agent-mcp-guard 0.1.1 → 0.3.0

package/README.md

@@ -14,7 +14,7 @@ Website: [chaoyue0307.github.io/mcp-guard](https://chaoyue0307.github.io/mcp-gua
   <a href="https://www.npmjs.com/package/agent-mcp-guard"><img alt="npm version" src="https://img.shields.io/npm/v/agent-mcp-guard?color=0f766e"></a>
   <a href="https://github.com/ChaoYue0307/mcp-guard/actions"><img alt="CI" src="https://github.com/ChaoYue0307/mcp-guard/actions/workflows/ci.yml/badge.svg"></a>
   <a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-111827"></a>
-  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.1.1"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
+  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.3.0"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
 </p>
 
 ## Install
@@ -36,12 +36,33 @@ Generate a Markdown report:
 mcp-guard scan --format markdown --output mcp-guard-report.md
 ```
 
+Generate an HTML report:
+
+```bash
+mcp-guard scan --format html --output mcp-guard-report.html
+```
+
+Generate SARIF for GitHub code scanning:
+
+```bash
+mcp-guard scan --format sarif --output mcp-guard.sarif
+```
+
 Use in CI:
 
 ```bash
 mcp-guard scan --config .mcp.json --fail-on high
 ```
 
+Use the GitHub Action:
+
+```yaml
+- uses: ChaoYue0307/mcp-guard@v0.3.0
+  with:
+    fail-on: high
+    upload-sarif: "true"
+```
+
 ## What It Finds
 
 | Risk | Why it matters |
@@ -98,7 +119,7 @@ MCP configs often contain sensitive local paths, internal hostnames, tokens, and
 - no config upload;
 - no external API call;
 - secret-like values redacted in reports;
-- text, Markdown, and JSON output for local review and CI.
+- text, Markdown, HTML, JSON, and SARIF output for local review, CI artifacts, and GitHub code scanning.
 
 ## Commercial Support
 
@@ -113,6 +134,7 @@ Service details: [docs/paid-audit.md](docs/paid-audit.md)
 ## Documentation
 
 - [Rule reference](docs/rules.md)
+- [GitHub Action](docs/github-action.md)
 - [Privacy and security](docs/privacy-and-security.md)
 - [Roadmap](docs/roadmap.md)
 - [Business playbook](docs/business-playbook.md)

package/action.yml

@@ -0,0 +1,135 @@
+name: mcp-guard
+description: Scan MCP and AI agent tool configuration for risky commands, secrets, and broad permissions.
+author: mcp-guard
+
+branding:
+  icon: shield
+  color: green
+
+inputs:
+  config:
+    description: Optional MCP config path to scan. Leave empty to scan default project and user config locations.
+    required: false
+    default: ""
+  fail-on:
+    description: Fail the workflow when a finding is at least this severity. Use critical, high, medium, low, or none.
+    required: false
+    default: high
+  output-dir:
+    description: Directory where reports will be written.
+    required: false
+    default: mcp-guard-report
+  upload-artifact:
+    description: Upload generated reports as a workflow artifact.
+    required: false
+    default: "true"
+  upload-sarif:
+    description: "Upload SARIF to GitHub code scanning. Requires security-events: write permission."
+    required: false
+    default: "false"
+  artifact-name:
+    description: Artifact name for generated reports.
+    required: false
+    default: mcp-guard-report
+
+outputs:
+  markdown-report:
+    description: Path to the generated Markdown report.
+    value: ${{ steps.reports.outputs.markdown-report }}
+  html-report:
+    description: Path to the generated HTML report.
+    value: ${{ steps.reports.outputs.html-report }}
+  json-report:
+    description: Path to the generated JSON report.
+    value: ${{ steps.reports.outputs.json-report }}
+  sarif-report:
+    description: Path to the generated SARIF report.
+    value: ${{ steps.reports.outputs.sarif-report }}
+  exit-code:
+    description: mcp-guard threshold exit code.
+    value: ${{ steps.reports.outputs.exit-code }}
+
+runs:
+  using: composite
+  steps:
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: "20"
+
+    - name: Generate reports
+      id: reports
+      shell: bash
+      env:
+        MCP_GUARD_CONFIG: ${{ inputs.config }}
+        MCP_GUARD_FAIL_ON: ${{ inputs.fail-on }}
+        MCP_GUARD_OUTPUT_DIR: ${{ inputs.output-dir }}
+      run: |
+        set -euo pipefail
+
+        guard_bin="${GITHUB_ACTION_PATH}/bin/mcp-guard.js"
+        mkdir -p "${MCP_GUARD_OUTPUT_DIR}"
+
+        scan_args=()
+        if [ -n "${MCP_GUARD_CONFIG}" ]; then
+          scan_args+=(--config "${MCP_GUARD_CONFIG}")
+        fi
+
+        markdown_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-report.md"
+        html_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-report.html"
+        json_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard-report.json"
+        sarif_report="${MCP_GUARD_OUTPUT_DIR}/mcp-guard.sarif"
+
+        node "${guard_bin}" scan "${scan_args[@]}" --format markdown --output "${markdown_report}" --fail-on none
+        node "${guard_bin}" scan "${scan_args[@]}" --format html --output "${html_report}" --fail-on none
+        node "${guard_bin}" scan "${scan_args[@]}" --format json --output "${json_report}" --fail-on none
+        node "${guard_bin}" scan "${scan_args[@]}" --format sarif --output "${sarif_report}" --fail-on none
+
+        set +e
+        node "${guard_bin}" scan "${scan_args[@]}" --fail-on "${MCP_GUARD_FAIL_ON}"
+        status="$?"
+        set -e
+
+        {
+          echo "markdown-report=${markdown_report}"
+          echo "html-report=${html_report}"
+          echo "json-report=${json_report}"
+          echo "sarif-report=${sarif_report}"
+          echo "exit-code=${status}"
+        } >> "${GITHUB_OUTPUT}"
+
+    - name: Write job summary
+      if: ${{ always() && steps.reports.outputs.json-report != '' }}
+      shell: bash
+      env:
+        MCP_GUARD_FAIL_ON: ${{ inputs.fail-on }}
+      run: |
+        node "${GITHUB_ACTION_PATH}/scripts/action-summary.js" \
+          "${{ steps.reports.outputs.json-report }}" \
+          "${{ steps.reports.outputs.markdown-report }}" \
+          "${{ steps.reports.outputs.html-report }}" \
+          "${{ steps.reports.outputs.sarif-report }}" \
+          "${MCP_GUARD_FAIL_ON}" >> "${GITHUB_STEP_SUMMARY}"
+
+    - name: Upload report artifact
+      if: ${{ always() && inputs.upload-artifact == 'true' }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.artifact-name }}
+        path: ${{ inputs.output-dir }}
+
+    - name: Upload SARIF to code scanning
+      if: ${{ always() && inputs.upload-sarif == 'true' && steps.reports.outputs.sarif-report != '' }}
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: ${{ steps.reports.outputs.sarif-report }}
+
+    - name: Enforce severity threshold
+      shell: bash
+      env:
+        MCP_GUARD_EXIT_CODE: ${{ steps.reports.outputs.exit-code }}
+      run: |
+        if [ -z "${MCP_GUARD_EXIT_CODE}" ]; then
+          exit 1
+        fi
+        exit "${MCP_GUARD_EXIT_CODE}"

package/docs/business-playbook.md

@@ -13,9 +13,10 @@ AI Agent/MCP Security Audit.
 Deliverables:
 
 - MCP server inventory;
-- `mcp-guard` scan report;
+- `mcp-guard` Markdown, HTML, JSON, and SARIF scan reports;
 - manual review of high-risk findings;
 - prioritized remediation plan;
+- optional GitHub Action setup for continuous scans;
 - 60-minute hardening call;
 - optional PR with safer config changes.
 
@@ -61,4 +62,3 @@ Weak:
 - vague security interest;
 - requests for a full dashboard before any audit;
 - only free users with toy configs.
-

package/docs/github-action.md

@@ -0,0 +1,87 @@
+# GitHub Action
+
+Use the `mcp-guard` action to scan MCP and AI agent tool configuration in pull requests and CI.
+
+The action runs the CLI from the pinned GitHub Action tag, generates Markdown, HTML, JSON, and SARIF reports, writes a job summary, uploads reports as an artifact, and fails the job when findings meet your selected severity threshold.
+
+## Basic Workflow
+
+```yaml
+name: mcp-guard
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ChaoYue0307/mcp-guard@v0.3.0
+        with:
+          fail-on: high
+```
+
+## Upload SARIF to GitHub Security
+
+Enable SARIF upload when you want findings in the repository Security tab. The workflow needs `security-events: write`.
+
+```yaml
+name: mcp-guard
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ChaoYue0307/mcp-guard@v0.3.0
+        with:
+          config: .mcp.json
+          fail-on: high
+          upload-sarif: "true"
+```
+
+## Report-Only Mode
+
+Use `fail-on: none` when you want artifacts and summaries without blocking a pull request.
+
+```yaml
+- uses: ChaoYue0307/mcp-guard@v0.3.0
+  with:
+    fail-on: none
+```
+
+## Inputs
+
+| Input | Default | Description |
+| --- | --- | --- |
+| `config` | empty | Optional MCP config path. Empty scans default project and user config locations. |
+| `fail-on` | `high` | Fails the job for `critical`, `high`, `medium`, or `low` findings. Use `none` for report-only mode. |
+| `output-dir` | `mcp-guard-report` | Directory for generated reports. |
+| `upload-artifact` | `true` | Uploads generated reports as a workflow artifact. |
+| `upload-sarif` | `false` | Uploads SARIF to GitHub code scanning. Requires `security-events: write`. |
+| `artifact-name` | `mcp-guard-report` | Name of the uploaded artifact. |
+
+## Outputs
+
+| Output | Description |
+| --- | --- |
+| `markdown-report` | Path to the generated Markdown report. |
+| `html-report` | Path to the generated HTML report. |
+| `json-report` | Path to the generated JSON report. |
+| `sarif-report` | Path to the generated SARIF report. |
+| `exit-code` | `0` when below threshold, `2` when findings met the threshold. |

package/docs/roadmap.md

@@ -5,25 +5,24 @@
 ## Now
 
 - CLI config scanning.
-- Text, Markdown, and redacted JSON output.
+- Text, Markdown, HTML, redacted JSON, and SARIF output.
 - Rules for shell wrappers, remote package runners, unpinned packages, broad filesystem access, secret-like env vars/headers, and remote MCP URLs.
 - CI usage with `--fail-on`.
+- GitHub Action wrapper that writes a job summary, uploads Markdown/HTML/JSON/SARIF artifacts, and can upload SARIF to GitHub code scanning.
 
 ## Next
 
-1. GitHub Action wrapper.
-2. HTML audit report.
-3. More MCP client discovery paths.
-4. Rule packs mapped to MCP security best practices.
+1. More MCP client discovery paths.
+2. Rule packs mapped to MCP security best practices.
+3. Policy file for approved commands, packages, directories, and remote URLs.
+4. Baseline mode: accept known findings and fail only on new risks.
 5. `mcp-guard audit` mode for client-ready reports.
 
 ## Later
 
-1. Policy file: approved commands, packages, directories, and remote URLs.
-2. Baseline mode: accept known findings and fail only on new risks.
-3. SBOM/package metadata checks for MCP server packages.
-4. Local web report viewer.
-5. Hosted team dashboard only after repeated paid audit demand.
+1. SBOM/package metadata checks for MCP server packages.
+2. Local web report viewer.
+3. Hosted team dashboard only after repeated paid audit demand.
 
 ## Product Principles
 
@@ -32,4 +31,3 @@
 - Avoid noisy rules that do not change behavior.
 - Prefer workflow integration over dashboards.
 - Services first, SaaS later.
-

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-mcp-guard",
-  "version": "0.1.1",
+  "version": "0.3.0",
   "description": "Open-source CLI scanner for risky MCP server and AI agent tool configuration.",
   "type": "module",
   "homepage": "https://chaoyue0307.github.io/mcp-guard/",
@@ -32,7 +32,9 @@
     "security",
     "cli",
     "scanner",
-    "devsecops"
+    "devsecops",
+    "sarif",
+    "github-actions"
   ],
   "author": "",
   "license": "Apache-2.0",
@@ -40,6 +42,8 @@
     "bin",
     "src",
     "README.md",
+    "action.yml",
+    "scripts/action-summary.js",
     "LICENSE",
     "SECURITY.md",
     "docs",

package/scripts/action-summary.js

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+
+import fs from "node:fs";
+import path from "node:path";
+
+const [jsonReportPath, markdownReportPath, htmlReportPath, sarifReportPath, failOn] = process.argv.slice(2);
+
+if (!jsonReportPath) {
+  process.stderr.write("Usage: action-summary.js <json-report> <markdown-report> <html-report> <sarif-report> <fail-on>\n");
+  process.exit(1);
+}
+
+const report = JSON.parse(fs.readFileSync(jsonReportPath, "utf8"));
+const counts = report.summary.counts;
+const topFindings = report.findings.slice(0, 8);
+
+const lines = [];
+lines.push("## mcp-guard scan");
+lines.push("");
+lines.push(`Risk score: **${report.summary.riskScore}**`);
+lines.push("");
+lines.push("| Severity | Count |");
+lines.push("| --- | ---: |");
+lines.push(`| Critical | ${counts.critical} |`);
+lines.push(`| High | ${counts.high} |`);
+lines.push(`| Medium | ${counts.medium} |`);
+lines.push(`| Low | ${counts.low} |`);
+lines.push("");
+lines.push(`Scanned files: **${report.summary.scannedFileCount}**`);
+lines.push(`MCP servers: **${report.summary.serverCount}**`);
+lines.push(`Findings: **${report.summary.findingCount}**`);
+lines.push(`Fail threshold: **${failOn || "high"}**`);
+lines.push("");
+
+if (topFindings.length === 0) {
+  lines.push("No findings.");
+} else {
+  lines.push("### Top findings");
+  lines.push("");
+  lines.push("| Severity | Rule | Server | Finding |");
+  lines.push("| --- | --- | --- | --- |");
+  for (const finding of topFindings) {
+    lines.push(`| ${cell(finding.severity)} | ${cell(finding.id)} | ${cell(finding.serverName)} | ${cell(finding.title)} |`);
+  }
+}
+
+lines.push("");
+lines.push("### Reports");
+lines.push("");
+lines.push(`- Markdown: \`${relative(markdownReportPath)}\``);
+lines.push(`- HTML: \`${relative(htmlReportPath)}\``);
+lines.push(`- JSON: \`${relative(jsonReportPath)}\``);
+lines.push(`- SARIF: \`${relative(sarifReportPath)}\``);
+lines.push("");
+
+process.stdout.write(`${lines.join("\n")}\n`);
+
+function cell(value) {
+  return String(value ?? "").replaceAll("|", "\\|").replaceAll("\n", " ");
+}
+
+function relative(filePath) {
+  if (!filePath) return "";
+  return path.relative(process.cwd(), path.resolve(filePath)) || ".";
+}

package/src/cli.js

@@ -1,10 +1,10 @@
 import fs from "node:fs/promises";
 import path from "node:path";
 import { scan } from "./scan.js";
-import { generateJsonReport, generateMarkdownReport, generateTextReport } from "./report.js";
+import { generateHtmlReport, generateJsonReport, generateMarkdownReport, generateSarifReport, generateTextReport } from "./report.js";
 import { compareSeverity, severityRank } from "./severity.js";
 
-const VERSION = "0.1.1";
+const VERSION = "0.3.0";
 
 export async function runCli(argv, io) {
   const args = argv.slice(2);
@@ -80,8 +80,8 @@ function parseScanArgs(args, defaultCwd) {
     } else if (arg === "--format" || arg === "-f") {
       options.format = readValue(args, index, arg);
       index += 1;
-      if (!["text", "markdown", "json"].includes(options.format)) {
-        throw new Error("--format must be one of: text, markdown, json");
+      if (!["text", "markdown", "json", "html", "sarif"].includes(options.format)) {
+        throw new Error("--format must be one of: text, markdown, json, html, sarif");
       }
     } else if (arg === "--fail-on") {
       options.failOn = readValue(args, index, arg);
@@ -121,6 +121,12 @@ function renderReport(result, format) {
   if (format === "markdown") {
     return generateMarkdownReport(result);
   }
+  if (format === "html") {
+    return generateHtmlReport(result);
+  }
+  if (format === "sarif") {
+    return `${generateSarifReport(result)}\n`;
+  }
   return generateTextReport(result);
 }
 
@@ -142,7 +148,7 @@ Usage:
 Scan options:
   -c, --config <path>       Scan a specific MCP config file. Can be repeated.
   -o, --output <path>       Write report to a file.
-  -f, --format <format>     text, markdown, or json. Default: text.
+  -f, --format <format>     text, markdown, json, html, or sarif. Default: text.
       --fail-on <severity>  Exit 2 when finding severity is at least threshold.
                             critical, high, medium, low, none. Default: none.
       --cwd <path>          Working directory for project config discovery.
@@ -151,6 +157,8 @@ Scan options:
 Examples:
   mcp-guard scan
   mcp-guard scan --format markdown --output mcp-guard-report.md
+  mcp-guard scan --format html --output mcp-guard-report.html
+  mcp-guard scan --format sarif --output mcp-guard.sarif
   mcp-guard scan --config .mcp.json --fail-on high
 `;
 }

package/src/report.js

@@ -105,6 +105,396 @@ export function generateJsonReport(result) {
   return JSON.stringify(sanitizeResult(result), null, 2);
 }
 
+export function generateSarifReport(result) {
+  const rules = buildSarifRules(result.findings);
+  const sarif = {
+    version: "2.1.0",
+    $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+    runs: [
+      {
+        tool: {
+          driver: {
+            name: "mcp-guard",
+            informationUri: "https://github.com/ChaoYue0307/mcp-guard",
+            semanticVersion: result.metadata.toolVersion,
+            rules
+          }
+        },
+        automationDetails: {
+          id: "mcp-guard/"
+        },
+        invocations: [
+          {
+            executionSuccessful: true,
+            workingDirectory: {
+              uri: uriFromPath(result.metadata.cwd, result.metadata.cwd)
+            }
+          }
+        ],
+        results: result.findings.map((finding) => sarifResult(finding, result.metadata.cwd))
+      }
+    ]
+  };
+
+  return JSON.stringify(sarif, null, 2);
+}
+
+export function generateHtmlReport(result) {
+  const safeResult = sanitizeResult(result);
+  const riskTone = riskToneForScore(safeResult.summary.riskScore);
+  const findings = safeResult.findings;
+  const servers = safeResult.servers;
+
+  return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>mcp-guard Scan Report</title>
+  <style>
+    :root {
+      color-scheme: light;
+      --bg: #f8fafc;
+      --panel: #ffffff;
+      --ink: #111827;
+      --muted: #5b6575;
+      --line: #d9e2ec;
+      --soft: #eef4f7;
+      --critical: #b91c1c;
+      --high: #c2410c;
+      --medium: #a16207;
+      --low: #0f766e;
+      --info: #1d4ed8;
+      --shadow: 0 20px 55px rgba(15, 23, 42, 0.08);
+    }
+
+    * { box-sizing: border-box; }
+
+    body {
+      margin: 0;
+      background: var(--bg);
+      color: var(--ink);
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+      line-height: 1.5;
+    }
+
+    main {
+      width: min(1120px, calc(100% - 32px));
+      margin: 0 auto;
+      padding: 28px 0 48px;
+    }
+
+    .hero {
+      background: #ffffff;
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      box-shadow: var(--shadow);
+      padding: 28px;
+      display: grid;
+      grid-template-columns: minmax(0, 1fr) 240px;
+      gap: 24px;
+      align-items: stretch;
+    }
+
+    .eyebrow {
+      margin: 0 0 8px;
+      color: var(--info);
+      font-size: 13px;
+      font-weight: 700;
+      letter-spacing: 0;
+      text-transform: uppercase;
+    }
+
+    h1, h2 {
+      letter-spacing: 0;
+      line-height: 1.08;
+    }
+
+    h1 {
+      margin: 0;
+      font-size: 34px;
+    }
+
+    h2 {
+      margin: 0 0 14px;
+      font-size: 21px;
+    }
+
+    .lead {
+      max-width: 720px;
+      margin: 12px 0 0;
+      color: var(--muted);
+      font-size: 16px;
+    }
+
+    .scorecard {
+      border-radius: 8px;
+      border: 1px solid var(--line);
+      background: var(--soft);
+      padding: 18px;
+      min-height: 176px;
+      display: flex;
+      flex-direction: column;
+      justify-content: space-between;
+    }
+
+    .score-label {
+      margin: 0;
+      color: var(--muted);
+      font-size: 13px;
+      font-weight: 700;
+      text-transform: uppercase;
+    }
+
+    .score-value {
+      margin: 8px 0;
+      font-size: 58px;
+      font-weight: 800;
+      line-height: 1;
+      color: var(--${riskTone});
+    }
+
+    .score-caption {
+      margin: 0;
+      color: var(--muted);
+      font-size: 14px;
+    }
+
+    .grid {
+      display: grid;
+      grid-template-columns: repeat(4, minmax(0, 1fr));
+      gap: 12px;
+      margin: 18px 0 0;
+    }
+
+    .metric {
+      background: var(--panel);
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      padding: 14px;
+    }
+
+    .metric strong {
+      display: block;
+      font-size: 24px;
+      line-height: 1.1;
+    }
+
+    .metric span {
+      display: block;
+      margin-top: 6px;
+      color: var(--muted);
+      font-size: 13px;
+    }
+
+    section {
+      margin-top: 22px;
+      background: var(--panel);
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      box-shadow: 0 10px 30px rgba(15, 23, 42, 0.04);
+      padding: 22px;
+    }
+
+    .severity-row {
+      display: grid;
+      grid-template-columns: repeat(4, minmax(0, 1fr));
+      gap: 10px;
+    }
+
+    .severity {
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      padding: 12px;
+      min-height: 78px;
+    }
+
+    .severity b {
+      display: block;
+      font-size: 22px;
+      line-height: 1.1;
+    }
+
+    .severity span {
+      display: block;
+      margin-top: 6px;
+      color: var(--muted);
+      font-size: 13px;
+      text-transform: capitalize;
+    }
+
+    .critical { color: var(--critical); }
+    .high { color: var(--high); }
+    .medium { color: var(--medium); }
+    .low { color: var(--low); }
+
+    .table-wrap {
+      width: 100%;
+      overflow-x: auto;
+      border: 1px solid var(--line);
+      border-radius: 8px;
+    }
+
+    table {
+      width: 100%;
+      min-width: 760px;
+      border-collapse: collapse;
+      background: var(--panel);
+    }
+
+    th, td {
+      padding: 12px 14px;
+      border-bottom: 1px solid var(--line);
+      text-align: left;
+      vertical-align: top;
+      font-size: 14px;
+    }
+
+    th {
+      color: #374151;
+      background: #f1f5f9;
+      font-size: 12px;
+      text-transform: uppercase;
+    }
+
+    tr:last-child td { border-bottom: 0; }
+
+    code {
+      padding: 2px 5px;
+      border-radius: 5px;
+      background: #eef2f7;
+      color: #111827;
+      font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", monospace;
+      font-size: 0.92em;
+      white-space: normal;
+      overflow-wrap: anywhere;
+    }
+
+    .pill {
+      display: inline-flex;
+      align-items: center;
+      min-height: 24px;
+      padding: 3px 8px;
+      border-radius: 999px;
+      background: #f1f5f9;
+      font-size: 12px;
+      font-weight: 700;
+      text-transform: uppercase;
+    }
+
+    .pill.critical { background: #fee2e2; }
+    .pill.high { background: #ffedd5; }
+    .pill.medium { background: #fef3c7; }
+    .pill.low { background: #ccfbf1; }
+
+    .empty {
+      margin: 0;
+      color: var(--muted);
+      border: 1px dashed var(--line);
+      border-radius: 8px;
+      padding: 16px;
+      background: #fbfdff;
+    }
+
+    .notes {
+      color: var(--muted);
+      font-size: 14px;
+    }
+
+    .notes ul {
+      margin: 10px 0 0;
+      padding-left: 18px;
+    }
+
+    @media (max-width: 780px) {
+      main {
+        width: min(100% - 20px, 1120px);
+        padding-top: 10px;
+      }
+
+      .hero {
+        grid-template-columns: 1fr;
+        padding: 20px;
+      }
+
+      h1 { font-size: 28px; }
+
+      .grid,
+      .severity-row {
+        grid-template-columns: repeat(2, minmax(0, 1fr));
+      }
+    }
+
+    @media (max-width: 460px) {
+      .grid,
+      .severity-row {
+        grid-template-columns: 1fr;
+      }
+    }
+  </style>
+</head>
+<body>
+  <main>
+    <header class="hero">
+      <div>
+        <p class="eyebrow">mcp-guard scan report</p>
+        <h1>AI agent tool risk review</h1>
+        <p class="lead">Local-first review of MCP server configuration, startup commands, remote endpoints, filesystem scope, and secret-like values.</p>
+        <div class="grid">
+          ${metric("Scanned files", safeResult.summary.scannedFileCount)}
+          ${metric("MCP servers", safeResult.summary.serverCount)}
+          ${metric("Findings", safeResult.summary.findingCount)}
+          ${metric("Generated", formatDate(safeResult.metadata.generatedAt))}
+        </div>
+      </div>
+      <aside class="scorecard" aria-label="Risk score">
+        <div>
+          <p class="score-label">Risk score</p>
+          <p class="score-value">${escapeHtml(safeResult.summary.riskScore)}</p>
+        </div>
+        <p class="score-caption">${escapeHtml(riskCaption(safeResult.summary.riskScore))}</p>
+      </aside>
+    </header>
+
+    <section>
+      <h2>Severity Summary</h2>
+      <div class="severity-row">
+        ${severityCard("critical", safeResult.summary.counts.critical)}
+        ${severityCard("high", safeResult.summary.counts.high)}
+        ${severityCard("medium", safeResult.summary.counts.medium)}
+        ${severityCard("low", safeResult.summary.counts.low)}
+      </div>
+    </section>
+
+    <section>
+      <h2>Scanned Files</h2>
+      ${renderScannedFiles(safeResult)}
+    </section>
+
+    <section>
+      <h2>MCP Server Inventory</h2>
+      ${renderServerTable(servers, safeResult.metadata.cwd)}
+    </section>
+
+    <section>
+      <h2>Findings</h2>
+      ${renderFindingsTable(findings)}
+    </section>
+
+    <section class="notes">
+      <h2>Review Notes</h2>
+      <ul>
+        <li>Secret-like values are redacted before rendering this report.</li>
+        <li>Review each server before granting access to files, shells, SaaS accounts, or production systems.</li>
+        <li>This report assists security review and does not guarantee that every issue was found.</li>
+      </ul>
+    </section>
+  </main>
+</body>
+</html>
+`;
+}
+
 function cell(value) {
   return String(value).replaceAll("|", "\\|").replaceAll("\n", "<br>");
 }
@@ -134,3 +524,195 @@ function sanitizeResult(result) {
     summary: result.summary
   };
 }
+
+function buildSarifRules(findings) {
+  const unique = new Map();
+  for (const finding of findings) {
+    if (unique.has(finding.id)) continue;
+    unique.set(finding.id, {
+      id: finding.id,
+      name: finding.id,
+      shortDescription: {
+        text: finding.title
+      },
+      fullDescription: {
+        text: finding.title
+      },
+      help: {
+        text: finding.recommendation,
+        markdown: finding.recommendation
+      },
+      defaultConfiguration: {
+        level: sarifLevel(finding.severity)
+      },
+      properties: {
+        severity: finding.severity,
+        tags: ["mcp", "ai-agent", "security"]
+      }
+    });
+  }
+  return [...unique.values()];
+}
+
+function sarifResult(finding, cwd) {
+  return {
+    ruleId: finding.id,
+    level: sarifLevel(finding.severity),
+    message: {
+      text: `${finding.title}. ${finding.evidence} Fix: ${finding.recommendation}`
+    },
+    locations: [
+      {
+        physicalLocation: {
+          artifactLocation: {
+            uri: uriFromPath(finding.configPath, cwd)
+          },
+          region: {
+            startLine: 1,
+            startColumn: 1
+          }
+        },
+        logicalLocations: [
+          {
+            name: finding.serverName,
+            kind: "object"
+          }
+        ]
+      }
+    ],
+    partialFingerprints: {
+      "mcp-guard/rule-server-evidence": fingerprint(`${finding.id}:${finding.serverName}:${finding.evidence}`)
+    },
+    properties: {
+      severity: finding.severity,
+      serverName: finding.serverName,
+      evidence: finding.evidence,
+      recommendation: finding.recommendation
+    }
+  };
+}
+
+function sarifLevel(severity) {
+  if (severity === "critical" || severity === "high") return "error";
+  if (severity === "medium") return "warning";
+  return "note";
+}
+
+function uriFromPath(filePath, cwd) {
+  const display = displayPath(filePath, cwd) || ".";
+  return display.split("/").map(encodeURIComponent).join("/");
+}
+
+function fingerprint(value) {
+  let hash = 2166136261;
+  for (let index = 0; index < value.length; index += 1) {
+    hash ^= value.charCodeAt(index);
+    hash = Math.imul(hash, 16777619);
+  }
+  return (hash >>> 0).toString(16).padStart(8, "0");
+}
+
+function metric(label, value) {
+  return `<div class="metric"><strong>${escapeHtml(value)}</strong><span>${escapeHtml(label)}</span></div>`;
+}
+
+function severityCard(severity, count) {
+  return `<div class="severity ${severity}"><b>${escapeHtml(count)}</b><span>${escapeHtml(severity)}</span></div>`;
+}
+
+function renderScannedFiles(result) {
+  if (result.scannedFiles.length === 0) {
+    return `<p class="empty">No MCP config files were found.</p>`;
+  }
+
+  const items = result.scannedFiles
+    .map((file) => `<tr><td><code>${escapeHtml(displayPath(file, result.metadata.cwd))}</code></td></tr>`)
+    .join("");
+
+  return `<div class="table-wrap"><table><thead><tr><th>Path</th></tr></thead><tbody>${items}</tbody></table></div>`;
+}
+
+function renderServerTable(servers, cwd) {
+  if (servers.length === 0) {
+    return `<p class="empty">No MCP servers were found.</p>`;
+  }
+
+  const rows = servers.map((server) => {
+    const env = kvList(server.env);
+    const headers = kvList(server.headers);
+    return `<tr>
+      <td><strong>${escapeHtml(server.name)}</strong><br><code>${escapeHtml(displayPath(server.configPath, cwd))}</code></td>
+      <td>${codeOrDash(server.command)}</td>
+      <td>${codeOrDash(server.args.join(" "))}</td>
+      <td>${codeOrDash(server.cwd)}</td>
+      <td>${codeOrDash(server.url)}</td>
+      <td>${env || "-"}</td>
+      <td>${headers || "-"}</td>
+    </tr>`;
+  }).join("");
+
+  return `<div class="table-wrap"><table>
+    <thead><tr><th>Server</th><th>Command</th><th>Args</th><th>CWD</th><th>URL</th><th>Env</th><th>Headers</th></tr></thead>
+    <tbody>${rows}</tbody>
+  </table></div>`;
+}
+
+function renderFindingsTable(findings) {
+  if (findings.length === 0) {
+    return `<p class="empty">No findings. Keep reviewing new MCP servers and agent tools before adding them.</p>`;
+  }
+
+  const rows = findings.map((finding) => `<tr>
+    <td><span class="pill ${escapeHtml(finding.severity)}">${escapeHtml(finding.severity)}</span></td>
+    <td><code>${escapeHtml(finding.id)}</code></td>
+    <td>${escapeHtml(finding.serverName)}</td>
+    <td>${escapeHtml(finding.title)}</td>
+    <td>${codeOrDash(finding.evidence)}</td>
+    <td>${escapeHtml(finding.recommendation)}</td>
+  </tr>`).join("");
+
+  return `<div class="table-wrap"><table>
+    <thead><tr><th>Severity</th><th>Rule</th><th>Server</th><th>Finding</th><th>Evidence</th><th>Recommendation</th></tr></thead>
+    <tbody>${rows}</tbody>
+  </table></div>`;
+}
+
+function kvList(record) {
+  return Object.entries(record || {})
+    .map(([key, value]) => `<code>${escapeHtml(key)}=${escapeHtml(value)}</code>`)
+    .join("<br>");
+}
+
+function codeOrDash(value) {
+  if (!value) return "-";
+  return `<code>${escapeHtml(value)}</code>`;
+}
+
+function formatDate(value) {
+  const date = new Date(value);
+  if (Number.isNaN(date.getTime())) return value;
+  return `${date.toISOString().slice(0, 16).replace("T", " ")} UTC`;
+}
+
+function riskToneForScore(score) {
+  if (score >= 80) return "critical";
+  if (score >= 50) return "high";
+  if (score >= 20) return "medium";
+  return "low";
+}
+
+function riskCaption(score) {
+  if (score >= 80) return "Critical review recommended before enabling these tools.";
+  if (score >= 50) return "High risk configuration; review before team use.";
+  if (score >= 20) return "Moderate risk; confirm the intended permission scope.";
+  return "Low risk based on the current rule set.";
+}
+
+function escapeHtml(value) {
+  return String(value ?? "")
+    .replaceAll("&", "&amp;")
+    .replaceAll("<", "&lt;")
+    .replaceAll(">", "&gt;")
+    .replaceAll('"', "&quot;")
+    .replaceAll("'", "&#39;");
+}