defense-mcp-server 0.9.2 ā†’ 0.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (69) hide show
  1. package/build/core/auto-installer.js +31 -31
  2. package/build/core/command-allowlist.js +1 -1
  3. package/build/core/dependency-validator.js +9 -9
  4. package/build/core/distro-adapter.d.ts +0 -5
  5. package/build/core/distro-adapter.d.ts.map +1 -1
  6. package/build/core/distro-adapter.js +0 -7
  7. package/build/core/distro.d.ts +0 -11
  8. package/build/core/distro.d.ts.map +1 -1
  9. package/build/core/distro.js +0 -48
  10. package/build/core/encrypted-state.d.ts +0 -7
  11. package/build/core/encrypted-state.d.ts.map +1 -1
  12. package/build/core/encrypted-state.js +0 -7
  13. package/build/core/logger.js +1 -1
  14. package/build/core/pam-utils.js +1 -1
  15. package/build/core/parsers.js +1 -1
  16. package/build/core/preflight.d.ts +4 -4
  17. package/build/core/preflight.js +13 -13
  18. package/build/core/progress.js +20 -20
  19. package/build/core/run-command.d.ts +14 -0
  20. package/build/core/run-command.d.ts.map +1 -0
  21. package/build/core/run-command.js +46 -0
  22. package/build/core/spawn-safe.d.ts +6 -6
  23. package/build/core/spawn-safe.d.ts.map +1 -1
  24. package/build/core/sudo-guard.js +4 -4
  25. package/build/core/third-party-installer.js +4 -4
  26. package/build/core/tool-wrapper.js +3 -3
  27. package/build/tools/access-control.js +6 -6
  28. package/build/tools/api-security.d.ts.map +1 -1
  29. package/build/tools/api-security.js +5 -51
  30. package/build/tools/app-hardening.d.ts.map +1 -1
  31. package/build/tools/app-hardening.js +23 -25
  32. package/build/tools/cloud-security.d.ts.map +1 -1
  33. package/build/tools/cloud-security.js +5 -51
  34. package/build/tools/compliance.d.ts.map +1 -1
  35. package/build/tools/compliance.js +9 -13
  36. package/build/tools/container-security.d.ts.map +1 -1
  37. package/build/tools/container-security.js +51 -52
  38. package/build/tools/deception.d.ts.map +1 -1
  39. package/build/tools/deception.js +8 -54
  40. package/build/tools/dns-security.d.ts.map +1 -1
  41. package/build/tools/dns-security.js +2 -48
  42. package/build/tools/encryption.d.ts.map +1 -1
  43. package/build/tools/encryption.js +86 -87
  44. package/build/tools/firewall.d.ts.map +1 -1
  45. package/build/tools/firewall.js +324 -30
  46. package/build/tools/hardening.d.ts.map +1 -1
  47. package/build/tools/hardening.js +12 -13
  48. package/build/tools/incident-response.d.ts.map +1 -1
  49. package/build/tools/incident-response.js +3 -3
  50. package/build/tools/logging.d.ts.map +1 -1
  51. package/build/tools/logging.js +17 -59
  52. package/build/tools/malware.js +2 -2
  53. package/build/tools/meta.d.ts.map +1 -1
  54. package/build/tools/meta.js +86 -165
  55. package/build/tools/network-defense.d.ts.map +1 -1
  56. package/build/tools/network-defense.js +3 -3
  57. package/build/tools/patch-management.js +8 -8
  58. package/build/tools/process-security.d.ts.map +1 -1
  59. package/build/tools/process-security.js +38 -92
  60. package/build/tools/sudo-management.js +36 -36
  61. package/build/tools/threat-intel.d.ts.map +1 -1
  62. package/build/tools/threat-intel.js +2 -48
  63. package/build/tools/vulnerability-management.d.ts.map +1 -1
  64. package/build/tools/vulnerability-management.js +3 -49
  65. package/build/tools/waf.d.ts.map +1 -1
  66. package/build/tools/waf.js +47 -93
  67. package/build/tools/wireless-security.d.ts.map +1 -1
  68. package/build/tools/wireless-security.js +9 -55
  69. package/package.json +4 -2
package/build/tools/encryption.js CHANGED
@@ -174,8 +174,8 @@ export function registerEncryptionTools(server) {
174
174
  try {
175
175
  const validHost = validateTarget(host);
176
176
  const sections = [];
177
- sections.push(`šŸ” TLS/SSL Audit: ${validHost}:${port}`);
178
- sections.push("=".repeat(50));
177
+ sections.push(`TLS/SSL Audit: ${validHost}:${port}`);
178
+ sections.push("");
179
179
  // Basic connection test
180
180
  const connResult = await executeCommand({
181
181
  command: "openssl",
@@ -200,7 +200,7 @@ export function registerEncryptionTools(server) {
200
200
  isError: true,
201
201
  };
202
202
  }
203
- sections.push("\nšŸ“” Connection Info:");
203
+ sections.push("\nConnection Info:");
204
204
  const protocolMatch = fullOutput.match(/Protocol\s*:\s*(\S+)/);
205
205
  const cipherMatch = fullOutput.match(/Cipher\s*:\s*(\S+)/);
206
206
  if (protocolMatch)
@@ -222,7 +222,7 @@ export function registerEncryptionTools(server) {
222
222
  });
223
223
  const detailOutput = detailResult.stdout + "\n" + detailResult.stderr;
224
224
  if (check_certificate) {
225
- sections.push("\nšŸ“œ Certificate Details:");
225
+ sections.push("\nCertificate Details:");
226
226
  const subjectMatch = detailOutput.match(/subject=([^\n]+)/);
227
227
  const issuerMatch = detailOutput.match(/issuer=([^\n]+)/);
228
228
  const datesMatch = detailOutput.match(/Not Before:\s*([^\n]+)[\s\S]*?Not After\s*:\s*([^\n]+)/);
@@ -238,48 +238,48 @@ export function registerEncryptionTools(server) {
238
238
  const now = new Date();
239
239
  const daysLeft = Math.floor((expiryDate.getTime() - now.getTime()) / (1000 * 60 * 60 * 24));
240
240
  if (daysLeft < 0) {
241
- sections.push(` ā›” EXPIRED ${Math.abs(daysLeft)} days ago`);
241
+ sections.push(` CRITICAL: EXPIRED ${Math.abs(daysLeft)} days ago`);
242
242
  }
243
243
  else if (daysLeft < 30) {
244
- sections.push(` āš ļø WARNING: Expires in ${daysLeft} days`);
244
+ sections.push(` WARNING: Expires in ${daysLeft} days`);
245
245
  }
246
246
  else {
247
- sections.push(` āœ… Valid for ${daysLeft} more days`);
247
+ sections.push(` Valid for ${daysLeft} more days`);
248
248
  }
249
249
  }
250
250
  if (verifyMatch) {
251
251
  const code = parseInt(verifyMatch[1], 10);
252
252
  const reason = verifyMatch[2];
253
253
  if (code === 0) {
254
- sections.push(` āœ… Verification: OK`);
254
+ sections.push(` Verification: OK`);
255
255
  }
256
256
  else {
257
- sections.push(` ā›” Verification FAILED: ${reason} (code ${code})`);
257
+ sections.push(` CRITICAL: Verification FAILED: ${reason} (code ${code})`);
258
258
  }
259
259
  }
260
260
  if (detailOutput.includes("self signed certificate") ||
261
261
  detailOutput.includes("self-signed")) {
262
- sections.push(` āš ļø Self-signed certificate detected`);
262
+ sections.push(` WARNING: Self-signed certificate detected`);
263
263
  }
264
264
  }
265
265
  if (check_ciphers) {
266
- sections.push("\nšŸ”‘ Cipher Analysis:");
266
+ sections.push("\nCipher Analysis:");
267
267
  const weakFound = checkWeakCiphers(detailOutput);
268
268
  if (weakFound.length > 0) {
269
- sections.push(` ā›” Weak ciphers detected: ${weakFound.join(", ")}`);
269
+ sections.push(` Weak ciphers detected: ${weakFound.join(", ")}`);
270
270
  }
271
271
  else {
272
- sections.push(` āœ… No known weak ciphers detected in connection`);
272
+ sections.push(` No known weak ciphers detected in connection`);
273
273
  }
274
274
  }
275
275
  if (check_protocols) {
276
- sections.push("\nšŸ”’ Protocol Analysis:");
276
+ sections.push("\nProtocol Analysis:");
277
277
  const weakProtos = checkWeakProtocols(detailOutput);
278
278
  if (weakProtos.length > 0) {
279
- sections.push(` ā›” Weak protocols detected: ${weakProtos.join(", ")}`);
279
+ sections.push(` Weak protocols detected: ${weakProtos.join(", ")}`);
280
280
  }
281
281
  else {
282
- sections.push(` āœ… No weak protocols detected in connection`);
282
+ sections.push(` No weak protocols detected in connection`);
283
283
  }
284
284
  const testProtocols = [
285
285
  { name: "TLSv1", arg: "-tls1" },
@@ -308,18 +308,18 @@ export function registerEncryptionTools(server) {
308
308
  !protoOutput.includes("no protocols available"));
309
309
  if (proto.name === "TLSv1" || proto.name === "TLSv1.1") {
310
310
  if (connected) {
311
- sections.push(` āš ļø ${proto.name}: Supported (deprecated, should be disabled)`);
311
+ sections.push(` WARNING: ${proto.name}: Supported (deprecated, should be disabled)`);
312
312
  }
313
313
  else {
314
- sections.push(` āœ… ${proto.name}: Not supported (good)`);
314
+ sections.push(` ${proto.name}: Not supported (good)`);
315
315
  }
316
316
  }
317
317
  else {
318
318
  if (connected) {
319
- sections.push(` āœ… ${proto.name}: Supported`);
319
+ sections.push(` ${proto.name}: Supported`);
320
320
  }
321
321
  else {
322
- sections.push(` ā„¹ļø ${proto.name}: Not supported`);
322
+ sections.push(` INFO: ${proto.name}: Not supported`);
323
323
  }
324
324
  }
325
325
  }
@@ -344,8 +344,8 @@ export function registerEncryptionTools(server) {
344
344
  };
345
345
  }
346
346
  const sections = [];
347
- sections.push("šŸ“… Certificate Expiry Check");
348
- sections.push("=".repeat(40));
347
+ sections.push("Certificate Expiry Check");
348
+ sections.push("");
349
349
  let endDate = "";
350
350
  let subject = "";
351
351
  let issuer = "";
@@ -433,15 +433,15 @@ export function registerEncryptionTools(server) {
433
433
  let status;
434
434
  if (daysLeft < 0) {
435
435
  status = "CRITICAL";
436
- sections.push(`\nā›” Status: ${status} - Certificate EXPIRED ${Math.abs(daysLeft)} days ago`);
436
+ sections.push(`\nCRITICAL: Status: ${status} - Certificate EXPIRED ${Math.abs(daysLeft)} days ago`);
437
437
  }
438
438
  else if (daysLeft <= warn_days) {
439
439
  status = "WARNING";
440
- sections.push(`\nāš ļø Status: ${status} - Certificate expires in ${daysLeft} days (threshold: ${warn_days})`);
440
+ sections.push(`\nWARNING: Status: ${status} - Certificate expires in ${daysLeft} days (threshold: ${warn_days})`);
441
441
  }
442
442
  else {
443
443
  status = "OK";
444
- sections.push(`\nāœ… Status: ${status} - Certificate valid for ${daysLeft} more days`);
444
+ sections.push(`\nStatus: ${status} - Certificate valid for ${daysLeft} more days`);
445
445
  }
446
446
  return { content: [createTextContent(sections.join("\n"))] };
447
447
  }
@@ -455,8 +455,8 @@ export function registerEncryptionTools(server) {
455
455
  const { service } = params;
456
456
  try {
457
457
  const sections = [];
458
- sections.push("šŸ” TLS Configuration Audit");
459
- sections.push("=".repeat(40));
458
+ sections.push("TLS Configuration Audit");
459
+ sections.push("");
460
460
  const findings = [];
461
461
  if (service === "apache" || service === "all") {
462
462
  sections.push("\nā”€ā”€ Apache TLS Configuration ā”€ā”€");
@@ -591,18 +591,18 @@ export function registerEncryptionTools(server) {
591
591
  }
592
592
  sections.push("\nā”€ā”€ Findings Summary ā”€ā”€");
593
593
  if (findings.length === 0) {
594
- sections.push(" āœ… No critical TLS configuration issues found.");
594
+ sections.push(" No critical TLS configuration issues found.");
595
595
  }
596
596
  else {
597
597
  const criticals = findings.filter((f) => f.level === "CRITICAL");
598
598
  const warnings = findings.filter((f) => f.level === "WARNING");
599
599
  if (criticals.length > 0) {
600
- sections.push(`\n ā›” Critical (${criticals.length}):`);
600
+ sections.push(`\n CRITICAL: Critical (${criticals.length}):`);
601
601
  for (const f of criticals)
602
602
  sections.push(` - ${f.msg}`);
603
603
  }
604
604
  if (warnings.length > 0) {
605
- sections.push(`\n āš ļø Warnings (${warnings.length}):`);
605
+ sections.push(`\n WARNING: Warnings (${warnings.length}):`);
606
606
  for (const f of warnings)
607
607
  sections.push(` - ${f.msg}`);
608
608
  }
@@ -618,8 +618,8 @@ export function registerEncryptionTools(server) {
618
618
  case "gpg_list": {
619
619
  try {
620
620
  const sections = [];
621
- sections.push(`šŸ”‘ GPG Key Management: list`);
622
- sections.push("=".repeat(40));
621
+ sections.push(`GPG Key Management: list`);
622
+ sections.push("");
623
623
  const result = await executeCommand({
624
624
  command: "gpg",
625
625
  args: ["--list-keys", "--keyid-format", "long"],
@@ -656,8 +656,8 @@ export function registerEncryptionTools(server) {
656
656
  const { dry_run } = params;
657
657
  try {
658
658
  const sections = [];
659
- sections.push(`šŸ”‘ GPG Key Management: generate`);
660
- sections.push("=".repeat(40));
659
+ sections.push(`GPG Key Management: generate`);
660
+ sections.push("");
661
661
  if (dry_run ?? getConfig().dryRun) {
662
662
  sections.push("\n[DRY RUN] Would generate a new GPG key pair.");
663
663
  sections.push("Command: gpg --full-generate-key");
@@ -675,7 +675,7 @@ export function registerEncryptionTools(server) {
675
675
  sections.push(" %commit");
676
676
  }
677
677
  else {
678
- sections.push("āš ļø Interactive GPG key generation cannot be run in non-interactive mode.");
678
+ sections.push("Interactive GPG key generation cannot be run in non-interactive mode.");
679
679
  sections.push("Use 'gpg --batch --gen-key <batch_file>' for non-interactive generation.");
680
680
  }
681
681
  return { content: [createTextContent(sections.join("\n"))] };
@@ -697,8 +697,8 @@ export function registerEncryptionTools(server) {
697
697
  }
698
698
  sanitizeArgs([key_id]);
699
699
  const sections = [];
700
- sections.push(`šŸ”‘ GPG Key Management: export`);
701
- sections.push("=".repeat(40));
700
+ sections.push(`GPG Key Management: export`);
701
+ sections.push("");
702
702
  const result = await executeCommand({
703
703
  command: "gpg",
704
704
  args: ["--export", "--armor", key_id],
@@ -734,8 +734,8 @@ export function registerEncryptionTools(server) {
734
734
  // TOOL-023: Validate key file path with containment check
735
735
  validateKeyPath(file_path);
736
736
  const sections = [];
737
- sections.push(`šŸ”‘ GPG Key Management: import`);
738
- sections.push("=".repeat(40));
737
+ sections.push(`GPG Key Management: import`);
738
+ sections.push("");
739
739
  if (dry_run ?? getConfig().dryRun) {
740
740
  sections.push(`\n[DRY RUN] Would import GPG key from: ${file_path}`);
741
741
  sections.push(`Command: gpg --import ${file_path}`);
@@ -753,7 +753,7 @@ export function registerEncryptionTools(server) {
753
753
  isError: true,
754
754
  };
755
755
  }
756
- sections.push(`\nāœ… Key imported from: ${file_path}`);
756
+ sections.push(`\nKey imported from: ${file_path}`);
757
757
  sections.push(result.stderr || result.stdout);
758
758
  logChange(createChangeEntry({
759
759
  tool: "crypto",
@@ -785,8 +785,8 @@ export function registerEncryptionTools(server) {
785
785
  // TOOL-023: Validate key file path with containment check
786
786
  validateKeyPath(file_path);
787
787
  const sections = [];
788
- sections.push(`šŸ”‘ GPG Key Management: verify`);
789
- sections.push("=".repeat(40));
788
+ sections.push(`GPG Key Management: verify`);
789
+ sections.push("");
790
790
  const result = await executeCommand({
791
791
  command: "gpg",
792
792
  args: ["--verify", file_path],
@@ -795,10 +795,10 @@ export function registerEncryptionTools(server) {
795
795
  });
796
796
  const output = result.stderr || result.stdout;
797
797
  if (result.exitCode !== 0) {
798
- sections.push(`\nā›” Signature verification FAILED for: ${file_path}`);
798
+ sections.push(`\nCRITICAL: Signature verification FAILED for: ${file_path}`);
799
799
  }
800
800
  else {
801
- sections.push(`\nāœ… Signature verification PASSED for: ${file_path}`);
801
+ sections.push(`\nSignature verification PASSED for: ${file_path}`);
802
802
  }
803
803
  sections.push(output);
804
804
  return { content: [createTextContent(sections.join("\n"))] };
@@ -820,8 +820,8 @@ export function registerEncryptionTools(server) {
820
820
  }
821
821
  sanitizeArgs([name]);
822
822
  const sections = [];
823
- sections.push(`šŸ” LUKS Volume Management: status`);
824
- sections.push("=".repeat(40));
823
+ sections.push(`LUKS Volume Management: status`);
824
+ sections.push("");
825
825
  const result = await executeCommand({
826
826
  command: "sudo",
827
827
  args: ["cryptsetup", "status", name],
@@ -829,7 +829,7 @@ export function registerEncryptionTools(server) {
829
829
  timeout: getToolTimeout("crypto_luks_manage"),
830
830
  });
831
831
  if (result.exitCode !== 0) {
832
- sections.push(`\nāš ļø Device mapper '${name}' not found or not active.`);
832
+ sections.push(`\nWARNING: Device mapper '${name}' not found or not active.`);
833
833
  sections.push(result.stderr || result.stdout);
834
834
  }
835
835
  else {
@@ -856,8 +856,8 @@ export function registerEncryptionTools(server) {
856
856
  sanitizeArgs([device]);
857
857
  assertNoTraversal(device);
858
858
  const sections = [];
859
- sections.push(`šŸ” LUKS Volume Management: dump`);
860
- sections.push("=".repeat(40));
859
+ sections.push(`LUKS Volume Management: dump`);
860
+ sections.push("");
861
861
  const result = await executeCommand({
862
862
  command: "sudo",
863
863
  args: ["cryptsetup", "luksDump", device],
@@ -892,8 +892,8 @@ export function registerEncryptionTools(server) {
892
892
  sanitizeArgs([device, name]);
893
893
  assertNoTraversal(device);
894
894
  const sections = [];
895
- sections.push(`šŸ” LUKS Volume Management: open`);
896
- sections.push("=".repeat(40));
895
+ sections.push(`LUKS Volume Management: open`);
896
+ sections.push("");
897
897
  if (dry_run ?? getConfig().dryRun) {
898
898
  sections.push(`\n[DRY RUN] Would open LUKS volume:`);
899
899
  sections.push(` Device: ${device}`);
@@ -902,7 +902,7 @@ export function registerEncryptionTools(server) {
902
902
  sections.push("\nNote: This operation requires a passphrase and cannot be run non-interactively without a key file.");
903
903
  }
904
904
  else {
905
- sections.push("āš ļø Interactive LUKS open requires a passphrase.");
905
+ sections.push("Interactive LUKS open requires a passphrase.");
906
906
  sections.push("Use a key file with: sudo cryptsetup luksOpen --key-file <keyfile> <device> <name>");
907
907
  logChange(createChangeEntry({
908
908
  tool: "crypto",
@@ -932,8 +932,8 @@ export function registerEncryptionTools(server) {
932
932
  }
933
933
  sanitizeArgs([name]);
934
934
  const sections = [];
935
- sections.push(`šŸ” LUKS Volume Management: close`);
936
- sections.push("=".repeat(40));
935
+ sections.push(`LUKS Volume Management: close`);
936
+ sections.push("");
937
937
  if (dry_run ?? getConfig().dryRun) {
938
938
  sections.push(`\n[DRY RUN] Would close LUKS volume: /dev/mapper/${name}`);
939
939
  sections.push(` Command: sudo cryptsetup luksClose ${name}`);
@@ -951,7 +951,7 @@ export function registerEncryptionTools(server) {
951
951
  isError: true,
952
952
  };
953
953
  }
954
- sections.push(`\nāœ… LUKS volume '${name}' closed successfully.`);
954
+ sections.push(`\nLUKS volume '${name}' closed successfully.`);
955
955
  logChange(createChangeEntry({
956
956
  tool: "crypto",
957
957
  action: "close",
@@ -972,15 +972,15 @@ export function registerEncryptionTools(server) {
972
972
  case "luks_list": {
973
973
  try {
974
974
  const sections = [];
975
- sections.push(`šŸ” LUKS Volume Management: list`);
976
- sections.push("=".repeat(40));
975
+ sections.push(`LUKS Volume Management: list`);
976
+ sections.push("");
977
977
  const mapperResult = await executeCommand({
978
978
  command: "ls",
979
979
  args: ["-la", "/dev/mapper/"],
980
980
  toolName: "crypto_luks_manage",
981
981
  timeout: getToolTimeout("crypto_luks_manage"),
982
982
  });
983
- sections.push("\nšŸ“ Device Mapper Entries:");
983
+ sections.push("\nDevice Mapper Entries:");
984
984
  sections.push(mapperResult.stdout || "No entries found");
985
985
  const lsblkResult = await executeCommand({
986
986
  command: "lsblk",
@@ -988,13 +988,13 @@ export function registerEncryptionTools(server) {
988
988
  toolName: "crypto_luks_manage",
989
989
  timeout: getToolTimeout("crypto_luks_manage"),
990
990
  });
991
- sections.push("\nšŸ’¾ Block Devices (with filesystem info):");
991
+ sections.push("\nBlock Devices (with filesystem info):");
992
992
  sections.push(lsblkResult.stdout || "No block devices found");
993
993
  const cryptoLines = (lsblkResult.stdout || "")
994
994
  .split("\n")
995
995
  .filter((l) => l.includes("crypto_LUKS") || l.includes("crypt"));
996
996
  if (cryptoLines.length > 0) {
997
- sections.push("\nšŸ” LUKS Encrypted Devices:");
997
+ sections.push("\nLUKS Encrypted Devices:");
998
998
  for (const line of cryptoLines) {
999
999
  sections.push(` ${line.trim()}`);
1000
1000
  }
@@ -1023,8 +1023,8 @@ export function registerEncryptionTools(server) {
1023
1023
  assertNoTraversal(path);
1024
1024
  const sections = [];
1025
1025
  const hashCmd = `${algorithm}sum`;
1026
- sections.push(`#ļøāƒ£ File Integrity Hash (${algorithm.toUpperCase()})`);
1027
- sections.push("=".repeat(40));
1026
+ sections.push(`File Integrity Hash (${algorithm.toUpperCase()})`);
1027
+ sections.push("");
1028
1028
  if (recursive) {
1029
1029
  const result = await executeCommand({
1030
1030
  command: "find",
@@ -1154,12 +1154,12 @@ export function registerEncryptionTools(server) {
1154
1154
  return { content: [formatToolOutput(output)] };
1155
1155
  }
1156
1156
  const sections = [];
1157
- sections.push("šŸ“œ Certificate Inventory");
1158
- sections.push("=".repeat(50));
1157
+ sections.push("Certificate Inventory");
1158
+ sections.push("");
1159
1159
  sections.push(`\nTotal certificates found: ${certDetails.length}`);
1160
- sections.push(` āœ… Valid: ${validCount}`);
1161
- sections.push(` āš ļø Expiring soon (< 30 days): ${expiringSoonCount}`);
1162
- sections.push(` ā›” Expired: ${expiredCount}`);
1160
+ sections.push(` Valid: ${validCount}`);
1161
+ sections.push(` WARNING: Expiring soon (< 30 days): ${expiringSoonCount}`);
1162
+ sections.push(` CRITICAL: Expired: ${expiredCount}`);
1163
1163
  if (expiredCount > 0) {
1164
1164
  sections.push("\nā”€ā”€ Expired Certificates ā”€ā”€");
1165
1165
  for (const cert of certDetails.filter((c) => c.status === "expired")) {
@@ -1197,9 +1197,9 @@ export function registerEncryptionTools(server) {
1197
1197
  return { content: [formatToolOutput(findings)] };
1198
1198
  }
1199
1199
  const sections = [];
1200
- sections.push("šŸ”„ Auto-Renewal Check");
1201
- sections.push("=".repeat(50));
1202
- sections.push("\nāš ļø Certbot is not installed.");
1200
+ sections.push("Auto-Renewal Check");
1201
+ sections.push("");
1202
+ sections.push("\nCertbot is not installed.");
1203
1203
  sections.push(" Install with: apt install certbot");
1204
1204
  return { content: [createTextContent(sections.join("\n"))] };
1205
1205
  }
@@ -1229,10 +1229,10 @@ export function registerEncryptionTools(server) {
1229
1229
  return { content: [formatToolOutput(findings)] };
1230
1230
  }
1231
1231
  const sections = [];
1232
- sections.push("šŸ”„ Auto-Renewal Check");
1233
- sections.push("=".repeat(50));
1232
+ sections.push("Auto-Renewal Check");
1233
+ sections.push("");
1234
1234
  sections.push(`\nCertbot: installed at ${certbotCheck.stdout.trim()}`);
1235
- sections.push(`Timer: ${timerActive ? "āœ… Active" : "āš ļø Not active"}`);
1235
+ sections.push(`Timer: ${timerActive ? "Active" : "WARNING: Not active"}`);
1236
1236
  sections.push("\nManaged Certificates:");
1237
1237
  sections.push(certsResult.stdout.trim() || " No certificates found");
1238
1238
  sections.push(`\nRenewal Configs (${renewalConfigs.length}):`);
@@ -1300,8 +1300,8 @@ export function registerEncryptionTools(server) {
1300
1300
  return { content: [formatToolOutput(findings)] };
1301
1301
  }
1302
1302
  const sections = [];
1303
- sections.push("šŸ›ļø CA Trust Store Audit");
1304
- sections.push("=".repeat(50));
1303
+ sections.push("CA Trust Store Audit");
1304
+ sections.push("");
1305
1305
  sections.push(`\nTrust store path: ${trustStorePath}`);
1306
1306
  sections.push(`Total trusted CAs: ${caFiles.length}`);
1307
1307
  sections.push(`Recently added (last 30 days): ${recentlyAdded.length}`);
@@ -1312,13 +1312,13 @@ export function registerEncryptionTools(server) {
1312
1312
  }
1313
1313
  }
1314
1314
  if (suspiciousFindings.length > 0) {
1315
- sections.push(`\nāš ļø Suspicious CAs Found (${suspiciousFindings.length}):`);
1315
+ sections.push(`\nWARNING: Suspicious CAs Found (${suspiciousFindings.length}):`);
1316
1316
  for (const ca of suspiciousFindings.slice(0, 20)) {
1317
1317
  sections.push(` ${ca}`);
1318
1318
  }
1319
1319
  }
1320
1320
  else {
1321
- sections.push("\nāœ… No suspicious CA names detected.");
1321
+ sections.push("\nNo suspicious CA names detected.");
1322
1322
  }
1323
1323
  return { content: [createTextContent(sections.join("\n"))] };
1324
1324
  }
@@ -1383,8 +1383,7 @@ export function registerEncryptionTools(server) {
1383
1383
  }
1384
1384
  return {
1385
1385
  content: [
1386
- createTextContent("šŸ” OCSP Check\n" + "=".repeat(50) +
1387
- "\n\nāš ļø Certificate does not contain an OCSP responder URI."),
1386
+ createTextContent("OCSP Check\n\nWARNING: Certificate does not contain an OCSP responder URI."),
1388
1387
  ],
1389
1388
  };
1390
1389
  }
@@ -1421,12 +1420,12 @@ export function registerEncryptionTools(server) {
1421
1420
  return { content: [formatToolOutput(findings)] };
1422
1421
  }
1423
1422
  const sections = [];
1424
- sections.push("šŸ” OCSP Check");
1425
- sections.push("=".repeat(50));
1423
+ sections.push("OCSP Check");
1424
+ sections.push("");
1426
1425
  sections.push(`\nOCSP Responder: ${ocspUri}`);
1427
1426
  sections.push(`Revocation Status: ${String(findings.revocationStatus)}`);
1428
1427
  if (findings.ocspStapling !== undefined) {
1429
- sections.push(`OCSP Stapling: ${findings.ocspStapling ? "āœ… Supported" : "āš ļø Not supported"}`);
1428
+ sections.push(`OCSP Stapling: ${findings.ocspStapling ? "Supported" : "WARNING: Not supported"}`);
1430
1429
  }
1431
1430
  if (findings.message) {
1432
1431
  sections.push(`\nNote: ${String(findings.message)}`);
@@ -1464,8 +1463,8 @@ export function registerEncryptionTools(server) {
1464
1463
  }
1465
1464
  return {
1466
1465
  content: [
1467
- createTextContent("šŸ” CT Log Monitor\n" + "=".repeat(50) +
1468
- `\n\nāš ļø Failed to query crt.sh for ${validDomain}.\n` +
1466
+ createTextContent("CT Log Monitor\n" +
1467
+ `\nWARNING: Failed to query crt.sh for ${validDomain}.\n` +
1469
1468
  `Error: ${crtshResult.stderr}`),
1470
1469
  ],
1471
1470
  };
@@ -1523,8 +1522,8 @@ export function registerEncryptionTools(server) {
1523
1522
  return { content: [formatToolOutput(findings)] };
1524
1523
  }
1525
1524
  const sections = [];
1526
- sections.push("šŸ” CT Log Monitor");
1527
- sections.push("=".repeat(50));
1525
+ sections.push("CT Log Monitor");
1526
+ sections.push("");
1528
1527
  sections.push(`\nDomain: ${validDomain}`);
1529
1528
  sections.push(`Total certificates in CT logs: ${ctEntries.length}`);
1530
1529
  sections.push(`Unique issuers: ${issuers.size}`);
@@ -1543,7 +1542,7 @@ export function registerEncryptionTools(server) {
1543
1542
  }
1544
1543
  }
1545
1544
  if (unexpectedFindings.length > 0) {
1546
- sections.push("\nāš ļø Findings:");
1545
+ sections.push("\nWARNING: Findings:");
1547
1546
  for (const finding of unexpectedFindings) {
1548
1547
  sections.push(` ${finding}`);
1549
1548
  }
package/build/tools/firewall.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"firewall.d.ts","sourceRoot":"","sources":["../../src/tools/firewall.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAkEpE,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAiiD7D"}
1
+ {"version":3,"file":"firewall.d.ts","sourceRoot":"","sources":["../../src/tools/firewall.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAgNpE,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA2tD7D"}