agent-security-scanner-mcp 3.7.0 → 3.9.0

package/daemon.py

@@ -0,0 +1,179 @@
+#!/usr/bin/env python3
+"""JSONL daemon wrapping analyzer.py for persistent process reuse.
+
+Protocol: One JSON object per line over stdin/stdout. stderr for debug logs only.
+Startup: sends {"id":"__ready__","success":true,"result":{"status":"ready"}}
+Actions: analyze, cross_file_analyze, health, shutdown
+"""
+
+import sys
+import os
+
+# CRITICAL: Redirect stdout to stderr BEFORE any imports can print to stdout.
+# This prevents any imported library from corrupting the JSONL protocol channel.
+_protocol_stdout = sys.stdout
+sys.stdout = sys.stderr
+
+# Now safe to import everything
+import json
+import time
+from collections import OrderedDict
+
+# Add script directory to path so analyzer imports work
+sys.path.insert(0, os.path.dirname(os.path.abspath(__file__)))
+
+from analyzer import analyze_file, analyze_file_ast, analyze_file_regex
+
+try:
+    from cross_file_analyzer import cross_file_analyze
+    HAS_CROSS_FILE = True
+except ImportError:
+    HAS_CROSS_FILE = False
+
+
+class LRUCache:
+    """Simple LRU cache keyed by (file_path, mtime), capped at max_size entries."""
+
+    def __init__(self, max_size=200):
+        self._cache = OrderedDict()
+        self._max_size = max_size
+
+    def get(self, file_path):
+        try:
+            mtime = os.path.getmtime(file_path)
+        except OSError:
+            return None
+        key = (file_path, mtime)
+        if key in self._cache:
+            self._cache.move_to_end(key)
+            return self._cache[key]
+        return None
+
+    def put(self, file_path, result):
+        try:
+            mtime = os.path.getmtime(file_path)
+        except OSError:
+            return
+        key = (file_path, mtime)
+        self._cache[key] = result
+        self._cache.move_to_end(key)
+        while len(self._cache) > self._max_size:
+            self._cache.popitem(last=False)
+
+    @property
+    def size(self):
+        return len(self._cache)
+
+
+_cache = LRUCache(max_size=200)
+
+
+def send_response(obj):
+    """Write a JSON line to the protocol channel (original stdout)."""
+    line = json.dumps(obj, separators=(',', ':'))
+    _protocol_stdout.write(line + '\n')
+    _protocol_stdout.flush()
+
+
+def handle_analyze(req):
+    file_path = req.get('file_path')
+    engine = req.get('engine', 'auto')
+
+    if not file_path or not os.path.exists(file_path):
+        return {'success': False, 'error': f'File not found: {file_path}'}
+
+    # Check cache (only for engine=auto)
+    if engine == 'auto':
+        cached = _cache.get(file_path)
+        if cached is not None:
+            return {'success': True, 'result': cached, 'cached': True, 'cache_size': _cache.size}
+
+    try:
+        if engine == 'regex':
+            result = analyze_file_regex(file_path)
+        elif engine == 'ast':
+            result = analyze_file_ast(file_path)
+        else:
+            result = analyze_file(file_path)
+    except Exception as e:
+        return {'success': False, 'error': str(e)}
+
+    if isinstance(result, dict) and 'error' in result:
+        return {'success': False, 'error': result['error']}
+
+    # Cache result (only for engine=auto)
+    if engine == 'auto':
+        _cache.put(file_path, result)
+
+    return {'success': True, 'result': result, 'cached': False, 'cache_size': _cache.size}
+
+
+def handle_cross_file_analyze(req):
+    file_paths = req.get('file_paths', [])
+    if not file_paths:
+        return {'success': False, 'error': 'No file_paths provided'}
+    if not HAS_CROSS_FILE:
+        return {'success': False, 'error': 'cross_file_analyzer not available'}
+
+    try:
+        result = cross_file_analyze(file_paths)
+        return {'success': True, 'result': result}
+    except Exception as e:
+        return {'success': False, 'error': str(e)}
+
+
+def handle_health():
+    return {
+        'success': True,
+        'result': {
+            'status': 'healthy',
+            'cache_size': _cache.size,
+            'pid': os.getpid(),
+            'uptime': time.time() - _start_time,
+        }
+    }
+
+
+def main():
+    global _start_time
+    _start_time = time.time()
+
+    # Signal readiness
+    send_response({
+        'id': '__ready__',
+        'success': True,
+        'result': {'status': 'ready'}
+    })
+
+    for line in sys.stdin:
+        line = line.strip()
+        if not line:
+            continue
+
+        try:
+            req = json.loads(line)
+        except json.JSONDecodeError as e:
+            send_response({'id': None, 'success': False, 'error': f'Invalid JSON: {e}'})
+            continue
+
+        req_id = req.get('id')
+        action = req.get('action')
+
+        if action == 'shutdown':
+            send_response({'id': req_id, 'success': True, 'result': {'status': 'shutdown'}})
+            break
+        elif action == 'health':
+            resp = handle_health()
+        elif action == 'analyze':
+            resp = handle_analyze(req)
+        elif action == 'cross_file_analyze':
+            resp = handle_cross_file_analyze(req)
+        else:
+            resp = {'success': False, 'error': f'Unknown action: {action}'}
+
+        resp['id'] = req_id
+        send_response(resp)
+
+
+if __name__ == '__main__':
+    main()

package/index.js

@@ -11,15 +11,21 @@ import { homedir, platform } from "os";
 import { createInterface } from "readline";
 import { createHash } from "crypto";
 import { envVarReplacement, FIX_TEMPLATES } from './src/fix-patterns.js';
-import { detectLanguage, runAnalyzer, generateFix, toSarif } from './src/utils.js';
+import { detectLanguage, runAnalyzer, generateFix, toSarif, shutdownDaemon } from './src/utils.js';
 import { scanSecuritySchema, scanSecurity } from './src/tools/scan-security.js';
 import { fixSecuritySchema, fixSecurity } from './src/tools/fix-security.js';
 import { loadPackageLists, checkPackageSchema, checkPackage, getPackageStats } from './src/tools/check-package.js';
 import { scanPackagesSchema, scanPackages } from './src/tools/scan-packages.js';
 import { scanAgentPromptSchema, scanAgentPrompt } from './src/tools/scan-prompt.js';
+import { scanDiffSchema, scanDiff } from './src/tools/scan-diff.js';
+import { scanProjectSchema, scanProject } from './src/tools/scan-project.js';
+import { scanAgentActionSchema, scanAgentAction } from './src/tools/scan-action.js';
+import { scanMcpServerSchema, scanMcpServer } from './src/tools/scan-mcp.js';
 import { runInit } from './src/cli/init.js';
 import { runDoctor } from './src/cli/doctor.js';
 import { runDemo } from './src/cli/demo.js';
+import { runInitHooks } from './src/cli/init-hooks.js';
+import { runReport } from './src/cli/report.js';
 
 // Handle both ESM and CJS bundling (Smithery bundles to CJS)
 let __dirname;
@@ -134,6 +140,46 @@ server.tool(
   scanAgentPrompt
 );
 
+// Register scan_git_diff tool
+server.tool(
+  "scan_git_diff",
+  "Scan git diff for new security vulnerabilities. Only reports issues on changed lines. Use for PR reviews.",
+  scanDiffSchema,
+  scanDiff
+);
+
+// Register scan_project tool
+server.tool(
+  "scan_project",
+  "Scan an entire directory for security vulnerabilities with .gitignore support and security grading. Use verbosity='minimal' for grade + counts, 'compact' (default) for top issues, 'full' for all details.",
+  scanProjectSchema,
+  scanProject
+);
+
+// ===========================================
+// AGENT ACTION MONITORING
+// ===========================================
+
+// Register scan_agent_action tool
+server.tool(
+  "scan_agent_action",
+  "Pre-execution security check for agent actions (bash, file_write, file_read, http_request, file_delete). Returns ALLOW/WARN/BLOCK. Lighter than scan_agent_prompt — evaluates concrete actions.",
+  scanAgentActionSchema,
+  scanAgentAction
+);
+
+// ===========================================
+// MCP SERVER SECURITY SCANNING
+// ===========================================
+
+// Register scan_mcp_server tool
+server.tool(
+  "scan_mcp_server",
+  "Scan an MCP server's source code for security vulnerabilities: overly broad permissions, missing input validation, data exfiltration, insecure patterns. Returns grade (A-F) and recommendations.",
+  scanMcpServerSchema,
+  scanMcpServer
+);
+
 // ===========================================
 // CLI COMMANDS - Extracted to src/cli/
 // ===========================================
@@ -156,17 +202,234 @@ if (cliArgs[0] === 'init') {
     console.error(`  Error: ${err.message}\n`);
     process.exit(1);
   });
+} else if (cliArgs[0] === 'init-hooks') {
+  runInitHooks(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
+    console.error(`  Error: ${err.message}\n`);
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'report') {
+  runReport(cliArgs.slice(1)).then(() => process.exit(0)).catch((err) => {
+    console.error(`  Error: ${err.message}\n`);
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-prompt') {
+  // CLI mode: scan-prompt <text> [--verbosity minimal|compact|full]
+  const text = cliArgs[1];
+  if (!text) {
+    console.error('Usage: agent-security-scanner-mcp scan-prompt <text> [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  scanAgentPrompt({ prompt_text: text, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.action === 'BLOCK' ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-security') {
+  // CLI mode: scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]
+  const filePath = cliArgs[1];
+  if (!filePath) {
+    console.error('Usage: agent-security-scanner-mcp scan-security <file> [--verbosity minimal|compact|full] [--format json|sarif]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const formatIdx = cliArgs.indexOf('--format');
+  const outputFormat = formatIdx !== -1 ? cliArgs[formatIdx + 1] : 'json';
+
+  loadPackageLists();
+  scanSecurity({ file_path: filePath, verbosity, output_format: outputFormat }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'check-package') {
+  // CLI mode: check-package <name> <ecosystem>
+  const packageName = cliArgs[1];
+  const ecosystem = cliArgs[2];
+  if (!packageName || !ecosystem) {
+    console.error('Usage: agent-security-scanner-mcp check-package <name> <ecosystem>');
+    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
+    process.exit(1);
+  }
+
+  loadPackageLists();
+  checkPackage({ package_name: packageName, ecosystem }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.legitimate ? 0 : 1);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-packages') {
+  // CLI mode: scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]
+  const filePath = cliArgs[1];
+  const ecosystem = cliArgs[2];
+  if (!filePath || !ecosystem) {
+    console.error('Usage: agent-security-scanner-mcp scan-packages <file> <ecosystem> [--verbosity minimal|compact|full]');
+    console.error('Ecosystems: npm, pypi, rubygems, crates, dart, perl, raku');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  loadPackageLists();
+  scanPackages({ file_path: filePath, ecosystem, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.hallucinated_count > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-project') {
+  // CLI mode: scan-project <dir> [--recursive] [--diff-only] [--cross-file] [--include '*.py'] [--exclude '*.test.js'] [--verbosity minimal|compact|full]
+  const dirPath = cliArgs[1];
+  if (!dirPath || dirPath.startsWith('--')) {
+    console.error('Usage: agent-security-scanner-mcp scan-project <directory> [--recursive] [--diff-only] [--cross-file] [--include <pattern>] [--exclude <pattern>] [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+  const recursive = !cliArgs.includes('--no-recursive');
+  const diffOnly = cliArgs.includes('--diff-only');
+  const crossFile = cliArgs.includes('--cross-file');
+  const includeIdx = cliArgs.indexOf('--include');
+  const includePatterns = includeIdx !== -1 ? [cliArgs[includeIdx + 1]] : undefined;
+  const excludeIdx = cliArgs.indexOf('--exclude');
+  const excludePatterns = excludeIdx !== -1 ? [cliArgs[excludeIdx + 1]] : undefined;
+
+  scanProject({ directory_path: dirPath, recursive, diff_only: diffOnly, cross_file: crossFile, include_patterns: includePatterns, exclude_patterns: excludePatterns, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    const total = output.issues_count || output.total || 0;
+    process.exit(total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-diff') {
+  // CLI mode: scan-diff [base] [target] [--verbosity minimal|compact|full]
+  // Parse positional args, skipping flag values
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const flagValueIndices = new Set(verbosityIdx !== -1 ? [verbosityIdx, verbosityIdx + 1] : []);
+  const positionalArgs = cliArgs.slice(1).filter((arg, idx) => !arg.startsWith('--') && !flagValueIndices.has(idx + 1));
+  const baseRef = positionalArgs[0];
+  const targetRef = positionalArgs[1];
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanDiff({ base_ref: baseRef, target_ref: targetRef, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.issues_count > 0 || output.total > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'benchmark') {
+  // CLI mode: benchmark [--save] [--json-only] [--compare-latest] [--corpus <path>]
+  const benchmarkPath = join(__dirname, 'benchmarks', 'benchmark_runner.py');
+  const benchArgs = [benchmarkPath];
+
+  // Pass through supported flags
+  for (let i = 1; i < cliArgs.length; i++) {
+    if (['--save', '--json-only', '--compare-latest'].includes(cliArgs[i])) {
+      benchArgs.push(cliArgs[i]);
+    } else if (cliArgs[i] === '--corpus' && cliArgs[i + 1]) {
+      benchArgs.push('--corpus', cliArgs[i + 1]);
+      i++;
+    }
+  }
+
+  try {
+    execFileSync('python3', benchArgs, { stdio: 'inherit', timeout: 300000 });
+  } catch (err) {
+    if (err.status) process.exit(err.status);
+    console.error(`Benchmark error: ${err.message}`);
+    process.exit(1);
+  }
+  process.exit(0);
+} else if (cliArgs[0] === 'scan-mcp') {
+  // CLI mode: scan-mcp <path> [--verbosity minimal|compact|full]
+  const serverPath = cliArgs[1];
+  if (!serverPath) {
+    console.error('Usage: agent-security-scanner-mcp scan-mcp <server-path> [--verbosity minimal|compact|full]');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanMcpServer({ server_path: serverPath, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.findings_count > 0 ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
+} else if (cliArgs[0] === 'scan-action') {
+  // CLI mode: scan-action <type> <value> [--verbosity minimal|compact|full]
+  const actionType = cliArgs[1];
+  const actionValue = cliArgs[2];
+  if (!actionType || !actionValue) {
+    console.error('Usage: agent-security-scanner-mcp scan-action <type> <value> [--verbosity minimal|compact|full]');
+    console.error('Types: bash, file_write, file_read, http_request, file_delete');
+    process.exit(1);
+  }
+  const verbosityIdx = cliArgs.indexOf('--verbosity');
+  const verbosity = verbosityIdx !== -1 ? cliArgs[verbosityIdx + 1] : 'compact';
+
+  scanAgentAction({ action_type: actionType, action_value: actionValue, verbosity }).then(result => {
+    const output = JSON.parse(result.content[0].text);
+    console.log(JSON.stringify(output, null, 2));
+    process.exit(output.action === 'BLOCK' ? 1 : 0);
+  }).catch(err => {
+    console.error(JSON.stringify({ error: err.message }));
+    process.exit(1);
+  });
 } else if (cliArgs[0] === '--help' || cliArgs[0] === '-h' || cliArgs[0] === 'help') {
   console.log('\n  agent-security-scanner-mcp\n');
   console.log('  Commands:');
   console.log('    init [client]        Set up MCP config for a client');
+  console.log('    init-hooks           Install Claude Code hooks for auto-scanning');
   console.log('    doctor [--fix]       Check environment & client configs');
   console.log('    demo [--lang js]     Generate vulnerable file + scan it');
+  console.log('    report <dir>         Generate HTML security report with history');
+  console.log('    benchmark [flags]      Run accuracy benchmarks\n');
+  console.log('  CLI Tools (for scripts & OpenClaw):');
+  console.log('    scan-prompt <text>   Scan prompt for injection attacks');
+  console.log('    scan-security <file> Scan file for vulnerabilities');
+  console.log('    check-package <n> <e> Check if package exists in ecosystem');
+  console.log('    scan-packages <f> <e> Scan file imports for hallucinated packages');
+  console.log('    scan-project <dir>   Scan directory for vulnerabilities with grading');
+  console.log('    scan-diff [base] [target] Scan git diff for new vulnerabilities');
+  console.log('    scan-mcp <path>      Scan MCP server source for security issues');
+  console.log('    scan-action <t> <v>  Check agent action before execution\n');
   console.log('    (no args)            Start MCP server on stdio\n');
+  console.log('  Options:');
+  console.log('    --verbosity <level>  minimal|compact|full (default: compact)');
+  console.log('    --format <type>      json|sarif (scan-security only)');
+  console.log('    --include <pattern>  Include only matching files (scan-project)');
+  console.log('    --exclude <pattern>  Exclude matching files (scan-project)\n');
   console.log('  Examples:');
   console.log('    npx agent-security-scanner-mcp init');
-  console.log('    npx agent-security-scanner-mcp doctor --fix');
-  console.log('    npx agent-security-scanner-mcp demo --lang py\n');
+  console.log('    npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
+  console.log('    npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp check-package flask pypi');
+  console.log('    npx agent-security-scanner-mcp scan-project ./src --verbosity minimal');
+  console.log('    npx agent-security-scanner-mcp scan-diff HEAD~1');
+  console.log('    npx agent-security-scanner-mcp report ./src --json');
+  console.log('    npx agent-security-scanner-mcp benchmark --save --compare-latest\n');
   process.exit(0);
 } else {
   // Normal MCP server mode
@@ -176,8 +439,21 @@ if (cliArgs[0] === 'init') {
     const transport = new StdioServerTransport();
     await server.connect(transport);
     console.error("Security Scanner MCP Server running on stdio");
+
+    // Shutdown daemon when MCP server closes
+    server.server.onclose = async () => {
+      await shutdownDaemon();
+    };
   }
 
+  // Graceful shutdown on signals
+  const shutdownHandler = async () => {
+    await shutdownDaemon();
+    process.exit(0);
+  };
+  process.on('SIGTERM', shutdownHandler);
+  process.on('SIGINT', shutdownHandler);
+
   main().catch((error) => {
     console.error("Fatal error:", error);
     process.exit(1);

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "agent-security-scanner-mcp",
-  "version": "3.7.0",
+  "version": "3.9.0",
   "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
-  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline.",
+  "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
   "main": "index.js",
   "type": "module",
   "bin": {
@@ -10,10 +10,11 @@
   },
   "scripts": {
     "start": "node index.js",
+    "postinstall": "node scripts/postinstall.js",
     "test": "vitest run",
     "test:watch": "vitest",
     "test:coverage": "vitest run --coverage",
-    "test:redteam": "npx promptfoo eval --config tests/promptfoo/promptfooconfig.yaml"
+    "benchmark": "python3 benchmarks/benchmark_runner.py --save --compare-latest"
   },
   "keywords": [
     "mcp",
@@ -53,7 +54,9 @@
     "zed",
     "prompt-firewall",
     "auto-fix",
-    "hallucination"
+    "hallucination",
+    "openclaw",
+    "clawdbot"
   ],
   "author": "Sinewave AI <divya@sinewave.ai>",
   "license": "MIT",
@@ -81,6 +84,13 @@
     "src/cli/*.js",
     "src/fix-patterns.js",
     "src/utils.js",
+    "src/daemon-client.js",
+    "src/dedup.js",
+    "src/context.js",
+    "src/config.js",
+    "src/history.js",
+    "src/typosquat.js",
+    "templates/**",
     "analyzer.py",
     "ast_parser.py",
     "generic_ast.py",
@@ -90,7 +100,11 @@
     "taint_analyzer.py",
     "requirements.txt",
     "rules/**",
-    "packages/**"
+    "packages/**",
+    "skills/**",
+    "scripts/postinstall.js",
+    "cross_file_analyzer.py",
+    "daemon.py"
   ],
   "devDependencies": {
     "all-the-package-names": "^2.0.2349",