agent-security-scanner-mcp 3.6.0 → 3.8.0

package/index.js

@@ -11,15 +11,21 @@ import { homedir, platform } from "os";
 import { createInterface } from "readline";
 import { createHash } from "crypto";
 import { envVarReplacement, FIX_TEMPLATES } from './src/fix-patterns.js';
-import { detectLanguage, runAnalyzer, generateFix, toSarif } from './src/utils.js';
+import { detectLanguage, runAnalyzer, generateFix, toSarif, shutdownDaemon } from './src/utils.js';
 import { scanSecuritySchema, scanSecurity } from './src/tools/scan-security.js';
 import { fixSecuritySchema, fixSecurity } from './src/tools/fix-security.js';
 import { loadPackageLists, checkPackageSchema, checkPackage, getPackageStats } from './src/tools/check-package.js';
 import { scanPackagesSchema, scanPackages } from './src/tools/scan-packages.js';
 import { scanAgentPromptSchema, scanAgentPrompt } from './src/tools/scan-prompt.js';
+import { scanDiffSchema, scanDiff } from './src/tools/scan-diff.js';
+import { scanProjectSchema, scanProject } from './src/tools/scan-project.js';
+import { scanAgentActionSchema, scanAgentAction } from './src/tools/scan-action.js';
+import { scanMcpServerSchema, scanMcpServer } from './src/tools/scan-mcp.js';
 import { runInit } from './src/cli/init.js';
 import { runDoctor } from './src/cli/doctor.js';
 import { runDemo } from './src/cli/demo.js';
+import { runInitHooks } from './src/cli/init-hooks.js';
+import { runReport } from './src/cli/report.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -134,6 +140,46 @@ server.tool(
   scanAgentPrompt
 );
 
+// Register scan_git_diff tool
+server.tool(
+  "scan_git_diff",
+  "Scan git diff for new security vulnerabilities. Only reports issues on changed lines. Use for PR reviews.",
+  scanDiffSchema,
+  scanDiff
+);
+
+// Register scan_project tool
+server.tool(
+  "scan_project",
+  "Scan an entire directory for security vulnerabilities with .gitignore support and security grading. Use verbosity='minimal' for grade + counts, 'compact' (default) for top issues, 'full' for all details.",
+  scanProjectSchema,
+  scanProject
+);
+
+// ===========================================
+// AGENT ACTION MONITORING
+// ===========================================
+
+// Register scan_agent_action tool
+server.tool(
+  "scan_agent_action",
+  "Pre-execution security check for agent actions (bash, file_write, file_read, http_request, file_delete). Returns ALLOW/WARN/BLOCK. Lighter than scan_agent_prompt — evaluates concrete actions.",
+  scanAgentActionSchema,
+  scanAgentAction
+);
+
+// ===========================================
+// MCP SERVER SECURITY SCANNING
+// ===========================================
+
+// Register scan_mcp_server tool
+server.tool(
+  "scan_mcp_server",
+  "Scan an MCP server's source code for security vulnerabilities: overly broad permissions, missing input validation, data exfiltration, insecure patterns. Returns grade (A-F) and recommendations.",
+  scanMcpServerSchema,
+  scanMcpServer
+);
+
 // ===========================================
 // CLI COMMANDS - Extracted to src/cli/
 // ===========================================
@@ -156,17 +202,234 @@ if (cliArgs[0] === 'init') {
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
+} else if (cliArgs[0] === 'init-hooks') {
+  runInitHooks(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
+    console.error(`  Error: ${err.message}\n`);
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'report') {
+  runReport(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
+    console.error(`  Error: ${err.message}\n`);
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-prompt') {
+  // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
+  const text = cliArgs[1];
+  if (!text) {
+    console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  scanAgentPrompt({ prompt_text: text, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.action === 'BLOCK' ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-security') {
+  // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
+  const filePath = cliArgs[1];
+  if (!filePath) {
+    console.error('Usage: agent-security-scanner-mcp scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const formatIdx = cliArgs.indexOf('--format');
+  const outputFormat = formatIdx !== -1 ? cliArgs[formatIdx + 1] : 'json';
+
+  loadPackageLists();
+  scanSecurity({ file_path: filePath, verbosity, output_format: outputFormat }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'check-package') {
+  // CLI mode: check-package <name> <ecosystem>
+  const packageName = cliArgs[1];
+  const ecosystem = cliArgs[2];
+  if (!packageName || !ecosystem) {
+    console.error('Usage: agent-security-scanner-mcp check-package <name> <ecosystem>');
+    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
+    process.exit(1);
+  }
+
+  loadPackageLists();
+  checkPackage({ package_name: packageName, ecosystem }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.legitimate ? 0 : 1);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-packages') {
+  // CLI mode: scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]
+  const filePath = cliArgs[1];
+  const ecosystem = cliArgs[2];
+  if (!filePath || !ecosystem) {
+    console.error('Usage: agent-security-scanner-mcp scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
+    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  scanPackages({ file_path: filePath, ecosystem, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.hallucinated_count > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-project') {
+  // CLI mode: scan-project <dir> [--recursive] [--diff-only] [--cross-file] [--include '*.py'] [--exclude '*.test.js'] [--verbosity minimal|compact|full]
+  const dirPath = cliArgs[1];
+  if (!dirPath || dirPath.startsWith('--')) {
+    console.error('Usage: agent-security-scanner-mcp scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const recursive = !cliArgs.includes('--no-recursive');
+  const diffOnly = cliArgs.includes('--diff-only');
+  const crossFile = cliArgs.includes('--cross-file');
+  const includeIdx = cliArgs.indexOf('--include');
+  const includePatterns = includeIdx !== -1 ? [cliArgs[includeIdx + 1]] : undefined;
+  const excludeIdx = cliArgs.indexOf('--exclude');
+  const excludePatterns = excludeIdx !== -1 ? [cliArgs[excludeIdx + 1]] : undefined;
+
+  scanProject({ directory_path: dirPath, recursive, diff_only: diffOnly, cross_file: crossFile, include_patterns: includePatterns, exclude_patterns: excludePatterns, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    const total = output.issues_count || output.total || 0;
+    process.exit(total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-diff') {
+  // CLI mode: scan-diff [base] [target] [--verbosity minimal|compact|full]
+  // Parse positional args, skipping flag values
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const flagValueIndices = new Set(verbosityIdx !== -1 ? [verbosityIdx, verbosityIdx + 1] : []);
+  const positionalArgs = cliArgs.slice(1).filter((arg, idx) => !arg.startsWith('--') && !flagValueIndices.has(idx + 1));
+  const baseRef = positionalArgs[0];
+  const targetRef = positionalArgs[1];
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanDiff({ base_ref: baseRef, target_ref: targetRef, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'benchmark') {
+  // CLI mode: benchmark [--save] [--json-only] [--compare-latest] [--corpus <path>]
+  const benchmarkPath = join(__dirname, 'benchmarks', 'benchmark_runner.py');
+  const benchArgs = [benchmarkPath];
+
+  // Pass through supported flags
+  for (let i = 1; i < cliArgs.length; i++) {
+    if (['--save', '--json-only', '--compare-latest'].includes(cliArgs[i])) {
+      benchArgs.push(cliArgs[i]);
+    } else if (cliArgs[i] === '--corpus' && cliArgs[i + 1]) {
+      benchArgs.push('--corpus', cliArgs[i + 1]);
+      i++;
+    }
+  }
+
+  try {
+    execFileSync('python3', benchArgs, { stdio: 'inherit', timeout: 300000 });
+  } catch (err) {
+    if (err.status) process.exit(err.status);
+    console.error(`Benchmark error: ${err.message}`);
+    process.exit(1);
+  }
+  process.exit(0);
+} else if (cliArgs[0] === 'scan-mcp') {
+  // CLI mode: scan-mcp <path> [--verbosity minimal|compact|full]
+  const serverPath = cliArgs[1];
+  if (!serverPath) {
+    console.error('Usage: agent-security-scanner-mcp scan-mcp <server-path> [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanMcpServer({ server_path: serverPath, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.findings_count > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-action') {
+  // CLI mode: scan-action <type> <value> [--verbosity minimal|compact|full]
+  const actionType = cliArgs[1];
+  const actionValue = cliArgs[2];
+  if (!actionType || !actionValue) {
+    console.error('Usage: agent-security-scanner-mcp scan-action <type> <value> [--verbosity minimal|compact|full]');
+    console.error('Types: bash, file_write, file_read, http_request, file_delete');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanAgentAction({ action_type: actionType, action_value: actionValue, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.action === 'BLOCK' ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
   console.log('\n  agent-security-scanner-mcp\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
+  console.log('    init-hooks           Install Claude Code hooks for auto-scanning');
   console.log('    doctor [--fix]       Check environment & client configs');
   console.log('    demo [--lang js]     Generate vulnerable file + scan it');
+  console.log('    report <dir>         Generate HTML security report with history');
+  console.log('    benchmark [flags]      Run accuracy benchmarks\n');
+  console.log('  CLI Tools (for scripts & OpenClaw):');
+  console.log('    scan-prompt <text>   Scan prompt for injection attacks');
+  console.log('    scan-security <file> Scan file for vulnerabilities');
+  console.log('    check-package <n> <e> Check if package exists in ecosystem');
+  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages');
+  console.log('    scan-project <dir>   Scan directory for vulnerabilities with grading');
+  console.log('    scan-diff [base] [target] Scan git diff for new vulnerabilities');
+  console.log('    scan-mcp <path>      Scan MCP server source for security issues');
+  console.log('    scan-action <t> <v>  Check agent action before execution\n');
   console.log('    (no args)            Start MCP server on stdio\n');
+  console.log('  Options:');
+  console.log('    --verbosity <level>  minimal|compact|full (default: compact)');
+  console.log('    --format <type>      json|sarif (scan-security only)');
+  console.log('    --include <pattern>  Include only matching files (scan-project)');
+  console.log('    --exclude <pattern>  Exclude matching files (scan-project)\n');
   console.log('  Examples:');
   console.log('    npx agent-security-scanner-mcp init');
-  console.log('    npx agent-security-scanner-mcp doctor --fix');
-  console.log('    npx agent-security-scanner-mcp demo --lang py\n');
+  console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
+  console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp check-package flask pypi');
+  console.log('    npx agent-security-scanner-mcp scan-project ./src --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp scan-diff HEAD~1');
+  console.log('    npx agent-security-scanner-mcp report ./src --json');
+  console.log('    npx agent-security-scanner-mcp benchmark --save --compare-latest\n');
   process.exit(0);
 } else {
   // Normal MCP server mode
@@ -176,8 +439,21 @@ if (cliArgs[0] === 'init') {
     const transport = new StdioServerTransport();
     await server.connect(transport);
     console.error("Security Scanner MCP Server running on stdio");
+
+    // Shutdown daemon when MCP server closes
+    server.server.onclose = async () => {
+      await shutdownDaemon();
+    };
   }
 
+  // Graceful shutdown on signals
+  const shutdownHandler = async () => {
+    await shutdownDaemon();
+    process.exit(0);
+  };
+  process.on('SIGTERM', shutdownHandler);
+  process.on('SIGINT', shutdownHandler);
+
   main().catch((error) => {
     console.error("Fatal error:", error);
     process.exit(1);

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.6.0",
+  "version": "3.8.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline.",
+  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -10,10 +10,11 @@
   },
   "scripts": {
     "start": "node index.js",
+    "postinstall": "node scripts/postinstall.js",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
-    "test:redteam": "npx promptfoo eval --config tests/promptfoo/promptfooconfig.yaml"
+    "benchmark": "python3 benchmarks/benchmark_runner.py --save --compare-latest"
   },
   "keywords": [
     "mcp",
@@ -53,7 +54,9 @@
     "zed",
     "prompt-firewall",
     "auto-fix",
-    "hallucination"
+    "hallucination",
+    "openclaw",
+    "clawdbot"
   ],
   "author": "Sinewave AI <divya@sinewave.ai>",
   "license": "MIT",
@@ -81,6 +84,13 @@
     "src/cli/*.js",
     "src/fix-patterns.js",
     "src/utils.js",
+    "src/daemon-client.js",
+    "src/dedup.js",
+    "src/context.js",
+    "src/config.js",
+    "src/history.js",
+    "src/typosquat.js",
+    "templates/**",
     "analyzer.py",
     "ast_parser.py",
     "generic_ast.py",
@@ -90,7 +100,11 @@
     "taint_analyzer.py",
     "requirements.txt",
     "rules/**",
-    "packages/**"
+    "packages/**",
+    "skills/**",
+    "scripts/postinstall.js",
+    "cross_file_analyzer.py",
+    "daemon.py"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",