@rigour-labs/mcp 5.2.8 → 5.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +11 -0
- package/package.json +2 -2
package/dist/index.js
CHANGED
|
@@ -79,6 +79,10 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
79
79
|
const requestId = randomUUID();
|
|
80
80
|
try {
|
|
81
81
|
await logStudioEvent(cwd, { type: "tool_call", requestId, tool: name, arguments: args });
|
|
82
|
+
// ── Image DLP warning ──────────────────────────────
|
|
83
|
+
// MCP args may contain base64 image data. Text DLP cannot scan images.
|
|
84
|
+
const argsStr = JSON.stringify(args ?? {});
|
|
85
|
+
const hasImageContent = /data:image\/|base64,[A-Za-z0-9+/=]{100,}/.test(argsStr);
|
|
82
86
|
const config = await loadConfig(cwd);
|
|
83
87
|
const runner = new GateRunner(config);
|
|
84
88
|
let result;
|
|
@@ -188,6 +192,13 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
188
192
|
default:
|
|
189
193
|
throw new Error(`Unknown tool: ${name}`);
|
|
190
194
|
}
|
|
195
|
+
// ── Prepend image DLP warning if image content was detected ──
|
|
196
|
+
if (hasImageContent && Array.isArray(result.content)) {
|
|
197
|
+
result.content.unshift({
|
|
198
|
+
type: "text",
|
|
199
|
+
text: "⚠ DLP Notice: Image content detected in this request. Text-based credential scanning cannot analyze images. Avoid sharing screenshots containing API keys, tokens, or passwords.",
|
|
200
|
+
});
|
|
201
|
+
}
|
|
191
202
|
await logStudioEvent(cwd, {
|
|
192
203
|
type: "tool_response", requestId, tool: name, status: "success",
|
|
193
204
|
content: result.content, _rigour_report: result._rigour_report,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@rigour-labs/mcp",
|
|
3
|
-
"version": "5.2.
|
|
3
|
+
"version": "5.2.9",
|
|
4
4
|
"description": "MCP server + live dashboard for AI code governance — OWASP LLM Top 10 (10/10), real-time MCP App UI, 25+ security patterns, Bayesian learning Brain, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, VS Code, ChatGPT, Goose, Windsurf. Industry presets for HIPAA, SOC2, FedRAMP.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"homepage": "https://rigour.run",
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"execa": "^8.0.1",
|
|
63
63
|
"fs-extra": "^11.2.0",
|
|
64
64
|
"yaml": "^2.8.2",
|
|
65
|
-
"@rigour-labs/core": "5.2.
|
|
65
|
+
"@rigour-labs/core": "5.2.9"
|
|
66
66
|
},
|
|
67
67
|
"devDependencies": {
|
|
68
68
|
"@types/node": "^25.0.3",
|