agent-mcp-guard 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/action.yml +5 -5
- package/docs/baseline.md +2 -2
- package/docs/github-action.md +4 -4
- package/docs/launch-checklist.md +1 -1
- package/docs/marketplace-action-readme.md +3 -3
- package/docs/marketplace.md +9 -12
- package/examples/sample-report.md +1 -1
- package/package.json +1 -1
- package/site/e2e/report.html +1 -1
- package/site/e2e/report.json +2 -2
- package/site/e2e/report.md +1 -1
- package/site/e2e/report.sarif +1 -1
- package/src/cli.js +1 -1
package/README.md
CHANGED
|
@@ -19,7 +19,7 @@ Live demo PR: [mcp-guard-demo#1](https://github.com/ChaoYue0307/mcp-guard-demo/p
|
|
|
19
19
|
<a href="https://github.com/marketplace/actions/mcp-guard-mcp-security-scanner"><img alt="GitHub Marketplace" src="https://img.shields.io/badge/Marketplace-mcp--guard-0f766e?logo=github"></a>
|
|
20
20
|
<a href="https://github.com/ChaoYue0307/mcp-guard/actions"><img alt="CI" src="https://github.com/ChaoYue0307/mcp-guard/actions/workflows/ci.yml/badge.svg"></a>
|
|
21
21
|
<a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-111827"></a>
|
|
22
|
-
<a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.
|
|
22
|
+
<a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.1"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
|
|
23
23
|
</p>
|
|
24
24
|
|
|
25
25
|
## Install
|
|
@@ -69,7 +69,7 @@ mcp-guard scan --config .mcp.json --baseline .mcp-guard-baseline.json --fail-on
|
|
|
69
69
|
Use the GitHub Action:
|
|
70
70
|
|
|
71
71
|
```yaml
|
|
72
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
72
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
73
73
|
with:
|
|
74
74
|
config: .mcp.json
|
|
75
75
|
baseline: .mcp-guard-baseline.json
|
package/action.yml
CHANGED
|
@@ -64,9 +64,9 @@ runs:
|
|
|
64
64
|
using: composite
|
|
65
65
|
steps:
|
|
66
66
|
- name: Set up Node.js
|
|
67
|
-
uses: actions/setup-node@
|
|
67
|
+
uses: actions/setup-node@v6
|
|
68
68
|
with:
|
|
69
|
-
node-version: "
|
|
69
|
+
node-version: "24"
|
|
70
70
|
|
|
71
71
|
- name: Generate reports
|
|
72
72
|
id: reports
|
|
@@ -136,7 +136,7 @@ runs:
|
|
|
136
136
|
|
|
137
137
|
- name: Comment on pull request
|
|
138
138
|
if: ${{ always() && inputs.comment-pr == 'true' && github.event_name == 'pull_request' && steps.reports.outputs.comment-report != '' }}
|
|
139
|
-
uses: actions/github-script@
|
|
139
|
+
uses: actions/github-script@v9
|
|
140
140
|
env:
|
|
141
141
|
MCP_GUARD_COMMENT_PATH: ${{ steps.reports.outputs.comment-report }}
|
|
142
142
|
with:
|
|
@@ -173,14 +173,14 @@ runs:
|
|
|
173
173
|
|
|
174
174
|
- name: Upload report artifact
|
|
175
175
|
if: ${{ always() && inputs.upload-artifact == 'true' }}
|
|
176
|
-
uses: actions/upload-artifact@
|
|
176
|
+
uses: actions/upload-artifact@v7
|
|
177
177
|
with:
|
|
178
178
|
name: ${{ inputs.artifact-name }}
|
|
179
179
|
path: ${{ inputs.output-dir }}
|
|
180
180
|
|
|
181
181
|
- name: Upload SARIF to code scanning
|
|
182
182
|
if: ${{ always() && inputs.upload-sarif == 'true' && steps.reports.outputs.sarif-report != '' }}
|
|
183
|
-
uses: github/codeql-action/upload-sarif@
|
|
183
|
+
uses: github/codeql-action/upload-sarif@v4
|
|
184
184
|
with:
|
|
185
185
|
sarif_file: ${{ steps.reports.outputs.sarif-report }}
|
|
186
186
|
|
package/docs/baseline.md
CHANGED
|
@@ -30,7 +30,7 @@ If the scan finds only baseline-accepted findings, the exit code is `0`. If a ne
|
|
|
30
30
|
## GitHub Action
|
|
31
31
|
|
|
32
32
|
```yaml
|
|
33
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
33
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
34
34
|
with:
|
|
35
35
|
config: .mcp.json
|
|
36
36
|
baseline: .mcp-guard-baseline.json
|
|
@@ -45,7 +45,7 @@ The generated Markdown, HTML, JSON, and PR comment separate active findings from
|
|
|
45
45
|
{
|
|
46
46
|
"version": 1,
|
|
47
47
|
"generatedAt": "2026-05-10T00:00:00.000Z",
|
|
48
|
-
"toolVersion": "0.4.
|
|
48
|
+
"toolVersion": "0.4.1",
|
|
49
49
|
"findings": [
|
|
50
50
|
{
|
|
51
51
|
"fingerprint": "mcpg_a009b2c2",
|
package/docs/github-action.md
CHANGED
|
@@ -27,7 +27,7 @@ jobs:
|
|
|
27
27
|
runs-on: ubuntu-latest
|
|
28
28
|
steps:
|
|
29
29
|
- uses: actions/checkout@v4
|
|
30
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
30
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
31
31
|
with:
|
|
32
32
|
config: .mcp.json
|
|
33
33
|
fail-on: high
|
|
@@ -55,7 +55,7 @@ jobs:
|
|
|
55
55
|
runs-on: ubuntu-latest
|
|
56
56
|
steps:
|
|
57
57
|
- uses: actions/checkout@v4
|
|
58
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
58
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
59
59
|
with:
|
|
60
60
|
config: .mcp.json
|
|
61
61
|
fail-on: high
|
|
@@ -67,7 +67,7 @@ jobs:
|
|
|
67
67
|
Use `fail-on: none` when you want artifacts and summaries without blocking a pull request.
|
|
68
68
|
|
|
69
69
|
```yaml
|
|
70
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
70
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
71
71
|
with:
|
|
72
72
|
fail-on: none
|
|
73
73
|
```
|
|
@@ -83,7 +83,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
|
|
|
83
83
|
Commit `.mcp-guard-baseline.json`, then reference it from the action:
|
|
84
84
|
|
|
85
85
|
```yaml
|
|
86
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
86
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
87
87
|
with:
|
|
88
88
|
config: .mcp.json
|
|
89
89
|
baseline: .mcp-guard-baseline.json
|
package/docs/launch-checklist.md
CHANGED
|
@@ -23,7 +23,7 @@ jobs:
|
|
|
23
23
|
runs-on: ubuntu-latest
|
|
24
24
|
steps:
|
|
25
25
|
- uses: actions/checkout@v4
|
|
26
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
26
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
27
27
|
with:
|
|
28
28
|
config: .mcp.json
|
|
29
29
|
fail-on: high
|
|
@@ -42,7 +42,7 @@ jobs:
|
|
|
42
42
|
runs-on: ubuntu-latest
|
|
43
43
|
steps:
|
|
44
44
|
- uses: actions/checkout@v4
|
|
45
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
45
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
46
46
|
with:
|
|
47
47
|
config: .mcp.json
|
|
48
48
|
fail-on: high
|
|
@@ -95,7 +95,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
|
|
|
95
95
|
Then enforce only new findings:
|
|
96
96
|
|
|
97
97
|
```yaml
|
|
98
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
98
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
99
99
|
with:
|
|
100
100
|
config: .mcp.json
|
|
101
101
|
baseline: .mcp-guard-baseline.json
|
package/docs/marketplace.md
CHANGED
|
@@ -82,21 +82,18 @@ Code quality
|
|
|
82
82
|
Release title:
|
|
83
83
|
|
|
84
84
|
```text
|
|
85
|
-
v0.4.
|
|
85
|
+
v0.4.1
|
|
86
86
|
```
|
|
87
87
|
|
|
88
88
|
Release notes:
|
|
89
89
|
|
|
90
90
|
```text
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
-
|
|
94
|
-
-
|
|
95
|
-
-
|
|
96
|
-
-
|
|
97
|
-
- Can post or update a pull request comment with active findings.
|
|
98
|
-
- Can upload SARIF to GitHub code scanning with `upload-sarif: "true"`.
|
|
99
|
-
- Fails workflows by configurable severity threshold.
|
|
91
|
+
Node 24 compatibility release.
|
|
92
|
+
|
|
93
|
+
- Keeps the v0.4 baseline and pull request comment workflow.
|
|
94
|
+
- Uses Node.js 24 for the scanner runtime.
|
|
95
|
+
- Updates first-party GitHub Actions dependencies to current major versions.
|
|
96
|
+
- Uses CodeQL SARIF upload v4.
|
|
100
97
|
```
|
|
101
98
|
|
|
102
99
|
## Manual Publishing Steps
|
|
@@ -105,11 +102,11 @@ Completed:
|
|
|
105
102
|
|
|
106
103
|
- Public repository created: <https://github.com/ChaoYue0307/mcp-guard-action>
|
|
107
104
|
- `dist/mcp-guard-action/` exported, committed, and pushed.
|
|
108
|
-
- Release created: <https://github.com/ChaoYue0307/mcp-guard-action/releases/tag/v0.4.
|
|
105
|
+
- Release created: <https://github.com/ChaoYue0307/mcp-guard-action/releases/tag/v0.4.1>
|
|
109
106
|
- README, docs, and website examples now use:
|
|
110
107
|
|
|
111
108
|
```yaml
|
|
112
|
-
- uses: ChaoYue0307/mcp-guard-action@v0.4.
|
|
109
|
+
- uses: ChaoYue0307/mcp-guard-action@v0.4.1
|
|
113
110
|
```
|
|
114
111
|
|
|
115
112
|
Remaining Marketplace web step:
|
package/package.json
CHANGED
package/site/e2e/report.html
CHANGED
|
@@ -297,7 +297,7 @@
|
|
|
297
297
|
<div class="metric"><strong>1</strong><span>Scanned files</span></div>
|
|
298
298
|
<div class="metric"><strong>3</strong><span>MCP servers</span></div>
|
|
299
299
|
<div class="metric"><strong>9</strong><span>Active findings</span></div>
|
|
300
|
-
<div class="metric"><strong>2026-05-10
|
|
300
|
+
<div class="metric"><strong>2026-05-10 13:15 UTC</strong><span>Generated</span></div>
|
|
301
301
|
</div>
|
|
302
302
|
</div>
|
|
303
303
|
<aside class="scorecard" aria-label="Risk score">
|
package/site/e2e/report.json
CHANGED
package/site/e2e/report.md
CHANGED
package/site/e2e/report.sarif
CHANGED
package/src/cli.js
CHANGED
|
@@ -5,7 +5,7 @@ import { scan } from "./scan.js";
|
|
|
5
5
|
import { generateHtmlReport, generateJsonReport, generateMarkdownReport, generateSarifReport, generateTextReport } from "./report.js";
|
|
6
6
|
import { compareSeverity, severityRank } from "./severity.js";
|
|
7
7
|
|
|
8
|
-
const VERSION = "0.4.
|
|
8
|
+
const VERSION = "0.4.1";
|
|
9
9
|
|
|
10
10
|
export async function runCli(argv, io) {
|
|
11
11
|
const args = argv.slice(2);
|