agent-security-scanner-mcp 3.20.0 → 4.0.0

package/code-review-agent/tests/llm/claude-cli.test.ts

@@ -0,0 +1,251 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { z } from 'zod';
+import { SchemaValidationError } from '../../src/llm/provider.js';
+
+// Mock child_process.spawn before importing the provider
+const mockStdin = { write: vi.fn(), end: vi.fn(), on: vi.fn() };
+const mockStdout = { on: vi.fn() };
+const mockStderr = { on: vi.fn() };
+const mockChild = {
+  stdin: mockStdin,
+  stdout: mockStdout,
+  stderr: mockStderr,
+  on: vi.fn(),
+};
+
+vi.mock('node:child_process', () => ({
+  spawn: vi.fn(() => mockChild),
+}));
+
+import { ClaudeCliProvider } from '../../src/llm/claude-cli.js';
+import { spawn } from 'node:child_process';
+
+function simulateClaudeResponse(result: string, isError = false) {
+  const jsonOutput = JSON.stringify({
+    type: 'result',
+    subtype: 'success',
+    is_error: isError,
+    result,
+  });
+
+  // When stdout.on('data', cb) is called, capture the callback
+  mockStdout.on.mockImplementation((event: string, cb: (data: Buffer) => void) => {
+    if (event === 'data') {
+      cb(Buffer.from(jsonOutput));
+    }
+  });
+
+  mockStderr.on.mockImplementation(() => {});
+
+  // When child.on('close', cb) is called, trigger immediately
+  mockChild.on.mockImplementation((event: string, cb: (code: number) => void) => {
+    if (event === 'close') {
+      cb(0);
+    }
+  });
+}
+
+function simulateClaudeError(code: number, stderrMsg = '') {
+  mockStdout.on.mockImplementation(() => {});
+  mockStderr.on.mockImplementation((event: string, cb: (data: Buffer) => void) => {
+    if (event === 'data' && stderrMsg) {
+      cb(Buffer.from(stderrMsg));
+    }
+  });
+  mockChild.on.mockImplementation((event: string, cb: (code: number) => void) => {
+    if (event === 'close') {
+      cb(code);
+    }
+  });
+}
+
+function simulateSpawnError(message: string) {
+  mockStdout.on.mockImplementation(() => {});
+  mockStderr.on.mockImplementation(() => {});
+  mockChild.on.mockImplementation((event: string, cb: unknown) => {
+    if (event === 'error') {
+      (cb as (err: Error) => void)(new Error(message));
+    }
+  });
+}
+
+describe('ClaudeCliProvider', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('constructor', () => {
+    it('defaults to sonnet model', () => {
+      const provider = new ClaudeCliProvider();
+      expect(provider.modelId).toBe('sonnet');
+      expect(provider.providerName).toBe('claude-cli');
+    });
+
+    it('accepts custom model', () => {
+      const provider = new ClaudeCliProvider('haiku');
+      expect(provider.modelId).toBe('haiku');
+    });
+  });
+
+  describe('chat', () => {
+    it('sends prompt via stdin and returns result', async () => {
+      simulateClaudeResponse('Hello world');
+      const provider = new ClaudeCliProvider();
+      const result = await provider.chat([
+        { role: 'user', content: 'Say hello' },
+      ]);
+
+      expect(result).toBe('Hello world');
+      expect(spawn).toHaveBeenCalledWith('claude', [
+        '-p', '-',
+        '--output-format', 'json',
+        '--model', 'sonnet',
+        '--no-session-persistence',
+      ], expect.any(Object));
+      expect(mockStdin.write).toHaveBeenCalled();
+      expect(mockStdin.end).toHaveBeenCalled();
+    });
+
+    it('formats system messages correctly', async () => {
+      simulateClaudeResponse('ok');
+      const provider = new ClaudeCliProvider();
+      await provider.chat([
+        { role: 'system', content: 'You are a helper' },
+        { role: 'user', content: 'Help me' },
+      ]);
+
+      const writtenPrompt = mockStdin.write.mock.calls[0][0] as string;
+      expect(writtenPrompt).toContain('[System Instructions]');
+      expect(writtenPrompt).toContain('You are a helper');
+      expect(writtenPrompt).toContain('Help me');
+    });
+
+    it('formats assistant messages correctly', async () => {
+      simulateClaudeResponse('final answer');
+      const provider = new ClaudeCliProvider();
+      await provider.chat([
+        { role: 'user', content: 'Question 1' },
+        { role: 'assistant', content: 'Answer 1' },
+        { role: 'user', content: 'Question 2' },
+      ]);
+
+      const writtenPrompt = mockStdin.write.mock.calls[0][0] as string;
+      expect(writtenPrompt).toContain('[Previous response]');
+      expect(writtenPrompt).toContain('Answer 1');
+    });
+
+    it('handles large prompts via stdin', async () => {
+      const largeContent = 'x'.repeat(100_000);
+      simulateClaudeResponse('analyzed');
+      const provider = new ClaudeCliProvider();
+      const result = await provider.chat([
+        { role: 'user', content: largeContent },
+      ]);
+
+      expect(result).toBe('analyzed');
+      const writtenPrompt = mockStdin.write.mock.calls[0][0] as string;
+      expect(writtenPrompt.length).toBeGreaterThanOrEqual(100_000);
+    });
+
+    it('rejects on non-zero exit code', async () => {
+      simulateClaudeError(1, 'something went wrong');
+      const provider = new ClaudeCliProvider();
+
+      await expect(provider.chat([
+        { role: 'user', content: 'test' },
+      ])).rejects.toThrow('claude CLI exited with code 1');
+    });
+
+    it('rejects on spawn error', async () => {
+      simulateSpawnError('command not found');
+      const provider = new ClaudeCliProvider();
+
+      await expect(provider.chat([
+        { role: 'user', content: 'test' },
+      ])).rejects.toThrow('claude CLI failed to start');
+    });
+
+    it('rejects when CLI returns is_error', async () => {
+      simulateClaudeResponse('API rate limit exceeded', true);
+      const provider = new ClaudeCliProvider();
+
+      await expect(provider.chat([
+        { role: 'user', content: 'test' },
+      ])).rejects.toThrow('claude CLI error');
+    });
+  });
+
+  describe('chatStructured', () => {
+    const TestSchema = z.object({
+      name: z.string(),
+      value: z.number(),
+    });
+
+    it('parses valid JSON response', async () => {
+      simulateClaudeResponse('{"name": "test", "value": 42}');
+      const provider = new ClaudeCliProvider();
+      const result = await provider.chatStructured(
+        [{ role: 'user', content: 'Give me data' }],
+        TestSchema,
+        'test_schema',
+      );
+
+      expect(result).toEqual({ name: 'test', value: 42 });
+    });
+
+    it('extracts JSON from markdown code blocks', async () => {
+      simulateClaudeResponse('```json\n{"name": "test", "value": 42}\n```');
+      const provider = new ClaudeCliProvider();
+      const result = await provider.chatStructured(
+        [{ role: 'user', content: 'Give me data' }],
+        TestSchema,
+        'test_schema',
+      );
+
+      expect(result).toEqual({ name: 'test', value: 42 });
+    });
+
+    it('extracts JSON from surrounding text', async () => {
+      simulateClaudeResponse('Here is the result: {"name": "test", "value": 42} done.');
+      const provider = new ClaudeCliProvider();
+      const result = await provider.chatStructured(
+        [{ role: 'user', content: 'Give me data' }],
+        TestSchema,
+        'test_schema',
+      );
+
+      expect(result).toEqual({ name: 'test', value: 42 });
+    });
+
+    it('throws SchemaValidationError after max retries with invalid JSON', async () => {
+      simulateClaudeResponse('not json at all');
+      const provider = new ClaudeCliProvider();
+
+      await expect(provider.chatStructured(
+        [{ role: 'user', content: 'Give me data' }],
+        TestSchema,
+        'test_schema',
+      )).rejects.toThrow(SchemaValidationError);
+    });
+
+    it('throws SchemaValidationError after max retries with wrong schema', async () => {
+      simulateClaudeResponse('{"wrong": "shape"}');
+      const provider = new ClaudeCliProvider();
+
+      await expect(provider.chatStructured(
+        [{ role: 'user', content: 'Give me data' }],
+        TestSchema,
+        'test_schema',
+      )).rejects.toThrow(SchemaValidationError);
+    });
+  });
+
+  describe('countTokens', () => {
+    it('approximates token count from text length', () => {
+      const provider = new ClaudeCliProvider();
+      expect(provider.countTokens('hello world')).toBe(3); // ceil(11/4)
+      expect(provider.countTokens('')).toBe(0);
+      expect(provider.countTokens('a'.repeat(100))).toBe(25);
+    });
+  });
+});

package/code-review-agent/tests/llm/router.test.ts

@@ -0,0 +1,77 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { ModelRouter } from '../../src/llm/router.js';
+import type { AnalysisOptions } from '../../src/types/config.js';
+
+function makeOptions(overrides: Partial<AnalysisOptions> = {}): AnalysisOptions {
+  return {
+    provider: 'anthropic',
+    confidenceThreshold: 0.7,
+    format: 'text',
+    verbose: false,
+    projectRoot: process.cwd(),
+    exclude: [],
+    concurrencyLimit: 5,
+    maxFileSize: 512 * 1024,
+    ...overrides,
+  };
+}
+
+describe('ModelRouter', () => {
+  beforeEach(() => {
+    vi.stubEnv('ANTHROPIC_API_KEY', 'test-key');
+    vi.stubEnv('OPENAI_API_KEY', 'test-key');
+  });
+
+  it('creates anthropic triage provider with haiku model', () => {
+    const router = new ModelRouter(makeOptions({ provider: 'anthropic' }));
+    const provider = router.getTriageProvider();
+    expect(provider.providerName).toBe('anthropic');
+    expect(provider.modelId).toBe('claude-haiku-4-5-20251001');
+  });
+
+  it('creates anthropic analysis provider with sonnet model', () => {
+    const router = new ModelRouter(makeOptions({ provider: 'anthropic' }));
+    const provider = router.getAnalysisProvider();
+    expect(provider.providerName).toBe('anthropic');
+    expect(provider.modelId).toBe('claude-sonnet-4-20250514');
+  });
+
+  it('creates openai triage provider with gpt-4o-mini', () => {
+    const router = new ModelRouter(makeOptions({ provider: 'openai' }));
+    const provider = router.getTriageProvider();
+    expect(provider.providerName).toBe('openai');
+    expect(provider.modelId).toBe('gpt-4o-mini');
+  });
+
+  it('creates openai analysis provider with gpt-4o', () => {
+    const router = new ModelRouter(makeOptions({ provider: 'openai' }));
+    const provider = router.getAnalysisProvider();
+    expect(provider.providerName).toBe('openai');
+    expect(provider.modelId).toBe('gpt-4o');
+  });
+
+  it('uses custom model override', () => {
+    const router = new ModelRouter(makeOptions({ provider: 'anthropic', model: 'claude-opus-4-20250514' }));
+    const provider = router.getAnalysisProvider();
+    expect(provider.modelId).toBe('claude-opus-4-20250514');
+  });
+
+  it('caches providers', () => {
+    const router = new ModelRouter(makeOptions());
+    const a = router.getTriageProvider();
+    const b = router.getTriageProvider();
+    expect(a).toBe(b);
+  });
+
+  it('estimates cost', () => {
+    const router = new ModelRouter(makeOptions());
+    const cost = router.estimateCost(1_000_000);
+    expect(cost).toBeGreaterThan(0);
+  });
+
+  it('throws on missing API key', () => {
+    vi.stubEnv('ANTHROPIC_API_KEY', '');
+    const router = new ModelRouter(makeOptions({ provider: 'anthropic' }));
+    expect(() => router.getAnalysisProvider()).toThrow('Missing API key');
+  });
+});

package/code-review-agent/tests/llm/schemas.test.ts

@@ -0,0 +1,142 @@
+import { describe, it, expect } from 'vitest';
+import { z } from 'zod';
+import {
+  zodToJsonSchema,
+  zodToAnthropicTool,
+  zodToOpenAIResponseFormat,
+} from '../../src/llm/schemas.js';
+
+describe('zodToJsonSchema', () => {
+  it('converts string schema', () => {
+    const result = zodToJsonSchema(z.string());
+    expect(result).toEqual({ type: 'string' });
+  });
+
+  it('converts number schema with min/max', () => {
+    const result = zodToJsonSchema(z.number().min(0).max(1));
+    expect(result).toEqual({ type: 'number', minimum: 0, maximum: 1 });
+  });
+
+  it('converts boolean schema', () => {
+    const result = zodToJsonSchema(z.boolean());
+    expect(result).toEqual({ type: 'boolean' });
+  });
+
+  it('converts enum schema', () => {
+    const result = zodToJsonSchema(z.enum(['a', 'b', 'c']));
+    expect(result).toEqual({ type: 'string', enum: ['a', 'b', 'c'] });
+  });
+
+  it('converts array schema', () => {
+    const result = zodToJsonSchema(z.array(z.string()));
+    expect(result).toEqual({ type: 'array', items: { type: 'string' } });
+  });
+
+  it('converts object schema', () => {
+    const schema = z.object({
+      name: z.string(),
+      age: z.number(),
+    });
+    const result = zodToJsonSchema(schema);
+    expect(result).toEqual({
+      type: 'object',
+      properties: {
+        name: { type: 'string' },
+        age: { type: 'number' },
+      },
+      required: ['name', 'age'],
+      additionalProperties: false,
+    });
+  });
+
+  it('handles optional fields', () => {
+    const schema = z.object({
+      name: z.string(),
+      bio: z.string().optional(),
+    });
+    const result = zodToJsonSchema(schema);
+    expect(result).toEqual({
+      type: 'object',
+      properties: {
+        name: { type: 'string' },
+        bio: { type: 'string' },
+      },
+      required: ['name'],
+      additionalProperties: false,
+    });
+  });
+
+  it('converts nested object schema', () => {
+    const schema = z.object({
+      location: z.object({
+        file: z.string(),
+        line: z.number(),
+      }),
+    });
+    const result = zodToJsonSchema(schema);
+    expect(result).toEqual({
+      type: 'object',
+      properties: {
+        location: {
+          type: 'object',
+          properties: {
+            file: { type: 'string' },
+            line: { type: 'number' },
+          },
+          required: ['file', 'line'],
+          additionalProperties: false,
+        },
+      },
+      required: ['location'],
+      additionalProperties: false,
+    });
+  });
+
+  it('converts literal schema', () => {
+    const result = zodToJsonSchema(z.literal('analyze'));
+    expect(result).toEqual({ type: 'string', const: 'analyze' });
+  });
+
+  it('throws for unsupported zod types instead of returning an empty schema', () => {
+    expect(() => zodToJsonSchema(z.tuple([z.string()]))).toThrow(
+      'unsupported Zod type',
+    );
+  });
+});
+
+describe('zodToAnthropicTool', () => {
+  it('wraps schema as Anthropic tool definition', () => {
+    const schema = z.object({ name: z.string() });
+    const result = zodToAnthropicTool(schema, 'test_tool', 'A test tool');
+    expect(result).toEqual({
+      name: 'test_tool',
+      description: 'A test tool',
+      input_schema: {
+        type: 'object',
+        properties: { name: { type: 'string' } },
+        required: ['name'],
+        additionalProperties: false,
+      },
+    });
+  });
+});
+
+describe('zodToOpenAIResponseFormat', () => {
+  it('wraps schema as OpenAI response_format', () => {
+    const schema = z.object({ value: z.number() });
+    const result = zodToOpenAIResponseFormat(schema, 'test_format');
+    expect(result).toEqual({
+      type: 'json_schema',
+      json_schema: {
+        name: 'test_format',
+        strict: true,
+        schema: {
+          type: 'object',
+          properties: { value: { type: 'number' } },
+          required: ['value'],
+          additionalProperties: false,
+        },
+      },
+    });
+  });
+});

package/code-review-agent/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "Node16",
+    "moduleResolution": "Node16",
+    "lib": ["ES2022"],
+    "outDir": "dist",
+    "rootDir": ".",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true,
+    "declaration": true,
+    "declarationMap": true,
+    "sourceMap": true
+  },
+  "include": ["src/**/*", "bin/**/*"],
+  "exclude": ["node_modules", "dist", "tests"]
+}

package/code-review-agent/vitest.config.ts

@@ -0,0 +1,11 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: 'node',
+    testTimeout: 30_000,
+    include: ['tests/**/*.test.ts'],
+    exclude: ['node_modules', 'dist'],
+  },
+});

package/index.js

@@ -47,7 +47,7 @@ try {
 // Create MCP Server
 const server = new McpServer(
   {
-    name: "agent-security-scanner-mcp",
+    name: "prooflayer-agent-security",
     version: _pkgVersion,
   },
   {
@@ -306,7 +306,7 @@ const cliArgs = process.argv.slice(2);
     // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
     const text = cliArgs[1];
     if (!text) {
-      console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
+      console.error('Usage: prooflayer-agent-security scan-prompt <text> [--verbosity minimal|compact|full]');
       process.exit(1);
     }
     const verbosityIdx = cliArgs.indexOf('--verbosity');
@@ -326,7 +326,7 @@ const cliArgs = process.argv.slice(2);
   // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
   const filePath = cliArgs[1];
   if (!filePath) {
-    console.error('Usage: agent-security-scanner-mcp scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
+    console.error('Usage: prooflayer-agent-security scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
     process.exit(1);
   }
   const verbosityIdx = cliArgs.indexOf('--verbosity');
@@ -348,7 +348,7 @@ const cliArgs = process.argv.slice(2);
   const packageName = cliArgs[1];
   const ecosystem = cliArgs[2];
   if (!packageName || !ecosystem) {
-    console.error('Usage: agent-security-scanner-mcp check-package <name> <ecosystem>');
+    console.error('Usage: prooflayer-agent-security check-package <name> <ecosystem>');
     console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
     process.exit(1);
   }
@@ -367,7 +367,7 @@ const cliArgs = process.argv.slice(2);
   const filePath = cliArgs[1];
   const ecosystem = cliArgs[2];
   if (!filePath || !ecosystem) {
-    console.error('Usage: agent-security-scanner-mcp scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
+    console.error('Usage: prooflayer-agent-security scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
     console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
     process.exit(1);
   }
@@ -387,7 +387,7 @@ const cliArgs = process.argv.slice(2);
   // CLI mode: scan-project <dir> [--recursive] [--diff-only] [--cross-file] [--include '*.py'] [--exclude '*.test.js'] [--verbosity minimal|compact|full]
   const dirPath = cliArgs[1];
   if (!dirPath || dirPath.startsWith('--')) {
-    console.error('Usage: agent-security-scanner-mcp scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
+    console.error('Usage: prooflayer-agent-security scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
     process.exit(1);
   }
   const verbosityIdx = cliArgs.indexOf('--verbosity');
@@ -455,7 +455,7 @@ const cliArgs = process.argv.slice(2);
   // CLI mode: scan-mcp <path> [--verbosity minimal|compact|full]
   const serverPath = cliArgs[1];
   if (!serverPath) {
-    console.error('Usage: agent-security-scanner-mcp scan-mcp <server-path> [--verbosity minimal|compact|full]');
+    console.error('Usage: prooflayer-agent-security scan-mcp <server-path> [--verbosity minimal|compact|full]');
     process.exit(1);
   }
   const verbosityIdx = cliArgs.indexOf('--verbosity');
@@ -474,7 +474,7 @@ const cliArgs = process.argv.slice(2);
   const actionType = cliArgs[1];
   const actionValue = cliArgs[2];
   if (!actionType || !actionValue) {
-    console.error('Usage: agent-security-scanner-mcp scan-action <type> <value> [--verbosity minimal|compact|full]');
+    console.error('Usage: prooflayer-agent-security scan-action <type> <value> [--verbosity minimal|compact|full]');
     console.error('Types: bash, file_write, file_read, http_request, file_delete, cron, process_spawn, git, docker');
     process.exit(1);
   }
@@ -492,7 +492,7 @@ const cliArgs = process.argv.slice(2);
 } else if (cliArgs[0] === 'scan-skill') {
   const skillPath = cliArgs[1];
   if (!skillPath) {
-    console.error('Usage: agent-security-scanner-mcp scan-skill <skill-path> [--verbosity minimal|compact|full] [--baseline]');
+    console.error('Usage: prooflayer-agent-security scan-skill <skill-path> [--verbosity minimal|compact|full] [--baseline]');
     process.exit(1);
   }
   const verbosityIdx = cliArgs.indexOf('--verbosity');
@@ -529,7 +529,7 @@ const cliArgs = process.argv.slice(2);
   await import('./src/cli/scan-clawhub-safe.js');
   // Exit is handled by scan-clawhub-safe.js
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
-  console.log('\n  agent-security-scanner-mcp\n');
+  console.log('\n  prooflayer-agent-security\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
   console.log('    init-hooks           Install Claude Code hooks for auto-scanning');
@@ -557,14 +557,14 @@ const cliArgs = process.argv.slice(2);
   console.log('    --include <pattern>  Include only matching files (scan-project)');
   console.log('    --exclude <pattern>  Exclude matching files (scan-project)\n');
   console.log('  Examples:');
-  console.log('    npx agent-security-scanner-mcp init');
-  console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
-  console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
-  console.log('    npx agent-security-scanner-mcp check-package flask pypi');
-  console.log('    npx agent-security-scanner-mcp scan-project ./src --verbosity minimal');
-  console.log('    npx agent-security-scanner-mcp scan-diff HEAD~1');
-  console.log('    npx agent-security-scanner-mcp report ./src --json');
-  console.log('    npx agent-security-scanner-mcp benchmark --save --compare-latest\n');
+  console.log('    npx prooflayer-agent-security init');
+  console.log('    npx prooflayer-agent-security scan-prompt "ignore previous instructions"');
+  console.log('    npx prooflayer-agent-security scan-security ./app.py --verbosity minimal');
+  console.log('    npx prooflayer-agent-security check-package flask pypi');
+  console.log('    npx prooflayer-agent-security scan-project ./src --verbosity minimal');
+  console.log('    npx prooflayer-agent-security scan-diff HEAD~1');
+  console.log('    npx prooflayer-agent-security report ./src --json');
+  console.log('    npx prooflayer-agent-security benchmark --save --compare-latest\n');
   process.exit(0);
 } else {
   // Normal MCP server mode

package/openclaw.plugin.json

@@ -1,6 +1,6 @@
 {
-  "name": "agent-security-scanner-mcp",
-  "version": "3.10.3",
+  "name": "prooflayer-agent-security",
+  "version": "4.0.0",
   "description": "Security scanner for OpenClaw: prompt injection firewall, package hallucination detection, code vulnerability scanning, auto-fix",
   "author": "Sinewave AI",
   "license": "MIT",

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.20.0",
+  "version": "4.0.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
+  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -112,7 +112,17 @@
     "daemon.py",
     "python_taint_fallback.py",
     "src/lib/*.js",
-    "compliance/**"
+    "compliance/**",
+    "code-review-agent/README.md",
+    "code-review-agent/TODO.md",
+    "code-review-agent/package.json",
+    "code-review-agent/tsconfig.json",
+    "code-review-agent/vitest.config.ts",
+    "code-review-agent/.env.example",
+    "code-review-agent/bin/**",
+    "code-review-agent/src/**",
+    "code-review-agent/dist/**",
+    "code-review-agent/tests/**"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",

package/server.json

@@ -1,8 +1,8 @@
 {
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
-  "name": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "MCP security scanner with prompt injection firewall, package hallucination detection, and auto-fix.",
-  "version": "2.0.4",
+  "name": "io.github.sinewaveai/prooflayer-agent-security",
+  "description": "MCP security scanner with prompt injection firewall, package hallucination detection, LLM-powered code review, and auto-fix.",
+  "version": "4.0.0",
   "transport": "stdio",
   "registry": "npm"
 }