npm - aegis-mcp-server - Versions diffs - 0.1.17 → 0.1.18 - Mend

aegis-mcp-server 0.1.17 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/.claude/settings.local.json +24 -0
package/LICENSE +1 -1
package/README.md +20 -1
package/assets/03-runtime.png +0 -0
package/assets/04-completion.png +0 -0
package/assets/Open-page.png +0 -0
package/assets/icon-512.png +0 -0
package/assets/icon.png +0 -0
package/package.json +4 -3
package/scripts/sync-server-json.mjs +72 -0
package/server.json +3 -3
package/assets/icon.svg +0 -54

package/.claude/settings.local.json ADDED Viewed

@@ -0,0 +1,24 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:blog.modelcontextprotocol.io)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "Bash(npm run *)",
+      "Bash(echo \"BUILD_EXIT=$?\")",
+      "Bash(node dist/index.js --version)",
+      "Bash(node dist/index.js --help)",
+      "Bash(node -e 'const s=require\\('\\\\''./server.json'\\\\''\\); console.log\\('\\\\''schema:'\\\\'', s['\\\\''$schema'\\\\'']\\); console.log\\('\\\\''version:'\\\\'', s.version, '\\\\''| pkg version:'\\\\'', s.packages[0].version\\);')",
+      "Bash(node -e \"const p=require\\('./package.json'\\); console.log\\('deps:', Object.keys\\(p.dependencies\\).join\\(', '\\)\\); console.log\\('self-dep present:', 'aegis-mcp-server' in p.dependencies\\);\")",
+      "Bash(npm audit *)",
+      "Bash(pkill -f \"dist/index.js\")",
+      "Bash(npm ls *)",
+      "Bash(node scripts/sync-server-json.mjs)",
+      "Bash(echo \"exit=$?\")",
+      "Bash(node scripts/sync-server-json.mjs --check)",
+      "Bash(node -e 'const fs=require\\(\"fs\"\\);const p=\"server.json\";const s=JSON.parse\\(fs.readFileSync\\(p\\)\\);s.version=\"0.0.0-test\";s.packages[0].version=\"0.0.0-test\";fs.writeFileSync\\(p,JSON.stringify\\(s,null,2\\)+\"\\\\n\"\\);console.log\\(\"injected 0.0.0-test\"\\);')",
+      "Bash(node -e 'const s=require\\(\"./server.json\"\\);const p=require\\(\"./package.json\"\\);console.log\\(\"pkg:\",p.version,\"| server:\",s.version,\"| pkg-entry:\",s.packages[0].version,\"| match:\",s.version===p.version&&s.packages[0].version===p.version\\);')",
+      "Bash(node -p \"require\\('./node_modules/@modelcontextprotocol/sdk/package.json'\\).version\")",
+      "Bash(node -e 'const p=require\\(\"./package.json\"\\);console.log\\(\"deps:\",Object.keys\\(p.dependencies\\).join\\(\", \"\\)\\);console.log\\(\"has overrides:\",\"overrides\" in p\\);console.log\\(\"scripts:\",Object.keys\\(p.scripts\\).join\\(\", \"\\)\\);')"
+    ]
+  }
+}

package/LICENSE CHANGED Viewed

@@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2025 MCP Contributors
+Copyright (c) 2026 MCP Contributors
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md CHANGED Viewed

@@ -1,11 +1,22 @@
 # aegis-mcp-server
 <!-- mcp-name: io.github.cleburn/aegis-mcp -->
+<p align="center">
+  <img src="https://img.shields.io/npm/v/aegis-mcp-server?style=flat&label=npm" alt="npm version" />
+  <img src="https://img.shields.io/badge/license-MIT-blue?style=flat" alt="License: MIT" />
+  <img src="https://img.shields.io/badge/MCP-Registry-purple?style=flat" alt="MCP Registry" />
+</p>
 **MCP enforcement layer for the [Aegis](https://github.com/cleburn/aegis-spec) agent governance specification.**
-The spec writes the law. The CLI generates the law. This enforces the law.
+Policy at the root. Enforcement at runtime. Accountability on every action.
 ## What It Does
+<p align="center">
+  <img src="assets/Open-page.png" alt="Aegis Lifecycle Overview" width="800" />
+</p>
 `aegis-mcp-server` is an MCP server that validates every agent action against your `.agentpolicy/` files **before** it happens. Path permissions, content scanning, role boundaries, quality gates — all enforced at runtime with zero token overhead to the agent.
 The agent never loads your governance files. The MCP server reads them into its own process memory and validates silently. The agent calls governed tools and gets back either a success or a blocked response with the specific reason.
@@ -91,6 +102,10 @@ Aegis MCP approach: the server loads policy into its own process memory. The age
 ## Enforcement
+<p align="center">
+  <img src="assets/03-runtime.png" alt="Aegis Runtime Enforcement" width="800" />
+</p>
 - **Governance boundaries** — `writable`, `read_only`, `forbidden` path lists
 - **Role scoping** — agents confined to their role's writable and readable paths
 - **Sensitive pattern detection** — content scanned against governance-defined regex patterns (content only, not path-based)
@@ -102,6 +117,10 @@ Aegis MCP approach: the server loads policy into its own process memory. The age
 ## Override Protocol
+<p align="center">
+  <img src="assets/04-completion.png" alt="Aegis Completion" width="800" />
+</p>
 When an action is blocked and the governance override behavior is `warn_confirm_and_log`:
 1. The blocked response includes an `override_token` and the specific policy violated

package/assets/03-runtime.png ADDED Viewed

Binary file

package/assets/04-completion.png ADDED Viewed

Binary file

package/assets/Open-page.png ADDED Viewed

Binary file

package/assets/icon-512.png CHANGED Viewed

Binary file

package/assets/icon.png CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aegis-mcp-server",
-  "version": "0.1.17",
+  "version": "0.1.18",
   "description": "MCP enforcement layer for the Aegis agent governance specification",
   "type": "module",
   "bin": {
@@ -10,7 +10,9 @@
   "scripts": {
     "build": "tsc",
     "start": "node dist/index.js",
-    "dev": "tsc --watch"
+    "dev": "tsc --watch",
+    "sync:server-json": "node scripts/sync-server-json.mjs",
+    "version": "node scripts/sync-server-json.mjs && git add server.json"
   },
   "keywords": [
     "mcp",
@@ -27,7 +29,6 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.0",
-    "aegis-mcp-server": "^0.1.2",
     "chokidar": "^4.0.0",
     "minimatch": "^10.0.0",
     "zod": "^3.24.0"

package/scripts/sync-server-json.mjs ADDED Viewed

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+/**
+ * sync-server-json.mjs — keep server.json's version fields in lockstep with package.json.
+ *
+ * package.json is the single source of truth for the version. This copies that
+ * version into the MCP registry manifest (server.json): the top-level `version`
+ * and the `version` of the npm package entry. It runs automatically from the
+ * npm "version" lifecycle hook (see package.json), so `npm version <patch|minor|major>`
+ * updates server.json and stages it into the same version commit — the registry
+ * manifest can never silently drift from the published npm version.
+ *
+ * Usage:
+ *   node scripts/sync-server-json.mjs           Write: sync server.json to package.json's version.
+ *   node scripts/sync-server-json.mjs --check   Verify only: exit 1 if out of sync (no write).
+ */
+import { readFileSync, writeFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { dirname, join } from 'node:path';
+const root = join(dirname(fileURLToPath(import.meta.url)), '..');
+const pkgPath = join(root, 'package.json');
+const serverPath = join(root, 'server.json');
+const check = process.argv.includes('--check');
+const pkg = JSON.parse(readFileSync(pkgPath, 'utf-8'));
+const server = JSON.parse(readFileSync(serverPath, 'utf-8'));
+const target = pkg.version;
+const drift = [];
+if (server.version !== target) {
+  drift.push(`  version: ${server.version} -> ${target}`);
+  server.version = target;
+}
+let matchedPackage = false;
+for (const p of server.packages ?? []) {
+  if (p.identifier === pkg.name) {
+    matchedPackage = true;
+    if (p.version !== target) {
+      drift.push(`  packages["${p.identifier}"].version: ${p.version} -> ${target}`);
+      p.version = target;
+    }
+  }
+}
+if ((server.packages ?? []).length > 0 && !matchedPackage) {
+  // The manifest lists packages but none match the npm package name — likely a
+  // rename. Surface it loudly rather than silently leaving a package un-synced.
+  console.warn(
+    `[sync-server-json] WARNING: no package entry with identifier "${pkg.name}" found in server.json. ` +
+    `Package versions were NOT synced. Check that server.json's packages[].identifier matches package.json "name".`
+  );
+}
+if (drift.length === 0) {
+  console.log(`[sync-server-json] server.json already at ${target} — no change.`);
+  process.exit(0);
+}
+if (check) {
+  console.error(`[sync-server-json] DRIFT: server.json does not match package.json (${target}):`);
+  console.error(drift.join('\n'));
+  console.error(`Run \`npm run sync:server-json\` to fix.`);
+  process.exit(1);
+}
+writeFileSync(serverPath, JSON.stringify(server, null, 2) + '\n', 'utf-8');
+console.log(`[sync-server-json] Synced server.json to ${target}:`);
+console.log(drift.join('\n'));

package/server.json CHANGED Viewed

@@ -1,18 +1,18 @@
 {
-  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-16/server.schema.json",
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-10-17/server.schema.json",
   "name": "io.github.cleburn/aegis-mcp",
   "description": "Runtime governance enforcement for AI agents. Zero token overhead.",
   "repository": {
     "url": "https://github.com/cleburn/aegis-mcp",
     "source": "github"
   },
-  "version": "0.1.12",
+  "version": "0.1.18",
   "packages": [
     {
       "registryType": "npm",
       "registryBaseUrl": "https://registry.npmjs.org",
       "identifier": "aegis-mcp-server",
-      "version": "0.1.12",
+      "version": "0.1.18",
       "transport": {
         "type": "stdio"
       }

package/assets/icon.svg DELETED Viewed

@@ -1,54 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="512" height="512">
-  <defs>
-    <linearGradient id="shieldGrad" x1="0%" y1="0%" x2="0%" y2="100%">
-      <stop offset="0%" stop-color="#79c0ff"/>
-      <stop offset="35%" stop-color="#58a6ff"/>
-      <stop offset="100%" stop-color="#1f6feb"/>
-    </linearGradient>
-    <clipPath id="roundedBg">
-      <rect width="512" height="512" rx="80"/>
-    </clipPath>
-  </defs>
-  <!-- Rounded rectangle background -->
-  <rect width="512" height="512" rx="80" fill="#0d1117"/>
-  <!-- Outer shield (blue filled) -->
-  <path d="
-    M 256 56
-    L 120 116
-    L 120 248
-    C 120 348 178 432 256 472
-    C 334 432 392 348 392 248
-    L 392 116
-    Z
-  " fill="url(#shieldGrad)"/>
-  <!-- Inner shield cutout (dark) -->
-  <path d="
-    M 256 96
-    L 152 142
-    L 152 248
-    C 152 332 200 404 256 438
-    C 312 404 360 332 360 248
-    L 360 142
-    Z
-  " fill="#0d1117" opacity="0.87"/>
-  <!-- Policy line 1 (top, faintest) -->
-  <line x1="196" y1="212" x2="316" y2="212"
-        stroke="#58a6ff" stroke-width="9" stroke-linecap="round" opacity="0.45"/>
-  <!-- Policy line 2 (middle) -->
-  <line x1="196" y1="252" x2="316" y2="252"
-        stroke="#58a6ff" stroke-width="9" stroke-linecap="round" opacity="0.7"/>
-  <!-- Policy line 3 (shorter, full) -->
-  <line x1="196" y1="292" x2="288" y2="292"
-        stroke="#58a6ff" stroke-width="9" stroke-linecap="round" opacity="1.0"/>
-  <!-- Checkmark -->
-  <polyline points="270,332 290,352 330,304"
-            fill="none" stroke="#58a6ff" stroke-width="10"
-            stroke-linecap="round" stroke-linejoin="round"/>
-</svg>