agent-mcp-guard 0.3.0 → 0.4.0

package/docs/marketplace.md

@@ -0,0 +1,121 @@
+# GitHub Marketplace Plan
+
+GitHub Marketplace has stricter packaging rules than normal action usage. The main `mcp-guard` repository should stay as the product repository because it contains the CLI, website, tests, CI, Pages, docs, and examples.
+
+Official GitHub docs: https://docs.github.com/en/actions/how-tos/create-and-publish-actions/publish-in-github-marketplace
+
+Use a dedicated public repository for Marketplace:
+
+```text
+ChaoYue0307/mcp-guard-action
+```
+
+## Why a Dedicated Repository
+
+GitHub requires Marketplace action repositories to:
+
+- be public;
+- contain a single root `action.yml` or `action.yaml`;
+- have a unique action metadata `name`;
+- avoid workflow files in the repository.
+
+The main repo intentionally contains `.github/workflows`, so it should not be the Marketplace repo.
+
+## Prepared Action Package
+
+Generate the clean action repository payload:
+
+```bash
+npm run marketplace:prepare
+```
+
+This creates:
+
+```text
+dist/mcp-guard-action/
+```
+
+The generated directory includes only the files needed by the action:
+
+- `action.yml`
+- `README.md`
+- `LICENSE`
+- `package.json`
+- `bin/`
+- `src/`
+- `scripts/action-summary.js`
+
+It intentionally excludes `.github/workflows`.
+
+## Recommended Marketplace Metadata
+
+Repository name:
+
+```text
+mcp-guard-action
+```
+
+Action name:
+
+```text
+mcp-guard MCP Security Scanner
+```
+
+Description:
+
+```text
+Scan MCP and AI agent tool configuration for risky commands, leaked secrets, broad filesystem access, remote endpoints, and unpinned packages.
+```
+
+Primary category:
+
+```text
+Security
+```
+
+Secondary category:
+
+```text
+Code quality
+```
+
+Release title:
+
+```text
+v0.4.0
+```
+
+Release notes:
+
+```text
+Baseline and pull request comment release.
+
+- Runs mcp-guard from the pinned action tag.
+- Generates Markdown, HTML, JSON, and SARIF reports.
+- Writes a GitHub Step Summary for pull request review.
+- Supports baseline/allowlist files so known accepted findings do not fail CI.
+- Can post or update a pull request comment with active findings.
+- Can upload SARIF to GitHub code scanning with `upload-sarif: "true"`.
+- Fails workflows by configurable severity threshold.
+```
+
+## Manual Publishing Steps
+
+Completed:
+
+- Public repository created: <https://github.com/ChaoYue0307/mcp-guard-action>
+- `dist/mcp-guard-action/` exported, committed, and pushed.
+- Release created: <https://github.com/ChaoYue0307/mcp-guard-action/releases/tag/v0.4.0>
+- README, docs, and website examples now use:
+
+```yaml
+- uses: ChaoYue0307/mcp-guard-action@v0.4.0
+```
+
+Remaining Marketplace web step:
+
+1. Open `action.yml` or the release page on GitHub and click the Marketplace banner.
+2. Select `Publish this Action to the GitHub Marketplace`.
+3. Accept the GitHub Marketplace Developer Agreement if prompted.
+4. Choose `Security` as the primary category.
+5. Publish the release with 2FA.

package/docs/operator-runbook.md

@@ -98,5 +98,5 @@ Send this to 20 teams using MCP or AI agents:
 ```text
 I am building mcp-guard, an open-source security scanner for MCP and AI agent tool configs. It checks for risky shell access, unpinned remote packages, over-broad file permissions, exposed secrets, and unsafe remote server setup.
 
-I am doing a few early scans for teams using MCP in real workflows. If you send a redacted config or run the CLI locally, I can help interpret the report and suggest hardening steps.
+I am collecting real-world MCP config patterns from teams using agents in real workflows. If you can share a redacted config or run the CLI locally, your feedback can help improve the scanner's rules and reports.
 ```

package/docs/paid-audit.md

@@ -1,6 +1,8 @@
-# AI Agent/MCP Security Audit
+# Future Service Concept
 
-This is the first paid service attached to `mcp-guard`.
+This is a planning note for a possible future service attached to `mcp-guard`.
+
+It is not currently advertised as an active consulting service. Keep public website and README copy focused on the automated scanner, early pilots, and CI setup feedback until this offer is actually available.
 
 ## Who It Is For
 
@@ -24,6 +26,6 @@ Use `docs/templates/audit-report-template.md` as the starting point for client d
 - Small startup: USD 1,000-3,000.
 - Funded team or private deployment pilot: USD 3,000-8,000.
 
-## Sales Copy
+## Draft Sales Copy
 
-I am building `mcp-guard`, an open-source scanner for MCP and AI agent tool security. It checks for risky shell access, unpinned remote packages, over-broad file permissions, exposed secrets, and unsafe remote server setup. I am offering a few early MCP security audits for teams using agents in real workflows.
+I am building `mcp-guard`, an open-source scanner for MCP and AI agent tool security. It checks for risky shell access, unpinned remote packages, over-broad file permissions, exposed secrets, and unsafe remote server setup. I am collecting real-world config patterns from teams using agents in real workflows.

package/docs/roadmap.md

@@ -9,14 +9,16 @@
 - Rules for shell wrappers, remote package runners, unpinned packages, broad filesystem access, secret-like env vars/headers, and remote MCP URLs.
 - CI usage with `--fail-on`.
 - GitHub Action wrapper that writes a job summary, uploads Markdown/HTML/JSON/SARIF artifacts, and can upload SARIF to GitHub code scanning.
+- Baseline/allowlist mode for accepting known findings and failing only on new risks.
+- Optional GitHub pull request comments from the Marketplace Action.
 
 ## Next
 
 1. More MCP client discovery paths.
 2. Rule packs mapped to MCP security best practices.
 3. Policy file for approved commands, packages, directories, and remote URLs.
-4. Baseline mode: accept known findings and fail only on new risks.
-5. `mcp-guard audit` mode for client-ready reports.
+4. `mcp-guard audit` mode for review-ready reports.
+5. Safer default remediation snippets for common MCP servers.
 
 ## Later
 

package/examples/sample-report.md

@@ -1,12 +1,12 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T06:56:59.977Z
+Generated: 2026-05-10T12:58:03.265Z
 
 ## Summary
 
 - Scanned files: 1
 - MCP servers: 3
-- Findings: 9
+- Active findings: 9
 - Risk score: 98
 - Critical: 2
 - High: 5
@@ -25,19 +25,19 @@ Generated: 2026-05-10T06:56:59.977Z
 | shell-installer | bash | -c curl https://example.com/install.sh \| bash | - | - | - |
 | remote-prod | - | - | - | https://mcp.example.com/sse | - |
 
-## Findings
-
-| Severity | Rule | Server | Finding | Evidence | Recommendation |
-| --- | --- | --- | --- | --- | --- |
-| critical | MCP010 | shell-installer | Shell command executes inline script | command=bash args=-c curl https://example.com/install.sh \| bash | Use a direct, pinned executable instead of a shell wrapper. If a shell is required, place the script in source control and review it. |
-| critical | MCP050 | shell-installer | MCP server command includes a dangerous operation | curl pipe to shell | Remove the dangerous operation from MCP startup. Run destructive setup steps manually and review them separately. |
-| high | MCP021 | filesystem-all-home | Remote MCP package is not version pinned | package=@modelcontextprotocol/server-filesystem | Pin the package to an exact version such as package@1.2.3 and review updates before changing it. |
-| high | MCP030 | filesystem-all-home | Secret-like environment variable is exposed to MCP server | GITHUB_TOKEN=ghp...890 (32 chars) | Pass the least privileged token possible. Prefer scoped tokens, short-lived credentials, and a dedicated service account. |
-| high | MCP040 | filesystem-all-home | MCP server has a broad working directory | cwd=/ | Run the server in a narrow project directory or sandbox with only the files it needs. |
-| high | MCP041 | filesystem-all-home | MCP server argument grants broad filesystem access | arg=/ | Replace broad filesystem paths with a dedicated project folder or read-only sandbox path. |
-| high | MCP061 | remote-prod | Secret-like header is configured for remote MCP server | Authorization=Bea...ken (27 chars) | Use scoped, short-lived credentials and avoid placing long-lived secrets directly in MCP config files. |
-| medium | MCP020 | filesystem-all-home | MCP server is launched through a remote package runner | command=npx package=@modelcontextprotocol/server-filesystem | Pin the package version, review the package source, and prefer a local lockfile or vendored executable for sensitive tools. |
-| medium | MCP060 | remote-prod | Remote MCP server URL is configured | url=https://mcp.example.com/sse | Verify the provider, use HTTPS, document the data sent to this server, and keep an allowlist of approved remote endpoints. |
+## Active Findings
+
+| Severity | Rule | Server | Finding | Evidence | Fingerprint | Recommendation |
+| --- | --- | --- | --- | --- | --- | --- |
+| critical | MCP010 | shell-installer | Shell command executes inline script | command=bash args=-c curl https://example.com/install.sh \| bash | mcpg_a009b2c2 | Use a direct, pinned executable instead of a shell wrapper. If a shell is required, place the script in source control and review it. |
+| critical | MCP050 | shell-installer | MCP server command includes a dangerous operation | curl pipe to shell | mcpg_6bd13204 | Remove the dangerous operation from MCP startup. Run destructive setup steps manually and review them separately. |
+| high | MCP021 | filesystem-all-home | Remote MCP package is not version pinned | package=@modelcontextprotocol/server-filesystem | mcpg_d0af49fa | Pin the package to an exact version such as package@1.2.3 and review updates before changing it. |
+| high | MCP030 | filesystem-all-home | Secret-like environment variable is exposed to MCP server | GITHUB_TOKEN=ghp...890 (32 chars) | mcpg_a5f382b0 | Pass the least privileged token possible. Prefer scoped tokens, short-lived credentials, and a dedicated service account. |
+| high | MCP040 | filesystem-all-home | MCP server has a broad working directory | cwd=/ | mcpg_31aaa689 | Run the server in a narrow project directory or sandbox with only the files it needs. |
+| high | MCP041 | filesystem-all-home | MCP server argument grants broad filesystem access | arg=/ | mcpg_dbc08d76 | Replace broad filesystem paths with a dedicated project folder or read-only sandbox path. |
+| high | MCP061 | remote-prod | Secret-like header is configured for remote MCP server | Authorization=Bea...ken (27 chars) | mcpg_5abd4cbd | Use scoped, short-lived credentials and avoid placing long-lived secrets directly in MCP config files. |
+| medium | MCP020 | filesystem-all-home | MCP server is launched through a remote package runner | command=npx package=@modelcontextprotocol/server-filesystem | mcpg_a3493a53 | Pin the package version, review the package source, and prefer a local lockfile or vendored executable for sensitive tools. |
+| medium | MCP060 | remote-prod | Remote MCP server URL is configured | url=https://mcp.example.com/sse | mcpg_cf1296e4 | Verify the provider, use HTTPS, document the data sent to this server, and keep an allowlist of approved remote endpoints. |
 
 ## Notes
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-mcp-guard",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Open-source CLI scanner for risky MCP server and AI agent tool configuration.",
   "type": "module",
   "homepage": "https://chaoyue0307.github.io/mcp-guard/",
@@ -19,6 +19,7 @@
     "scan:example": "node ./bin/mcp-guard.js scan --config examples/unsafe-claude_desktop_config.json --output examples/sample-report.md",
     "release:check": "node ./scripts/release-check.js",
     "launch:github": "node ./scripts/launch-github.js",
+    "marketplace:prepare": "node ./scripts/prepare-marketplace-action.js",
     "publish:npm": "node ./scripts/publish-npm.js",
     "start": "node ./bin/mcp-guard.js"
   },
@@ -44,10 +45,13 @@
     "README.md",
     "action.yml",
     "scripts/action-summary.js",
+    "scripts/action-comment.js",
+    "scripts/prepare-marketplace-action.js",
     "LICENSE",
     "SECURITY.md",
     "docs",
     "examples",
+    "site/e2e",
     "site/assets/readme-hero.svg",
     "site/assets/brand-mark.svg"
   ]

package/scripts/action-comment.js

@@ -0,0 +1,72 @@
+#!/usr/bin/env node
+
+import fs from "node:fs";
+import path from "node:path";
+
+const [jsonReportPath, markdownReportPath, htmlReportPath, sarifReportPath, failOn] = process.argv.slice(2);
+
+if (!jsonReportPath) {
+  process.stderr.write("Usage: action-comment.js <json-report> <markdown-report> <html-report> <sarif-report> <fail-on>\n");
+  process.exit(1);
+}
+
+const report = JSON.parse(fs.readFileSync(jsonReportPath, "utf8"));
+const counts = report.summary.counts;
+const findings = report.findings || [];
+const acceptedCount = report.summary.acceptedFindingCount || 0;
+const runUrl = process.env.GITHUB_SERVER_URL && process.env.GITHUB_REPOSITORY && process.env.GITHUB_RUN_ID
+  ? `${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID}`
+  : "";
+const status = findings.length === 0 ? "passed" : "needs review";
+
+const lines = [];
+lines.push("<!-- mcp-guard-comment -->");
+lines.push("## mcp-guard MCP security scan");
+lines.push("");
+lines.push(`Status: **${status}**`);
+lines.push(`Risk score: **${report.summary.riskScore}**`);
+lines.push(`Active findings: **${report.summary.findingCount}**`);
+if (acceptedCount > 0 || report.baseline?.enabled) {
+  lines.push(`Accepted by baseline: **${acceptedCount}**`);
+}
+lines.push(`Fail threshold: **${failOn || "high"}**`);
+if (runUrl) {
+  lines.push(`Workflow run: ${runUrl}`);
+}
+lines.push("");
+lines.push("| Critical | High | Medium | Low |");
+lines.push("| ---: | ---: | ---: | ---: |");
+lines.push(`| ${counts.critical} | ${counts.high} | ${counts.medium} | ${counts.low} |`);
+lines.push("");
+
+if (findings.length === 0) {
+  lines.push("No active findings met the current scan. Baseline-accepted findings do not block this PR.");
+} else {
+  lines.push("### Top active findings");
+  lines.push("");
+  lines.push("| Severity | Rule | Server | Finding |");
+  lines.push("| --- | --- | --- | --- |");
+  for (const finding of findings.slice(0, 6)) {
+    lines.push(`| ${cell(finding.severity)} | ${cell(finding.id)} | ${cell(finding.serverName)} | ${cell(finding.title)} |`);
+  }
+}
+
+lines.push("");
+lines.push("### Artifacts");
+lines.push("");
+lines.push(`- Markdown: \`${relative(markdownReportPath)}\``);
+lines.push(`- HTML: \`${relative(htmlReportPath)}\``);
+lines.push(`- JSON: \`${relative(jsonReportPath)}\``);
+lines.push(`- SARIF: \`${relative(sarifReportPath)}\``);
+lines.push("");
+
+process.stdout.write(`${lines.join("\n")}\n`);
+
+function cell(value) {
+  return String(value ?? "").replaceAll("|", "\\|").replaceAll("\n", " ");
+}
+
+function relative(filePath) {
+  if (!filePath) return "";
+  return path.relative(process.cwd(), path.resolve(filePath)) || ".";
+}

package/scripts/action-summary.js

@@ -13,6 +13,7 @@ if (!jsonReportPath) {
 const report = JSON.parse(fs.readFileSync(jsonReportPath, "utf8"));
 const counts = report.summary.counts;
 const topFindings = report.findings.slice(0, 8);
+const acceptedCount = report.summary.acceptedFindingCount || 0;
 
 const lines = [];
 lines.push("## mcp-guard scan");
@@ -28,14 +29,17 @@ lines.push(`| Low | ${counts.low} |`);
 lines.push("");
 lines.push(`Scanned files: **${report.summary.scannedFileCount}**`);
 lines.push(`MCP servers: **${report.summary.serverCount}**`);
-lines.push(`Findings: **${report.summary.findingCount}**`);
+lines.push(`Active findings: **${report.summary.findingCount}**`);
+if (acceptedCount > 0 || report.baseline?.enabled) {
+  lines.push(`Accepted by baseline: **${acceptedCount}**`);
+}
 lines.push(`Fail threshold: **${failOn || "high"}**`);
 lines.push("");
 
 if (topFindings.length === 0) {
-  lines.push("No findings.");
+  lines.push("No active findings.");
 } else {
-  lines.push("### Top findings");
+  lines.push("### Top active findings");
   lines.push("");
   lines.push("| Severity | Rule | Server | Finding |");
   lines.push("| --- | --- | --- | --- |");

package/scripts/prepare-marketplace-action.js

@@ -0,0 +1,74 @@
+#!/usr/bin/env node
+
+import fs from "node:fs";
+import path from "node:path";
+
+const root = path.resolve(import.meta.dirname, "..");
+const outputDir = path.join(root, "dist", "mcp-guard-action");
+const packageJson = JSON.parse(fs.readFileSync(path.join(root, "package.json"), "utf8"));
+
+fs.rmSync(outputDir, { recursive: true, force: true });
+fs.mkdirSync(outputDir, { recursive: true });
+
+copyFile("action.yml", "action.yml");
+copyFile("LICENSE", "LICENSE");
+copyFile("docs/marketplace-action-readme.md", "README.md");
+copyDir("bin", "bin");
+copyDir("src", "src");
+copyFile("scripts/action-summary.js", "scripts/action-summary.js");
+copyFile("scripts/action-comment.js", "scripts/action-comment.js");
+writePackageJson();
+validateExport();
+
+process.stdout.write(`Marketplace action package prepared at ${path.relative(root, outputDir)}\n`);
+
+function copyFile(from, to) {
+  const source = path.join(root, from);
+  const target = path.join(outputDir, to);
+  fs.mkdirSync(path.dirname(target), { recursive: true });
+  fs.copyFileSync(source, target);
+}
+
+function copyDir(from, to) {
+  fs.cpSync(path.join(root, from), path.join(outputDir, to), {
+    recursive: true,
+    filter: (source) => !source.includes(`${path.sep}.DS_Store`)
+  });
+}
+
+function writePackageJson() {
+  const actionPackage = {
+    name: "mcp-guard-action",
+    version: packageJson.version,
+    private: true,
+    description: "GitHub Action wrapper for mcp-guard MCP and AI agent security scanning.",
+    type: "module",
+    engines: packageJson.engines,
+    license: packageJson.license
+  };
+
+  fs.writeFileSync(path.join(outputDir, "package.json"), `${JSON.stringify(actionPackage, null, 2)}\n`, "utf8");
+}
+
+function validateExport() {
+  const required = [
+    "action.yml",
+    "README.md",
+    "LICENSE",
+    "package.json",
+    "bin/mcp-guard.js",
+    "src/cli.js",
+    "src/report.js",
+    "scripts/action-summary.js",
+    "scripts/action-comment.js"
+  ];
+
+  const missing = required.filter((file) => !fs.existsSync(path.join(outputDir, file)));
+  if (missing.length > 0) {
+    throw new Error(`Marketplace export is missing: ${missing.join(", ")}`);
+  }
+
+  if (fs.existsSync(path.join(outputDir, ".github"))) {
+    throw new Error("Marketplace export must not include .github workflows.");
+  }
+}

package/site/e2e/claude_desktop_config.json

@@ -0,0 +1,28 @@
+{
+  "mcpServers": {
+    "filesystem-all-home": {
+      "command": "npx",
+      "args": [
+        "@modelcontextprotocol/server-filesystem",
+        "/"
+      ],
+      "env": {
+        "GITHUB_TOKEN": "ghp_exampleSecretValue1234567890"
+      },
+      "cwd": "/"
+    },
+    "shell-installer": {
+      "command": "bash",
+      "args": [
+        "-c",
+        "curl https://example.com/install.sh | bash"
+      ]
+    },
+    "remote-prod": {
+      "url": "https://mcp.example.com/sse",
+      "headers": {
+        "Authorization": "Bearer example-secret-token"
+      }
+    }
+  }
+}

package/site/e2e/index.html

@@ -0,0 +1,107 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>mcp-guard E2E Example</title>
+    <meta name="description" content="A transparent end-to-end mcp-guard example with committed input, reproducible CLI commands, and generated reports.">
+    <link rel="icon" href="../assets/brand-mark.svg" type="image/svg+xml">
+    <link rel="stylesheet" href="../styles.css">
+  </head>
+  <body>
+    <header class="site-header">
+      <a class="brand" href="../" aria-label="mcp-guard home">
+        <img src="../assets/brand-mark.svg" alt="">
+        <span>mcp-guard</span>
+      </a>
+      <nav aria-label="Primary navigation">
+        <a href="../#scan">Scan</a>
+        <a href="../#action">Action</a>
+        <a href="../#baseline">Baseline</a>
+        <a href="../#reports">Reports</a>
+        <a href="../#pilot">Pilot</a>
+        <a class="github-link" href="https://github.com/ChaoYue0307/mcp-guard">GitHub</a>
+      </nav>
+    </header>
+
+    <main>
+      <section class="example-hero">
+        <div>
+          <span class="eyebrow">End-to-end proof</span>
+          <h1>Real scanner output from a reproducible MCP config.</h1>
+          <p>The input is synthetic so it is safe to publish, but every report below was generated by the current `mcp-guard` CLI from the committed config file.</p>
+        </div>
+        <div class="example-score">
+          <span>Risk Score</span>
+          <strong>98</strong>
+          <p>9 active findings across 3 MCP servers</p>
+        </div>
+      </section>
+
+      <section class="example-layout">
+        <div class="example-main">
+          <h2>1. Input config</h2>
+          <p>The config intentionally includes risky patterns a real MCP setup can contain: remote package execution, root filesystem access, shell startup, remote MCP URL, and secret-like values.</p>
+          <pre><code>{
+  "mcpServers": {
+    "filesystem-all-home": {
+      "command": "npx",
+      "args": ["@modelcontextprotocol/server-filesystem", "/"],
+      "env": { "GITHUB_TOKEN": "ghp_exampleSecretValue1234567890" },
+      "cwd": "/"
+    },
+    "shell-installer": {
+      "command": "bash",
+      "args": ["-c", "curl https://example.com/install.sh | bash"]
+    },
+    "remote-prod": {
+      "url": "https://mcp.example.com/sse",
+      "headers": { "Authorization": "Bearer example-secret-token" }
+    }
+  }
+}</code></pre>
+
+          <h2>2. Reproduce the scan</h2>
+          <pre><code>node ./bin/mcp-guard.js scan --config site/e2e/claude_desktop_config.json --format markdown --output site/e2e/report.md
+node ./bin/mcp-guard.js scan --config site/e2e/claude_desktop_config.json --format html --output site/e2e/report.html
+node ./bin/mcp-guard.js scan --config site/e2e/claude_desktop_config.json --format json --output site/e2e/report.json
+node ./bin/mcp-guard.js scan --config site/e2e/claude_desktop_config.json --format sarif --output site/e2e/report.sarif</code></pre>
+
+          <h2>3. What it found</h2>
+          <div class="finding-table">
+            <div><span>Critical</span><strong>MCP010</strong><p>Shell command executes inline script.</p></div>
+            <div><span>Critical</span><strong>MCP050</strong><p>Startup command includes curl-pipe-shell.</p></div>
+            <div><span>High</span><strong>MCP021</strong><p>Remote MCP package is not version pinned.</p></div>
+            <div><span>High</span><strong>MCP030</strong><p>Secret-like environment variable is exposed.</p></div>
+            <div><span>High</span><strong>MCP040/MCP041</strong><p>Working directory and argument grant broad filesystem access.</p></div>
+            <div><span>High</span><strong>MCP061</strong><p>Secret-like authorization header is configured.</p></div>
+          </div>
+        </div>
+
+        <aside class="example-side">
+          <h2>Generated artifacts</h2>
+          <p>Open these files and compare them with the input config.</p>
+          <a href="claude_desktop_config.json">Input JSON</a>
+          <a href="report.md">Markdown report</a>
+          <a href="report.html">HTML report</a>
+          <a href="report.json">JSON report</a>
+          <a href="report.sarif">SARIF report</a>
+          <h2>Output summary</h2>
+          <ul>
+            <li>Scanned files: 1</li>
+            <li>MCP servers: 3</li>
+            <li>Active findings: 9</li>
+            <li>Critical: 2</li>
+            <li>High: 5</li>
+            <li>Medium: 2</li>
+            <li>Low: 0</li>
+          </ul>
+        </aside>
+      </section>
+    </main>
+
+    <footer>
+      <p>mcp-guard is Apache-2.0 open source. This example is generated from files committed in the repository.</p>
+    </footer>
+  </body>
+</html>