contextguard 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent.js +7 -0
- package/dist/cli.js +32 -2
- package/dist/init.d.ts +1 -1
- package/dist/init.js +10 -5
- package/dist/lib/supabase-client.js +1 -1
- package/dist/logger.js +8 -4
- package/package.json +2 -2
package/dist/agent.js
CHANGED
|
@@ -309,6 +309,13 @@ const createAgent = (serverCommand, policyConfig = {}, supabaseConfig) => {
|
|
|
309
309
|
}
|
|
310
310
|
// Update agent status to online
|
|
311
311
|
await supabaseClient.updateAgentStatus(supabaseConfig.agentId, "online");
|
|
312
|
+
// Send periodic heartbeats every 30 seconds
|
|
313
|
+
const heartbeatInterval = setInterval(() => {
|
|
314
|
+
supabaseClient
|
|
315
|
+
.updateAgentStatus(supabaseConfig.agentId, "online")
|
|
316
|
+
.catch(() => { });
|
|
317
|
+
}, 30000);
|
|
318
|
+
heartbeatInterval.unref();
|
|
312
319
|
}
|
|
313
320
|
state.process = (0, child_process_1.spawn)(serverCommand[0], serverCommand.slice(1), {
|
|
314
321
|
stdio: ["pipe", "pipe", "pipe"],
|
package/dist/cli.js
CHANGED
|
@@ -42,6 +42,7 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
42
42
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
43
43
|
exports.main = main;
|
|
44
44
|
const fs = __importStar(require("fs"));
|
|
45
|
+
const os = __importStar(require("os"));
|
|
45
46
|
const agent_1 = require("./agent");
|
|
46
47
|
const sse_proxy_1 = require("./sse-proxy");
|
|
47
48
|
const policy_1 = require("./policy");
|
|
@@ -250,8 +251,37 @@ async function main() {
|
|
|
250
251
|
agentId: process.env.AGENT_ID || "default-agent",
|
|
251
252
|
}
|
|
252
253
|
: undefined;
|
|
253
|
-
|
|
254
|
-
|
|
254
|
+
// Supabase integration is configured silently to avoid polluting stderr
|
|
255
|
+
// Start REST-based heartbeat if CONTEXTGUARD_API_KEY is set
|
|
256
|
+
const cgApiKey = process.env.CONTEXTGUARD_API_KEY;
|
|
257
|
+
if (cgApiKey) {
|
|
258
|
+
const baseUrl = process.env.CONTEXTGUARD_BASE_URL || "https://contextguard.dev";
|
|
259
|
+
const agentId = process.env.AGENT_ID || `${os.hostname()}-${process.pid}`;
|
|
260
|
+
const sendHeartbeat = async () => {
|
|
261
|
+
try {
|
|
262
|
+
await fetch(`${baseUrl}/api/agents/heartbeat`, {
|
|
263
|
+
method: "POST",
|
|
264
|
+
headers: {
|
|
265
|
+
"Content-Type": "application/json",
|
|
266
|
+
Authorization: `Bearer ${cgApiKey}`,
|
|
267
|
+
},
|
|
268
|
+
body: JSON.stringify({
|
|
269
|
+
agent_id: agentId,
|
|
270
|
+
name: agentId,
|
|
271
|
+
hostname: os.hostname(),
|
|
272
|
+
version: process.env.npm_package_version || "unknown",
|
|
273
|
+
mcp_server_command: serverCommand,
|
|
274
|
+
}),
|
|
275
|
+
});
|
|
276
|
+
}
|
|
277
|
+
catch {
|
|
278
|
+
// silently ignore — don't break the agent if dashboard is unreachable
|
|
279
|
+
}
|
|
280
|
+
};
|
|
281
|
+
sendHeartbeat();
|
|
282
|
+
const interval = setInterval(sendHeartbeat, 30000);
|
|
283
|
+
interval.unref();
|
|
284
|
+
// Heartbeat configured silently to avoid polluting stderr
|
|
255
285
|
}
|
|
256
286
|
// Create and start agent
|
|
257
287
|
const agent = (0, agent_1.createAgent)(parseCommand(serverCommand), config, supabaseConfig);
|
package/dist/init.d.ts
CHANGED
package/dist/init.js
CHANGED
|
@@ -68,9 +68,13 @@ function findConfigPath() {
|
|
|
68
68
|
}
|
|
69
69
|
// ── Wrapping helpers ─────────────────────────────────────────────────────────
|
|
70
70
|
function isAlreadyWrapped(server) {
|
|
71
|
-
if (server.command === "contextguard")
|
|
71
|
+
if (server.command === "npx" && server.args?.[1] === "contextguard") {
|
|
72
72
|
return true;
|
|
73
|
-
|
|
73
|
+
}
|
|
74
|
+
if (server.command === "contextguard") {
|
|
75
|
+
return true;
|
|
76
|
+
}
|
|
77
|
+
return false;
|
|
74
78
|
}
|
|
75
79
|
/**
|
|
76
80
|
* Wrap an MCP server entry:
|
|
@@ -106,7 +110,7 @@ function parseInitArgs(argv) {
|
|
|
106
110
|
return { apiKey, configPath, dryRun };
|
|
107
111
|
}
|
|
108
112
|
// ── Main ─────────────────────────────────────────────────────────────────────
|
|
109
|
-
|
|
113
|
+
function runInit(argv) {
|
|
110
114
|
const { apiKey, configPath: customPath, dryRun } = parseInitArgs(argv);
|
|
111
115
|
if (!apiKey) {
|
|
112
116
|
console.error("\n❌ Missing required argument: --api-key <key>\n" +
|
|
@@ -126,8 +130,9 @@ async function runInit(argv) {
|
|
|
126
130
|
try {
|
|
127
131
|
config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
|
|
128
132
|
}
|
|
129
|
-
catch {
|
|
130
|
-
console.error(`\n❌ Failed to parse config: ${configPath}
|
|
133
|
+
catch (err) {
|
|
134
|
+
console.error(`\n❌ Failed to parse config: ${configPath}`);
|
|
135
|
+
console.error(` Error: ${err instanceof Error ? err.message : String(err)}\n`);
|
|
131
136
|
process.exit(1);
|
|
132
137
|
}
|
|
133
138
|
const servers = { ...(config.mcpServers ?? {}) };
|
package/dist/logger.js
CHANGED
|
@@ -41,6 +41,8 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
41
41
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
42
|
exports.createLogger = void 0;
|
|
43
43
|
const fs = __importStar(require("fs"));
|
|
44
|
+
const os = __importStar(require("os"));
|
|
45
|
+
const path = __importStar(require("path"));
|
|
44
46
|
const MAX_STORED_EVENTS = 1000;
|
|
45
47
|
/**
|
|
46
48
|
* Count events by a specific field
|
|
@@ -77,7 +79,7 @@ const fireWebhookAlert = (webhookUrl, event) => {
|
|
|
77
79
|
* @param alertOnSeverity - Severity levels that trigger webhook alerts
|
|
78
80
|
* @returns Logger functions
|
|
79
81
|
*/
|
|
80
|
-
const createLogger = (logFile = "mcp_security.log", supabaseClient, agentId = "", alertWebhook, alertOnSeverity = ["HIGH", "CRITICAL"]) => {
|
|
82
|
+
const createLogger = (logFile = path.join(os.homedir(), ".contextguard", "mcp_security.log"), supabaseClient, agentId = "", alertWebhook, alertOnSeverity = ["HIGH", "CRITICAL"]) => {
|
|
81
83
|
let events = [];
|
|
82
84
|
return {
|
|
83
85
|
/**
|
|
@@ -99,12 +101,14 @@ const createLogger = (logFile = "mcp_security.log", supabaseClient, agentId = ""
|
|
|
99
101
|
if (events.length > MAX_STORED_EVENTS) {
|
|
100
102
|
events = events.slice(-MAX_STORED_EVENTS);
|
|
101
103
|
}
|
|
102
|
-
// Write to log file
|
|
104
|
+
// Write to log file (silently fail if filesystem is read-only)
|
|
103
105
|
try {
|
|
106
|
+
fs.mkdirSync(path.dirname(logFile), { recursive: true });
|
|
104
107
|
fs.appendFileSync(logFile, JSON.stringify(event) + "\n");
|
|
105
108
|
}
|
|
106
|
-
catch
|
|
107
|
-
|
|
109
|
+
catch {
|
|
110
|
+
// Silently ignore filesystem errors to avoid polluting stderr
|
|
111
|
+
// This can happen in read-only environments like Claude Desktop
|
|
108
112
|
}
|
|
109
113
|
// Alert on high/critical severity
|
|
110
114
|
if (severity === "HIGH" || severity === "CRITICAL") {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "contextguard",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.2",
|
|
4
4
|
"description": "Security monitoring wrapper for MCP servers with enterprise features",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -67,4 +67,4 @@
|
|
|
67
67
|
"@anthropic-ai/sdk": "^0.54.0",
|
|
68
68
|
"@supabase/supabase-js": "^2.79.0"
|
|
69
69
|
}
|
|
70
|
-
}
|
|
70
|
+
}
|