hackmyagent 0.7.2 → 0.8.1

package/dist/hardening/llm-checks.js

@@ -0,0 +1,434 @@
+"use strict";
+/**
+ * Local LLM server detection and security checks.
+ * Detects running LLM inference servers (Ollama, LM Studio, vLLM, LocalAI,
+ * text-generation-webui) and checks for insecure defaults: no auth, bound to
+ * 0.0.0.0, no TLS, permissive CORS, unsafe model formats, secrets in configs.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkLocalLLMServers = checkLocalLLMServers;
+exports.checkLLMConfigs = checkLLMConfigs;
+const node_child_process_1 = require("node:child_process");
+const fs = __importStar(require("fs/promises"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const shell_checks_1 = require("./shell-checks");
+const LLM_SERVERS = [
+    {
+        name: 'Ollama',
+        port: 11434,
+        processNames: ['ollama'],
+        probePath: '/api/tags',
+        configDirs: ['.ollama'],
+    },
+    {
+        name: 'LM Studio',
+        port: 1234,
+        processNames: ['lms'],
+        probePath: '/v1/models',
+        configDirs: ['.lmstudio'],
+    },
+    {
+        name: 'vLLM',
+        port: 8000,
+        processNames: ['vllm'],
+        probePath: '/v1/models',
+        configDirs: [],
+    },
+    {
+        name: 'LocalAI',
+        port: 8080,
+        processNames: ['local-ai'],
+        probePath: '/v1/models',
+        configDirs: ['.local-ai'],
+    },
+    {
+        name: 'text-generation-webui',
+        port: 7860,
+        processNames: ['text-generation'],
+        probePath: '/',
+        configDirs: [],
+    },
+];
+// Unsafe model file extensions that allow arbitrary code execution
+const UNSAFE_MODEL_EXTENSIONS = ['.pkl', '.pickle', '.bin'];
+// Model directories to scan (relative to home)
+const MODEL_DIRS = [
+    '.ollama/models',
+    '.lmstudio/models',
+    '.local-ai/models',
+    '.cache/huggingface/hub',
+];
+const FETCH_TIMEOUT_MS = 2000;
+// --- Helpers ---
+/**
+ * Attempt to fetch a URL with a timeout. Returns the Response or null on failure.
+ */
+async function probeFetch(url) {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+    try {
+        const resp = await fetch(url, { signal: controller.signal });
+        return resp;
+    }
+    catch {
+        return null;
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+/**
+ * Get process listing. Returns raw ps output or empty string on failure.
+ */
+function getProcessList() {
+    try {
+        return (0, node_child_process_1.execFileSync)('ps', ['aux'], { encoding: 'utf-8', timeout: 5000 });
+    }
+    catch {
+        return '';
+    }
+}
+/**
+ * Check if a process is listening on 0.0.0.0 by inspecting process args or env vars.
+ */
+function isListeningOnAllInterfaces(serverName, processLine) {
+    // Check env var for Ollama
+    if (serverName === 'Ollama') {
+        const ollamaHost = process.env['OLLAMA_HOST'] || '';
+        if (ollamaHost.startsWith('0.0.0.0') || ollamaHost === ':11434') {
+            return true;
+        }
+    }
+    // Check process args for --host 0.0.0.0 or --bind 0.0.0.0
+    if (processLine) {
+        if (/--host\s+0\.0\.0\.0/.test(processLine) || /--bind\s+0\.0\.0\.0/.test(processLine)) {
+            return true;
+        }
+        if (/--listen\s+0\.0\.0\.0/.test(processLine)) {
+            return true;
+        }
+    }
+    return false;
+}
+// --- Main check functions ---
+/**
+ * Detect running local LLM servers and check for security issues.
+ * Returns findings for LLM-001 through LLM-006.
+ */
+async function checkLocalLLMServers() {
+    const findings = [];
+    // Get process list once for all servers
+    const psOutput = getProcessList();
+    for (const server of LLM_SERVERS) {
+        // Find process line for this server (if running)
+        const processLine = psOutput
+            .split('\n')
+            .find(line => server.processNames.some(pn => line.includes(pn)));
+        // Probe the server's default port
+        const resp = await probeFetch(`http://127.0.0.1:${server.port}${server.probePath}`);
+        // Require a meaningful response on the probe path to confirm via port (avoids false
+        // positives from unrelated servers on shared ports like 8080). Accept 200 OK or
+        // 401/403 (auth-protected LLM server). Process match alone is enough.
+        const confirmedViaPort = resp !== null && (resp.ok || resp.status === 401 || resp.status === 403);
+        const isRunning = confirmedViaPort || processLine !== undefined;
+        if (!isRunning)
+            continue;
+        // LLM-001: Server detected (informational)
+        findings.push({
+            checkId: 'LLM-001',
+            name: `Local LLM server detected: ${server.name}`,
+            description: `${server.name} is running on port ${server.port}. Local LLM servers can expose model access to the network if misconfigured.`,
+            category: 'llm-server',
+            severity: 'medium',
+            passed: false,
+            message: `${server.name} detected on port ${server.port}`,
+            fixable: false,
+            file: `localhost:${server.port}`,
+            fix: `Review ${server.name} configuration. Ensure it is bound to 127.0.0.1 and requires authentication.`,
+            details: {
+                server: server.name,
+                port: server.port,
+                detectedVia: resp !== null ? 'port-probe' : 'process-list',
+            },
+        });
+        // Only run deeper checks if we got a confirmed HTTP response
+        if (!confirmedViaPort)
+            continue;
+        // LLM-002: No authentication
+        const authHeader = resp.headers.get('www-authenticate');
+        const hasAuthChallenge = resp.status === 401 || resp.status === 403 || authHeader !== null;
+        if (!hasAuthChallenge) {
+            findings.push({
+                checkId: 'LLM-002',
+                name: `No authentication on ${server.name}`,
+                description: `${server.name} API responds without requiring authentication. Anyone with network access can use your models, consume resources, or extract data.`,
+                category: 'llm-server',
+                severity: 'high',
+                passed: false,
+                message: `${server.name} on port ${server.port} has no authentication`,
+                fixable: false,
+                file: `localhost:${server.port}`,
+                fix: `Enable authentication for ${server.name}. Consult the server documentation for auth configuration.`,
+                details: { server: server.name, port: server.port, httpStatus: resp.status },
+            });
+        }
+        // LLM-003: Bound to 0.0.0.0
+        if (isListeningOnAllInterfaces(server.name, processLine)) {
+            findings.push({
+                checkId: 'LLM-003',
+                name: `${server.name} bound to all interfaces`,
+                description: `${server.name} is listening on 0.0.0.0, making it accessible from any network interface. This exposes your LLM server to other devices on the network.`,
+                category: 'llm-server',
+                severity: 'critical',
+                passed: false,
+                message: `${server.name} is bound to 0.0.0.0 (all interfaces)`,
+                fixable: false,
+                file: `localhost:${server.port}`,
+                fix: `Bind ${server.name} to 127.0.0.1 only. For Ollama: set OLLAMA_HOST=127.0.0.1:11434`,
+                details: { server: server.name, port: server.port, bindAddress: '0.0.0.0' },
+            });
+        }
+        // LLM-004: No TLS (we probed via HTTP, so if it responded, it's not using TLS)
+        findings.push({
+            checkId: 'LLM-004',
+            name: `${server.name} using plain HTTP`,
+            description: `${server.name} is serving over HTTP without TLS. API requests (including any auth tokens) are transmitted in cleartext.`,
+            category: 'llm-server',
+            severity: 'high',
+            passed: false,
+            message: `${server.name} on port ${server.port} uses HTTP (no TLS)`,
+            fixable: false,
+            file: `localhost:${server.port}`,
+            fix: `Configure TLS for ${server.name} or place it behind a TLS-terminating reverse proxy.`,
+            details: { server: server.name, port: server.port, protocol: 'http' },
+        });
+        // LLM-005: Permissive CORS (Ollama-specific + generic CORS header check)
+        let hasCorsIssue = false;
+        if (server.name === 'Ollama') {
+            const origins = process.env['OLLAMA_ORIGINS'] || '';
+            if (origins === '*' || origins.includes('*')) {
+                hasCorsIssue = true;
+            }
+        }
+        // Also check CORS headers from the response
+        const corsHeader = resp.headers.get('access-control-allow-origin');
+        if (corsHeader === '*') {
+            hasCorsIssue = true;
+        }
+        if (hasCorsIssue) {
+            findings.push({
+                checkId: 'LLM-005',
+                name: `Permissive CORS on ${server.name}`,
+                description: `${server.name} allows requests from any origin (CORS: *). A malicious website visited in your browser could interact with your local LLM server.`,
+                category: 'llm-server',
+                severity: 'medium',
+                passed: false,
+                message: `${server.name} has permissive CORS (Access-Control-Allow-Origin: *)`,
+                fixable: false,
+                file: `localhost:${server.port}`,
+                fix: server.name === 'Ollama'
+                    ? 'Set OLLAMA_ORIGINS to specific allowed origins instead of *.'
+                    : `Restrict CORS origins in ${server.name} configuration.`,
+                details: { server: server.name, port: server.port, corsOrigin: corsHeader || 'env:*' },
+            });
+        }
+        // LLM-006: Unrestricted model access
+        // If the models endpoint returned a list, check if there's any access restriction
+        if (resp.ok) {
+            try {
+                const body = await resp.text();
+                // Only report if we see multiple models or no restriction indicator
+                const parsed = JSON.parse(body);
+                const modelCount = Array.isArray(parsed.models) ? parsed.models.length
+                    : Array.isArray(parsed.data) ? parsed.data.length
+                        : 0;
+                if (modelCount > 0) {
+                    findings.push({
+                        checkId: 'LLM-006',
+                        name: `Unrestricted model access on ${server.name}`,
+                        description: `${server.name} exposes ${modelCount} model(s) without access restrictions. Any client can list and use all available models.`,
+                        category: 'llm-server',
+                        severity: 'medium',
+                        passed: false,
+                        message: `${server.name} exposes ${modelCount} model(s) without restrictions`,
+                        fixable: false,
+                        file: `localhost:${server.port}`,
+                        fix: `Configure a model allow-list in ${server.name} to restrict which models can be accessed.`,
+                        details: { server: server.name, port: server.port, modelCount },
+                    });
+                }
+            }
+            catch {
+                // Could not parse response body, skip LLM-006
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Scan local LLM config directories for secrets and unsafe model files.
+ * Returns findings for LLM-007 and LLM-008.
+ */
+async function checkLLMConfigs() {
+    const findings = [];
+    const homeDir = os.homedir();
+    // LLM-007: Unsafe model formats (pickle files)
+    for (const modelDir of MODEL_DIRS) {
+        const fullPath = path.join(homeDir, modelDir);
+        try {
+            await scanForUnsafeModels(fullPath, findings);
+        }
+        catch {
+            // Directory doesn't exist or not readable, skip
+        }
+    }
+    // LLM-008: Secrets in Modelfile/config
+    for (const server of LLM_SERVERS) {
+        for (const configDir of server.configDirs) {
+            const fullPath = path.join(homeDir, configDir);
+            try {
+                await scanForSecretsInConfigs(fullPath, server.name, findings);
+            }
+            catch {
+                // Directory doesn't exist or not readable, skip
+            }
+        }
+    }
+    return findings;
+}
+/**
+ * Recursively scan a directory for unsafe model files (.pkl, .pickle, .bin).
+ * Limited to 2 levels of depth to avoid excessive scanning.
+ */
+async function scanForUnsafeModels(dir, findings, depth = 0) {
+    if (depth > 2)
+        return;
+    let entries;
+    try {
+        entries = await fs.readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    for (const entry of entries) {
+        const fullPath = path.join(dir, entry.name);
+        if (entry.isDirectory() && depth < 2) {
+            await scanForUnsafeModels(fullPath, findings, depth + 1);
+        }
+        else if (entry.isFile()) {
+            const ext = path.extname(entry.name).toLowerCase();
+            if (UNSAFE_MODEL_EXTENSIONS.includes(ext)) {
+                const relPath = fullPath.replace(os.homedir(), '~');
+                findings.push({
+                    checkId: 'LLM-007',
+                    name: 'Unsafe model format detected',
+                    description: `Found ${ext} model file. Pickle-based model formats can execute arbitrary code when loaded. Use GGUF, SafeTensors, or ONNX formats instead.`,
+                    category: 'llm-server',
+                    severity: 'high',
+                    passed: false,
+                    message: `Unsafe model file: ${relPath}`,
+                    fixable: false,
+                    file: relPath,
+                    fix: 'Convert model to a safe format (GGUF, SafeTensors, ONNX) or verify model provenance.',
+                    details: { extension: ext, path: relPath },
+                });
+            }
+        }
+    }
+}
+/**
+ * Scan config directory for files containing secrets (API keys, tokens).
+ */
+async function scanForSecretsInConfigs(dir, serverName, findings) {
+    let entries;
+    try {
+        entries = await fs.readdir(dir, { withFileTypes: true });
+    }
+    catch {
+        return;
+    }
+    // Files to scan: Modelfile, *.yaml, *.yml, *.json, *.toml, *.conf, *.cfg
+    const configExtensions = ['.yaml', '.yml', '.json', '.toml', '.conf', '.cfg'];
+    const configFileNames = ['Modelfile', 'modelfile'];
+    for (const entry of entries) {
+        if (!entry.isFile())
+            continue;
+        const ext = path.extname(entry.name).toLowerCase();
+        const isConfig = configExtensions.includes(ext) || configFileNames.includes(entry.name);
+        if (!isConfig)
+            continue;
+        const fullPath = path.join(dir, entry.name);
+        let content;
+        try {
+            content = await fs.readFile(fullPath, 'utf-8');
+        }
+        catch {
+            continue;
+        }
+        // Check each line for credential patterns
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            if (!line || line.length > 10000)
+                continue;
+            // Skip comment lines
+            if (/^\s*[#;]/.test(line))
+                continue;
+            for (const { name, pattern } of shell_checks_1.SHELL_CREDENTIAL_PATTERNS) {
+                if (pattern.test(line)) {
+                    const relPath = fullPath.replace(os.homedir(), '~');
+                    findings.push({
+                        checkId: 'LLM-008',
+                        name: `Secret in ${serverName} config`,
+                        description: `Found ${name} in ${entry.name}. Credentials embedded in LLM server configuration files can be extracted by anyone with filesystem access.`,
+                        category: 'llm-server',
+                        severity: 'critical',
+                        passed: false,
+                        message: `${relPath}:${i + 1} contains ${name}`,
+                        fixable: false,
+                        file: relPath,
+                        line: i + 1,
+                        fix: `Remove the credential from ${entry.name} and use an environment variable instead.`,
+                        details: { server: serverName, credentialType: name, configFile: entry.name },
+                    });
+                    break; // One finding per line
+                }
+            }
+        }
+    }
+}
+//# sourceMappingURL=llm-checks.js.map

package/dist/hardening/llm-checks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"llm-checks.js","sourceRoot":"","sources":["../../src/hardening/llm-checks.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAqIH,oDA8JC;AAMD,0CA2BC;AAlUD,2DAAkD;AAClD,gDAAkC;AAClC,2CAA6B;AAC7B,uCAAyB;AAEzB,iDAA2D;AAY3D,MAAM,WAAW,GAAoB;IACnC;QACE,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,KAAK;QACX,YAAY,EAAE,CAAC,QAAQ,CAAC;QACxB,SAAS,EAAE,WAAW;QACtB,UAAU,EAAE,CAAC,SAAS,CAAC;KACxB;IACD;QACE,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,IAAI;QACV,YAAY,EAAE,CAAC,KAAK,CAAC;QACrB,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,CAAC,WAAW,CAAC;KAC1B;IACD;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,IAAI;QACV,YAAY,EAAE,CAAC,MAAM,CAAC;QACtB,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,EAAE;KACf;IACD;QACE,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,IAAI;QACV,YAAY,EAAE,CAAC,UAAU,CAAC;QAC1B,SAAS,EAAE,YAAY;QACvB,UAAU,EAAE,CAAC,WAAW,CAAC;KAC1B;IACD;QACE,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,IAAI;QACV,YAAY,EAAE,CAAC,iBAAiB,CAAC;QACjC,SAAS,EAAE,GAAG;QACd,UAAU,EAAE,EAAE;KACf;CACF,CAAC;AAEF,mEAAmE;AACnE,MAAM,uBAAuB,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;AAE5D,+CAA+C;AAC/C,MAAM,UAAU,GAAG;IACjB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,wBAAwB;CACzB,CAAC;AAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAE9B,kBAAkB;AAElB;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,GAAW;IACnC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,gBAAgB,CAAC,CAAC;IACrE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc;IACrB,IAAI,CAAC;QACH,OAAO,IAAA,iCAAY,EAAC,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,UAAkB,EAClB,WAA+B;IAE/B,2BAA2B;IAC3B,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC;QACpD,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,qBAAqB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACvF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,uBAAuB,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+BAA+B;AAE/B;;;GAGG;AACI,KAAK,UAAU,oBAAoB;IACxC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IAEvC,wCAAwC;IACxC,MAAM,QAAQ,GAAG,cAAc,EAAE,CAAC;IAElC,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,iDAAiD;QACjD,MAAM,WAAW,GAAG,QAAQ;aACzB,KAAK,CAAC,IAAI,CAAC;aACX,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAEnE,kCAAkC;QAClC,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,oBAAoB,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QAEpF,oFAAoF;QACpF,gFAAgF;QAChF,sEAAsE;QACtE,MAAM,gBAAgB,GAAG,IAAI,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC;QAClG,MAAM,SAAS,GAAG,gBAAgB,IAAI,WAAW,KAAK,SAAS,CAAC;QAChE,IAAI,CAAC,SAAS;YAAE,SAAS;QAEzB,2CAA2C;QAC3C,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,SAAS;YAClB,IAAI,EAAE,8BAA8B,MAAM,CAAC,IAAI,EAAE;YACjD,WAAW,EAAE,GAAG,MAAM,CAAC,IAAI,uBAAuB,MAAM,CAAC,IAAI,8EAA8E;YAC3I,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,QAAoB;YAC9B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,qBAAqB,MAAM,CAAC,IAAI,EAAE;YACzD,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,aAAa,MAAM,CAAC,IAAI,EAAE;YAChC,GAAG,EAAE,UAAU,MAAM,CAAC,IAAI,8EAA8E;YACxG,OAAO,EAAE;gBACP,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,WAAW,EAAE,IAAI,KAAK,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,cAAc;aAC3D;SACF,CAAC,CAAC;QAEH,6DAA6D;QAC7D,IAAI,CAAC,gBAAgB;YAAE,SAAS;QAEhC,6BAA6B;QAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACxD,MAAM,gBAAgB,GAAG,IAAI,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,IAAI,UAAU,KAAK,IAAI,CAAC;QAC3F,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,IAAI,EAAE,wBAAwB,MAAM,CAAC,IAAI,EAAE;gBAC3C,WAAW,EAAE,GAAG,MAAM,CAAC,IAAI,qIAAqI;gBAChK,QAAQ,EAAE,YAAY;gBACtB,QAAQ,EAAE,MAAkB;gBAC5B,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,IAAI,wBAAwB;gBACtE,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,aAAa,MAAM,CAAC,IAAI,EAAE;gBAChC,GAAG,EAAE,6BAA6B,MAAM,CAAC,IAAI,4DAA4D;gBACzG,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE;aAC7E,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,IAAI,0BAA0B,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,CAAC;YACzD,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,IAAI,EAAE,GAAG,MAAM,CAAC,IAAI,0BAA0B;gBAC9C,WAAW,EAAE,GAAG,MAAM,CAAC,IAAI,0IAA0I;gBACrK,QAAQ,EAAE,YAAY;gBACtB,QAAQ,EAAE,UAAsB;gBAChC,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,uCAAuC;gBAC9D,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,aAAa,MAAM,CAAC,IAAI,EAAE;gBAChC,GAAG,EAAE,QAAQ,MAAM,CAAC,IAAI,iEAAiE;gBACzF,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE;aAC5E,CAAC,CAAC;QACL,CAAC;QAED,+EAA+E;QAC/E,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,SAAS;YAClB,IAAI,EAAE,GAAG,MAAM,CAAC,IAAI,mBAAmB;YACvC,WAAW,EAAE,GAAG,MAAM,CAAC,IAAI,2GAA2G;YACtI,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,MAAkB;YAC5B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,IAAI,qBAAqB;YACnE,OAAO,EAAE,KAAK;YACd,IAAI,EAAE,aAAa,MAAM,CAAC,IAAI,EAAE;YAChC,GAAG,EAAE,qBAAqB,MAAM,CAAC,IAAI,sDAAsD;YAC3F,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE;SACtE,CAAC,CAAC;QAEH,yEAAyE;QACzE,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YACpD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7C,YAAY,GAAG,IAAI,CAAC;YACtB,CAAC;QACH,CAAC;QACD,4CAA4C;QAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;QACnE,IAAI,UAAU,KAAK,GAAG,EAAE,CAAC;YACvB,YAAY,GAAG,IAAI,CAAC;QACtB,CAAC;QACD,IAAI,YAAY,EAAE,CAAC;YACjB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,SAAS;gBAClB,IAAI,EAAE,sBAAsB,MAAM,CAAC,IAAI,EAAE;gBACzC,WAAW,EAAE,GAAG,MAAM,CAAC,IAAI,oIAAoI;gBAC/J,QAAQ,EAAE,YAAY;gBACtB,QAAQ,EAAE,QAAoB;gBAC9B,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,uDAAuD;gBAC9E,OAAO,EAAE,KAAK;gBACd,IAAI,EAAE,aAAa,MAAM,CAAC,IAAI,EAAE;gBAChC,GAAG,EAAE,MAAM,CAAC,IAAI,KAAK,QAAQ;oBAC3B,CAAC,CAAC,8DAA8D;oBAChE,CAAC,CAAC,4BAA4B,MAAM,CAAC,IAAI,iBAAiB;gBAC5D,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,IAAI,OAAO,EAAE;aACvF,CAAC,CAAC;QACL,CAAC;QAED,qCAAqC;QACrC,kFAAkF;QAClF,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/B,oEAAoE;gBACpE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM;oBACpE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM;wBACjD,CAAC,CAAC,CAAC,CAAC;gBACN,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;oBACnB,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,SAAS;wBAClB,IAAI,EAAE,gCAAgC,MAAM,CAAC,IAAI,EAAE;wBACnD,WAAW,EAAE,GAAG,MAAM,CAAC,IAAI,YAAY,UAAU,0FAA0F;wBAC3I,QAAQ,EAAE,YAAY;wBACtB,QAAQ,EAAE,QAAoB;wBAC9B,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,GAAG,MAAM,CAAC,IAAI,YAAY,UAAU,gCAAgC;wBAC7E,OAAO,EAAE,KAAK;wBACd,IAAI,EAAE,aAAa,MAAM,CAAC,IAAI,EAAE;wBAChC,GAAG,EAAE,mCAAmC,MAAM,CAAC,IAAI,4CAA4C;wBAC/F,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,EAAE;qBAChE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,8CAA8C;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,eAAe;IACnC,MAAM,QAAQ,GAAsB,EAAE,CAAC;IACvC,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAE7B,+CAA+C;IAC/C,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;QAClD,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,MAAM,uBAAuB,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACjE,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;YAClD,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB,CAChC,GAAW,EACX,QAA2B,EAC3B,QAAgB,CAAC;IAEjB,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO;IAEtB,IAAI,OAA8B,CAAC;IACnC,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QAC3D,CAAC;aAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACnD,IAAI,uBAAuB,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBACpD,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,SAAS;oBAClB,IAAI,EAAE,8BAA8B;oBACpC,WAAW,EAAE,SAAS,GAAG,iIAAiI;oBAC1J,QAAQ,EAAE,YAAY;oBACtB,QAAQ,EAAE,MAAkB;oBAC5B,MAAM,EAAE,KAAK;oBACb,OAAO,EAAE,sBAAsB,OAAO,EAAE;oBACxC,OAAO,EAAE,KAAK;oBACd,IAAI,EAAE,OAAO;oBACb,GAAG,EAAE,sFAAsF;oBAC3F,OAAO,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE;iBAC3C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,GAAW,EACX,UAAkB,EAClB,QAA2B;IAE3B,IAAI,OAA8B,CAAC;IACnC,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;IACT,CAAC;IAED,yEAAyE;IACzE,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9E,MAAM,eAAe,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IAEnD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE;YAAE,SAAS;QAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxF,IAAI,CAAC,QAAQ;YAAE,SAAS;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,0CAA0C;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,KAAM;gBAAE,SAAS;YAC5C,qBAAqB;YACrB,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,SAAS;YAEpC,KAAK,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,wCAAyB,EAAE,CAAC;gBAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;oBACpD,QAAQ,CAAC,IAAI,CAAC;wBACZ,OAAO,EAAE,SAAS;wBAClB,IAAI,EAAE,aAAa,UAAU,SAAS;wBACtC,WAAW,EAAE,SAAS,IAAI,OAAO,KAAK,CAAC,IAAI,6GAA6G;wBACxJ,QAAQ,EAAE,YAAY;wBACtB,QAAQ,EAAE,UAAsB;wBAChC,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,GAAG,OAAO,IAAI,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE;wBAC/C,OAAO,EAAE,KAAK;wBACd,IAAI,EAAE,OAAO;wBACb,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,GAAG,EAAE,8BAA8B,KAAK,CAAC,IAAI,2CAA2C;wBACxF,OAAO,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,CAAC,IAAI,EAAE;qBAC9E,CAAC,CAAC;oBACH,MAAM,CAAC,uBAAuB;gBAChC,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/hardening/mcp-tool-enum.d.ts

@@ -0,0 +1,45 @@
+/**
+ * MCP Tool Enumeration (MCPTOOL-001 to MCPTOOL-005)
+ *
+ * Connects to configured MCP servers, discovers their tools via JSON-RPC,
+ * and classifies dangerous capabilities. Only runs with --deep or --live-mcp flag.
+ */
+import type { SecurityFinding } from './security-check';
+export interface McpServerConfig {
+    command: string;
+    args?: string[];
+    env?: Record<string, string>;
+    url?: string;
+}
+export interface McpToolInfo {
+    name: string;
+    description?: string;
+    inputSchema?: Record<string, unknown>;
+}
+export interface McpServerResult {
+    serverName: string;
+    configPath: string;
+    tools: McpToolInfo[];
+    error?: string;
+}
+/**
+ * Discover MCP server configurations from known config file locations.
+ */
+export declare function discoverMcpConfigs(targetDir: string): Promise<Map<string, {
+    config: McpServerConfig;
+    configPath: string;
+}>>;
+/**
+ * Connect to a stdio MCP server and enumerate its tools.
+ */
+export declare function enumerateStdioTools(serverName: string, config: McpServerConfig): Promise<McpServerResult>;
+/**
+ * Classify tool capabilities and generate security findings.
+ */
+export declare function classifyTools(serverName: string, configPath: string, tools: McpToolInfo[]): SecurityFinding[];
+/**
+ * Run full MCP tool enumeration scan.
+ * Discovers MCP configs, connects to each server, enumerates tools, classifies dangers.
+ */
+export declare function checkMcpToolEnumeration(targetDir: string, onProgress?: (message: string) => void): Promise<SecurityFinding[]>;
+//# sourceMappingURL=mcp-tool-enum.d.ts.map

package/dist/hardening/mcp-tool-enum.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-tool-enum.d.ts","sourceRoot":"","sources":["../../src/hardening/mcp-tool-enum.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EAAE,eAAe,EAAY,MAAM,kBAAkB,CAAC;AAElE,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA8BD;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE;IAAE,MAAM,EAAE,eAAe,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAsCvE;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,eAAe,GACtB,OAAO,CAAC,eAAe,CAAC,CAiG1B;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,WAAW,EAAE,GACnB,eAAe,EAAE,CAwFnB;AAED;;;GAGG;AACH,wBAAsB,uBAAuB,CAC3C,SAAS,EAAE,MAAM,EACjB,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,GACrC,OAAO,CAAC,eAAe,EAAE,CAAC,CA8B5B"}