blackveil-dns 2.6.4 → 2.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -7
- package/dist/index.d.ts +6 -1
- package/dist/index.js +562 -203
- package/dist/index.js.map +1 -1
- package/dist/stdio.js +1902 -674
- package/dist/stdio.js.map +1 -1
- package/package.json +4 -3
package/README.md
CHANGED
|
@@ -26,7 +26,7 @@ Open-source DNS & email security scanner for Claude, Cursor, VS Code, and MCP cl
|
|
|
26
26
|
|
|
27
27
|
**Claude Desktop** (one-click install):
|
|
28
28
|
|
|
29
|
-
Download the [Blackveil DNS extension](https://github.com/MadaBurns/bv-claude-dns/releases/latest/download/bv-claude-dns.mcpb) and open it — all
|
|
29
|
+
Download the [Blackveil DNS extension](https://github.com/MadaBurns/bv-claude-dns/releases/latest/download/bv-claude-dns.mcpb) and open it — all 51 tools available instantly. [Verify your download](https://blackveilsecurity.com/extensions/claude-dns#install).
|
|
30
30
|
|
|
31
31
|
**Claude Code** (one command):
|
|
32
32
|
|
|
@@ -111,7 +111,7 @@ Transport support:
|
|
|
111
111
|
|
|
112
112
|
## Quality & Reliability
|
|
113
113
|
|
|
114
|
-
The server is continuously validated using a **comprehensive chaos test suite**
|
|
114
|
+
The server is continuously validated using a **comprehensive chaos test suite** that covers all 9 detected MCP client types:
|
|
115
115
|
|
|
116
116
|
- **Interactive clients**: `claude_code`, `cursor`, `vscode`, `claude_desktop`, `windsurf` (auto-format: `compact`)
|
|
117
117
|
- **Non-interactive clients**: `mcp_remote`, `blackveil_dns_action`, `bv_claude_dns_proxy`, `unknown` (auto-format: `full`)
|
|
@@ -154,7 +154,7 @@ Run the chaos tests locally: `python3 scripts/chaos/chaos-test-clients.py`
|
|
|
154
154
|
└──────────────────────────┘
|
|
155
155
|
```
|
|
156
156
|
|
|
157
|
-
- **Generic Scoring Engine**:
|
|
157
|
+
- **Generic Scoring Engine**: Runtime-agnostic, string-keyed three-tier scoring with configurable weights
|
|
158
158
|
- **WASM Policy Engine**: High-performance permission and token checks via `bv-wasm-core`
|
|
159
159
|
- **Reliable Sessions**: Hardened tombstone logic prevents race-condition revival of terminated sessions
|
|
160
160
|
- **Adaptive Scoring**: Durable Object telemetry adjusts weights based on real-world distributions
|
|
@@ -164,11 +164,13 @@ Run the chaos tests locally: `python3 scripts/chaos/chaos-test-clients.py`
|
|
|
164
164
|
|
|
165
165
|
## Client setup
|
|
166
166
|
|
|
167
|
-
The free tier requires no authentication.
|
|
167
|
+
The free tier requires no authentication. Authenticated requests bypass per-IP rate limits and follow your tier's daily quota. Three authentication methods are supported:
|
|
168
|
+
|
|
168
169
|
- **Header**: `Authorization: Bearer <KEY>`
|
|
169
|
-
- **Query Param**: `?api_key=<KEY>`
|
|
170
|
+
- **Query Param**: `?api_key=<KEY>` (for clients that can't send custom headers — Smithery, Claude Code)
|
|
171
|
+
- **OAuth 2.1**: authorization-code flow with PKCE, discovered via `/.well-known/oauth-authorization-server` — used by the Claude mobile custom connector.
|
|
170
172
|
|
|
171
|
-
For full hosted setup examples, stdio usage, and legacy fallback endpoints, see [**docs/client-setup.md**](docs/client-setup.md).
|
|
173
|
+
For full hosted setup examples, stdio usage, OAuth setup, and legacy fallback endpoints, see [**docs/client-setup.md**](docs/client-setup.md).
|
|
172
174
|
|
|
173
175
|
---
|
|
174
176
|
|
|
@@ -197,6 +199,6 @@ If you discover a vulnerability in a third-party domain, please follow [coordina
|
|
|
197
199
|
|
|
198
200
|
Built and maintained by [**BLACKVEIL**](https://blackveilsecurity.com) — NZ-owned cybersecurity consultancy.
|
|
199
201
|
|
|
200
|
-
BUSL-1.1
|
|
202
|
+
[Privacy Policy](https://www.blackveilsecurity.com/privacy) · [License](LICENSE) (BUSL-1.1 → MIT on 2030-03-17)
|
|
201
203
|
|
|
202
204
|
</div>
|
package/dist/index.d.ts
CHANGED
|
@@ -46,6 +46,7 @@ declare const RecordType: {
|
|
|
46
46
|
readonly DNSKEY: 48;
|
|
47
47
|
readonly DS: 43;
|
|
48
48
|
readonly RRSIG: 46;
|
|
49
|
+
readonly NSEC3PARAM: 51;
|
|
49
50
|
readonly PTR: 12;
|
|
50
51
|
readonly SRV: 33;
|
|
51
52
|
readonly HTTPS: 65;
|
|
@@ -191,7 +192,7 @@ declare function sanitizeDomain(input: string): string;
|
|
|
191
192
|
declare function sanitizeInput(input: string, maxLength?: number): string;
|
|
192
193
|
|
|
193
194
|
/** Server version — keep in sync with package.json */
|
|
194
|
-
declare const SERVER_VERSION = "2.
|
|
195
|
+
declare const SERVER_VERSION = "2.9.2";
|
|
195
196
|
|
|
196
197
|
/**
|
|
197
198
|
* Map of every tool name to its Zod argument schema.
|
|
@@ -257,6 +258,10 @@ declare function checkDmarc(domain: string, dnsOptions?: QueryDnsOptions): Promi
|
|
|
257
258
|
* Verifies the AD (Authenticated Data) flag, checks for DNSKEY/DS records,
|
|
258
259
|
* and audits algorithm and digest type security.
|
|
259
260
|
* Augments results with dnssecSource metadata: 'domain_configured' or 'tld_inherited'.
|
|
261
|
+
*
|
|
262
|
+
* When the primary resolver reports AD=false but DNSKEY+DS records exist ("validation failing"),
|
|
263
|
+
* fires a confirmation probe to Google DoH. If Google says AD=true (edge flap), re-runs the
|
|
264
|
+
* check with the corrected flag to avoid score instability.
|
|
260
265
|
*/
|
|
261
266
|
declare function checkDnssec(domain: string, dnsOptions?: QueryDnsOptions): Promise<CheckResult>;
|
|
262
267
|
|