mcp-sentinel 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -3
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
</p>
|
|
13
13
|
</p>
|
|
14
14
|
|
|
15
|
-
> **v0.2.
|
|
15
|
+
> **v0.2.1** -- Security hardening, Unicode evasion defense, parameter-aware categorization, ReDoS prevention
|
|
16
16
|
|
|
17
17
|
---
|
|
18
18
|
|
|
@@ -29,12 +29,14 @@ MCP Sentinel connects to any MCP server, shows you every tool it exposes, assign
|
|
|
29
29
|
- **Risk Scoring** -- A-F grade for every server based on tool risk, security findings, and attack surface
|
|
30
30
|
- **Policy Engine** -- YAML-based deny/require/allow rules with glob patterns and auto-detection
|
|
31
31
|
- **Deep Security Analysis** -- Per-tool scanning with [Aguara](https://github.com/garagon/aguara) (177 rules: prompt injection, exfiltration, credential leaks)
|
|
32
|
-
- **Smart Categorization** --
|
|
32
|
+
- **Smart Categorization** -- Analyzes tool names, descriptions, and parameters; auto-escalates when critical findings are detected
|
|
33
33
|
- **Multi-Transport** -- stdio, SSE, and Streamable HTTP with custom header support
|
|
34
34
|
- **Config Discovery** -- Auto-scan servers from Claude Desktop, Cursor, Windsurf, VS Code, Zed
|
|
35
35
|
- **CI/CD Ready** -- SARIF output for GitHub Code Scanning, exit codes for policy violations
|
|
36
36
|
- **Drift Detection** -- Save baselines and detect added/removed/changed tools over time
|
|
37
37
|
- **Multiple Exports** -- Terminal, JSON, Markdown, SARIF
|
|
38
|
+
- **Unicode Evasion Defense** -- NFKC normalization prevents homoglyph and fullwidth character bypasses
|
|
39
|
+
- **Hardened Inputs** -- Path traversal prevention, header injection blocking, ReDoS-safe policy patterns
|
|
38
40
|
|
|
39
41
|
## Quick Start
|
|
40
42
|
|
|
@@ -47,7 +49,7 @@ That's it. You'll see every tool the server exposes, categorized by risk:
|
|
|
47
49
|
|
|
48
50
|
```
|
|
49
51
|
┌──────────────────────────────┐
|
|
50
|
-
│ MCP Sentinel v0.2.
|
|
52
|
+
│ MCP Sentinel v0.2.1 │
|
|
51
53
|
└──────────────────────────────┘
|
|
52
54
|
|
|
53
55
|
Server secure-filesystem-server v0.2.0
|
package/dist/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const VERSION = "0.2.
|
|
1
|
+
export declare const VERSION = "0.2.2";
|
|
2
2
|
//# sourceMappingURL=version.d.ts.map
|
package/dist/version.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export const VERSION = "0.2.
|
|
1
|
+
export const VERSION = "0.2.2";
|
|
2
2
|
//# sourceMappingURL=version.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mcp-sentinel",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.2",
|
|
4
4
|
"description": "Scan, score, and enforce security policies on MCP servers. Risk scoring (A-F), SARIF output, policy engine, drift detection, aguara integration, CI/CD gate.",
|
|
5
5
|
"author": "Gustavo Aragon (@oktsec)",
|
|
6
6
|
"license": "Apache-2.0",
|