agent-mcp-guard 0.4.6 → 0.4.7

package/README.md

@@ -19,7 +19,7 @@ Live demo PR: [mcp-guard-demo#1](https://github.com/ChaoYue0307/mcp-guard-demo/p
   <a href="https://github.com/marketplace/actions/mcp-guard-mcp-security-scanner"><img alt="GitHub Marketplace" src="https://img.shields.io/badge/Marketplace-mcp--guard-0f766e?logo=github"></a>
   <a href="https://github.com/ChaoYue0307/mcp-guard/actions"><img alt="CI" src="https://github.com/ChaoYue0307/mcp-guard/actions/workflows/ci.yml/badge.svg"></a>
   <a href="LICENSE"><img alt="License" src="https://img.shields.io/badge/license-Apache--2.0-111827"></a>
-  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.6"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
+  <a href="https://github.com/ChaoYue0307/mcp-guard/releases/tag/v0.4.7"><img alt="Release" src="https://img.shields.io/github/v/release/ChaoYue0307/mcp-guard?color=7c2d12"></a>
 </p>
 
 ## Install
@@ -93,7 +93,7 @@ mcp-guard scan --config .mcp.json --baseline .mcp-guard-baseline.json --fail-on
 Use the GitHub Action:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     # policy: .mcp-guard-policy.json
@@ -152,7 +152,7 @@ For paid setup or internal review handoff, `mcp-guard audit` writes a complete e
 - remediation plan grouped by MCP server;
 - remediation checklist for PR or handoff tracking;
 - Markdown, HTML, JSON, and SARIF reports;
-- machine-readable audit manifest.
+- machine-readable audit manifest with artifact hashes.
 
 For stricter governance, commit `.mcp-guard-policy.json` and define the commands, remote packages, filesystem roots, and remote MCP endpoints the team has approved. See [Policy files](docs/policy.md).
 

package/docs/audit.md

@@ -37,7 +37,7 @@ mcp-guard audit --config .mcp.json --fail-on high
 | `mcp-guard-report.html` | Readable HTML report for review artifacts. |
 | `mcp-guard-report.json` | Redacted machine-readable report for automation. |
 | `mcp-guard.sarif` | SARIF 2.1.0 report for GitHub code scanning. |
-| `mcp-guard-audit-manifest.json` | Manifest listing status, summary, policy/baseline context, and file paths. |
+| `mcp-guard-audit-manifest.json` | Manifest listing status, summary, policy/baseline context, file paths, SHA-256 hashes, and artifact sizes. |
 
 ## Review Flow
 
@@ -46,7 +46,8 @@ mcp-guard audit --config .mcp.json --fail-on high
 3. Work through `mcp-guard-remediation.md` with the engineering team.
 4. Track concrete work in `mcp-guard-remediation-checklist.md`.
 5. Use `mcp-guard-report.html` for readable evidence and `mcp-guard-report.json` or `mcp-guard.sarif` for automation.
-6. Commit a reviewed policy and baseline only after the team has decided what risk is intentionally accepted.
+6. Use the `integrity.artifacts` section in `mcp-guard-audit-manifest.json` when you need to prove an audit artifact has not changed.
+7. Commit a reviewed policy and baseline only after the team has decided what risk is intentionally accepted.
 
 ## Privacy
 

package/docs/baseline.md

@@ -30,7 +30,7 @@ If the scan finds only baseline-accepted findings, the exit code is `0`. If a ne
 ## GitHub Action
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -45,7 +45,7 @@ The generated Markdown, HTML, JSON, and PR comment separate active findings from
 {
   "version": 1,
   "generatedAt": "2026-05-10T00:00:00.000Z",
-  "toolVersion": "0.4.6",
+  "toolVersion": "0.4.7",
   "findings": [
     {
       "fingerprint": "mcpg_a009b2c2",

package/docs/business-playbook.md

@@ -17,7 +17,7 @@ Deliverables:
 - install the CLI and GitHub Action;
 - run `mcp-guard init` or generate an equivalent workflow manually;
 - generate Markdown, HTML, JSON, and SARIF reports;
-- generate a customer handoff audit pack with executive summary, remediation plan, remediation checklist, reports, and manifest;
+- generate a customer handoff audit pack with executive summary, remediation plan, remediation checklist, reports, and hashed manifest;
 - define an initial `.mcp-guard-policy.json` for approved commands, packages, directories, and remote URLs;
 - create an initial baseline for accepted known findings;
 - enable PR comments and optional SARIF upload;

package/docs/github-action.md

@@ -2,7 +2,7 @@
 
 Use the `mcp-guard` action to scan MCP and AI agent tool configuration in pull requests and CI.
 
-The action runs the CLI from the pinned GitHub Action tag, generates an audit pack with Markdown, HTML, JSON, SARIF, remediation, checklist, and manifest files, writes a job summary, uploads reports as an artifact, and fails the job when findings meet your selected severity threshold.
+The action runs the CLI from the pinned GitHub Action tag, generates an audit pack with Markdown, HTML, JSON, SARIF, remediation, checklist, and hashed manifest files, writes a job summary, uploads reports as an artifact, and fails the job when findings meet your selected severity threshold.
 
 It can also use a committed baseline to accept known findings, enforce a committed policy file, and optionally post a pull request comment with only the active findings.
 
@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -65,7 +65,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -77,7 +77,7 @@ jobs:
 Use `fail-on: none` when you want artifacts and summaries without blocking a pull request.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     fail-on: none
 ```
@@ -93,7 +93,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
 Commit `.mcp-guard-baseline.json`, then reference it from the action:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -107,7 +107,7 @@ Reports will show active findings separately from findings accepted by the basel
 Use a policy when you want CI to enforce approved commands, packages, directories, and remote URLs.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     policy: .mcp-guard-policy.json

package/docs/launch-checklist.md

@@ -37,7 +37,7 @@ mcp-guard audit --config .mcp.json --policy .mcp-guard-policy.json --output-dir
 ## GitHub Action Setup
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json

package/docs/marketplace-action-readme.md

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -42,7 +42,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: ChaoYue0307/mcp-guard-action@v0.4.6
+      - uses: ChaoYue0307/mcp-guard-action@v0.4.7
         with:
           config: .mcp.json
           fail-on: high
@@ -88,7 +88,7 @@ The action generates an audit pack:
 - SARIF 2.1.0 for GitHub code scanning.
 - Remediation Markdown for server-by-server handoff.
 - Remediation checklist for PR and setup tracking.
-- Audit manifest JSON for downstream automation.
+- Audit manifest JSON with SHA-256 hashes and byte sizes for downstream automation.
 
 Secret-like values are redacted before reports are written.
 
@@ -103,7 +103,7 @@ mcp-guard scan --config .mcp.json --write-baseline .mcp-guard-baseline.json
 Then enforce only new findings:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     baseline: .mcp-guard-baseline.json
@@ -115,7 +115,7 @@ Then enforce only new findings:
 Commit `.mcp-guard-policy.json` or pass `policy` to enforce approved commands, remote packages, directories, and remote MCP URLs.
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
   with:
     config: .mcp.json
     policy: .mcp-guard-policy.json

package/docs/marketplace.md

@@ -82,17 +82,17 @@ Code quality
 Current release title:
 
 ```text
-v0.4.6
+v0.4.7
 ```
 
 Release notes:
 
 ```text
-Remediation checklist release.
+Audit integrity release.
 
-- Adds a checkbox remediation checklist to every `mcp-guard audit` pack.
-- PR comments and job summaries now include first remediation steps, not only finding counts.
-- Keeps executive summary, remediation plan, Markdown, HTML, JSON, SARIF, manifest, policy, baseline, artifacts, and SARIF upload support.
+- Adds SHA-256 checksums and byte sizes for generated audit artifacts in `mcp-guard-audit-manifest.json`.
+- Keeps remediation checklist, first remediation steps in PR comments, executive summary, remediation plan, Markdown, HTML, JSON, SARIF, policy, baseline, artifacts, and SARIF upload support.
+- Improves paid setup and internal review handoff by making generated evidence easier to verify after delivery.
 ```
 
 ## Manual Publishing Steps
@@ -105,7 +105,7 @@ Completed:
 - README, docs, and website examples now use:
 
 ```yaml
-- uses: ChaoYue0307/mcp-guard-action@v0.4.6
+- uses: ChaoYue0307/mcp-guard-action@v0.4.7
 ```
 
 Remaining Marketplace web step:

package/docs/paid-audit.md

@@ -13,7 +13,7 @@ It is not currently advertised as an active consulting service. Keep public webs
 ## Deliverables
 
 - MCP and agent tool inventory.
-- `mcp-guard audit` evidence pack with executive summary, remediation plan, remediation checklist, reports, and manifest.
+- `mcp-guard audit` evidence pack with executive summary, remediation plan, remediation checklist, reports, and hashed manifest.
 - Risk report covering shell access, package execution, filesystem scope, secrets, remote servers, and dangerous commands.
 - Practical remediation checklist.
 - Optional PR with safer config and policy changes.

package/docs/roadmap.md

@@ -13,7 +13,7 @@
 - Optional GitHub pull request comments from the Marketplace Action.
 - `mcp-guard init` for bootstrapping a GitHub Action workflow and optional baseline.
 - Policy file enforcement for approved commands, packages, directories, and remote URLs.
-- `mcp-guard audit` for review-ready executive summaries, remediation plans, remediation checklists, reports, and manifests.
+- `mcp-guard audit` for review-ready executive summaries, remediation plans, remediation checklists, reports, and hashed manifests.
 - npm Trusted Publishing workflow prepared for tokenless release publishing.
 
 ## Next

package/docs/trusted-publishing.md

@@ -36,7 +36,7 @@ Configure this once on npmjs.com:
 After this is saved, run the workflow from GitHub Actions with the release tag, for example:
 
 ```text
-v0.4.6
+v0.4.7
 ```
 
 ## Release Flow After Setup
@@ -44,7 +44,7 @@ v0.4.6
 1. Update `package.json` and `src/cli.js`.
 2. Run `npm test` and `npm run release:check`.
 3. Commit and push to `main`.
-4. Create a GitHub release tag such as `v0.4.6`.
+4. Create a GitHub release tag such as `v0.4.7`.
 5. Run the `Publish npm` workflow with the same tag.
 6. Verify npm:
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-mcp-guard",
-  "version": "0.4.6",
+  "version": "0.4.7",
   "description": "Open-source CLI scanner for risky MCP server and AI agent tool configuration.",
   "type": "module",
   "homepage": "https://chaoyue0307.github.io/mcp-guard/",

package/site/e2e/audit/mcp-guard-audit-manifest.json

@@ -2,9 +2,9 @@
   "version": 1,
   "tool": {
     "name": "mcp-guard",
-    "version": "0.4.6"
+    "version": "0.4.7"
   },
-  "generatedAt": "2026-05-10T19:56:07.107Z",
+  "generatedAt": "2026-05-10T20:08:00.622Z",
   "status": "needs_review",
   "failOn": "none",
   "outputDir": "site/e2e/audit",
@@ -36,5 +36,52 @@
     "jsonReport": "site/e2e/audit/mcp-guard-report.json",
     "sarifReport": "site/e2e/audit/mcp-guard.sarif",
     "manifest": "site/e2e/audit/mcp-guard-audit-manifest.json"
+  },
+  "integrity": {
+    "algorithm": "sha256",
+    "artifacts": [
+      {
+        "key": "executiveSummary",
+        "path": "site/e2e/audit/mcp-guard-executive-summary.md",
+        "bytes": 1764,
+        "sha256": "d4679b3353a25ed4f88479ae2594fa6a7e2b1b61a9455b56a61e10a70131c87e"
+      },
+      {
+        "key": "remediation",
+        "path": "site/e2e/audit/mcp-guard-remediation.md",
+        "bytes": 2752,
+        "sha256": "1a7a83531f9fea7f0dc8a074a378151f1f7e10a713abc93136e0200bb1dbd35a"
+      },
+      {
+        "key": "remediationChecklist",
+        "path": "site/e2e/audit/mcp-guard-remediation-checklist.md",
+        "bytes": 2056,
+        "sha256": "d75a40e9c2f243cf9193e50d6d9fa8c56e2d50950deb2f1cc843e230c002e548"
+      },
+      {
+        "key": "markdownReport",
+        "path": "site/e2e/audit/mcp-guard-report.md",
+        "bytes": 3297,
+        "sha256": "11a09f58c19ebb836ff4da6f75d050b508fc989dd41ea1c31a02dbafc3367317"
+      },
+      {
+        "key": "htmlReport",
+        "path": "site/e2e/audit/mcp-guard-report.html",
+        "bytes": 12988,
+        "sha256": "3f597e3e1423159f2665b5f5c3b754c2eda4df5645cc2707fa872ddb3c9b7a3c"
+      },
+      {
+        "key": "jsonReport",
+        "path": "site/e2e/audit/mcp-guard-report.json",
+        "bytes": 5938,
+        "sha256": "a7b2f086928c1d697c4402b37e84b055a7e12ed2bef55654a19733a80d082947"
+      },
+      {
+        "key": "sarifReport",
+        "path": "site/e2e/audit/mcp-guard.sarif",
+        "bytes": 20856,
+        "sha256": "994c3bd89e616a76c53cd3797f6323001cc11dcb1afd96ddaeeb9d53c6432ee8"
+      }
+    ]
   }
 }

package/site/e2e/audit/mcp-guard-executive-summary.md

@@ -1,6 +1,6 @@
 # mcp-guard Executive Summary
 
-Generated: 2026-05-10T19:56:07.107Z
+Generated: 2026-05-10T20:08:00.622Z
 Status: **Needs review**
 Risk score: **98**
 Fail threshold: **none**

package/site/e2e/audit/mcp-guard-remediation-checklist.md

@@ -1,6 +1,6 @@
 # mcp-guard Remediation Checklist
 
-Generated: 2026-05-10T19:56:07.107Z
+Generated: 2026-05-10T20:08:00.622Z
 Risk score: **98**
 Active findings: **9**
 

package/site/e2e/audit/mcp-guard-remediation.md

@@ -1,6 +1,6 @@
 # mcp-guard Remediation Plan
 
-Generated: 2026-05-10T19:56:07.107Z
+Generated: 2026-05-10T20:08:00.622Z
 
 ## Priority
 

package/site/e2e/audit/mcp-guard-report.html

@@ -297,7 +297,7 @@
           <div class="metric"><strong>1</strong><span>Scanned files</span></div>
           <div class="metric"><strong>3</strong><span>MCP servers</span></div>
           <div class="metric"><strong>9</strong><span>Active findings</span></div>
-          <div class="metric"><strong>2026-05-10 19:56 UTC</strong><span>Generated</span></div>
+          <div class="metric"><strong>2026-05-10 20:08 UTC</strong><span>Generated</span></div>
         </div>
       </div>
       <aside class="scorecard" aria-label="Risk score">

package/site/e2e/audit/mcp-guard-report.json

@@ -1,11 +1,11 @@
 {
   "metadata": {
-    "generatedAt": "2026-05-10T19:56:07.107Z",
+    "generatedAt": "2026-05-10T20:08:00.622Z",
     "cwd": ".",
     "home": "~",
     "policyPath": "",
     "policyEnabled": false,
-    "toolVersion": "0.4.6"
+    "toolVersion": "0.4.7"
   },
   "policy": null,
   "scannedFiles": [

package/site/e2e/audit/mcp-guard-report.md

@@ -1,6 +1,6 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T19:56:07.107Z
+Generated: 2026-05-10T20:08:00.622Z
 
 ## Summary
 

package/site/e2e/audit/mcp-guard.sarif

@@ -7,7 +7,7 @@
         "driver": {
           "name": "mcp-guard",
           "informationUri": "https://github.com/ChaoYue0307/mcp-guard",
-          "semanticVersion": "0.4.6",
+          "semanticVersion": "0.4.7",
           "rules": [
             {
               "id": "MCP010",

package/site/e2e/report.html

@@ -297,7 +297,7 @@
           <div class="metric"><strong>1</strong><span>Scanned files</span></div>
           <div class="metric"><strong>3</strong><span>MCP servers</span></div>
           <div class="metric"><strong>9</strong><span>Active findings</span></div>
-          <div class="metric"><strong>2026-05-10 19:56 UTC</strong><span>Generated</span></div>
+          <div class="metric"><strong>2026-05-10 20:07 UTC</strong><span>Generated</span></div>
         </div>
       </div>
       <aside class="scorecard" aria-label="Risk score">

package/site/e2e/report.json

@@ -1,11 +1,11 @@
 {
   "metadata": {
-    "generatedAt": "2026-05-10T19:56:04.165Z",
+    "generatedAt": "2026-05-10T20:07:57.237Z",
     "cwd": ".",
     "home": "~",
     "policyPath": "",
     "policyEnabled": false,
-    "toolVersion": "0.4.6"
+    "toolVersion": "0.4.7"
   },
   "policy": null,
   "scannedFiles": [

package/site/e2e/report.md

@@ -1,6 +1,6 @@
 # mcp-guard Scan Report
 
-Generated: 2026-05-10T19:55:57.838Z
+Generated: 2026-05-10T20:07:52.252Z
 
 ## Summary
 

package/site/e2e/report.sarif

@@ -7,7 +7,7 @@
         "driver": {
           "name": "mcp-guard",
           "informationUri": "https://github.com/ChaoYue0307/mcp-guard",
-          "semanticVersion": "0.4.6",
+          "semanticVersion": "0.4.7",
           "rules": [
             {
               "id": "MCP010",

package/src/audit.js

@@ -1,4 +1,5 @@
 import fs from "node:fs/promises";
+import crypto from "node:crypto";
 import path from "node:path";
 import { applyBaseline, loadBaselineFile } from "./baseline.js";
 import { displayPath } from "./fingerprint.js";
@@ -44,12 +45,6 @@ export async function writeAuditPack({
 
   await fs.mkdir(resolvedOutputDir, { recursive: true });
 
-  const manifest = buildAuditManifest(result, files, {
-    cwd,
-    outputDir: resolvedOutputDir,
-    failOn
-  });
-
   await Promise.all([
     fs.writeFile(files.executiveSummary, generateExecutiveSummary(result, { failOn }), "utf8"),
     fs.writeFile(files.remediation, generateRemediationPlan(result), "utf8"),
@@ -59,6 +54,14 @@ export async function writeAuditPack({
     fs.writeFile(files.jsonReport, `${generateJsonReport(result)}\n`, "utf8"),
     fs.writeFile(files.sarifReport, `${generateSarifReport(result)}\n`, "utf8")
   ]);
+
+  const artifacts = await auditArtifacts(files, cwd);
+  const manifest = buildAuditManifest(result, files, {
+    cwd,
+    outputDir: resolvedOutputDir,
+    failOn,
+    artifacts
+  });
   await fs.writeFile(files.manifest, `${JSON.stringify(manifest, null, 2)}\n`, "utf8");
 
   return {
@@ -246,7 +249,7 @@ function generateRemediationChecklist(result) {
   return `${lines.join("\n")}\n`;
 }
 
-function buildAuditManifest(result, files, { cwd, outputDir, failOn }) {
+function buildAuditManifest(result, files, { cwd, outputDir, failOn, artifacts }) {
   return {
     version: 1,
     tool: {
@@ -268,10 +271,29 @@ function buildAuditManifest(result, files, { cwd, outputDir, failOn }) {
     baseline: result.baseline || { enabled: false },
     files: Object.fromEntries(
       Object.entries(files).map(([key, filePath]) => [key, displayPath(filePath, cwd)])
-    )
+    ),
+    integrity: {
+      algorithm: "sha256",
+      artifacts
+    }
   };
 }
 
+async function auditArtifacts(files, cwd) {
+  const artifacts = [];
+  for (const [key, filePath] of Object.entries(files)) {
+    if (key === "manifest") continue;
+    const content = await fs.readFile(filePath);
+    artifacts.push({
+      key,
+      path: displayPath(filePath, cwd),
+      bytes: content.byteLength,
+      sha256: crypto.createHash("sha256").update(content).digest("hex")
+    });
+  }
+  return artifacts;
+}
+
 function decisionGuidance(result) {
   if (result.findings.length === 0) {
     return ["No active findings were detected. Continue reviewing new MCP servers before adding them."];

package/src/cli.js

@@ -7,7 +7,7 @@ import { scan } from "./scan.js";
 import { generateHtmlReport, generateJsonReport, generateMarkdownReport, generateSarifReport, generateTextReport } from "./report.js";
 import { compareSeverity, severityRank } from "./severity.js";
 
-const VERSION = "0.4.6";
+const VERSION = "0.4.7";
 
 export async function runCli(argv, io) {
   const args = argv.slice(2);