agentseal 0.8.1 → 0.9.1

package/dist/chunk-IGSX7F4B.js

@@ -0,0 +1,69 @@
+#!/usr/bin/env node
+
+// src/guard-models.ts
+var GuardVerdict = {
+  SAFE: "safe",
+  WARNING: "warning",
+  DANGER: "danger",
+  ERROR: "error"
+};
+var SEVERITY_ORDER = {
+  critical: 0,
+  high: 1,
+  medium: 2,
+  low: 3
+};
+function customFindingFromDict(d) {
+  return {
+    code: d.code ?? "",
+    title: d.title ?? "",
+    severity: d.severity ?? "medium",
+    verdict: d.verdict ?? "warning",
+    remediation: d.remediation ?? "",
+    rule_file: d.rule_file ?? "",
+    entity_type: d.entity_type ?? "",
+    entity_name: d.entity_name ?? ""
+  };
+}
+function countVerdict(skills, mcp, runtime, verdict) {
+  return skills.filter((s) => s.verdict === verdict).length + mcp.filter((m) => m.verdict === verdict).length + runtime.filter((r) => r.verdict === verdict).length;
+}
+function totalDangers(report) {
+  return countVerdict(report.skill_results, report.mcp_results, report.mcp_runtime_results, GuardVerdict.DANGER);
+}
+function totalWarnings(report) {
+  return countVerdict(report.skill_results, report.mcp_results, report.mcp_runtime_results, GuardVerdict.WARNING);
+}
+function totalSafe(report) {
+  return countVerdict(report.skill_results, report.mcp_results, report.mcp_runtime_results, GuardVerdict.SAFE);
+}
+function guardReportFromDict(d) {
+  return {
+    timestamp: d.timestamp ?? "",
+    duration_seconds: d.duration_seconds ?? 0,
+    agents_found: d.agents_found ?? [],
+    skill_results: d.skill_results ?? [],
+    mcp_results: (d.mcp_results ?? []).map((m) => ({
+      ...m,
+      registry_score: m.registry?.score ?? m.registry_score,
+      registry_level: m.registry?.level ?? m.registry_level,
+      registry_findings_count: m.registry?.findings_count ?? m.registry_findings_count
+    })),
+    mcp_runtime_results: d.mcp_runtime_results ?? [],
+    toxic_flows: d.toxic_flows ?? [],
+    baseline_changes: d.baseline_changes ?? [],
+    llm_tokens_used: d.llm_tokens_used ?? 0,
+    unlisted_findings: d.unlisted_findings ?? [],
+    custom_findings: (d.custom_findings ?? []).map(customFindingFromDict),
+    config_path: d.config_path ?? ""
+  };
+}
+
+export {
+  GuardVerdict,
+  SEVERITY_ORDER,
+  totalDangers,
+  totalWarnings,
+  totalSafe,
+  guardReportFromDict
+};

package/dist/{chunk-23GC7G5P.js → chunk-IO5DO7DS.js}

@@ -564,6 +564,7 @@ function _scanProjectDir(dir, mcpServers, skillPaths, seenSkillPaths) {
 var MAX_SKILL_SIZE, PROJECT_MCP_CONFIGS, PROJECT_SKILL_FILES, PROJECT_SKILL_DIRS, SKILL_DIRS, SKILL_FILES;
 var init_machine_discovery = __esm({
   "src/machine-discovery.ts"() {
+    "use strict";
     MAX_SKILL_SIZE = 10 * 1024 * 1024;
     PROJECT_MCP_CONFIGS = [
       [".mcp.json", "mcpServers", null],
@@ -628,8 +629,6 @@ export {
   PROJECT_SKILL_DIRS,
   getWellKnownConfigs,
   stripJsonComments,
-  scanMachine,
-  scanDirectory,
   machine_discovery_exports,
   init_machine_discovery
 };

package/dist/chunk-PG5LEDUE.js

@@ -0,0 +1,530 @@
+#!/usr/bin/env node
+import {
+  init_machine_discovery,
+  machine_discovery_exports
+} from "./chunk-IO5DO7DS.js";
+import {
+  __toCommonJS
+} from "./chunk-ZLRN7Q7C.js";
+
+// src/project-config.ts
+import { existsSync, readFileSync, writeFileSync, statSync } from "fs";
+import { homedir } from "os";
+import { dirname, join, resolve } from "path";
+import { parse } from "yaml";
+var CONFIG_FILENAME = ".agentseal.yaml";
+function generateConfigYaml(agents, mcpServers) {
+  const activeAgents = agents.filter(
+    (a) => a.status === "found" || a.status === "installed_no_config"
+  );
+  const agentTypes = activeAgents.map((a) => a.agent_type);
+  const serverNameSet = /* @__PURE__ */ new Set();
+  for (const s of mcpServers) {
+    serverNameSet.add(s.name);
+  }
+  const serverNames = Array.from(serverNameSet);
+  const agentLines = agentTypes.length > 0 ? agentTypes.map((t) => `  - ${t}`).join("\n") : "  # - cursor\n  # - claude-desktop";
+  const serverLines = serverNames.length > 0 ? serverNames.map((n) => `  - ${n}`).join("\n") : "  # - filesystem\n  # - sqlite";
+  return `# AgentSeal project configuration
+# https://agentseal.org/docs/config
+
+# Exit code behavior: "danger" (default), "warning", or "safe"
+fail_on: danger
+
+# Agents expected on this machine (unlisted agents trigger GUARD-001)
+allowed_agents:
+${agentLines}
+
+# MCP servers expected (unlisted servers trigger GUARD-002)
+# Use "name" or "name@agent_type" for agent-specific allowlisting
+allowed_mcp_servers:
+${serverLines}
+
+# Paths to ignore during skill scanning (matched by path segment)
+ignore_paths:
+  - node_modules
+  - .git
+  - __pycache__
+
+# Findings to ignore (by code, or code:path for file-specific ignores)
+ignore_findings: []
+  # - id: "SKILL-001"
+  #   reason: "Known safe pattern"
+  # - id: "MCP-002:./configs/server.json"
+  #   reason: "Accepted risk for this file"
+
+# Additional rule directories
+rules_paths: []
+  # - ./rules
+  # - ./custom-rules
+`;
+}
+function runGuardInit(opts) {
+  const { targetDir, force = false, interactive = true } = opts ?? {};
+  const dir = targetDir ?? process.cwd();
+  const configFile = join(dir, CONFIG_FILENAME);
+  if (existsSync(configFile) && !force) {
+    return false;
+  }
+  let agents = [];
+  let allMcpServers = [];
+  try {
+    const { scanMachine, scanDirectory } = (init_machine_discovery(), __toCommonJS(machine_discovery_exports));
+    const machineResult = scanMachine();
+    agents = machineResult.agents;
+    allMcpServers = [...machineResult.mcpServers];
+    const dirResult = scanDirectory(dir);
+    const seen = new Set(allMcpServers.map((s) => `${s.name}::${s.agent_type}`));
+    for (const srv of dirResult.mcpServers) {
+      const key = `${srv.name}::${srv.agent_type}`;
+      if (!seen.has(key)) {
+        seen.add(key);
+        allMcpServers.push(srv);
+      }
+    }
+  } catch {
+  }
+  const yaml = generateConfigYaml(agents, allMcpServers);
+  writeFileSync(configFile, yaml, "utf-8");
+  return true;
+}
+
+// src/rules.ts
+import { readFileSync as readFileSync2, readdirSync, statSync as statSync2 } from "fs";
+import { join as join2 } from "path";
+import { parse as parse2 } from "yaml";
+function fnmatchCase(value, pattern) {
+  let re = "";
+  let i = 0;
+  while (i < pattern.length) {
+    const ch = pattern[i];
+    if (ch === "*") {
+      re += ".*";
+    } else if (ch === "?") {
+      re += ".";
+    } else if (ch === "[") {
+      let j = i + 1;
+      if (j < pattern.length && pattern[j] === "!") {
+        re += "[^";
+        j++;
+      } else {
+        re += "[";
+      }
+      while (j < pattern.length && pattern[j] !== "]") {
+        re += pattern[j];
+        j++;
+      }
+      if (j < pattern.length) {
+        re += "]";
+        i = j;
+      } else {
+        re += "\\[";
+      }
+    } else if (".$^+{}()|\\".includes(ch)) {
+      re += "\\" + ch;
+    } else {
+      re += ch;
+    }
+    i++;
+  }
+  return new RegExp(`^${re}$`, "i").test(value);
+}
+var VALID_SEVERITIES = /* @__PURE__ */ new Set(["critical", "high", "medium", "low"]);
+var VALID_VERDICTS = /* @__PURE__ */ new Set(["danger", "warning"]);
+var VALID_MATCH_TYPES = /* @__PURE__ */ new Set(["mcp", "skill", "agent"]);
+var REQUIRED_FIELDS = ["id", "title", "severity", "verdict", "match"];
+var RuleEngine = class _RuleEngine {
+  rules;
+  constructor(rules) {
+    this.rules = rules;
+  }
+  /**
+   * Load rules from file paths and/or directory paths.
+   *
+   * - Files are loaded directly.
+   * - Directories are globbed for *.yaml and *.yml files.
+   * - Files without a top-level "rules" key are silently skipped.
+   * - Validates required fields, severity, verdict, match.type.
+   * - Throws on duplicate IDs across files.
+   */
+  static fromPaths(paths) {
+    const resolvedFiles = [];
+    for (const p of paths) {
+      const stat = statSync2(p);
+      if (stat.isDirectory()) {
+        const entries = readdirSync(p);
+        for (const entry of entries) {
+          if (entry.endsWith(".yaml") || entry.endsWith(".yml")) {
+            resolvedFiles.push(join2(p, entry));
+          }
+        }
+      } else {
+        resolvedFiles.push(p);
+      }
+    }
+    const allRules = [];
+    const seenIds = /* @__PURE__ */ new Map();
+    for (const filePath of resolvedFiles) {
+      const raw = readFileSync2(filePath, "utf-8");
+      const doc = parse2(raw);
+      if (!doc || !("rules" in doc)) {
+        continue;
+      }
+      const rulesList = doc.rules;
+      if (!Array.isArray(rulesList)) {
+        continue;
+      }
+      for (const r of rulesList) {
+        for (const field of REQUIRED_FIELDS) {
+          if (r[field] == null || r[field] === "") {
+            throw new Error(
+              `Rule in ${filePath} is missing required field: ${field}`
+            );
+          }
+        }
+        const sev = String(r.severity).toLowerCase();
+        if (!VALID_SEVERITIES.has(sev)) {
+          throw new Error(
+            `Rule "${r.id}" in ${filePath} has invalid severity: "${r.severity}" (must be one of: ${[...VALID_SEVERITIES].join(", ")})`
+          );
+        }
+        const verd = String(r.verdict).toLowerCase();
+        if (!VALID_VERDICTS.has(verd)) {
+          throw new Error(
+            `Rule "${r.id}" in ${filePath} has invalid verdict: "${r.verdict}" (must be one of: ${[...VALID_VERDICTS].join(", ")})`
+          );
+        }
+        const matchType = r.match?.type;
+        if (!matchType || !VALID_MATCH_TYPES.has(String(matchType).toLowerCase())) {
+          throw new Error(
+            `Rule "${r.id}" in ${filePath} has invalid match.type: "${matchType}" (must be one of: ${[...VALID_MATCH_TYPES].join(", ")})`
+          );
+        }
+        const id = String(r.id);
+        const existingFile = seenIds.get(id);
+        if (existingFile) {
+          throw new Error(
+            `Duplicate rule ID "${id}" found in ${filePath} (already defined in ${existingFile})`
+          );
+        }
+        seenIds.set(id, filePath);
+        const rule = {
+          id,
+          title: String(r.title),
+          description: r.description ? String(r.description) : "",
+          severity: sev,
+          verdict: verd,
+          remediation: r.remediation ? String(r.remediation) : "",
+          match: r.match,
+          tests: Array.isArray(r.tests) ? r.tests.map((t) => ({
+            name: String(t.name ?? ""),
+            input: t.input ?? {},
+            expect: String(t.expect ?? "no_match")
+          })) : [],
+          source_file: filePath
+        };
+        allRules.push(rule);
+      }
+    }
+    return new _RuleEngine(allRules);
+  }
+  // ─────────────────────────────────────────────────────────────────────
+  // Internal matching
+  // ─────────────────────────────────────────────────────────────────────
+  /**
+   * Check if a rule matches an entity's data.
+   *
+   * - AND logic across fields (all fields must match).
+   * - OR logic within a field (any pattern in the array matches).
+   * - The "type" field in match is skipped (used for routing only).
+   */
+  _matchEntity(rule, entityData) {
+    for (const [field, patterns] of Object.entries(rule.match)) {
+      if (field === "type") continue;
+      const patternList = typeof patterns === "string" ? [patterns] : patterns;
+      const entityValue = entityData[field] ?? "";
+      let fieldMatched = false;
+      for (const pattern of patternList) {
+        if (fnmatchCase(entityValue, String(pattern))) {
+          fieldMatched = true;
+          break;
+        }
+      }
+      if (!fieldMatched) return false;
+    }
+    return true;
+  }
+  // ─────────────────────────────────────────────────────────────────────
+  // Evaluate methods
+  // ─────────────────────────────────────────────────────────────────────
+  /**
+   * Evaluate MCP rules against a server result.
+   */
+  evaluateMcp(server, rawConfig) {
+    const mcpRules = this.rules.filter(
+      (r) => String(r.match.type).toLowerCase() === "mcp"
+    );
+    const args = rawConfig.args;
+    const argsStr = Array.isArray(args) ? args.join(" ") : String(args ?? "");
+    const env = rawConfig.env;
+    const envKeys = env ? Object.keys(env).join(" ") : "";
+    const envValues = env ? Object.values(env).join(" ") : "";
+    const entityData = {
+      name: String(server.name ?? ""),
+      command: String(server.command ?? ""),
+      args: argsStr,
+      env_keys: envKeys,
+      env_values: envValues,
+      source_file: String(server.source_file ?? "")
+    };
+    const findings = [];
+    for (const rule of mcpRules) {
+      if (this._matchEntity(rule, entityData)) {
+        findings.push({
+          code: rule.id,
+          title: rule.title,
+          severity: rule.severity,
+          verdict: rule.verdict,
+          remediation: rule.remediation,
+          rule_file: rule.source_file,
+          entity_type: "mcp",
+          entity_name: entityData.name ?? ""
+        });
+      }
+    }
+    return findings;
+  }
+  /**
+   * Evaluate skill rules against a skill result.
+   */
+  evaluateSkill(skill, content) {
+    const skillRules = this.rules.filter(
+      (r) => String(r.match.type).toLowerCase() === "skill"
+    );
+    const entityData = {
+      name: String(skill.name ?? ""),
+      path: String(skill.path ?? ""),
+      content: content.slice(0, 10240)
+    };
+    const findings = [];
+    for (const rule of skillRules) {
+      if (this._matchEntity(rule, entityData)) {
+        findings.push({
+          code: rule.id,
+          title: rule.title,
+          severity: rule.severity,
+          verdict: rule.verdict,
+          remediation: rule.remediation,
+          rule_file: rule.source_file,
+          entity_type: "skill",
+          entity_name: entityData.name ?? ""
+        });
+      }
+    }
+    return findings;
+  }
+  /**
+   * Evaluate agent rules against an agent config result.
+   */
+  evaluateAgent(agent) {
+    const agentRules = this.rules.filter(
+      (r) => String(r.match.type).toLowerCase() === "agent"
+    );
+    const entityData = {
+      agent_type: String(agent.agent_type ?? ""),
+      name: String(agent.name ?? ""),
+      config_path: String(agent.config_path ?? "")
+    };
+    const findings = [];
+    for (const rule of agentRules) {
+      if (this._matchEntity(rule, entityData)) {
+        findings.push({
+          code: rule.id,
+          title: rule.title,
+          severity: rule.severity,
+          verdict: rule.verdict,
+          remediation: rule.remediation,
+          rule_file: rule.source_file,
+          entity_type: "agent",
+          entity_name: entityData.name ?? ""
+        });
+      }
+    }
+    return findings;
+  }
+  // ─────────────────────────────────────────────────────────────────────
+  // Self-test
+  // ─────────────────────────────────────────────────────────────────────
+  /**
+   * Run embedded tests for all rules.
+   */
+  runTests() {
+    const results = [];
+    for (const rule of this.rules) {
+      for (const test of rule.tests) {
+        const matched = this._matchEntity(rule, test.input);
+        const actual = matched ? "match" : "no_match";
+        results.push({
+          rule_id: rule.id,
+          test_name: test.name,
+          passed: actual === test.expect,
+          expected: test.expect,
+          actual
+        });
+      }
+    }
+    return results;
+  }
+};
+
+// src/baselines.ts
+import { createHash } from "crypto";
+import { existsSync as existsSync2, mkdirSync, readFileSync as readFileSync3, readdirSync as readdirSync2, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
+import { homedir as homedir2 } from "os";
+import { dirname as dirname2, join as join3 } from "path";
+function configFingerprint(server) {
+  const rawCmd = server.command ?? "";
+  const cmdStr = Array.isArray(rawCmd) ? rawCmd.join(" ") : String(rawCmd);
+  const parts = [
+    cmdStr,
+    JSON.stringify([...server.args ?? []].map(String).sort()),
+    JSON.stringify(Object.keys(server.env ?? {}).map(String).sort()),
+    server.url ?? "",
+    JSON.stringify(Object.keys(server.headers ?? {}).map(String).sort())
+  ];
+  return createHash("sha256").update(parts.join("|")).digest("hex");
+}
+function sanitizeName(name) {
+  return name.replace(/[^a-zA-Z0-9_-]/g, "_");
+}
+function rglob(dir, ext) {
+  const results = [];
+  const walk = (d) => {
+    try {
+      for (const entry of readdirSync2(d, { withFileTypes: true })) {
+        const full = join3(d, entry.name);
+        if (entry.isDirectory()) walk(full);
+        else if (entry.isFile() && entry.name.endsWith(ext)) results.push(full);
+      }
+    } catch {
+    }
+  };
+  walk(dir);
+  return results;
+}
+var BaselineStore = class {
+  _dir;
+  constructor(baselinesDir) {
+    this._dir = baselinesDir ?? join3(homedir2(), ".agentseal", "baselines");
+  }
+  _entryPath(agentType, serverName) {
+    return join3(this._dir, sanitizeName(agentType), `${sanitizeName(serverName)}.json`);
+  }
+  /** Load a stored baseline entry. Returns null if not found. */
+  load(agentType, serverName) {
+    const path = this._entryPath(agentType, serverName);
+    if (!existsSync2(path)) return null;
+    try {
+      const data = JSON.parse(readFileSync3(path, "utf-8"));
+      return data;
+    } catch {
+      return null;
+    }
+  }
+  /** Save a baseline entry to disk. */
+  save(entry) {
+    const path = this._entryPath(entry.agent_type, entry.server_name);
+    mkdirSync(dirname2(path), { recursive: true });
+    writeFileSync2(path, JSON.stringify(entry, null, 2), "utf-8");
+  }
+  /** Check a single MCP server against its stored baseline. */
+  checkServer(server) {
+    const name = server.name ?? "unknown";
+    const agentType = server.agent_type ?? "unknown";
+    const rawCmd = server.command ?? "";
+    const command = Array.isArray(rawCmd) ? rawCmd.join(" ") : String(rawCmd);
+    const args = (server.args ?? []).filter((a) => typeof a === "string");
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const configHash = configFingerprint(server);
+    const existing = this.load(agentType, name);
+    if (existing === null) {
+      this.save({
+        server_name: name,
+        agent_type: agentType,
+        config_hash: configHash,
+        binary_hash: null,
+        binary_path: null,
+        command,
+        args,
+        first_seen: now,
+        last_verified: now
+      });
+      return {
+        server_name: name,
+        agent_type: agentType,
+        change_type: "new_server",
+        detail: `New MCP server '${name}' baselined.`
+      };
+    }
+    if (existing.config_hash !== configHash) {
+      const change = {
+        server_name: name,
+        agent_type: agentType,
+        change_type: "config_changed",
+        old_value: existing.config_hash.slice(0, 12),
+        new_value: configHash.slice(0, 12),
+        detail: `Config for '${name}' changed (command/args/env modified).`
+      };
+      existing.config_hash = configHash;
+      existing.command = command;
+      existing.args = args;
+      existing.last_verified = now;
+      this.save(existing);
+      return change;
+    }
+    existing.last_verified = now;
+    this.save(existing);
+    return null;
+  }
+  /** Check all servers. Returns list of changes (empty = no changes). */
+  checkAll(servers, includeNew = false) {
+    const changes = [];
+    for (const srv of servers) {
+      const change = this.checkServer(srv);
+      if (change === null) continue;
+      if (change.change_type === "new_server" && !includeNew) continue;
+      changes.push(change);
+    }
+    return changes;
+  }
+  /** Remove all baselines. Returns count of entries removed. */
+  reset() {
+    let count = 0;
+    for (const f of rglob(this._dir, ".json")) {
+      try {
+        unlinkSync(f);
+        count++;
+      } catch {
+      }
+    }
+    return count;
+  }
+  /** List all stored baseline entries. */
+  listEntries() {
+    const entries = [];
+    for (const f of rglob(this._dir, ".json")) {
+      try {
+        const data = JSON.parse(readFileSync3(f, "utf-8"));
+        entries.push(data);
+      } catch {
+      }
+    }
+    return entries;
+  }
+};
+
+export {
+  runGuardInit,
+  RuleEngine,
+  BaselineStore
+};