@sulthonzh/mcp-audit 1.1.0

package/README.md

@@ -0,0 +1,134 @@
+# MCP Audit 🔍
+
+Security scanner for MCP (Model Context Protocol) servers — and your container/K8s/Helm infrastructure too. Think of it as `npm audit` but for your AI agent integrations and cloud-native deployments.
+
+## Why MCP Audit?
+
+Everyone's installing MCP servers like crazy, but nobody's checking if they're about to give a plugin full access to their filesystem, data, and context. MCP Audit gives you visibility into what these servers can actually do — and flags the risky stuff before it bites you.
+
+It also scans Dockerfiles, Kubernetes manifests, and Helm charts, because your AI tools don't live in a vacuum. They run in containers, on clusters, behind charts. Might as well audit the whole stack.
+
+## What It Scans
+
+| Target | Command | What It Catches |
+|--------|---------|-----------------|
+| MCP config files | `mcp-audit scan` | Risky permissions, overly broad file access |
+| MCP server repos | `mcp-audit check <repo>` | Prompt injection, hardcoded secrets, trust scoring |
+| Dockerfiles | `mcp-audit docker <path>` | Root user, exposed secrets, outdated base images |
+| Kubernetes manifests | `mcp-audit k8s <path>` | Privileged containers, hostNetwork, runaway resources |
+| Helm charts | `mcp-audit helm <path>` | Hardcoded secrets in values.yaml, unsafe defaults |
+
+## Quick Start
+
+```bash
+npm install -g mcp-audit
+
+# Scan your MCP config
+mcp-audit scan
+
+# Audit a remote MCP server
+mcp-audit check github.com/user/mcp-server
+
+# Scan a Dockerfile
+mcp-audit docker ./Dockerfile
+
+# Scan K8s manifests
+mcp-audit k8s ./manifests
+
+# Scan a Helm chart
+mcp-audit helm ./my-chart
+
+# CI mode (exits with code on findings)
+mcp-audit check --ci
+```
+
+## Usage
+
+### Scan MCP Configuration
+Checks `claude_desktop_config.json`, `.cursor/mcp.json`, and other MCP config files for risky permissions.
+
+```bash
+mcp-audit scan
+mcp-audit scan -o report.json  # save report
+```
+
+### Check a Remote Server
+Clones the repo, runs static analysis, and generates a trust score based on GitHub signals.
+
+```bash
+mcp-audit check https://github.com/username/mcp-server
+mcp-audit check https://github.com/username/mcp-server --ci  # CI-friendly
+```
+
+### Docker Security
+```bash
+mcp-audit docker ./Dockerfile
+mcp-audit docker ./docker-dir  # scans all Dockerfiles in directory
+```
+
+Detects: root user, `ADD` vs `COPY`, hardcoded secrets, `latest` tags, missing `.dockerignore`.
+
+### Kubernetes Security
+```bash
+mcp-audit k8s ./manifests
+mcp-audit k8s ./manifests --strict  # stricter checks
+```
+
+Detects: privileged containers, hostNetwork/hostPID, missing resource limits, `alwaysPullPolicy` not set, containers running as root.
+
+### Helm Chart Security
+```bash
+mcp-audit helm ./my-chart
+mcp-audit helm ./my-chart --strict -o report.json
+```
+
+Automatically detects Helm charts (looks for `Chart.yaml`). Scans `values.yaml` for hardcoded secrets and privileged flags, strips Go template syntax from `templates/` and runs K8s security checks, and validates `Chart.yaml` for deprecated API versions and missing metadata.
+
+### CI Integration
+All scanners support `--ci` for pipeline-friendly output and proper exit codes. Use `--strict` to fail on warnings too.
+
+```yaml
+# GitHub Actions example
+- name: Security Audit
+  run: |
+    npx mcp-audit k8s ./k8s --ci --strict
+    npx mcp-audit docker . --ci
+    npx mcp-audit helm ./charts --ci
+```
+
+## Configuration
+
+Create `mcp-audit.config.json` to customize:
+
+```json
+{
+  "vulnerabilityDatabase": "https://raw.githubusercontent.com/your-org/mcp-vuln-db/main/database.json",
+  "trustWeight": {
+    "stars": 0.3,
+    "tests": 0.3,
+    "ci": 0.2,
+    "age": 0.2
+  }
+}
+```
+
+## Pre-commit Hook
+
+```yaml
+# .pre-commit-config.yaml
+repos:
+  - repo: local
+    hooks:
+      - id: mcp-audit
+        name: MCP Security Audit
+        entry: mcp-audit check --ci
+        language: system
+```
+
+## Contributing
+
+PRs welcome. Open an issue first if it's a significant change.
+
+## License
+
+MIT

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,165 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const config_scanner_1 = require("./scanners/config-scanner");
+const server_scanner_1 = require("./scanners/server-scanner");
+const report_generator_1 = require("./reporter/report-generator");
+const logger_1 = require("./utils/logger");
+const config_loader_1 = require("./config/config-loader");
+const docker_scanner_1 = require("./scanners/docker-scanner");
+const k8s_scanner_1 = require("./scanners/k8s-scanner");
+const helm_scanner_1 = require("./scanners/helm-scanner");
+commander_1.program
+    .name('mcp-audit')
+    .description('Security scanner for MCP (Model Context Protocol) servers')
+    .version('1.0.0');
+commander_1.program
+    .command('scan')
+    .description('Scan local MCP configuration files for security issues')
+    .option('-v, --verbose', 'Verbose output')
+    .option('-o, --output <file>', 'Output file for report')
+    .action(async (options) => {
+    try {
+        logger_1.logger.info('Starting MCP configuration scan...');
+        const config = (0, config_loader_1.loadConfig)();
+        const results = await (0, config_scanner_1.scanConfig)(config, options.verbose);
+        await (0, report_generator_1.generateReport)(results, options.output);
+        logger_1.logger.info('✅ Configuration scan completed');
+    }
+    catch (error) {
+        logger_1.logger.error('❌ Configuration scan failed:', error);
+        process.exit(1);
+    }
+});
+commander_1.program
+    .command('check')
+    .description('Check a specific MCP server for security issues')
+    .argument('<repository>', 'GitHub repository URL or path')
+    .option('-v, --verbose', 'Verbose output')
+    .option('-o, --output <file>', 'Output file for report')
+    .option('--ci', 'CI mode (silent, exit codes only)')
+    .option('--depth <number>', 'Scan depth for analysis', '2')
+    .action(async (repository, options) => {
+    try {
+        logger_1.logger.info(`Starting MCP server analysis for: ${repository}`);
+        const config = (0, config_loader_1.loadConfig)();
+        const results = await (0, server_scanner_1.checkServer)(repository, {
+            ...config,
+            scanDepth: parseInt(options.depth)
+        }, options.verbose);
+        await (0, report_generator_1.generateReport)(results, options.output);
+        if (!options.ci) {
+            logger_1.logger.info('✅ Server analysis completed');
+        }
+        process.exit(results.issues.length > 0 ? 1 : 0);
+    }
+    catch (error) {
+        logger_1.logger.error('❌ Server analysis failed:', error);
+        process.exit(1);
+    }
+});
+commander_1.program
+    .command('docker')
+    .description('Scan Dockerfiles, compose files, and .env for container security issues')
+    .argument('<path>', 'Directory or file to scan')
+    .option('-v, --verbose', 'Verbose output')
+    .option('-o, --output <file>', 'Output file for report')
+    .option('--strict', 'Treat warnings as errors (exit 1)')
+    .option('--ci', 'CI mode (no color, exit codes only)')
+    .action(async (targetPath, options) => {
+    try {
+        if (!options.ci)
+            logger_1.logger.info(`Scanning Docker configs in: ${targetPath}`);
+        const results = await (0, docker_scanner_1.scanDocker)(targetPath, { strict: options.strict });
+        await (0, report_generator_1.generateReport)(results, options.output);
+        if (!options.ci) {
+            const score = results.score ?? 'N/A';
+            const issueCount = results.issues.length;
+            logger_1.logger.info(`✅ Docker scan completed — ${issueCount} issue(s) found, score: ${score}`);
+        }
+        const hasHigh = results.issues.some((i) => i.severity === 'high');
+        const fail = options.strict ? results.issues.length > 0 : hasHigh;
+        process.exit(fail ? 1 : 0);
+    }
+    catch (error) {
+        logger_1.logger.error('❌ Docker scan failed:', error);
+        process.exit(1);
+    }
+});
+commander_1.program
+    .command('k8s')
+    .description('Scan Kubernetes manifests (YAML) for security misconfigurations')
+    .argument('<path>', 'Directory or file to scan')
+    .option('-v, --verbose', 'Verbose output')
+    .option('-o, --output <file>', 'Output file for report')
+    .option('--strict', 'Treat all issues as failures (exit 1)')
+    .option('--ci', 'CI mode (no color, exit codes only)')
+    .action(async (targetPath, options) => {
+    try {
+        if (!options.ci)
+            logger_1.logger.info(`Scanning K8s manifests in: ${targetPath}`);
+        const results = await (0, k8s_scanner_1.scanK8s)(targetPath, { strict: options.strict });
+        await (0, report_generator_1.generateReport)(results, options.output);
+        if (!options.ci) {
+            const score = results.score ?? 'N/A';
+            const issueCount = results.issues.length;
+            logger_1.logger.info(`✅ K8s scan completed — ${issueCount} issue(s) found, score: ${score}`);
+        }
+        const hasHigh = results.issues.some((i) => i.type === 'high');
+        const fail = options.strict ? results.issues.length > 0 : hasHigh;
+        process.exit(fail ? 1 : 0);
+    }
+    catch (error) {
+        logger_1.logger.error('❌ K8s scan failed:', error);
+        process.exit(1);
+    }
+});
+commander_1.program
+    .command('helm')
+    .description('Scan Helm charts for security misconfigurations')
+    .argument('<path>', 'Helm chart directory or parent directory')
+    .option('-v, --verbose', 'Verbose output')
+    .option('-o, --output <file>', 'Output file for report')
+    .option('--strict', 'Treat all issues as failures (exit 1)')
+    .option('--ci', 'CI mode (no color, exit codes only)')
+    .action(async (targetPath, options) => {
+    try {
+        if (!options.ci)
+            logger_1.logger.info(`Scanning Helm charts in: ${targetPath}`);
+        const results = await (0, helm_scanner_1.scanHelm)(targetPath, { strict: options.strict });
+        await (0, report_generator_1.generateReport)(results, options.output);
+        if (!options.ci) {
+            const score = results.score ?? 'N/A';
+            const issueCount = results.issues.length;
+            logger_1.logger.info(`✅ Helm scan completed — ${issueCount} issue(s) found, score: ${score}`);
+        }
+        const hasHigh = results.issues.some((i) => i.type === 'high');
+        const fail = options.strict ? results.issues.length > 0 : hasHigh;
+        process.exit(fail ? 1 : 0);
+    }
+    catch (error) {
+        logger_1.logger.error('❌ Helm scan failed:', error);
+        process.exit(1);
+    }
+});
+commander_1.program
+    .command('config')
+    .description('Manage MCP Audit configuration')
+    .option('--init', 'Initialize configuration file')
+    .option('--show', 'Show current configuration')
+    .action(async (options) => {
+    const config = (0, config_loader_1.loadConfig)();
+    if (options.init) {
+        await (0, config_loader_1.initializeConfig)();
+        logger_1.logger.info('✅ Configuration initialized');
+        return;
+    }
+    if (options.show) {
+        console.log(JSON.stringify(config, null, 2));
+        return;
+    }
+    console.log('Use --init to create configuration or --show to view current config');
+});
+commander_1.program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,8DAAuD;AACvD,8DAAwD;AACxD,kEAA6D;AAC7D,2CAAwC;AACxC,0DAAsE;AACtE,8DAAuD;AACvD,wDAAiD;AACjD,0DAAmD;AAEnD,mBAAO;KACJ,IAAI,CAAC,WAAW,CAAC;KACjB,WAAW,CAAC,2DAA2D,CAAC;KACxE,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,mBAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,eAAM,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,IAAA,0BAAU,GAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAU,EAAC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC9C,eAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,QAAQ,CAAC,cAAc,EAAE,+BAA+B,CAAC;KACzD,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,MAAM,EAAE,mCAAmC,CAAC;KACnD,MAAM,CAAC,kBAAkB,EAAE,yBAAyB,EAAE,GAAG,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,eAAM,CAAC,IAAI,CAAC,qCAAqC,UAAU,EAAE,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,IAAA,0BAAU,GAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,MAAM,IAAA,4BAAW,EAAC,UAAU,EAAE;YAC5C,GAAG,MAAM;YACT,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QACpB,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,eAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,yEAAyE,CAAC;KACtF,QAAQ,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/C,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,mCAAmC,CAAC;KACvD,MAAM,CAAC,MAAM,EAAE,qCAAqC,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,eAAM,CAAC,IAAI,CAAC,+BAA+B,UAAU,EAAE,CAAC,CAAC;QAC1E,MAAM,OAAO,GAAG,MAAM,IAAA,2BAAU,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;YACzC,eAAM,CAAC,IAAI,CAAC,6BAA6B,UAAU,2BAA2B,KAAK,EAAE,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QACvE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,KAAK,CAAC;KACd,WAAW,CAAC,iEAAiE,CAAC;KAC9E,QAAQ,CAAC,QAAQ,EAAE,2BAA2B,CAAC;KAC/C,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC3D,MAAM,CAAC,MAAM,EAAE,qCAAqC,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,eAAM,CAAC,IAAI,CAAC,8BAA8B,UAAU,EAAE,CAAC,CAAC;QACzE,MAAM,OAAO,GAAG,MAAM,IAAA,qBAAO,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACtE,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;YACzC,eAAM,CAAC,IAAI,CAAC,0BAA0B,UAAU,2BAA2B,KAAK,EAAE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;QACnE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,iDAAiD,CAAC;KAC9D,QAAQ,CAAC,QAAQ,EAAE,0CAA0C,CAAC;KAC9D,MAAM,CAAC,eAAe,EAAE,gBAAgB,CAAC;KACzC,MAAM,CAAC,qBAAqB,EAAE,wBAAwB,CAAC;KACvD,MAAM,CAAC,UAAU,EAAE,uCAAuC,CAAC;KAC3D,MAAM,CAAC,MAAM,EAAE,qCAAqC,CAAC;KACrD,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,EAAE;YAAE,eAAM,CAAC,IAAI,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;QACvE,MAAM,OAAO,GAAG,MAAM,IAAA,uBAAQ,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,MAAM,IAAA,iCAAc,EAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAE9C,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;YACrC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC;YACzC,eAAM,CAAC,IAAI,CAAC,2BAA2B,UAAU,2BAA2B,KAAK,EAAE,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;QACnE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,eAAM,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,gCAAgC,CAAC;KAC7C,MAAM,CAAC,QAAQ,EAAE,+BAA+B,CAAC;KACjD,MAAM,CAAC,QAAQ,EAAE,4BAA4B,CAAC;KAC9C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,MAAM,GAAG,IAAA,0BAAU,GAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,IAAA,gCAAgB,GAAE,CAAC;QACzB,eAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC3C,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;AACrF,CAAC,CAAC,CAAC;AAEL,mBAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/config/config-loader.d.ts

@@ -0,0 +1,17 @@
+export interface MCPAuditConfig {
+    vulnerabilityDatabase: string;
+    trustWeight: {
+        stars: number;
+        tests: number;
+        ci: number;
+        age: number;
+    };
+    allowedFileAccess: string[];
+    scanDepth: number;
+    excludePatterns: string[];
+}
+export declare function getConfigPath(): string;
+export declare function getDefaultConfigPath(): string;
+export declare function loadConfig(configPath?: string): MCPAuditConfig;
+export declare function initializeConfig(configPath?: string): Promise<void>;
+//# sourceMappingURL=config-loader.d.ts.map

package/dist/config/config-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-loader.d.ts","sourceRoot":"","sources":["../../src/config/config-loader.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,cAAc;IAC7B,qBAAqB,EAAE,MAAM,CAAC;IAC9B,WAAW,EAAE;QACX,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,EAAE,EAAE,MAAM,CAAC;QACX,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAyBD,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED,wBAAgB,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,cAAc,CAyB9D;AAED,wBAAsB,gBAAgB,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMzE"}

package/dist/config/config-loader.js

@@ -0,0 +1,72 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfigPath = getConfigPath;
+exports.getDefaultConfigPath = getDefaultConfigPath;
+exports.loadConfig = loadConfig;
+exports.initializeConfig = initializeConfig;
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const path_1 = __importDefault(require("path"));
+const os_1 = require("os");
+const DEFAULT_CONFIG = {
+    vulnerabilityDatabase: 'https://raw.githubusercontent.com/sulthonzh/mcp-vulnerability-database/main/database.json',
+    trustWeight: {
+        stars: 0.3,
+        tests: 0.3,
+        ci: 0.2,
+        age: 0.2
+    },
+    allowedFileAccess: [
+        '~/documents',
+        '~/projects',
+        '~/downloads'
+    ],
+    scanDepth: 2,
+    excludePatterns: [
+        'node_modules/**',
+        'dist/**',
+        'build/**',
+        '**/*.log',
+        '**/*.tmp'
+    ]
+};
+function getConfigPath() {
+    return path_1.default.join(process.cwd(), 'mcp-audit.config.json');
+}
+function getDefaultConfigPath() {
+    return path_1.default.join((0, os_1.homedir)(), '.mcp-audit.json');
+}
+function loadConfig(configPath) {
+    const configFile = configPath || getConfigPath();
+    if (fs_extra_1.default.existsSync(configFile)) {
+        try {
+            const userConfig = fs_extra_1.default.readJsonSync(configFile);
+            return { ...DEFAULT_CONFIG, ...userConfig };
+        }
+        catch (error) {
+            console.warn(`Warning: Could not parse config file ${configFile}, using defaults`);
+            return DEFAULT_CONFIG;
+        }
+    }
+    // Check for global config
+    const globalConfigFile = getDefaultConfigPath();
+    if (fs_extra_1.default.existsSync(globalConfigFile)) {
+        try {
+            const globalConfig = fs_extra_1.default.readJsonSync(globalConfigFile);
+            return { ...DEFAULT_CONFIG, ...globalConfig };
+        }
+        catch (error) {
+            console.warn(`Warning: Could not parse global config file ${globalConfigFile}, using defaults`);
+        }
+    }
+    return DEFAULT_CONFIG;
+}
+async function initializeConfig(configPath) {
+    const configFile = configPath || getConfigPath();
+    const config = loadConfig();
+    await fs_extra_1.default.writeJson(configFile, config, { spaces: 2 });
+    console.log(`Configuration initialized at: ${configFile}`);
+}
+//# sourceMappingURL=config-loader.js.map

package/dist/config/config-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-loader.js","sourceRoot":"","sources":["../../src/config/config-loader.ts"],"names":[],"mappings":";;;;;AAwCA,sCAEC;AAED,oDAEC;AAED,gCAyBC;AAED,4CAMC;AAjFD,wDAA0B;AAC1B,gDAAwB;AACxB,2BAA6B;AAe7B,MAAM,cAAc,GAAmB;IACrC,qBAAqB,EAAE,2FAA2F;IAClH,WAAW,EAAE;QACX,KAAK,EAAE,GAAG;QACV,KAAK,EAAE,GAAG;QACV,EAAE,EAAE,GAAG;QACP,GAAG,EAAE,GAAG;KACT;IACD,iBAAiB,EAAE;QACjB,aAAa;QACb,YAAY;QACZ,aAAa;KACd;IACD,SAAS,EAAE,CAAC;IACZ,eAAe,EAAE;QACf,iBAAiB;QACjB,SAAS;QACT,UAAU;QACV,UAAU;QACV,UAAU;KACX;CACF,CAAC;AAEF,SAAgB,aAAa;IAC3B,OAAO,cAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAC3D,CAAC;AAED,SAAgB,oBAAoB;IAClC,OAAO,cAAI,CAAC,IAAI,CAAC,IAAA,YAAO,GAAE,EAAE,iBAAiB,CAAC,CAAC;AACjD,CAAC;AAED,SAAgB,UAAU,CAAC,UAAmB;IAC5C,MAAM,UAAU,GAAG,UAAU,IAAI,aAAa,EAAE,CAAC;IAEjD,IAAI,kBAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,kBAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;YAC/C,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,UAAU,EAAE,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,wCAAwC,UAAU,kBAAkB,CAAC,CAAC;YACnF,OAAO,cAAc,CAAC;QACxB,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,MAAM,gBAAgB,GAAG,oBAAoB,EAAE,CAAC;IAChD,IAAI,kBAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,kBAAE,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;YACvD,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,YAAY,EAAE,CAAC;QAChD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,+CAA+C,gBAAgB,kBAAkB,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC;AACxB,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAAC,UAAmB;IACxD,MAAM,UAAU,GAAG,UAAU,IAAI,aAAa,EAAE,CAAC;IACjD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,MAAM,kBAAE,CAAC,SAAS,CAAC,UAAU,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,iCAAiC,UAAU,EAAE,CAAC,CAAC;AAC7D,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export { scanConfig } from './scanners/config-scanner';
+export { checkServer } from './scanners/server-scanner';
+export { generateReport } from './reporter/report-generator';
+export { loadConfig, initializeConfig } from './config/config-loader';
+export { logger } from './utils/logger';
+export { scanDocker } from './scanners/docker-scanner';
+export { SecurityResult, SecurityIssue } from './types/security-result';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/index.js

@@ -0,0 +1,22 @@
+"use strict";
+// MCP Audit - Main entry point
+// This file serves as the main entry point for the package
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanDocker = exports.logger = exports.initializeConfig = exports.loadConfig = exports.generateReport = exports.checkServer = exports.scanConfig = void 0;
+var config_scanner_1 = require("./scanners/config-scanner");
+Object.defineProperty(exports, "scanConfig", { enumerable: true, get: function () { return config_scanner_1.scanConfig; } });
+var server_scanner_1 = require("./scanners/server-scanner");
+Object.defineProperty(exports, "checkServer", { enumerable: true, get: function () { return server_scanner_1.checkServer; } });
+var report_generator_1 = require("./reporter/report-generator");
+Object.defineProperty(exports, "generateReport", { enumerable: true, get: function () { return report_generator_1.generateReport; } });
+var config_loader_1 = require("./config/config-loader");
+Object.defineProperty(exports, "loadConfig", { enumerable: true, get: function () { return config_loader_1.loadConfig; } });
+Object.defineProperty(exports, "initializeConfig", { enumerable: true, get: function () { return config_loader_1.initializeConfig; } });
+var logger_1 = require("./utils/logger");
+Object.defineProperty(exports, "logger", { enumerable: true, get: function () { return logger_1.logger; } });
+var docker_scanner_1 = require("./scanners/docker-scanner");
+Object.defineProperty(exports, "scanDocker", { enumerable: true, get: function () { return docker_scanner_1.scanDocker; } });
+// Re-export command for programmatic usage
+// Note: program is not exported due to circular dependency
+// Use cli module directly for programmatic access
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B,2DAA2D;;;AAE3D,4DAAuD;AAA9C,4GAAA,UAAU,OAAA;AACnB,4DAAwD;AAA/C,6GAAA,WAAW,OAAA;AACpB,gEAA6D;AAApD,kHAAA,cAAc,OAAA;AACvB,wDAAsE;AAA7D,2GAAA,UAAU,OAAA;AAAE,iHAAA,gBAAgB,OAAA;AACrC,yCAAwC;AAA/B,gGAAA,MAAM,OAAA;AACf,4DAAuD;AAA9C,4GAAA,UAAU,OAAA;AAGnB,2CAA2C;AAC3C,2DAA2D;AAC3D,kDAAkD"}

package/dist/reporter/report-generator.d.ts

@@ -0,0 +1,7 @@
+import { SecurityResult } from '../types/security-result';
+export interface ReportOptions {
+    format: 'json' | 'table' | 'summary' | 'sarif';
+    output?: string;
+}
+export declare function generateReport(result: SecurityResult, outputPath?: string): Promise<void>;
+//# sourceMappingURL=report-generator.d.ts.map

package/dist/reporter/report-generator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"report-generator.d.ts","sourceRoot":"","sources":["../../src/reporter/report-generator.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAiB,MAAM,0BAA0B,CAAC;AAGzE,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC;IAC/C,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,cAAc,CAAC,MAAM,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsB/F"}