mcp-security-scanner 1.0.0

package/dist/runtime/index.js

@@ -0,0 +1,239 @@
+import { z } from "zod";
+import { text, json } from "../types/index.js";
+import { connectAndInspect } from "./client.js";
+import { analyzePoisoning, analyzeAnsiInjection, analyzeUnicodeSteganography } from "./tool-analyzer.js";
+import { analyzeScope, analyzeToolShadowing, analyzeCrossOrigin, analyzeResourceExposure } from "./schema-analyzer.js";
+import { savePin, loadPin, verifyAgainstPin } from "./pinning.js";
+// Common schema for server connection
+const serverSchema = {
+    command: z.string().describe("Server command to execute (e.g. 'node', 'bun', 'npx')"),
+    args: z.array(z.string()).optional().describe("Command arguments (e.g. ['run', 'server.js'])"),
+    env: z.record(z.string()).optional().describe("Additional environment variables"),
+    timeout_ms: z.number().optional().describe("Connection timeout in milliseconds (default: 30000)"),
+};
+function formatFindings(findings) {
+    if (findings.length === 0)
+        return "No findings.";
+    const bySeverity = { critical: 0, high: 0, medium: 0, low: 0, info: 0 };
+    for (const f of findings)
+        bySeverity[f.severity]++;
+    let output = `${findings.length} finding(s): ${bySeverity.critical} critical, ${bySeverity.high} high, ${bySeverity.medium} medium, ${bySeverity.low} low, ${bySeverity.info} info\n\n`;
+    for (const f of findings) {
+        output += `[${f.severity.toUpperCase()}] ${f.id}: ${f.title}\n`;
+        output += `  OWASP: ${f.owasp_mcp} — ${f.owasp_mcp_title}\n`;
+        output += `  Evidence: ${f.evidence}\n`;
+        output += `  Remediation: ${f.remediation}\n\n`;
+    }
+    return output.trim();
+}
+const rtInspectServer = {
+    name: "rt_inspect_server",
+    description: "Connect to an MCP server via stdio, enumerate all tools with descriptions and schemas, list resources and prompts. Returns full server capability manifest.",
+    schema: serverSchema,
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        return json({
+            tool_count: manifest.tools.length,
+            resource_count: manifest.resources.length,
+            prompt_count: manifest.prompts.length,
+            tools: manifest.tools,
+            resources: manifest.resources,
+            prompts: manifest.prompts,
+        });
+    },
+};
+const rtCheckToolPoisoning = {
+    name: "rt_check_tool_poisoning",
+    description: "Analyze ALL tool descriptions for hidden prompt injection instructions. Checks for: file read instructions, exfiltration patterns, instruction override, system prompt extraction, social engineering. Returns findings with matched pattern and severity.",
+    schema: {
+        ...serverSchema,
+        tool_name: z.string().optional().describe("Check only this tool (default: all tools)"),
+    },
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        let tools = manifest.tools;
+        if (args.tool_name) {
+            tools = tools.filter((t) => t.name === args.tool_name);
+            if (tools.length === 0)
+                return text(`Tool "${args.tool_name}" not found in server.`);
+        }
+        const findings = analyzePoisoning(tools);
+        return text(formatFindings(findings));
+    },
+};
+const rtCheckAnsiInjection = {
+    name: "rt_check_ansi_injection",
+    description: "Scan all tool descriptions and schema field descriptions for ANSI escape sequences (CSI codes, cursor movement, color codes) used to hide malicious text in terminal display while LLM still reads it.",
+    schema: serverSchema,
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const findings = analyzeAnsiInjection(manifest.tools);
+        return text(formatFindings(findings));
+    },
+};
+const rtCheckUnicodeSteganography = {
+    name: "rt_check_unicode_steganography",
+    description: "Detect hidden Unicode characters in tool descriptions: zero-width spaces, zero-width joiners, word joiners, RTL/LTR override, BOM, invisible separators, homoglyph characters. These can hide instructions visible to LLM but invisible to humans.",
+    schema: serverSchema,
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const findings = analyzeUnicodeSteganography(manifest.tools);
+        return text(formatFindings(findings));
+    },
+};
+const rtCheckScopeCreep = {
+    name: "rt_check_scope_creep",
+    description: "Analyze tool schemas for over-permissive parameter types: arbitrary file paths, unrestricted URLs, shell commands, wildcard globs, any-type schemas. Also flags excessive tool count (>50).",
+    schema: serverSchema,
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const findings = analyzeScope(manifest.tools);
+        return text(formatFindings(findings));
+    },
+};
+const rtCheckToolShadowing = {
+    name: "rt_check_tool_shadowing",
+    description: "Detect tools with names that shadow common MCP tool names from well-known servers (read_file, write_file, execute_command, bash, etc.). A rogue server registering these names could intercept calls intended for legitimate servers.",
+    schema: {
+        ...serverSchema,
+        known_tools: z.array(z.string()).optional().describe("Custom list of known tool names to check against"),
+    },
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const findings = analyzeToolShadowing(manifest.tools, args.known_tools);
+        return text(formatFindings(findings));
+    },
+};
+const rtCheckCrossOrigin = {
+    name: "rt_check_cross_origin",
+    description: "Scan tool descriptions for references to tools from OTHER servers — patterns like 'when using the email tool', 'before calling read_file'. These cross-origin instructions enable tool shadowing attacks.",
+    schema: serverSchema,
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const findings = analyzeCrossOrigin(manifest.tools);
+        return text(formatFindings(findings));
+    },
+};
+const rtPinTools = {
+    name: "rt_pin_tools",
+    description: "Connect to server, SHA-256 hash every tool definition (name + description + schema), store as a pin file. Use rt_verify_pins later to detect tool definition changes (rug pull detection).",
+    schema: {
+        ...serverSchema,
+        pin_name: z.string().describe("Name for this pin (used as filename, e.g. 'my-mcp-server')"),
+    },
+    async execute(args, ctx) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const pinFile = await savePin(ctx.config.pinDir, args.pin_name, args.command, args.args, manifest.tools);
+        return text(`Pin saved: ${pinFile.pin_name}\n` +
+            `Tools: ${pinFile.tool_count}\n` +
+            `Manifest hash: ${pinFile.manifest_hash}\n` +
+            `Timestamp: ${pinFile.timestamp}\n\n` +
+            pinFile.tools.map((t) => `  ${t.name}: ${t.hash.substring(0, 16)}...`).join("\n"));
+    },
+};
+const rtVerifyPins = {
+    name: "rt_verify_pins",
+    description: "Connect to server, hash current tool definitions, compare against stored pin. Reports: added tools, removed tools, modified tools (hash changed — potential rug pull), unchanged tools.",
+    schema: {
+        ...serverSchema,
+        pin_name: z.string().describe("Pin name to verify against"),
+    },
+    async execute(args, ctx) {
+        const pin = await loadPin(ctx.config.pinDir, args.pin_name);
+        if (!pin)
+            return text(`Pin "${args.pin_name}" not found. Run rt_pin_tools first.`);
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const verification = verifyAgainstPin(pin, manifest.tools);
+        if (verification.matched) {
+            return text(`PIN VERIFIED: All ${verification.unchanged.length} tools match the pin "${args.pin_name}".\n` +
+                `Original pin: ${pin.timestamp}`);
+        }
+        let output = `PIN MISMATCH: Tool definitions have changed since pin "${args.pin_name}" (${pin.timestamp})\n\n`;
+        if (verification.added.length > 0) {
+            output += `ADDED (${verification.added.length}):\n`;
+            for (const t of verification.added)
+                output += `  + ${t.name}: ${t.description_preview}\n`;
+            output += "\n";
+        }
+        if (verification.removed.length > 0) {
+            output += `REMOVED (${verification.removed.length}):\n`;
+            for (const t of verification.removed)
+                output += `  - ${t.name}: ${t.description_preview}\n`;
+            output += "\n";
+        }
+        if (verification.modified.length > 0) {
+            output += `MODIFIED (${verification.modified.length}) — POTENTIAL RUG PULL:\n`;
+            for (const m of verification.modified)
+                output += `  ~ ${m.name}: ${m.oldHash.substring(0, 16)}... → ${m.newHash.substring(0, 16)}...\n`;
+            output += "\n";
+        }
+        output += `Unchanged: ${verification.unchanged.length}\n`;
+        return text(output.trim());
+    },
+};
+const rtCheckAuth = {
+    name: "rt_check_auth",
+    description: "Test if MCP server requires authentication. Connects without credentials and checks if tools are accessible. Flags servers that accept unauthenticated connections.",
+    schema: serverSchema,
+    async execute(args) {
+        // For stdio servers, there's no auth layer — we check if the server
+        // starts without any auth env vars and still exposes tools
+        const manifest = await connectAndInspect(args.command, args.args, {}, // empty env — no API keys
+        args.timeout_ms ?? 30_000);
+        const findings = [];
+        if (manifest.tools.length > 0) {
+            findings.push({
+                id: "RT-AUTH-001",
+                title: "Server Accepts Unauthenticated Connections",
+                severity: "high",
+                owasp_mcp: "MCP07",
+                owasp_mcp_title: "Insufficient Authentication & Transport Security",
+                category: "runtime",
+                evidence: `Server exposes ${manifest.tools.length} tools without authentication. Connected with empty environment (no API keys).`,
+                remediation: "Implement authentication for the MCP server. For stdio servers, validate caller identity. For remote servers, require OAuth 2.1 tokens.",
+                cwe: "CWE-287",
+            });
+        }
+        return text(formatFindings(findings));
+    },
+};
+const rtCheckResourceExposure = {
+    name: "rt_check_resource_exposure",
+    description: "Enumerate all MCP resources and prompts exposed by the server. Flag resources with broad URI patterns (file://*, https://*), resources exposing sensitive paths, and prompts that could be used for social engineering.",
+    schema: serverSchema,
+    async execute(args) {
+        const manifest = await connectAndInspect(args.command, args.args, args.env, args.timeout_ms ?? 30_000);
+        const findings = analyzeResourceExposure(manifest.resources, manifest.prompts);
+        let output = `Resources: ${manifest.resources.length}, Prompts: ${manifest.prompts.length}\n\n`;
+        if (manifest.resources.length > 0) {
+            output += "Resources:\n";
+            for (const r of manifest.resources) {
+                output += `  ${r.uri} — ${r.name ?? "unnamed"}\n`;
+            }
+            output += "\n";
+        }
+        if (manifest.prompts.length > 0) {
+            output += "Prompts:\n";
+            for (const p of manifest.prompts) {
+                output += `  ${p.name} — ${p.description ?? "no description"}\n`;
+            }
+            output += "\n";
+        }
+        output += formatFindings(findings);
+        return text(output.trim());
+    },
+};
+export const runtimeTools = [
+    rtInspectServer,
+    rtCheckToolPoisoning,
+    rtCheckAnsiInjection,
+    rtCheckUnicodeSteganography,
+    rtCheckScopeCreep,
+    rtCheckToolShadowing,
+    rtCheckCrossOrigin,
+    rtPinTools,
+    rtVerifyPins,
+    rtCheckAuth,
+    rtCheckResourceExposure,
+];
+//# sourceMappingURL=index.js.map

package/dist/runtime/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runtime/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,mBAAmB,CAAC;AAE/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACzG,OAAO,EAAE,YAAY,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AACvH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAElE,sCAAsC;AACtC,MAAM,YAAY,GAAG;IACnB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uDAAuD,CAAC;IACrF,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,+CAA+C,CAAC;IAC9F,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kCAAkC,CAAC;IACjF,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;CAClG,CAAC;AAEF,SAAS,cAAc,CAAC,QAAmB;IACzC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,cAAc,CAAC;IAEjD,MAAM,UAAU,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IACxE,KAAK,MAAM,CAAC,IAAI,QAAQ;QAAE,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;IAEnD,IAAI,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,gBAAgB,UAAU,CAAC,QAAQ,cAAc,UAAU,CAAC,IAAI,UAAU,UAAU,CAAC,MAAM,YAAY,UAAU,CAAC,GAAG,SAAS,UAAU,CAAC,IAAI,WAAW,CAAC;IAExL,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC;QAChE,MAAM,IAAI,YAAY,CAAC,CAAC,SAAS,MAAM,CAAC,CAAC,eAAe,IAAI,CAAC;QAC7D,MAAM,IAAI,eAAe,CAAC,CAAC,QAAQ,IAAI,CAAC;QACxC,MAAM,IAAI,kBAAkB,CAAC,CAAC,WAAW,MAAM,CAAC;IAClD,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;AACvB,CAAC;AAED,MAAM,eAAe,GAAY;IAC/B,IAAI,EAAE,mBAAmB;IACzB,WAAW,EACT,6JAA6J;IAC/J,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,OAAO,IAAI,CAAC;YACV,UAAU,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM;YACjC,cAAc,EAAE,QAAQ,CAAC,SAAS,CAAC,MAAM;YACzC,YAAY,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;YACrC,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAY;IACpC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,4PAA4P;IAC9P,MAAM,EAAE;QACN,GAAG,YAAY;QACf,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;KACvF;IACD,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,IAAI,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC;QAC3B,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YACnB,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC;YACvD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,wBAAwB,CAAC,CAAC;QACvF,CAAC;QAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAY;IACpC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,wMAAwM;IAC1M,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,2BAA2B,GAAY;IAC3C,IAAI,EAAE,gCAAgC;IACtC,WAAW,EACT,oPAAoP;IACtP,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,2BAA2B,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAY;IACjC,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EACT,6LAA6L;IAC/L,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,oBAAoB,GAAY;IACpC,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EACT,uOAAuO;IACzO,MAAM,EAAE;QACN,GAAG,YAAY;QACf,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,kDAAkD,CAAC;KACzG;IACD,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,WAAmC,CAAC,CAAC;QAChG,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,kBAAkB,GAAY;IAClC,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EACT,2MAA2M;IAC7M,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,UAAU,GAAY;IAC1B,IAAI,EAAE,cAAc;IACpB,WAAW,EACT,4LAA4L;IAC9L,MAAM,EAAE;QACN,GAAG,YAAY;QACf,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4DAA4D,CAAC;KAC5F;IACD,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,OAAO,GAAG,MAAM,OAAO,CAC3B,GAAG,CAAC,MAAM,CAAC,MAAM,EACjB,IAAI,CAAC,QAAkB,EACvB,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,QAAQ,CAAC,KAAK,CACf,CAAC;QAEF,OAAO,IAAI,CACT,cAAc,OAAO,CAAC,QAAQ,IAAI;YAClC,UAAU,OAAO,CAAC,UAAU,IAAI;YAChC,kBAAkB,OAAO,CAAC,aAAa,IAAI;YAC3C,cAAc,OAAO,CAAC,SAAS,MAAM;YACrC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAClF,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,YAAY,GAAY;IAC5B,IAAI,EAAE,gBAAgB;IACtB,WAAW,EACT,yLAAyL;IAC3L,MAAM,EAAE;QACN,GAAG,YAAY;QACf,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,4BAA4B,CAAC;KAC5D;IACD,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG;QACrB,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,QAAkB,CAAC,CAAC;QACtE,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,sCAAsC,CAAC,CAAC;QAEnF,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,YAAY,GAAG,gBAAgB,CAAC,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE3D,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,IAAI,CACT,qBAAqB,YAAY,CAAC,SAAS,CAAC,MAAM,yBAAyB,IAAI,CAAC,QAAQ,MAAM;gBAC9F,iBAAiB,GAAG,CAAC,SAAS,EAAE,CACjC,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,GAAG,0DAA0D,IAAI,CAAC,QAAQ,MAAM,GAAG,CAAC,SAAS,OAAO,CAAC;QAE/G,IAAI,YAAY,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,UAAU,YAAY,CAAC,KAAK,CAAC,MAAM,MAAM,CAAC;YACpD,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,KAAK;gBAAE,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,mBAAmB,IAAI,CAAC;YAC1F,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,IAAI,YAAY,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,YAAY,YAAY,CAAC,OAAO,CAAC,MAAM,MAAM,CAAC;YACxD,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,OAAO;gBAAE,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,mBAAmB,IAAI,CAAC;YAC5F,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,IAAI,YAAY,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,aAAa,YAAY,CAAC,QAAQ,CAAC,MAAM,2BAA2B,CAAC;YAC/E,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,QAAQ;gBAAE,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC;YACxI,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,MAAM,IAAI,cAAc,YAAY,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC;QAE1D,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC;CACF,CAAC;AAEF,MAAM,WAAW,GAAY;IAC3B,IAAI,EAAE,eAAe;IACrB,WAAW,EACT,qKAAqK;IACvK,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,oEAAoE;QACpE,2DAA2D;QAC3D,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,EAAE,EAAE,0BAA0B;QAC7B,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,aAAa;gBACjB,KAAK,EAAE,4CAA4C;gBACnD,QAAQ,EAAE,MAAM;gBAChB,SAAS,EAAE,OAAO;gBAClB,eAAe,EAAE,kDAAkD;gBACnE,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,kBAAkB,QAAQ,CAAC,KAAK,CAAC,MAAM,gFAAgF;gBACjI,WAAW,EAAE,yIAAyI;gBACtJ,GAAG,EAAE,SAAS;aACf,CAAC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxC,CAAC;CACF,CAAC;AAEF,MAAM,uBAAuB,GAAY;IACvC,IAAI,EAAE,4BAA4B;IAClC,WAAW,EACT,yNAAyN;IAC3N,MAAM,EAAE,YAAY;IACpB,KAAK,CAAC,OAAO,CAAC,IAAI;QAChB,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CACtC,IAAI,CAAC,OAAiB,EACtB,IAAI,CAAC,IAA4B,EACjC,IAAI,CAAC,GAAyC,EAC7C,IAAI,CAAC,UAAqB,IAAI,MAAM,CACtC,CAAC;QAEF,MAAM,QAAQ,GAAG,uBAAuB,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE/E,IAAI,MAAM,GAAG,cAAc,QAAQ,CAAC,SAAS,CAAC,MAAM,cAAc,QAAQ,CAAC,OAAO,CAAC,MAAM,MAAM,CAAC;QAEhG,IAAI,QAAQ,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,cAAc,CAAC;YACzB,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,IAAI,SAAS,IAAI,CAAC;YACpD,CAAC;YACD,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,YAAY,CAAC;YACvB,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,WAAW,IAAI,gBAAgB,IAAI,CAAC;YACnE,CAAC;YACD,MAAM,IAAI,IAAI,CAAC;QACjB,CAAC;QAED,MAAM,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,YAAY,GAAc;IACrC,eAAe;IACf,oBAAoB;IACpB,oBAAoB;IACpB,2BAA2B;IAC3B,iBAAiB;IACjB,oBAAoB;IACpB,kBAAkB;IAClB,UAAU;IACV,YAAY;IACZ,WAAW;IACX,uBAAuB;CACxB,CAAC"}

package/dist/runtime/pinning.d.ts

@@ -0,0 +1,21 @@
+import type { PinFile, ToolPin } from "../types/findings.js";
+import type { ServerTool } from "./client.js";
+export declare function hashTools(tools: ServerTool[]): {
+    tools: ToolPin[];
+    manifestHash: string;
+};
+export declare function savePin(pinDir: string, pinName: string, command: string, args: string[] | undefined, tools: ServerTool[]): Promise<PinFile>;
+export declare function loadPin(pinDir: string, pinName: string): Promise<PinFile | null>;
+export interface PinVerification {
+    matched: boolean;
+    added: ToolPin[];
+    removed: ToolPin[];
+    modified: {
+        name: string;
+        oldHash: string;
+        newHash: string;
+    }[];
+    unchanged: string[];
+}
+export declare function verifyAgainstPin(pin: PinFile, currentTools: ServerTool[]): PinVerification;
+//# sourceMappingURL=pinning.d.ts.map

package/dist/runtime/pinning.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pinning.d.ts","sourceRoot":"","sources":["../../src/runtime/pinning.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAG9C,wBAAgB,SAAS,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG;IAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CASzF;AAED,wBAAsB,OAAO,CAC3B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,EAC1B,KAAK,EAAE,UAAU,EAAE,GAClB,OAAO,CAAC,OAAO,CAAC,CAkBlB;AAED,wBAAsB,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAQtF;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,EAAE,CAAC;IACjB,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,QAAQ,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC/D,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,eAAe,CAqC1F"}

package/dist/runtime/pinning.js

@@ -0,0 +1,74 @@
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { join } from "node:path";
+import { hashToolDefinition, hashManifest } from "../utils/crypto.js";
+export function hashTools(tools) {
+    const toolPins = tools.map((t) => ({
+        name: t.name,
+        hash: hashToolDefinition(t.name, t.description ?? "", t.inputSchema ?? {}),
+        description_preview: (t.description ?? "").substring(0, 100),
+    }));
+    const manifestHash = hashManifest(toolPins.map((t) => t.hash));
+    return { tools: toolPins, manifestHash };
+}
+export async function savePin(pinDir, pinName, command, args, tools) {
+    const { tools: toolPins, manifestHash } = hashTools(tools);
+    const pinFile = {
+        pin_name: pinName,
+        server_command: command,
+        server_args: args,
+        timestamp: new Date().toISOString(),
+        tool_count: tools.length,
+        manifest_hash: manifestHash,
+        tools: toolPins,
+    };
+    await mkdir(pinDir, { recursive: true });
+    const filePath = join(pinDir, `${pinName}.json`);
+    await writeFile(filePath, JSON.stringify(pinFile, null, 2), "utf8");
+    return pinFile;
+}
+export async function loadPin(pinDir, pinName) {
+    try {
+        const filePath = join(pinDir, `${pinName}.json`);
+        const content = await readFile(filePath, "utf8");
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+export function verifyAgainstPin(pin, currentTools) {
+    const { tools: currentPins } = hashTools(currentTools);
+    const pinMap = new Map(pin.tools.map((t) => [t.name, t]));
+    const currentMap = new Map(currentPins.map((t) => [t.name, t]));
+    const added = [];
+    const removed = [];
+    const modified = [];
+    const unchanged = [];
+    // Find added and modified
+    for (const [name, current] of currentMap) {
+        const pinned = pinMap.get(name);
+        if (!pinned) {
+            added.push(current);
+        }
+        else if (pinned.hash !== current.hash) {
+            modified.push({ name, oldHash: pinned.hash, newHash: current.hash });
+        }
+        else {
+            unchanged.push(name);
+        }
+    }
+    // Find removed
+    for (const [name, pinned] of pinMap) {
+        if (!currentMap.has(name)) {
+            removed.push(pinned);
+        }
+    }
+    return {
+        matched: added.length === 0 && removed.length === 0 && modified.length === 0,
+        added,
+        removed,
+        modified,
+        unchanged,
+    };
+}
+//# sourceMappingURL=pinning.js.map

package/dist/runtime/pinning.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pinning.js","sourceRoot":"","sources":["../../src/runtime/pinning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC,OAAO,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAEtE,MAAM,UAAU,SAAS,CAAC,KAAmB;IAC3C,MAAM,QAAQ,GAAc,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5C,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,kBAAkB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC;QAC1E,mBAAmB,EAAE,CAAC,CAAC,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;KAC7D,CAAC,CAAC,CAAC;IAEJ,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,OAAe,EACf,OAAe,EACf,IAA0B,EAC1B,KAAmB;IAEnB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAE3D,MAAM,OAAO,GAAY;QACvB,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,OAAO;QACvB,WAAW,EAAE,IAAI;QACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE,KAAK,CAAC,MAAM;QACxB,aAAa,EAAE,YAAY;QAC3B,KAAK,EAAE,QAAQ;KAChB,CAAC;IAEF,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEpE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,MAAc,EAAE,OAAe;IAC3D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,OAAO,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAY,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAUD,MAAM,UAAU,gBAAgB,CAAC,GAAY,EAAE,YAA0B;IACvE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;IAEvD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhE,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAc,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAyD,EAAE,CAAC;IAC1E,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,0BAA0B;IAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,UAAU,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,CAAC;aAAM,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;YACxC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,eAAe;IACf,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAC5E,KAAK;QACL,OAAO;QACP,QAAQ;QACR,SAAS;KACV,CAAC;AACJ,CAAC"}

package/dist/runtime/schema-analyzer.d.ts

@@ -0,0 +1,14 @@
+import type { Finding } from "../types/findings.js";
+import type { ServerTool } from "./client.js";
+export declare function analyzeScope(tools: ServerTool[]): Finding[];
+export declare function analyzeToolShadowing(tools: ServerTool[], knownTools?: string[]): Finding[];
+export declare function analyzeCrossOrigin(tools: ServerTool[]): Finding[];
+export declare function analyzeResourceExposure(resources: {
+    uri: string;
+    name?: string;
+    description?: string;
+}[], prompts: {
+    name: string;
+    description?: string;
+}[]): Finding[];
+//# sourceMappingURL=schema-analyzer.d.ts.map

package/dist/runtime/schema-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-analyzer.d.ts","sourceRoot":"","sources":["../../src/runtime/schema-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AA6B9C,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAoE3D;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,CAuB1F;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAqCjE;AAED,wBAAgB,uBAAuB,CACrC,SAAS,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,EACjE,OAAO,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,GAChD,OAAO,EAAE,CA8DX"}

package/dist/runtime/schema-analyzer.js

@@ -0,0 +1,204 @@
+const COMMON_TOOL_NAMES = new Set([
+    // File operations (Claude Code, filesystem servers)
+    "read_file", "write_file", "edit_file", "list_directory", "create_directory",
+    "move_file", "search_files", "get_file_info", "read_multiple_files",
+    // Shell / execution
+    "bash", "execute_command", "run_command", "shell", "terminal",
+    "run_script", "exec", "execute",
+    // Search
+    "search", "grep", "find", "glob", "ripgrep",
+    // Web
+    "fetch", "web_search", "browse", "http_request", "curl",
+    // Git
+    "git", "git_status", "git_diff", "git_log", "git_commit",
+    // Database
+    "query", "sql", "execute_query", "read_query",
+    // Memory / knowledge
+    "remember", "recall", "store", "retrieve",
+]);
+const DANGEROUS_PARAM_PATTERNS = [
+    { pattern: /^(command|cmd|shell|exec|script)$/i, severity: "critical", desc: "Shell command parameter" },
+    { pattern: /^(path|file|filepath|file_path|filename|directory|dir|folder)$/i, severity: "high", desc: "Unrestricted file path" },
+    { pattern: /^(url|uri|endpoint|href|link|target)$/i, severity: "high", desc: "Unrestricted URL parameter" },
+    { pattern: /^(query|sql|expression|filter|regex|pattern|code)$/i, severity: "medium", desc: "Query/code injection surface" },
+    { pattern: /^(glob|wildcard)$/i, severity: "medium", desc: "Wildcard pattern parameter" },
+];
+export function analyzeScope(tools) {
+    const findings = [];
+    let counter = 1;
+    // Check excessive tool count
+    if (tools.length > 50) {
+        findings.push({
+            id: `RT-SCOPE-${String(counter++).padStart(3, "0")}`,
+            title: "Excessive Tool Count",
+            severity: "medium",
+            owasp_mcp: "MCP02",
+            owasp_mcp_title: "Tool & Scope Mismanagement",
+            category: "runtime",
+            evidence: `Server exposes ${tools.length} tools (threshold: 50). High tool count increases attack surface and prompt complexity.`,
+            remediation: "Reduce tool count. Split into multiple focused servers. Remove unused or redundant tools.",
+            cwe: "CWE-250",
+        });
+    }
+    for (const tool of tools) {
+        const schema = tool.inputSchema;
+        if (!schema || typeof schema !== "object")
+            continue;
+        const properties = schema.properties;
+        if (!properties || typeof properties !== "object")
+            continue;
+        for (const [paramName, paramSchema] of Object.entries(properties)) {
+            const ps = paramSchema;
+            // Check for any/object type without constraints
+            if (ps.type === "object" && !ps.properties) {
+                findings.push({
+                    id: `RT-SCOPE-${String(counter++).padStart(3, "0")}`,
+                    title: `Over-permissive Parameter: ${tool.name}.${paramName}`,
+                    severity: "medium",
+                    owasp_mcp: "MCP02",
+                    owasp_mcp_title: "Tool & Scope Mismanagement",
+                    category: "runtime",
+                    evidence: `Tool "${tool.name}" parameter "${paramName}" accepts arbitrary object without property constraints`,
+                    remediation: "Define explicit properties and types for object parameters. Use Zod schemas with strict validation.",
+                    cwe: "CWE-732",
+                });
+            }
+            // Check dangerous parameter names
+            for (const dp of DANGEROUS_PARAM_PATTERNS) {
+                if (dp.pattern.test(paramName)) {
+                    // Only flag if there's no enum constraint
+                    if (!ps.enum && !ps.const) {
+                        findings.push({
+                            id: `RT-SCOPE-${String(counter++).padStart(3, "0")}`,
+                            title: `Dangerous Parameter: ${tool.name}.${paramName}`,
+                            severity: dp.severity,
+                            owasp_mcp: "MCP02",
+                            owasp_mcp_title: "Tool & Scope Mismanagement",
+                            category: "runtime",
+                            evidence: `Tool "${tool.name}" has ${dp.desc} "${paramName}" without enum/allowlist constraint`,
+                            remediation: "Add enum constraints, allowlists, or strict validation for sensitive parameters.",
+                            cwe: "CWE-732",
+                        });
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    return findings;
+}
+export function analyzeToolShadowing(tools, knownTools) {
+    const findings = [];
+    let counter = 1;
+    const knownSet = new Set(knownTools ?? COMMON_TOOL_NAMES);
+    for (const tool of tools) {
+        if (knownSet.has(tool.name)) {
+            findings.push({
+                id: `RT-SHADOW-${String(counter++).padStart(3, "0")}`,
+                title: `Tool Name Shadows Common Tool: "${tool.name}"`,
+                severity: "high",
+                owasp_mcp: "MCP06",
+                owasp_mcp_title: "Context & Tool Shadowing",
+                category: "runtime",
+                evidence: `Tool "${tool.name}" matches a common MCP tool name from well-known servers. A rogue server registering this name could intercept calls intended for a legitimate server.`,
+                remediation: "Use namespaced tool names (e.g. prefix with server name). Audit tool name collisions across configured servers.",
+                cwe: "CWE-346",
+                references: ["https://blog.trailofbits.com/2025/04/22/mcp-security-research/"],
+            });
+        }
+    }
+    return findings;
+}
+export function analyzeCrossOrigin(tools) {
+    const findings = [];
+    let counter = 1;
+    const crossOriginPatterns = [
+        /when\s+using\s+(?:the\s+)?(\w+)\s+tool/i,
+        /before\s+calling\s+(?:the\s+)?(\w+)/i,
+        /after\s+calling\s+(?:the\s+)?(\w+)/i,
+        /always\s+.*?with\s+(?:the\s+)?(\w+)\s+tool/i,
+        /use\s+(?:the\s+)?(\w+)\s+tool\s+(?:to|for)/i,
+        /tell\s+(?:the\s+)?(\w+)\s+server/i,
+        /pass\s+(?:to|this\s+to)\s+(?:the\s+)?(\w+)/i,
+    ];
+    for (const tool of tools) {
+        const desc = tool.description ?? "";
+        for (const pattern of crossOriginPatterns) {
+            const match = desc.match(pattern);
+            if (match) {
+                findings.push({
+                    id: `RT-XORIGIN-${String(counter++).padStart(3, "0")}`,
+                    title: `Cross-Origin Tool Reference in "${tool.name}"`,
+                    severity: "high",
+                    owasp_mcp: "MCP06",
+                    owasp_mcp_title: "Context & Tool Shadowing",
+                    category: "runtime",
+                    evidence: `Tool "${tool.name}" description references external tool/server: "${match[0]}"`,
+                    remediation: "Remove cross-origin references from tool descriptions. Each server should only describe its own tools.",
+                    cwe: "CWE-346",
+                });
+                break;
+            }
+        }
+    }
+    return findings;
+}
+export function analyzeResourceExposure(resources, prompts) {
+    const findings = [];
+    let counter = 1;
+    const sensitivePathPatterns = [
+        /\/etc\//i,
+        /~\/\.ssh/i,
+        /\.env/i,
+        /\.aws/i,
+        /\.kube/i,
+        /credentials/i,
+        /\.gnupg/i,
+        /id_rsa/i,
+        /private.?key/i,
+    ];
+    const broadUriPatterns = [
+        /^file:\/\/\*$/,
+        /^file:\/\/\//,
+        /^https?:\/\/\*$/,
+        /\*\*$/,
+    ];
+    for (const resource of resources) {
+        // Check broad URI patterns
+        for (const pattern of broadUriPatterns) {
+            if (pattern.test(resource.uri)) {
+                findings.push({
+                    id: `RT-RESOURCE-${String(counter++).padStart(3, "0")}`,
+                    title: `Overly Broad Resource URI: ${resource.uri}`,
+                    severity: "high",
+                    owasp_mcp: "MCP10",
+                    owasp_mcp_title: "Context Over-sharing & Data Exposure",
+                    category: "runtime",
+                    evidence: `Resource "${resource.name ?? resource.uri}" has broad URI pattern "${resource.uri}" allowing wide file/network access`,
+                    remediation: "Restrict resource URI patterns to specific directories or endpoints. Avoid wildcards.",
+                    cwe: "CWE-200",
+                });
+                break;
+            }
+        }
+        // Check sensitive paths
+        for (const pattern of sensitivePathPatterns) {
+            if (pattern.test(resource.uri)) {
+                findings.push({
+                    id: `RT-RESOURCE-${String(counter++).padStart(3, "0")}`,
+                    title: `Resource Exposes Sensitive Path: ${resource.uri}`,
+                    severity: "critical",
+                    owasp_mcp: "MCP10",
+                    owasp_mcp_title: "Context Over-sharing & Data Exposure",
+                    category: "runtime",
+                    evidence: `Resource "${resource.name ?? resource.uri}" exposes sensitive path: ${resource.uri}`,
+                    remediation: "Remove access to sensitive paths. Use allowlists for permitted resource URIs.",
+                    cwe: "CWE-200",
+                });
+                break;
+            }
+        }
+    }
+    return findings;
+}
+//# sourceMappingURL=schema-analyzer.js.map

package/dist/runtime/schema-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-analyzer.js","sourceRoot":"","sources":["../../src/runtime/schema-analyzer.ts"],"names":[],"mappings":"AAGA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,oDAAoD;IACpD,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,kBAAkB;IAC5E,WAAW,EAAE,cAAc,EAAE,eAAe,EAAE,qBAAqB;IACnE,oBAAoB;IACpB,MAAM,EAAE,iBAAiB,EAAE,aAAa,EAAE,OAAO,EAAE,UAAU;IAC7D,YAAY,EAAE,MAAM,EAAE,SAAS;IAC/B,SAAS;IACT,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS;IAC3C,MAAM;IACN,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM;IACvD,MAAM;IACN,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY;IACxD,WAAW;IACX,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,YAAY;IAC7C,qBAAqB;IACrB,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU;CAC1C,CAAC,CAAC;AAEH,MAAM,wBAAwB,GAAG;IAC/B,EAAE,OAAO,EAAE,oCAAoC,EAAE,QAAQ,EAAE,UAAmB,EAAE,IAAI,EAAE,yBAAyB,EAAE;IACjH,EAAE,OAAO,EAAE,iEAAiE,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,wBAAwB,EAAE;IACzI,EAAE,OAAO,EAAE,wCAAwC,EAAE,QAAQ,EAAE,MAAe,EAAE,IAAI,EAAE,4BAA4B,EAAE;IACpH,EAAE,OAAO,EAAE,qDAAqD,EAAE,QAAQ,EAAE,QAAiB,EAAE,IAAI,EAAE,8BAA8B,EAAE;IACrI,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAiB,EAAE,IAAI,EAAE,4BAA4B,EAAE;CACnG,CAAC;AAEF,MAAM,UAAU,YAAY,CAAC,KAAmB;IAC9C,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,6BAA6B;IAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACpD,KAAK,EAAE,sBAAsB;YAC7B,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,OAAO;YAClB,eAAe,EAAE,4BAA4B;YAC7C,QAAQ,EAAE,SAAS;YACnB,QAAQ,EAAE,kBAAkB,KAAK,CAAC,MAAM,yFAAyF;YACjI,WAAW,EAAE,2FAA2F;YACxG,GAAG,EAAE,SAAS;SACf,CAAC,CAAC;IACL,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC;QAChC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,SAAS;QAEpD,MAAM,UAAU,GAAI,MAAc,CAAC,UAAU,CAAC;QAC9C,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ;YAAE,SAAS;QAE5D,KAAK,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,MAAM,EAAE,GAAG,WAAkB,CAAC;YAE9B,gDAAgD;YAChD,IAAI,EAAE,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;gBAC3C,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACpD,KAAK,EAAE,8BAA8B,IAAI,CAAC,IAAI,IAAI,SAAS,EAAE;oBAC7D,QAAQ,EAAE,QAAQ;oBAClB,SAAS,EAAE,OAAO;oBAClB,eAAe,EAAE,4BAA4B;oBAC7C,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,SAAS,IAAI,CAAC,IAAI,gBAAgB,SAAS,yDAAyD;oBAC9G,WAAW,EAAE,qGAAqG;oBAClH,GAAG,EAAE,SAAS;iBACf,CAAC,CAAC;YACL,CAAC;YAED,kCAAkC;YAClC,KAAK,MAAM,EAAE,IAAI,wBAAwB,EAAE,CAAC;gBAC1C,IAAI,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC/B,0CAA0C;oBAC1C,IAAI,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;wBAC1B,QAAQ,CAAC,IAAI,CAAC;4BACZ,EAAE,EAAE,YAAY,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;4BACpD,KAAK,EAAE,wBAAwB,IAAI,CAAC,IAAI,IAAI,SAAS,EAAE;4BACvD,QAAQ,EAAE,EAAE,CAAC,QAAQ;4BACrB,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,4BAA4B;4BAC7C,QAAQ,EAAE,SAAS;4BACnB,QAAQ,EAAE,SAAS,IAAI,CAAC,IAAI,SAAS,EAAE,CAAC,IAAI,KAAK,SAAS,qCAAqC;4BAC/F,WAAW,EAAE,kFAAkF;4BAC/F,GAAG,EAAE,SAAS;yBACf,CAAC,CAAC;oBACL,CAAC;oBACD,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,KAAmB,EAAE,UAAqB;IAC7E,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,UAAU,IAAI,iBAAiB,CAAC,CAAC;IAE1D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,aAAa,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;gBACrD,KAAK,EAAE,mCAAmC,IAAI,CAAC,IAAI,GAAG;gBACtD,QAAQ,EAAE,MAAM;gBAChB,SAAS,EAAE,OAAO;gBAClB,eAAe,EAAE,0BAA0B;gBAC3C,QAAQ,EAAE,SAAS;gBACnB,QAAQ,EAAE,SAAS,IAAI,CAAC,IAAI,wJAAwJ;gBACpL,WAAW,EAAE,iHAAiH;gBAC9H,GAAG,EAAE,SAAS;gBACd,UAAU,EAAE,CAAC,gEAAgE,CAAC;aAC/E,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAmB;IACpD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,mBAAmB,GAAG;QAC1B,yCAAyC;QACzC,sCAAsC;QACtC,qCAAqC;QACrC,6CAA6C;QAC7C,6CAA6C;QAC7C,mCAAmC;QACnC,6CAA6C;KAC9C,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,IAAI,EAAE,CAAC;QAEpC,KAAK,MAAM,OAAO,IAAI,mBAAmB,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAClC,IAAI,KAAK,EAAE,CAAC;gBACV,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,cAAc,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACtD,KAAK,EAAE,mCAAmC,IAAI,CAAC,IAAI,GAAG;oBACtD,QAAQ,EAAE,MAAM;oBAChB,SAAS,EAAE,OAAO;oBAClB,eAAe,EAAE,0BAA0B;oBAC3C,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,SAAS,IAAI,CAAC,IAAI,mDAAmD,KAAK,CAAC,CAAC,CAAC,GAAG;oBAC1F,WAAW,EAAE,wGAAwG;oBACrH,GAAG,EAAE,SAAS;iBACf,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,SAAiE,EACjE,OAAiD;IAEjD,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,qBAAqB,GAAG;QAC5B,UAAU;QACV,WAAW;QACX,QAAQ;QACR,QAAQ;QACR,SAAS;QACT,cAAc;QACd,UAAU;QACV,SAAS;QACT,eAAe;KAChB,CAAC;IAEF,MAAM,gBAAgB,GAAG;QACvB,eAAe;QACf,cAAc;QACd,iBAAiB;QACjB,OAAO;KACR,CAAC;IAEF,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,2BAA2B;QAC3B,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,eAAe,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACvD,KAAK,EAAE,8BAA8B,QAAQ,CAAC,GAAG,EAAE;oBACnD,QAAQ,EAAE,MAAM;oBAChB,SAAS,EAAE,OAAO;oBAClB,eAAe,EAAE,sCAAsC;oBACvD,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,aAAa,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,GAAG,4BAA4B,QAAQ,CAAC,GAAG,qCAAqC;oBACjI,WAAW,EAAE,uFAAuF;oBACpG,GAAG,EAAE,SAAS;iBACf,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAED,wBAAwB;QACxB,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;YAC5C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,eAAe,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;oBACvD,KAAK,EAAE,oCAAoC,QAAQ,CAAC,GAAG,EAAE;oBACzD,QAAQ,EAAE,UAAU;oBACpB,SAAS,EAAE,OAAO;oBAClB,eAAe,EAAE,sCAAsC;oBACvD,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,aAAa,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,GAAG,6BAA6B,QAAQ,CAAC,GAAG,EAAE;oBAC/F,WAAW,EAAE,+EAA+E;oBAC5F,GAAG,EAAE,SAAS;iBACf,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/runtime/tool-analyzer.d.ts

@@ -0,0 +1,6 @@
+import type { Finding } from "../types/findings.js";
+import type { ServerTool } from "./client.js";
+export declare function analyzePoisoning(tools: ServerTool[]): Finding[];
+export declare function analyzeAnsiInjection(tools: ServerTool[]): Finding[];
+export declare function analyzeUnicodeSteganography(tools: ServerTool[]): Finding[];
+//# sourceMappingURL=tool-analyzer.d.ts.map

package/dist/runtime/tool-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-analyzer.d.ts","sourceRoot":"","sources":["../../src/runtime/tool-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAG9C,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CA0C/D;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CAyBnE;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,EAAE,CA8B1E"}