@venos-inc/venos 0.1.10 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. package/README.md +10 -9
  2. package/dist/index.js +75 -80
  3. package/etc/mcp-server/bin.js +2 -2
  4. package/etc/mcp-server/client.js +23 -0
  5. package/etc/mcp-server/node_modules/@babel/core/node_modules/.bin/json5 +2 -2
  6. package/etc/mcp-server/node_modules/@babel/core/node_modules/.bin/parser +2 -2
  7. package/etc/mcp-server/node_modules/@babel/core/node_modules/.bin/semver +2 -2
  8. package/etc/mcp-server/node_modules/@babel/generator/node_modules/.bin/jsesc +2 -2
  9. package/etc/mcp-server/node_modules/@babel/generator/node_modules/.bin/parser +2 -2
  10. package/etc/mcp-server/node_modules/@babel/helper-compilation-targets/node_modules/.bin/browserslist +2 -2
  11. package/etc/mcp-server/node_modules/@babel/helper-compilation-targets/node_modules/.bin/semver +2 -2
  12. package/etc/mcp-server/node_modules/@babel/template/node_modules/.bin/parser +2 -2
  13. package/etc/mcp-server/node_modules/@babel/traverse/node_modules/.bin/parser +2 -2
  14. package/etc/mcp-server/node_modules/@eslint/core/README.md +3 -3
  15. package/etc/mcp-server/node_modules/@eslint/core/dist/cjs/types.d.cts +47 -9
  16. package/etc/mcp-server/node_modules/@eslint/core/dist/esm/types.d.ts +47 -9
  17. package/etc/mcp-server/node_modules/@eslint/core/package.json +5 -5
  18. package/etc/mcp-server/node_modules/@eslint/eslintrc/node_modules/.bin/js-yaml +2 -2
  19. package/etc/mcp-server/node_modules/@eslint/plugin-kit/README.md +9 -11
  20. package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/cjs/index.cjs +21 -12
  21. package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/cjs/index.d.cts +31 -19
  22. package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/esm/index.d.ts +31 -19
  23. package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/esm/index.js +21 -12
  24. package/etc/mcp-server/node_modules/@eslint/plugin-kit/package.json +6 -9
  25. package/etc/mcp-server/node_modules/@eslint-community/eslint-utils/node_modules/.bin/eslint +2 -2
  26. package/etc/mcp-server/node_modules/@types/babel__core/node_modules/.bin/parser +2 -2
  27. package/etc/mcp-server/node_modules/@types/babel__template/node_modules/.bin/parser +2 -2
  28. package/etc/mcp-server/node_modules/@typescript-eslint/eslint-plugin/node_modules/.bin/eslint +2 -2
  29. package/etc/mcp-server/node_modules/@typescript-eslint/eslint-plugin/node_modules/.bin/tsc +2 -2
  30. package/etc/mcp-server/node_modules/@typescript-eslint/eslint-plugin/node_modules/.bin/tsserver +2 -2
  31. package/etc/mcp-server/node_modules/@typescript-eslint/parser/node_modules/.bin/eslint +2 -2
  32. package/etc/mcp-server/node_modules/@typescript-eslint/parser/node_modules/.bin/tsc +2 -2
  33. package/etc/mcp-server/node_modules/@typescript-eslint/parser/node_modules/.bin/tsserver +2 -2
  34. package/etc/mcp-server/node_modules/@typescript-eslint/project-service/node_modules/.bin/tsc +2 -2
  35. package/etc/mcp-server/node_modules/@typescript-eslint/project-service/node_modules/.bin/tsserver +2 -2
  36. package/etc/mcp-server/node_modules/@typescript-eslint/tsconfig-utils/node_modules/.bin/tsc +2 -2
  37. package/etc/mcp-server/node_modules/@typescript-eslint/tsconfig-utils/node_modules/.bin/tsserver +2 -2
  38. package/etc/mcp-server/node_modules/@typescript-eslint/type-utils/node_modules/.bin/eslint +2 -2
  39. package/etc/mcp-server/node_modules/@typescript-eslint/type-utils/node_modules/.bin/tsc +2 -2
  40. package/etc/mcp-server/node_modules/@typescript-eslint/type-utils/node_modules/.bin/tsserver +2 -2
  41. package/etc/mcp-server/node_modules/@typescript-eslint/typescript-estree/node_modules/.bin/semver +2 -2
  42. package/etc/mcp-server/node_modules/@typescript-eslint/typescript-estree/node_modules/.bin/tsc +2 -2
  43. package/etc/mcp-server/node_modules/@typescript-eslint/typescript-estree/node_modules/.bin/tsserver +2 -2
  44. package/etc/mcp-server/node_modules/@typescript-eslint/utils/node_modules/.bin/eslint +2 -2
  45. package/etc/mcp-server/node_modules/@typescript-eslint/utils/node_modules/.bin/tsc +2 -2
  46. package/etc/mcp-server/node_modules/@typescript-eslint/utils/node_modules/.bin/tsserver +2 -2
  47. package/etc/mcp-server/node_modules/@vitest/mocker/node_modules/.bin/vite +2 -2
  48. package/etc/mcp-server/node_modules/acorn-jsx/node_modules/.bin/acorn +2 -2
  49. package/etc/mcp-server/node_modules/browserslist/node_modules/.bin/baseline-browser-mapping +2 -2
  50. package/etc/mcp-server/node_modules/browserslist/node_modules/.bin/update-browserslist-db +2 -2
  51. package/etc/mcp-server/node_modules/cross-spawn/node_modules/.bin/node-which +2 -2
  52. package/etc/mcp-server/node_modules/espree/node_modules/.bin/acorn +2 -2
  53. package/etc/mcp-server/node_modules/postcss/node_modules/.bin/nanoid +2 -2
  54. package/etc/mcp-server/node_modules/sharp/node_modules/.bin/semver +2 -2
  55. package/etc/mcp-server/node_modules/ts-api-utils/node_modules/.bin/tsc +2 -2
  56. package/etc/mcp-server/node_modules/ts-api-utils/node_modules/.bin/tsserver +2 -2
  57. package/etc/mcp-server/node_modules/typescript-eslint/node_modules/.bin/eslint +2 -2
  58. package/etc/mcp-server/node_modules/typescript-eslint/node_modules/.bin/tsc +2 -2
  59. package/etc/mcp-server/node_modules/typescript-eslint/node_modules/.bin/tsserver +2 -2
  60. package/etc/mcp-server/node_modules/update-browserslist-db/node_modules/.bin/browserslist +2 -2
  61. package/etc/mcp-server/node_modules/vite/node_modules/.bin/esbuild +2 -2
  62. package/etc/mcp-server/node_modules/vite/node_modules/.bin/rollup +2 -2
  63. package/etc/mcp-server/node_modules/vite-node/node_modules/.bin/vite +2 -2
  64. package/etc/mcp-server/node_modules/vitest/node_modules/.bin/vite +2 -2
  65. package/etc/mcp-server/node_modules/vitest/node_modules/.bin/vite-node +2 -2
  66. package/etc/mcp-server/node_modules/vitest/node_modules/.bin/why-is-node-running +2 -2
  67. package/etc/mcp-server/tools.js +172 -138
  68. package/package.json +1 -1
@@ -6,9 +6,9 @@ case `uname` in
6
6
  esac
7
7
 
8
8
  if [ -z "$NODE_PATH" ]; then
9
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules"
9
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
10
10
  else
11
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules:$NODE_PATH"
11
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
12
12
  fi
13
13
  if [ -x "$basedir/node" ]; then
14
14
  exec "$basedir/node" "$basedir/../../../../../vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/vite.js" "$@"
@@ -6,9 +6,9 @@ case `uname` in
6
6
  esac
7
7
 
8
8
  if [ -z "$NODE_PATH" ]; then
9
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules"
9
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
10
10
  else
11
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules:$NODE_PATH"
11
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
12
12
  fi
13
13
  if [ -x "$basedir/node" ]; then
14
14
  exec "$basedir/node" "$basedir/../../../../../vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/vite.js" "$@"
@@ -6,9 +6,9 @@ case `uname` in
6
6
  esac
7
7
 
8
8
  if [ -z "$NODE_PATH" ]; then
9
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules"
9
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
10
10
  else
11
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules:$NODE_PATH"
11
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
12
12
  fi
13
13
  if [ -x "$basedir/node" ]; then
14
14
  exec "$basedir/node" "$basedir/../../../../../vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/vite-node.mjs" "$@"
@@ -6,9 +6,9 @@ case `uname` in
6
6
  esac
7
7
 
8
8
  if [ -z "$NODE_PATH" ]; then
9
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules/why-is-node-running/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules"
9
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules/why-is-node-running/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
10
10
  else
11
- export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules/why-is-node-running/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.10/node_modules/.pnpm/node_modules:$NODE_PATH"
11
+ export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules/why-is-node-running/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
12
12
  fi
13
13
  if [ -x "$basedir/node" ]; then
14
14
  exec "$basedir/node" "$basedir/../../../../../why-is-node-running@2.3.0/node_modules/why-is-node-running/cli.js" "$@"
@@ -2,6 +2,132 @@
2
2
  import { z } from "zod";
3
3
  import { scanPath, scanImage } from "./trivy.js";
4
4
  import { scanSkill } from "./skill-spector.js";
5
+ export const SETUP_MCP_SERVER_PACKAGE = "@venos/mcp-server";
6
+ export const SETUP_LOCAL_MCP_SERVER_BIN = "/absolute/path/to/venos/packages/mcp-server/dist/bin.js";
7
+ export function setupMcpServerEntry() {
8
+ return {
9
+ command: "node",
10
+ args: [SETUP_LOCAL_MCP_SERVER_BIN],
11
+ env: {
12
+ VENOS_URL: "http://localhost:8788",
13
+ VENOS_ORG_ID: "your-org-id",
14
+ VENOS_API_KEY: "$VENOS_API_KEY",
15
+ },
16
+ };
17
+ }
18
+ function setupJson(value) {
19
+ return JSON.stringify(value, null, 2);
20
+ }
21
+ const CURSOR_STYLE_SETUP = setupJson({
22
+ mcpServers: {
23
+ venos: setupMcpServerEntry(),
24
+ },
25
+ });
26
+ const VSCODE_SETUP = setupJson({
27
+ "mcp.servers": {
28
+ venos: setupMcpServerEntry(),
29
+ },
30
+ });
31
+ export const SETUP_TEMPLATES = {
32
+ cursor: `## venos setup for Cursor
33
+
34
+ **Coverage: best-effort** (no hook API — Cursor's AI calls venos_classify voluntarily)
35
+
36
+ ### 1. Add ${SETUP_MCP_SERVER_PACKAGE} to ~/.cursor/mcp.json
37
+
38
+ \`\`\`json
39
+ ${CURSOR_STYLE_SETUP}
40
+ \`\`\`
41
+
42
+ ### 2. Add .cursorrules to your project
43
+
44
+ Create \`.cursorrules\` with:
45
+
46
+ > Before running shell commands that delete files, write outside the workspace,
47
+ > fetch from unrecognized hosts, install packages, or rewrite git history — call
48
+ > venos_classify with the exact command and abort if decision is deny.
49
+
50
+ ### 3. Verify
51
+
52
+ In the Cursor agent panel: "list venos tools" → you should see venos_classify.
53
+ Events will appear in the venos dashboard under source: cursor.`,
54
+ windsurf: `## venos setup for Windsurf
55
+
56
+ **Coverage: best-effort** (no hook API — Cascade calls venos_classify voluntarily)
57
+
58
+ ### 1. Add ${SETUP_MCP_SERVER_PACKAGE}
59
+
60
+ In Windsurf → Settings → MCP Servers, add:
61
+
62
+ \`\`\`json
63
+ ${CURSOR_STYLE_SETUP}
64
+ \`\`\`
65
+
66
+ ### 2. Add .windsurfrules to your project
67
+
68
+ Create \`.windsurfrules\` with the venos policy directive (see template in
69
+ packages/mcp-server/templates/windsurf-rules.md).
70
+
71
+ Events will appear in the venos dashboard under source: windsurf.`,
72
+ cline: `## venos setup for Cline
73
+
74
+ **Coverage: best-effort** (no hook API — Cline's AI calls venos_classify voluntarily)
75
+
76
+ ### 1. Add ${SETUP_MCP_SERVER_PACKAGE} in Cline settings
77
+
78
+ Add to Cline's MCP configuration:
79
+
80
+ \`\`\`json
81
+ ${CURSOR_STYLE_SETUP}
82
+ \`\`\`
83
+
84
+ ### 2. Add .clinerules to your project
85
+
86
+ Create \`.clinerules\` with the venos policy directive (see
87
+ packages/mcp-server/templates/cline-rules.md).
88
+
89
+ Events will appear in the venos dashboard under source: vscode-mcp.`,
90
+ vscode: `## venos setup for VS Code Copilot
91
+
92
+ **Coverage: best-effort** (no hook API — Copilot calls venos_classify voluntarily)
93
+
94
+ ### 1. Add ${SETUP_MCP_SERVER_PACKAGE} in VS Code
95
+
96
+ In VS Code settings (settings.json):
97
+
98
+ \`\`\`json
99
+ ${VSCODE_SETUP}
100
+ \`\`\`
101
+
102
+ ### 2. Add Copilot instructions
103
+
104
+ Create \`.github/copilot-instructions.md\` with the venos policy directive (see
105
+ packages/mcp-server/templates/vscode-rules.md).
106
+
107
+ Events will appear in the venos dashboard under source: vscode-mcp.`,
108
+ aider: `## venos setup for Aider
109
+
110
+ **Coverage: best-effort** (system-prompt injection — Aider's AI may skip the call)
111
+
112
+ ### 1. Add to .aider.conf.yml
113
+
114
+ \`\`\`yaml
115
+ system-prompt: |
116
+ Before running any shell command that deletes files, writes outside the workspace,
117
+ fetches from an unrecognized host, installs packages, or rewrites git history,
118
+ call venos_classify with the exact command string and abort if decision is deny.
119
+ \`\`\`
120
+
121
+ ### 2. For mandatory coverage
122
+
123
+ Route Aider's LLM calls through the venos gateway (apps/mcp-proxy).
124
+ Set: OPENAI_API_BASE=http://localhost:8080/v1 (where mcp-proxy listens).
125
+
126
+ Events will appear in the venos dashboard under source: webhook.`,
127
+ };
128
+ export function formatSetupTemplate(tool) {
129
+ return SETUP_TEMPLATES[tool];
130
+ }
5
131
  // Render the control scorecard as markdown. Pure (no I/O) so it is unit-tested
6
132
  // directly. An optional classFilter narrows the table to one class; the summary
7
133
  // counts always reflect the full registry.
@@ -25,6 +151,30 @@ export function formatControls(data, classFilter) {
25
151
  lines.push(`| Class | Control | Category | Enforced by |`, `|-------|---------|----------|-------------|`, ...rows.map((ctrl) => `| ${ctrl.class} | ${ctrl.name} | ${ctrl.category} | ${ctrl.enforcedBy} |`));
26
152
  return lines.join("\n");
27
153
  }
154
+ // Render a document classification result as markdown. Pure (no I/O) so it is
155
+ // unit-tested directly.
156
+ export function formatDocumentScan(doc) {
157
+ const labels = doc.labels?.length ? doc.labels.map((l) => l.name).join(", ") : "none";
158
+ const lines = [
159
+ `## Document scan: \`${doc.filename}\``,
160
+ ``,
161
+ `| Field | Value |`,
162
+ `|-------|-------|`,
163
+ `| Classification | ${doc.classification || "n/a"} |`,
164
+ `| Severity | ${doc.severity || "n/a"} |`,
165
+ `| Policy action | ${doc.policyAction || "allow"} |`,
166
+ `| PII subjects | ${doc.subjectCount ?? 0} |`,
167
+ `| Detected labels | ${labels} |`,
168
+ `| File kind | ${doc.fileKind || "n/a"} |`,
169
+ ``,
170
+ ];
171
+ if (doc.warnings?.length) {
172
+ lines.push(`### Warnings`);
173
+ for (const w of doc.warnings)
174
+ lines.push(`- ${w}`);
175
+ }
176
+ return lines.join("\n");
177
+ }
28
178
  // Render the Claude Code usage rollup as markdown. Pure (no I/O) so it is
29
179
  // unit-tested directly. Renders an empty-state line when no usage has been
30
180
  // reported yet rather than an empty table.
@@ -319,6 +469,27 @@ export function registerTools(server, client) {
319
469
  isError: result.recommendation === "DO_NOT_INSTALL",
320
470
  };
321
471
  });
472
+ // ── DSPM: classify a local document for PII / policy risk ────────────────
473
+ server.tool("venos_scan_document", "Classify a local document (PDF, image, or spreadsheet) for PII, secrets, and policy risk. Extracts text (OCR for scans) and runs it through the venos engine, then returns the classification, severity, policy action, detected PII labels, and per-row subject count.", {
474
+ path: z
475
+ .string()
476
+ .describe("Absolute or relative path to the document (e.g. ./contract.pdf, ./scan.png, ./people.xlsx)"),
477
+ }, async ({ path }) => {
478
+ try {
479
+ const doc = await client.classifyDocument(path);
480
+ return {
481
+ content: [{ type: "text", text: formatDocumentScan(doc) }],
482
+ isError: doc.policyAction === "block",
483
+ };
484
+ }
485
+ catch (err) {
486
+ const msg = err instanceof Error ? err.message : String(err);
487
+ return {
488
+ content: [{ type: "text", text: `Error classifying ${path}: ${msg}` }],
489
+ isError: true,
490
+ };
491
+ }
492
+ });
322
493
  // ── Trivy: scan a container image ────────────────────────────────────────
323
494
  server.tool("trivy_scan_image", "Scan a container image for OS and library vulnerabilities using Trivy.", {
324
495
  image: z.string().describe("Container image reference (e.g. nginx:latest, node:20-alpine)"),
@@ -639,147 +810,10 @@ export function registerTools(server, client) {
639
810
  return { content: [{ type: "text", text: formatClosedLoop(loop) }] };
640
811
  });
641
812
  // ── Venos: setup instructions per tool ──────────────────────────────────
642
- const SETUP_TEMPLATES = {
643
- cursor: `## venos setup for Cursor
644
-
645
- **Coverage: best-effort** (no hook API — Cursor's AI calls venos_classify voluntarily)
646
-
647
- ### 1. Add the MCP server to ~/.cursor/mcp.json
648
-
649
- \`\`\`json
650
- {
651
- "mcpServers": {
652
- "venos": {
653
- "command": "npx",
654
- "args": ["@venos/mcp-server"],
655
- "env": {
656
- "VENOS_URL": "http://localhost:8788",
657
- "VENOS_ORG_ID": "your-org-id"
658
- }
659
- }
660
- }
661
- }
662
- \`\`\`
663
-
664
- ### 2. Add .cursorrules to your project
665
-
666
- Create \`.cursorrules\` with:
667
-
668
- > Before running shell commands that delete files, write outside the workspace,
669
- > fetch from unrecognized hosts, install packages, or rewrite git history — call
670
- > venos_classify with the exact command and abort if decision is deny.
671
-
672
- ### 3. Verify
673
-
674
- In the Cursor agent panel: "list venos tools" → you should see venos_classify.
675
- Events will appear in the venos dashboard under source: cursor.`,
676
- windsurf: `## venos setup for Windsurf
677
-
678
- **Coverage: best-effort** (no hook API — Cascade calls venos_classify voluntarily)
679
-
680
- ### 1. Add the MCP server
681
-
682
- In Windsurf → Settings → MCP Servers, add:
683
-
684
- \`\`\`json
685
- {
686
- "venos": {
687
- "command": "npx",
688
- "args": ["@venos/mcp-server"],
689
- "env": {
690
- "VENOS_URL": "http://localhost:8788",
691
- "VENOS_ORG_ID": "your-org-id"
692
- }
693
- }
694
- }
695
- \`\`\`
696
-
697
- ### 2. Add .windsurfrules to your project
698
-
699
- Create \`.windsurfrules\` with the venos policy directive (see template in
700
- packages/mcp-server/templates/windsurf-rules.md).
701
-
702
- Events will appear in the venos dashboard under source: windsurf.`,
703
- cline: `## venos setup for Cline
704
-
705
- **Coverage: best-effort** (no hook API — Cline's AI calls venos_classify voluntarily)
706
-
707
- ### 1. Add the MCP server in Cline settings
708
-
709
- Add to Cline's MCP configuration:
710
-
711
- \`\`\`json
712
- {
713
- "venos": {
714
- "command": "npx",
715
- "args": ["@venos/mcp-server"],
716
- "env": {
717
- "VENOS_URL": "http://localhost:8788",
718
- "VENOS_ORG_ID": "your-org-id"
719
- }
720
- }
721
- }
722
- \`\`\`
723
-
724
- ### 2. Add .clinerules to your project
725
-
726
- Create \`.clinerules\` with the venos policy directive (see
727
- packages/mcp-server/templates/cline-rules.md).
728
-
729
- Events will appear in the venos dashboard under source: vscode-mcp.`,
730
- vscode: `## venos setup for VS Code Copilot
731
-
732
- **Coverage: best-effort** (no hook API — Copilot calls venos_classify voluntarily)
733
-
734
- ### 1. Add the MCP server in VS Code
735
-
736
- In VS Code settings (settings.json):
737
-
738
- \`\`\`json
739
- {
740
- "mcp.servers": {
741
- "venos": {
742
- "command": "npx",
743
- "args": ["@venos/mcp-server"],
744
- "env": {
745
- "VENOS_URL": "http://localhost:8788",
746
- "VENOS_ORG_ID": "your-org-id"
747
- }
748
- }
749
- }
750
- }
751
- \`\`\`
752
-
753
- ### 2. Add Copilot instructions
754
-
755
- Create \`.github/copilot-instructions.md\` with the venos policy directive (see
756
- packages/mcp-server/templates/vscode-rules.md).
757
-
758
- Events will appear in the venos dashboard under source: vscode-mcp.`,
759
- aider: `## venos setup for Aider
760
-
761
- **Coverage: best-effort** (system-prompt injection — Aider's AI may skip the call)
762
-
763
- ### 1. Add to .aider.conf.yml
764
-
765
- \`\`\`yaml
766
- system-prompt: |
767
- Before running any shell command that deletes files, writes outside the workspace,
768
- fetches from an unrecognized host, installs packages, or rewrites git history,
769
- call venos_classify with the exact command string and abort if decision is deny.
770
- \`\`\`
771
-
772
- ### 2. For mandatory coverage
773
-
774
- Route Aider's LLM calls through the venos gateway (apps/mcp-proxy).
775
- Set: OPENAI_API_BASE=http://localhost:8080/v1 (where mcp-proxy listens).
776
-
777
- Events will appear in the venos dashboard under source: webhook.`,
778
- };
779
813
  server.tool("venos_setup", "Return venos setup instructions for a specific AI tool.", {
780
814
  tool: z.enum(["cursor", "windsurf", "cline", "vscode", "aider"]).describe("The AI tool to get setup instructions for."),
781
815
  }, async ({ tool }) => {
782
- const text = SETUP_TEMPLATES[tool] ?? `No setup instructions found for: ${tool}`;
816
+ const text = formatSetupTemplate(tool);
783
817
  return { content: [{ type: "text", text }] };
784
818
  });
785
819
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@venos-inc/venos",
3
- "version": "0.1.10",
3
+ "version": "0.1.11",
4
4
  "description": "Self-service CLI for venos — wire your AI client to the venos security gateway in one command.",
5
5
  "license": "UNLICENSED",
6
6
  "type": "module",