@studiomeyer/mcp-video 1.0.2 → 1.0.3

package/dist/lib/sanitize-tool-paths.test.js

@@ -0,0 +1,134 @@
+import { describe, it, expect } from 'vitest';
+import { sanitizeToolPaths } from './sanitize-tool-paths.js';
+/**
+ * Each block pairs an "attack blocked" case with a "benign allowed" case, per
+ * the field shape the tool uses. `sanitizeToolPaths` throws on the first
+ * offending path and is a silent no-op otherwise.
+ */
+describe('sanitize-tool-paths — scalar path fields', () => {
+    it('blocks a leading-dash outputPath (flag injection)', () => {
+        expect(() => sanitizeToolPaths('crop_video', { inputPath: 'in.mp4', outputPath: '-y' })).toThrow(/outputPath.*flag/);
+    });
+    it('blocks a leading-dash inputPath', () => {
+        expect(() => sanitizeToolPaths('adjust_video_speed', { inputPath: '-i', outputPath: 'out.mp4' })).toThrow(/inputPath.*flag/);
+    });
+    it('blocks a NUL byte in a path', () => {
+        expect(() => sanitizeToolPaths('extract_audio', { inputPath: 'a.mp4\0-i', outputPath: 'b.mp3' })).toThrow(/null byte/);
+    });
+    it('allows ordinary input/output paths', () => {
+        expect(() => sanitizeToolPaths('apply_color_grade', {
+            inputPath: '/home/user/clip.mp4',
+            outputPath: 'relative/out.mp4',
+        })).not.toThrow();
+    });
+    it('skips omitted optional paths (unchanged benign behaviour)', () => {
+        // outputPath is optional for many tools — undefined must not throw.
+        expect(() => sanitizeToolPaths('extract_audio', { inputPath: 'a.mp4' })).not.toThrow();
+    });
+    it('validates every scalar field declared for a tool', () => {
+        expect(() => sanitizeToolPaths('burn_subtitles', {
+            inputPath: 'in.mp4',
+            outputPath: 'out.mp4',
+            subtitlePath: '-attach',
+        })).toThrow(/subtitlePath.*flag/);
+    });
+});
+describe('sanitize-tool-paths — string-array path fields (sync_to_beat clips)', () => {
+    it('blocks a malicious entry inside the clips array', () => {
+        expect(() => sanitizeToolPaths('sync_to_beat', {
+            audioPath: 'beat.mp3',
+            outputPath: 'out.mp4',
+            clips: ['ok1.mp4', '-f', 'ok2.mp4'],
+        })).toThrow(/clips\[1\].*flag/);
+    });
+    it('allows a clean clips array', () => {
+        expect(() => sanitizeToolPaths('sync_to_beat', {
+            audioPath: 'beat.mp3',
+            outputPath: 'out.mp4',
+            clips: ['a.mp4', 'b.mp4'],
+        })).not.toThrow();
+    });
+});
+describe('sanitize-tool-paths — object-array path fields (concat clips / mixer tracks)', () => {
+    it('blocks a malicious clip path in concatenate_videos', () => {
+        expect(() => sanitizeToolPaths('concatenate_videos', {
+            outputPath: 'out.mp4',
+            clips: [{ path: 'good.mp4' }, { path: '-i' }],
+        })).toThrow(/clips\[1\]\.path.*flag/);
+    });
+    it('blocks a malicious track path in mix_audio_tracks', () => {
+        expect(() => sanitizeToolPaths('mix_audio_tracks', {
+            outputPath: 'out.aac',
+            tracks: [{ path: 'voice.mp3' }, { path: '-protocol_whitelist' }],
+        })).toThrow(/tracks\[1\]\.path.*flag/);
+    });
+    it('allows clean object-array paths', () => {
+        expect(() => sanitizeToolPaths('concatenate_videos', {
+            outputPath: 'out.mp4',
+            clips: [{ path: 'a.mp4', trimStart: 1 }, { path: 'b.mp4' }],
+        })).not.toThrow();
+    });
+});
+describe('sanitize-tool-paths — record path fields (render_template clips)', () => {
+    it('blocks a malicious value in the clips record', () => {
+        expect(() => sanitizeToolPaths('render_template', {
+            templateId: 'social-reel',
+            outputPath: 'out.mp4',
+            clips: { intro: 'good.mp4', main: '-y' },
+        })).toThrow(/clips\.main.*flag/);
+    });
+    it('allows a clean clips record', () => {
+        expect(() => sanitizeToolPaths('render_template', {
+            templateId: 'social-reel',
+            outputPath: 'out.mp4',
+            clips: { intro: 'a.mp4', main: 'b.mp4' },
+        })).not.toThrow();
+    });
+});
+describe('sanitize-tool-paths — chroma-key background (path OR hex colour)', () => {
+    it('blocks a leading-dash background path', () => {
+        expect(() => sanitizeToolPaths('apply_chroma_key', {
+            inputPath: 'in.mp4',
+            outputPath: 'out.mp4',
+            background: '-f',
+        })).toThrow(/background.*flag/);
+    });
+    it('allows a bare 6-digit hex colour as background', () => {
+        for (const hex of ['00FF00', '#0000FF', '0x000000']) {
+            expect(() => sanitizeToolPaths('apply_chroma_key', {
+                inputPath: 'in.mp4',
+                outputPath: 'out.mp4',
+                background: hex,
+            })).not.toThrow();
+        }
+    });
+    it('allows a real background file path', () => {
+        expect(() => sanitizeToolPaths('apply_chroma_key', {
+            inputPath: 'in.mp4',
+            outputPath: 'out.mp4',
+            background: 'backgrounds/beach.png',
+        })).not.toThrow();
+    });
+});
+describe('sanitize-tool-paths — registry boundaries', () => {
+    it('is a no-op for tools without path fields', () => {
+        expect(() => sanitizeToolPaths('list_voices', {})).not.toThrow();
+        expect(() => sanitizeToolPaths('list_video_templates', { category: 'promo' })).not.toThrow();
+    });
+    it('is a no-op for unknown tools', () => {
+        expect(() => sanitizeToolPaths('nonexistent_tool', { outputPath: '-y' })).not.toThrow();
+    });
+    it('tolerates non-object args', () => {
+        expect(() => sanitizeToolPaths('crop_video', null)).not.toThrow();
+        expect(() => sanitizeToolPaths('crop_video', undefined)).not.toThrow();
+        expect(() => sanitizeToolPaths('crop_video', 'not-an-object')).not.toThrow();
+    });
+    it('ignores malformed array entries instead of crashing', () => {
+        // objectArray entries that are not objects-with-path are skipped.
+        expect(() => sanitizeToolPaths('concatenate_videos', {
+            outputPath: 'out.mp4',
+            clips: [null, 'string-entry', { noPath: true }],
+        })).not.toThrow();
+    });
+});
+//# sourceMappingURL=sanitize-tool-paths.test.js.map

package/dist/lib/sanitize-tool-paths.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize-tool-paths.test.js","sourceRoot":"","sources":["../../src/lib/sanitize-tool-paths.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,QAAQ,CAAC,0CAA0C,EAAE,GAAG,EAAE;IACxD,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAC3E,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,oBAAoB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CACpF,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC,CACpF,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,mBAAmB,EAAE;YACrC,SAAS,EAAE,qBAAqB;YAChC,UAAU,EAAE,kBAAkB;SAC/B,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,oEAAoE;QACpE,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,gBAAgB,EAAE;YAClC,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,SAAS;YACrB,YAAY,EAAE,SAAS;SACxB,CAAC,CACH,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qEAAqE,EAAE,GAAG,EAAE;IACnF,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,cAAc,EAAE;YAChC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,SAAS,CAAC;SACpC,CAAC,CACH,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,cAAc,EAAE;YAChC,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC;SAC1B,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,8EAA8E,EAAE,GAAG,EAAE;IAC5F,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,oBAAoB,EAAE;YACtC,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;SAC9C,CAAC,CACH,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,kBAAkB,EAAE;YACpC,UAAU,EAAE,SAAS;YACrB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC;SACjE,CAAC,CACH,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,oBAAoB,EAAE;YACtC,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;SAC5D,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kEAAkE,EAAE,GAAG,EAAE;IAChF,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,iBAAiB,EAAE;YACnC,UAAU,EAAE,aAAa;YACzB,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE;SACzC,CAAC,CACH,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,iBAAiB,EAAE;YACnC,UAAU,EAAE,aAAa;YACzB,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE;SACzC,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kEAAkE,EAAE,GAAG,EAAE;IAChF,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,kBAAkB,EAAE;YACpC,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,IAAI;SACjB,CAAC,CACH,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,KAAK,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC;YACpD,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,kBAAkB,EAAE;gBACpC,SAAS,EAAE,QAAQ;gBACnB,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,GAAG;aAChB,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,kBAAkB,EAAE;YACpC,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,uBAAuB;SACpC,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACzD,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACjE,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAC/F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,kBAAkB,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QAClE,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;QACvE,MAAM,CAAC,GAAG,EAAE,CAAC,iBAAiB,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,kEAAkE;QAClE,MAAM,CAAC,GAAG,EAAE,CACV,iBAAiB,CAAC,oBAAoB,EAAE;YACtC,UAAU,EAAE,SAAS;YACrB,KAAK,EAAE,CAAC,IAAI,EAAE,cAAc,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;SAChD,CAAC,CACH,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/lib/url-guard-resolve.test.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Tests for the async, DNS-resolving URL guard `resolveAndGuardUrl`.
+ *
+ * This is the strong SSRF check now used by every URL-taking handler
+ * (record_website_*, create_narrated_video, screenshot_element,
+ * detect_page_features). Where the sync `guardUrl` only inspects the literal
+ * host, this one resolves the hostname and rejects when it points at a
+ * loopback / RFC1918 / cloud-metadata address — the classic DNS-rebinding
+ * bypass. `node:dns/promises.lookup` is mocked so the suite is hermetic and
+ * never hits the network.
+ */
+export {};

package/dist/lib/url-guard-resolve.test.js

@@ -0,0 +1,106 @@
+/**
+ * Tests for the async, DNS-resolving URL guard `resolveAndGuardUrl`.
+ *
+ * This is the strong SSRF check now used by every URL-taking handler
+ * (record_website_*, create_narrated_video, screenshot_element,
+ * detect_page_features). Where the sync `guardUrl` only inspects the literal
+ * host, this one resolves the hostname and rejects when it points at a
+ * loopback / RFC1918 / cloud-metadata address — the classic DNS-rebinding
+ * bypass. `node:dns/promises.lookup` is mocked so the suite is hermetic and
+ * never hits the network.
+ */
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+const lookupMock = vi.hoisted(() => vi.fn());
+vi.mock('node:dns/promises', () => ({ lookup: lookupMock }));
+// Import AFTER the mock so the binding is the mock.
+import { resolveAndGuardUrl } from './url-guard.js';
+const ORIGINAL_ALLOW_INTERNAL = process.env.MCP_VIDEO_ALLOW_INTERNAL;
+beforeEach(() => {
+    lookupMock.mockReset();
+    delete process.env.MCP_VIDEO_ALLOW_INTERNAL;
+});
+afterEach(() => {
+    if (ORIGINAL_ALLOW_INTERNAL === undefined)
+        delete process.env.MCP_VIDEO_ALLOW_INTERNAL;
+    else
+        process.env.MCP_VIDEO_ALLOW_INTERNAL = ORIGINAL_ALLOW_INTERNAL;
+});
+describe('resolveAndGuardUrl — DNS-rebinding defense', () => {
+    it('blocks a public hostname that resolves to a loopback address', async () => {
+        lookupMock.mockResolvedValueOnce([{ address: '127.0.0.1', family: 4 }]);
+        const res = await resolveAndGuardUrl('https://rebind.evil.example/');
+        expect(res.ok).toBe(false);
+        if (!res.ok)
+            expect(res.reason).toMatch(/resolves to private address 127\.0\.0\.1/);
+    });
+    it('blocks a hostname resolving to the cloud-metadata IP (169.254.169.254)', async () => {
+        lookupMock.mockResolvedValueOnce([{ address: '169.254.169.254', family: 4 }]);
+        const res = await resolveAndGuardUrl('https://metadata.evil.example/');
+        expect(res.ok).toBe(false);
+        if (!res.ok)
+            expect(res.reason).toMatch(/169\.254\.169\.254/);
+    });
+    it('blocks when ANY resolved address is internal (multi-A record)', async () => {
+        lookupMock.mockResolvedValueOnce([
+            { address: '93.184.216.34', family: 4 }, // public
+            { address: '10.0.0.5', family: 4 }, // private — must trip the guard
+        ]);
+        const res = await resolveAndGuardUrl('https://mixed.evil.example/');
+        expect(res.ok).toBe(false);
+        if (!res.ok)
+            expect(res.reason).toMatch(/10\.0\.0\.5/);
+    });
+    it('blocks an internal IPv6 resolution (unique-local fc00::/7)', async () => {
+        lookupMock.mockResolvedValueOnce([{ address: 'fc00::1', family: 6 }]);
+        const res = await resolveAndGuardUrl('https://v6.evil.example/');
+        expect(res.ok).toBe(false);
+    });
+    it('allows a hostname that resolves to a public address', async () => {
+        lookupMock.mockResolvedValueOnce([{ address: '93.184.216.34', family: 4 }]);
+        const res = await resolveAndGuardUrl('https://example.com/page');
+        expect(res.ok).toBe(true);
+        if (res.ok)
+            expect(res.url).toContain('example.com');
+    });
+    it('returns a clean failure when DNS resolution itself fails', async () => {
+        lookupMock.mockRejectedValueOnce(new Error('ENOTFOUND'));
+        const res = await resolveAndGuardUrl('https://nxdomain.invalid/');
+        expect(res.ok).toBe(false);
+        if (!res.ok)
+            expect(res.reason).toMatch(/DNS lookup failed/);
+    });
+});
+describe('resolveAndGuardUrl — short-circuits (no DNS call)', () => {
+    it('rejects a non-http scheme before any lookup', async () => {
+        const res = await resolveAndGuardUrl('file:///etc/passwd');
+        expect(res.ok).toBe(false);
+        expect(lookupMock).not.toHaveBeenCalled();
+    });
+    it('rejects a literal internal IP via the sync layer (no lookup needed)', async () => {
+        const res = await resolveAndGuardUrl('http://127.0.0.1/');
+        expect(res.ok).toBe(false);
+        expect(lookupMock).not.toHaveBeenCalled();
+    });
+    it('does not resolve a literal public IPv4 (already host-checked)', async () => {
+        const res = await resolveAndGuardUrl('https://93.184.216.34/');
+        expect(res.ok).toBe(true);
+        expect(lookupMock).not.toHaveBeenCalled();
+    });
+    it('does not resolve a literal IPv6 host', async () => {
+        const res = await resolveAndGuardUrl('https://[2606:2800:220:1:248:1893:25c8:1946]/');
+        expect(res.ok).toBe(true);
+        expect(lookupMock).not.toHaveBeenCalled();
+    });
+    it('skips DNS entirely when MCP_VIDEO_ALLOW_INTERNAL=1', async () => {
+        process.env.MCP_VIDEO_ALLOW_INTERNAL = '1';
+        const res = await resolveAndGuardUrl('https://internal.dev.example/');
+        expect(res.ok).toBe(true);
+        expect(lookupMock).not.toHaveBeenCalled();
+    });
+    it('rejects a non-string input without resolving', async () => {
+        const res = await resolveAndGuardUrl(undefined);
+        expect(res.ok).toBe(false);
+        expect(lookupMock).not.toHaveBeenCalled();
+    });
+});
+//# sourceMappingURL=url-guard-resolve.test.js.map

package/dist/lib/url-guard-resolve.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-guard-resolve.test.js","sourceRoot":"","sources":["../../src/lib/url-guard-resolve.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAEzE,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;AAE7C,EAAE,CAAC,IAAI,CAAC,mBAAmB,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AAE7D,oDAAoD;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpD,MAAM,uBAAuB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;AAErE,UAAU,CAAC,GAAG,EAAE;IACd,UAAU,CAAC,SAAS,EAAE,CAAC;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;AAC9C,CAAC,CAAC,CAAC;AACH,SAAS,CAAC,GAAG,EAAE;IACb,IAAI,uBAAuB,KAAK,SAAS;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC;;QAClF,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,uBAAuB,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,4CAA4C,EAAE,GAAG,EAAE;IAC1D,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,UAAU,CAAC,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,8BAA8B,CAAC,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,0CAA0C,CAAC,CAAC;IACtF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,UAAU,CAAC,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9E,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,gCAAgC,CAAC,CAAC;QACvE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,UAAU,CAAC,qBAAqB,CAAC;YAC/B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,SAAS;YAClD,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,EAAE,EAAE,gCAAgC;SACrE,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;QACpE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,UAAU,CAAC,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACtE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,0BAA0B,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,UAAU,CAAC,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5E,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,0BAA0B,CAAC,CAAC;QACjE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,IAAI,GAAG,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,UAAU,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,2BAA2B,CAAC,CAAC;QAClE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mDAAmD,EAAE,GAAG,EAAE;IACjE,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;QAC3D,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QAC1D,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;QAC7E,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,wBAAwB,CAAC,CAAC;QAC/D,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,+CAA+C,CAAC,CAAC;QACtF,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,GAAG,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,+BAA+B,CAAC,CAAC;QACtE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@studiomeyer/mcp-video",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "mcpName": "io.studiomeyer/video",
-  "description": "Cinema-grade video production MCP server \u2014 8 tools for recording, editing, effects, captions, TTS, and smart screenshots. Zero-config, works with any MCP client.",
+  "description": "Cinema-grade video production MCP server — 8 tools for recording, editing, effects, captions, TTS, and smart screenshots. Zero-config, works with any MCP client.",
   "type": "module",
   "main": "dist/server.js",
   "bin": {
@@ -54,4 +54,4 @@
     "typescript": "^5.3.0",
     "vitest": "^1.6.0"
   }
-}
+}

package/src/handlers/dispatch.test.ts

@@ -0,0 +1,55 @@
+import { describe, it, expect, vi } from 'vitest';
+
+// Logger writes to stderr; silence it so test output stays clean.
+vi.mock('../lib/logger.js', () => ({
+  logger: { info: vi.fn(), logError: vi.fn(), warn: vi.fn(), error: vi.fn(), debug: vi.fn() },
+}));
+
+import { handleToolCall } from './index.js';
+
+function parse(res: { content: Array<{ text: string }> }): Record<string, unknown> {
+  return JSON.parse(res.content[0].text) as Record<string, unknown>;
+}
+
+describe('handleToolCall — path-injection choke point', () => {
+  it('blocks a flag-injection outputPath before reaching the engine', async () => {
+    const res = await handleToolCall('crop_video', {
+      inputPath: 'in.mp4',
+      outputPath: '-y',
+      width: 100,
+      height: 100,
+    });
+    expect(res.isError).toBe(true);
+    const body = parse(res);
+    expect(String(body.error)).toMatch(/outputPath.*flag/);
+  });
+
+  it('blocks a flag-injection clip path in concatenate_videos', async () => {
+    const res = await handleToolCall('concatenate_videos', {
+      outputPath: 'out.mp4',
+      clips: [{ path: 'a.mp4' }, { path: '-protocol_whitelist' }],
+    });
+    expect(res.isError).toBe(true);
+    expect(String(parse(res).error)).toMatch(/clips\[1\]\.path.*flag/);
+  });
+
+  it('returns a structured error (never throws) for an unknown tool', async () => {
+    const res = await handleToolCall('does_not_exist', { outputPath: '-y' });
+    expect(res.isError).toBe(true);
+    expect(res.content[0].text).toContain('Unknown tool');
+  });
+
+  it('lets benign args pass the choke point (failure, if any, is not flag-injection)', async () => {
+    // No ffmpeg binary in this environment, so the engine will fail at
+    // assertExists/spawn — but crucially NOT with a flag-injection error,
+    // which proves sanitizeToolPaths did not false-positive on a valid path.
+    const res = await handleToolCall('crop_video', {
+      inputPath: 'definitely-missing-input.mp4',
+      outputPath: 'out.mp4',
+      width: 100,
+      height: 100,
+    });
+    expect(res.isError).toBe(true);
+    expect(String(parse(res).error)).not.toMatch(/flag/);
+  });
+});

package/src/handlers/index.ts

@@ -1,5 +1,6 @@
 import { type ToolHandler, type ToolResponse } from '../lib/types.js';
 import { logger } from '../lib/logger.js';
+import { sanitizeToolPaths } from '../lib/sanitize-tool-paths.js';
 import { videoHandlers } from './video.js';
 import { postProductionHandlers } from './post-production.js';
 import { ttsHandlers } from './tts.js';
@@ -22,6 +23,10 @@ export async function handleToolCall(name: string, args: unknown): Promise<ToolR
     return { content: [{ type: 'text', text: `Unknown tool: ${name}` }], isError: true };
   }
   try {
+    // Choke point: reject flag-injection / NUL-byte path arguments before any
+    // handler can forward them to ffmpeg/ffprobe. No-op for tools that take no
+    // path args. See lib/sanitize-tool-paths.ts for the threat model.
+    sanitizeToolPaths(name, args);
     return await handler(args);
   } catch (error) {
     logger.logError('Tool execution failed', error, { tool: name });

package/src/handlers/smart-screenshot.ts

@@ -6,7 +6,7 @@ import { jsonResponse, type ToolHandler } from '../lib/types.js';
 import { logger } from '../lib/logger.js';
 import { smartScreenshot } from '../tools/engine/smart-screenshot.js';
 import type { SmartScreenshotConfig, SmartTarget } from '../tools/engine/smart-screenshot.js';
-import { guardUrl } from '../lib/url-guard.js';
+import { resolveAndGuardUrl } from '../lib/url-guard.js';
 
 export const smartScreenshotHandlers: Record<string, ToolHandler> = {
   /**
@@ -14,7 +14,7 @@ export const smartScreenshotHandlers: Record<string, ToolHandler> = {
    */
   screenshot_element: async (args) => {
     try {
-      const guard = guardUrl(args.url);
+      const guard = await resolveAndGuardUrl(args.url);
       if (!guard.ok) return jsonResponse({ success: false, error: guard.reason }, true);
       const config: SmartScreenshotConfig = {
         url: guard.url,
@@ -40,7 +40,7 @@ export const smartScreenshotHandlers: Record<string, ToolHandler> = {
    */
   detect_page_features: async (args) => {
     try {
-      const guard = guardUrl(args.url);
+      const guard = await resolveAndGuardUrl(args.url);
       if (!guard.ok) return jsonResponse({ success: false, error: guard.reason }, true);
       const config: SmartScreenshotConfig = {
         url: guard.url,

package/src/handlers/tts.ts

@@ -4,7 +4,7 @@
 
 import { jsonResponse, type ToolHandler } from '../lib/types.js';
 import { logger } from '../lib/logger.js';
-import { guardUrl } from '../lib/url-guard.js';
+import { resolveAndGuardUrl } from '../lib/url-guard.js';
 import {
   generateSpeech,
   listElevenLabsVoices,
@@ -67,7 +67,7 @@ export const ttsHandlers: Record<string, ToolHandler> = {
 
   create_narrated_video: async (args) => {
     try {
-      const guard = guardUrl(args.url);
+      const guard = await resolveAndGuardUrl(args.url);
       if (!guard.ok) return jsonResponse({ success: false, error: guard.reason }, true);
 
       const segments: NarrationSegment[] = (args.segments as Array<{

package/src/handlers/video.ts

@@ -7,7 +7,7 @@ import { logger } from '../lib/logger.js';
 import { recordWebsite } from '../tools/index.js';
 import type { RecordingConfig, Scene, ViewportPreset } from '../tools/index.js';
 import * as path from 'path';
-import { guardUrl } from '../lib/url-guard.js';
+import { resolveAndGuardUrl } from '../lib/url-guard.js';
 
 const OUTPUT_DIR = process.env.VIDEO_OUTPUT_DIR || './output';
 
@@ -17,7 +17,7 @@ export const videoHandlers: Record<string, ToolHandler> = {
    */
   record_website_video: async (args) => {
     try {
-      const guard = guardUrl(args.url);
+      const guard = await resolveAndGuardUrl(args.url);
       if (!guard.ok) return jsonResponse({ success: false, error: guard.reason }, true);
       const config: RecordingConfig = {
         url: guard.url,
@@ -49,7 +49,7 @@ export const videoHandlers: Record<string, ToolHandler> = {
    */
   record_website_scroll: async (args) => {
     try {
-      const guard = guardUrl(args.url);
+      const guard = await resolveAndGuardUrl(args.url);
       if (!guard.ok) return jsonResponse({ success: false, error: guard.reason }, true);
       const duration = args.duration ?? 12;
       const easing = args.easing ?? 'showcase';
@@ -82,7 +82,7 @@ export const videoHandlers: Record<string, ToolHandler> = {
    */
   record_multi_device: async (args) => {
     try {
-      const guard = guardUrl(args.url);
+      const guard = await resolveAndGuardUrl(args.url);
       if (!guard.ok) return jsonResponse({ success: false, error: guard.reason }, true);
       const devices: ViewportPreset[] = args.devices ?? ['desktop', 'tablet', 'mobile'];
       const duration = args.duration ?? 10;

package/src/lib/ffmpeg-run.test.ts

@@ -6,7 +6,7 @@ const execFileMock = vi.hoisted(() => vi.fn());
 vi.mock('node:child_process', () => ({ execFile: execFileMock }));
 
 // IMPORTANT: import AFTER vi.mock so the mock is bound.
-import { runFfmpeg } from './ffmpeg-run.js';
+import { runFfmpeg, runFfprobe } from './ffmpeg-run.js';
 
 describe('ffmpeg-run — runFfmpeg', () => {
   beforeEach(() => {
@@ -74,3 +74,52 @@ describe('ffmpeg-run — runFfmpeg', () => {
     await expect(runFfmpeg([], { label: 'lut-preset' })).rejects.toThrow(/lut-preset/);
   });
 });
+
+describe('ffmpeg-run — runFfprobe', () => {
+  beforeEach(() => {
+    execFileMock.mockReset();
+  });
+
+  it('prepends -protocol_whitelist on every probe (closes the "just probe first" SSRF bypass)', async () => {
+    execFileMock.mockImplementationOnce((_bin, _args, _opts, cb) => {
+      cb(null, '12.34', '');
+    });
+    await runFfprobe(['-show_entries', 'format=duration', 'in.mp4']);
+    const args = execFileMock.mock.calls[0][1] as string[];
+    expect(args[0]).toBe('-protocol_whitelist');
+    expect(args[1]).toBe('file,pipe,crypto,cache,fd');
+    expect(args.slice(2)).toEqual(['-show_entries', 'format=duration', 'in.mp4']);
+  });
+
+  it('never includes http in the default probe whitelist', async () => {
+    execFileMock.mockImplementationOnce((_bin, _args, _opts, cb) => {
+      cb(null, '', '');
+    });
+    await runFfprobe(['x']);
+    const protocols = (execFileMock.mock.calls[0][1] as string[])[1].split(',');
+    expect(protocols).not.toContain('http');
+    expect(protocols).not.toContain('rtsp');
+  });
+
+  it('resolves with stdout by default (probe output is on stdout)', async () => {
+    execFileMock.mockImplementationOnce((_bin, _args, _opts, cb) => {
+      cb(null, '1920\n1080', 'noise');
+    });
+    const out = await runFfprobe(['x']);
+    expect(out).toBe('1920\n1080');
+  });
+
+  it('rejects with a sanitized message when ffprobe fails', async () => {
+    execFileMock.mockImplementationOnce((_bin, _args, _opts, cb) => {
+      cb(new Error('exit 1'), '', 'x-api-key: super-secret-value');
+    });
+    await expect(runFfprobe(['x'])).rejects.toThrow(/\[REDACTED\]/);
+  });
+
+  it('includes the label in the rejection message', async () => {
+    execFileMock.mockImplementationOnce((_bin, _args, _opts, cb) => {
+      cb(new Error('x'), '', 'boom');
+    });
+    await expect(runFfprobe([], { label: 'audio-probe' })).rejects.toThrow(/audio-probe/);
+  });
+});