@sigildev/sigil 0.1.0

package/dist/rules/config.js

@@ -0,0 +1,123 @@
+function findLineNumber(content, index) {
+    return content.slice(0, index).split("\n").length;
+}
+export function detectDebugMode(context) {
+    const findings = [];
+    const DEBUG_PATTERNS = [
+        /\bDEBUG\s*[:=]\s*(?:true|1|["']true["'])/gi,
+        /\bdebug\s*[:=]\s*true/g,
+        /NODE_ENV\s*[:=!]=?\s*["']development["']/g,
+        /\.use\s*\(\s*\w*[Dd]ebug/g,
+        /logging\.DEBUG/g,
+        /log_level\s*=\s*["']debug["']/gi,
+    ];
+    for (const [file, content] of context.sources) {
+        for (const pattern of DEBUG_PATTERNS) {
+            pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const line = findLineNumber(content, match.index);
+                const lineContent = content.split("\n")[line - 1] || "";
+                const trimmed = lineContent.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*"))
+                    continue;
+                // Skip if it's in a conditional check (e.g., if (NODE_ENV === 'development'))
+                if (/if\s*\(/.test(lineContent) || /if\s+/.test(lineContent))
+                    continue;
+                findings.push({
+                    ruleId: "MCS-CFG-001",
+                    severity: "medium",
+                    title: "Debug Mode Enabled",
+                    message: `Debug or development configuration appears to be enabled. Ensure this is disabled in production.`,
+                    location: { file, startLine: line, endLine: line },
+                    fix: {
+                        description: "Use environment-based configuration to disable debug mode in production.",
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+export function detectVerboseErrors(context) {
+    const findings = [];
+    const VERBOSE_PATTERNS_TS = [
+        /\.stack\b/g,
+        /error\.message\b/g,
+        /JSON\.stringify\s*\(\s*(?:err|error)\b/g,
+        /console\.error\s*\(\s*(?:err|error)\b/g,
+    ];
+    const VERBOSE_PATTERNS_PY = [
+        /traceback\.format_exc/g,
+        /traceback\.print_exc/g,
+        /str\s*\(\s*(?:e|err|error|exception)\s*\)/g,
+    ];
+    const patterns = context.language === "python" ? VERBOSE_PATTERNS_PY :
+        context.language === "typescript" ? VERBOSE_PATTERNS_TS :
+            [...VERBOSE_PATTERNS_TS, ...VERBOSE_PATTERNS_PY];
+    for (const [file, content] of context.sources) {
+        for (const pattern of patterns) {
+            pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const line = findLineNumber(content, match.index);
+                const lineContent = content.split("\n")[line - 1] || "";
+                const trimmed = lineContent.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*"))
+                    continue;
+                // Only flag if it's in a catch block or error handler that returns to client
+                const before = content.slice(Math.max(0, match.index - 500), match.index);
+                const isInCatchBlock = /catch\s*\(|except\s+/.test(before);
+                const returnsToClient = /return\s*\{|content.*text/.test(content.slice(match.index, Math.min(content.length, match.index + 200)));
+                if (isInCatchBlock && (returnsToClient || /\.stack/.test(lineContent) || /traceback/.test(lineContent))) {
+                    findings.push({
+                        ruleId: "MCS-CFG-002",
+                        severity: "low",
+                        title: "Verbose Error Messages",
+                        message: `Error handler returns detailed error information (stack traces, internal paths). This leaks implementation details.`,
+                        location: { file, startLine: line, endLine: line },
+                        fix: {
+                            description: "Return generic error messages to the client. Log detailed errors server-side only.",
+                            suggestion: 'return { content: [{ type: "text", text: "An error occurred. Please try again." }] };',
+                        },
+                    });
+                    break; // One per file is enough for this rule
+                }
+            }
+        }
+    }
+    return findings;
+}
+export function detectInsecureTransport(context) {
+    const findings = [];
+    const TRANSPORT_PATTERNS = [
+        { pattern: /(?:host|bind|listen)\s*[:=]\s*["']0\.0\.0\.0["']/g, label: "Server binds to all interfaces (0.0.0.0)" },
+        { pattern: /cors\s*[:=]\s*\{\s*origin\s*[:=]\s*["']\*["']/g, label: "CORS allows all origins" },
+        { pattern: /Access-Control-Allow-Origin['":\s]*\*/g, label: "CORS allows all origins" },
+    ];
+    for (const [file, content] of context.sources) {
+        for (const { pattern, label } of TRANSPORT_PATTERNS) {
+            pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const line = findLineNumber(content, match.index);
+                const lineContent = content.split("\n")[line - 1] || "";
+                const trimmed = lineContent.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*"))
+                    continue;
+                findings.push({
+                    ruleId: "MCS-CFG-003",
+                    severity: "medium",
+                    title: "Insecure Transport Configuration",
+                    message: `${label}. This may expose the MCP server to unauthorized access.`,
+                    location: { file, startLine: line, endLine: line },
+                    fix: {
+                        description: "Bind to localhost (127.0.0.1), use specific CORS origins, and enable TLS for HTTP transport.",
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=config.js.map

package/dist/rules/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/rules/config.ts"],"names":[],"mappings":"AAEA,SAAS,cAAc,CAAC,OAAe,EAAE,KAAa;IACpD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAwB;IACtD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,cAAc,GAAG;QACrB,4CAA4C;QAC5C,wBAAwB;QACxB,2CAA2C;QAC3C,2BAA2B;QAC3B,iBAAiB;QACjB,iCAAiC;KAClC,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;YACrC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAExD,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,EAAE,CAAC;gBACxC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAE7F,8EAA8E;gBAC9E,IAAI,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;oBAAE,SAAS;gBAEvE,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,aAAa;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,oBAAoB;oBAC3B,OAAO,EAAE,kGAAkG;oBAC3G,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;oBAClD,GAAG,EAAE;wBACH,WAAW,EAAE,0EAA0E;qBACxF;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAwB;IAC1D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,mBAAmB,GAAG;QAC1B,YAAY;QACZ,mBAAmB;QACnB,yCAAyC;QACzC,wCAAwC;KACzC,CAAC;IAEF,MAAM,mBAAmB,GAAG;QAC1B,wBAAwB;QACxB,uBAAuB;QACvB,4CAA4C;KAC7C,CAAC;IAEF,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;QACrD,OAAO,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;YACzD,CAAC,GAAG,mBAAmB,EAAE,GAAG,mBAAmB,CAAC,CAAC;IAEnD,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAExD,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,EAAE,CAAC;gBACxC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAE7F,6EAA6E;gBAC7E,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAC1E,MAAM,cAAc,GAAG,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC3D,MAAM,eAAe,GAAG,2BAA2B,CAAC,IAAI,CACtD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,CACxE,CAAC;gBAEF,IAAI,cAAc,IAAI,CAAC,eAAe,IAAI,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;oBACxG,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,aAAa;wBACrB,QAAQ,EAAE,KAAK;wBACf,KAAK,EAAE,wBAAwB;wBAC/B,OAAO,EAAE,qHAAqH;wBAC9H,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;wBAClD,GAAG,EAAE;4BACH,WAAW,EAAE,oFAAoF;4BACjG,UAAU,EAAE,uFAAuF;yBACpG;qBACF,CAAC,CAAC;oBACH,MAAM,CAAC,uCAAuC;gBAChD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAwB;IAC9D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,MAAM,kBAAkB,GAAG;QACzB,EAAE,OAAO,EAAE,mDAAmD,EAAE,KAAK,EAAE,0CAA0C,EAAE;QACnH,EAAE,OAAO,EAAE,gDAAgD,EAAE,KAAK,EAAE,yBAAyB,EAAE;QAC/F,EAAE,OAAO,EAAE,wCAAwC,EAAE,KAAK,EAAE,yBAAyB,EAAE;KACxF,CAAC;IAEF,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,kBAAkB,EAAE,CAAC;YACpD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAExD,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,EAAE,CAAC;gBACxC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAE7F,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,aAAa;oBACrB,QAAQ,EAAE,QAAQ;oBAClB,KAAK,EAAE,kCAAkC;oBACzC,OAAO,EAAE,GAAG,KAAK,0DAA0D;oBAC3E,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;oBAClD,GAAG,EAAE;wBACH,WAAW,EAAE,8FAA8F;qBAC5G;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/rules/data.d.ts

@@ -0,0 +1,4 @@
+import type { AnalysisContext, Finding } from "../analyzers/types.js";
+export declare function detectEnvVarExposure(context: AnalysisContext): Finding[];
+export declare function detectCredentialLeakage(context: AnalysisContext): Finding[];
+//# sourceMappingURL=data.d.ts.map

package/dist/rules/data.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data.d.ts","sourceRoot":"","sources":["../../src/rules/data.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAmBtE,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,EAAE,CAkCxE;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,EAAE,CAmC3E"}

package/dist/rules/data.js

@@ -0,0 +1,79 @@
+// Patterns that expose entire environment
+const ENV_EXPOSURE_TS = [
+    /\bprocess\.env\b(?!\s*\.)(?!\s*\[)/g, // process.env without any key access (bare reference)
+    /JSON\.stringify\s*\(\s*process\.env\b/g,
+    /Object\.(?:keys|values|entries)\s*\(\s*process\.env\b/g,
+];
+const ENV_EXPOSURE_PY = [
+    /\bos\.environ\b(?!\s*\.\s*get)(?!\s*\[)/g, // os.environ without .get() or []
+    /dict\s*\(\s*os\.environ\b/g,
+    /json\.dumps\s*\(\s*(?:dict\s*\(\s*)?os\.environ/g,
+];
+function findLineNumber(content, index) {
+    return content.slice(0, index).split("\n").length;
+}
+export function detectEnvVarExposure(context) {
+    const findings = [];
+    const patterns = context.language === "python" ? ENV_EXPOSURE_PY :
+        context.language === "typescript" ? ENV_EXPOSURE_TS :
+            [...ENV_EXPOSURE_TS, ...ENV_EXPOSURE_PY];
+    for (const [file, content] of context.sources) {
+        for (const pattern of patterns) {
+            pattern.lastIndex = 0;
+            let match;
+            while ((match = pattern.exec(content)) !== null) {
+                const line = findLineNumber(content, match.index);
+                const lineContent = content.split("\n")[line - 1] || "";
+                const trimmed = lineContent.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*"))
+                    continue;
+                findings.push({
+                    ruleId: "MCS-DATA-001",
+                    severity: "high",
+                    title: "Environment Variable Exposure",
+                    message: `Entire process environment is accessed without filtering. This exposes API keys, credentials, and secrets to the LLM.`,
+                    location: { file, startLine: line, endLine: line },
+                    fix: {
+                        description: "Access only specific environment variables by name, or filter out sensitive keys before returning.",
+                        suggestion: "const safeEnv = { NODE_ENV: process.env.NODE_ENV, PORT: process.env.PORT };",
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+export function detectCredentialLeakage(context) {
+    const findings = [];
+    // Patterns that return raw API responses without redaction
+    const LEAK_PATTERNS = [
+        /res\.(?:headers|data|body)\b/g,
+        /response\.(?:headers|data|body)\b/g,
+    ];
+    // This rule is hard to detect well with regex alone — keep it conservative
+    // Flag cases where raw HTTP response objects are returned in tool responses
+    for (const [file, content] of context.sources) {
+        // Look for tool handlers that return raw response data
+        const toolHandlerRegex = /\.tool\s*\([^)]*\)\s*[^{]*\{[\s\S]*?return\s*\{[\s\S]*?content/g;
+        let handlerMatch;
+        while ((handlerMatch = toolHandlerRegex.exec(content)) !== null) {
+            const handlerText = handlerMatch[0];
+            // Check if the handler returns raw response headers (may contain auth tokens)
+            if (/headers/.test(handlerText) && /JSON\.stringify/.test(handlerText)) {
+                const line = findLineNumber(content, handlerMatch.index);
+                findings.push({
+                    ruleId: "MCS-DATA-002",
+                    severity: "high",
+                    title: "Credential Leakage in Tool Responses",
+                    message: `Tool handler may return raw HTTP response headers containing authentication tokens. Filter sensitive headers before returning.`,
+                    location: { file, startLine: line, endLine: line },
+                    fix: {
+                        description: "Redact authorization headers and other sensitive fields from API responses before returning to the LLM.",
+                    },
+                });
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=data.js.map

package/dist/rules/data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data.js","sourceRoot":"","sources":["../../src/rules/data.ts"],"names":[],"mappings":"AAEA,0CAA0C;AAC1C,MAAM,eAAe,GAAG;IACtB,qCAAqC,EAAE,sDAAsD;IAC7F,wCAAwC;IACxC,wDAAwD;CACzD,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,0CAA0C,EAAE,kCAAkC;IAC9E,4BAA4B;IAC5B,kDAAkD;CACnD,CAAC;AAEF,SAAS,cAAc,CAAC,OAAe,EAAE,KAAa;IACpD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,OAAwB;IAC3D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QACjD,OAAO,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACrD,CAAC,GAAG,eAAe,EAAE,GAAG,eAAe,CAAC,CAAC;IAE3C,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YACtB,IAAI,KAAK,CAAC;YACV,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;gBAExD,MAAM,OAAO,GAAG,WAAW,CAAC,SAAS,EAAE,CAAC;gBACxC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAE7F,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,cAAc;oBACtB,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,+BAA+B;oBACtC,OAAO,EAAE,uHAAuH;oBAChI,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;oBAClD,GAAG,EAAE;wBACH,WAAW,EAAE,oGAAoG;wBACjH,UAAU,EAAE,6EAA6E;qBAC1F;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAwB;IAC9D,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,2DAA2D;IAC3D,MAAM,aAAa,GAAG;QACpB,+BAA+B;QAC/B,oCAAoC;KACrC,CAAC;IAEF,2EAA2E;IAC3E,4EAA4E;IAC5E,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,uDAAuD;QACvD,MAAM,gBAAgB,GAAG,iEAAiE,CAAC;QAC3F,IAAI,YAAY,CAAC;QACjB,OAAO,CAAC,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YAChE,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YACpC,8EAA8E;YAC9E,IAAI,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACvE,MAAM,IAAI,GAAG,cAAc,CAAC,OAAO,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC;gBACzD,QAAQ,CAAC,IAAI,CAAC;oBACZ,MAAM,EAAE,cAAc;oBACtB,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,sCAAsC;oBAC7C,OAAO,EAAE,gIAAgI;oBACzI,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;oBAClD,GAAG,EAAE;wBACH,WAAW,EAAE,yGAAyG;qBACvH;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/rules/deps.d.ts

@@ -0,0 +1,3 @@
+import type { AnalysisContext, Finding } from "../analyzers/types.js";
+export declare function detectVulnerableDeps(context: AnalysisContext): Promise<Finding[]>;
+//# sourceMappingURL=deps.d.ts.map

package/dist/rules/deps.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deps.d.ts","sourceRoot":"","sources":["../../src/rules/deps.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAY,MAAM,uBAAuB,CAAC;AA8BhF,wBAAsB,oBAAoB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAwDvF"}

package/dist/rules/deps.js

@@ -0,0 +1,68 @@
+function mapOsvSeverity(vuln) {
+    if (vuln.severity && vuln.severity.length > 0) {
+        const score = parseFloat(vuln.severity[0].score);
+        if (score >= 9.0)
+            return "critical";
+        if (score >= 7.0)
+            return "high";
+        if (score >= 4.0)
+            return "medium";
+        return "low";
+    }
+    return "medium"; // default if no severity info
+}
+export async function detectVulnerableDeps(context) {
+    const findings = [];
+    if (!context.manifest)
+        return findings;
+    const allDeps = {
+        ...context.manifest.dependencies,
+        ...context.manifest.devDependencies,
+    };
+    const ecosystem = context.language === "python" ? "PyPI" : "npm";
+    for (const [name, versionSpec] of Object.entries(allDeps)) {
+        // Clean version spec (remove ^, ~, >=, etc.)
+        const version = versionSpec.replace(/^[\^~>=<]+/, "");
+        if (!version || version === "*" || version === "latest")
+            continue;
+        try {
+            const response = await fetch("https://api.osv.dev/v1/query", {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    package: { name, ecosystem },
+                    version,
+                }),
+            });
+            if (!response.ok)
+                continue;
+            const data = (await response.json());
+            if (data.vulns && data.vulns.length > 0) {
+                for (const vuln of data.vulns) {
+                    findings.push({
+                        ruleId: "MCS-DEP-001",
+                        severity: mapOsvSeverity(vuln),
+                        title: "Known Vulnerable Dependency",
+                        message: `${name}@${version} has known vulnerability ${vuln.id}${vuln.summary ? `: ${vuln.summary}` : ""}`,
+                        location: {
+                            file: context.manifest.lockfilePath
+                                ? context.manifest.lockfilePath.split("/").pop() || "package.json"
+                                : "package.json",
+                            startLine: 1,
+                            endLine: 1,
+                        },
+                        fix: {
+                            description: `Update ${name} to a patched version.`,
+                        },
+                    });
+                }
+            }
+        }
+        catch {
+            // Network error — skip this dep silently
+            continue;
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=deps.js.map

package/dist/rules/deps.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"deps.js","sourceRoot":"","sources":["../../src/rules/deps.ts"],"names":[],"mappings":"AAmBA,SAAS,cAAc,CAAC,IAAsB;IAC5C,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACjD,IAAI,KAAK,IAAI,GAAG;YAAE,OAAO,UAAU,CAAC;QACpC,IAAI,KAAK,IAAI,GAAG;YAAE,OAAO,MAAM,CAAC;QAChC,IAAI,KAAK,IAAI,GAAG;YAAE,OAAO,QAAQ,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,QAAQ,CAAC,CAAC,8BAA8B;AACjD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAwB;IACjE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO,CAAC,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAEvC,MAAM,OAAO,GAAG;QACd,GAAG,OAAO,CAAC,QAAQ,CAAC,YAAY;QAChC,GAAG,OAAO,CAAC,QAAQ,CAAC,eAAe;KACpC,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAEjE,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1D,6CAA6C;QAC7C,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,QAAQ;YAAE,SAAS;QAElE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,8BAA8B,EAAE;gBAC3D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC5B,OAAO;iBACR,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAAE,SAAS;YAE3B,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;YACpD,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBAC9B,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,aAAa;wBACrB,QAAQ,EAAE,cAAc,CAAC,IAAI,CAAC;wBAC9B,KAAK,EAAE,6BAA6B;wBACpC,OAAO,EAAE,GAAG,IAAI,IAAI,OAAO,4BAA4B,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;wBAC1G,QAAQ,EAAE;4BACR,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,YAAY;gCACjC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,cAAc;gCAClE,CAAC,CAAC,cAAc;4BAClB,SAAS,EAAE,CAAC;4BACZ,OAAO,EAAE,CAAC;yBACX;wBACD,GAAG,EAAE;4BACH,WAAW,EAAE,UAAU,IAAI,wBAAwB;yBACpD;qBACF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/rules/description.d.ts

@@ -0,0 +1,3 @@
+import type { AnalysisContext, Finding } from "../analyzers/types.js";
+export declare function detectSuspiciousDescriptions(context: AnalysisContext): Finding[];
+//# sourceMappingURL=description.d.ts.map

package/dist/rules/description.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"description.d.ts","sourceRoot":"","sources":["../../src/rules/description.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AA8EtE,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,EAAE,CA0BhF"}

package/dist/rules/description.js

@@ -0,0 +1,91 @@
+// Prompt injection patterns in tool descriptions
+const INJECTION_PATTERNS = [
+    // Override/ignore instructions
+    { pattern: /ignore\s+(?:previous|prior|above|all)\s+instructions/i, label: "Instruction override pattern" },
+    { pattern: /disregard\s+(?:previous|prior|above|all)/i, label: "Instruction override pattern" },
+    { pattern: /forget\s+(?:your|all)\s+(?:previous\s+)?instructions/i, label: "Instruction override pattern" },
+    { pattern: /you\s+are\s+now\s+/i, label: "Role hijacking pattern" },
+    { pattern: /new\s+instructions?\s*:/i, label: "Instruction injection pattern" },
+    { pattern: /system\s*:\s*/i, label: "System prompt injection" },
+    { pattern: /IMPORTANT\s*:\s*(?:Before|Also|First|Always)/i, label: "Injected priority instruction" },
+    // Exfiltration patterns
+    { pattern: /~\/\.ssh/i, label: "SSH key exfiltration attempt" },
+    { pattern: /\.env\b/i, label: "Environment file exfiltration attempt" },
+    { pattern: /id_rsa/i, label: "SSH private key reference" },
+    { pattern: /send\s+(?:the\s+)?(?:data|content|result|response|info|information)\s+to/i, label: "Data exfiltration instruction" },
+    { pattern: /forward\s+(?:the\s+)?(?:data|content|result|response)\s+to/i, label: "Data forwarding instruction" },
+    { pattern: /https?:\/\/[^\s"']+/i, label: "URL in tool description (potential exfiltration target)" },
+    // Cross-tool manipulation
+    { pattern: /(?:call|invoke|use|execute|run)\s+the\s+\w+\s+tool/i, label: "Cross-tool invocation instruction" },
+    { pattern: /before\s+returning.*(?:also|first)\s+(?:read|call|send|access)/i, label: "Hidden pre-action instruction" },
+    { pattern: /include\s+(?:the\s+)?(?:contents?|data|output)\s+(?:of|from)/i, label: "Data inclusion instruction" },
+    // Hidden content patterns
+    { pattern: /[\u200B\u200C\u200D\u2060\uFEFF]/, label: "Zero-width Unicode characters (hidden content)" },
+];
+// Find string literals that look like tool descriptions in source code
+function extractDescriptionStrings(content, language) {
+    const descriptions = [];
+    const lines = content.split("\n");
+    if (language === "typescript" || language === "unknown") {
+        // Pattern: server.tool("name", "description", ...)
+        // The description is typically the second string argument
+        const toolCallRegex = /\.tool\s*\(\s*["'`][^"'`]*["'`]\s*,\s*(["'`])([\s\S]*?)\1/g;
+        let match;
+        while ((match = toolCallRegex.exec(content)) !== null) {
+            const desc = match[2];
+            const line = content.slice(0, match.index).split("\n").length;
+            descriptions.push({ text: desc, line });
+        }
+        // Also check multi-line template literals after tool name
+        const templateRegex = /\.tool\s*\(\s*["'`][^"'`]*["'`]\s*,\s*`([^`]*)`/g;
+        while ((match = templateRegex.exec(content)) !== null) {
+            const desc = match[1];
+            const line = content.slice(0, match.index).split("\n").length;
+            descriptions.push({ text: desc, line });
+        }
+    }
+    if (language === "python" || language === "unknown") {
+        // Pattern: @mcp.tool() with docstring, or description parameter
+        // FastMCP: @mcp.tool(description="...")
+        const pyDescRegex = /description\s*=\s*["']([\s\S]*?)["']/g;
+        let match;
+        while ((match = pyDescRegex.exec(content)) !== null) {
+            const desc = match[1];
+            const line = content.slice(0, match.index).split("\n").length;
+            descriptions.push({ text: desc, line });
+        }
+        // Also check docstrings after @mcp.tool() decorated functions
+        const docstringRegex = /def\s+\w+[^:]*:\s*\n\s*"""([\s\S]*?)"""/g;
+        while ((match = docstringRegex.exec(content)) !== null) {
+            const desc = match[1];
+            const line = content.slice(0, match.index).split("\n").length;
+            descriptions.push({ text: desc, line });
+        }
+    }
+    return descriptions;
+}
+export function detectSuspiciousDescriptions(context) {
+    const findings = [];
+    for (const [file, content] of context.sources) {
+        const descriptions = extractDescriptionStrings(content, context.language);
+        for (const { text, line } of descriptions) {
+            for (const { pattern, label } of INJECTION_PATTERNS) {
+                if (pattern.test(text)) {
+                    findings.push({
+                        ruleId: "MCS-DESC-001",
+                        severity: "high",
+                        title: "Suspicious Instructions in Tool Descriptions",
+                        message: `Tool description contains ${label}. This may be tool poisoning — hidden instructions processed by the LLM but not visible to users.`,
+                        location: { file, startLine: line, endLine: line },
+                        fix: {
+                            description: "Remove suspicious instructions from the tool description. Descriptions should only describe what the tool does, not instruct the model to take additional actions.",
+                        },
+                    });
+                    break; // One finding per description is enough
+                }
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=description.js.map

package/dist/rules/description.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"description.js","sourceRoot":"","sources":["../../src/rules/description.ts"],"names":[],"mappings":"AAEA,iDAAiD;AACjD,MAAM,kBAAkB,GAA8C;IACpE,+BAA+B;IAC/B,EAAE,OAAO,EAAE,uDAAuD,EAAE,KAAK,EAAE,8BAA8B,EAAE;IAC3G,EAAE,OAAO,EAAE,2CAA2C,EAAE,KAAK,EAAE,8BAA8B,EAAE;IAC/F,EAAE,OAAO,EAAE,uDAAuD,EAAE,KAAK,EAAE,8BAA8B,EAAE;IAC3G,EAAE,OAAO,EAAE,qBAAqB,EAAE,KAAK,EAAE,wBAAwB,EAAE;IACnE,EAAE,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,+BAA+B,EAAE;IAC/E,EAAE,OAAO,EAAE,gBAAgB,EAAE,KAAK,EAAE,yBAAyB,EAAE;IAC/D,EAAE,OAAO,EAAE,+CAA+C,EAAE,KAAK,EAAE,+BAA+B,EAAE;IAEpG,wBAAwB;IACxB,EAAE,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,8BAA8B,EAAE;IAC/D,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,uCAAuC,EAAE;IACvE,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,2BAA2B,EAAE;IAC1D,EAAE,OAAO,EAAE,2EAA2E,EAAE,KAAK,EAAE,+BAA+B,EAAE;IAChI,EAAE,OAAO,EAAE,6DAA6D,EAAE,KAAK,EAAE,6BAA6B,EAAE;IAChH,EAAE,OAAO,EAAE,sBAAsB,EAAE,KAAK,EAAE,yDAAyD,EAAE;IAErG,0BAA0B;IAC1B,EAAE,OAAO,EAAE,qDAAqD,EAAE,KAAK,EAAE,mCAAmC,EAAE;IAC9G,EAAE,OAAO,EAAE,iEAAiE,EAAE,KAAK,EAAE,+BAA+B,EAAE;IACtH,EAAE,OAAO,EAAE,+DAA+D,EAAE,KAAK,EAAE,4BAA4B,EAAE;IAEjH,0BAA0B;IAC1B,EAAE,OAAO,EAAE,kCAAkC,EAAE,KAAK,EAAE,gDAAgD,EAAE;CACzG,CAAC;AAEF,uEAAuE;AACvE,SAAS,yBAAyB,CAAC,OAAe,EAAE,QAAgB;IAClE,MAAM,YAAY,GAA0C,EAAE,CAAC;IAC/D,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAElC,IAAI,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACxD,mDAAmD;QACnD,0DAA0D;QAC1D,MAAM,aAAa,GAAG,4DAA4D,CAAC;QACnF,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC9D,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAG,kDAAkD,CAAC;QACzE,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACtD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC9D,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;QACpD,gEAAgE;QAChE,wCAAwC;QACxC,MAAM,WAAW,GAAG,uCAAuC,CAAC;QAC5D,IAAI,KAAK,CAAC;QACV,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACpD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC9D,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,8DAA8D;QAC9D,MAAM,cAAc,GAAG,0CAA0C,CAAC;QAClE,OAAO,CAAC,KAAK,GAAG,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;YACvD,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC;YAC9D,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,OAAwB;IACnE,MAAM,QAAQ,GAAc,EAAE,CAAC;IAE/B,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9C,MAAM,YAAY,GAAG,yBAAyB,CAAC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAE1E,KAAK,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,YAAY,EAAE,CAAC;YAC1C,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,kBAAkB,EAAE,CAAC;gBACpD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,MAAM,EAAE,cAAc;wBACtB,QAAQ,EAAE,MAAM;wBAChB,KAAK,EAAE,8CAA8C;wBACrD,OAAO,EAAE,6BAA6B,KAAK,mGAAmG;wBAC9I,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE;wBAClD,GAAG,EAAE;4BACH,WAAW,EAAE,oKAAoK;yBAClL;qBACF,CAAC,CAAC;oBACH,MAAM,CAAC,wCAAwC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/rules/index.d.ts

@@ -0,0 +1,3 @@
+import type { RuleDefinition } from "../analyzers/types.js";
+export declare const rules: RuleDefinition[];
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAA4B,MAAM,uBAAuB,CAAC;AAetF,eAAO,MAAM,KAAK,EAAE,cAAc,EAoKjC,CAAC"}

package/dist/rules/index.js

@@ -0,0 +1,154 @@
+import { detectCommandInjection, detectSqlInjection, detectPathTraversal } from "./injection.js";
+import { detectBroadCapabilities, detectUnrestrictedFilesystem, detectArbitraryCodeExecution } from "./permissions.js";
+import { detectEnvVarExposure, detectCredentialLeakage } from "./data.js";
+import { detectMissingInputSchema } from "./validation.js";
+import { detectSuspiciousDescriptions } from "./description.js";
+import { detectHardcodedCredentials, detectSecretsInConfig } from "./auth.js";
+import { detectDebugMode, detectVerboseErrors, detectInsecureTransport } from "./config.js";
+// Wrapper to handle both sync and async detect functions uniformly
+function syncDetect(fn) {
+    return fn;
+}
+export const rules = [
+    // ─── Injection ───
+    {
+        id: "MCS-INJ-001",
+        name: "Command Injection via Tool Input",
+        severity: "critical",
+        category: "injection",
+        description: "User-controlled tool inputs passed to shell execution functions (exec, execSync, spawn with shell: true)",
+        detect: syncDetect(detectCommandInjection),
+    },
+    {
+        id: "MCS-INJ-002",
+        name: "SQL Injection via Tool Input",
+        severity: "critical",
+        category: "injection",
+        description: "Tool inputs concatenated into SQL strings without parameterized queries",
+        detect: syncDetect(detectSqlInjection),
+    },
+    {
+        id: "MCS-INJ-003",
+        name: "Path Traversal in File Operations",
+        severity: "high",
+        category: "injection",
+        description: "Tool inputs used in file paths without canonicalization or directory restriction",
+        detect: syncDetect(detectPathTraversal),
+    },
+    // ─── Permissions ───
+    {
+        id: "MCS-PERM-001",
+        name: "Overly Broad Tool Capabilities",
+        severity: "high",
+        category: "permissions",
+        description: "Tools performing dangerous operations (file write, network, exec, DB mutations) without scope restrictions",
+        detect: syncDetect(detectBroadCapabilities),
+    },
+    {
+        id: "MCS-PERM-002",
+        name: "Unrestricted Filesystem Access",
+        severity: "high",
+        category: "permissions",
+        description: "File system tools with no directory allowlist or path prefix restriction",
+        detect: syncDetect(detectUnrestrictedFilesystem),
+    },
+    {
+        id: "MCS-PERM-003",
+        name: "Tool Can Execute Arbitrary Code",
+        severity: "critical",
+        category: "permissions",
+        description: "Tools that evaluate user input as code (eval, Function, exec in Python, vm.runInNewContext)",
+        detect: syncDetect(detectArbitraryCodeExecution),
+    },
+    // ─── Data Exfiltration ───
+    {
+        id: "MCS-DATA-001",
+        name: "Environment Variable Exposure",
+        severity: "high",
+        category: "data-exfiltration",
+        description: "Tools or resources that return process.env / os.environ without filtering",
+        detect: syncDetect(detectEnvVarExposure),
+    },
+    {
+        id: "MCS-DATA-002",
+        name: "Credential Leakage in Tool Responses",
+        severity: "high",
+        category: "data-exfiltration",
+        description: "Tool responses that include raw API responses containing auth tokens or credentials without redaction",
+        detect: syncDetect(detectCredentialLeakage),
+    },
+    // ─── Input Validation ───
+    {
+        id: "MCS-VALID-001",
+        name: "Missing Input Schema",
+        severity: "medium",
+        category: "validation",
+        description: "Tools registered without input validation schemas (empty inputSchema or no Zod/JSON Schema)",
+        detect: syncDetect(detectMissingInputSchema),
+    },
+    // ─── Tool Description Integrity ───
+    {
+        id: "MCS-DESC-001",
+        name: "Suspicious Instructions in Tool Descriptions",
+        severity: "high",
+        category: "description",
+        description: "Tool descriptions containing prompt injection patterns: override instructions, exfiltration URLs, cross-tool manipulation",
+        detect: syncDetect(detectSuspiciousDescriptions),
+    },
+    // ─── Authentication & Secrets ───
+    {
+        id: "MCS-AUTH-001",
+        name: "Hardcoded Credentials",
+        severity: "critical",
+        category: "auth",
+        description: "API keys, tokens, passwords, or connection strings hardcoded in server source",
+        detect: syncDetect(detectHardcodedCredentials),
+    },
+    {
+        id: "MCS-AUTH-002",
+        name: "Secrets in MCP Configuration",
+        severity: "high",
+        category: "auth",
+        description: "API keys or tokens directly in MCP config files (env block) rather than referenced from environment",
+        detect: syncDetect(detectSecretsInConfig),
+    },
+    // ─── Configuration ───
+    {
+        id: "MCS-CFG-001",
+        name: "Debug Mode Enabled",
+        severity: "medium",
+        category: "config",
+        description: "Debug or development configuration left enabled in production builds",
+        detect: syncDetect(detectDebugMode),
+    },
+    {
+        id: "MCS-CFG-002",
+        name: "Verbose Error Messages",
+        severity: "low",
+        category: "config",
+        description: "Error handlers that return full stack traces, internal paths, or system information to the client",
+        detect: syncDetect(detectVerboseErrors),
+    },
+    {
+        id: "MCS-CFG-003",
+        name: "Insecure Transport Configuration",
+        severity: "medium",
+        category: "config",
+        description: "HTTP servers without TLS, servers binding to 0.0.0.0, CORS configured with wildcard origin",
+        detect: syncDetect(detectInsecureTransport),
+    },
+    // ─── Dependencies ───
+    {
+        id: "MCS-DEP-001",
+        name: "Known Vulnerable Dependencies",
+        severity: "high",
+        category: "dependencies",
+        description: "Dependencies with known CVEs in package-lock.json / requirements.txt",
+        detect: (_ctx) => {
+            // DEP-001 is async (network call to OSV.dev) — skip in sync rule loop.
+            // It's called separately in scanner.ts.
+            return [];
+        },
+    },
+];
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AACjG,OAAO,EAAE,uBAAuB,EAAE,4BAA4B,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AACvH,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAC3D,OAAO,EAAE,4BAA4B,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,qBAAqB,EAAE,MAAM,WAAW,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAG5F,mEAAmE;AACnE,SAAS,UAAU,CAAC,EAAuC;IACzD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,CAAC,MAAM,KAAK,GAAqB;IACrC,oBAAoB;IACpB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,WAAW,EACT,0GAA0G;QAC5G,MAAM,EAAE,UAAU,CAAC,sBAAsB,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,WAAW;QACrB,WAAW,EACT,yEAAyE;QAC3E,MAAM,EAAE,UAAU,CAAC,kBAAkB,CAAC;KACvC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,mCAAmC;QACzC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,WAAW;QACrB,WAAW,EACT,kFAAkF;QACpF,MAAM,EAAE,UAAU,CAAC,mBAAmB,CAAC;KACxC;IAED,sBAAsB;IACtB;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,WAAW,EACT,4GAA4G;QAC9G,MAAM,EAAE,UAAU,CAAC,uBAAuB,CAAC;KAC5C;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,gCAAgC;QACtC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,WAAW,EACT,0EAA0E;QAC5E,MAAM,EAAE,UAAU,CAAC,4BAA4B,CAAC;KACjD;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,iCAAiC;QACvC,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,aAAa;QACvB,WAAW,EACT,6FAA6F;QAC/F,MAAM,EAAE,UAAU,CAAC,4BAA4B,CAAC;KACjD;IAED,4BAA4B;IAC5B;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EACT,2EAA2E;QAC7E,MAAM,EAAE,UAAU,CAAC,oBAAoB,CAAC;KACzC;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sCAAsC;QAC5C,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,mBAAmB;QAC7B,WAAW,EACT,uGAAuG;QACzG,MAAM,EAAE,UAAU,CAAC,uBAAuB,CAAC;KAC5C;IAED,2BAA2B;IAC3B;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,sBAAsB;QAC5B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,YAAY;QACtB,WAAW,EACT,6FAA6F;QAC/F,MAAM,EAAE,UAAU,CAAC,wBAAwB,CAAC;KAC7C;IAED,qCAAqC;IACrC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,aAAa;QACvB,WAAW,EACT,2HAA2H;QAC7H,MAAM,EAAE,UAAU,CAAC,4BAA4B,CAAC;KACjD;IAED,mCAAmC;IACnC;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,uBAAuB;QAC7B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,MAAM;QAChB,WAAW,EACT,+EAA+E;QACjF,MAAM,EAAE,UAAU,CAAC,0BAA0B,CAAC;KAC/C;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,8BAA8B;QACpC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,MAAM;QAChB,WAAW,EACT,qGAAqG;QACvG,MAAM,EAAE,UAAU,CAAC,qBAAqB,CAAC;KAC1C;IAED,wBAAwB;IACxB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,oBAAoB;QAC1B,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EACT,sEAAsE;QACxE,MAAM,EAAE,UAAU,CAAC,eAAe,CAAC;KACpC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,wBAAwB;QAC9B,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,QAAQ;QAClB,WAAW,EACT,mGAAmG;QACrG,MAAM,EAAE,UAAU,CAAC,mBAAmB,CAAC;KACxC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,QAAQ;QAClB,QAAQ,EAAE,QAAQ;QAClB,WAAW,EACT,4FAA4F;QAC9F,MAAM,EAAE,UAAU,CAAC,uBAAuB,CAAC;KAC5C;IAED,uBAAuB;IACvB;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,QAAQ,EAAE,cAAc;QACxB,WAAW,EACT,sEAAsE;QACxE,MAAM,EAAE,CAAC,IAAqB,EAAa,EAAE;YAC3C,uEAAuE;YACvE,wCAAwC;YACxC,OAAO,EAAE,CAAC;QACZ,CAAC;KACF;CACF,CAAC"}

package/dist/rules/injection.d.ts

@@ -0,0 +1,5 @@
+import type { AnalysisContext, Finding } from "../analyzers/types.js";
+export declare function detectCommandInjection(context: AnalysisContext): Finding[];
+export declare function detectSqlInjection(context: AnalysisContext): Finding[];
+export declare function detectPathTraversal(context: AnalysisContext): Finding[];
+//# sourceMappingURL=injection.d.ts.map

package/dist/rules/injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection.d.ts","sourceRoot":"","sources":["../../src/rules/injection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAkHtE,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,EAAE,CA6C1E;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,EAAE,CAkCtE;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,EAAE,CAwCvE"}