mcp-guardian 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Alexandria Eden
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,142 @@
+# @cbrowser/mcp-guardian
+
+MCP security scanner that detects prompt injection attacks in tool descriptions.
+
+## What It Detects
+
+- **Cross-tool instructions** - Attempts to chain tool calls ("before using this tool", "first call", "you must execute")
+- **Privilege escalation** - Attempts to override safety ("ignore previous instructions", "you are now", "bypass security")
+- **Data exfiltration** - Attempts to send data externally (URLs, "send to", "upload to")
+- **Stealth directives** - Hidden instructions in descriptions
+- **Sensitive path access** - References to ~/.ssh, ~/.aws, credentials, etc.
+- **Encoded content** - Base64, unicode escapes, hex encoding (potential obfuscation)
+
+## Installation
+
+```bash
+npm install @cbrowser/mcp-guardian
+```
+
+## Usage
+
+### CLI - Scan MCP Config
+
+```bash
+# Auto-detect Claude Desktop config
+npx @cbrowser/mcp-guardian
+
+# Explicit config path
+npx @cbrowser/mcp-guardian /path/to/claude_desktop_config.json
+
+# JSON output
+npx @cbrowser/mcp-guardian --json
+```
+
+### CLI - Run as MCP Server
+
+```bash
+npx @cbrowser/mcp-guardian --mcp
+```
+
+### Claude Desktop Integration
+
+Add to your `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "mcp-guardian": {
+      "command": "npx",
+      "args": ["-y", "@cbrowser/mcp-guardian", "--mcp"]
+    }
+  }
+}
+```
+
+### Library Usage
+
+```typescript
+import {
+  scanToolDescription,
+  scanToolDefinitions,
+  isDescriptionSafe,
+  verifyToolDefinitions,
+} from "@cbrowser/mcp-guardian";
+
+// Scan a single tool description
+const result = scanToolDescription("my_tool", "Tool description here");
+if (result.status === "critical") {
+  console.error("Potential injection:", result.issues);
+}
+
+// Quick safety check
+if (!isDescriptionSafe("Before using this tool, first call...")) {
+  console.warn("Suspicious description detected");
+}
+
+// Scan multiple tools
+const tools = [
+  { name: "tool1", description: "...", schema: {} },
+  { name: "tool2", description: "...", schema: {} },
+];
+const serverResult = scanToolDefinitions(tools, "my-server");
+
+// Tool pinning - detect changes
+const pinResult = verifyToolDefinitions(tools);
+if (pinResult.status === "changed") {
+  console.warn("Tool definitions changed:", pinResult.changedTools);
+}
+```
+
+## Detection Patterns
+
+### Critical Severity (38 patterns)
+
+| Category | Examples |
+|----------|----------|
+| Cross-tool instruction | "before using this tool", "first call", "then execute", "always call" |
+| Privilege escalation | "ignore previous instructions", "override system", "you are now" |
+| Exfiltration | URLs, "send to", "post to", "forward to", "upload to" |
+
+### Warning Severity (13 patterns)
+
+| Category | Examples |
+|----------|----------|
+| Sensitive paths | ~/.ssh, ~/.aws, /etc/passwd, .env, api_key |
+| Encoded content | Base64 strings, unicode escapes, hex encoding |
+
+## Tool Pinning
+
+MCP Guardian includes tool definition pinning - SHA-256 hashing of tool definitions to detect tampering:
+
+```typescript
+import { verifyToolDefinitions, approveAllTools } from "@cbrowser/mcp-guardian";
+
+// Verify tools against stored baseline
+const result = verifyToolDefinitions(tools);
+
+// Status: "created" | "verified" | "changed" | "error"
+if (result.status === "changed") {
+  console.log("Modified tools:", result.changedTools);
+  console.log("New tools:", result.newTools);
+  console.log("Removed tools:", result.removedTools);
+}
+
+// Re-approve all tools (after review)
+approveAllTools(tools);
+```
+
+Manifests are stored in `~/.mcp-guardian/tool-manifest.json`.
+
+## Research References
+
+This tool is informed by MCP security research from:
+
+- [Invariant Labs - MCP Security Research](https://invariantlabs.ai)
+- [Microsoft - Prompt Injection Attacks](https://microsoft.com/security)
+- [Palo Alto Unit 42 - AI Security](https://unit42.paloaltonetworks.com)
+- [Simon Willison - Prompt Injection](https://simonwillison.net)
+
+## License
+
+MIT

package/dist/bin/mcp-guardian.d.ts

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+/**
+ * @cbrowser/mcp-guardian CLI
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+export {};
+//# sourceMappingURL=mcp-guardian.d.ts.map

package/dist/bin/mcp-guardian.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-guardian.d.ts","sourceRoot":"","sources":["../../bin/mcp-guardian.ts"],"names":[],"mappings":";AACA;;;;GAIG"}

package/dist/bin/mcp-guardian.js

@@ -0,0 +1,222 @@
+#!/usr/bin/env node
+/**
+ * @cbrowser/mcp-guardian CLI
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+import { existsSync } from "node:fs";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { getDefaultConfigPath, getVersion, } from "../src/config.js";
+import { securityAuditHandler, } from "../src/security-audit.js";
+import { scanMcpConfig, scanMcpConfigSync, } from "../src/manifest.js";
+import { getManifestSummary, } from "../src/tool-pinning.js";
+const VERSION = getVersion();
+/**
+ * Run as MCP server
+ */
+async function runMcpServer() {
+    const server = new Server({
+        name: "mcp-guardian",
+        version: VERSION,
+    }, {
+        capabilities: {
+            tools: {},
+        },
+    });
+    // List tools
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: [
+            {
+                name: "security_audit",
+                description: "Audit MCP tool definitions for potential prompt injection attacks. Scans tool descriptions for cross-tool instructions, privilege escalation attempts, and data exfiltration patterns.",
+                inputSchema: {
+                    type: "object",
+                    properties: {
+                        config_path: {
+                            type: "string",
+                            description: "Path to claude_desktop_config.json. If not provided, scans the current server's tools.",
+                        },
+                        format: {
+                            type: "string",
+                            enum: ["json", "text"],
+                            default: "json",
+                            description: "Output format: json (structured) or text (human-readable)",
+                        },
+                        async_scan: {
+                            type: "boolean",
+                            default: false,
+                            description: "If true, connects to MCP servers to scan their tools (slower).",
+                        },
+                    },
+                },
+            },
+            {
+                name: "tool_pin_check",
+                description: "Check if MCP tool definitions have changed since last verification. Uses SHA-256 hashes to detect tampering.",
+                inputSchema: {
+                    type: "object",
+                    properties: {},
+                },
+            },
+        ],
+    }));
+    // Handle tool calls
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        if (name === "security_audit") {
+            return await securityAuditHandler(args);
+        }
+        if (name === "tool_pin_check") {
+            const summary = getManifestSummary();
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify(summary, null, 2),
+                    },
+                ],
+            };
+        }
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({ error: `Unknown tool: ${name}` }),
+                },
+            ],
+        };
+    });
+    // Start server
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    console.error(`[mcp-guardian] MCP server v${VERSION} running on stdio`);
+}
+/**
+ * Run CLI scan
+ */
+async function runCliScan(configPath, options) {
+    const targetPath = configPath || getDefaultConfigPath();
+    if (!existsSync(targetPath)) {
+        console.error(`Config file not found: ${targetPath}`);
+        console.error(`\nDefault paths by platform:`);
+        console.error(`  macOS:   ~/Library/Application Support/Claude/claude_desktop_config.json`);
+        console.error(`  Windows: %APPDATA%\\Claude\\claude_desktop_config.json`);
+        console.error(`  Linux:   ~/.config/Claude/claude_desktop_config.json`);
+        process.exit(1);
+    }
+    console.error(`[mcp-guardian] Scanning: ${targetPath}`);
+    let result;
+    if (options.async) {
+        result = await scanMcpConfig(targetPath);
+    }
+    else {
+        result = scanMcpConfigSync(targetPath);
+        console.error(`[mcp-guardian] Note: Use --async to actually query MCP servers`);
+    }
+    if (options.json) {
+        console.log(JSON.stringify(result, null, 2));
+    }
+    else {
+        // Human-readable output
+        console.log(`\n=== MCP Guardian Security Scan ===`);
+        console.log(`Config: ${targetPath}`);
+        console.log(`Servers: ${result.servers.length}`);
+        console.log(`\nServers found:`);
+        for (const server of result.servers) {
+            const icon = server.status === "critical" ? "🔴" :
+                server.status === "warning" ? "🟡" : "🟢";
+            console.log(`  ${icon} ${server.serverName} (${server.toolCount} tools)`);
+            if (server.issues.length > 0) {
+                for (const tool of server.issues) {
+                    console.log(`     └─ ${tool.toolName}: ${tool.issues.length} issue(s)`);
+                }
+            }
+        }
+        console.log(`\nSummary:`);
+        console.log(`  Total tools: ${result.summary.total}`);
+        console.log(`  Clean: ${result.summary.clean}`);
+        console.log(`  Warning: ${result.summary.warning}`);
+        console.log(`  Critical: ${result.summary.critical}`);
+    }
+}
+/**
+ * Show help
+ */
+function showHelp() {
+    console.log(`
+@cbrowser/mcp-guardian v${VERSION}
+MCP security scanner - detect prompt injection in tool descriptions
+
+USAGE:
+  mcp-guardian [options] [config_path]
+
+OPTIONS:
+  --mcp           Run as MCP server (for Claude Desktop integration)
+  --json          Output JSON instead of human-readable format
+  --async         Actually connect to MCP servers to scan their tools
+  --version, -v   Show version
+  --help, -h      Show this help
+
+EXAMPLES:
+  # Auto-detect Claude Desktop config
+  mcp-guardian
+
+  # Scan specific config file
+  mcp-guardian /path/to/claude_desktop_config.json
+
+  # Run as MCP server for Claude Desktop
+  mcp-guardian --mcp
+
+  # JSON output with async scanning
+  mcp-guardian --json --async
+
+CLAUDE DESKTOP INTEGRATION:
+  Add to your claude_desktop_config.json:
+
+  {
+    "mcpServers": {
+      "mcp-guardian": {
+        "command": "npx",
+        "args": ["-y", "@cbrowser/mcp-guardian", "--mcp"]
+      }
+    }
+  }
+`);
+}
+/**
+ * Main entry point
+ */
+async function main() {
+    const args = process.argv.slice(2);
+    // Parse options
+    const options = {
+        mcp: args.includes("--mcp"),
+        json: args.includes("--json"),
+        async: args.includes("--async"),
+        help: args.includes("--help") || args.includes("-h"),
+        version: args.includes("--version") || args.includes("-v"),
+    };
+    // Filter out flags to get config path
+    const positionalArgs = args.filter(arg => !arg.startsWith("-"));
+    const configPath = positionalArgs[0] || null;
+    if (options.version) {
+        console.log(VERSION);
+        return;
+    }
+    if (options.help) {
+        showHelp();
+        return;
+    }
+    if (options.mcp) {
+        await runMcpServer();
+        return;
+    }
+    await runCliScan(configPath, options);
+}
+main().catch((error) => {
+    console.error("Fatal error:", error);
+    process.exit(1);
+});
+//# sourceMappingURL=mcp-guardian.js.map

package/dist/bin/mcp-guardian.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-guardian.js","sourceRoot":"","sources":["../../bin/mcp-guardian.ts"],"names":[],"mappings":";AACA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EACL,oBAAoB,EACpB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,oBAAoB,GAErB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,aAAa,EACb,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAGL,kBAAkB,GACnB,MAAM,wBAAwB,CAAC;AAEhC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;AAE7B;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,aAAa;IACb,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EACT,wLAAwL;gBAC1L,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,WAAW,EAAE;4BACX,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,wFAAwF;yBAC3F;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;4BACtB,OAAO,EAAE,MAAM;4BACf,WAAW,EAAE,2DAA2D;yBACzE;wBACD,UAAU,EAAE;4BACV,IAAI,EAAE,SAAS;4BACf,OAAO,EAAE,KAAK;4BACd,WAAW,EAAE,gEAAgE;yBAC9E;qBACF;iBACF;aACF;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EACT,8GAA8G;gBAChH,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE,EAAE;iBACf;aACF;SACF;KACF,CAAC,CAAC,CAAC;IAEJ,oBAAoB;IACpB,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,OAAO,MAAM,oBAAoB,CAAC,IAAkD,CAAC,CAAC;QACxF,CAAC;QAED,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;qBACvC;iBACF;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;iBACzD;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,eAAe;IACf,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,OAAO,CAAC,KAAK,CAAC,8BAA8B,OAAO,mBAAmB,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,UAAyB,EAAE,OAGpD;IACC,MAAM,UAAU,GAAG,UAAU,IAAI,oBAAoB,EAAE,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC1E,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;IAExD,IAAI,MAAM,CAAC;IACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,wBAAwB;QACxB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,WAAW,UAAU,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAEhC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACrC,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,UAAU,KAAK,MAAM,CAAC,SAAS,SAAS,CAAC,CAAC;YAE1E,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ;IACf,OAAO,CAAC,GAAG,CAAC;0BACY,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqChC,CAAC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,gBAAgB;IAChB,MAAM,OAAO,GAAG;QACd,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAC3B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACpD,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;KAC3D,CAAC;IAEF,sCAAsC;IACtC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAE7C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,QAAQ,EAAE,CAAC;QACX,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,YAAY,EAAE,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/src/config.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @cbrowser/mcp-guardian - Configuration
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+/**
+ * Get the data directory for mcp-guardian.
+ * Uses ~/.mcp-guardian/ by default.
+ */
+export declare function getDataDir(): string;
+/**
+ * Get the package version from package.json
+ */
+export declare function getVersion(): string;
+/**
+ * Get the default Claude Desktop config path based on platform.
+ */
+export declare function getDefaultConfigPath(): string;
+//# sourceMappingURL=config.d.ts.map

package/dist/src/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH;;;GAGG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAmBnC;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAa7C"}

package/dist/src/config.js

@@ -0,0 +1,59 @@
+/**
+ * @cbrowser/mcp-guardian - Configuration
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname } from "node:path";
+/**
+ * Get the data directory for mcp-guardian.
+ * Uses ~/.mcp-guardian/ by default.
+ */
+export function getDataDir() {
+    return process.env.MCP_GUARDIAN_DATA_DIR || join(homedir(), ".mcp-guardian");
+}
+/**
+ * Get the package version from package.json
+ */
+export function getVersion() {
+    try {
+        const __filename = fileURLToPath(import.meta.url);
+        const __dirname = dirname(__filename);
+        const pkgPath = join(__dirname, "..", "package.json");
+        const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+        return pkg.version || "1.0.0";
+    }
+    catch {
+        // Fallback for dist directory
+        try {
+            const __filename = fileURLToPath(import.meta.url);
+            const __dirname = dirname(__filename);
+            const pkgPath = join(__dirname, "..", "..", "package.json");
+            const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+            return pkg.version || "1.0.0";
+        }
+        catch {
+            return "1.0.0";
+        }
+    }
+}
+/**
+ * Get the default Claude Desktop config path based on platform.
+ */
+export function getDefaultConfigPath() {
+    const platform = process.platform;
+    const home = homedir();
+    switch (platform) {
+        case "darwin":
+            return join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json");
+        case "win32":
+            return join(process.env.APPDATA || join(home, "AppData", "Roaming"), "Claude", "claude_desktop_config.json");
+        default:
+            // Linux and others
+            return join(home, ".config", "Claude", "claude_desktop_config.json");
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/src/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC;;;GAGG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;AAC/E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACvD,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;QAC9B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;QAC9F,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;QAC/G;YACE,mBAAmB;YACnB,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;IACzE,CAAC;AACH,CAAC"}

package/dist/src/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * @cbrowser/mcp-guardian
+ * MCP Security Scanner - detect prompt injection in tool descriptions
+ *
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+export type { ScanSeverity, ScanIssue, ToolScanResult, ServerScanResult, ScanSummary, ToolDefinition, ToolPinEntry, ToolManifest, PinningResult, McpServerConfig, McpConfig, DetectionPattern, } from "./types.js";
+export { getDataDir, getVersion, getDefaultConfigPath, } from "./config.js";
+export { CRITICAL_PATTERNS, WARNING_PATTERNS, ALL_PATTERNS, scanToolDescription, scanToolDefinitions, formatScanReport, isDescriptionSafe, } from "./patterns.js";
+export { getManifestPath, hashToolDefinition, createToolManifest, loadToolManifest, saveToolManifest, verifyToolDefinitions, approveToolChange, removeToolFromManifest, approveAllTools, getManifestSummary, } from "./tool-pinning.js";
+export { parseConfig, extractToolsFromServer, scanMcpConfig, scanMcpConfigSync, } from "./manifest.js";
+export { SecurityAuditSchema, securityAuditHandler, type SecurityAuditParams, } from "./security-audit.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,YAAY,EACZ,SAAS,EACT,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,cAAc,EACd,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,eAAe,EACf,SAAS,EACT,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,UAAU,EACV,UAAU,EACV,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,WAAW,EACX,sBAAsB,EACtB,aAAa,EACb,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,18 @@
+/**
+ * @cbrowser/mcp-guardian
+ * MCP Security Scanner - detect prompt injection in tool descriptions
+ *
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+// Config
+export { getDataDir, getVersion, getDefaultConfigPath, } from "./config.js";
+// Pattern scanning
+export { CRITICAL_PATTERNS, WARNING_PATTERNS, ALL_PATTERNS, scanToolDescription, scanToolDefinitions, formatScanReport, isDescriptionSafe, } from "./patterns.js";
+// Tool pinning
+export { getManifestPath, hashToolDefinition, createToolManifest, loadToolManifest, saveToolManifest, verifyToolDefinitions, approveToolChange, removeToolFromManifest, approveAllTools, getManifestSummary, } from "./tool-pinning.js";
+// MCP config scanning
+export { parseConfig, extractToolsFromServer, scanMcpConfig, scanMcpConfigSync, } from "./manifest.js";
+// Security audit handler
+export { SecurityAuditSchema, securityAuditHandler, } from "./security-audit.js";
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkBH,SAAS;AACT,OAAO,EACL,UAAU,EACV,UAAU,EACV,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,mBAAmB;AACnB,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAEvB,eAAe;AACf,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAE3B,sBAAsB;AACtB,OAAO,EACL,WAAW,EACX,sBAAsB,EACtB,aAAa,EACb,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAEvB,yBAAyB;AACzB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,GAErB,MAAM,qBAAqB,CAAC"}

package/dist/src/manifest.d.ts

@@ -0,0 +1,44 @@
+/**
+ * @cbrowser/mcp-guardian - MCP Config Manifest Parsing
+ * Copyright 2026 Alexandria Eden
+ * MIT License
+ */
+import type { McpConfig, McpServerConfig, ToolDefinition, ScanSummary } from "./types.js";
+/**
+ * Parse an MCP configuration file.
+ *
+ * @param configPath - Path to claude_desktop_config.json
+ * @returns Parsed config or null if invalid
+ */
+export declare function parseConfig(configPath: string): McpConfig | null;
+/**
+ * Extract tool definitions from a running MCP server via stdio.
+ *
+ * @param serverConfig - Server configuration with command and args
+ * @param serverName - Name of the server for logging
+ * @param timeout - Connection timeout in ms (default: 10000)
+ * @returns Array of tool definitions or null on error
+ */
+export declare function extractToolsFromServer(serverConfig: McpServerConfig, serverName: string, timeout?: number): Promise<ToolDefinition[] | null>;
+/**
+ * Scan all MCP servers defined in a config file.
+ *
+ * @param configPath - Path to claude_desktop_config.json
+ * @param options - Scan options
+ * @returns Scan summary with results for each server
+ */
+export declare function scanMcpConfig(configPath: string, options?: {
+    /** Timeout per server in ms (default: 10000) */
+    timeout?: number;
+    /** Skip servers that fail to connect (default: true) */
+    skipFailures?: boolean;
+}): Promise<ScanSummary>;
+/**
+ * Synchronous version that only parses config structure.
+ * Does NOT query servers - use scanMcpConfig for full scanning.
+ *
+ * @param configPath - Path to claude_desktop_config.json
+ * @returns Summary with server names but no tool data
+ */
+export declare function scanMcpConfigSync(configPath: string): ScanSummary;
+//# sourceMappingURL=manifest.d.ts.map

package/dist/src/manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest.d.ts","sourceRoot":"","sources":["../../src/manifest.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,KAAK,EACV,SAAS,EACT,eAAe,EACf,cAAc,EACd,WAAW,EAEZ,MAAM,YAAY,CAAC;AAGpB;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAWhE;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CAC1C,YAAY,EAAE,eAAe,EAC7B,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,MAAc,GACtB,OAAO,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,CA4DlC;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE;IACP,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wDAAwD;IACxD,YAAY,CAAC,EAAE,OAAO,CAAC;CACnB,GACL,OAAO,CAAC,WAAW,CAAC,CA+DtB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,CA0BjE"}