curatedmcp 2.0.0

package/dist/guard/logger.js

@@ -0,0 +1,118 @@
+import fs from "fs";
+import path from "path";
+/**
+ * ActionLogger - Simple JSON-based persistent logger
+ * Production versions can migrate to proper SQLite
+ */
+export class ActionLogger {
+    constructor(dbPath) {
+        this.logs = [];
+        this.approvals = [];
+        this.dbPath = path.dirname(dbPath);
+        this.logsFile = path.join(this.dbPath, "action_logs.json");
+        this.approvalsFile = path.join(this.dbPath, "pending_approvals.json");
+        // Ensure directory exists
+        if (!fs.existsSync(this.dbPath)) {
+            fs.mkdirSync(this.dbPath, { recursive: true });
+        }
+        this.loadFromDisk();
+    }
+    loadFromDisk() {
+        try {
+            if (fs.existsSync(this.logsFile)) {
+                const data = fs.readFileSync(this.logsFile, "utf-8");
+                this.logs = JSON.parse(data);
+            }
+            if (fs.existsSync(this.approvalsFile)) {
+                const data = fs.readFileSync(this.approvalsFile, "utf-8");
+                this.approvals = JSON.parse(data);
+            }
+        }
+        catch (error) {
+            console.warn("Failed to load logs from disk:", error);
+            this.logs = [];
+            this.approvals = [];
+        }
+    }
+    saveToDisk() {
+        try {
+            fs.writeFileSync(this.logsFile, JSON.stringify(this.logs, null, 2));
+            fs.writeFileSync(this.approvalsFile, JSON.stringify(this.approvals, null, 2));
+        }
+        catch (error) {
+            console.error("Failed to save logs to disk:", error);
+        }
+    }
+    initializeSchema() {
+        // No-op for JSON-based storage
+    }
+    logAction(log) {
+        // Prevent duplicates
+        if (!this.logs.find((l) => l.requestId === log.requestId)) {
+            this.logs.push(log);
+            this.saveToDisk();
+        }
+    }
+    getPendingApprovals() {
+        const now = Date.now();
+        return this.approvals
+            .filter((a) => a.status === "PENDING" && a.expiresAt > now)
+            .sort((a, b) => b.requestedAt - a.requestedAt)
+            .slice(0, 100);
+    }
+    approveAction(requestId, approvedBy) {
+        // Update action logs
+        const log = this.logs.find((l) => l.requestId === requestId);
+        if (log) {
+            log.approvalStatus = "APPROVED";
+            log.approvedAt = Date.now();
+            log.approvedBy = approvedBy;
+        }
+        // Update pending approvals
+        const approval = this.approvals.find((a) => a.requestId === requestId);
+        if (approval) {
+            approval.status = "APPROVED";
+        }
+        this.saveToDisk();
+    }
+    rejectAction(requestId, reason) {
+        // Update action logs
+        const log = this.logs.find((l) => l.requestId === requestId);
+        if (log) {
+            log.approvalStatus = "REJECTED";
+            log.rejectionReason = reason;
+        }
+        // Update pending approvals
+        const approval = this.approvals.find((a) => a.requestId === requestId);
+        if (approval) {
+            approval.status = "REJECTED";
+        }
+        this.saveToDisk();
+    }
+    getRecentActions(limit = 50) {
+        return this.logs
+            .sort((a, b) => b.timestamp - a.timestamp)
+            .slice(0, limit);
+    }
+    purgeExpired(retentionMinutes) {
+        const expirationTime = Date.now() - retentionMinutes * 60 * 1000;
+        const initialLength = this.logs.length;
+        this.logs = this.logs.filter((log) => !log.expiresAt || log.expiresAt >= expirationTime);
+        const purged = initialLength - this.logs.length;
+        if (purged > 0) {
+            this.saveToDisk();
+        }
+        return purged;
+    }
+    getSummary() {
+        const total = this.logs.length;
+        const blocked = this.logs.filter((l) => l.action === "BLOCK").length;
+        const approved = this.logs.filter((l) => l.approvalStatus === "APPROVED").length;
+        const rejected = this.logs.filter((l) => l.approvalStatus === "REJECTED").length;
+        return { total, blocked, approved, rejected };
+    }
+    close() {
+        this.saveToDisk();
+    }
+}
+//# sourceMappingURL=logger.js.map

package/dist/guard/policy.d.ts

@@ -0,0 +1,19 @@
+import { PolicyRule, PolicyAction, SeverityLevel, ToolCallRequest } from "./types.js";
+export declare class PolicyEngine {
+    private rules;
+    private policyFilePath;
+    private readonly dangerousPatterns;
+    constructor(policyFilePath: string);
+    private loadPolicies;
+    private addDefaultPolicies;
+    evaluateToolCall(request: ToolCallRequest): {
+        action: PolicyAction;
+        ruleId?: string;
+        severity: SeverityLevel;
+    };
+    addRule(rule: PolicyRule): void;
+    removeRule(ruleId: string): void;
+    listRules(): PolicyRule[];
+    private savePolicies;
+}
+//# sourceMappingURL=policy.d.ts.map

package/dist/guard/policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../src/guard/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAItF,qBAAa,YAAY;IACvB,OAAO,CAAC,KAAK,CAAsC;IACnD,OAAO,CAAC,cAAc,CAAS;IAG/B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAIhC;gBAEU,cAAc,EAAE,MAAM;IAMlC,OAAO,CAAC,YAAY;IAYpB,OAAO,CAAC,kBAAkB;IA8B1B,gBAAgB,CAAC,OAAO,EAAE,eAAe,GAAG;QAC1C,MAAM,EAAE,YAAY,CAAC;QACrB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,aAAa,CAAC;KACzB;IAuDD,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAK/B,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAKhC,SAAS,IAAI,UAAU,EAAE;IAIzB,OAAO,CAAC,YAAY;CAIrB"}

package/dist/guard/policy.js

@@ -0,0 +1,108 @@
+import { minimatch } from "minimatch";
+import fs from "fs";
+export class PolicyEngine {
+    constructor(policyFilePath) {
+        this.rules = new Map();
+        // Dangerous patterns (default blocking rules)
+        this.dangerousPatterns = {
+            shell: ["sh", "bash", "zsh", "cmd", "powershell", "exec", "system"],
+            fileDelete: ["unlink", "rmdir", "rm", "del", "DeleteFile"],
+            secrets: ["SECRET", "TOKEN", "PASSWORD", "PRIVATE", "API_KEY", "CREDENTIAL"],
+        };
+        this.policyFilePath = policyFilePath;
+        this.loadPolicies();
+        this.addDefaultPolicies();
+    }
+    loadPolicies() {
+        try {
+            if (fs.existsSync(this.policyFilePath)) {
+                const data = fs.readFileSync(this.policyFilePath, "utf-8");
+                const policies = JSON.parse(data);
+                policies.forEach((rule) => this.rules.set(rule.id, rule));
+            }
+        }
+        catch (error) {
+            console.warn(`Failed to load policies: ${error}`);
+        }
+    }
+    addDefaultPolicies() {
+        // Only add defaults if no policies exist
+        if (this.rules.size === 0) {
+            const defaults = [
+                {
+                    id: "default-block-shell",
+                    name: "Block Shell Execution",
+                    serverName: "*",
+                    toolName: "*",
+                    action: "BLOCK",
+                    severity: "CRITICAL",
+                    enabled: true,
+                    createdAt: Date.now(),
+                },
+                {
+                    id: "default-block-file-delete",
+                    name: "Block File Deletion",
+                    serverName: "*",
+                    toolName: "*rm*",
+                    action: "BLOCK",
+                    severity: "CRITICAL",
+                    enabled: true,
+                    createdAt: Date.now(),
+                },
+            ];
+            defaults.forEach((rule) => this.rules.set(rule.id, rule));
+        }
+    }
+    evaluateToolCall(request) {
+        for (const rule of this.rules.values()) {
+            if (!rule.enabled)
+                continue;
+            // Check glob patterns
+            if (!minimatch(request.serverId, rule.serverName))
+                continue;
+            if (!minimatch(request.toolName, rule.toolName))
+                continue;
+            // Check argument patterns
+            if (rule.argumentContains && rule.argumentContains.length > 0) {
+                const argsJson = JSON.stringify(request.arguments);
+                const hasMatch = rule.argumentContains.some((pattern) => argsJson.includes(pattern));
+                if (!hasMatch)
+                    continue;
+            }
+            // Check dangerous patterns in arguments
+            const argsJson = JSON.stringify(request.arguments).toUpperCase();
+            if (this.dangerousPatterns.shell.some((pattern) => argsJson.includes(pattern.toUpperCase()))) {
+                return { action: "BLOCK", ruleId: rule.id, severity: "CRITICAL" };
+            }
+            if (this.dangerousPatterns.fileDelete.some((pattern) => argsJson.includes(pattern.toUpperCase()))) {
+                return { action: "BLOCK", ruleId: rule.id, severity: "CRITICAL" };
+            }
+            if (this.dangerousPatterns.secrets.some((pattern) => argsJson.includes(pattern))) {
+                return { action: "BLOCK", ruleId: rule.id, severity: "CRITICAL" };
+            }
+            return {
+                action: rule.action,
+                ruleId: rule.id,
+                severity: rule.severity,
+            };
+        }
+        // Default: allow if no rules match
+        return { action: "ALLOW", severity: "INFO" };
+    }
+    addRule(rule) {
+        this.rules.set(rule.id, rule);
+        this.savePolicies();
+    }
+    removeRule(ruleId) {
+        this.rules.delete(ruleId);
+        this.savePolicies();
+    }
+    listRules() {
+        return Array.from(this.rules.values());
+    }
+    savePolicies() {
+        const policies = Array.from(this.rules.values());
+        fs.writeFileSync(this.policyFilePath, JSON.stringify(policies, null, 2));
+    }
+}
+//# sourceMappingURL=policy.js.map

package/dist/guard/proxy.d.ts

@@ -0,0 +1,29 @@
+import { CuratedBroker } from "./broker.js";
+/**
+ * SentinelProxy intercepts MCP tool calls, evaluates them against local policies,
+ * and optionally syncs identity + audit to the curatedmcp.com control plane.
+ */
+export declare class SentinelProxy {
+    private policyEngine;
+    private actionLogger;
+    private downstreamCommand;
+    private broker;
+    constructor(policyFilePath: string, dbPath: string, downstreamCommand: string, broker?: CuratedBroker | null);
+    /**
+     * Evaluate a tool call request against local policies and the cloud broker.
+     * Local policy always wins: a local BLOCK is never overridden by the broker.
+     * Broker verify is fail-open: if unreachable, the local decision stands.
+     */
+    evaluateRequest(toolName: string, serverId: string, args: Record<string, unknown>): Promise<{
+        success: boolean;
+        requestId: `${string}-${string}-${string}-${string}-${string}`;
+        decision: {
+            action: import("./types.js").PolicyAction;
+            ruleId?: string;
+            severity: import("./types.js").SeverityLevel;
+        };
+    }>;
+    start(): Promise<void>;
+    shutdown(): void;
+}
+//# sourceMappingURL=proxy.d.ts.map

package/dist/guard/proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../../src/guard/proxy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAI5C;;;GAGG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,iBAAiB,CAAS;IAClC,OAAO,CAAC,MAAM,CAAuB;gBAGnC,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,MAAM,EACzB,MAAM,CAAC,EAAE,aAAa,GAAG,IAAI;IAQ/B;;;;OAIG;IACG,eAAe,CACnB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;;;;;;;;;IAmFzB,KAAK;IAcX,QAAQ;CAGT"}

package/dist/guard/proxy.js

@@ -0,0 +1,109 @@
+import { PolicyEngine } from "./policy.js";
+import { ActionLogger } from "./logger.js";
+import { randomUUID } from "crypto";
+/**
+ * SentinelProxy intercepts MCP tool calls, evaluates them against local policies,
+ * and optionally syncs identity + audit to the curatedmcp.com control plane.
+ */
+export class SentinelProxy {
+    constructor(policyFilePath, dbPath, downstreamCommand, broker) {
+        this.policyEngine = new PolicyEngine(policyFilePath);
+        this.actionLogger = new ActionLogger(dbPath);
+        this.downstreamCommand = downstreamCommand;
+        this.broker = broker ?? null;
+    }
+    /**
+     * Evaluate a tool call request against local policies and the cloud broker.
+     * Local policy always wins: a local BLOCK is never overridden by the broker.
+     * Broker verify is fail-open: if unreachable, the local decision stands.
+     */
+    async evaluateRequest(toolName, serverId, args) {
+        const requestId = randomUUID();
+        const timestamp = Date.now();
+        const toolCall = {
+            id: requestId,
+            serverId,
+            toolName,
+            arguments: args,
+            timestamp,
+        };
+        // 1. Local policy evaluation (always runs)
+        const decision = this.policyEngine.evaluateToolCall(toolCall);
+        const log = {
+            id: randomUUID(),
+            requestId,
+            serverId,
+            toolName,
+            arguments: JSON.stringify(args),
+            action: decision.action,
+            severity: decision.severity,
+            ruleId: decision.ruleId,
+            approvalStatus: decision.action === "REQUIRE_APPROVAL" ? "PENDING" : "CLEARED",
+            timestamp,
+            expiresAt: timestamp + 24 * 60 * 60 * 1000,
+        };
+        this.actionLogger.logAction(log);
+        if (decision.action === "BLOCK") {
+            // Log block to broker (fire-and-forget)
+            this.broker?.logInvocation({
+                serverSlug: serverId,
+                toolName,
+                args,
+                outcome: "BLOCKED",
+                blockReason: decision.ruleId ?? "local_policy",
+                latencyMs: Date.now() - timestamp,
+            });
+            throw new Error(`Tool call blocked by policy: ${decision.ruleId ?? "unknown"}`);
+        }
+        if (decision.action === "REQUIRE_APPROVAL") {
+            throw new Error(`Tool call requires approval: ${requestId}`);
+        }
+        // 2. Cloud broker verify (only when connected; fail-open)
+        let jitTokenId;
+        if (this.broker) {
+            const jitToken = await this.broker.getJitToken(serverId);
+            if (jitToken) {
+                const verify = await this.broker.verify(jitToken, serverId, toolName);
+                if (!verify.allowed) {
+                    this.broker.logInvocation({
+                        serverSlug: serverId,
+                        toolName,
+                        args,
+                        outcome: "BLOCKED",
+                        blockReason: verify.reason ?? "broker_denied",
+                        latencyMs: Date.now() - timestamp,
+                    });
+                    throw new Error(`Tool call denied by registry: ${verify.reason ?? "policy"}`);
+                }
+                jitTokenId = verify.jitTokenId;
+            }
+        }
+        // 3. Log allowed invocation to broker (fire-and-forget)
+        this.broker?.logInvocation({
+            serverSlug: serverId,
+            toolName,
+            args,
+            outcome: "ALLOWED",
+            latencyMs: Date.now() - timestamp,
+            jitTokenId,
+        });
+        return { success: true, requestId, decision };
+    }
+    async start() {
+        // Register with broker on startup (idempotent)
+        if (this.broker) {
+            const id = await this.broker.register(`Sentinel — ${this.downstreamCommand.split(" ")[0]}`);
+            if (id) {
+                console.log(`🔐 Connected to CuratedMCP registry (identity: ${id.slice(0, 8)}…)`);
+            }
+            else {
+                console.warn("⚠️  CuratedMCP broker configured but registration failed — running in local-only mode");
+            }
+        }
+        console.log(`🔗 Sentinel Proxy initialized for: ${this.downstreamCommand}`);
+    }
+    shutdown() {
+        this.actionLogger.close();
+    }
+}
+//# sourceMappingURL=proxy.js.map

package/dist/guard/types.d.ts

@@ -0,0 +1,70 @@
+export type PolicyAction = "ALLOW" | "BLOCK" | "REQUIRE_APPROVAL";
+export type SeverityLevel = "INFO" | "WARNING" | "CRITICAL";
+export type ApprovalStatus = "PENDING" | "APPROVED" | "REJECTED" | "CLEARED";
+export interface PolicyRule {
+    id: string;
+    name: string;
+    serverName: string;
+    toolName: string;
+    argumentContains?: string[];
+    action: PolicyAction;
+    severity: SeverityLevel;
+    enabled: boolean;
+    createdAt: number;
+}
+export interface ToolCallRequest {
+    id: string;
+    serverId: string;
+    toolName: string;
+    arguments: Record<string, unknown>;
+    timestamp: number;
+}
+export interface ActionLog {
+    id: string;
+    requestId: string;
+    serverId: string;
+    toolName: string;
+    arguments: string;
+    action: PolicyAction;
+    severity: SeverityLevel;
+    ruleId?: string;
+    approvalStatus: ApprovalStatus;
+    approvedAt?: number;
+    approvedBy?: string;
+    rejectionReason?: string;
+    timestamp: number;
+    expiresAt?: number;
+}
+export interface PendingApproval {
+    id: string;
+    requestId: string;
+    serverId: string;
+    toolName: string;
+    arguments: string;
+    ruleId: string;
+    requestedAt: number;
+    expiresAt: number;
+    status: "PENDING" | "APPROVED" | "REJECTED";
+}
+export interface DashboardData {
+    summary: {
+        totalLogs: number;
+        blockedCount: number;
+        approvedCount: number;
+        rejectedCount: number;
+    };
+    recentActions: ActionLog[];
+    pendingApprovals: PendingApproval[];
+    activePolicies: PolicyRule[];
+    retentionMinutes: number;
+}
+export interface SentinelConfig {
+    policyFile: string;
+    dbPath: string;
+    dashboardPort: number;
+    retentionMinutes: number;
+    licenseKey?: string;
+    offlineMode: boolean;
+    telemetryEnabled: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/guard/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/guard/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,OAAO,GAAG,kBAAkB,CAAC;AAClE,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;AAC5D,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC;AAE7E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,aAAa,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,YAAY,CAAC;IACrB,QAAQ,EAAE,aAAa,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,cAAc,CAAC;IAC/B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,CAAC;CAC7C;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;QACrB,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,aAAa,EAAE,SAAS,EAAE,CAAC;IAC3B,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,cAAc,EAAE,UAAU,EAAE,CAAC;IAC7B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,gBAAgB,EAAE,OAAO,CAAC;CAC3B"}

package/dist/guard/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}