS, evaluateArgv, evaluateMcpProposal, evaluateShellProposal, gateShellCommand, parseCommandToArgv, type GuardEvaluation, type GuardReason, type ShellGateDecision, } from "./shell/evaluate.js";
|
|
6
6
|
export { failClosedHookErrorResponse, runBeforeShellHookFromStdin, type BeforeShellExecutionPayload, type BeforeShellExecutionResponse, } from "./hooks/run-before-shell.js";
|
|
7
7
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,mBAAmB,EACnB,cAAc,EACd,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,4BAA4B,EAC5B,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,iBAAiB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,EAC3B,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,GAClC,MAAM,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAE1E,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,mBAAmB,EACnB,cAAc,EACd,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,4BAA4B,EAC5B,YAAY,EACZ,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,iBAAiB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,EAC3B,KAAK,2BAA2B,EAChC,KAAK,4BAA4B,GAClC,MAAM,6BAA6B,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export { loadPoliciesV1 } from "./policy/index.js";
|
|
2
2
|
export { appendAuditJsonl } from "./audit/jsonl.js";
|
|
3
3
|
export { DEFAULT_SHELL_BRIDGE_TTL_MS, recordShellApprovalBridge, shellArgvApprovalId, shellBridgeDir, shouldRecordShellBridge, tryConsumeShellApprovalBridge, } from "./bridge/shell-approval-bridge.js";
|
|
4
|
-
export { DEFAULT_GOVERNED_SHELL_TOOLS, evaluateArgv, evaluateShellProposal, gateShellCommand, parseCommandToArgv, } from "./shell/evaluate.js";
|
|
4
|
+
export { DEFAULT_GOVERNED_SHELL_TOOLS, evaluateArgv, evaluateMcpProposal, evaluateShellProposal, gateShellCommand, parseCommandToArgv, } from "./shell/evaluate.js";
|
|
5
5
|
export { failClosedHookErrorResponse, runBeforeShellHookFromStdin, } from "./hooks/run-before-shell.js";
|
|
6
6
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,mBAAmB,EACnB,cAAc,EACd,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,4BAA4B,EAC5B,YAAY,EACZ,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,GAInB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,GAG5B,MAAM,6BAA6B,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,mBAAmB,EACnB,cAAc,EACd,uBAAuB,EACvB,6BAA6B,GAC9B,MAAM,mCAAmC,CAAC;AAE3C,OAAO,EACL,4BAA4B,EAC5B,YAAY,EACZ,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,GAInB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,GAG5B,MAAM,6BAA6B,CAAC"}
|
package/dist/mcp/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAmJA,8EAA8E;AAC9E,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAmJA,8EAA8E;AAC9E,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CA2JvD"}
|
package/dist/mcp/server.js
CHANGED
|
@@ -6,7 +6,7 @@ import { loadPoliciesV1, readPoliciesV1Revision } from "../policy/index.js";
|
|
|
6
6
|
import { resolveGuardToken } from "../cli/credentials.js";
|
|
7
7
|
import { getInstallId } from "../cli/install-id.js";
|
|
8
8
|
import { recordShellApprovalBridge, shouldRecordShellBridge } from "../bridge/shell-approval-bridge.js";
|
|
9
|
-
import {
|
|
9
|
+
import { evaluateMcpProposal, evaluateShellProposal, parseCommandToArgv, } from "../shell/evaluate.js";
|
|
10
10
|
import { sendGuardEvent } from "../telemetry/guard-events.js";
|
|
11
11
|
import { resolveGuardAuditStatus } from "./guard-audit-status.js";
|
|
12
12
|
import { AUDITOR_CLI_VERSION } from "../runtime/version.js";
|
|
@@ -146,7 +146,7 @@ export async function runMcpStdioServer() {
|
|
|
146
146
|
: input.proposal.argv;
|
|
147
147
|
const { skipped, evaluation } = input.proposal.kind === "shell"
|
|
148
148
|
? evaluateShellProposal(policy, argv)
|
|
149
|
-
:
|
|
149
|
+
: evaluateMcpProposal(policy, argv);
|
|
150
150
|
const tier = evaluation.tier;
|
|
151
151
|
const reasons = [...evaluation.reasons];
|
|
152
152
|
const fingerprint = argvFingerprint(argv);
|
|
@@ -214,7 +214,11 @@ export async function runMcpStdioServer() {
|
|
|
214
214
|
ts: new Date().toISOString(),
|
|
215
215
|
status,
|
|
216
216
|
skipped,
|
|
217
|
-
...(skipped
|
|
217
|
+
...(skipped
|
|
218
|
+
? {
|
|
219
|
+
skip_reason: input.proposal.kind === "shell" ? "ungoverned_shell_tool" : "mcp_policy_unmatched",
|
|
220
|
+
}
|
|
221
|
+
: {}),
|
|
218
222
|
tool: "auditor-mcp",
|
|
219
223
|
command_path: argv[0] ?? null,
|
|
220
224
|
verb: actionVerb,
|
package/dist/mcp/server.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAa,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AACxG,OAAO,EACL,
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/mcp/server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAa,MAAM,oBAAoB,CAAC;AAEvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,uBAAuB,EAAE,MAAM,oCAAoC,CAAC;AACxG,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;AACtD,MAAM,kBAAkB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAEpD,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,IAAI,EAAE,eAAe;IACrB,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,kBAAkB;QACxB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAChC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACnC,CAAC;IACF,OAAO,EAAE,CAAC;SACP,MAAM,CAAC;QACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC3E,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAIH,SAAS,cAAc,CAAC,IAAU;IAChC,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,OAAO,CAAC;IACpC,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,kBAAkB,CAAC;IACjD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe,CAAC,IAAuB;IAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,wFAAwF;AACxF,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAsD,CAAC;AAC7F,SAAS,qBAAqB;IAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,sBAAsB,EAAE,CAAC;QAClD,IAAI,GAAG,GAAG,GAAG,CAAC,SAAS;YAAE,sBAAsB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,MAAM,qBAAqB,GAAG,eAAe,CAAC,gBAAgB,CAAC,CAAC;AAEhE,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AACjD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACjD,IAAI,cAAc,GAAyC,IAAI,CAAC;AAChE,IAAI,yBAAyB,GAAG,CAAC,CAAC;AAElC,SAAS,wBAAwB;IAC/B,IAAI,yBAAyB,GAAG,CAAC;QAAE,OAAO,0BAA0B,CAAC;IACrE,OAAO,IAAI,CAAC,GAAG,CACb,0BAA0B,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,yBAAyB,GAAG,CAAC,CAAC,EACzE,yBAAyB,CAC1B,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB;IAC5B,IAAI,cAAc;QAAE,YAAY,CAAC,cAAc,CAAC,CAAC;IACjD,cAAc,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE;QACrC,yBAAyB,EAAE,CAAC;QAC5B,MAAM,kBAAkB,EAAE,CAAC;QAC3B,qBAAqB,EAAE,CAAC;IAC1B,CAAC,EAAE,wBAAwB,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,kBAAkB;IACzB,yBAAyB,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,kBAAkB;IAC/B,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,qBAAqB,CAAC;IACrF,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAClC,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,MAAM,OAAO,GAAG;QACd,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,aAAa;QACnB,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,SAAS;QACjB,MAAM,EAAE;YACN,EAAE,EAAE,OAAO,CAAC,QAAQ;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,IAAI,EAAE,OAAO,CAAC,OAAO;SACtB;KACF,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,YAAY,EAAE;YACpC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,GAAG,IAAI,CAAC,CAAC;IAClE,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,KAAgC,EAChC,WAAmB,EACnB,IAAU;IAEV,IAAI,CAAC,KAAK,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC9C,MAAM,GAAG,GAAG,sBAAsB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC9C,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,GAAG;YAAE,sBAAsB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAG,CAAC,WAAW,KAAK,WAAW;QAAE,OAAO,KAAK,CAAC;IAClD,sBAAsB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE,CAAC;IACtC,MAAM,cAAc,GAAG,MAAM,sBAAsB,EAAE,CAAC;IACtD,MAAM,kBAAkB,EAAE,CAAC;IAC3B,qBAAqB,EAAE,CAAC;IAExB,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,mBAAmB;KAC7B,CAAC,CAAC;IAEH,MAAM,CAAC,YAAY,CACjB,OAAO,EACP;QACE,WAAW,EACT,6IAA6I;QAC/I,WAAW,EAAE,gBAAgB;KAC9B,EACD,KAAK,EAAE,KAAK,EAAE,EAAE;QACd,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC;QAC1B,qBAAqB,EAAE,CAAC;QACxB,kBAAkB,EAAE,CAAC;QAErB,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,WAAW;YACrC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC;YAChD,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAExB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAC3B,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO;YAC7B,CAAC,CAAC,qBAAqB,CAAC,MAAM,EAAE,IAAI,CAAC;YACrC,CAAC,CAAC,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAExC,MAAM,IAAI,GAAS,UAAU,CAAC,IAAI,CAAC;QACnC,MAAM,OAAO,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QACxC,MAAM,WAAW,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI,CAAC;QAE9D,MAAM,QAAQ,GACZ,CAAC,OAAO,IAAI,sBAAsB,CAAC,cAAc,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC;QAExE,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAkB,CAAC;QACvB,IAAI,OAAO,IAAI,QAAQ;YAAE,QAAQ,GAAG,OAAO,CAAC;aACvC,IAAI,IAAI,KAAK,aAAa;YAAE,QAAQ,GAAG,OAAO,CAAC;;YAC/C,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QAErC,MAAM,UAAU,GAAG,QAAQ,KAAK,kBAAkB,CAAC;QACnD,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvD,IAAI,UAAU,IAAI,QAAQ,EAAE,CAAC;YAC3B,sBAAsB,CAAC,GAAG,CAAC,QAAQ,EAAE;gBACnC,WAAW;gBACX,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;aACvC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG;YACf,QAAQ;YACR,OAAO;YACP,IAAI;YACJ,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;YAC3E,OAAO;YACP,MAAM,EAAE;gBACN,QAAQ;gBACR,IAAI;gBACJ,OAAO,EAAE,EAAE;aACZ;YACD,QAAQ,EAAE;gBACR,QAAQ,EAAE,QAAQ,KAAK,kBAAkB;gBACzC,KAAK,EAAE,QAAQ;gBACf,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;gBACnF,YAAY,EACV,QAAQ,KAAK,kBAAkB;oBAC7B,CAAC,CAAC,2IAA2I;oBAC7I,CAAC,CAAC,QAAQ;wBACR,CAAC,CAAC,yDAAyD;wBAC3D,CAAC,CAAC,IAAI;aACb;YACD,KAAK,EAAE;gBACL,QAAQ;gBACR,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;aAC1C;YACD,SAAS,EAAE;gBACT,SAAS,EAAE,KAAK;gBAChB,MAAM,EAAE,IAAI;aACb;SACF,CAAC;QAEF,MAAM,WAAW,GACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,QAAQ,CAAC,EAAE,OAAO;YAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,IAAI,KAAK,QAAQ,CAAC,EAAE,IAAI;YACtD,IAAI,CAAC;QACP,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QACnC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACxE,MAAM,MAAM,GAAG,uBAAuB,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QAE9D,KAAK,cAAc,CAAC;YAClB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,MAAM;YACN,OAAO;YACP,GAAG,CAAC,OAAO;gBACT,CAAC,CAAC;oBACE,WAAW,EACT,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,sBAAsB;iBACrF;gBACH,CAAC,CAAC,EAAE,CAAC;YACP,IAAI,EAAE,aAAa;YACnB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;YAC7B,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,cAAc;YACxB,MAAM,EAAE,WAAW;YACnB,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACnB,IAAI;YACJ,QAAQ;YACR,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;YACzC,QAAQ;YACR,SAAS,EAAE,YAAY,EAAE;YACzB,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,IAAI;YACzB,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACxE,CAAC,CAAC;QAEH,IACE,KAAK,CAAC,QAAQ,CAAC,IAAI,KAAK,OAAO;YAC/B,uBAAuB,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,EACpD,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,yBAAyB,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC;gBACnE,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,uBAAuB;oBAC7B,OAAO,EACL,0FAA0F;iBAC7F,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,4BAA4B;oBAClC,OAAO,EAAE,yEAAyE;iBACnF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACrE,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC"}
|
package/dist/policies.v1.json
CHANGED
|
@@ -525,6 +525,16 @@
|
|
|
525
525
|
"clean": "DESTRUCTIVE",
|
|
526
526
|
"rm": "DESTRUCTIVE"
|
|
527
527
|
}
|
|
528
|
+
},
|
|
529
|
+
"mcp": {
|
|
530
|
+
"user-salai-MCP": {
|
|
531
|
+
"delete_cart": "DESTRUCTIVE",
|
|
532
|
+
"*": "READ"
|
|
533
|
+
},
|
|
534
|
+
"stdio": {
|
|
535
|
+
"delete_cart": "DESTRUCTIVE",
|
|
536
|
+
"*": "READ"
|
|
537
|
+
}
|
|
528
538
|
}
|
|
529
539
|
}
|
|
530
540
|
}
|
package/dist/policy/index.d.ts
CHANGED
|
@@ -29,6 +29,10 @@ export type Classification = {
|
|
|
29
29
|
export declare function ensureTiersComplete(tiers: readonly Tier[]): void;
|
|
30
30
|
export declare function parsePoliciesV1Json(raw: unknown): PoliciesV1;
|
|
31
31
|
export declare function defaultPoliciesV1Path(): string;
|
|
32
|
+
/** Effective path when `opts.policyPath` is omitted (env override matches `auditor doctor` / help). */
|
|
33
|
+
export declare function resolvedPoliciesV1Path(opts?: {
|
|
34
|
+
policyPath?: string;
|
|
35
|
+
}): string;
|
|
32
36
|
export declare function policiesV1MetaPathFor(policyFilePath: string): string;
|
|
33
37
|
export declare function defaultPoliciesMetaPath(): string;
|
|
34
38
|
export declare function readPoliciesV1Revision(opts?: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,UAAU;;;;EAA4C,CAAC;AACpE,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAE9C,eAAO,MAAM,gBAAgB;;;;;;;;;;;;iBAI3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,QAOzD;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,UAAU,CAO5D;AAuBD,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAIpE;AAED,wBAAgB,uBAAuB,IAAI,MAAM,CAEhD;AAED,wBAAsB,sBAAsB,CAAC,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAWnG;AA0BD,wBAAsB,cAAc,CAAC,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAUxF;AA0BD,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,SAAS,MAAM,EAAE,GACtB;IAAE,cAAc,EAAE,cAAc,CAAC;IAAC,KAAK,EAAE;QAAE,cAAc,EAAE,OAAO,CAAC;QAAC,eAAe,EAAE,OAAO,CAAA;KAAE,CAAA;CAAE,CAoFlG"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,UAAU;;;;EAA4C,CAAC;AACpE,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAE9C,eAAO,MAAM,gBAAgB;;;;;;;;;;;;iBAI3B,CAAC;AAEH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE1D,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,QAOzD;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,UAAU,CAO5D;AAuBD,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED,uGAAuG;AACvG,wBAAgB,sBAAsB,CAAC,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAK7E;AAED,wBAAgB,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAIpE;AAED,wBAAgB,uBAAuB,IAAI,MAAM,CAEhD;AAED,wBAAsB,sBAAsB,CAAC,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAWnG;AA0BD,wBAAsB,cAAc,CAAC,IAAI,CAAC,EAAE;IAAE,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAUxF;AA0BD,wBAAgB,YAAY,CAC1B,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,SAAS,MAAM,EAAE,GACtB;IAAE,cAAc,EAAE,cAAc,CAAC;IAAC,KAAK,EAAE;QAAE,cAAc,EAAE,OAAO,CAAC;QAAC,eAAe,EAAE,OAAO,CAAA;KAAE,CAAA;CAAE,CAoFlG"}
|
package/dist/policy/index.js
CHANGED
|
@@ -46,6 +46,15 @@ function defaultPraxisDir() {
|
|
|
46
46
|
export function defaultPoliciesV1Path() {
|
|
47
47
|
return path.join(defaultPraxisDir(), "policies.v1.json");
|
|
48
48
|
}
|
|
49
|
+
/** Effective path when `opts.policyPath` is omitted (env override matches `auditor doctor` / help). */
|
|
50
|
+
export function resolvedPoliciesV1Path(opts) {
|
|
51
|
+
if (opts?.policyPath?.trim())
|
|
52
|
+
return opts.policyPath.trim();
|
|
53
|
+
const fromEnv = process.env.PRAXIS_POLICIES_V1_PATH?.trim();
|
|
54
|
+
if (fromEnv)
|
|
55
|
+
return fromEnv;
|
|
56
|
+
return defaultPoliciesV1Path();
|
|
57
|
+
}
|
|
49
58
|
export function policiesV1MetaPathFor(policyFilePath) {
|
|
50
59
|
const dir = path.dirname(policyFilePath);
|
|
51
60
|
const base = path.basename(policyFilePath, ".json");
|
|
@@ -55,7 +64,7 @@ export function defaultPoliciesMetaPath() {
|
|
|
55
64
|
return policiesV1MetaPathFor(defaultPoliciesV1Path());
|
|
56
65
|
}
|
|
57
66
|
export async function readPoliciesV1Revision(opts) {
|
|
58
|
-
const policyPath = opts
|
|
67
|
+
const policyPath = resolvedPoliciesV1Path(opts);
|
|
59
68
|
const metaPath = policiesV1MetaPathFor(policyPath);
|
|
60
69
|
try {
|
|
61
70
|
const raw = await readFile(metaPath, "utf8");
|
|
@@ -89,7 +98,7 @@ async function bootstrapPoliciesIfMissing(policyPath) {
|
|
|
89
98
|
}
|
|
90
99
|
}
|
|
91
100
|
export async function loadPoliciesV1(opts) {
|
|
92
|
-
const policyPath = opts
|
|
101
|
+
const policyPath = resolvedPoliciesV1Path(opts);
|
|
93
102
|
await bootstrapPoliciesIfMissing(policyPath);
|
|
94
103
|
const raw = await readFile(policyPath, "utf8");
|
|
95
104
|
try {
|
package/dist/policy/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;AAGpE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE;IACrC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;CACvF,CAAC,CAAC;AAYH,MAAM,UAAU,mBAAmB,CAAC,KAAsB;IACxD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzB,KAAK,MAAM,QAAQ,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAU,EAAE,CAAC;QAClE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,SAAS,yBAAyB;IAChC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO;QACL,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,qBAAqB,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,mCAAmC,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B;IACjC,KAAK,MAAM,SAAS,IAAI,yBAAyB,EAAE,EAAE,CAAC;QACpD,IAAI,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IAC9C,CAAC;IACD,MAAM,IAAI,KAAK,CACb,8CAA8C,yBAAyB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9G,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,cAAsB;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,qBAAqB,CAAC,qBAAqB,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,IAA8B;IACzE,MAAM,UAAU,GAAG,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/policy/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC;AAGpE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE;IACrC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;CACvF,CAAC,CAAC;AAYH,MAAM,UAAU,mBAAmB,CAAC,KAAsB;IACxD,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzB,KAAK,MAAM,QAAQ,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAU,EAAE,CAAC;QAClE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvC,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,SAAS,yBAAyB;IAChC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO;QACL,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,qBAAqB,CAAC;QACzC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,mCAAmC,CAAC;KACxD,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B;IACjC,KAAK,MAAM,SAAS,IAAI,yBAAyB,EAAE,EAAE,CAAC;QACpD,IAAI,UAAU,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IAC9C,CAAC;IACD,MAAM,IAAI,KAAK,CACb,8CAA8C,yBAAyB,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9G,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,UAAU,qBAAqB;IACnC,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAC3D,CAAC;AAED,uGAAuG;AACvG,MAAM,UAAU,sBAAsB,CAAC,IAA8B;IACnE,IAAI,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC5D,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,CAAC;IAC5D,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5B,OAAO,qBAAqB,EAAE,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,cAAsB;IAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,qBAAqB,CAAC,qBAAqB,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,IAA8B;IACzE,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;IACnD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA2B,CAAC;QACzD,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,0BAA0B,CAAC,UAAkB;IAC1D,IAAI,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO;IAEnC,MAAM,WAAW,GAAG,0BAA0B,EAAE,CAAC;IACjD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACrC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEtC,MAAM,SAAS,GAAG,GAAG,UAAU,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;IACrD,MAAM,QAAQ,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IACvC,MAAM,MAAM,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAEpC,MAAM,QAAQ,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,MAAM,aAAa,GAAG;YACpB,QAAQ,EAAE,CAAC;YACX,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAClC,MAAM,EAAE,mBAAmB;SAC5B,CAAC;QACF,MAAM,OAAO,GAAG,GAAG,QAAQ,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;QACjD,MAAM,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChF,MAAM,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAA8B;IACjE,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,0BAA0B,CAAC,UAAU,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,OAAO,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,KAAK,GAAG,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,GAAG,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAuB,EAAE,cAAiC;IACnF,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;IAClC,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,iBAAiB,CACxB,YAAkC,EAClC,IAAuB,EACvB,SAAiB,EACjB,KAAoB;IAEpB,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,QAAQ,GAAG,GAAG,KAAK,IAAI,KAAK,EAAE,CAAC;IACrC,IAAI,YAAY,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IAC5C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,MAAkB,EAClB,IAAuB;IAEvB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC7B,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,eAAe,GAAG,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;IAExE,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpC,OAAO;YACL,cAAc,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;YACxF,KAAK,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,SAAS,GAAyC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAG3E,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC,aAAa,CAAC,CAAC;QACnC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO;gBACL,cAAc,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;gBACnF,KAAK,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE;aAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC7B,IAAI,IAAsB,CAAC;QAC3B,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;YAClB,IAAI,IAAI,KAAK,SAAS;gBAAE,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,OAAO;gBACL,cAAc,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;gBAC7E,KAAK,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE;aAC3C,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAClG,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjG,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;QAC3B,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC;QACtC,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,IAAK,EAA2B,CAAC;QACxE,MAAM,IAAI,GAAG,iBAAiB,CAAC,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAErE,IAAI,IAAsB,CAAC;QAC3B,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;YAC1B,IAAI,IAAI,KAAK,SAAS;gBAAE,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,OAAO;gBACL,cAAc,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;gBACrF,KAAK,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE;aAC3C,CAAC;QACJ,CAAC;QAED,OAAO;YACL,cAAc,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;YAC1E,KAAK,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE;SAC3C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,cAAc,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QAC9G,KAAK,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE;KAC3C,CAAC;AACJ,CAAC"}
|
package/dist/shell/evaluate.d.ts
CHANGED
|
@@ -20,9 +20,16 @@ export type ShellGateDecision = {
|
|
|
20
20
|
agent_message?: string;
|
|
21
21
|
evaluation: GuardEvaluation;
|
|
22
22
|
};
|
|
23
|
+
/**
|
|
24
|
+
* MCP proposals (`beforeMCPExecution` hook, MCP `guard` with `kind: "mcp"`): if argv does not match any
|
|
25
|
+
* row under `policies.mcp`, pass-through (same idea as ungoverned shell tools).
|
|
26
|
+
*/
|
|
27
|
+
export declare function evaluateMcpProposal(policy: PoliciesV1, argv: string[]): {
|
|
28
|
+
skipped: boolean;
|
|
29
|
+
evaluation: GuardEvaluation;
|
|
30
|
+
};
|
|
23
31
|
/**
|
|
24
32
|
* Shell proposals only: outside governed CLIs → pass-through (same scope as the Cursor hook).
|
|
25
|
-
* MCP uses {@link evaluateShellProposal} so `kind: "shell"` matches hook semantics.
|
|
26
33
|
*/
|
|
27
34
|
export declare function evaluateShellProposal(policy: PoliciesV1, argv: string[], governedTools?: string[]): {
|
|
28
35
|
skipped: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/shell/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,KAAK,UAAU,EAAE,KAAK,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAK9E,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAEnE,MAAM,MAAM,WAAW,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC;AAE/F,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,cAAc,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAClE,KAAK,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC;CACjD,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,eAAe,CAAC;CAC7B,CAAC;AAEF;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,MAAM,EAAE,EACd,aAAa,GAAE,MAAM,EAAsC,GAC1D;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAoBnD;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,eAAe,CAkChF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B,GAAG,iBAAiB,CAmBpB"}
|
|
1
|
+
{"version":3,"file":"evaluate.d.ts","sourceRoot":"","sources":["../../src/shell/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,KAAK,UAAU,EAAE,KAAK,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAK9E,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAEnE,MAAM,MAAM,WAAW,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,CAAC;AAE/F,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,cAAc,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC,gBAAgB,CAAC,CAAC;IAClE,KAAK,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC,OAAO,CAAC,CAAC;CACjD,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,eAAe,CAAC;CAC7B,CAAC;AAEF;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,MAAM,EAAE,GACb;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAoBnD;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,UAAU,EAClB,IAAI,EAAE,MAAM,EAAE,EACd,aAAa,GAAE,MAAM,EAAsC,GAC1D;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,eAAe,CAAA;CAAE,CAoBnD;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,eAAe,CAkChF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE;IACrC,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B,GAAG,iBAAiB,CAmBpB"}
|
package/dist/shell/evaluate.js
CHANGED
|
@@ -3,9 +3,33 @@ import { parseCommandToArgv } from "./parse.js";
|
|
|
3
3
|
import { DEFAULT_GOVERNED_SHELL_TOOLS } from "./governed-tools.js";
|
|
4
4
|
export { parseCommandToArgv } from "./parse.js";
|
|
5
5
|
export { DEFAULT_GOVERNED_SHELL_TOOLS } from "./governed-tools.js";
|
|
6
|
+
/**
|
|
7
|
+
* MCP proposals (`beforeMCPExecution` hook, MCP `guard` with `kind: "mcp"`): if argv does not match any
|
|
8
|
+
* row under `policies.mcp`, pass-through (same idea as ungoverned shell tools).
|
|
9
|
+
*/
|
|
10
|
+
export function evaluateMcpProposal(policy, argv) {
|
|
11
|
+
const { classification, flags } = classifyArgv(policy, argv);
|
|
12
|
+
if (!classification.matched) {
|
|
13
|
+
return {
|
|
14
|
+
skipped: true,
|
|
15
|
+
evaluation: {
|
|
16
|
+
argv: [...argv],
|
|
17
|
+
tier: "READ",
|
|
18
|
+
reasons: [
|
|
19
|
+
{
|
|
20
|
+
code: "skipped",
|
|
21
|
+
message: "No policy entry matched this MCP argv; pass-through.",
|
|
22
|
+
},
|
|
23
|
+
],
|
|
24
|
+
classification: { ...classification, tier: "READ" },
|
|
25
|
+
flags,
|
|
26
|
+
},
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
return { skipped: false, evaluation: evaluateArgv(policy, argv) };
|
|
30
|
+
}
|
|
6
31
|
/**
|
|
7
32
|
* Shell proposals only: outside governed CLIs → pass-through (same scope as the Cursor hook).
|
|
8
|
-
* MCP uses {@link evaluateShellProposal} so `kind: "shell"` matches hook semantics.
|
|
9
33
|
*/
|
|
10
34
|
export function evaluateShellProposal(policy, argv, governedTools = [...DEFAULT_GOVERNED_SHELL_TOOLS]) {
|
|
11
35
|
const tool = argv[0];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../../src/shell/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA8B,MAAM,oBAAoB,CAAC;AAE9E,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAmBnE;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAkB,EAClB,IAAc,EACd,gBAA0B,CAAC,GAAG,4BAA4B,CAAC;IAE3D,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE;gBACV,IAAI;gBACJ,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,yEAAyE;qBACnF;iBACF;gBACD,cAAc,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE;gBACpG,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE;aACzD;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAkB,EAAE,IAAc;IAC7D,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,IAAI,GAAS,cAAc,CAAC,IAAI,CAAC;IAErC,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,+DAA+D;YACxE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE;SAC7G,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,uBAAuB;YAChC,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE;SACnH,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,IAAI,IAAI,KAAK,MAAM;YAAE,IAAI,GAAG,QAAQ,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC,CAAC;IACpG,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,aAAa,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,qEAAqE;YAC9E,OAAO,EAAE,EAAE,eAAe,EAAE,MAAM,CAAC,eAAe,EAAE;SACrD,CAAC,CAAC;QACH,IAAI,GAAG,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAIhC;IACC,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,GAAG,4BAA4B,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;IACxF,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,YAAY,EAAE,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,wCAAwC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;QAC7G,aAAa,EACX,UAAU,KAAK,MAAM;YACnB,CAAC,CAAC,0BAA0B,UAAU,CAAC,IAAI,UAAU,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YACtF,CAAC,CAAC,SAAS;QACf,UAAU;KACX,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"evaluate.js","sourceRoot":"","sources":["../../src/shell/evaluate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA8B,MAAM,oBAAoB,CAAC;AAE9E,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAGnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAmBnE;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,MAAkB,EAClB,IAAc;IAEd,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;QAC5B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE;gBACV,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;gBACf,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,sDAAsD;qBAChE;iBACF;gBACD,cAAc,EAAE,EAAE,GAAG,cAAc,EAAE,IAAI,EAAE,MAAc,EAAE;gBAC3D,KAAK;aACN;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,MAAkB,EAClB,IAAc,EACd,gBAA0B,CAAC,GAAG,4BAA4B,CAAC;IAE3D,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,OAAO,EAAE,IAAI;YACb,UAAU,EAAE;gBACV,IAAI;gBACJ,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,yEAAyE;qBACnF;iBACF;gBACD,cAAc,EAAE,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE;gBACpG,KAAK,EAAE,EAAE,cAAc,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE;aACzD;SACF,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,MAAkB,EAAE,IAAc;IAC7D,MAAM,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7D,IAAI,IAAI,GAAS,cAAc,CAAC,IAAI,CAAC;IAErC,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,+DAA+D;YACxE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE;SAC7G,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,uBAAuB;YAChC,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,YAAY,EAAE,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE;SACnH,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,IAAI,IAAI,KAAK,MAAM;YAAE,IAAI,GAAG,QAAQ,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,8CAA8C,EAAE,CAAC,CAAC;IACpG,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,IAAI,CAAC,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,aAAa,CAAC,EAAE,CAAC;QAC3E,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,qEAAqE;YAC9E,OAAO,EAAE,EAAE,eAAe,EAAE,MAAM,CAAC,eAAe,EAAE;SACrD,CAAC,CAAC;QACH,IAAI,GAAG,aAAa,CAAC;IACvB,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAIhC;IACC,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,GAAG,4BAA4B,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;IACxF,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,YAAY,EAAE,UAAU,KAAK,MAAM,CAAC,CAAC,CAAC,wCAAwC,UAAU,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS;QAC7G,aAAa,EACX,UAAU,KAAK,MAAM;YACnB,CAAC,CAAC,0BAA0B,UAAU,CAAC,IAAI,UAAU,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;YACtF,CAAC,CAAC,SAAS;QACf,UAAU;KACX,CAAC;AACJ,CAAC"}
|