circle-ir-ai 1.3.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/skills/bundle-loader.d.ts.map +1 -1
- package/dist/skills/bundle-loader.js +12 -1
- package/dist/skills/bundle-loader.js.map +1 -1
- package/dist/skills/index.d.ts +1 -0
- package/dist/skills/index.d.ts.map +1 -1
- package/dist/skills/index.js +1 -0
- package/dist/skills/index.js.map +1 -1
- package/dist/skills/mcp-permissions.d.ts +28 -0
- package/dist/skills/mcp-permissions.d.ts.map +1 -0
- package/dist/skills/mcp-permissions.js +252 -0
- package/dist/skills/mcp-permissions.js.map +1 -0
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -28,6 +28,7 @@ export { loadSkillBundle, validateSkillBundle, createSkillBundleFromFiles } from
|
|
|
28
28
|
export { analyzeSkillBundle } from './skills/skill-analyzer.js';
|
|
29
29
|
export { detectCapabilityMismatches } from './skills/capability-mismatch.js';
|
|
30
30
|
export { classifyInstructionSafety } from './skills/instruction-safety.js';
|
|
31
|
+
export { analyzeMCPPermissions, parseMCPConfig } from './skills/mcp-permissions.js';
|
|
31
32
|
export { NaturalLanguageExtractor } from './extractors/natural-language.js';
|
|
32
33
|
export { type CodebaseExtractor, ExtractorRegistry, createDefaultExtractorRegistry } from './extractors/index.js';
|
|
33
34
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,WAAW,EACX,cAAc,EACd,KAAK,OAAO,GACb,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,KAAK,SAAS,EACd,KAAK,WAAW,GACjB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,UAAU,EACV,KAAK,gBAAgB,EACrB,KAAK,wBAAwB,EAC7B,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,mBAAmB,EACnB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,uBAAuB,GAC7B,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,UAAU,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EACL,eAAe,EACf,cAAc,EACd,aAAa,EACb,SAAS,EACT,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,UAAU,IAAI,kBAAkB,GACtC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,2BAA2B,EAC3B,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,SAAS,EACT,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,YAAY,GAClB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,aAAa,GACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,aAAa,EACb,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,YAAY,IAAI,kBAAkB,EACvC,KAAK,cAAc,EACnB,KAAK,gBAAgB,GACtB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,6BAA6B,EAC7B,qBAAqB,EACrB,yBAAyB,EACzB,aAAa,EACb,aAAa,EACb,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,GACtB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACxB,aAAa,EACb,WAAW,EACX,aAAa,EACb,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,YAAY,GAClB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,UAAU,EACf,KAAK,gBAAgB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,UAAU,EACV,mBAAmB,EACnB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,GACxB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,IAAI,0BAA0B,EACvD,KAAK,gBAAgB,IAAI,qBAAqB,EAC9C,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAC7G,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,cAAc,WAAW,CAAC;AAG1B,OAAO,EACL,WAAW,EACX,cAAc,EACd,KAAK,OAAO,GACb,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,KAAK,SAAS,EACd,KAAK,WAAW,GACjB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,UAAU,EACV,KAAK,gBAAgB,EACrB,KAAK,wBAAwB,EAC7B,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,qBAAqB,GAC3B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,mBAAmB,EACnB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,cAAc,GACpB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,uBAAuB,GAC7B,MAAM,+BAA+B,CAAC;AAGvC,OAAO,EACL,iBAAiB,EACjB,uBAAuB,EACvB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,UAAU,GAChB,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EACL,eAAe,EACf,cAAc,EACd,aAAa,EACb,SAAS,EACT,gBAAgB,EAChB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,UAAU,IAAI,kBAAkB,GACtC,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,2BAA2B,EAC3B,KAAK,aAAa,EAClB,KAAK,YAAY,GAClB,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,SAAS,EACT,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,YAAY,GAClB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,cAAc,EACnB,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,aAAa,GACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,aAAa,EACb,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,oBAAoB,EACpB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,iBAAiB,EACtB,KAAK,YAAY,IAAI,kBAAkB,EACvC,KAAK,cAAc,EACnB,KAAK,gBAAgB,GACtB,MAAM,wBAAwB,CAAC;AAGhC,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,6BAA6B,EAC7B,qBAAqB,EACrB,yBAAyB,EACzB,aAAa,EACb,aAAa,EACb,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,sBAAsB,EAC3B,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,EAC1B,KAAK,eAAe,EACpB,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,GACtB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACxB,aAAa,EACb,WAAW,EACX,aAAa,EACb,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,YAAY,EACjB,KAAK,UAAU,EACf,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,YAAY,GAClB,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,UAAU,EACf,KAAK,gBAAgB,GACtB,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,UAAU,EACV,mBAAmB,EACnB,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,GACxB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,IAAI,0BAA0B,EACvD,KAAK,gBAAgB,IAAI,qBAAqB,EAC9C,KAAK,iBAAiB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAC7G,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAGpF,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAAE,KAAK,iBAAiB,EAAE,iBAAiB,EAAE,8BAA8B,EAAE,MAAM,uBAAuB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -42,6 +42,7 @@ export { loadSkillBundle, validateSkillBundle, createSkillBundleFromFiles } from
|
|
|
42
42
|
export { analyzeSkillBundle } from './skills/skill-analyzer.js';
|
|
43
43
|
export { detectCapabilityMismatches } from './skills/capability-mismatch.js';
|
|
44
44
|
export { classifyInstructionSafety } from './skills/instruction-safety.js';
|
|
45
|
+
export { analyzeMCPPermissions, parseMCPConfig } from './skills/mcp-permissions.js';
|
|
45
46
|
// Extractors (for custom artifact extraction)
|
|
46
47
|
export { NaturalLanguageExtractor } from './extractors/natural-language.js';
|
|
47
48
|
export { ExtractorRegistry, createDefaultExtractorRegistry } from './extractors/index.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,sCAAsC;AACtC,cAAc,WAAW,CAAC;AAE1B,+BAA+B;AAC/B,OAAO,EACL,WAAW,EACX,cAAc,GAEf,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,gBAAgB,GAGjB,MAAM,iBAAiB,CAAC;AAEzB,aAAa;AACb,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,UAAU,GAMX,MAAM,qBAAqB,CAAC;AAE7B,eAAe;AACf,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,mBAAmB,GAKpB,MAAM,uBAAuB,CAAC;AAE/B,uBAAuB;AACvB,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,uBAAuB,GAGxB,MAAM,+BAA+B,CAAC;AAEvC,iBAAiB;AACjB,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GAIxB,MAAM,0BAA0B,CAAC;AAElC,WAAW;AACX,OAAO,EACL,WAAW,EACX,iBAAiB,GAGlB,MAAM,6BAA6B,CAAC;AAErC,gBAAgB;AAChB,OAAO,EACL,eAAe,EACf,cAAc,EACd,aAAa,EACb,SAAS,EACT,gBAAgB,GASjB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,2BAA2B,GAG5B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,SAAS,GAKV,MAAM,kCAAkC,CAAC;AAE1C,sBAAsB;AACtB,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,GAQrB,MAAM,sBAAsB,CAAC;AAE9B,kBAAkB;AAClB,OAAO,EACL,aAAa,EACb,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,oBAAoB,GAOrB,MAAM,wBAAwB,CAAC;AAEhC,eAAe;AACf,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,6BAA6B,EAC7B,qBAAqB,EACrB,yBAAyB,EACzB,aAAa,EACb,aAAa,GASd,MAAM,yBAAyB,CAAC;AAEjC,iCAAiC;AACjC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,GAI3B,MAAM,oBAAoB,CAAC;AAE5B,eAAe;AACf,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACxB,aAAa,EACb,WAAW,EACX,aAAa,GAcd,MAAM,yBAAyB,CAAC;AAEjC,6BAA6B;AAC7B,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,kBAAkB,GAGnB,MAAM,uBAAuB,CAAC;AAE/B,uBAAuB;AACvB,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,UAAU,EACV,mBAAmB,GAQpB,MAAM,sBAAsB,CAAC;AAkB9B,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAC7G,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,sCAAsC;AACtC,cAAc,WAAW,CAAC;AAE1B,+BAA+B;AAC/B,OAAO,EACL,WAAW,EACX,cAAc,GAEf,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,eAAe,EACf,gBAAgB,GAGjB,MAAM,iBAAiB,CAAC;AAEzB,aAAa;AACb,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,UAAU,GAMX,MAAM,qBAAqB,CAAC;AAE7B,eAAe;AACf,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,eAAe,EACf,mBAAmB,GAKpB,MAAM,uBAAuB,CAAC;AAE/B,uBAAuB;AACvB,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,uBAAuB,GAGxB,MAAM,+BAA+B,CAAC;AAEvC,iBAAiB;AACjB,OAAO,EACL,iBAAiB,EACjB,uBAAuB,GAIxB,MAAM,0BAA0B,CAAC;AAElC,WAAW;AACX,OAAO,EACL,WAAW,EACX,iBAAiB,GAGlB,MAAM,6BAA6B,CAAC;AAErC,gBAAgB;AAChB,OAAO,EACL,eAAe,EACf,cAAc,EACd,aAAa,EACb,SAAS,EACT,gBAAgB,GASjB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,2BAA2B,GAG5B,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EACL,YAAY,EACZ,eAAe,EACf,SAAS,GAKV,MAAM,kCAAkC,CAAC;AAE1C,sBAAsB;AACtB,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,GAQrB,MAAM,sBAAsB,CAAC;AAE9B,kBAAkB;AAClB,OAAO,EACL,aAAa,EACb,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,qBAAqB,EACrB,qBAAqB,EACrB,oBAAoB,GAOrB,MAAM,wBAAwB,CAAC;AAEhC,eAAe;AACf,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,6BAA6B,EAC7B,qBAAqB,EACrB,yBAAyB,EACzB,aAAa,EACb,aAAa,GASd,MAAM,yBAAyB,CAAC;AAEjC,iCAAiC;AACjC,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,GAI3B,MAAM,oBAAoB,CAAC;AAE5B,eAAe;AACf,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,wBAAwB,EACxB,aAAa,EACb,WAAW,EACX,aAAa,GAcd,MAAM,yBAAyB,CAAC;AAEjC,6BAA6B;AAC7B,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,kBAAkB,GAGnB,MAAM,uBAAuB,CAAC;AAE/B,uBAAuB;AACvB,OAAO,EACL,iBAAiB,EACjB,6BAA6B,EAC7B,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,UAAU,EACV,mBAAmB,GAQpB,MAAM,sBAAsB,CAAC;AAkB9B,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AAC7G,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAEpF,8CAA8C;AAC9C,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAC5E,OAAO,EAA0B,iBAAiB,EAAE,8BAA8B,EAAE,MAAM,uBAAuB,CAAC;AAElH,4CAA4C;AAC5C,2CAA2C"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bundle-loader.d.ts","sourceRoot":"","sources":["../../src/skills/bundle-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAkC,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"bundle-loader.d.ts","sourceRoot":"","sources":["../../src/skills/bundle-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAkC,MAAM,YAAY,CAAC;AAG9E;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAmC7E;AAuPD;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC7B,QAAQ,EAAE;IACR,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACA,WAAW,CAoFb;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA2BhF"}
|
|
@@ -5,6 +5,7 @@
|
|
|
5
5
|
*/
|
|
6
6
|
import * as fs from 'fs/promises';
|
|
7
7
|
import * as path from 'path';
|
|
8
|
+
import { parseMCPConfig } from './mcp-permissions.js';
|
|
8
9
|
/**
|
|
9
10
|
* Load a skill bundle from filesystem
|
|
10
11
|
*
|
|
@@ -303,6 +304,16 @@ export function createSkillBundleFromFiles(files, metadata) {
|
|
|
303
304
|
// malformed package.json — ignore
|
|
304
305
|
}
|
|
305
306
|
}
|
|
307
|
+
// ── Parse MCP config ─────────────────────────────────────────────────────
|
|
308
|
+
let mcpConfig;
|
|
309
|
+
const MCP_NAMES = ['mcp-config.json', 'mcp.json', '.mcp.json'];
|
|
310
|
+
for (const candidate of MCP_NAMES) {
|
|
311
|
+
const key = Object.keys(files).find((k) => k === candidate || k.endsWith(`/${candidate}`));
|
|
312
|
+
if (key) {
|
|
313
|
+
mcpConfig = parseMCPConfig(files[key]);
|
|
314
|
+
break;
|
|
315
|
+
}
|
|
316
|
+
}
|
|
306
317
|
// ── Collect code files ───────────────────────────────────────────────────
|
|
307
318
|
const codeFiles = [];
|
|
308
319
|
for (const [filePath, content] of Object.entries(files)) {
|
|
@@ -329,7 +340,7 @@ export function createSkillBundleFromFiles(files, metadata) {
|
|
|
329
340
|
version: resolvedVersion,
|
|
330
341
|
skillMd,
|
|
331
342
|
codeFiles,
|
|
332
|
-
mcpConfig
|
|
343
|
+
mcpConfig,
|
|
333
344
|
pluginFiles: [],
|
|
334
345
|
rootPath: '', // No filesystem root for in-memory bundles
|
|
335
346
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bundle-loader.js","sourceRoot":"","sources":["../../src/skills/bundle-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"bundle-loader.js","sourceRoot":"","sources":["../../src/skills/bundle-loader.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,aAAa,CAAC;AAClC,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAE7B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,SAAiB;IACrD,wBAAwB;IACxB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAExC,uBAAuB;IACvB,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,2BAA2B;IAC3B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;IAE3C,4CAA4C;IAC5C,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IAEhD,6BAA6B;IAC7B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAE/C,+BAA+B;IAC/B,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;IAE/C,4CAA4C;IAC5C,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IAEnD,OAAO;QACL,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QACnD,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAC7C,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,OAAO;QACpC,OAAO;QACP,SAAS;QACT,SAAS;QACT,WAAW;QACX,QAAQ,EAAE,OAAO;KAClB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,SAAiB;IAC1C,+BAA+B;IAC/B,MAAM,aAAa,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,WAAW,CAAC,CAAC;IAElG,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAgB;YAChB,SAAS;QACX,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,yBAAyB,SAAS,YAAY,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC5F,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAC5B,SAAiB;IAEjB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IAErD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAChC,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,IAAI;YAChC,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,OAAO,EAAE,GAAG,CAAC,OAAO;SACrB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,2BAA2B;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,SAAiB;IAC5C,MAAM,aAAa,GAAG,CAAC,iBAAiB,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAEnE,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAoB,CAAC;YACtD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gBAAgB;YAChB,SAAS;QACX,CAAC;IACH,CAAC;IAED,yBAAyB;IACzB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,SAAiB;IAC5C,MAAM,SAAS,GAAoB,EAAE,CAAC;IAEtC,+BAA+B;IAC/B,MAAM,QAAQ,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC,4BAA4B;IAElE,iCAAiC;IACjC,MAAM,cAAc,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAE7E,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAE1C,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YAEhE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBACjD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;gBACpD,MAAM,QAAQ,GAAG,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;gBAEjE,IAAI,QAAQ,EAAE,CAAC;oBACb,SAAS,CAAC,IAAI,CAAC;wBACb,IAAI,EAAE,YAAY;wBAClB,OAAO;wBACP,QAAQ;qBACT,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uCAAuC;YACvC,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,SAAiB;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,qCAAqC;QACrC,OAAO,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+BAA+B;QAC/B,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,IAAY,EAAE,WAAoB;IAC/D,0BAA0B;IAC1B,MAAM,eAAe,GAAG,CAAC,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;IAEjG,qBAAqB;IACrB,MAAM,gBAAgB,GAAG;QACvB,UAAU;QACV,UAAU;QACV,WAAW;QACX,WAAW;QACX,UAAU;QACV,UAAU;QACV,WAAW;QACX,WAAW;QACX,UAAU;QACV,UAAU;QACV,YAAY;QACZ,UAAU;QACV,gBAAgB;QAChB,gBAAgB;QAChB,kBAAkB;QAClB,kBAAkB;QAClB,gBAAgB;QAChB,gBAAgB;KACjB,CAAC;IAEF,IAAI,WAAW,EAAE,CAAC;QAChB,gDAAgD;QAChD,OAAO,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,2CAA2C;QAC3C,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACpE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,GAAW,EAAE,UAAoB;IACjE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/D,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAE5C,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,oEAAoE;gBACpE,IACE,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;oBAC1B,KAAK,CAAC,IAAI,KAAK,cAAc;oBAC7B,qBAAqB,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,EACvC,CAAC;oBACD,SAAS;gBACX,CAAC;gBAED,4BAA4B;gBAC5B,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;gBAChE,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YAC1B,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,kBAAkB;gBAClB,IAAI,qBAAqB,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;oBAC7C,SAAS;gBACX,CAAC;gBAED,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,8CAA8C;IAChD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAClC,GAAW;IAEX,QAAQ,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;QAC1B,KAAK,OAAO;YACV,OAAO,MAAM,CAAC;QAChB,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,YAAY,CAAC;QACtB,KAAK,KAAK,CAAC;QACX,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM,CAAC;QACZ,KAAK,MAAM;YACT,OAAO,YAAY,CAAC;QACtB,KAAK,KAAK;YACR,OAAO,QAAQ,CAAC;QAClB,KAAK,KAAK;YACR,OAAO,MAAM,CAAC;QAChB;YACE,OAAO,SAAS,CAAC;IACrB,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E,8CAA8C;AAC9C,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;AAEvH,mEAAmE;AACnE,MAAM,cAAc,GAAG,CAAC,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,WAAW,CAAC,CAAC;AAEnG;;;;;;;;;GASG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAA6B,EAC7B,QAMC;IAED,4EAA4E;IAC5E,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,SAAS,IAAI,cAAc,EAAE,CAAC;QACvC,kDAAkD;QAClD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC,CACtD,CAAC;QACF,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;YACrB,MAAM;QACR,CAAC;IACH,CAAC;IACD,kEAAkE;IAClE,IAAI,CAAC,OAAO,IAAI,QAAQ,CAAC,WAAW,EAAE,CAAC;QACrC,OAAO,GAAG,QAAQ,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,4EAA4E;IAC5E,IAAI,YAAY,GAAG,QAAQ,CAAC,IAAI,CAAC;IACjC,IAAI,eAAe,GAAG,QAAQ,CAAC,OAAO,IAAI,OAAO,CAAC;IAClD,IAAI,eAAe,GAAG,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC;IAExD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,cAAc,IAAI,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAC3D,CAAC;IACF,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;YACtC,YAAY,GAAG,GAAG,CAAC,IAAI,IAAI,YAAY,CAAC;YACxC,eAAe,GAAG,GAAG,CAAC,OAAO,IAAI,eAAe,CAAC;YACjD,eAAe,GAAG,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,IAAI,IAAI,eAAe,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,kCAAkC;QACpC,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,IAAI,SAAsC,CAAC;IAC3C,MAAM,SAAS,GAAG,CAAC,iBAAiB,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;IAC/D,KAAK,MAAM,SAAS,IAAI,SAAS,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,SAAS,EAAE,CAAC,CACtD,CAAC;QACF,IAAI,GAAG,EAAE,CAAC;YACR,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;YACvC,MAAM;QACR,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,MAAM,SAAS,GAAoB,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACjD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAExC,oDAAoD;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,IACE,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC3B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC3B,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC3B,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC5B,QAAQ,CAAC,QAAQ,CAAC,aAAa,CAAC,EAChC,CAAC;YACD,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,2BAA2B,CAAC,GAAG,CAAC,CAAC;QAClD,IAAI,QAAQ,EAAE,CAAC;YACb,SAAS,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,eAAe;QACxB,IAAI,EAAE,YAAY;QAClB,OAAO,EAAE,eAAe;QACxB,OAAO;QACP,SAAS;QACT,SAAS;QACT,WAAW,EAAE,EAAE;QACf,QAAQ,EAAE,EAAE,EAAY,2CAA2C;KACpE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,MAAmB;IAC3D,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,wBAAwB;IACxB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;IAED,6CAA6C;IAC7C,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/dist/skills/index.d.ts
CHANGED
|
@@ -8,4 +8,5 @@ export { loadSkillBundle, validateSkillBundle, createSkillBundleFromFiles } from
|
|
|
8
8
|
export { analyzeSkillBundle } from './skill-analyzer.js';
|
|
9
9
|
export { detectCapabilityMismatches } from './capability-mismatch.js';
|
|
10
10
|
export { classifyInstructionSafety } from './instruction-safety.js';
|
|
11
|
+
export { analyzeMCPPermissions, parseMCPConfig } from './mcp-permissions.js';
|
|
11
12
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,YAAY,EACV,WAAW,EACX,aAAa,EACb,eAAe,EACf,aAAa,EACb,OAAO,EACP,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACtG,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,YAAY,EACV,WAAW,EACX,aAAa,EACb,eAAe,EACf,aAAa,EACb,OAAO,EACP,WAAW,EACX,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACtG,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/skills/index.js
CHANGED
|
@@ -7,4 +7,5 @@ export { loadSkillBundle, validateSkillBundle, createSkillBundleFromFiles } from
|
|
|
7
7
|
export { analyzeSkillBundle } from './skill-analyzer.js';
|
|
8
8
|
export { detectCapabilityMismatches } from './capability-mismatch.js';
|
|
9
9
|
export { classifyInstructionSafety } from './instruction-safety.js';
|
|
10
|
+
export { analyzeMCPPermissions, parseMCPConfig } from './mcp-permissions.js';
|
|
10
11
|
//# sourceMappingURL=index.js.map
|
package/dist/skills/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAiBH,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACtG,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAiBH,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AACtG,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MCP Permissions Analyzer
|
|
3
|
+
*
|
|
4
|
+
* Phase 2 of skills analysis: static validation of MCP server configuration.
|
|
5
|
+
*
|
|
6
|
+
* Detects two classes of issues:
|
|
7
|
+
* 1. Excessive permissions — declared scope is broader than the skill needs
|
|
8
|
+
* 2. Undisclosed network — code makes network calls without a `network` permission
|
|
9
|
+
*
|
|
10
|
+
* This is a purely static check (no LLM required) that runs on the parsed
|
|
11
|
+
* MCPServerConfig alongside the SAST results already collected.
|
|
12
|
+
*/
|
|
13
|
+
import type { MCPServerConfig, SkillFinding } from './types.js';
|
|
14
|
+
/**
|
|
15
|
+
* Analyze MCP permissions for over-privileged or missing declarations.
|
|
16
|
+
*
|
|
17
|
+
* @param mcpConfig Parsed MCP server config from mcp-config.json
|
|
18
|
+
* @param codeHasSsrf Whether SAST found SSRF / network sinks in code files
|
|
19
|
+
* @param codeHasFileWrite Whether SAST found file-write sinks in code files
|
|
20
|
+
* @returns Array of SkillFinding for permission issues
|
|
21
|
+
*/
|
|
22
|
+
export declare function analyzeMCPPermissions(mcpConfig: MCPServerConfig, codeHasSsrf: boolean, codeHasFileWrite: boolean): SkillFinding[];
|
|
23
|
+
/**
|
|
24
|
+
* Parse MCP config from a JSON string (from files dict or loaded file).
|
|
25
|
+
* Returns undefined if the JSON is malformed or missing required fields.
|
|
26
|
+
*/
|
|
27
|
+
export declare function parseMCPConfig(jsonText: string): MCPServerConfig | undefined;
|
|
28
|
+
//# sourceMappingURL=mcp-permissions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-permissions.d.ts","sourceRoot":"","sources":["../../src/skills/mcp-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAiB,YAAY,EAAE,MAAM,YAAY,CAAC;AAM/E;;;;;;;GAOG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,EAAE,eAAe,EAC1B,WAAW,EAAE,OAAO,EACpB,gBAAgB,EAAE,OAAO,GACxB,YAAY,EAAE,CAmDhB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAe5E"}
|
|
@@ -0,0 +1,252 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MCP Permissions Analyzer
|
|
3
|
+
*
|
|
4
|
+
* Phase 2 of skills analysis: static validation of MCP server configuration.
|
|
5
|
+
*
|
|
6
|
+
* Detects two classes of issues:
|
|
7
|
+
* 1. Excessive permissions — declared scope is broader than the skill needs
|
|
8
|
+
* 2. Undisclosed network — code makes network calls without a `network` permission
|
|
9
|
+
*
|
|
10
|
+
* This is a purely static check (no LLM required) that runs on the parsed
|
|
11
|
+
* MCPServerConfig alongside the SAST results already collected.
|
|
12
|
+
*/
|
|
13
|
+
// ============================================================================
|
|
14
|
+
// Public API
|
|
15
|
+
// ============================================================================
|
|
16
|
+
/**
|
|
17
|
+
* Analyze MCP permissions for over-privileged or missing declarations.
|
|
18
|
+
*
|
|
19
|
+
* @param mcpConfig Parsed MCP server config from mcp-config.json
|
|
20
|
+
* @param codeHasSsrf Whether SAST found SSRF / network sinks in code files
|
|
21
|
+
* @param codeHasFileWrite Whether SAST found file-write sinks in code files
|
|
22
|
+
* @returns Array of SkillFinding for permission issues
|
|
23
|
+
*/
|
|
24
|
+
export function analyzeMCPPermissions(mcpConfig, codeHasSsrf, codeHasFileWrite) {
|
|
25
|
+
const findings = [];
|
|
26
|
+
const permissions = mcpConfig.permissions ?? [];
|
|
27
|
+
// ── Per-permission excessive-scope checks ────────────────────────────────
|
|
28
|
+
for (const perm of permissions) {
|
|
29
|
+
const permFindings = checkPermissionScope(perm);
|
|
30
|
+
findings.push(...permFindings);
|
|
31
|
+
}
|
|
32
|
+
// ── Cross-reference: code vs. declared permissions ────────────────────────
|
|
33
|
+
const hasNetworkPerm = permissions.some(p => p.type === 'network');
|
|
34
|
+
if (codeHasSsrf && !hasNetworkPerm) {
|
|
35
|
+
findings.push({
|
|
36
|
+
type: 'excessive_permission',
|
|
37
|
+
severity: 'critical',
|
|
38
|
+
artifact: 'mcp-config.json',
|
|
39
|
+
title: 'Undisclosed Network Access',
|
|
40
|
+
description: 'Code makes outbound network requests (SSRF sinks detected) but no "network" ' +
|
|
41
|
+
'permission is declared in mcp-config.json. This hides network capability from users.',
|
|
42
|
+
evidence: {
|
|
43
|
+
code_has_ssrf: true,
|
|
44
|
+
network_permission_declared: false,
|
|
45
|
+
},
|
|
46
|
+
confidence: 0.9,
|
|
47
|
+
cwe: 'CWE-200',
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
if (!codeHasSsrf && !codeHasFileWrite && hasNetworkPerm) {
|
|
51
|
+
findings.push({
|
|
52
|
+
type: 'excessive_permission',
|
|
53
|
+
severity: 'low',
|
|
54
|
+
artifact: 'mcp-config.json',
|
|
55
|
+
title: 'Network Permission Declared but Unused',
|
|
56
|
+
description: 'mcp-config.json declares a "network" permission but no network or file-write sinks ' +
|
|
57
|
+
'were detected in the code. Consider removing unused permissions.',
|
|
58
|
+
evidence: {
|
|
59
|
+
network_permission_declared: true,
|
|
60
|
+
code_has_ssrf: false,
|
|
61
|
+
},
|
|
62
|
+
confidence: 0.7,
|
|
63
|
+
cwe: 'CWE-272', // Least Privilege Violation
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
return findings;
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Parse MCP config from a JSON string (from files dict or loaded file).
|
|
70
|
+
* Returns undefined if the JSON is malformed or missing required fields.
|
|
71
|
+
*/
|
|
72
|
+
export function parseMCPConfig(jsonText) {
|
|
73
|
+
try {
|
|
74
|
+
const raw = JSON.parse(jsonText);
|
|
75
|
+
// Minimum required: name field. permissions array is optional (defaults to []).
|
|
76
|
+
if (typeof raw !== 'object' || raw === null)
|
|
77
|
+
return undefined;
|
|
78
|
+
return {
|
|
79
|
+
name: String(raw.name ?? 'unknown'),
|
|
80
|
+
version: String(raw.version ?? '0.0.0'),
|
|
81
|
+
permissions: Array.isArray(raw.permissions) ? normalizePerm(raw.permissions) : [],
|
|
82
|
+
tools: Array.isArray(raw.tools) ? raw.tools : [],
|
|
83
|
+
resources: Array.isArray(raw.resources) ? raw.resources : undefined,
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
catch {
|
|
87
|
+
return undefined;
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
// ============================================================================
|
|
91
|
+
// Internal helpers
|
|
92
|
+
// ============================================================================
|
|
93
|
+
function checkPermissionScope(perm) {
|
|
94
|
+
const findings = [];
|
|
95
|
+
switch (perm.type) {
|
|
96
|
+
case 'filesystem':
|
|
97
|
+
findings.push(...checkFilesystemPermission(perm));
|
|
98
|
+
break;
|
|
99
|
+
case 'network':
|
|
100
|
+
findings.push(...checkNetworkPermission(perm));
|
|
101
|
+
break;
|
|
102
|
+
case 'env':
|
|
103
|
+
findings.push(...checkEnvPermission(perm));
|
|
104
|
+
break;
|
|
105
|
+
case 'process':
|
|
106
|
+
findings.push(...checkProcessPermission(perm));
|
|
107
|
+
break;
|
|
108
|
+
}
|
|
109
|
+
return findings;
|
|
110
|
+
}
|
|
111
|
+
function checkFilesystemPermission(perm) {
|
|
112
|
+
const findings = [];
|
|
113
|
+
const scope = perm.scope ?? '';
|
|
114
|
+
const ops = (perm.operations ?? []).map(o => o.toLowerCase());
|
|
115
|
+
const hasWrite = ops.some(o => o === 'write' || o === 'delete' || o === 'modify' || o === 'create');
|
|
116
|
+
const hasRead = ops.some(o => o === 'read' || o === '*');
|
|
117
|
+
// Root filesystem write access
|
|
118
|
+
if (hasWrite && (scope === '/' || scope === '*' || scope === '**')) {
|
|
119
|
+
findings.push({
|
|
120
|
+
type: 'excessive_permission',
|
|
121
|
+
severity: 'critical',
|
|
122
|
+
artifact: 'mcp-config.json',
|
|
123
|
+
title: 'Overly Broad Filesystem Write Permission',
|
|
124
|
+
description: `Filesystem permission grants write/delete access to "${scope}" — the entire filesystem. ` +
|
|
125
|
+
'This allows the skill to modify or delete any file. Scope should be limited to ' +
|
|
126
|
+
'the specific directory the skill needs to write to.',
|
|
127
|
+
evidence: { type: 'filesystem', scope, operations: perm.operations },
|
|
128
|
+
confidence: 0.95,
|
|
129
|
+
cwe: 'CWE-732', // Incorrect Permission Assignment for Critical Resource
|
|
130
|
+
});
|
|
131
|
+
}
|
|
132
|
+
else if (hasWrite && isBroadPath(scope)) {
|
|
133
|
+
findings.push({
|
|
134
|
+
type: 'excessive_permission',
|
|
135
|
+
severity: 'high',
|
|
136
|
+
artifact: 'mcp-config.json',
|
|
137
|
+
title: 'Broad Filesystem Write Permission',
|
|
138
|
+
description: `Filesystem permission grants write access to "${scope}", which is a broad path. ` +
|
|
139
|
+
'Scope write permissions to the minimum required directory (e.g., a specific workspace folder).',
|
|
140
|
+
evidence: { type: 'filesystem', scope, operations: perm.operations },
|
|
141
|
+
confidence: 0.8,
|
|
142
|
+
cwe: 'CWE-732',
|
|
143
|
+
});
|
|
144
|
+
}
|
|
145
|
+
// Root filesystem read (broad)
|
|
146
|
+
if (!hasWrite && hasRead && (scope === '/' || scope === '*' || scope === '**')) {
|
|
147
|
+
findings.push({
|
|
148
|
+
type: 'excessive_permission',
|
|
149
|
+
severity: 'medium',
|
|
150
|
+
artifact: 'mcp-config.json',
|
|
151
|
+
title: 'Overly Broad Filesystem Read Permission',
|
|
152
|
+
description: `Filesystem permission grants read access to "${scope}" — the entire filesystem. ` +
|
|
153
|
+
'This allows reading sensitive files such as /etc/passwd, ~/.ssh/id_rsa, and credentials. ' +
|
|
154
|
+
'Restrict to the specific directories the skill needs to read.',
|
|
155
|
+
evidence: { type: 'filesystem', scope, operations: perm.operations },
|
|
156
|
+
confidence: 0.85,
|
|
157
|
+
cwe: 'CWE-200', // Information Exposure
|
|
158
|
+
});
|
|
159
|
+
}
|
|
160
|
+
return findings;
|
|
161
|
+
}
|
|
162
|
+
function checkNetworkPermission(perm) {
|
|
163
|
+
const findings = [];
|
|
164
|
+
const scope = perm.scope ?? '';
|
|
165
|
+
// Wildcard / unrestricted network access
|
|
166
|
+
if (scope === '*' || scope === '0.0.0.0' || scope === '0.0.0.0/0' || scope === '::/0') {
|
|
167
|
+
findings.push({
|
|
168
|
+
type: 'excessive_permission',
|
|
169
|
+
severity: 'high',
|
|
170
|
+
artifact: 'mcp-config.json',
|
|
171
|
+
title: 'Unrestricted Outbound Network Access',
|
|
172
|
+
description: `Network permission scope "${scope}" grants access to any host. ` +
|
|
173
|
+
'This allows the skill to make requests to arbitrary URLs, including attacker-controlled servers. ' +
|
|
174
|
+
'Restrict to specific hostnames or CIDR ranges.',
|
|
175
|
+
evidence: { type: 'network', scope, operations: perm.operations },
|
|
176
|
+
confidence: 0.9,
|
|
177
|
+
cwe: 'CWE-918', // SSRF
|
|
178
|
+
});
|
|
179
|
+
}
|
|
180
|
+
return findings;
|
|
181
|
+
}
|
|
182
|
+
function checkEnvPermission(perm) {
|
|
183
|
+
const findings = [];
|
|
184
|
+
const scope = perm.scope ?? '';
|
|
185
|
+
if (scope === '*' || scope === '') {
|
|
186
|
+
findings.push({
|
|
187
|
+
type: 'excessive_permission',
|
|
188
|
+
severity: 'high',
|
|
189
|
+
artifact: 'mcp-config.json',
|
|
190
|
+
title: 'Unrestricted Environment Variable Access',
|
|
191
|
+
description: 'Environment permission scope "' + (scope || '(empty)') + '" grants access to ALL environment variables. ' +
|
|
192
|
+
'This may expose API keys, database passwords, and other secrets. ' +
|
|
193
|
+
'Declare only the specific variable names the skill needs (e.g., "DATABASE_URL").',
|
|
194
|
+
evidence: { type: 'env', scope, operations: perm.operations },
|
|
195
|
+
confidence: 0.85,
|
|
196
|
+
cwe: 'CWE-214', // Invocation of Process Using Visible Sensitive Information
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
return findings;
|
|
200
|
+
}
|
|
201
|
+
function checkProcessPermission(perm) {
|
|
202
|
+
const findings = [];
|
|
203
|
+
const ops = (perm.operations ?? []).map(o => o.toLowerCase());
|
|
204
|
+
const canExecute = ops.some(o => o === 'execute' || o === 'spawn' || o === 'run' || o === '*');
|
|
205
|
+
if (canExecute) {
|
|
206
|
+
findings.push({
|
|
207
|
+
type: 'excessive_permission',
|
|
208
|
+
severity: 'high',
|
|
209
|
+
artifact: 'mcp-config.json',
|
|
210
|
+
title: 'Process Execution Permission',
|
|
211
|
+
description: 'MCP config declares process execution permission (' + perm.operations?.join(', ') + '). ' +
|
|
212
|
+
'This allows the skill to spawn arbitrary subprocesses, which can be exploited ' +
|
|
213
|
+
'to run arbitrary commands. Verify this is strictly necessary.',
|
|
214
|
+
evidence: { type: 'process', scope: perm.scope, operations: perm.operations },
|
|
215
|
+
confidence: 0.8,
|
|
216
|
+
cwe: 'CWE-78', // OS Command Injection
|
|
217
|
+
});
|
|
218
|
+
}
|
|
219
|
+
return findings;
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* Check whether a filesystem scope path is broad (e.g., /home or /tmp or /var)
|
|
223
|
+
*/
|
|
224
|
+
function isBroadPath(scope) {
|
|
225
|
+
const broadPatterns = [
|
|
226
|
+
'/home',
|
|
227
|
+
'/home/',
|
|
228
|
+
'/Users',
|
|
229
|
+
'/Users/',
|
|
230
|
+
'/tmp',
|
|
231
|
+
'/var',
|
|
232
|
+
'/var/',
|
|
233
|
+
'/opt',
|
|
234
|
+
'/usr',
|
|
235
|
+
'~',
|
|
236
|
+
'..',
|
|
237
|
+
];
|
|
238
|
+
return broadPatterns.some(p => scope === p || scope.startsWith(p + '/'));
|
|
239
|
+
}
|
|
240
|
+
/**
|
|
241
|
+
* Normalize raw permissions array from parsed JSON
|
|
242
|
+
*/
|
|
243
|
+
function normalizePerm(raw) {
|
|
244
|
+
return raw
|
|
245
|
+
.filter(p => p && typeof p === 'object' && typeof p.type === 'string')
|
|
246
|
+
.map(p => ({
|
|
247
|
+
type: p.type,
|
|
248
|
+
scope: String(p.scope ?? '*'),
|
|
249
|
+
operations: Array.isArray(p.operations) ? p.operations.map(String) : ['read'],
|
|
250
|
+
}));
|
|
251
|
+
}
|
|
252
|
+
//# sourceMappingURL=mcp-permissions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mcp-permissions.js","sourceRoot":"","sources":["../../src/skills/mcp-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,+EAA+E;AAC/E,aAAa;AACb,+EAA+E;AAE/E;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CACnC,SAA0B,EAC1B,WAAoB,EACpB,gBAAyB;IAEzB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,IAAI,EAAE,CAAC;IAEhD,4EAA4E;IAC5E,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChD,QAAQ,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IACjC,CAAC;IAED,6EAA6E;IAC7E,MAAM,cAAc,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC;IAEnE,IAAI,WAAW,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,4BAA4B;YACnC,WAAW,EACT,8EAA8E;gBAC9E,sFAAsF;YACxF,QAAQ,EAAE;gBACR,aAAa,EAAE,IAAI;gBACnB,2BAA2B,EAAE,KAAK;aACnC;YACD,UAAU,EAAE,GAAG;YACf,GAAG,EAAE,SAAS;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,WAAW,IAAI,CAAC,gBAAgB,IAAI,cAAc,EAAE,CAAC;QACxD,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EACT,qFAAqF;gBACrF,kEAAkE;YACpE,QAAQ,EAAE;gBACR,2BAA2B,EAAE,IAAI;gBACjC,aAAa,EAAE,KAAK;aACrB;YACD,UAAU,EAAE,GAAG;YACf,GAAG,EAAE,SAAS,EAAE,4BAA4B;SAC7C,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACjC,gFAAgF;QAChF,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,SAAS,CAAC;QAC9D,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC;YACnC,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;YACvC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE;YACjF,KAAK,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YAChD,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;SACpE,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,oBAAoB,CAAC,IAAmB;IAC/C,MAAM,QAAQ,GAAmB,EAAE,CAAC;IAEpC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,YAAY;YACf,QAAQ,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC;YAClD,MAAM;QACR,KAAK,SAAS;YACZ,QAAQ,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC/C,MAAM;QACR,KAAK,KAAK;YACR,QAAQ,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC3C,MAAM;QACR,KAAK,SAAS;YACZ,QAAQ,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC/C,MAAM;IACV,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,yBAAyB,CAAC,IAAmB;IACpD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,QAAQ,CAAC,CAAC;IACpG,MAAM,OAAO,GAAI,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;IAE1D,+BAA+B;IAC/B,IAAI,QAAQ,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;QACnE,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,0CAA0C;YACjD,WAAW,EACT,wDAAwD,KAAK,6BAA6B;gBAC1F,iFAAiF;gBACjF,qDAAqD;YACvD,QAAQ,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;YACpE,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,SAAS,EAAE,wDAAwD;SACzE,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,QAAQ,IAAI,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,mCAAmC;YAC1C,WAAW,EACT,iDAAiD,KAAK,4BAA4B;gBAClF,gGAAgG;YAClG,QAAQ,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;YACpE,UAAU,EAAE,GAAG;YACf,GAAG,EAAE,SAAS;SACf,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,IAAI,CAAC,EAAE,CAAC;QAC/E,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,yCAAyC;YAChD,WAAW,EACT,gDAAgD,KAAK,6BAA6B;gBAClF,2FAA2F;gBAC3F,+DAA+D;YACjE,QAAQ,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;YACpE,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,SAAS,EAAE,uBAAuB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAmB;IACjD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAE/B,yCAAyC;IACzC,IAAI,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACtF,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EACT,6BAA6B,KAAK,+BAA+B;gBACjE,mGAAmG;gBACnG,gDAAgD;YAClD,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;YACjE,UAAU,EAAE,GAAG;YACf,GAAG,EAAE,SAAS,EAAE,OAAO;SACxB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,kBAAkB,CAAC,IAAmB;IAC7C,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAE/B,IAAI,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,EAAE,EAAE,CAAC;QAClC,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,0CAA0C;YACjD,WAAW,EACT,gCAAgC,GAAG,CAAC,KAAK,IAAI,SAAS,CAAC,GAAG,gDAAgD;gBAC1G,mEAAmE;gBACnE,kFAAkF;YACpF,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;YAC7D,UAAU,EAAE,IAAI;YAChB,GAAG,EAAE,SAAS,EAAE,4DAA4D;SAC7E,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAmB;IACjD,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,OAAO,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC;IAE/F,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC;YACZ,IAAI,EAAE,sBAAsB;YAC5B,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,iBAAiB;YAC3B,KAAK,EAAE,8BAA8B;YACrC,WAAW,EACT,oDAAoD,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK;gBAC1F,gFAAgF;gBAChF,+DAA+D;YACjE,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE;YAC7E,UAAU,EAAE,GAAG;YACf,GAAG,EAAE,QAAQ,EAAE,uBAAuB;SACvC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,aAAa,GAAG;QACpB,OAAO;QACP,QAAQ;QACR,QAAQ;QACR,SAAS;QACT,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,MAAM;QACN,GAAG;QACH,IAAI;KACL,CAAC;IACF,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,GAAU;IAC/B,OAAO,GAAG;SACP,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;SACrE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,IAAI,EAAE,CAAC,CAAC,IAA6B;QACrC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC;QAC7B,UAAU,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;KAC9E,CAAC,CAAC,CAAC;AACR,CAAC"}
|