@rafter-security/cli 0.4.2 → 0.5.1

package/dist/commands/mcp/server.js

@@ -0,0 +1,205 @@
+import { Command } from "commander";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, ListResourcesRequestSchema, ReadResourceRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { RegexScanner } from "../../scanners/regex-scanner.js";
+import { GitleaksScanner } from "../../scanners/gitleaks.js";
+import { CommandInterceptor } from "../../core/command-interceptor.js";
+import { AuditLogger } from "../../core/audit-logger.js";
+import { ConfigManager } from "../../core/config-manager.js";
+function formatScanResults(results) {
+    return results.map(r => ({
+        file: r.file,
+        matches: r.matches.map(m => ({
+            pattern: m.pattern.name,
+            severity: m.pattern.severity,
+            line: m.line,
+            redacted: m.redacted || m.match.slice(0, 4) + "****",
+        })),
+    }));
+}
+function textResult(data) {
+    return { content: [{ type: "text", text: JSON.stringify(data) }] };
+}
+function errorResult(message) {
+    return { content: [{ type: "text", text: JSON.stringify({ error: message }) }], isError: true };
+}
+function createServer() {
+    const server = new Server({ name: "rafter", version: "0.5.0" }, { capabilities: { tools: {}, resources: {} } });
+    // ── Tools ───────────────────────────────────────────────────────────
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: [
+            {
+                name: "scan_secrets",
+                description: "Scan files or directories for hardcoded secrets and credentials",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        path: { type: "string", description: "File or directory path to scan" },
+                        engine: {
+                            type: "string",
+                            enum: ["auto", "gitleaks", "patterns"],
+                            description: "Scan engine: auto (default), gitleaks, or patterns",
+                        },
+                    },
+                    required: ["path"],
+                },
+            },
+            {
+                name: "evaluate_command",
+                description: "Evaluate whether a shell command is allowed by Rafter security policy",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        command: { type: "string", description: "Shell command to evaluate" },
+                    },
+                    required: ["command"],
+                },
+            },
+            {
+                name: "read_audit_log",
+                description: "Read Rafter audit log entries with optional filtering",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        limit: { type: "number", description: "Maximum entries to return (default: 20)" },
+                        event_type: {
+                            type: "string",
+                            description: "Filter by event type (e.g. command_intercepted, secret_detected)",
+                        },
+                        since: { type: "string", description: "ISO 8601 timestamp — only return entries after this time" },
+                    },
+                },
+            },
+            {
+                name: "get_config",
+                description: "Read Rafter configuration (full config or a specific key)",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        key: {
+                            type: "string",
+                            description: "Dot-path config key (e.g. agent.commandPolicy). Omit for full config.",
+                        },
+                    },
+                },
+            },
+        ],
+    }));
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        switch (name) {
+            case "scan_secrets": {
+                const scanPath = args?.path;
+                const engine = args?.engine || "auto";
+                if (engine === "gitleaks" || engine === "auto") {
+                    const gitleaks = new GitleaksScanner();
+                    if (await gitleaks.isAvailable()) {
+                        try {
+                            const results = await gitleaks.scanDirectory(scanPath);
+                            return textResult(formatScanResults(results));
+                        }
+                        catch {
+                            if (engine === "gitleaks")
+                                return errorResult("Gitleaks scan failed");
+                        }
+                    }
+                    else if (engine === "gitleaks") {
+                        return errorResult("Gitleaks not installed");
+                    }
+                }
+                const scanner = new RegexScanner();
+                let results;
+                try {
+                    results = scanner.scanDirectory(scanPath);
+                }
+                catch {
+                    results = [scanner.scanFile(scanPath)];
+                }
+                return textResult(formatScanResults(results));
+            }
+            case "evaluate_command": {
+                const command = args?.command;
+                const interceptor = new CommandInterceptor();
+                const result = interceptor.evaluate(command);
+                const out = {
+                    allowed: result.allowed,
+                    risk_level: result.riskLevel,
+                    requires_approval: result.requiresApproval,
+                };
+                if (result.reason)
+                    out.reason = result.reason;
+                return textResult(out);
+            }
+            case "read_audit_log": {
+                const logger = new AuditLogger();
+                const entries = logger.read({
+                    limit: args?.limit ?? 20,
+                    eventType: args?.event_type,
+                    since: args?.since ? new Date(args.since) : undefined,
+                });
+                return textResult(entries);
+            }
+            case "get_config": {
+                const manager = new ConfigManager();
+                const key = args?.key;
+                const value = key ? manager.get(key) : manager.load();
+                return textResult(value);
+            }
+            default:
+                return errorResult(`Unknown tool: ${name}`);
+        }
+    });
+    // ── Resources ───────────────────────────────────────────────────────
+    server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+        resources: [
+            {
+                uri: "rafter://config",
+                name: "Rafter Configuration",
+                description: "Current Rafter configuration",
+                mimeType: "application/json",
+            },
+            {
+                uri: "rafter://policy",
+                name: "Rafter Policy",
+                description: "Active security policy (merged .rafter.yml + config)",
+                mimeType: "application/json",
+            },
+        ],
+    }));
+    server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+        const { uri } = request.params;
+        const manager = new ConfigManager();
+        switch (uri) {
+            case "rafter://config":
+                return {
+                    contents: [{
+                            uri: "rafter://config",
+                            mimeType: "application/json",
+                            text: JSON.stringify(manager.load(), null, 2),
+                        }],
+                };
+            case "rafter://policy":
+                return {
+                    contents: [{
+                            uri: "rafter://policy",
+                            mimeType: "application/json",
+                            text: JSON.stringify(manager.loadWithPolicy(), null, 2),
+                        }],
+                };
+            default:
+                throw new Error(`Unknown resource: ${uri}`);
+        }
+    });
+    return server;
+}
+export function createMcpServeCommand() {
+    return new Command("serve")
+        .description("Start MCP server over stdio transport")
+        .option("--transport <type>", "Transport type (currently only stdio)", "stdio")
+        .action(async () => {
+        const server = createServer();
+        const transport = new StdioServerTransport();
+        await server.connect(transport);
+    });
+}

package/dist/commands/policy/export.js

@@ -0,0 +1,81 @@
+import { Command } from "commander";
+import { ConfigManager } from "../../core/config-manager.js";
+import { fmt } from "../../utils/formatter.js";
+export function createPolicyExportCommand() {
+    return new Command("export")
+        .description("Export Rafter policy for agent platforms")
+        .requiredOption("--format <format>", "Target format: claude or codex")
+        .option("--output <path>", "Write to file instead of stdout")
+        .action((opts) => {
+        const format = opts.format;
+        if (format !== "claude" && format !== "codex") {
+            console.error(fmt.error(`Unknown format: ${format}`));
+            console.error("Valid options: claude, codex");
+            process.exit(1);
+        }
+        const content = format === "claude"
+            ? generateClaudeConfig()
+            : generateCodexConfig();
+        if (opts.output) {
+            const fs = require("fs");
+            const path = require("path");
+            const dir = path.dirname(opts.output);
+            if (!fs.existsSync(dir)) {
+                fs.mkdirSync(dir, { recursive: true });
+            }
+            fs.writeFileSync(opts.output, content, "utf-8");
+            console.log(fmt.success(`Exported ${format} policy to ${opts.output}`));
+        }
+        else {
+            process.stdout.write(content);
+        }
+    });
+}
+function generateClaudeConfig() {
+    const config = {
+        hooks: {
+            PreToolUse: [
+                {
+                    matcher: "Bash",
+                    hooks: [{ type: "command", command: "rafter hook pretool" }],
+                },
+                {
+                    matcher: "Write|Edit",
+                    hooks: [{ type: "command", command: "rafter hook pretool" }],
+                },
+            ],
+        },
+    };
+    return JSON.stringify(config, null, 2) + "\n";
+}
+function generateCodexConfig() {
+    const manager = new ConfigManager();
+    const cfg = manager.loadWithPolicy();
+    const policy = cfg.agent?.commandPolicy;
+    const blocked = policy?.blockedPatterns || [];
+    const approval = policy?.requireApproval || [];
+    let toml = `# Rafter security policy for OpenAI Codex
+# Generated by: rafter policy export --format codex
+# Docs: https://docs.rafter.so/cli/pretool-hooks
+
+`;
+    if (blocked.length > 0) {
+        toml += `[rules.blocked]\n`;
+        toml += `# Commands that are always blocked\n`;
+        toml += `patterns = [\n`;
+        for (const p of blocked) {
+            toml += `    ${JSON.stringify(p)},\n`;
+        }
+        toml += `]\n\n`;
+    }
+    if (approval.length > 0) {
+        toml += `[rules.prompt]\n`;
+        toml += `# Commands that require user approval\n`;
+        toml += `patterns = [\n`;
+        for (const p of approval) {
+            toml += `    ${JSON.stringify(p)},\n`;
+        }
+        toml += `]\n`;
+    }
+    return toml;
+}

package/dist/commands/policy/index.js

@@ -0,0 +1,8 @@
+import { Command } from "commander";
+import { createPolicyExportCommand } from "./export.js";
+export function createPolicyCommand() {
+    const policy = new Command("policy")
+        .description("Security policy management");
+    policy.addCommand(createPolicyExportCommand());
+    return policy;
+}

package/dist/core/audit-logger.js

@@ -2,6 +2,7 @@ import fs from "fs";
 import path from "path";
 import { getAuditLogPath } from "./config-defaults.js";
 import { ConfigManager } from "./config-manager.js";
+import { assessCommandRisk } from "./risk-rules.js";
 export class AuditLogger {
     constructor(logPath) {
         this.logPath = logPath || getAuditLogPath();
@@ -166,38 +167,6 @@ export class AuditLogger {
      * Assess risk level of a command
      */
     assessCommandRisk(command) {
-        const critical = [
-            /rm\s+-rf\s+\//,
-            /:\(\)\{\s*:\|:&\s*\};:/, // fork bomb
-            /dd\s+if=.*of=\/dev\/sd/,
-            />\s*\/dev\/sd/
-        ];
-        const high = [
-            /rm\s+-rf/,
-            /sudo\s+rm/,
-            /chmod\s+777/,
-            /curl.*\|.*sh/,
-            /wget.*\|.*sh/,
-            /git\s+push\s+--force/
-        ];
-        const medium = [
-            /sudo/,
-            /chmod/,
-            /chown/,
-            /systemctl/
-        ];
-        for (const pattern of critical) {
-            if (pattern.test(command))
-                return "critical";
-        }
-        for (const pattern of high) {
-            if (pattern.test(command))
-                return "high";
-        }
-        for (const pattern of medium) {
-            if (pattern.test(command))
-                return "medium";
-        }
-        return "low";
+        return assessCommandRisk(command);
     }
 }

package/dist/core/command-interceptor.js

@@ -1,5 +1,6 @@
 import { ConfigManager } from "./config-manager.js";
 import { AuditLogger } from "./audit-logger.js";
+import { assessCommandRisk } from "./risk-rules.js";
 export class CommandInterceptor {
     constructor() {
         this.config = new ConfigManager();
@@ -9,7 +10,7 @@ export class CommandInterceptor {
      * Evaluate if a command should be allowed
      */
     evaluate(command) {
-        const cfg = this.config.load();
+        const cfg = this.config.loadWithPolicy();
         const policy = cfg.agent?.commandPolicy;
         if (!policy) {
             // No policy configured, allow by default
@@ -103,63 +104,18 @@ export class CommandInterceptor {
      */
     matchesPattern(command, pattern) {
         try {
-            const regex = new RegExp(pattern);
+            const regex = new RegExp(pattern, "i");
             return regex.test(command);
         }
         catch {
-            // If pattern is not valid regex, try exact match
-            return command.includes(pattern);
+            // If pattern is not valid regex, try case-insensitive substring match
+            return command.toLowerCase().includes(pattern.toLowerCase());
         }
     }
     /**
      * Assess risk level of command
      */
     assessRisk(command) {
-        // Critical patterns
-        const critical = [
-            /rm\s+-rf\s+\//,
-            /:\(\)\{\s*:\|:&\s*\};:/, // fork bomb
-            /dd\s+if=.*of=\/dev\/sd/,
-            />\s*\/dev\/sd/,
-            /mkfs/,
-            /fdisk/,
-            /parted/
-        ];
-        // High risk patterns
-        const high = [
-            /rm\s+-rf/,
-            /sudo\s+rm/,
-            /chmod\s+777/,
-            /curl.*\|.*sh/,
-            /wget.*\|.*sh/,
-            /git\s+push\s+--force/,
-            /docker\s+system\s+prune/,
-            /npm\s+publish/,
-            /pypi.*upload/
-        ];
-        // Medium risk patterns
-        const medium = [
-            /sudo/,
-            /chmod/,
-            /chown/,
-            /systemctl/,
-            /service/,
-            /kill\s+-9/,
-            /pkill/,
-            /killall/
-        ];
-        for (const pattern of critical) {
-            if (pattern.test(command))
-                return "critical";
-        }
-        for (const pattern of high) {
-            if (pattern.test(command))
-                return "high";
-        }
-        for (const pattern of medium) {
-            if (pattern.test(command))
-                return "medium";
-        }
-        return "low";
+        return assessCommandRisk(command);
     }
 }

package/dist/core/config-defaults.js

@@ -1,3 +1,4 @@
+import { DEFAULT_BLOCKED_PATTERNS, DEFAULT_REQUIRE_APPROVAL } from "./risk-rules.js";
 import os from "os";
 import path from "path";
 export const CONFIG_VERSION = "1.0.0";
@@ -27,20 +28,8 @@ export function getDefaultConfig() {
             },
             commandPolicy: {
                 mode: "approve-dangerous",
-                blockedPatterns: [
-                    "rm -rf /",
-                    ":(){ :|:& };:", // fork bomb
-                    "dd if=/dev/zero of=/dev/sda",
-                    "> /dev/sda"
-                ],
-                requireApproval: [
-                    "rm -rf",
-                    "sudo rm",
-                    "curl.*|.*sh",
-                    "wget.*|.*sh",
-                    "chmod 777",
-                    "git push --force"
-                ]
+                blockedPatterns: [...DEFAULT_BLOCKED_PATTERNS],
+                requireApproval: [...DEFAULT_REQUIRE_APPROVAL],
             },
             outputFiltering: {
                 redactSecrets: true,
@@ -61,7 +50,7 @@ export function getConfigPath() {
     return path.join(getRafterDir(), "config.json");
 }
 export function getAuditLogPath() {
-    return path.join(getRafterDir(), "audit.log");
+    return path.join(getRafterDir(), "audit.jsonl");
 }
 export function getBinDir() {
     return path.join(getRafterDir(), "bin");

package/dist/core/config-manager.js

@@ -1,6 +1,7 @@
 import fs from "fs";
 import path from "path";
 import { getDefaultConfig, getConfigPath, getRafterDir, CONFIG_VERSION } from "./config-defaults.js";
+import { loadPolicy } from "./policy-loader.js";
 export class ConfigManager {
     constructor(configPath) {
         this.configPath = configPath || getConfigPath();
@@ -101,6 +102,57 @@ export class ConfigManager {
             this.save(config);
         }
     }
+    /**
+     * Load config merged with .rafter.yml policy (policy wins)
+     */
+    loadWithPolicy() {
+        const config = this.load();
+        const policy = loadPolicy();
+        if (!policy)
+            return config;
+        // Ensure agent block exists
+        if (!config.agent) {
+            const defaults = getDefaultConfig();
+            config.agent = defaults.agent;
+        }
+        // Risk level
+        if (policy.riskLevel && config.agent) {
+            config.agent.riskLevel = policy.riskLevel;
+        }
+        // Command policy — arrays replace, not append
+        if (policy.commandPolicy && config.agent) {
+            if (policy.commandPolicy.mode) {
+                config.agent.commandPolicy.mode = policy.commandPolicy.mode;
+            }
+            if (policy.commandPolicy.blockedPatterns) {
+                config.agent.commandPolicy.blockedPatterns = policy.commandPolicy.blockedPatterns;
+            }
+            if (policy.commandPolicy.requireApproval) {
+                config.agent.commandPolicy.requireApproval = policy.commandPolicy.requireApproval;
+            }
+        }
+        // Scan settings
+        if (policy.scan && config.agent) {
+            if (!config.agent.scan)
+                config.agent.scan = {};
+            if (policy.scan.excludePaths) {
+                config.agent.scan.excludePaths = policy.scan.excludePaths;
+            }
+            if (policy.scan.customPatterns) {
+                config.agent.scan.customPatterns = policy.scan.customPatterns;
+            }
+        }
+        // Audit settings
+        if (policy.audit && config.agent) {
+            if (policy.audit.retentionDays != null) {
+                config.agent.audit.retentionDays = policy.audit.retentionDays;
+            }
+            if (policy.audit.logLevel) {
+                config.agent.audit.logLevel = policy.audit.logLevel;
+            }
+        }
+        return config;
+    }
     /**
      * Check if config exists
      */