mcp-shadow 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +2 -2
  2. package/dist/cli.js +11 -2
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -256,10 +256,10 @@ shadow list # List available scenarios
256
256
  Show your users your agent has been tested. Add this to your README:
257
257
 
258
258
  ```markdown
259
- [![Tested with Shadow](https://img.shields.io/badge/Tested_with-Shadow-8A2BE2?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAAAXNSR0IArs4c6QAAAHhlWElmTU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAAEsAAAAAQAAASwAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAACCgAwAEAAAAAQAAACAAAAAA+eom7wAAAAlwSFlzAAAuIwAALiMBeKU/dgAAApxpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIj4KICAgICAgICAgPHRpZmY6WFJlc29sdXRpb24+MzAwPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj4zMDA8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj4yMDA8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MjAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6Q29sb3JTcGFjZT4xPC9leGlmOkNvbG9yU3BhY2U+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgoKTx1WAAAJB0lEQVRIDS1W2Y8cRxmvqr67Z3pmdmdn713fduwssexEOWQS8pTkhQgQz0g88MCfheAFIZBAQkEhJApIUQ7jOLG9TrxXdr33zOxM393VVcWvZumeo7uO7/vq9/2+g1I3YFQpRRWllBClmKFMPCuiiB4g+DLcmFF40cN6DPdkzWSnHpFSUoY5oVfigwVSYsLEVoI3YlDFsJ8SrNL7DTzo3ZgmpmW6rmfbtmEaUhHI4jUvirwqK62QQTJlDD/6hRDIlRAPC3CZWgBmDQt/AlZozdo8KZVpWc1WGIYtx7ZhFee1JML2XItZEAc1ZZlHUTwejXhZUYatk/NpEaZhMMErfRLDbSiYj2kgo5VNNBLa7rS7MzNSqRKmljkvamynoe02A3mWY4PlWEEQwDap5Fl/MOz3BQw4h3ICqxKcEgkFIUAG6IwaEIHzYs/8/EKjEcRxnPMSmxS+5QQ4IAqPcSEBp8Vsx3Qc07Nc27KLPD/Y34c1gFgqAYwoEVQJg5m2IiZhEKyRYYaxunohDJtno1GSpESZoiKSM8sI2i3Z3vyFRthjbkhtr5YGr2gtqqqEY2kjbLRbnTzLeFVpvkCa9q2GqKUUFMBuHIItra44nptV5fh0ZEyS2lRUeTcnxqd9dW791+85kZv0TYiLWOqFCr2N38hqtNk9Lq1NjM3d3j/O7j14U+SJNDxNaUE2rq3v72/tbrC6E0oFHCIJGSJHFxSXP84bxiDR8cVJZRnj15mvXX3z54ursxsbW3v42Zbakym+HF9futOZmvbY12H/6xT8/PTnaKFlSD2KHM3BtZ/NZzeEzrCWGYfkTztB2qwWvDgfDuqplbjTnrr/5/q/CcHZmuvvt4883fvieGMpwHfAH9o5Hx2VdUWpdvXb5vXd/7NjTz7e2s9G4KnLX0Vc0HsNNOIdhGMEEHLq0spLmaV4WStlme+Gd3/x2qnfpeGebmWz7+ff+dHc0OC0qMRwOkyyqOEcIxOPk5DCanZ2//fLVnSdHR/vbnGeirkDtJEnqCiyCAtMDd0LwvRGOsoQooxbO67/8xQt33n74jw87zebe86cnh4dJxP3uUnP1cnPpkhmE4+MBwqa1MIXAOn0eEzOYnWv99z+f8TpFfIBIjmVFUQzSmBofopphqDBsUJHLsNt76d5b9z/4ezba77Q7Fa+C+StLb7zVvXaBMk/aimW8HI9Pd745ffa4s9CzPLL+YP21u9eWVy6u398lniqqIvB9EBLRaph2QA020+2CuuClqsiNO/d8q/fNx39VUrN4nBQ3fvq+QabHOydllBWHUXoYG05z7sLCwcOvhrvPaiSMikx15mxBnzz8UqpK1XXg+YgMoGQi3zgISssZjcey4szwuzOru4++rnlmu/NxlNSmx+Q0TKb5eP2jT5UovEZr9datgy8Oz/efW2adjE/rPD8bXvf8qQDoRYliknPuu16RplCAXIZEROoaxFKO69rEODw76vUuGZYxGvWV3THyiiTC68wuXb0dn+5F/YPNjz+oy5EyS2lRUeTcnxqd9klduI4XgWSiBk1N20amgQ/gaCaJNKc8KirLdKpk6NpuozG18f2XxPDqcRH9sB40L4szOt9bm5u5JVUpitOth58c7D10WhaMnXabw8EgHR1btgvK2DMNZExkFaRNgOzDar8RcCLKjNvMXbl402tOJclZ/2QHvAYxjnZ2GK8axGZF7dRUxpXvzL54+27cP5ayEKrqLV5J8tR2neHJXhSf2A07sFw4IIojBqpKKZDAq36mKiR64fnta9dvl0VmGJ7rBaym0357sPXkwb9///irP+48/lCcHfpxXPWNi4trirOFxRtVkYxPdpmgvMghig9SWasaYlEJkJAQNQCLmSg2kiteCDE9M+X6bRfJh5ctd/Zn7/z63ss/X569Tsrq9Hg7Twa2KUiU2sxyvSZT8nj/O6RWt9nKygw5DuUF7Ad0MB9S9RM87DpuKkoqxAgGNoLuzMrZYD/OywuXLodGN2Dy2vK94JoLj2FxlZJuV27tbziuX+apQb1u7xKvkzQeKZuYjoVyWGQFsoXORYJMyGOBxyhJDDnglbfeqFWL18V4cJCmcZpEnWZoGa4fhIHbtgzluuLJzqcbz79uTvVgshcuXXrp7tMHn/SPNi2PNtxAakOHwH9SMpWKoyiwPYuahVXHo6NH6/fffPvddHxGaxkNjw6yzeOtvYYVdjq9Mk445UeD3XHWbzSnFlduHg6OVtbWHJLsbXxHbYqMjsycZil8ANAnkTwJAs/zkb5FLZC6x1nx0qtrV67cOOvXwJPXeZSeDuO9w9NnST0alaegHsi9vHS9Mz3XnJ++88rlv/3uD6cn35pEIJuieCEnIimhRBoIXZQDOFkohRpbFaVhsoKnhwfx0vLKlRculyV1/LC3vIzq5DaREkO4FpubQe/FtVejZBw03H/95c9PH39o0FJJ5doOqngax/AuUiHiwNPVh6Bp4LZtea6bq8oO/dH+/uP762VZzC5fDPzpVnPaNptFwbN0lMdRb2bp9Vd/UuTZ3t6jzz760w+bn7NpnfVNqRuKwXAAiyFf9z0o+gg3xB2qKOg1MzODGi4NVmQcqZsQtzu/uLz6QnfhSrPRFrIivHIUpJCtZ4+ePn0wONmtFRoCySwK2x3DOjk54VWp+x/dV9UomS2UTAQEOhF9kokOlKSa87zmoLTimLRsK/C80Nd9GFhk6XjUz7IIfQOxiay5FBLSfd/rD/tFrtmJJAEFiGHK3KZux6g5KYW6K8NBOp2O7/koqUKISqDhAquFLpUmrIBZSjvQ1JVcCo7ju5NSCseipUCITVpR/Egq6/O2BXt1AdWdI/6I0qlcSpRTLDYQWgAQLRQ+DYMFZjlC2QIFdZcJTFzXLcpqfDZCuEK67ovwizomsGXS2UEyhCDE0Heeazg3Agyzsdt1LVP3ilo1o0VZAhimQdUDvOJZngJPiAZTNCwafW2UqEu8UuYEEIcLpVS3X2ia9CGhWrtENzM63A1mAXxDn1SfUUNX49a9iRarWThZoXdiKHhvsnVgDfHSDrbXpFeeS9COu/w9OhidGQzICScuGiHOFkzab/A+pQigQG/tyOQAAAABJRU5ErkJggg==)](https://github.com/shadow-mcp/shadow-mcp)
259
+ [![Tested with Shadow](https://img.shields.io/badge/Tested_with-Shadow-8A2BE2)](https://github.com/shadow-mcp/shadow-mcp)
260
260
  ```
261
261
 
262
- [![Tested with Shadow](https://img.shields.io/badge/Tested_with-Shadow-8A2BE2?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAAAXNSR0IArs4c6QAAAHhlWElmTU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAAEsAAAAAQAAASwAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAACCgAwAEAAAAAQAAACAAAAAA+eom7wAAAAlwSFlzAAAuIwAALiMBeKU/dgAAApxpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOmV4aWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20vZXhpZi8xLjAvIj4KICAgICAgICAgPHRpZmY6WFJlc29sdXRpb24+MzAwPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj4zMDA8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj4yMDA8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAgICAgICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MjAwPC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6Q29sb3JTcGFjZT4xPC9leGlmOkNvbG9yU3BhY2U+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgoKTx1WAAAJB0lEQVRIDS1W2Y8cRxmvqr67Z3pmdmdn713fduwssexEOWQS8pTkhQgQz0g88MCfheAFIZBAQkEhJApIUQ7jOLG9TrxXdr33zOxM393VVcWvZumeo7uO7/vq9/2+g1I3YFQpRRWllBClmKFMPCuiiB4g+DLcmFF40cN6DPdkzWSnHpFSUoY5oVfigwVSYsLEVoI3YlDFsJ8SrNL7DTzo3ZgmpmW6rmfbtmEaUhHI4jUvirwqK62QQTJlDD/6hRDIlRAPC3CZWgBmDQt/AlZozdo8KZVpWc1WGIYtx7ZhFee1JML2XItZEAc1ZZlHUTwejXhZUYatk/NpEaZhMMErfRLDbSiYj2kgo5VNNBLa7rS7MzNSqRKmljkvamynoe02A3mWY4PlWEEQwDap5Fl/MOz3BQw4h3ICqxKcEgkFIUAG6IwaEIHzYs/8/EKjEcRxnPMSmxS+5QQ4IAqPcSEBp8Vsx3Qc07Nc27KLPD/Y34c1gFgqAYwoEVQJg5m2IiZhEKyRYYaxunohDJtno1GSpESZoiKSM8sI2i3Z3vyFRthjbkhtr5YGr2gtqqqEY2kjbLRbnTzLeFVpvkCa9q2GqKUUFMBuHIItra44nptV5fh0ZEyS2lRUeTcnxqd9dW791+85kZv0TYiLWOqFCr2N38hqtNk9Lq1NjM3d3j/O7j14U+SJNDxNaUE2rq3v72/tbrC6E0oFHCIJGSJHFxSXP84bxiDR8cVJZRnj15mvXX3z54ursxsbW3v42Zbakym+HF9futOZmvbY12H/6xT8/PTnaKFlSD2KHM3BtZ/NZzeEzrCWGYfkTztB2qwWvDgfDuqplbjTnrr/5/q/CcHZmuvvt4883fvieGMpwHfAH9o5Hx2VdUWpdvXb5vXd/7NjTz7e2s9G4KnLX0Vc0HsNNOIdhGMEEHLq0spLmaV4WStlme+Gd3/x2qnfpeGebmWz7+ff+dHc0OC0qMRwOkyyqOEcIxOPk5DCanZ2//fLVnSdHR/vbnGeirkDtJEnqCiyCAtMDd0LwvRGOsoQooxbO67/8xQt33n74jw87zebe86cnh4dJxP3uUnP1cnPpkhmE4+MBwqa1MIXAOn0eEzOYnWv99z+f8TpFfIBIjmVFUQzSmBofopphqDBsUJHLsNt76d5b9z/4ezba77Q7Fa+C+StLb7zVvXaBMk/aimW8HI9Pd745ffa4s9CzPLL+YP21u9eWVy6u398lniqqIvB9EBLRaph2QA020+2CuuClqsiNO/d8q/fNx39VUrN4nBQ3fvq+QabHOydllBWHUXoYG05z7sLCwcOvhrvPaiSMikx15mxBnzz8UqpK1XXg+YgMoGQi3zgISssZjcey4szwuzOru4++rnlmu/NxlNSmx+Q0TKb5eP2jT5UovEZr9datgy8Oz/efW2adjE/rPD8bXvf8qQDoRYliknPuu16RplCAXIZEROoaxFKO69rEODw76vUuGZYxGvWV3THyiiTC68wuXb0dn+5F/YPNjz+oy5EyS2lRUeTcnxqd9klduI4XgWSiBk1N20amgQ/gaCaJNKc8KirLdKpk6NpuozG18f2XxPDqcRH9sB40L4szOt9bm5u5JVUpitOth58c7D10WhaMnXabw8EgHR1btgvK2DMNZExkFaRNgOzDar8RcCLKjNvMXbl402tOJclZ/2QHvAYxjnZ2GK8axGZF7dRUxpXvzL54+27cP5ayEKrqLV5J8tR2neHJXhSf2A07sFw4IIojBqpKKZDAq36mKiR64fnta9dvl0VmGJ7rBaym0357sPXkwb9///irP+48/lCcHfpxXPWNi4trirOFxRtVkYxPdpmgvMghig9SWasaYlEJkJAQNQCLmSg2kiteCDE9M+X6bRfJh5ctd/Zn7/z63ss/X569Tsrq9Hg7Twa2KUiU2sxyvSZT8nj/O6RWt9nKygw5DuUF7Ad0MB9S9RM87DpuKkoqxAgGNoLuzMrZYD/OywuXLodGN2Dy2vK94JoLj2FxlZJuV27tbziuX+apQb1u7xKvkzQeKZuYjoVyWGQFsoXORYJMyGOBxyhJDDnglbfeqFWL18V4cJCmcZpEnWZoGa4fhIHbtgzluuLJzqcbz79uTvVgshcuXXrp7tMHn/SPNi2PNtxAakOHwH9SMpWKoyiwPYuahVXHo6NH6/fffPvddHxGaxkNjw6yzeOtvYYVdjq9Mk445UeD3XHWbzSnFlduHg6OVtbWHJLsbXxHbYqMjsycZil8ANAnkTwJAs/zkb5FLZC6x1nx0qtrV67cOOvXwJPXeZSeDuO9w9NnST0alaegHsi9vHS9Mz3XnJ++88rlv/3uD6cn35pEIJuieCEnIimhRBoIXZQDOFkohRpbFaVhsoKnhwfx0vLKlRculyV1/LC3vIzq5DaREkO4FpubQe/FtVejZBw03H/95c9PH39o0FJJ5doOqngax/AuUiHiwNPVh6Bp4LZtea6bq8oO/dH+/uP762VZzC5fDPzpVnPaNptFwbN0lMdRb2bp9Vd/UuTZ3t6jzz760w+bn7NpnfVNqRuKwXAAiyFf9z0o+gg3xB2qKOg1MzODGi4NVmQcqZsQtzu/uLz6QnfhSrPRFrIivHIUpJCtZ4+ePn0wONmtFRoCySwK2x3DOjk54VWp+x/dV9UomS2UTAQEOhF9kokOlKSa87zmoLTimLRsK/C80Nd9GFhk6XjUz7IIfQOxiay5FBLSfd/rD/tFrtmJJAEFiGHK3KZux6g5KYW6K8NBOp2O7/koqUKISqDhAquFLpUmrIBZSjvQ1JVcCo7ju5NSCseipUCITVpR/Egq6/O2BXt1AdWdI/6I0qlcSpRTLDYQWgAQLRQ+DYMFZjlC2QIFdZcJTFzXLcpqfDZCuEK67ovwizomsGXS2UEyhCDE0Heeazg3Agyzsdt1LVP3ilo1o0VZAhimQdUDvOJZngJPiAZTNCwafW2UqEu8UuYEEIcLpVS3X2ia9CGhWrtENzM63A1mAXxDn1SfUUNX49a9iRarWThZoXdiKHhvsnVgDfHSDrbXpFeeS9COu/w9OhidGQzICScuGiHOFkzab/A+pQigQG/tyOQAAAABJRU5ErkJggg==)](https://github.com/shadow-mcp/shadow-mcp)
262
+ [![Tested with Shadow](https://img.shields.io/badge/Tested_with-Shadow-8A2BE2)](https://github.com/shadow-mcp/shadow-mcp)
263
263
 
264
264
  ## License
265
265
 
package/dist/cli.js CHANGED
@@ -10335,7 +10335,7 @@ var {
10335
10335
  import { spawn } from "child_process";
10336
10336
  import { resolve, dirname, extname } from "path";
10337
10337
  import { fileURLToPath } from "url";
10338
- import { readFileSync, existsSync } from "fs";
10338
+ import { readFileSync, existsSync, realpathSync } from "fs";
10339
10339
  import { createServer } from "http";
10340
10340
 
10341
10341
  // packages/core/dist/state-engine.js
@@ -11002,10 +11002,19 @@ program2.command("demo").description("Run a scripted demo \u2014 no API key requ
11002
11002
  ".woff": "font/woff",
11003
11003
  ".woff2": "font/woff2"
11004
11004
  };
11005
+ const realConsoleDist = realpathSync(consoleDist);
11005
11006
  const server = createServer((req, res) => {
11006
11007
  const urlPath = req.url?.split("?")[0] || "/";
11007
11008
  let filePath = resolve(consoleDist, urlPath === "/" ? "index.html" : urlPath.slice(1));
11008
- if (!existsSync(filePath)) {
11009
+ try {
11010
+ const realFilePath = realpathSync(filePath);
11011
+ if (!realFilePath.startsWith(realConsoleDist)) {
11012
+ res.writeHead(403);
11013
+ res.end("Forbidden");
11014
+ return;
11015
+ }
11016
+ filePath = realFilePath;
11017
+ } catch {
11009
11018
  filePath = resolve(consoleDist, "index.html");
11010
11019
  }
11011
11020
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mcp-shadow",
3
- "version": "0.1.3",
3
+ "version": "0.1.4",
4
4
  "type": "module",
5
5
  "description": "The staging environment for AI agents. Rehearse every action before it hits production.",
6
6
  "bin": {