npm - mcp-rubber-duck - Versions diffs - 1.8.0 → 1.9.0 - Mend

mcp-rubber-duck 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/CHANGELOG.md +8 -0
package/README.md +158 -1
package/audit-ci.json +2 -1
package/dist/config/config.d.ts +2 -0
package/dist/config/config.d.ts.map +1 -1
package/dist/config/config.js +144 -1
package/dist/config/config.js.map +1 -1
package/dist/config/types.d.ts +1084 -2
package/dist/config/types.d.ts.map +1 -1
package/dist/config/types.js +59 -0
package/dist/config/types.js.map +1 -1
package/dist/guardrails/context.d.ts +10 -0
package/dist/guardrails/context.d.ts.map +1 -0
package/dist/guardrails/context.js +35 -0
package/dist/guardrails/context.js.map +1 -0
package/dist/guardrails/errors.d.ts +26 -0
package/dist/guardrails/errors.d.ts.map +1 -0
package/dist/guardrails/errors.js +42 -0
package/dist/guardrails/errors.js.map +1 -0
package/dist/guardrails/index.d.ts +6 -0
package/dist/guardrails/index.d.ts.map +1 -0
package/dist/guardrails/index.js +11 -0
package/dist/guardrails/index.js.map +1 -0
package/dist/guardrails/plugins/base-plugin.d.ts +35 -0
package/dist/guardrails/plugins/base-plugin.d.ts.map +1 -0
package/dist/guardrails/plugins/base-plugin.js +70 -0
package/dist/guardrails/plugins/base-plugin.js.map +1 -0
package/dist/guardrails/plugins/index.d.ts +6 -0
package/dist/guardrails/plugins/index.d.ts.map +1 -0
package/dist/guardrails/plugins/index.js +6 -0
package/dist/guardrails/plugins/index.js.map +1 -0
package/dist/guardrails/plugins/pattern-blocker.d.ts +27 -0
package/dist/guardrails/plugins/pattern-blocker.d.ts.map +1 -0
package/dist/guardrails/plugins/pattern-blocker.js +140 -0
package/dist/guardrails/plugins/pattern-blocker.js.map +1 -0
package/dist/guardrails/plugins/pii-redactor/detectors.d.ts +40 -0
package/dist/guardrails/plugins/pii-redactor/detectors.d.ts.map +1 -0
package/dist/guardrails/plugins/pii-redactor/detectors.js +134 -0
package/dist/guardrails/plugins/pii-redactor/detectors.js.map +1 -0
package/dist/guardrails/plugins/pii-redactor/index.d.ts +28 -0
package/dist/guardrails/plugins/pii-redactor/index.d.ts.map +1 -0
package/dist/guardrails/plugins/pii-redactor/index.js +157 -0
package/dist/guardrails/plugins/pii-redactor/index.js.map +1 -0
package/dist/guardrails/plugins/pii-redactor/pseudonymizer.d.ts +33 -0
package/dist/guardrails/plugins/pii-redactor/pseudonymizer.d.ts.map +1 -0
package/dist/guardrails/plugins/pii-redactor/pseudonymizer.js +70 -0
package/dist/guardrails/plugins/pii-redactor/pseudonymizer.js.map +1 -0
package/dist/guardrails/plugins/rate-limiter.d.ts +28 -0
package/dist/guardrails/plugins/rate-limiter.d.ts.map +1 -0
package/dist/guardrails/plugins/rate-limiter.js +91 -0
package/dist/guardrails/plugins/rate-limiter.js.map +1 -0
package/dist/guardrails/plugins/token-limiter.d.ts +30 -0
package/dist/guardrails/plugins/token-limiter.d.ts.map +1 -0
package/dist/guardrails/plugins/token-limiter.js +98 -0
package/dist/guardrails/plugins/token-limiter.js.map +1 -0
package/dist/guardrails/service.d.ts +38 -0
package/dist/guardrails/service.d.ts.map +1 -0
package/dist/guardrails/service.js +183 -0
package/dist/guardrails/service.js.map +1 -0
package/dist/guardrails/types.d.ts +96 -0
package/dist/guardrails/types.d.ts.map +1 -0
package/dist/guardrails/types.js +2 -0
package/dist/guardrails/types.js.map +1 -0
package/dist/providers/duck-provider-enhanced.d.ts +2 -1
package/dist/providers/duck-provider-enhanced.d.ts.map +1 -1
package/dist/providers/duck-provider-enhanced.js +55 -6
package/dist/providers/duck-provider-enhanced.js.map +1 -1
package/dist/providers/enhanced-manager.d.ts +2 -1
package/dist/providers/enhanced-manager.d.ts.map +1 -1
package/dist/providers/enhanced-manager.js +3 -3
package/dist/providers/enhanced-manager.js.map +1 -1
package/dist/providers/manager.d.ts +3 -1
package/dist/providers/manager.d.ts.map +1 -1
package/dist/providers/manager.js +4 -2
package/dist/providers/manager.js.map +1 -1
package/dist/providers/provider.d.ts +3 -1
package/dist/providers/provider.d.ts.map +1 -1
package/dist/providers/provider.js +43 -3
package/dist/providers/provider.js.map +1 -1
package/dist/server.d.ts +1 -0
package/dist/server.d.ts.map +1 -1
package/dist/server.js +28 -6
package/dist/server.js.map +1 -1
package/dist/services/function-bridge.d.ts +3 -1
package/dist/services/function-bridge.d.ts.map +1 -1
package/dist/services/function-bridge.js +40 -1
package/dist/services/function-bridge.js.map +1 -1
package/package.json +1 -1
package/src/config/config.ts +187 -1
package/src/config/types.ts +73 -0
package/src/guardrails/context.ts +37 -0
package/src/guardrails/errors.ts +46 -0
package/src/guardrails/index.ts +20 -0
package/src/guardrails/plugins/base-plugin.ts +103 -0
package/src/guardrails/plugins/index.ts +5 -0
package/src/guardrails/plugins/pattern-blocker.ts +190 -0
package/src/guardrails/plugins/pii-redactor/detectors.ts +200 -0
package/src/guardrails/plugins/pii-redactor/index.ts +203 -0
package/src/guardrails/plugins/pii-redactor/pseudonymizer.ts +91 -0
package/src/guardrails/plugins/rate-limiter.ts +142 -0
package/src/guardrails/plugins/token-limiter.ts +155 -0
package/src/guardrails/service.ts +209 -0
package/src/guardrails/types.ts +120 -0
package/src/providers/duck-provider-enhanced.ts +76 -7
package/src/providers/enhanced-manager.ts +5 -3
package/src/providers/manager.ts +6 -3
package/src/providers/provider.ts +57 -6
package/src/server.ts +32 -6
package/src/services/function-bridge.ts +53 -2
package/tests/guardrails/config.test.ts +267 -0
package/tests/guardrails/errors.test.ts +109 -0
package/tests/guardrails/plugins/pattern-blocker.test.ts +309 -0
package/tests/guardrails/plugins/pii-redactor.test.ts +1004 -0
package/tests/guardrails/plugins/rate-limiter.test.ts +310 -0
package/tests/guardrails/plugins/token-limiter.test.ts +216 -0
package/tests/guardrails/service.test.ts +911 -0
package/tests/mcp-bridge.test.ts +248 -0
package/tests/providers.test.ts +739 -0

package/tests/mcp-bridge.test.ts CHANGED Viewed

@@ -2,6 +2,8 @@ import { jest } from '@jest/globals';
 import { ApprovalService } from '../src/services/approval';
 import { FunctionBridge } from '../src/services/function-bridge';
 import { MCPClientManager } from '../src/services/mcp-client-manager';
+import { GuardrailsService } from '../src/guardrails/service';
+import { GuardrailBlockError } from '../src/guardrails/errors';
 describe('MCP Bridge', () => {
   let approvalService: ApprovalService;
@@ -288,4 +290,250 @@ describe('MCP Bridge', () => {
       expect(functions[0].description).toBe('[filesystem] Read a file');
     });
   });
+  describe('FunctionBridge with Guardrails', () => {
+    let guardedFunctionBridge: FunctionBridge;
+    let mockGuardrailsService: {
+      isEnabled: jest.Mock;
+      createContext: jest.Mock;
+      execute: jest.Mock;
+    };
+    beforeEach(() => {
+      // Create mock guardrails service
+      mockGuardrailsService = {
+        isEnabled: jest.fn().mockReturnValue(true),
+        createContext: jest.fn().mockImplementation((params) => ({
+          requestId: 'test-request-id',
+          toolName: params.toolName,
+          toolArgs: params.toolArgs,
+          violations: [],
+          modifications: [],
+          metadata: new Map(),
+        })),
+        execute: jest.fn().mockResolvedValue({ action: 'allow', context: {} }),
+      };
+      guardedFunctionBridge = new FunctionBridge(
+        mcpManager,
+        approvalService,
+        [],
+        'never', // Never require approval for tests
+        {},
+        mockGuardrailsService as unknown as GuardrailsService
+      );
+    });
+    it('should execute pre_tool_input guardrails before tool execution', async () => {
+      // Mock the MCP manager to simulate a connected server
+      jest.spyOn(mcpManager, 'callTool').mockResolvedValue({ result: 'test result' });
+      await guardedFunctionBridge.handleFunctionCall(
+        'TestDuck',
+        'mcp__test_server__test_tool',
+        { _mcp_server: 'test_server', _mcp_tool: 'test_tool', arg1: 'value1' }
+      );
+      expect(mockGuardrailsService.isEnabled).toHaveBeenCalled();
+      expect(mockGuardrailsService.createContext).toHaveBeenCalledWith(
+        expect.objectContaining({
+          toolName: 'test_server:test_tool',
+        })
+      );
+      expect(mockGuardrailsService.execute).toHaveBeenCalledWith('pre_tool_input', expect.any(Object));
+    });
+    it('should execute post_tool_output guardrails after tool execution', async () => {
+      jest.spyOn(mcpManager, 'callTool').mockResolvedValue({ result: 'test result' });
+      await guardedFunctionBridge.handleFunctionCall(
+        'TestDuck',
+        'mcp__test_server__test_tool',
+        { _mcp_server: 'test_server', _mcp_tool: 'test_tool' }
+      );
+      // Should be called twice: pre_tool_input and post_tool_output
+      expect(mockGuardrailsService.execute).toHaveBeenCalledTimes(2);
+      expect(mockGuardrailsService.execute).toHaveBeenNthCalledWith(1, 'pre_tool_input', expect.any(Object));
+      expect(mockGuardrailsService.execute).toHaveBeenNthCalledWith(2, 'post_tool_output', expect.any(Object));
+    });
+    it('should block tool input when pre_tool_input guardrails return block', async () => {
+      mockGuardrailsService.execute.mockResolvedValueOnce({
+        action: 'block',
+        blockedBy: 'pattern_blocker',
+        blockReason: 'Sensitive data detected in tool arguments',
+        context: {},
+      });
+      const callToolSpy = jest.spyOn(mcpManager, 'callTool');
+      await expect(
+        guardedFunctionBridge.handleFunctionCall(
+          'TestDuck',
+          'mcp__test_server__test_tool',
+          { _mcp_server: 'test_server', _mcp_tool: 'test_tool', secret: 'password123' }
+        )
+      ).rejects.toThrow("Request blocked by guardrail 'pattern_blocker': Sensitive data detected in tool arguments");
+      // Should NOT call the MCP tool when blocked
+      expect(callToolSpy).not.toHaveBeenCalled();
+    });
+    it('should block tool output when post_tool_output guardrails return block', async () => {
+      jest.spyOn(mcpManager, 'callTool').mockResolvedValue({ sensitiveData: 'should_be_blocked' });
+      // Pre-tool allows, post-tool blocks
+      mockGuardrailsService.execute
+        .mockResolvedValueOnce({ action: 'allow', context: {} })
+        .mockResolvedValueOnce({
+          action: 'block',
+          blockedBy: 'pii_redactor',
+          blockReason: 'Sensitive data in tool output',
+          context: {},
+        });
+      await expect(
+        guardedFunctionBridge.handleFunctionCall(
+          'TestDuck',
+          'mcp__test_server__test_tool',
+          { _mcp_server: 'test_server', _mcp_tool: 'test_tool' }
+        )
+      ).rejects.toThrow("Request blocked by guardrail 'pii_redactor': Sensitive data in tool output");
+    });
+    it('should modify tool args when pre_tool_input guardrails return modify', async () => {
+      const modifiedArgs = { arg1: '[REDACTED]', _mcp_server: 'test_server', _mcp_tool: 'test_tool' };
+      mockGuardrailsService.execute.mockImplementation((phase) => {
+        if (phase === 'pre_tool_input') {
+          return Promise.resolve({
+            action: 'modify',
+            context: { toolArgs: modifiedArgs },
+          });
+        }
+        return Promise.resolve({ action: 'allow', context: {} });
+      });
+      mockGuardrailsService.createContext.mockReturnValue({
+        requestId: 'test-id',
+        toolName: 'test_server:test_tool',
+        toolArgs: modifiedArgs,
+        violations: [],
+        modifications: [],
+        metadata: new Map(),
+      });
+      const callToolSpy = jest.spyOn(mcpManager, 'callTool').mockResolvedValue({ result: 'ok' });
+      await guardedFunctionBridge.handleFunctionCall(
+        'TestDuck',
+        'mcp__test_server__test_tool',
+        { _mcp_server: 'test_server', _mcp_tool: 'test_tool', arg1: 'sensitive_value' }
+      );
+      // The MCP tool should receive the modified args
+      expect(callToolSpy).toHaveBeenCalledWith(
+        'test_server',
+        'test_tool',
+        expect.objectContaining({ arg1: '[REDACTED]' })
+      );
+    });
+    it('should modify tool result when post_tool_output guardrails return modify', async () => {
+      const sharedContext: {
+        requestId: string;
+        toolName: string;
+        toolArgs: Record<string, unknown>;
+        toolResult: unknown;
+        violations: unknown[];
+        modifications: unknown[];
+        metadata: Map<string, unknown>;
+      } = {
+        requestId: 'test-id',
+        toolName: 'test_server:test_tool',
+        toolArgs: {},
+        toolResult: undefined,
+        violations: [],
+        modifications: [],
+        metadata: new Map(),
+      };
+      mockGuardrailsService.createContext.mockReturnValue(sharedContext);
+      mockGuardrailsService.execute.mockImplementation((phase) => {
+        if (phase === 'post_tool_output') {
+          sharedContext.toolResult = { redacted: '[SENSITIVE DATA REMOVED]' };
+          return Promise.resolve({
+            action: 'modify',
+            context: sharedContext,
+          });
+        }
+        return Promise.resolve({ action: 'allow', context: sharedContext });
+      });
+      jest.spyOn(mcpManager, 'callTool').mockResolvedValue({
+        sensitiveField: 'actual_password_here'
+      });
+      const result = await guardedFunctionBridge.handleFunctionCall(
+        'TestDuck',
+        'mcp__test_server__test_tool',
+        { _mcp_server: 'test_server', _mcp_tool: 'test_tool' }
+      );
+      expect(result.success).toBe(true);
+      expect(result.data).toEqual({ redacted: '[SENSITIVE DATA REMOVED]' });
+    });
+    it('should skip guardrails when service is disabled', async () => {
+      mockGuardrailsService.isEnabled.mockReturnValue(false);
+      jest.spyOn(mcpManager, 'callTool').mockResolvedValue({ result: 'test' });
+      const result = await guardedFunctionBridge.handleFunctionCall(
+        'TestDuck',
+        'mcp__test_server__test_tool',
+        { _mcp_server: 'test_server', _mcp_tool: 'test_tool' }
+      );
+      expect(result.success).toBe(true);
+      expect(mockGuardrailsService.createContext).not.toHaveBeenCalled();
+      expect(mockGuardrailsService.execute).not.toHaveBeenCalled();
+    });
+    it('should work without guardrails service (undefined)', async () => {
+      const bridgeWithoutGuardrails = new FunctionBridge(
+        mcpManager,
+        approvalService,
+        [],
+        'never'
+        // No guardrails service
+      );
+      jest.spyOn(mcpManager, 'callTool').mockResolvedValue({ result: 'test' });
+      const result = await bridgeWithoutGuardrails.handleFunctionCall(
+        'TestDuck',
+        'mcp__test_server__test_tool',
+        { _mcp_server: 'test_server', _mcp_tool: 'test_tool' }
+      );
+      expect(result.success).toBe(true);
+    });
+    it('should re-throw GuardrailBlockError without wrapping', async () => {
+      mockGuardrailsService.execute.mockRejectedValueOnce(
+        new GuardrailBlockError('custom_plugin', 'Custom block reason')
+      );
+      await expect(
+        guardedFunctionBridge.handleFunctionCall(
+          'TestDuck',
+          'mcp__test_server__test_tool',
+          { _mcp_server: 'test_server', _mcp_tool: 'test_tool' }
+        )
+      ).rejects.toThrow("Request blocked by guardrail 'custom_plugin': Custom block reason");
+    });
+  });
 });