npm - @sparrowai/sparrow-mcp - Versions diffs - 1.0.10 → 1.1.0 - Mend

@sparrowai/sparrow-mcp 1.0.10 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/.agent/skills/README.md +67 -0
package/.agent/skills/sparrow-comprehensive-security/SKILL.md +141 -0
package/.agent/skills/sparrow-fix-vulnerabilities/SKILL.md +101 -0
package/.agent/skills/sparrow-full-audit/SKILL.md +103 -0
package/.agent/skills/sparrow-mcp-test/SKILL.md +199 -0
package/.agent/skills/sparrow-quick-scan/SKILL.md +91 -0
package/.agent/skills/sparrow-sca-check/SKILL.md +126 -0
package/README.md +65 -0
package/bin/sparrow-mcp-test.cjs +29 -0
package/dist/.tsbuildinfo +1 -1
package/dist/scripts/mcp-test/mcp-client.d.ts +39 -0
package/dist/scripts/mcp-test/mcp-client.js +151 -0
package/dist/scripts/test-runner/standalone-test.d.ts +1 -0
package/dist/scripts/test-runner/standalone-test.js +284 -0
package/dist/src/config/appConfig.js +82 -0
package/dist/src/config/constants.d.ts +45 -0
package/dist/src/config/constants.js +26 -0
package/dist/src/controllers/__tests__/analysis.controller.test.d.ts +1 -0
package/dist/src/controllers/__tests__/analysis.controller.test.js +202 -0
package/dist/src/controllers/__tests__/sast.controller.test.d.ts +1 -0
package/dist/src/controllers/__tests__/sast.controller.test.js +126 -0
package/dist/src/controllers/__tests__/sca.controller.test.d.ts +1 -0
package/dist/src/controllers/__tests__/sca.controller.test.js +120 -0
package/dist/src/controllers/__tests__/security.controller.test.d.ts +1 -0
package/dist/src/controllers/__tests__/security.controller.test.js +59 -0
package/dist/src/controllers/__tests__/system.controller.test.d.ts +1 -0
package/dist/src/controllers/__tests__/system.controller.test.js +19 -0
package/dist/src/controllers/analysis.controller.d.ts +150 -0
package/dist/src/controllers/analysis.controller.js +440 -0
package/dist/src/controllers/sast.controller.d.ts +109 -0
package/dist/src/controllers/sast.controller.js +169 -0
package/dist/src/controllers/sca.controller.d.ts +119 -0
package/dist/src/controllers/sca.controller.js +180 -0
package/dist/src/controllers/security.controller.d.ts +30 -0
package/dist/src/controllers/security.controller.js +63 -0
package/dist/src/controllers/system.controller.d.ts +2 -0
package/dist/src/controllers/system.controller.js +2 -0
package/dist/src/schemas/tool.schemas.d.ts +51 -0
package/dist/src/schemas/tool.schemas.js +58 -0
package/dist/src/server.js +152 -0
package/dist/src/services/__tests__/checker.service.test.d.ts +1 -0
package/dist/src/services/__tests__/checker.service.test.js +83 -0
package/dist/src/services/__tests__/llm.service.test.d.ts +1 -0
package/dist/src/services/__tests__/llm.service.test.js +83 -0
package/dist/src/services/__tests__/s3.service.test.d.ts +1 -0
package/dist/src/services/__tests__/s3.service.test.js +77 -0
package/dist/src/services/__tests__/sparrow.service.test.d.ts +1 -0
package/dist/src/services/__tests__/sparrow.service.test.js +66 -0
package/dist/src/services/analysis.service.d.ts +113 -0
package/dist/src/services/analysis.service.js +790 -0
package/dist/src/services/checker.service.d.ts +70 -0
package/dist/src/services/checker.service.js +242 -0
package/dist/src/services/llm/AnthropicProvider.d.ts +7 -0
package/dist/src/services/llm/AnthropicProvider.js +20 -0
package/dist/src/services/llm/BedrockProvider.d.ts +7 -0
package/dist/src/services/llm/BedrockProvider.js +48 -0
package/dist/src/services/llm/GeminiProvider.d.ts +7 -0
package/dist/src/services/llm/GeminiProvider.js +15 -0
package/dist/src/services/llm/LLMFactory.d.ts +4 -0
package/dist/src/services/llm/LLMFactory.js +33 -0
package/dist/src/services/llm/LLMProvider.d.ts +3 -0
package/dist/src/services/llm/LLMProvider.js +1 -0
package/dist/src/services/llm/OllamaProvider.d.ts +7 -0
package/dist/src/services/llm/OllamaProvider.js +35 -0
package/dist/src/services/llm/OpenAIProvider.d.ts +7 -0
package/dist/src/services/llm/OpenAIProvider.js +16 -0
package/dist/{services → src/services}/llm.service.d.ts +1 -2
package/dist/src/services/llm.service.js +128 -0
package/dist/{services → src/services}/s3.service.d.ts +2 -0
package/dist/src/services/s3.service.js +891 -0
package/dist/{services → src/services}/sparrow.service.d.ts +7 -0
package/dist/src/services/sparrow.service.js +351 -0
package/dist/{types → src/types}/types.d.ts +97 -0
package/dist/src/types/types.js +1 -0
package/dist/src/utils/__tests__/crypto.util.test.d.ts +1 -0
package/dist/src/utils/__tests__/crypto.util.test.js +52 -0
package/dist/src/utils/__tests__/diff.util.test.d.ts +1 -0
package/dist/src/utils/__tests__/diff.util.test.js +60 -0
package/dist/src/utils/__tests__/fileManager.test.d.ts +1 -0
package/dist/src/utils/__tests__/fileManager.test.js +53 -0
package/dist/src/utils/__tests__/fileManagerSecure.test.d.ts +1 -0
package/dist/src/utils/__tests__/fileManagerSecure.test.js +51 -0
package/dist/src/utils/__tests__/logger.test.d.ts +1 -0
package/dist/src/utils/__tests__/logger.test.js +51 -0
package/dist/src/utils/crypto.util.js +59 -0
package/dist/src/utils/diff.util.js +113 -0
package/dist/src/utils/fileManager.d.ts +19 -0
package/dist/src/utils/fileManager.js +34 -0
package/dist/src/utils/fileManagerSecure.d.ts +20 -0
package/dist/src/utils/fileManagerSecure.js +42 -0
package/dist/src/utils/logger.js +56 -0
package/package.json +26 -7
package/test-cases-example.md +97 -0
package/dist/config/appConfig.js +0 -1
package/dist/server.js +0 -2
package/dist/services/analysis.service.d.ts +0 -52
package/dist/services/analysis.service.js +0 -1
package/dist/services/llm.service.js +0 -1
package/dist/services/s3.service.js +0 -1
package/dist/services/sparrow.service.js +0 -1
package/dist/types/types.js +0 -1
package/dist/utils/crypto.util.js +0 -1
package/dist/utils/diff.util.js +0 -1
package/dist/utils/logger.js +0 -1
/package/dist/{config → src/config}/appConfig.d.ts +0 -0
/package/dist/{server.d.ts → src/server.d.ts} +0 -0
/package/dist/{utils → src/utils}/crypto.util.d.ts +0 -0
/package/dist/{utils → src/utils}/diff.util.d.ts +0 -0
/package/dist/{utils → src/utils}/logger.d.ts +0 -0

package/.agent/skills/sparrow-sca-check/SKILL.md ADDED Viewed

@@ -0,0 +1,126 @@
+---
+name: sparrow-sca-check
+description: 오픈소스 라이브러리의 취약점 및 라이선스 이슈를 검사합니다
+---
+# Sparrow SCA Check
+프로젝트의 오픈소스 의존성을 분석하여 취약한 라이브러리와 라이선스 이슈를 찾습니다.
+## 사용 시나리오
+사용자가 다음과 같이 요청할 때 이 skill을 적용하세요:
+- "package.json 라이브러리 취약점 있어?"
+- "오픈소스 보안 점검해줘"
+- "의존성 보안 검사해줘"
+- "라이선스 이슈 확인해줘"
+- "SCA 분석해줘"
+## 지원 파일 형식
+| 패키지 관리자 | 파일명 |
+|--------------|--------|
+| npm/Node.js | package.json, package-lock.json |
+| Maven/Java | pom.xml |
+| Gradle | build.gradle |
+| Python | requirements.txt, Pipfile |
+| .NET | *.csproj, packages.config |
+## 실행 단계
+### 단일 파일 분석
+#### 1단계: SCA 분석 시작
+```
+도구: analyze_file_sca
+입력:
+  - filePath: 의존성 파일 경로 (예: "package.json")
+출력: analysisId
+```
+### 폴더 전체 분석
+#### 1단계: 폴더 SCA 분석 시작
+```
+도구: analyze_folder_sca
+입력:
+  - folderPath: 프로젝트 경로
+출력: analysisId
+```
+### 공통 단계
+#### 2단계: 진행률 추적
+```
+도구: track_analysis_progress
+입력:
+  - analysisId: 분석 ID
+  - maxWaitMs: 120000 (2분)
+출력: 완료 상태
+```
+#### 3단계: SCA 결과 조회
+```
+도구: get_sca_analysis_results
+입력:
+  - analysisId: 분석 ID
+출력: 컴포넌트 목록, 취약점, 라이선스 정보
+```
+## 결과 보고 형식
+```markdown
+# 📦 오픈소스 보안 점검 결과
+## 요약
+| 항목 | 수치 |
+|------|------|
+| 검사된 컴포넌트 | N개 |
+| 취약점 발견 | N개 |
+| Critical | N개 |
+| High | N개 |
+## 🚨 취약한 라이브러리
+### 1. lodash@4.17.15
+- **취약점**: CVE-2021-23337 (CVSS: 7.2)
+- **심각도**: High
+- **설명**: Prototype Pollution 취약점
+- **권장 조치**: `4.17.21` 이상으로 업데이트
+### 2. express@4.16.0
+- **취약점**: CVE-2022-24999 (CVSS: 5.3)
+- **심각도**: Medium
+- **권장 조치**: `4.18.2` 이상으로 업데이트
+## 📋 라이선스 현황
+| 라이브러리 | 버전 | 라이선스 |
+|-----------|------|---------|
+| react | 18.2.0 | MIT |
+| lodash | 4.17.15 | MIT |
+## ✅ 권장 조치
+```bash
+# Critical/High 취약점 해결
+npm update lodash
+npm update express
+# 또는 특정 버전으로 업그레이드
+npm install lodash@4.17.21
+```
+```
+## 🌐 언어 정책 (Language Policy)
+- 결과 언어는 사용자가 입력한 프롬프트의 언어를 따릅니다.
+- 모든 출력 및 보고서는 사용자의 언어로 표시하여 가독성을 높입니다.
+## 추가 안내
+SCA 분석은 코드 자체가 아닌 **의존성 라이브러리**를 분석합니다.
+- SAST: 작성한 코드의 취약점 (SQL Injection, XSS 등)
+- SCA: 사용하는 라이브러리의 알려진 취약점 (CVE)
+두 가지를 함께 수행하면 더 완벽한 보안 점검이 가능합니다.

package/README.md CHANGED Viewed

@@ -176,6 +176,71 @@ To verify that the MCP server is connected:
 2. Check the MCP server status in the status bar or settings
 3. Try using one of the MCP tools (see Usage section below)
+## 🧪 Testing Installed MCP Server
+The Sparrow MCP package includes an automated Inspector tool that tests all MCP server functionality and generates detailed reports.
+### Quick Start
+```bash
+# Test local development server
+npm run inspector:local
+# Test installed NPM package
+npm run inspector:npm
+```
+### Inspector Features
+- ✅ **Automated Testing**: Tests all MCP tools automatically
+- 📊 **Visual Reports**: Generates HTML reports with test results
+- 🔍 **Detailed Analysis**: Shows success/failure reasons for each test
+- 🚀 **Easy Integration**: Single command execution
+### Command Options
+```bash
+# Basic usage
+npm run inspector -- --target <local|npm> [options]
+# Options:
+#   --target <type>      Test target (local or npm)
+#   --output <format>    Output format (console, html, json, all)
+#   --api-key <key>      Sparrow API key
+#   --suite <name>       Run specific test suite only
+#   --help               Show help
+# Examples:
+npm run inspector -- --target local --output html
+npm run inspector -- --target npm --api-key YOUR_KEY --output all
+npm run inspector -- --target local --suite basic
+```
+### Test Suites
+| Suite | Description | Tests |
+|-------|-------------|-------|
+| `basic` | Basic connection tests | 3 |
+| `validation` | Input validation tests | 5 |
+| `sast` | SAST analysis tests | 8 |
+| `error` | Error handling tests | 4 |
+| `workflow` | Workflow integration tests | 3 |
+| `track` | Progress tracking tests | 2 |
+### Output Reports
+After running tests, reports are generated in the `test-results/` directory:
+- **HTML Report**: `test-results/inspector-report.html` - Visual report for browser viewing
+- **JSON Report**: `test-results/inspector-report.json` - Machine-readable format for CI/CD
+### Documentation
+For detailed usage instructions, see:
+- [Inspector Guide (한글)](docs/INSPECTOR_GUIDE_KO.md) - Complete usage guide in Korean
+- [Changes Documentation (한글)](docs/INSPECTOR_CHANGES_KO.md) - Detailed change log in Korean
 ## 🚀 Usage
 ### Available MCP Tools

package/bin/sparrow-mcp-test.cjs ADDED Viewed

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+/**
+ * Sparrow MCP Test - CLI 진입점
+ *
+ * NPM 패키지로 설치된 후 `sparrow-mcp-test` 명령어로 실행됩니다.
+ * 독립형 테스트 러너를 실행하여 MCP 서버를 자동으로 테스트합니다.
+ */
+const path = require('path');
+const { spawn } = require('child_process');
+// NPM 패키지 내부의 테스트 스크립트 경로
+const testScript = path.join(__dirname, '..', 'dist', 'scripts', 'test-runner', 'standalone-test.js');
+// Node.js로 테스트 스크립트 실행
+const nodeProcess = spawn('node', [testScript, ...process.argv.slice(2)], {
+    stdio: 'inherit',
+    shell: process.platform === 'win32'
+});
+nodeProcess.on('error', (err) => {
+    console.error('Failed to start test runner:', err.message);
+    process.exit(1);
+});
+nodeProcess.on('exit', (code) => {
+    process.exit(code || 0);
+});