mythos-sentinel 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +362 -0
- package/action.yml +43 -0
- package/assets/banner.png +0 -0
- package/bin/mythos-sentinel-mcp.js +7 -0
- package/bin/mythos-sentinel.js +8 -0
- package/docs/ARCHITECTURE.md +55 -0
- package/docs/BASE_X402.md +33 -0
- package/docs/BAZAAR_ADAPTER.md +41 -0
- package/docs/DASHBOARD.md +22 -0
- package/docs/FALLBACK_ROUTING.md +37 -0
- package/docs/MCP.md +70 -0
- package/docs/PASSIVE_SCORING.md +33 -0
- package/docs/ROUTESCORE.md +101 -0
- package/docs/RUNTIME_MCP_PROXY.md +90 -0
- package/docs/SPEND_FIREWALL.md +50 -0
- package/docs/TELEMETRY.md +74 -0
- package/docs/THREAT_MODEL.md +28 -0
- package/docs/X402_RECEIPTS.md +54 -0
- package/examples/base/mythos.policy.json +142 -0
- package/examples/claude_desktop/mcp.json +8 -0
- package/examples/codex/AGENTS.md +31 -0
- package/examples/cursor/mcp.json +8 -0
- package/examples/github/verify.yml +29 -0
- package/examples/routescore/services.yml +19 -0
- package/examples/skill/mythos.skill.json +20 -0
- package/package.json +79 -0
- package/schemas/agent-receipt.schema.json +17 -0
- package/schemas/policy.schema.json +322 -0
- package/schemas/sentinel-report.schema.json +14 -0
- package/schemas/skill.manifest.schema.json +42 -0
- package/src/cli.js +570 -0
- package/src/core/fs.js +88 -0
- package/src/core/path-utils.js +54 -0
- package/src/core/policy.js +326 -0
- package/src/core/receipt.js +52 -0
- package/src/core/routescore.js +576 -0
- package/src/core/snapshot.js +35 -0
- package/src/core/telemetry.js +214 -0
- package/src/core/x402-receipts.js +303 -0
- package/src/index.js +19 -0
- package/src/mcp/proxy.js +493 -0
- package/src/mcp/server.js +226 -0
- package/src/report/format.js +53 -0
- package/src/report/sarif.js +50 -0
- package/src/scanner/rules.js +185 -0
- package/src/scanner/scan.js +118 -0
- package/src/ui/server.js +346 -0
- package/src/ui/static/app.js +210 -0
- package/src/ui/static/index.html +342 -0
- package/src/ui/static/styles.css +904 -0
- package/src/version.js +2 -0
|
@@ -0,0 +1,342 @@
|
|
|
1
|
+
<!doctype html>
|
|
2
|
+
<html lang="en">
|
|
3
|
+
<head>
|
|
4
|
+
<meta charset="utf-8" />
|
|
5
|
+
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
6
|
+
<title>Mythos Sentinel</title>
|
|
7
|
+
<link rel="stylesheet" href="/assets/styles.css" />
|
|
8
|
+
</head>
|
|
9
|
+
<body>
|
|
10
|
+
<main class="shell">
|
|
11
|
+
|
|
12
|
+
<!-- 1. HERO / SYSTEM OVERVIEW -->
|
|
13
|
+
<header class="hero">
|
|
14
|
+
<div class="brand">
|
|
15
|
+
<span class="logo-icon">◆</span>
|
|
16
|
+
<span class="logo-text">Mythos Sentinel</span>
|
|
17
|
+
</div>
|
|
18
|
+
|
|
19
|
+
<div class="hero-content">
|
|
20
|
+
<h1 class="tagline">Runtime firewall for agents with wallets.</h1>
|
|
21
|
+
<p class="description">
|
|
22
|
+
Control x402/Base spend, risky MCP tool calls, local telemetry, and RouteScore reliability before agents act.
|
|
23
|
+
</p>
|
|
24
|
+
|
|
25
|
+
<div class="status-chips">
|
|
26
|
+
<span class="chip">local-first</span>
|
|
27
|
+
<span class="chip">x402/Base guard</span>
|
|
28
|
+
<span class="chip">MCP proxy</span>
|
|
29
|
+
<span class="chip">telemetry opt-in</span>
|
|
30
|
+
</div>
|
|
31
|
+
|
|
32
|
+
<div class="hero-actions">
|
|
33
|
+
<button id="initBase" class="btn btn-primary">Initialize policy</button>
|
|
34
|
+
<button id="createDemo" class="btn btn-secondary">Demo scan</button>
|
|
35
|
+
</div>
|
|
36
|
+
</div>
|
|
37
|
+
</header>
|
|
38
|
+
|
|
39
|
+
<!-- 2. STATUS METRICS -->
|
|
40
|
+
<section class="section">
|
|
41
|
+
<div class="section-header">
|
|
42
|
+
<h2 class="section-title">System Status</h2>
|
|
43
|
+
</div>
|
|
44
|
+
<div class="metrics-grid">
|
|
45
|
+
<div class="metric-card">
|
|
46
|
+
<span class="metric-label">Policy</span>
|
|
47
|
+
<strong id="policyStatus" class="metric-value">—</strong>
|
|
48
|
+
</div>
|
|
49
|
+
<div class="metric-card">
|
|
50
|
+
<span class="metric-label">Mode</span>
|
|
51
|
+
<strong id="strategyStatus" class="metric-value">—</strong>
|
|
52
|
+
</div>
|
|
53
|
+
<div class="metric-card">
|
|
54
|
+
<span class="metric-label">Telemetry</span>
|
|
55
|
+
<strong id="telemetryStatus" class="metric-value">—</strong>
|
|
56
|
+
</div>
|
|
57
|
+
<div class="metric-card">
|
|
58
|
+
<span class="metric-label">Workspace</span>
|
|
59
|
+
<strong id="workspaceStatus" class="metric-value">—</strong>
|
|
60
|
+
</div>
|
|
61
|
+
<div class="metric-card">
|
|
62
|
+
<span class="metric-label">Privacy</span>
|
|
63
|
+
<strong class="metric-value">local-only</strong>
|
|
64
|
+
</div>
|
|
65
|
+
<div class="metric-card">
|
|
66
|
+
<span class="metric-label">Version</span>
|
|
67
|
+
<strong id="versionStatus" class="metric-value">—</strong>
|
|
68
|
+
</div>
|
|
69
|
+
</div>
|
|
70
|
+
</section>
|
|
71
|
+
|
|
72
|
+
<!-- 3. ADAPTIVE SPEND FIREWALL -->
|
|
73
|
+
<section id="policy" class="section">
|
|
74
|
+
<div class="section-header">
|
|
75
|
+
<h2 class="section-title">Adaptive Spend Firewall</h2>
|
|
76
|
+
<p class="section-subtitle">Set active guardrails for wallets and route actions.</p>
|
|
77
|
+
</div>
|
|
78
|
+
|
|
79
|
+
<div class="firewall-grid">
|
|
80
|
+
<!-- Policy Configuration Form -->
|
|
81
|
+
<div class="panel">
|
|
82
|
+
<div class="panel-header">
|
|
83
|
+
<h3>Firewall Policy</h3>
|
|
84
|
+
<span class="badge badge-currency">USDC</span>
|
|
85
|
+
</div>
|
|
86
|
+
|
|
87
|
+
<div class="form-group">
|
|
88
|
+
<label for="strategy">Strategy</label>
|
|
89
|
+
<select id="strategy">
|
|
90
|
+
<option value="balanced">balanced</option>
|
|
91
|
+
<option value="strict">strict</option>
|
|
92
|
+
<option value="explorer">explorer</option>
|
|
93
|
+
</select>
|
|
94
|
+
</div>
|
|
95
|
+
|
|
96
|
+
<div class="form-group">
|
|
97
|
+
<label for="trustedDomains">Trusted domains</label>
|
|
98
|
+
<textarea id="trustedDomains" rows="5" spellcheck="false" placeholder="api.coinbase.com"></textarea>
|
|
99
|
+
</div>
|
|
100
|
+
|
|
101
|
+
<div class="form-row">
|
|
102
|
+
<div class="form-group">
|
|
103
|
+
<label for="maxPerRequest">Max/request</label>
|
|
104
|
+
<input id="maxPerRequest" type="number" step="0.01" />
|
|
105
|
+
</div>
|
|
106
|
+
<div class="form-group">
|
|
107
|
+
<label for="approvalAbove">Approval above</label>
|
|
108
|
+
<input id="approvalAbove" type="number" step="0.01" />
|
|
109
|
+
</div>
|
|
110
|
+
<div class="form-group">
|
|
111
|
+
<label for="maxDaily">Daily max</label>
|
|
112
|
+
<input id="maxDaily" type="number" step="0.01" />
|
|
113
|
+
</div>
|
|
114
|
+
</div>
|
|
115
|
+
|
|
116
|
+
<div class="form-row">
|
|
117
|
+
<div class="form-group">
|
|
118
|
+
<label for="unknownMax">Unknown trial max</label>
|
|
119
|
+
<input id="unknownMax" type="number" step="0.001" />
|
|
120
|
+
</div>
|
|
121
|
+
<div class="form-group">
|
|
122
|
+
<label for="unknownDailyMax">Unknown daily max</label>
|
|
123
|
+
<input id="unknownDailyMax" type="number" step="0.01" />
|
|
124
|
+
</div>
|
|
125
|
+
<div class="form-group">
|
|
126
|
+
<label for="autoScore">Auto-allow score</label>
|
|
127
|
+
<input id="autoScore" type="number" step="1" />
|
|
128
|
+
</div>
|
|
129
|
+
</div>
|
|
130
|
+
|
|
131
|
+
<button id="savePolicy" class="btn btn-primary btn-full">Save policy</button>
|
|
132
|
+
</div>
|
|
133
|
+
|
|
134
|
+
<!-- Rules Summary (Cohesive Dark Side) -->
|
|
135
|
+
<div class="panel behavior-panel">
|
|
136
|
+
<div class="panel-header">
|
|
137
|
+
<h3>Default Behavior</h3>
|
|
138
|
+
</div>
|
|
139
|
+
|
|
140
|
+
<div class="rules-list">
|
|
141
|
+
<div class="rule-item">
|
|
142
|
+
<span class="rule-trigger">Trusted</span>
|
|
143
|
+
<strong class="rule-action action-allow">allow within budget</strong>
|
|
144
|
+
</div>
|
|
145
|
+
<div class="rule-item">
|
|
146
|
+
<span class="rule-trigger">Known + high score</span>
|
|
147
|
+
<strong class="rule-action action-cap">allow with caps</strong>
|
|
148
|
+
</div>
|
|
149
|
+
<div class="rule-item">
|
|
150
|
+
<span class="rule-trigger">Unknown</span>
|
|
151
|
+
<strong class="rule-action action-trial">tiny trial only</strong>
|
|
152
|
+
</div>
|
|
153
|
+
<div class="rule-item">
|
|
154
|
+
<span class="rule-trigger">Expensive</span>
|
|
155
|
+
<strong class="rule-action action-approval">approval required</strong>
|
|
156
|
+
</div>
|
|
157
|
+
<div class="rule-item">
|
|
158
|
+
<span class="rule-trigger">Denied / low score</span>
|
|
159
|
+
<strong class="rule-action action-block">block</strong>
|
|
160
|
+
</div>
|
|
161
|
+
</div>
|
|
162
|
+
|
|
163
|
+
<p class="panel-footer-text">
|
|
164
|
+
This protects the wallet without forcing owners to pre-list every possible API an agent may discover.
|
|
165
|
+
</p>
|
|
166
|
+
</div>
|
|
167
|
+
</div>
|
|
168
|
+
</section>
|
|
169
|
+
|
|
170
|
+
<!-- 4. ROUTESCORE RELIABILITY LAYER -->
|
|
171
|
+
<section id="routescore" class="section">
|
|
172
|
+
<div class="section-header-split">
|
|
173
|
+
<div>
|
|
174
|
+
<h2 class="section-title">RouteScore</h2>
|
|
175
|
+
<p class="section-subtitle">Reliability catalog derived from local signal verification.</p>
|
|
176
|
+
</div>
|
|
177
|
+
<div class="action-controls">
|
|
178
|
+
<select id="routeCategory">
|
|
179
|
+
<option value="web_search">web_search</option>
|
|
180
|
+
<option value="content_extraction">content_extraction</option>
|
|
181
|
+
<option value="inference">inference</option>
|
|
182
|
+
<option value="web3_data">web3_data</option>
|
|
183
|
+
<option value="wallet_intel">wallet_intel</option>
|
|
184
|
+
</select>
|
|
185
|
+
<button id="recommendRoute" class="btn btn-secondary btn-compact">Recommend</button>
|
|
186
|
+
</div>
|
|
187
|
+
</div>
|
|
188
|
+
|
|
189
|
+
<!-- Metrics Strip (Rendered dynamically) -->
|
|
190
|
+
<div id="routeMetrics" class="route-metrics-grid"></div>
|
|
191
|
+
|
|
192
|
+
<!-- Catalog Grid (Rendered dynamically) -->
|
|
193
|
+
<div id="routeCatalog" class="catalog-grid"></div>
|
|
194
|
+
</section>
|
|
195
|
+
|
|
196
|
+
<!-- 5. LOCAL TELEMETRY / PASSIVE SCORING -->
|
|
197
|
+
<section id="telemetry" class="section">
|
|
198
|
+
<div class="section-header-split">
|
|
199
|
+
<div>
|
|
200
|
+
<h2 class="section-title">Local Telemetry</h2>
|
|
201
|
+
<p class="section-subtitle">Passive scoring based on local execution paths without cloud storage.</p>
|
|
202
|
+
</div>
|
|
203
|
+
<div class="action-controls">
|
|
204
|
+
<button id="enableTelemetry" class="btn btn-secondary btn-compact">Enable</button>
|
|
205
|
+
<button id="disableTelemetry" class="btn btn-ghost btn-compact">Disable</button>
|
|
206
|
+
<button id="recordTelemetryDemo" class="btn btn-ghost btn-compact">Demo event</button>
|
|
207
|
+
</div>
|
|
208
|
+
</div>
|
|
209
|
+
|
|
210
|
+
<div class="privacy-banner">
|
|
211
|
+
<span class="banner-icon">🔒</span>
|
|
212
|
+
<p class="banner-text">
|
|
213
|
+
<strong>Privacy policy:</strong> Stores sanitized endpoint metadata only. Never prompts, responses, secrets, private files, or wallet balances.
|
|
214
|
+
</p>
|
|
215
|
+
</div>
|
|
216
|
+
|
|
217
|
+
<!-- Telemetry metrics (Rendered dynamically) -->
|
|
218
|
+
<div id="telemetryMetrics" class="route-metrics-grid"></div>
|
|
219
|
+
|
|
220
|
+
<!-- Telemetry details list (Rendered dynamically) -->
|
|
221
|
+
<div id="telemetrySummary" class="telemetry-grid"></div>
|
|
222
|
+
</section>
|
|
223
|
+
|
|
224
|
+
<!-- 6. PLAYGROUND / LIVE CHECKS -->
|
|
225
|
+
<section id="guards" class="section">
|
|
226
|
+
<div class="section-header">
|
|
227
|
+
<h2 class="section-title">Runtime Checks</h2>
|
|
228
|
+
<p class="section-subtitle">Execute safety assertions and watch the decision engine react in real time.</p>
|
|
229
|
+
</div>
|
|
230
|
+
|
|
231
|
+
<div class="playground-grid">
|
|
232
|
+
<!-- Payment Check -->
|
|
233
|
+
<div class="panel check-card">
|
|
234
|
+
<div class="check-card-header">
|
|
235
|
+
<span class="check-type">PAYMENT</span>
|
|
236
|
+
<h3>Pre-spend check</h3>
|
|
237
|
+
</div>
|
|
238
|
+
<div class="check-inputs">
|
|
239
|
+
<input id="payDomain" placeholder="api.exa.ai" />
|
|
240
|
+
<input id="payAmount" type="number" step="0.001" placeholder="0.01" />
|
|
241
|
+
<input id="payScore" type="number" step="1" placeholder="RouteScore optional" />
|
|
242
|
+
</div>
|
|
243
|
+
<button id="checkPayment" class="btn btn-secondary btn-full">Check payment</button>
|
|
244
|
+
</div>
|
|
245
|
+
|
|
246
|
+
<!-- Command Check -->
|
|
247
|
+
<div class="panel check-card">
|
|
248
|
+
<div class="check-card-header">
|
|
249
|
+
<span class="check-type">SHELL</span>
|
|
250
|
+
<h3>Command check</h3>
|
|
251
|
+
</div>
|
|
252
|
+
<div class="check-inputs">
|
|
253
|
+
<input id="commandInput" placeholder="npm test" />
|
|
254
|
+
</div>
|
|
255
|
+
<button id="checkCommand" class="btn btn-secondary btn-full">Check command</button>
|
|
256
|
+
</div>
|
|
257
|
+
|
|
258
|
+
<!-- File Check -->
|
|
259
|
+
<div class="panel check-card">
|
|
260
|
+
<div class="check-card-header">
|
|
261
|
+
<span class="check-type">FILES</span>
|
|
262
|
+
<h3>File check</h3>
|
|
263
|
+
</div>
|
|
264
|
+
<div class="check-inputs">
|
|
265
|
+
<input id="filePath" placeholder=".env" />
|
|
266
|
+
<select id="fileOp">
|
|
267
|
+
<option value="read">read</option>
|
|
268
|
+
<option value="write">write</option>
|
|
269
|
+
</select>
|
|
270
|
+
</div>
|
|
271
|
+
<button id="checkFile" class="btn btn-secondary btn-full">Check file</button>
|
|
272
|
+
</div>
|
|
273
|
+
</div>
|
|
274
|
+
|
|
275
|
+
<!-- Live Output Terminal Window -->
|
|
276
|
+
<div class="panel console-panel">
|
|
277
|
+
<div class="console-header">
|
|
278
|
+
<div class="console-title">
|
|
279
|
+
<span class="console-dot red"></span>
|
|
280
|
+
<span class="console-dot yellow"></span>
|
|
281
|
+
<span class="console-dot green"></span>
|
|
282
|
+
<span class="console-label">Live local output</span>
|
|
283
|
+
</div>
|
|
284
|
+
<button id="scanWorkspace" class="btn btn-secondary btn-compact">Scan workspace</button>
|
|
285
|
+
</div>
|
|
286
|
+
<pre id="resultSummary" class="console empty">Run a guard, recommendation, or scan to see decisions here.</pre>
|
|
287
|
+
<div id="findings" class="findings-container"></div>
|
|
288
|
+
</div>
|
|
289
|
+
</section>
|
|
290
|
+
|
|
291
|
+
<!-- 7. SETUP / SNIPPETS -->
|
|
292
|
+
<section id="setup" class="section">
|
|
293
|
+
<div class="section-header">
|
|
294
|
+
<h2 class="section-title">Setup Configuration</h2>
|
|
295
|
+
<p class="section-subtitle">Add Sentinel to your environment file, agent manifest, or proxy pipeline.</p>
|
|
296
|
+
</div>
|
|
297
|
+
|
|
298
|
+
<div class="setup-grid">
|
|
299
|
+
<div class="panel setup-card">
|
|
300
|
+
<div class="panel-header">
|
|
301
|
+
<div>
|
|
302
|
+
<h3>Proxy MCP config</h3>
|
|
303
|
+
<p class="setup-desc">Recommended: one Sentinel server that gates upstream tools.</p>
|
|
304
|
+
</div>
|
|
305
|
+
<button data-copy="proxyConfig" class="btn btn-copy">Copy</button>
|
|
306
|
+
</div>
|
|
307
|
+
<pre id="proxyConfig" class="code-block"></pre>
|
|
308
|
+
</div>
|
|
309
|
+
|
|
310
|
+
<div class="panel setup-card">
|
|
311
|
+
<div class="panel-header">
|
|
312
|
+
<div>
|
|
313
|
+
<h3>Direct MCP config</h3>
|
|
314
|
+
<p class="setup-desc">Lightweight mode: agent asks Sentinel before risky actions.</p>
|
|
315
|
+
</div>
|
|
316
|
+
<button data-copy="mcpConfig" class="btn btn-copy">Copy</button>
|
|
317
|
+
</div>
|
|
318
|
+
<pre id="mcpConfig" class="code-block"></pre>
|
|
319
|
+
</div>
|
|
320
|
+
|
|
321
|
+
<div class="panel setup-card">
|
|
322
|
+
<div class="panel-header">
|
|
323
|
+
<div>
|
|
324
|
+
<h3>Agent rules</h3>
|
|
325
|
+
<p class="setup-desc">Force the agent to ask Sentinel before risky actions.</p>
|
|
326
|
+
</div>
|
|
327
|
+
<button data-copy="agentRules" class="btn btn-copy">Copy</button>
|
|
328
|
+
</div>
|
|
329
|
+
<pre id="agentRules" class="code-block"></pre>
|
|
330
|
+
</div>
|
|
331
|
+
</div>
|
|
332
|
+
</section>
|
|
333
|
+
|
|
334
|
+
<footer class="site-footer">
|
|
335
|
+
<span class="footer-brand">◆ Mythos Sentinel</span>
|
|
336
|
+
<span class="footer-copy">Runtime firewall for wallet-enabled agents. Local-first.</span>
|
|
337
|
+
</footer>
|
|
338
|
+
|
|
339
|
+
</main>
|
|
340
|
+
<script src="/assets/app.js"></script>
|
|
341
|
+
</body>
|
|
342
|
+
</html>
|