agent-security-lens 0.1.0

package/.env.example

@@ -0,0 +1,10 @@
+# AgentSecurityLens public MCP client configuration.
+ASL_MODE=online
+ASL_DISABLE_CLOUD=0
+ASL_API_URL=https://api.agentsecuritylens.com
+ASL_API_URLS=https://api.agentsecuritylens.com
+ASL_API_TIMEOUT_MS=3500
+ASL_API_KEY=
+ASL_AGENT_ID=
+ASL_AGENT_NAME=
+ASL_CLIENT_TIER=free

package/.mcp/server.json

@@ -0,0 +1,42 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "io.github.professor2k8/agent-security-lens",
+  "title": "AgentSecurityLens",
+  "description": "Security intelligence MCP for agents to review MCPs, Skills and tools before installation.",
+  "status": "active",
+  "repository": {
+    "url": "https://github.com/professor2k8/agent-security-lens",
+    "source": "github"
+  },
+  "version": "0.1.0",
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "agent-security-lens",
+      "version": "0.1.0",
+      "transport": {
+        "type": "stdio"
+      },
+      "environmentVariables": [
+        {
+          "name": "ASL_API_URL",
+          "description": "AgentSecurityLens Cloud Intelligence API URL.",
+          "isRequired": false,
+          "default": "https://api.agentsecuritylens.com"
+        },
+        {
+          "name": "ASL_API_KEY",
+          "description": "Optional API key for Team, Pro or Enterprise use.",
+          "isRequired": false,
+          "isSecret": true
+        },
+        {
+          "name": "ASL_MODE",
+          "description": "Set to local for offline fallback mode.",
+          "isRequired": false,
+          "default": "online"
+        }
+      ]
+    }
+  ]
+}

package/CHANGELOG.md

@@ -0,0 +1,17 @@
+# Changelog
+
+## 0.1.0
+
+First public release.
+
+### Added
+
+- Agent-facing MCP for pre-install component decisions
+- Machine-readable decision contract and ordered Agent actions
+- MCP, Skill, tool, workflow, prompt bundle, and memory component review
+- Unknown-component submission and research-status workflow
+- Install outcome and decision feedback
+- Evidence-backed restrictions and alternative recommendations
+- Online intelligence lookup with local fallback
+- Versioned security evaluation standard
+- Strict-reviewed, curated-baseline, and automatic-assessment intelligence states

package/LICENSE

@@ -0,0 +1,17 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+Copyright 2026 AgentSecurityLens contributors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/PRIVACY.md

@@ -0,0 +1,37 @@
+# AgentSecurityLens Privacy Notice
+
+Last updated: June 15, 2026
+
+AgentSecurityLens is designed for autonomous agents that request security intelligence before installing or enabling components.
+
+## Data the Service May Receive
+
+Depending on configuration, the online service may receive:
+
+- component name and type
+- public source or registry URL
+- package name, version, and public install command
+- requested permission or capability metadata
+- ASL decision and install outcome
+- anonymous or pseudonymous client identifiers
+- feedback about missing components, incorrect decisions, or alternatives
+
+## Data the Service Does Not Request
+
+Do not submit:
+
+- private source code or private file contents
+- API keys, passwords, tokens, or SSH keys
+- browser cookies or personal browser history
+- private prompts, memories, or customer records
+- secrets contained in environment variables
+
+The public MCP should submit public component metadata only.
+
+## Purpose
+
+Received data is used to return Agent-readable decisions, identify unknown or changed components, improve risk signals and alternatives, and protect service reliability.
+
+## Retention
+
+Operational records may be retained for security research, abuse prevention, and service improvement. Do not submit personal or confidential data.

package/README.md

@@ -0,0 +1,150 @@
+# AgentSecurityLens
+
+AgentSecurityLens (ASL) is a security intelligence MCP for autonomous agents.
+
+Before an agent installs or enables an MCP, Skill, tool, prompt bundle, workflow, or memory component, it can ask ASL for a machine-readable install decision.
+
+## Install
+
+```json
+{
+  "mcpServers": {
+    "agent-security-lens": {
+      "command": "npx",
+      "args": ["-y", "agent-security-lens"]
+    }
+  }
+}
+```
+
+Node.js 20 or newer is required.
+
+## Online Configuration
+
+The public MCP uses online intelligence by default:
+
+```text
+ASL_API_URL=https://api.agentsecuritylens.com
+ASL_API_URLS=https://api.agentsecuritylens.com
+```
+
+`ASL_API_URLS` may contain multiple comma-separated endpoints. The MCP tries them in order and falls back automatically.
+
+## Agent Policy
+
+Agents should call `get_install_policy` after connecting, then call `review_before_install` before every component installation.
+
+```text
+allow                    install from the recorded source and version
+allow_with_restrictions  apply every safe_install_plan item before installation
+ask_user                 stop automatic installation and request confirmation
+avoid                    do not install automatically
+```
+
+Unknown or incompletely reviewed components never receive automatic-install authorization.
+
+Recommended instruction:
+
+```text
+Before installing or enabling any MCP, Skill, tool, prompt bundle, workflow,
+or memory component, call AgentSecurityLens review_before_install.
+Follow agent_decision_contract and agent_actions exactly.
+Never submit private source code, secrets, tokens, cookies, or file contents.
+```
+
+## MCP Tools
+
+- `get_install_policy`: returns the current Agent execution policy.
+- `review_before_install`: evaluates a proposed component and installation context.
+- `check_component`: retrieves known component intelligence.
+- `recommend_alternatives`: returns evidence-backed alternatives and mitigations.
+- `submit_unknown_component`: submits public metadata for research.
+- `get_research_status`: checks whether an unknown component has been reviewed.
+- `report_install_outcome`: reports the result of an Agent action.
+- `submit_decision_feedback`: reports useful, incorrect, or incomplete decisions.
+- `discover_workspace`: discovers Agent, MCP, and Skill environments.
+- `scan_workspace`: performs a local fallback assessment.
+
+## Decision Contract
+
+Example request:
+
+```json
+{
+  "component_name": "filesystem",
+  "component_type": "mcp",
+  "source_url": "https://github.com/modelcontextprotocol/servers",
+  "install_command": "npx -y @modelcontextprotocol/server-filesystem .",
+  "planned_use": "Read and edit project files.",
+  "requested_permissions": ["filesystem-read", "filesystem-write"],
+  "submit_if_unknown": true
+}
+```
+
+Example response shape:
+
+```json
+{
+  "decision": "ask_user",
+  "risk_signals": ["filesystem-read", "filesystem-write", "shell-execution"],
+  "safe_install_plan": [
+    "Restrict filesystem scope to the current project directory.",
+    "Prefer read-only mode when the task only needs inspection.",
+    "Pin the package version before enabling it."
+  ],
+  "agent_decision_contract": {
+    "automatic_install_allowed": false,
+    "user_confirmation_required": true,
+    "blocks_install": true
+  },
+  "one_step_action": {
+    "action_type": "ask_user_before_install"
+  }
+}
+```
+
+Agents must execute the structured fields rather than infer policy from prose.
+
+## Intelligence States
+
+- `strict_reviewed`: versioned evidence, technical scan, community-source check, and independent recalculation completed.
+- `curated_baseline`: manually curated fallback information with limited evidence.
+- `automatic_assessment`: automated coverage that cannot authorize automatic installation.
+- `unknown`: no matching intelligence record.
+
+ASL evaluates observable behavior and installation context. It does not label a component malicious without evidence.
+
+The v0.1.0 public fallback contains 30 strict reviewed records and 20 curated fallback baselines. Automatic assessments are available through the online service but cannot authorize automatic installation.
+
+## Privacy
+
+Online lookup uses public component metadata only. Do not submit:
+
+- private source code or file contents
+- API keys, passwords, tokens, or SSH keys
+- browser cookies or personal browser history
+- private prompts, memories, or customer records
+- secrets from environment variables
+
+See [PRIVACY.md](PRIVACY.md) and [SECURITY.md](SECURITY.md).
+
+## Local Fallback
+
+```powershell
+$env:ASL_MODE="local"
+npx -y agent-security-lens
+```
+
+Local fallback provides basic rules and a limited public intelligence baseline. The current online intelligence service should be preferred when available.
+
+## Verification
+
+```bash
+npm run verify:public
+```
+
+The scoring method is documented in [ASL Agent Component Safety Standard v0.2](docs/asl-agent-component-safety-standard-v0.2.md).
+
+## License
+
+Apache-2.0