@venos-inc/venos 0.1.9 → 0.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -9
- package/dist/index.js +75 -79
- package/etc/mcp-server/bin.js +2 -2
- package/etc/mcp-server/client.js +23 -0
- package/etc/mcp-server/node_modules/@babel/core/node_modules/.bin/json5 +2 -2
- package/etc/mcp-server/node_modules/@babel/core/node_modules/.bin/parser +2 -2
- package/etc/mcp-server/node_modules/@babel/core/node_modules/.bin/semver +2 -2
- package/etc/mcp-server/node_modules/@babel/generator/node_modules/.bin/jsesc +2 -2
- package/etc/mcp-server/node_modules/@babel/generator/node_modules/.bin/parser +2 -2
- package/etc/mcp-server/node_modules/@babel/helper-compilation-targets/node_modules/.bin/browserslist +2 -2
- package/etc/mcp-server/node_modules/@babel/helper-compilation-targets/node_modules/.bin/semver +2 -2
- package/etc/mcp-server/node_modules/@babel/template/node_modules/.bin/parser +2 -2
- package/etc/mcp-server/node_modules/@babel/traverse/node_modules/.bin/parser +2 -2
- package/etc/mcp-server/node_modules/@eslint/core/README.md +3 -3
- package/etc/mcp-server/node_modules/@eslint/core/dist/cjs/types.d.cts +47 -9
- package/etc/mcp-server/node_modules/@eslint/core/dist/esm/types.d.ts +47 -9
- package/etc/mcp-server/node_modules/@eslint/core/package.json +5 -5
- package/etc/mcp-server/node_modules/@eslint/eslintrc/node_modules/.bin/js-yaml +2 -2
- package/etc/mcp-server/node_modules/@eslint/plugin-kit/README.md +9 -11
- package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/cjs/index.cjs +21 -12
- package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/cjs/index.d.cts +31 -19
- package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/esm/index.d.ts +31 -19
- package/etc/mcp-server/node_modules/@eslint/plugin-kit/dist/esm/index.js +21 -12
- package/etc/mcp-server/node_modules/@eslint/plugin-kit/package.json +6 -9
- package/etc/mcp-server/node_modules/@eslint-community/eslint-utils/node_modules/.bin/eslint +2 -2
- package/etc/mcp-server/node_modules/@types/babel__core/node_modules/.bin/parser +2 -2
- package/etc/mcp-server/node_modules/@types/babel__template/node_modules/.bin/parser +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/eslint-plugin/node_modules/.bin/eslint +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/eslint-plugin/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/eslint-plugin/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/parser/node_modules/.bin/eslint +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/parser/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/parser/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/project-service/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/project-service/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/tsconfig-utils/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/tsconfig-utils/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/type-utils/node_modules/.bin/eslint +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/type-utils/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/type-utils/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/typescript-estree/node_modules/.bin/semver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/typescript-estree/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/typescript-estree/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/utils/node_modules/.bin/eslint +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/utils/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/@typescript-eslint/utils/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/@vitest/mocker/node_modules/.bin/vite +2 -2
- package/etc/mcp-server/node_modules/acorn-jsx/node_modules/.bin/acorn +2 -2
- package/etc/mcp-server/node_modules/browserslist/node_modules/.bin/baseline-browser-mapping +2 -2
- package/etc/mcp-server/node_modules/browserslist/node_modules/.bin/update-browserslist-db +2 -2
- package/etc/mcp-server/node_modules/cross-spawn/node_modules/.bin/node-which +2 -2
- package/etc/mcp-server/node_modules/espree/node_modules/.bin/acorn +2 -2
- package/etc/mcp-server/node_modules/postcss/node_modules/.bin/nanoid +2 -2
- package/etc/mcp-server/node_modules/sharp/node_modules/.bin/semver +2 -2
- package/etc/mcp-server/node_modules/ts-api-utils/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/ts-api-utils/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/typescript-eslint/node_modules/.bin/eslint +2 -2
- package/etc/mcp-server/node_modules/typescript-eslint/node_modules/.bin/tsc +2 -2
- package/etc/mcp-server/node_modules/typescript-eslint/node_modules/.bin/tsserver +2 -2
- package/etc/mcp-server/node_modules/update-browserslist-db/node_modules/.bin/browserslist +2 -2
- package/etc/mcp-server/node_modules/vite/node_modules/.bin/esbuild +2 -2
- package/etc/mcp-server/node_modules/vite/node_modules/.bin/rollup +2 -2
- package/etc/mcp-server/node_modules/vite-node/node_modules/.bin/vite +2 -2
- package/etc/mcp-server/node_modules/vitest/node_modules/.bin/vite +2 -2
- package/etc/mcp-server/node_modules/vitest/node_modules/.bin/vite-node +2 -2
- package/etc/mcp-server/node_modules/vitest/node_modules/.bin/why-is-node-running +2 -2
- package/etc/mcp-server/tools.js +172 -138
- package/package.json +1 -1
|
@@ -6,9 +6,9 @@ case `uname` in
|
|
|
6
6
|
esac
|
|
7
7
|
|
|
8
8
|
if [ -z "$NODE_PATH" ]; then
|
|
9
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
9
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
|
|
10
10
|
else
|
|
11
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
11
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
|
|
12
12
|
fi
|
|
13
13
|
if [ -x "$basedir/node" ]; then
|
|
14
14
|
exec "$basedir/node" "$basedir/../../../../../vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/vite.js" "$@"
|
|
@@ -6,9 +6,9 @@ case `uname` in
|
|
|
6
6
|
esac
|
|
7
7
|
|
|
8
8
|
if [ -z "$NODE_PATH" ]; then
|
|
9
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
9
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
|
|
10
10
|
else
|
|
11
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
11
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules/vite/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite@6.4.3_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
|
|
12
12
|
fi
|
|
13
13
|
if [ -x "$basedir/node" ]; then
|
|
14
14
|
exec "$basedir/node" "$basedir/../../../../../vite@6.4.3_@types+node@22.19.19/node_modules/vite/bin/vite.js" "$@"
|
|
@@ -6,9 +6,9 @@ case `uname` in
|
|
|
6
6
|
esac
|
|
7
7
|
|
|
8
8
|
if [ -z "$NODE_PATH" ]; then
|
|
9
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
9
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
|
|
10
10
|
else
|
|
11
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
11
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/vite-node@3.2.4_@types+node@22.19.19/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
|
|
12
12
|
fi
|
|
13
13
|
if [ -x "$basedir/node" ]; then
|
|
14
14
|
exec "$basedir/node" "$basedir/../../../../../vite-node@3.2.4_@types+node@22.19.19/node_modules/vite-node/vite-node.mjs" "$@"
|
|
@@ -6,9 +6,9 @@ case `uname` in
|
|
|
6
6
|
esac
|
|
7
7
|
|
|
8
8
|
if [ -z "$NODE_PATH" ]; then
|
|
9
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
9
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules/why-is-node-running/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules"
|
|
10
10
|
else
|
|
11
|
-
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.
|
|
11
|
+
export NODE_PATH="/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules/why-is-node-running/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/why-is-node-running@2.3.0/node_modules:/Users/baraklagziel/code/venos/.worktrees/cli-publish-0.1.11/node_modules/.pnpm/node_modules:$NODE_PATH"
|
|
12
12
|
fi
|
|
13
13
|
if [ -x "$basedir/node" ]; then
|
|
14
14
|
exec "$basedir/node" "$basedir/../../../../../why-is-node-running@2.3.0/node_modules/why-is-node-running/cli.js" "$@"
|
package/etc/mcp-server/tools.js
CHANGED
|
@@ -2,6 +2,132 @@
|
|
|
2
2
|
import { z } from "zod";
|
|
3
3
|
import { scanPath, scanImage } from "./trivy.js";
|
|
4
4
|
import { scanSkill } from "./skill-spector.js";
|
|
5
|
+
export const SETUP_MCP_SERVER_PACKAGE = "@venos/mcp-server";
|
|
6
|
+
export const SETUP_LOCAL_MCP_SERVER_BIN = "/absolute/path/to/venos/packages/mcp-server/dist/bin.js";
|
|
7
|
+
export function setupMcpServerEntry() {
|
|
8
|
+
return {
|
|
9
|
+
command: "node",
|
|
10
|
+
args: [SETUP_LOCAL_MCP_SERVER_BIN],
|
|
11
|
+
env: {
|
|
12
|
+
VENOS_URL: "http://localhost:8788",
|
|
13
|
+
VENOS_ORG_ID: "your-org-id",
|
|
14
|
+
VENOS_API_KEY: "$VENOS_API_KEY",
|
|
15
|
+
},
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
function setupJson(value) {
|
|
19
|
+
return JSON.stringify(value, null, 2);
|
|
20
|
+
}
|
|
21
|
+
const CURSOR_STYLE_SETUP = setupJson({
|
|
22
|
+
mcpServers: {
|
|
23
|
+
venos: setupMcpServerEntry(),
|
|
24
|
+
},
|
|
25
|
+
});
|
|
26
|
+
const VSCODE_SETUP = setupJson({
|
|
27
|
+
"mcp.servers": {
|
|
28
|
+
venos: setupMcpServerEntry(),
|
|
29
|
+
},
|
|
30
|
+
});
|
|
31
|
+
export const SETUP_TEMPLATES = {
|
|
32
|
+
cursor: `## venos setup for Cursor
|
|
33
|
+
|
|
34
|
+
**Coverage: best-effort** (no hook API — Cursor's AI calls venos_classify voluntarily)
|
|
35
|
+
|
|
36
|
+
### 1. Add ${SETUP_MCP_SERVER_PACKAGE} to ~/.cursor/mcp.json
|
|
37
|
+
|
|
38
|
+
\`\`\`json
|
|
39
|
+
${CURSOR_STYLE_SETUP}
|
|
40
|
+
\`\`\`
|
|
41
|
+
|
|
42
|
+
### 2. Add .cursorrules to your project
|
|
43
|
+
|
|
44
|
+
Create \`.cursorrules\` with:
|
|
45
|
+
|
|
46
|
+
> Before running shell commands that delete files, write outside the workspace,
|
|
47
|
+
> fetch from unrecognized hosts, install packages, or rewrite git history — call
|
|
48
|
+
> venos_classify with the exact command and abort if decision is deny.
|
|
49
|
+
|
|
50
|
+
### 3. Verify
|
|
51
|
+
|
|
52
|
+
In the Cursor agent panel: "list venos tools" → you should see venos_classify.
|
|
53
|
+
Events will appear in the venos dashboard under source: cursor.`,
|
|
54
|
+
windsurf: `## venos setup for Windsurf
|
|
55
|
+
|
|
56
|
+
**Coverage: best-effort** (no hook API — Cascade calls venos_classify voluntarily)
|
|
57
|
+
|
|
58
|
+
### 1. Add ${SETUP_MCP_SERVER_PACKAGE}
|
|
59
|
+
|
|
60
|
+
In Windsurf → Settings → MCP Servers, add:
|
|
61
|
+
|
|
62
|
+
\`\`\`json
|
|
63
|
+
${CURSOR_STYLE_SETUP}
|
|
64
|
+
\`\`\`
|
|
65
|
+
|
|
66
|
+
### 2. Add .windsurfrules to your project
|
|
67
|
+
|
|
68
|
+
Create \`.windsurfrules\` with the venos policy directive (see template in
|
|
69
|
+
packages/mcp-server/templates/windsurf-rules.md).
|
|
70
|
+
|
|
71
|
+
Events will appear in the venos dashboard under source: windsurf.`,
|
|
72
|
+
cline: `## venos setup for Cline
|
|
73
|
+
|
|
74
|
+
**Coverage: best-effort** (no hook API — Cline's AI calls venos_classify voluntarily)
|
|
75
|
+
|
|
76
|
+
### 1. Add ${SETUP_MCP_SERVER_PACKAGE} in Cline settings
|
|
77
|
+
|
|
78
|
+
Add to Cline's MCP configuration:
|
|
79
|
+
|
|
80
|
+
\`\`\`json
|
|
81
|
+
${CURSOR_STYLE_SETUP}
|
|
82
|
+
\`\`\`
|
|
83
|
+
|
|
84
|
+
### 2. Add .clinerules to your project
|
|
85
|
+
|
|
86
|
+
Create \`.clinerules\` with the venos policy directive (see
|
|
87
|
+
packages/mcp-server/templates/cline-rules.md).
|
|
88
|
+
|
|
89
|
+
Events will appear in the venos dashboard under source: vscode-mcp.`,
|
|
90
|
+
vscode: `## venos setup for VS Code Copilot
|
|
91
|
+
|
|
92
|
+
**Coverage: best-effort** (no hook API — Copilot calls venos_classify voluntarily)
|
|
93
|
+
|
|
94
|
+
### 1. Add ${SETUP_MCP_SERVER_PACKAGE} in VS Code
|
|
95
|
+
|
|
96
|
+
In VS Code settings (settings.json):
|
|
97
|
+
|
|
98
|
+
\`\`\`json
|
|
99
|
+
${VSCODE_SETUP}
|
|
100
|
+
\`\`\`
|
|
101
|
+
|
|
102
|
+
### 2. Add Copilot instructions
|
|
103
|
+
|
|
104
|
+
Create \`.github/copilot-instructions.md\` with the venos policy directive (see
|
|
105
|
+
packages/mcp-server/templates/vscode-rules.md).
|
|
106
|
+
|
|
107
|
+
Events will appear in the venos dashboard under source: vscode-mcp.`,
|
|
108
|
+
aider: `## venos setup for Aider
|
|
109
|
+
|
|
110
|
+
**Coverage: best-effort** (system-prompt injection — Aider's AI may skip the call)
|
|
111
|
+
|
|
112
|
+
### 1. Add to .aider.conf.yml
|
|
113
|
+
|
|
114
|
+
\`\`\`yaml
|
|
115
|
+
system-prompt: |
|
|
116
|
+
Before running any shell command that deletes files, writes outside the workspace,
|
|
117
|
+
fetches from an unrecognized host, installs packages, or rewrites git history,
|
|
118
|
+
call venos_classify with the exact command string and abort if decision is deny.
|
|
119
|
+
\`\`\`
|
|
120
|
+
|
|
121
|
+
### 2. For mandatory coverage
|
|
122
|
+
|
|
123
|
+
Route Aider's LLM calls through the venos gateway (apps/mcp-proxy).
|
|
124
|
+
Set: OPENAI_API_BASE=http://localhost:8080/v1 (where mcp-proxy listens).
|
|
125
|
+
|
|
126
|
+
Events will appear in the venos dashboard under source: webhook.`,
|
|
127
|
+
};
|
|
128
|
+
export function formatSetupTemplate(tool) {
|
|
129
|
+
return SETUP_TEMPLATES[tool];
|
|
130
|
+
}
|
|
5
131
|
// Render the control scorecard as markdown. Pure (no I/O) so it is unit-tested
|
|
6
132
|
// directly. An optional classFilter narrows the table to one class; the summary
|
|
7
133
|
// counts always reflect the full registry.
|
|
@@ -25,6 +151,30 @@ export function formatControls(data, classFilter) {
|
|
|
25
151
|
lines.push(`| Class | Control | Category | Enforced by |`, `|-------|---------|----------|-------------|`, ...rows.map((ctrl) => `| ${ctrl.class} | ${ctrl.name} | ${ctrl.category} | ${ctrl.enforcedBy} |`));
|
|
26
152
|
return lines.join("\n");
|
|
27
153
|
}
|
|
154
|
+
// Render a document classification result as markdown. Pure (no I/O) so it is
|
|
155
|
+
// unit-tested directly.
|
|
156
|
+
export function formatDocumentScan(doc) {
|
|
157
|
+
const labels = doc.labels?.length ? doc.labels.map((l) => l.name).join(", ") : "none";
|
|
158
|
+
const lines = [
|
|
159
|
+
`## Document scan: \`${doc.filename}\``,
|
|
160
|
+
``,
|
|
161
|
+
`| Field | Value |`,
|
|
162
|
+
`|-------|-------|`,
|
|
163
|
+
`| Classification | ${doc.classification || "n/a"} |`,
|
|
164
|
+
`| Severity | ${doc.severity || "n/a"} |`,
|
|
165
|
+
`| Policy action | ${doc.policyAction || "allow"} |`,
|
|
166
|
+
`| PII subjects | ${doc.subjectCount ?? 0} |`,
|
|
167
|
+
`| Detected labels | ${labels} |`,
|
|
168
|
+
`| File kind | ${doc.fileKind || "n/a"} |`,
|
|
169
|
+
``,
|
|
170
|
+
];
|
|
171
|
+
if (doc.warnings?.length) {
|
|
172
|
+
lines.push(`### Warnings`);
|
|
173
|
+
for (const w of doc.warnings)
|
|
174
|
+
lines.push(`- ${w}`);
|
|
175
|
+
}
|
|
176
|
+
return lines.join("\n");
|
|
177
|
+
}
|
|
28
178
|
// Render the Claude Code usage rollup as markdown. Pure (no I/O) so it is
|
|
29
179
|
// unit-tested directly. Renders an empty-state line when no usage has been
|
|
30
180
|
// reported yet rather than an empty table.
|
|
@@ -319,6 +469,27 @@ export function registerTools(server, client) {
|
|
|
319
469
|
isError: result.recommendation === "DO_NOT_INSTALL",
|
|
320
470
|
};
|
|
321
471
|
});
|
|
472
|
+
// ── DSPM: classify a local document for PII / policy risk ────────────────
|
|
473
|
+
server.tool("venos_scan_document", "Classify a local document (PDF, image, or spreadsheet) for PII, secrets, and policy risk. Extracts text (OCR for scans) and runs it through the venos engine, then returns the classification, severity, policy action, detected PII labels, and per-row subject count.", {
|
|
474
|
+
path: z
|
|
475
|
+
.string()
|
|
476
|
+
.describe("Absolute or relative path to the document (e.g. ./contract.pdf, ./scan.png, ./people.xlsx)"),
|
|
477
|
+
}, async ({ path }) => {
|
|
478
|
+
try {
|
|
479
|
+
const doc = await client.classifyDocument(path);
|
|
480
|
+
return {
|
|
481
|
+
content: [{ type: "text", text: formatDocumentScan(doc) }],
|
|
482
|
+
isError: doc.policyAction === "block",
|
|
483
|
+
};
|
|
484
|
+
}
|
|
485
|
+
catch (err) {
|
|
486
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
487
|
+
return {
|
|
488
|
+
content: [{ type: "text", text: `Error classifying ${path}: ${msg}` }],
|
|
489
|
+
isError: true,
|
|
490
|
+
};
|
|
491
|
+
}
|
|
492
|
+
});
|
|
322
493
|
// ── Trivy: scan a container image ────────────────────────────────────────
|
|
323
494
|
server.tool("trivy_scan_image", "Scan a container image for OS and library vulnerabilities using Trivy.", {
|
|
324
495
|
image: z.string().describe("Container image reference (e.g. nginx:latest, node:20-alpine)"),
|
|
@@ -639,147 +810,10 @@ export function registerTools(server, client) {
|
|
|
639
810
|
return { content: [{ type: "text", text: formatClosedLoop(loop) }] };
|
|
640
811
|
});
|
|
641
812
|
// ── Venos: setup instructions per tool ──────────────────────────────────
|
|
642
|
-
const SETUP_TEMPLATES = {
|
|
643
|
-
cursor: `## venos setup for Cursor
|
|
644
|
-
|
|
645
|
-
**Coverage: best-effort** (no hook API — Cursor's AI calls venos_classify voluntarily)
|
|
646
|
-
|
|
647
|
-
### 1. Add the MCP server to ~/.cursor/mcp.json
|
|
648
|
-
|
|
649
|
-
\`\`\`json
|
|
650
|
-
{
|
|
651
|
-
"mcpServers": {
|
|
652
|
-
"venos": {
|
|
653
|
-
"command": "npx",
|
|
654
|
-
"args": ["@venos/mcp-server"],
|
|
655
|
-
"env": {
|
|
656
|
-
"VENOS_URL": "http://localhost:8788",
|
|
657
|
-
"VENOS_ORG_ID": "your-org-id"
|
|
658
|
-
}
|
|
659
|
-
}
|
|
660
|
-
}
|
|
661
|
-
}
|
|
662
|
-
\`\`\`
|
|
663
|
-
|
|
664
|
-
### 2. Add .cursorrules to your project
|
|
665
|
-
|
|
666
|
-
Create \`.cursorrules\` with:
|
|
667
|
-
|
|
668
|
-
> Before running shell commands that delete files, write outside the workspace,
|
|
669
|
-
> fetch from unrecognized hosts, install packages, or rewrite git history — call
|
|
670
|
-
> venos_classify with the exact command and abort if decision is deny.
|
|
671
|
-
|
|
672
|
-
### 3. Verify
|
|
673
|
-
|
|
674
|
-
In the Cursor agent panel: "list venos tools" → you should see venos_classify.
|
|
675
|
-
Events will appear in the venos dashboard under source: cursor.`,
|
|
676
|
-
windsurf: `## venos setup for Windsurf
|
|
677
|
-
|
|
678
|
-
**Coverage: best-effort** (no hook API — Cascade calls venos_classify voluntarily)
|
|
679
|
-
|
|
680
|
-
### 1. Add the MCP server
|
|
681
|
-
|
|
682
|
-
In Windsurf → Settings → MCP Servers, add:
|
|
683
|
-
|
|
684
|
-
\`\`\`json
|
|
685
|
-
{
|
|
686
|
-
"venos": {
|
|
687
|
-
"command": "npx",
|
|
688
|
-
"args": ["@venos/mcp-server"],
|
|
689
|
-
"env": {
|
|
690
|
-
"VENOS_URL": "http://localhost:8788",
|
|
691
|
-
"VENOS_ORG_ID": "your-org-id"
|
|
692
|
-
}
|
|
693
|
-
}
|
|
694
|
-
}
|
|
695
|
-
\`\`\`
|
|
696
|
-
|
|
697
|
-
### 2. Add .windsurfrules to your project
|
|
698
|
-
|
|
699
|
-
Create \`.windsurfrules\` with the venos policy directive (see template in
|
|
700
|
-
packages/mcp-server/templates/windsurf-rules.md).
|
|
701
|
-
|
|
702
|
-
Events will appear in the venos dashboard under source: windsurf.`,
|
|
703
|
-
cline: `## venos setup for Cline
|
|
704
|
-
|
|
705
|
-
**Coverage: best-effort** (no hook API — Cline's AI calls venos_classify voluntarily)
|
|
706
|
-
|
|
707
|
-
### 1. Add the MCP server in Cline settings
|
|
708
|
-
|
|
709
|
-
Add to Cline's MCP configuration:
|
|
710
|
-
|
|
711
|
-
\`\`\`json
|
|
712
|
-
{
|
|
713
|
-
"venos": {
|
|
714
|
-
"command": "npx",
|
|
715
|
-
"args": ["@venos/mcp-server"],
|
|
716
|
-
"env": {
|
|
717
|
-
"VENOS_URL": "http://localhost:8788",
|
|
718
|
-
"VENOS_ORG_ID": "your-org-id"
|
|
719
|
-
}
|
|
720
|
-
}
|
|
721
|
-
}
|
|
722
|
-
\`\`\`
|
|
723
|
-
|
|
724
|
-
### 2. Add .clinerules to your project
|
|
725
|
-
|
|
726
|
-
Create \`.clinerules\` with the venos policy directive (see
|
|
727
|
-
packages/mcp-server/templates/cline-rules.md).
|
|
728
|
-
|
|
729
|
-
Events will appear in the venos dashboard under source: vscode-mcp.`,
|
|
730
|
-
vscode: `## venos setup for VS Code Copilot
|
|
731
|
-
|
|
732
|
-
**Coverage: best-effort** (no hook API — Copilot calls venos_classify voluntarily)
|
|
733
|
-
|
|
734
|
-
### 1. Add the MCP server in VS Code
|
|
735
|
-
|
|
736
|
-
In VS Code settings (settings.json):
|
|
737
|
-
|
|
738
|
-
\`\`\`json
|
|
739
|
-
{
|
|
740
|
-
"mcp.servers": {
|
|
741
|
-
"venos": {
|
|
742
|
-
"command": "npx",
|
|
743
|
-
"args": ["@venos/mcp-server"],
|
|
744
|
-
"env": {
|
|
745
|
-
"VENOS_URL": "http://localhost:8788",
|
|
746
|
-
"VENOS_ORG_ID": "your-org-id"
|
|
747
|
-
}
|
|
748
|
-
}
|
|
749
|
-
}
|
|
750
|
-
}
|
|
751
|
-
\`\`\`
|
|
752
|
-
|
|
753
|
-
### 2. Add Copilot instructions
|
|
754
|
-
|
|
755
|
-
Create \`.github/copilot-instructions.md\` with the venos policy directive (see
|
|
756
|
-
packages/mcp-server/templates/vscode-rules.md).
|
|
757
|
-
|
|
758
|
-
Events will appear in the venos dashboard under source: vscode-mcp.`,
|
|
759
|
-
aider: `## venos setup for Aider
|
|
760
|
-
|
|
761
|
-
**Coverage: best-effort** (system-prompt injection — Aider's AI may skip the call)
|
|
762
|
-
|
|
763
|
-
### 1. Add to .aider.conf.yml
|
|
764
|
-
|
|
765
|
-
\`\`\`yaml
|
|
766
|
-
system-prompt: |
|
|
767
|
-
Before running any shell command that deletes files, writes outside the workspace,
|
|
768
|
-
fetches from an unrecognized host, installs packages, or rewrites git history,
|
|
769
|
-
call venos_classify with the exact command string and abort if decision is deny.
|
|
770
|
-
\`\`\`
|
|
771
|
-
|
|
772
|
-
### 2. For mandatory coverage
|
|
773
|
-
|
|
774
|
-
Route Aider's LLM calls through the venos gateway (apps/mcp-proxy).
|
|
775
|
-
Set: OPENAI_API_BASE=http://localhost:8080/v1 (where mcp-proxy listens).
|
|
776
|
-
|
|
777
|
-
Events will appear in the venos dashboard under source: webhook.`,
|
|
778
|
-
};
|
|
779
813
|
server.tool("venos_setup", "Return venos setup instructions for a specific AI tool.", {
|
|
780
814
|
tool: z.enum(["cursor", "windsurf", "cline", "vscode", "aider"]).describe("The AI tool to get setup instructions for."),
|
|
781
815
|
}, async ({ tool }) => {
|
|
782
|
-
const text =
|
|
816
|
+
const text = formatSetupTemplate(tool);
|
|
783
817
|
return { content: [{ type: "text", text }] };
|
|
784
818
|
});
|
|
785
819
|
}
|