mcp-guardian 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Alexandria Eden
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,142 @@
1
+ # @cbrowser/mcp-guardian
2
+
3
+ MCP security scanner that detects prompt injection attacks in tool descriptions.
4
+
5
+ ## What It Detects
6
+
7
+ - **Cross-tool instructions** - Attempts to chain tool calls ("before using this tool", "first call", "you must execute")
8
+ - **Privilege escalation** - Attempts to override safety ("ignore previous instructions", "you are now", "bypass security")
9
+ - **Data exfiltration** - Attempts to send data externally (URLs, "send to", "upload to")
10
+ - **Stealth directives** - Hidden instructions in descriptions
11
+ - **Sensitive path access** - References to ~/.ssh, ~/.aws, credentials, etc.
12
+ - **Encoded content** - Base64, unicode escapes, hex encoding (potential obfuscation)
13
+
14
+ ## Installation
15
+
16
+ ```bash
17
+ npm install @cbrowser/mcp-guardian
18
+ ```
19
+
20
+ ## Usage
21
+
22
+ ### CLI - Scan MCP Config
23
+
24
+ ```bash
25
+ # Auto-detect Claude Desktop config
26
+ npx @cbrowser/mcp-guardian
27
+
28
+ # Explicit config path
29
+ npx @cbrowser/mcp-guardian /path/to/claude_desktop_config.json
30
+
31
+ # JSON output
32
+ npx @cbrowser/mcp-guardian --json
33
+ ```
34
+
35
+ ### CLI - Run as MCP Server
36
+
37
+ ```bash
38
+ npx @cbrowser/mcp-guardian --mcp
39
+ ```
40
+
41
+ ### Claude Desktop Integration
42
+
43
+ Add to your `claude_desktop_config.json`:
44
+
45
+ ```json
46
+ {
47
+ "mcpServers": {
48
+ "mcp-guardian": {
49
+ "command": "npx",
50
+ "args": ["-y", "@cbrowser/mcp-guardian", "--mcp"]
51
+ }
52
+ }
53
+ }
54
+ ```
55
+
56
+ ### Library Usage
57
+
58
+ ```typescript
59
+ import {
60
+ scanToolDescription,
61
+ scanToolDefinitions,
62
+ isDescriptionSafe,
63
+ verifyToolDefinitions,
64
+ } from "@cbrowser/mcp-guardian";
65
+
66
+ // Scan a single tool description
67
+ const result = scanToolDescription("my_tool", "Tool description here");
68
+ if (result.status === "critical") {
69
+ console.error("Potential injection:", result.issues);
70
+ }
71
+
72
+ // Quick safety check
73
+ if (!isDescriptionSafe("Before using this tool, first call...")) {
74
+ console.warn("Suspicious description detected");
75
+ }
76
+
77
+ // Scan multiple tools
78
+ const tools = [
79
+ { name: "tool1", description: "...", schema: {} },
80
+ { name: "tool2", description: "...", schema: {} },
81
+ ];
82
+ const serverResult = scanToolDefinitions(tools, "my-server");
83
+
84
+ // Tool pinning - detect changes
85
+ const pinResult = verifyToolDefinitions(tools);
86
+ if (pinResult.status === "changed") {
87
+ console.warn("Tool definitions changed:", pinResult.changedTools);
88
+ }
89
+ ```
90
+
91
+ ## Detection Patterns
92
+
93
+ ### Critical Severity (38 patterns)
94
+
95
+ | Category | Examples |
96
+ |----------|----------|
97
+ | Cross-tool instruction | "before using this tool", "first call", "then execute", "always call" |
98
+ | Privilege escalation | "ignore previous instructions", "override system", "you are now" |
99
+ | Exfiltration | URLs, "send to", "post to", "forward to", "upload to" |
100
+
101
+ ### Warning Severity (13 patterns)
102
+
103
+ | Category | Examples |
104
+ |----------|----------|
105
+ | Sensitive paths | ~/.ssh, ~/.aws, /etc/passwd, .env, api_key |
106
+ | Encoded content | Base64 strings, unicode escapes, hex encoding |
107
+
108
+ ## Tool Pinning
109
+
110
+ MCP Guardian includes tool definition pinning - SHA-256 hashing of tool definitions to detect tampering:
111
+
112
+ ```typescript
113
+ import { verifyToolDefinitions, approveAllTools } from "@cbrowser/mcp-guardian";
114
+
115
+ // Verify tools against stored baseline
116
+ const result = verifyToolDefinitions(tools);
117
+
118
+ // Status: "created" | "verified" | "changed" | "error"
119
+ if (result.status === "changed") {
120
+ console.log("Modified tools:", result.changedTools);
121
+ console.log("New tools:", result.newTools);
122
+ console.log("Removed tools:", result.removedTools);
123
+ }
124
+
125
+ // Re-approve all tools (after review)
126
+ approveAllTools(tools);
127
+ ```
128
+
129
+ Manifests are stored in `~/.mcp-guardian/tool-manifest.json`.
130
+
131
+ ## Research References
132
+
133
+ This tool is informed by MCP security research from:
134
+
135
+ - [Invariant Labs - MCP Security Research](https://invariantlabs.ai)
136
+ - [Microsoft - Prompt Injection Attacks](https://microsoft.com/security)
137
+ - [Palo Alto Unit 42 - AI Security](https://unit42.paloaltonetworks.com)
138
+ - [Simon Willison - Prompt Injection](https://simonwillison.net)
139
+
140
+ ## License
141
+
142
+ MIT
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * @cbrowser/mcp-guardian CLI
4
+ * Copyright 2026 Alexandria Eden
5
+ * MIT License
6
+ */
7
+ export {};
8
+ //# sourceMappingURL=mcp-guardian.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mcp-guardian.d.ts","sourceRoot":"","sources":["../../bin/mcp-guardian.ts"],"names":[],"mappings":";AACA;;;;GAIG"}
@@ -0,0 +1,222 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * @cbrowser/mcp-guardian CLI
4
+ * Copyright 2026 Alexandria Eden
5
+ * MIT License
6
+ */
7
+ import { existsSync } from "node:fs";
8
+ import { Server } from "@modelcontextprotocol/sdk/server/index.js";
9
+ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
10
+ import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
11
+ import { getDefaultConfigPath, getVersion, } from "../src/config.js";
12
+ import { securityAuditHandler, } from "../src/security-audit.js";
13
+ import { scanMcpConfig, scanMcpConfigSync, } from "../src/manifest.js";
14
+ import { getManifestSummary, } from "../src/tool-pinning.js";
15
+ const VERSION = getVersion();
16
+ /**
17
+ * Run as MCP server
18
+ */
19
+ async function runMcpServer() {
20
+ const server = new Server({
21
+ name: "mcp-guardian",
22
+ version: VERSION,
23
+ }, {
24
+ capabilities: {
25
+ tools: {},
26
+ },
27
+ });
28
+ // List tools
29
+ server.setRequestHandler(ListToolsRequestSchema, async () => ({
30
+ tools: [
31
+ {
32
+ name: "security_audit",
33
+ description: "Audit MCP tool definitions for potential prompt injection attacks. Scans tool descriptions for cross-tool instructions, privilege escalation attempts, and data exfiltration patterns.",
34
+ inputSchema: {
35
+ type: "object",
36
+ properties: {
37
+ config_path: {
38
+ type: "string",
39
+ description: "Path to claude_desktop_config.json. If not provided, scans the current server's tools.",
40
+ },
41
+ format: {
42
+ type: "string",
43
+ enum: ["json", "text"],
44
+ default: "json",
45
+ description: "Output format: json (structured) or text (human-readable)",
46
+ },
47
+ async_scan: {
48
+ type: "boolean",
49
+ default: false,
50
+ description: "If true, connects to MCP servers to scan their tools (slower).",
51
+ },
52
+ },
53
+ },
54
+ },
55
+ {
56
+ name: "tool_pin_check",
57
+ description: "Check if MCP tool definitions have changed since last verification. Uses SHA-256 hashes to detect tampering.",
58
+ inputSchema: {
59
+ type: "object",
60
+ properties: {},
61
+ },
62
+ },
63
+ ],
64
+ }));
65
+ // Handle tool calls
66
+ server.setRequestHandler(CallToolRequestSchema, async (request) => {
67
+ const { name, arguments: args } = request.params;
68
+ if (name === "security_audit") {
69
+ return await securityAuditHandler(args);
70
+ }
71
+ if (name === "tool_pin_check") {
72
+ const summary = getManifestSummary();
73
+ return {
74
+ content: [
75
+ {
76
+ type: "text",
77
+ text: JSON.stringify(summary, null, 2),
78
+ },
79
+ ],
80
+ };
81
+ }
82
+ return {
83
+ content: [
84
+ {
85
+ type: "text",
86
+ text: JSON.stringify({ error: `Unknown tool: ${name}` }),
87
+ },
88
+ ],
89
+ };
90
+ });
91
+ // Start server
92
+ const transport = new StdioServerTransport();
93
+ await server.connect(transport);
94
+ console.error(`[mcp-guardian] MCP server v${VERSION} running on stdio`);
95
+ }
96
+ /**
97
+ * Run CLI scan
98
+ */
99
+ async function runCliScan(configPath, options) {
100
+ const targetPath = configPath || getDefaultConfigPath();
101
+ if (!existsSync(targetPath)) {
102
+ console.error(`Config file not found: ${targetPath}`);
103
+ console.error(`\nDefault paths by platform:`);
104
+ console.error(` macOS: ~/Library/Application Support/Claude/claude_desktop_config.json`);
105
+ console.error(` Windows: %APPDATA%\\Claude\\claude_desktop_config.json`);
106
+ console.error(` Linux: ~/.config/Claude/claude_desktop_config.json`);
107
+ process.exit(1);
108
+ }
109
+ console.error(`[mcp-guardian] Scanning: ${targetPath}`);
110
+ let result;
111
+ if (options.async) {
112
+ result = await scanMcpConfig(targetPath);
113
+ }
114
+ else {
115
+ result = scanMcpConfigSync(targetPath);
116
+ console.error(`[mcp-guardian] Note: Use --async to actually query MCP servers`);
117
+ }
118
+ if (options.json) {
119
+ console.log(JSON.stringify(result, null, 2));
120
+ }
121
+ else {
122
+ // Human-readable output
123
+ console.log(`\n=== MCP Guardian Security Scan ===`);
124
+ console.log(`Config: ${targetPath}`);
125
+ console.log(`Servers: ${result.servers.length}`);
126
+ console.log(`\nServers found:`);
127
+ for (const server of result.servers) {
128
+ const icon = server.status === "critical" ? "🔴" :
129
+ server.status === "warning" ? "🟡" : "🟢";
130
+ console.log(` ${icon} ${server.serverName} (${server.toolCount} tools)`);
131
+ if (server.issues.length > 0) {
132
+ for (const tool of server.issues) {
133
+ console.log(` └─ ${tool.toolName}: ${tool.issues.length} issue(s)`);
134
+ }
135
+ }
136
+ }
137
+ console.log(`\nSummary:`);
138
+ console.log(` Total tools: ${result.summary.total}`);
139
+ console.log(` Clean: ${result.summary.clean}`);
140
+ console.log(` Warning: ${result.summary.warning}`);
141
+ console.log(` Critical: ${result.summary.critical}`);
142
+ }
143
+ }
144
+ /**
145
+ * Show help
146
+ */
147
+ function showHelp() {
148
+ console.log(`
149
+ @cbrowser/mcp-guardian v${VERSION}
150
+ MCP security scanner - detect prompt injection in tool descriptions
151
+
152
+ USAGE:
153
+ mcp-guardian [options] [config_path]
154
+
155
+ OPTIONS:
156
+ --mcp Run as MCP server (for Claude Desktop integration)
157
+ --json Output JSON instead of human-readable format
158
+ --async Actually connect to MCP servers to scan their tools
159
+ --version, -v Show version
160
+ --help, -h Show this help
161
+
162
+ EXAMPLES:
163
+ # Auto-detect Claude Desktop config
164
+ mcp-guardian
165
+
166
+ # Scan specific config file
167
+ mcp-guardian /path/to/claude_desktop_config.json
168
+
169
+ # Run as MCP server for Claude Desktop
170
+ mcp-guardian --mcp
171
+
172
+ # JSON output with async scanning
173
+ mcp-guardian --json --async
174
+
175
+ CLAUDE DESKTOP INTEGRATION:
176
+ Add to your claude_desktop_config.json:
177
+
178
+ {
179
+ "mcpServers": {
180
+ "mcp-guardian": {
181
+ "command": "npx",
182
+ "args": ["-y", "@cbrowser/mcp-guardian", "--mcp"]
183
+ }
184
+ }
185
+ }
186
+ `);
187
+ }
188
+ /**
189
+ * Main entry point
190
+ */
191
+ async function main() {
192
+ const args = process.argv.slice(2);
193
+ // Parse options
194
+ const options = {
195
+ mcp: args.includes("--mcp"),
196
+ json: args.includes("--json"),
197
+ async: args.includes("--async"),
198
+ help: args.includes("--help") || args.includes("-h"),
199
+ version: args.includes("--version") || args.includes("-v"),
200
+ };
201
+ // Filter out flags to get config path
202
+ const positionalArgs = args.filter(arg => !arg.startsWith("-"));
203
+ const configPath = positionalArgs[0] || null;
204
+ if (options.version) {
205
+ console.log(VERSION);
206
+ return;
207
+ }
208
+ if (options.help) {
209
+ showHelp();
210
+ return;
211
+ }
212
+ if (options.mcp) {
213
+ await runMcpServer();
214
+ return;
215
+ }
216
+ await runCliScan(configPath, options);
217
+ }
218
+ main().catch((error) => {
219
+ console.error("Fatal error:", error);
220
+ process.exit(1);
221
+ });
222
+ //# sourceMappingURL=mcp-guardian.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"mcp-guardian.js","sourceRoot":"","sources":["../../bin/mcp-guardian.ts"],"names":[],"mappings":";AACA;;;;GAIG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EACL,oBAAoB,EACpB,UAAU,GACX,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,oBAAoB,GAErB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,aAAa,EACb,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAGL,kBAAkB,GACnB,MAAM,wBAAwB,CAAC;AAEhC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;AAE7B;;GAEG;AACH,KAAK,UAAU,YAAY;IACzB,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,cAAc;QACpB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,aAAa;IACb,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EACT,wLAAwL;gBAC1L,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE;wBACV,WAAW,EAAE;4BACX,IAAI,EAAE,QAAQ;4BACd,WAAW,EACT,wFAAwF;yBAC3F;wBACD,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC;4BACtB,OAAO,EAAE,MAAM;4BACf,WAAW,EAAE,2DAA2D;yBACzE;wBACD,UAAU,EAAE;4BACV,IAAI,EAAE,SAAS;4BACf,OAAO,EAAE,KAAK;4BACd,WAAW,EAAE,gEAAgE;yBAC9E;qBACF;iBACF;aACF;YACD;gBACE,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EACT,8GAA8G;gBAChH,WAAW,EAAE;oBACX,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE,EAAE;iBACf;aACF;SACF;KACF,CAAC,CAAC,CAAC;IAEJ,oBAAoB;IACpB,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAEjD,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,OAAO,MAAM,oBAAoB,CAAC,IAAkD,CAAC,CAAC;QACxF,CAAC;QAED,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,kBAAkB,EAAE,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;qBACvC;iBACF;aACF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;iBACzD;aACF;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,eAAe;IACf,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAEhC,OAAO,CAAC,KAAK,CAAC,8BAA8B,OAAO,mBAAmB,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,UAAyB,EAAE,OAGpD;IACC,MAAM,UAAU,GAAG,UAAU,IAAI,oBAAoB,EAAE,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,0BAA0B,UAAU,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAC5F,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QAC1E,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;IAExD,IAAI,MAAM,CAAC;IACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACvC,OAAO,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;IAClF,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,wBAAwB;QACxB,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,WAAW,UAAU,EAAE,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAEhC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBACrC,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,IAAI,MAAM,CAAC,UAAU,KAAK,MAAM,CAAC,SAAS,SAAS,CAAC,CAAC;YAE1E,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,WAAW,CAAC,CAAC;gBAC1E,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACtD,OAAO,CAAC,GAAG,CAAC,YAAY,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ;IACf,OAAO,CAAC,GAAG,CAAC;0BACY,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqChC,CAAC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,gBAAgB;IAChB,MAAM,OAAO,GAAG;QACd,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAC3B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;QACpD,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;KAC3D,CAAC;IAEF,sCAAsC;IACtC,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAE7C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,QAAQ,EAAE,CAAC;QACX,OAAO;IACT,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,YAAY,EAAE,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACrC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
@@ -0,0 +1,19 @@
1
+ /**
2
+ * @cbrowser/mcp-guardian - Configuration
3
+ * Copyright 2026 Alexandria Eden
4
+ * MIT License
5
+ */
6
+ /**
7
+ * Get the data directory for mcp-guardian.
8
+ * Uses ~/.mcp-guardian/ by default.
9
+ */
10
+ export declare function getDataDir(): string;
11
+ /**
12
+ * Get the package version from package.json
13
+ */
14
+ export declare function getVersion(): string;
15
+ /**
16
+ * Get the default Claude Desktop config path based on platform.
17
+ */
18
+ export declare function getDefaultConfigPath(): string;
19
+ //# sourceMappingURL=config.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH;;;GAGG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAEnC;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,MAAM,CAmBnC;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAa7C"}
@@ -0,0 +1,59 @@
1
+ /**
2
+ * @cbrowser/mcp-guardian - Configuration
3
+ * Copyright 2026 Alexandria Eden
4
+ * MIT License
5
+ */
6
+ import { homedir } from "node:os";
7
+ import { join } from "node:path";
8
+ import { readFileSync } from "node:fs";
9
+ import { fileURLToPath } from "node:url";
10
+ import { dirname } from "node:path";
11
+ /**
12
+ * Get the data directory for mcp-guardian.
13
+ * Uses ~/.mcp-guardian/ by default.
14
+ */
15
+ export function getDataDir() {
16
+ return process.env.MCP_GUARDIAN_DATA_DIR || join(homedir(), ".mcp-guardian");
17
+ }
18
+ /**
19
+ * Get the package version from package.json
20
+ */
21
+ export function getVersion() {
22
+ try {
23
+ const __filename = fileURLToPath(import.meta.url);
24
+ const __dirname = dirname(__filename);
25
+ const pkgPath = join(__dirname, "..", "package.json");
26
+ const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
27
+ return pkg.version || "1.0.0";
28
+ }
29
+ catch {
30
+ // Fallback for dist directory
31
+ try {
32
+ const __filename = fileURLToPath(import.meta.url);
33
+ const __dirname = dirname(__filename);
34
+ const pkgPath = join(__dirname, "..", "..", "package.json");
35
+ const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
36
+ return pkg.version || "1.0.0";
37
+ }
38
+ catch {
39
+ return "1.0.0";
40
+ }
41
+ }
42
+ }
43
+ /**
44
+ * Get the default Claude Desktop config path based on platform.
45
+ */
46
+ export function getDefaultConfigPath() {
47
+ const platform = process.platform;
48
+ const home = homedir();
49
+ switch (platform) {
50
+ case "darwin":
51
+ return join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json");
52
+ case "win32":
53
+ return join(process.env.APPDATA || join(home, "AppData", "Roaming"), "Claude", "claude_desktop_config.json");
54
+ default:
55
+ // Linux and others
56
+ return join(home, ".config", "Claude", "claude_desktop_config.json");
57
+ }
58
+ }
59
+ //# sourceMappingURL=config.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC;;;GAGG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;AAC/E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACvD,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;QAC9B,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;YAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YACvD,OAAO,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,OAAO,CAAC;QACjB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;QAC9F,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;QAC/G;YACE,mBAAmB;YACnB,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,4BAA4B,CAAC,CAAC;IACzE,CAAC;AACH,CAAC"}
@@ -0,0 +1,14 @@
1
+ /**
2
+ * @cbrowser/mcp-guardian
3
+ * MCP Security Scanner - detect prompt injection in tool descriptions
4
+ *
5
+ * Copyright 2026 Alexandria Eden
6
+ * MIT License
7
+ */
8
+ export type { ScanSeverity, ScanIssue, ToolScanResult, ServerScanResult, ScanSummary, ToolDefinition, ToolPinEntry, ToolManifest, PinningResult, McpServerConfig, McpConfig, DetectionPattern, } from "./types.js";
9
+ export { getDataDir, getVersion, getDefaultConfigPath, } from "./config.js";
10
+ export { CRITICAL_PATTERNS, WARNING_PATTERNS, ALL_PATTERNS, scanToolDescription, scanToolDefinitions, formatScanReport, isDescriptionSafe, } from "./patterns.js";
11
+ export { getManifestPath, hashToolDefinition, createToolManifest, loadToolManifest, saveToolManifest, verifyToolDefinitions, approveToolChange, removeToolFromManifest, approveAllTools, getManifestSummary, } from "./tool-pinning.js";
12
+ export { parseConfig, extractToolsFromServer, scanMcpConfig, scanMcpConfigSync, } from "./manifest.js";
13
+ export { SecurityAuditSchema, securityAuditHandler, type SecurityAuditParams, } from "./security-audit.js";
14
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,YAAY,EACZ,SAAS,EACT,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,cAAc,EACd,YAAY,EACZ,YAAY,EACZ,aAAa,EACb,eAAe,EACf,SAAS,EACT,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,UAAU,EACV,UAAU,EACV,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,WAAW,EACX,sBAAsB,EACtB,aAAa,EACb,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,EACpB,KAAK,mBAAmB,GACzB,MAAM,qBAAqB,CAAC"}
@@ -0,0 +1,18 @@
1
+ /**
2
+ * @cbrowser/mcp-guardian
3
+ * MCP Security Scanner - detect prompt injection in tool descriptions
4
+ *
5
+ * Copyright 2026 Alexandria Eden
6
+ * MIT License
7
+ */
8
+ // Config
9
+ export { getDataDir, getVersion, getDefaultConfigPath, } from "./config.js";
10
+ // Pattern scanning
11
+ export { CRITICAL_PATTERNS, WARNING_PATTERNS, ALL_PATTERNS, scanToolDescription, scanToolDefinitions, formatScanReport, isDescriptionSafe, } from "./patterns.js";
12
+ // Tool pinning
13
+ export { getManifestPath, hashToolDefinition, createToolManifest, loadToolManifest, saveToolManifest, verifyToolDefinitions, approveToolChange, removeToolFromManifest, approveAllTools, getManifestSummary, } from "./tool-pinning.js";
14
+ // MCP config scanning
15
+ export { parseConfig, extractToolsFromServer, scanMcpConfig, scanMcpConfigSync, } from "./manifest.js";
16
+ // Security audit handler
17
+ export { SecurityAuditSchema, securityAuditHandler, } from "./security-audit.js";
18
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkBH,SAAS;AACT,OAAO,EACL,UAAU,EACV,UAAU,EACV,oBAAoB,GACrB,MAAM,aAAa,CAAC;AAErB,mBAAmB;AACnB,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,YAAY,EACZ,mBAAmB,EACnB,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAEvB,eAAe;AACf,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,EACf,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAE3B,sBAAsB;AACtB,OAAO,EACL,WAAW,EACX,sBAAsB,EACtB,aAAa,EACb,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAEvB,yBAAyB;AACzB,OAAO,EACL,mBAAmB,EACnB,oBAAoB,GAErB,MAAM,qBAAqB,CAAC"}
@@ -0,0 +1,44 @@
1
+ /**
2
+ * @cbrowser/mcp-guardian - MCP Config Manifest Parsing
3
+ * Copyright 2026 Alexandria Eden
4
+ * MIT License
5
+ */
6
+ import type { McpConfig, McpServerConfig, ToolDefinition, ScanSummary } from "./types.js";
7
+ /**
8
+ * Parse an MCP configuration file.
9
+ *
10
+ * @param configPath - Path to claude_desktop_config.json
11
+ * @returns Parsed config or null if invalid
12
+ */
13
+ export declare function parseConfig(configPath: string): McpConfig | null;
14
+ /**
15
+ * Extract tool definitions from a running MCP server via stdio.
16
+ *
17
+ * @param serverConfig - Server configuration with command and args
18
+ * @param serverName - Name of the server for logging
19
+ * @param timeout - Connection timeout in ms (default: 10000)
20
+ * @returns Array of tool definitions or null on error
21
+ */
22
+ export declare function extractToolsFromServer(serverConfig: McpServerConfig, serverName: string, timeout?: number): Promise<ToolDefinition[] | null>;
23
+ /**
24
+ * Scan all MCP servers defined in a config file.
25
+ *
26
+ * @param configPath - Path to claude_desktop_config.json
27
+ * @param options - Scan options
28
+ * @returns Scan summary with results for each server
29
+ */
30
+ export declare function scanMcpConfig(configPath: string, options?: {
31
+ /** Timeout per server in ms (default: 10000) */
32
+ timeout?: number;
33
+ /** Skip servers that fail to connect (default: true) */
34
+ skipFailures?: boolean;
35
+ }): Promise<ScanSummary>;
36
+ /**
37
+ * Synchronous version that only parses config structure.
38
+ * Does NOT query servers - use scanMcpConfig for full scanning.
39
+ *
40
+ * @param configPath - Path to claude_desktop_config.json
41
+ * @returns Summary with server names but no tool data
42
+ */
43
+ export declare function scanMcpConfigSync(configPath: string): ScanSummary;
44
+ //# sourceMappingURL=manifest.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"manifest.d.ts","sourceRoot":"","sources":["../../src/manifest.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH,OAAO,KAAK,EACV,SAAS,EACT,eAAe,EACf,cAAc,EACd,WAAW,EAEZ,MAAM,YAAY,CAAC;AAGpB;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAWhE;AAED;;;;;;;GAOG;AACH,wBAAsB,sBAAsB,CAC1C,YAAY,EAAE,eAAe,EAC7B,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,MAAc,GACtB,OAAO,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,CA4DlC;AAED;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE;IACP,gDAAgD;IAChD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wDAAwD;IACxD,YAAY,CAAC,EAAE,OAAO,CAAC;CACnB,GACL,OAAO,CAAC,WAAW,CAAC,CA+DtB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,WAAW,CA0BjE"}