mcp-sentinel 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Gustavo Aragon (@oktsec)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,290 @@
+<p align="center">
+  <h1 align="center">MCP Sentinel</h1>
+  <p align="center">
+    <strong>Audit and enforce security policies on MCP servers before you trust them.</strong>
+  </p>
+  <p align="center">
+    <a href="https://www.npmjs.com/package/mcp-sentinel"><img src="https://img.shields.io/npm/v/mcp-sentinel.svg" alt="npm version"></a>
+    <a href="https://github.com/oktsec/mcp-sentinel/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/mcp-sentinel.svg" alt="license"></a>
+    <a href="https://nodejs.org"><img src="https://img.shields.io/node/v/mcp-sentinel.svg" alt="node version"></a>
+  </p>
+</p>
+
+---
+
+MCP servers run third-party code with access to your files, credentials, and shell. MCP Sentinel connects to any server, shows you exactly what it exposes, and **enforces security policies** — blocking dangerous tools before your agent can call them.
+
+```bash
+npx mcp-sentinel --policy .mcp-policy.yml npx @modelcontextprotocol/server-filesystem /tmp
+```
+
+## Real Output
+
+Scanned against the official [MCP filesystem server](https://www.npmjs.com/package/@modelcontextprotocol/server-filesystem):
+
+```
+🔍 MCP Sentinel v0.1.0
+
+📦 Server: secure-filesystem-server v0.2.0
+   Capabilities: tools
+
+🔧 Tools (14)  11 read • 3 write • 0 admin
+
+  ✅ read_file        Read the complete contents of a file as text... (3 params)
+     * string   path
+       number   tail
+       number   head
+  ✅ read_text_file   Read the complete contents of a file from... (3 params)
+  ✅ read_media_file  Read an image or audio file... (1 params)
+  ✅ read_multiple_files  Read multiple files simultaneously... (1 params)
+  ✏️ write_file       Create a new file or overwrite an existing... [write] (2 params)
+     * string   path
+     * string   content
+  ✅ edit_file         Make line-based edits to a text file... (3 params)
+  ✏️ create_directory  Create a new directory... [write] (1 params)
+  ✅ list_directory    Get a detailed listing of all files... (1 params)
+  ✏️ move_file         Move or rename files and directories... [write] (2 params)
+  ✅ search_files      Recursively search for files... (3 params)
+  ✅ get_file_info     Retrieve detailed metadata... (1 params)
+  ✅ list_allowed_directories  Returns the list of allowed directories
+
+🛡️  Aguara Security Analysis
+
+  0 finding(s)
+
+Scanned in 1706ms
+```
+
+### With Policy Enforcement
+
+Using this policy:
+
+```yaml
+# .mcp-policy.yml
+deny:
+  categories: [admin]
+  tools: ["write_*", "move_*"]
+require:
+  maxTools: 10
+allow:
+  tools: ["write_file"]   # Allow write_file despite deny pattern
+```
+
+```
+🛡️  Policy: .mcp-policy.yml
+
+  ❌ secure-filesystem-server: policy FAILED (2 violations)
+
+     ✖ [deny.tools] Tool 'move_file' matches denied pattern 'move_*'
+     ✖ [require.maxTools] Server exposes 14 tools, policy allows max 10
+```
+
+**Exit code 2** — `write_file` was allowed by the exception, but `move_file` and the tool count violated the policy. Your CI pipeline stops here.
+
+## Why MCP Sentinel
+
+Every MCP client already shows you the tool list. MCP Sentinel goes further:
+
+| Feature | MCP Client | MCP Sentinel |
+|---------|-----------|---------------|
+| See tool list | Yes | Yes |
+| **Security policy enforcement** | No | **Yes** |
+| **CI/CD pipeline gate** | No | **Yes** |
+| **Drift detection** between versions | No | **Yes** |
+| **Fleet scan** all configured servers | No | **Yes** |
+| Deep security analysis (aguara) | No | **Yes** |
+| Exportable reports (JSON/Markdown) | No | **Yes** |
+
+## Policy Enforcement
+
+Define what's allowed in `.mcp-policy.yml`:
+
+```yaml
+deny:
+  categories:
+    - admin                    # No admin tools (delete, exec, shell)
+  tools:
+    - "execute_*"              # Block all execution patterns
+    - "push_*"                 # Block push operations
+
+require:
+  aguara: clean                # Zero security findings required
+  maxTools: 20                 # Limit attack surface
+
+allow:
+  tools:
+    - "execute_query"          # Allow specific tools even if pattern-denied
+```
+
+### Policy Rules
+
+| Rule | Description |
+|------|-------------|
+| `deny.categories` | Block tools by category: `read`, `write`, `admin` |
+| `deny.tools` | Block tools by name or glob pattern (`delete_*`, `exec*`) |
+| `require.aguara` | Require aguara scan with zero findings (`clean`) |
+| `require.maxTools` | Maximum number of tools a server can expose |
+| `allow.tools` | Exception list — allow specific tools even if they match deny rules |
+
+### Example Policies
+
+Ready-to-use policies in [`examples/policies/`](examples/policies/):
+
+| Policy | Use case |
+|--------|----------|
+| [`strict.yml`](examples/policies/strict.yml) | Production — blocks admin + write, requires aguara clean |
+| [`standard.yml`](examples/policies/standard.yml) | Development — blocks admin + exec patterns, allows writes |
+| [`permissive.yml`](examples/policies/permissive.yml) | Local dev — only blocks destructive patterns (delete, drop, destroy) |
+| [`ci-pipeline.yml`](examples/policies/ci-pipeline.yml) | CI/CD — blocks admin + deploy + push, requires aguara clean |
+
+### CI/CD Integration
+
+```yaml
+# .github/workflows/mcp-sentinel.yml
+name: MCP Security Audit
+on: [pull_request]
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: { node-version: 20 }
+      - run: npx mcp-sentinel --policy .mcp-policy.yml npx ./your-mcp-server
+        # Exit code 2 = policy violations → build fails
+```
+
+See full example in [`examples/github-action.yml`](examples/github-action.yml).
+
+## Install & Use
+
+```bash
+# No install needed
+npx mcp-sentinel <command> [args...]
+```
+
+### Quick Start
+
+```bash
+# 1. Scan a server
+npx mcp-sentinel npx @modelcontextprotocol/server-filesystem /tmp
+
+# 2. Create a policy
+cat > .mcp-policy.yml << 'EOF'
+deny:
+  categories: [admin]
+  tools: ["execute_*", "delete_*"]
+require:
+  aguara: clean
+  maxTools: 20
+EOF
+
+# 3. Enforce it
+npx mcp-sentinel --policy .mcp-policy.yml npx @modelcontextprotocol/server-filesystem /tmp
+```
+
+### More Examples
+
+```bash
+# Scan remote servers via HTTP
+npx mcp-sentinel http://localhost:3000/mcp
+
+# Scan all servers from your config (Claude Desktop, Cursor, Windsurf)
+npx mcp-sentinel --config
+
+# Diff mode: detect changes between server versions
+npx mcp-sentinel npx @mcp/server --json > baseline.json
+npx mcp-sentinel npx @mcp/server --diff baseline.json
+
+# Scan multiple servers at once
+npx mcp-sentinel npx @mcp/server-a --- npx @mcp/server-b
+
+# JSON output for scripting
+npx mcp-sentinel --json npx @mcp/server
+
+# Markdown report
+npx mcp-sentinel --markdown report.md npx @mcp/server
+```
+
+### With Aguara (recommended)
+
+Install [Aguara](https://github.com/garagon/aguara) for deep security analysis (prompt injection, exfiltration, supply chain, credential leaks):
+
+```bash
+curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh | bash
+```
+
+MCP Sentinel auto-detects Aguara and runs its 177-rule engine against tool descriptions. Combine with `require.aguara: clean` in your policy to enforce zero findings.
+
+## Options
+
+| Flag | Description |
+|------|-------------|
+| `--policy <file>` | Enforce security policy (auto-detects `.mcp-policy.yml`) |
+| `--config` | Auto-detect and scan servers from config files |
+| `--diff <file.json>` | Compare against a previous JSON scan |
+| `--transport <type>` | Force transport: `stdio`, `sse`, `streamable-http` |
+| `--json` | Structured JSON output |
+| `--markdown <file>` | Export report as Markdown |
+| `--fail-on-findings` | Exit code 2 if aguara finds issues |
+| `--no-color` | Disable colored output |
+| `--timeout <ms>` | Connection timeout (default: 30000) |
+| `-h, --help` | Show help |
+| `-v, --version` | Show version |
+
+## How It Works
+
+```
+                      ┌────────────────┐
+              stdio   │  MCP Server    │
+            ┌──────── │  (local)       │
+            │         └────────────────┘
+┌───────────┤
+│ mcp-      │ HTTP/   ┌────────────────┐
+│ inspector │ SSE     │  MCP Server    │
+│           ├──────── │  (remote)      │
+│ Scan      │         └────────────────┘
+│ Enforce   │
+│ Diff      │         ┌──────────────────┐
+│ Report    │ ──────► │  Aguara (177      │
+└───────────┘         │  security rules)  │
+     │                └──────────────────┘
+     ▼
+ .mcp-policy.yml
+ (deny / require / allow)
+```
+
+## Ecosystem
+
+MCP Sentinel is part of the [Aguara](https://github.com/garagon/aguara) security ecosystem:
+
+| Tool | What it does |
+|------|-------------|
+| **[Aguara](https://github.com/garagon/aguara)** | Security scanner — 177 rules, NLP, toxic-flow analysis |
+| **[Aguara MCP](https://github.com/garagon/aguara-mcp)** | MCP server — gives AI agents security scanning as a tool |
+| **MCP Sentinel** | Policy enforcement — audit, enforce, and monitor MCP servers |
+| **[Aguara Watch](https://aguarascan.com)** | Cloud platform — continuous monitoring of MCP registries |
+
+## Roadmap
+
+- [x] Runtime introspection (tools, resources, prompts, capabilities)
+- [x] **Policy enforcement engine**
+- [x] Aguara integration
+- [x] HTTP/SSE transport support
+- [x] Diff mode
+- [x] Config auto-detection (Claude Desktop, Cursor, Windsurf)
+- [ ] Per-server policy overrides
+- [ ] Registry integration (Smithery, mcp.run)
+- [ ] GitHub Action (reusable workflow)
+- [ ] VS Code extension
+
+## Contributing
+
+Contributions welcome. Please open an issue first to discuss what you'd like to change.
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for development standards.
+
+## License
+
+[MIT](LICENSE) — Gustavo Aragon ([@oktsec](https://github.com/oktsec))

package/bin/mcp-sentinel.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import "../dist/index.js";

package/dist/aguara.d.ts

@@ -0,0 +1,4 @@
+import type { ToolInfo, AguaraResult } from "./types.js";
+export declare function isAguaraInstalled(): Promise<boolean>;
+export declare function scanWithAguara(tools: ToolInfo[]): Promise<AguaraResult>;
+//# sourceMappingURL=aguara.d.ts.map

package/dist/aguara.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"aguara.d.ts","sourceRoot":"","sources":["../src/aguara.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAiB,MAAM,YAAY,CAAC;AAIxE,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAO1D;AAyDD,wBAAsB,cAAc,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC,CAgD7E"}

package/dist/aguara.js

@@ -0,0 +1,105 @@
+import { execFile } from "node:child_process";
+import { writeFile, unlink, mkdtemp } from "node:fs/promises";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { promisify } from "node:util";
+const execFileAsync = promisify(execFile);
+export async function isAguaraInstalled() {
+    try {
+        await execFileAsync("aguara", ["version"]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function buildScanContent(tools) {
+    const lines = [];
+    for (const tool of tools) {
+        lines.push(`## Tool: ${tool.name}`);
+        lines.push("");
+        lines.push(tool.description);
+        lines.push("");
+        if (tool.parameters.length > 0) {
+            lines.push(`Parameters: ${tool.parameters.map((p) => p.name).join(", ")}`);
+            lines.push("");
+        }
+    }
+    return lines.join("\n");
+}
+function parseAguaraOutput(stdout) {
+    try {
+        const parsed = JSON.parse(stdout);
+        const findings = [];
+        if (Array.isArray(parsed.findings)) {
+            for (const f of parsed.findings) {
+                findings.push({
+                    severity: String(f.severity ?? "UNKNOWN"),
+                    ruleId: String(f.rule_id ?? ""),
+                    ruleName: String(f.rule_name ?? ""),
+                    matchedText: String(f.matched_text ?? ""),
+                    line: typeof f.line === "number" ? f.line : undefined,
+                });
+            }
+        }
+        return {
+            findings,
+            summary: typeof parsed.summary === "string" ? parsed.summary : `${findings.length} finding(s)`,
+        };
+    }
+    catch {
+        return { findings: [], summary: "Failed to parse aguara output" };
+    }
+}
+export async function scanWithAguara(tools) {
+    const installed = await isAguaraInstalled();
+    if (!installed) {
+        return {
+            available: false,
+            findings: [],
+            summary: "aguara not installed — install from https://github.com/garagon/aguara for deep security analysis",
+        };
+    }
+    const content = buildScanContent(tools);
+    const tmpDir = await mkdtemp(join(tmpdir(), "mcp-sentinel-"));
+    const tmpFile = join(tmpDir, "tools.md");
+    try {
+        await writeFile(tmpFile, content, "utf-8");
+        const { stdout } = await execFileAsync("aguara", [
+            "scan", tmpFile, "--format", "json", "--severity", "low",
+        ], {
+            timeout: 30_000,
+            env: process.env,
+            maxBuffer: 10 * 1024 * 1024,
+        });
+        const result = parseAguaraOutput(stdout);
+        return { available: true, ...result };
+    }
+    catch (err) {
+        // aguara exits with code 1 when findings are found, but still outputs JSON
+        if (typeof err === "object" && err !== null && "stdout" in err) {
+            const stdout = String(err.stdout);
+            if (stdout.trim().length > 0) {
+                const result = parseAguaraOutput(stdout);
+                return { available: true, ...result };
+            }
+        }
+        return {
+            available: true,
+            findings: [],
+            summary: `aguara scan failed: ${err instanceof Error ? err.message : "unknown error"}`,
+        };
+    }
+    finally {
+        try {
+            await unlink(tmpFile);
+        }
+        catch { /* cleanup */ }
+        try {
+            const { rmdir } = await import("node:fs/promises");
+            await rmdir(tmpDir);
+        }
+        catch { /* cleanup */ }
+    }
+}
+//# sourceMappingURL=aguara.js.map

package/dist/aguara.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aguara.js","sourceRoot":"","sources":["../src/aguara.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,IAAI,CAAC;QACH,MAAM,aAAa,CAAC,QAAQ,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAiB;IACzC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAaD,SAAS,iBAAiB,CAAC,MAAc;IACvC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAqB,CAAC;QACtD,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAChC,QAAQ,CAAC,IAAI,CAAC;oBACZ,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,IAAI,SAAS,CAAC;oBACzC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,EAAE,CAAC;oBAC/B,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;oBACnC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,YAAY,IAAI,EAAE,CAAC;oBACzC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;iBACtD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO;YACL,QAAQ;YACR,OAAO,EAAE,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,aAAa;SAC/F,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACpE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAiB;IACpD,MAAM,SAAS,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,kGAAkG;SAC5G,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,eAAe,CAAC,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAEzC,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAE3C,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE;YAC/C,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK;SACzD,EAAE;YACD,OAAO,EAAE,MAAM;YACf,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;SAC5B,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,2EAA2E;QAC3E,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;YAC/D,MAAM,MAAM,GAAG,MAAM,CAAE,GAA2B,CAAC,MAAM,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;gBACzC,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC;YACxC,CAAC;QACH,CAAC;QACD,OAAO;YACL,SAAS,EAAE,IAAI;YACf,QAAQ,EAAE,EAAE;YACZ,OAAO,EAAE,uBAAuB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;SACvF,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YAAC,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;YACnD,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;QAAC,MAAM,CAAC,CAAC,aAAa,CAAC,CAAC;IAC3B,CAAC;AACH,CAAC"}

package/dist/analyzer.d.ts

@@ -0,0 +1,9 @@
+import type { ToolInfo, AnalyzedTool, ToolCategory } from "./types.js";
+export declare function categorizeTool(tool: ToolInfo): ToolCategory;
+export declare function analyzeTools(tools: ToolInfo[]): AnalyzedTool[];
+export declare function summarize(tools: AnalyzedTool[]): {
+    read: number;
+    write: number;
+    admin: number;
+};
+//# sourceMappingURL=analyzer.d.ts.map

package/dist/analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyzer.d.ts","sourceRoot":"","sources":["../src/analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,QAAQ,EACR,YAAY,EACZ,YAAY,EACb,MAAM,YAAY,CAAC;AAepB,wBAAgB,cAAc,CAAC,IAAI,EAAE,QAAQ,GAAG,YAAY,CAU3D;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,QAAQ,EAAE,GAAG,YAAY,EAAE,CAK9D;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,YAAY,EAAE,GAAG;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAY/F"}

package/dist/analyzer.js

@@ -0,0 +1,42 @@
+const WRITE_HINTS = [
+    /\bwrite\b/i, /\bcreate\b/i, /\bupdate\b/i, /\bmodify\b/i,
+    /\bset\b/i, /\bput\b/i, /\bpatch\b/i, /\bpush\b/i,
+    /\binsert\b/i, /\bupload\b/i, /\bsave\b/i, /\bmove\b/i,
+];
+const ADMIN_HINTS = [
+    /\bdelete\b/i, /\bremove\b/i, /\bdrop\b/i, /\bdestroy\b/i,
+    /\bpurge\b/i, /\btruncate\b/i, /\bexec\b/i, /\bexecute\b/i,
+    /\bshell\b/i, /\bbash\b/i, /\bspawn\b/i, /\beval\b/i,
+    /\buninstall\b/i, /\breset\b/i, /\bkill\b/i, /\bforce\b/i,
+];
+export function categorizeTool(tool) {
+    const text = `${tool.name} ${tool.description}`;
+    if (ADMIN_HINTS.some((p) => p.test(text))) {
+        return "admin";
+    }
+    if (WRITE_HINTS.some((p) => p.test(text))) {
+        return "write";
+    }
+    return "read";
+}
+export function analyzeTools(tools) {
+    return tools.map((tool) => ({
+        tool,
+        category: categorizeTool(tool),
+    }));
+}
+export function summarize(tools) {
+    let read = 0;
+    let write = 0;
+    let admin = 0;
+    for (const t of tools) {
+        if (t.category === "admin")
+            admin++;
+        else if (t.category === "write")
+            write++;
+        else
+            read++;
+    }
+    return { read, write, admin };
+}
+//# sourceMappingURL=analyzer.js.map

package/dist/analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyzer.js","sourceRoot":"","sources":["../src/analyzer.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,GAAG;IAClB,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa;IACzD,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW;IACjD,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,WAAW;CACvD,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc;IACzD,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc;IAC1D,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW;IACpD,gBAAgB,EAAE,YAAY,EAAE,WAAW,EAAE,YAAY;CAC1D,CAAC;AAEF,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;IAEhD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC1C,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QAC1C,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,KAAiB;IAC5C,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1B,IAAI;QACJ,QAAQ,EAAE,cAAc,CAAC,IAAI,CAAC;KAC/B,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAqB;IAC7C,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO;YAAE,KAAK,EAAE,CAAC;aAC/B,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO;YAAE,KAAK,EAAE,CAAC;;YACpC,IAAI,EAAE,CAAC;IACd,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAChC,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+import type { CliOptions } from "./types.js";
+export declare function parseArgs(argv: string[]): CliOptions | null;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAgB,MAAM,YAAY,CAAC;AAgD3D,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,GAAG,IAAI,CAqG3D"}