contextguard 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -18
- package/SECURITY.md +1 -1
- package/dist/mcp-security-wrapper.js +2 -7
- package/examples/config/config.json +10 -3
- package/package.json +1 -1
- package/src/mcp-security-wrapper.ts +2 -7
package/README.md
CHANGED
|
@@ -5,7 +5,8 @@
|
|
|
5
5
|
[](https://www.npmjs.com/package/contextguard)
|
|
6
6
|
[](https://opensource.org/licenses/MIT)
|
|
7
7
|
[](https://www.npmjs.com/package/contextguard)
|
|
8
|
-
|
|
8
|
+
|
|
9
|
+
<!-- [](https://github.com/amironi/contextguard/actions) -->
|
|
9
10
|
|
|
10
11
|
⭐ **Star us on GitHub if you find this useful!** ⭐
|
|
11
12
|
|
|
@@ -33,19 +34,19 @@
|
|
|
33
34
|
|
|
34
35
|
## 🚀 Quick Start
|
|
35
36
|
|
|
36
|
-
### Installation
|
|
37
|
+
### Installation
|
|
37
38
|
|
|
38
39
|
```bash
|
|
39
40
|
npm install -g contextguard
|
|
40
41
|
```
|
|
41
42
|
|
|
42
|
-
### Basic Usage
|
|
43
|
+
### Basic Usage (CLI - optional)
|
|
43
44
|
|
|
44
45
|
```bash
|
|
45
46
|
contextguard --server "node your-mcp-server.js"
|
|
46
47
|
```
|
|
47
48
|
|
|
48
|
-
|
|
49
|
+
### Basic Usage (Claude Desktop)
|
|
49
50
|
|
|
50
51
|
Update your Claude Desktop config (`~/Library/Application Support/Claude/claude_desktop_config.json`):
|
|
51
52
|
|
|
@@ -53,8 +54,13 @@ Update your Claude Desktop config (`~/Library/Application Support/Claude/claude_
|
|
|
53
54
|
{
|
|
54
55
|
"mcpServers": {
|
|
55
56
|
"secured-server": {
|
|
56
|
-
"command": "
|
|
57
|
-
"args": [
|
|
57
|
+
"command": "contextguard",
|
|
58
|
+
"args": [
|
|
59
|
+
"--server",
|
|
60
|
+
"node /path/to/your-server.js",
|
|
61
|
+
"--config",
|
|
62
|
+
"/path/to/config.json"
|
|
63
|
+
]
|
|
58
64
|
}
|
|
59
65
|
}
|
|
60
66
|
}
|
|
@@ -62,7 +68,7 @@ Update your Claude Desktop config (`~/Library/Application Support/Claude/claude_
|
|
|
62
68
|
|
|
63
69
|
**That's it!** Your MCP server is now protected. 🛡️
|
|
64
70
|
|
|
65
|
-
|
|
71
|
+
#### [See Example below: Testing ContextGuard](#-example-testing-contextguard)
|
|
66
72
|
|
|
67
73
|
## ✨ Features
|
|
68
74
|
|
|
@@ -126,7 +132,7 @@ Create `config.json` for advanced settings:
|
|
|
126
132
|
"enablePathTraversalPrevention": true,
|
|
127
133
|
"allowedFilePaths": ["/home/user/safe-directory"],
|
|
128
134
|
"logLevel": "info",
|
|
129
|
-
"logPath": "/
|
|
135
|
+
"logPath": "/tmp/mcp_security.log"
|
|
130
136
|
}
|
|
131
137
|
```
|
|
132
138
|
|
|
@@ -161,7 +167,9 @@ All security events are logged in JSON format:
|
|
|
161
167
|
}
|
|
162
168
|
```
|
|
163
169
|
|
|
164
|
-
|
|
170
|
+
---
|
|
171
|
+
|
|
172
|
+
## 🧪 Example: Testing ContextGuard
|
|
165
173
|
|
|
166
174
|
Want to see the protection in action? Try these tests:
|
|
167
175
|
|
|
@@ -198,6 +206,7 @@ Create `config.json`:
|
|
|
198
206
|
"enablePromptInjectionDetection": true,
|
|
199
207
|
"enableSensitiveDataDetection": true,
|
|
200
208
|
"enablePathTraversalPrevention": true,
|
|
209
|
+
"logPath": "/tmp/mcp_security.log",
|
|
201
210
|
"allowedFilePaths": ["/tmp/safe-directory"],
|
|
202
211
|
"logLevel": "debug"
|
|
203
212
|
}
|
|
@@ -285,15 +294,6 @@ We welcome contributions! Here's how to get started:
|
|
|
285
294
|
6. **Push:** `git push origin feature/amazing-feature`
|
|
286
295
|
7. **Open a Pull Request**
|
|
287
296
|
|
|
288
|
-
### Development Setup
|
|
289
|
-
|
|
290
|
-
```bash
|
|
291
|
-
git clone https://github.com/amironi/contextguard.git
|
|
292
|
-
cd contextguard
|
|
293
|
-
npm install
|
|
294
|
-
npm run dev
|
|
295
|
-
```
|
|
296
|
-
|
|
297
297
|
---
|
|
298
298
|
|
|
299
299
|
## 📄 License & Support
|
package/SECURITY.md
CHANGED
|
@@ -193,7 +193,7 @@ We plan to conduct regular security audits as the project matures.
|
|
|
193
193
|
"confidential"
|
|
194
194
|
],
|
|
195
195
|
"logLevel": "info",
|
|
196
|
-
"logFile": "/
|
|
196
|
+
"logFile": "/tmp/mcp_security.log",
|
|
197
197
|
"alertWebhook": "https://your-monitoring-service.com/webhook"
|
|
198
198
|
}
|
|
199
199
|
```
|
|
@@ -60,7 +60,7 @@ class SecurityPolicy {
|
|
|
60
60
|
/(?:password|secret|api[_-]?key|token)\s*[:=]\s*['"]?[\w\-.]+['"]?/gi,
|
|
61
61
|
/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g, // Email
|
|
62
62
|
/\b\d{3}-\d{2}-\d{4}\b/g, // SSN
|
|
63
|
-
/sk-[a-zA-Z0-9]{
|
|
63
|
+
/sk-[a-zA-Z0-9]{20,}/g, // OpenAI API keys (20+ chars)
|
|
64
64
|
/ghp_[a-zA-Z0-9]{36}/g, // GitHub tokens
|
|
65
65
|
/AKIA[0-9A-Z]{16}/g, // AWS Access Keys
|
|
66
66
|
];
|
|
@@ -353,18 +353,13 @@ async function main() {
|
|
|
353
353
|
MCP Security Wrapper - MVP
|
|
354
354
|
|
|
355
355
|
Usage:
|
|
356
|
-
|
|
356
|
+
contextguard --server "node server.js" --config config.json
|
|
357
357
|
|
|
358
358
|
Options:
|
|
359
359
|
--server <command> Command to start the MCP server (required)
|
|
360
360
|
--config <file> Path to security config JSON file (optional)
|
|
361
361
|
--help Show this help message
|
|
362
362
|
|
|
363
|
-
Config file options:
|
|
364
|
-
logPath: Custom path for security log file (default: ./mcp_security.log)
|
|
365
|
-
|
|
366
|
-
Example:
|
|
367
|
-
npx ts-node mcp-security-wrapper.ts --server "node server.js" --config security.json
|
|
368
363
|
`);
|
|
369
364
|
process.exit(0);
|
|
370
365
|
}
|
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
{
|
|
2
2
|
"maxToolCallsPerMinute": 30,
|
|
3
|
-
"blockedPatterns": [
|
|
3
|
+
"blockedPatterns": [
|
|
4
|
+
"ignore previous instructions",
|
|
5
|
+
"system prompt",
|
|
6
|
+
"confidential"
|
|
7
|
+
],
|
|
4
8
|
"allowedFilePaths": [
|
|
5
|
-
"
|
|
6
|
-
"/
|
|
9
|
+
"/var/app/data",
|
|
10
|
+
"/home/user/safe-directory"
|
|
7
11
|
],
|
|
8
12
|
"alertThreshold": 5,
|
|
9
13
|
"enablePromptInjectionDetection": true,
|
|
10
14
|
"enableSensitiveDataDetection": true,
|
|
15
|
+
"enablePathTraversalPrevention": true,
|
|
16
|
+
"enableRateLimiting": true,
|
|
17
|
+
"logLevel": "debug",
|
|
11
18
|
"logPath": "/tmp/mcp_security.log"
|
|
12
19
|
}
|
package/package.json
CHANGED
|
@@ -65,7 +65,7 @@ class SecurityPolicy {
|
|
|
65
65
|
/(?:password|secret|api[_-]?key|token)\s*[:=]\s*['"]?[\w\-.]+['"]?/gi,
|
|
66
66
|
/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g, // Email
|
|
67
67
|
/\b\d{3}-\d{2}-\d{4}\b/g, // SSN
|
|
68
|
-
/sk-[a-zA-Z0-9]{
|
|
68
|
+
/sk-[a-zA-Z0-9]{20,}/g, // OpenAI API keys (20+ chars)
|
|
69
69
|
/ghp_[a-zA-Z0-9]{36}/g, // GitHub tokens
|
|
70
70
|
/AKIA[0-9A-Z]{16}/g, // AWS Access Keys
|
|
71
71
|
];
|
|
@@ -472,18 +472,13 @@ async function main() {
|
|
|
472
472
|
MCP Security Wrapper - MVP
|
|
473
473
|
|
|
474
474
|
Usage:
|
|
475
|
-
|
|
475
|
+
contextguard --server "node server.js" --config config.json
|
|
476
476
|
|
|
477
477
|
Options:
|
|
478
478
|
--server <command> Command to start the MCP server (required)
|
|
479
479
|
--config <file> Path to security config JSON file (optional)
|
|
480
480
|
--help Show this help message
|
|
481
481
|
|
|
482
|
-
Config file options:
|
|
483
|
-
logPath: Custom path for security log file (default: ./mcp_security.log)
|
|
484
|
-
|
|
485
|
-
Example:
|
|
486
|
-
npx ts-node mcp-security-wrapper.ts --server "node server.js" --config security.json
|
|
487
482
|
`);
|
|
488
483
|
process.exit(0);
|
|
489
484
|
}
|