mythos-sentinel 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +362 -0
  3. package/action.yml +43 -0
  4. package/assets/banner.png +0 -0
  5. package/bin/mythos-sentinel-mcp.js +7 -0
  6. package/bin/mythos-sentinel.js +8 -0
  7. package/docs/ARCHITECTURE.md +55 -0
  8. package/docs/BASE_X402.md +33 -0
  9. package/docs/BAZAAR_ADAPTER.md +41 -0
  10. package/docs/DASHBOARD.md +22 -0
  11. package/docs/FALLBACK_ROUTING.md +37 -0
  12. package/docs/MCP.md +70 -0
  13. package/docs/PASSIVE_SCORING.md +33 -0
  14. package/docs/ROUTESCORE.md +101 -0
  15. package/docs/RUNTIME_MCP_PROXY.md +90 -0
  16. package/docs/SPEND_FIREWALL.md +50 -0
  17. package/docs/TELEMETRY.md +74 -0
  18. package/docs/THREAT_MODEL.md +28 -0
  19. package/docs/X402_RECEIPTS.md +54 -0
  20. package/examples/base/mythos.policy.json +142 -0
  21. package/examples/claude_desktop/mcp.json +8 -0
  22. package/examples/codex/AGENTS.md +31 -0
  23. package/examples/cursor/mcp.json +8 -0
  24. package/examples/github/verify.yml +29 -0
  25. package/examples/routescore/services.yml +19 -0
  26. package/examples/skill/mythos.skill.json +20 -0
  27. package/package.json +79 -0
  28. package/schemas/agent-receipt.schema.json +17 -0
  29. package/schemas/policy.schema.json +322 -0
  30. package/schemas/sentinel-report.schema.json +14 -0
  31. package/schemas/skill.manifest.schema.json +42 -0
  32. package/src/cli.js +570 -0
  33. package/src/core/fs.js +88 -0
  34. package/src/core/path-utils.js +54 -0
  35. package/src/core/policy.js +326 -0
  36. package/src/core/receipt.js +52 -0
  37. package/src/core/routescore.js +576 -0
  38. package/src/core/snapshot.js +35 -0
  39. package/src/core/telemetry.js +214 -0
  40. package/src/core/x402-receipts.js +303 -0
  41. package/src/index.js +19 -0
  42. package/src/mcp/proxy.js +493 -0
  43. package/src/mcp/server.js +226 -0
  44. package/src/report/format.js +53 -0
  45. package/src/report/sarif.js +50 -0
  46. package/src/scanner/rules.js +185 -0
  47. package/src/scanner/scan.js +118 -0
  48. package/src/ui/server.js +346 -0
  49. package/src/ui/static/app.js +210 -0
  50. package/src/ui/static/index.html +342 -0
  51. package/src/ui/static/styles.css +904 -0
  52. package/src/version.js +2 -0
package/examples/github/verify.yml ADDED
@@ -0,0 +1,29 @@
1
+ name: Mythos Sentinel
2
+
3
+ on:
4
+ pull_request:
5
+ workflow_dispatch:
6
+
7
+ permissions:
8
+ contents: read
9
+
10
+ jobs:
11
+ sentinel:
12
+ runs-on: ubuntu-latest
13
+ timeout-minutes: 10
14
+ steps:
15
+ - uses: actions/checkout@v4
16
+ with:
17
+ persist-credentials: false
18
+ - uses: actions/setup-node@v4
19
+ with:
20
+ node-version: 20
21
+ - name: Install Mythos Sentinel
22
+ run: npm install -g mythos-sentinel --ignore-scripts --no-audit --no-fund
23
+ - name: Scan agent-facing code
24
+ run: mythos-sentinel scan . --policy mythos.policy.json --json --out mythos-sentinel-report.json --fail-on high
25
+ - name: Upload Sentinel report
26
+ uses: actions/upload-artifact@v4
27
+ with:
28
+ name: mythos-sentinel-report
29
+ path: mythos-sentinel-report.json
package/examples/routescore/services.yml ADDED
@@ -0,0 +1,19 @@
1
+ services:
2
+ - name: Custom Search API
3
+ category: web_search
4
+ domain: api.example.com
5
+ endpoint: https://api.example.com/search
6
+ priceUSDC: 0.01
7
+ network: base
8
+ tags:
9
+ - search
10
+ - custom
11
+ - name: Custom Browser Session API
12
+ category: browser
13
+ domain: browser.example.com
14
+ endpoint: https://browser.example.com/session
15
+ priceUSDC: 0.05
16
+ network: base
17
+ tags:
18
+ - browser
19
+ - automation
package/examples/skill/mythos.skill.json ADDED
@@ -0,0 +1,20 @@
1
+ {
2
+ "name": "github-pr-reviewer",
3
+ "version": "0.1.0",
4
+ "permissions": {
5
+ "filesystem": {
6
+ "read": ["src/**", "test/**", "package.json"],
7
+ "write": []
8
+ },
9
+ "network": {
10
+ "allow": ["api.github.com"]
11
+ },
12
+ "payments": {
13
+ "maxUSDCPerRequest": 0,
14
+ "maxUSDCDaily": 0
15
+ },
16
+ "secrets": {
17
+ "deny": ["*"]
18
+ }
19
+ }
20
+ }
package/package.json ADDED
@@ -0,0 +1,79 @@
1
+ {
2
+ "name": "mythos-sentinel",
3
+ "version": "0.1.0",
4
+ "description": "Runtime MCP proxy, x402 receipt ingestion, and adaptive spend firewall for wallet-enabled AI agents.",
5
+ "type": "module",
6
+ "license": "MIT",
7
+ "author": "thewaltero",
8
+ "homepage": "https://github.com/thewaltero/mythos-sentinel#readme",
9
+ "repository": {
10
+ "type": "git",
11
+ "url": "git+https://github.com/thewaltero/mythos-sentinel.git"
12
+ },
13
+ "bugs": {
14
+ "url": "https://github.com/thewaltero/mythos-sentinel/issues"
15
+ },
16
+ "keywords": [
17
+ "agent-payments",
18
+ "spend-firewall",
19
+ "routescore",
20
+ "x402-payments",
21
+ "ai-agents",
22
+ "mcp",
23
+ "x402",
24
+ "base",
25
+ "agent-security",
26
+ "agentic-ai",
27
+ "guardrails",
28
+ "ai-safety",
29
+ "codex",
30
+ "cursor",
31
+ "claude"
32
+ ],
33
+ "bin": {
34
+ "mythos-sentinel": "./bin/mythos-sentinel.js",
35
+ "mythos-sentinel-mcp": "./bin/mythos-sentinel-mcp.js",
36
+ "mythos": "./bin/mythos-sentinel.js"
37
+ },
38
+ "exports": {
39
+ ".": "./src/index.js",
40
+ "./scanner": "./src/scanner/scan.js",
41
+ "./policy": "./src/core/policy.js",
42
+ "./mcp": "./src/mcp/server.js",
43
+ "./ui": "./src/ui/server.js",
44
+ "./routescore": "./src/core/routescore.js",
45
+ "./mcp-proxy": "./src/mcp/proxy.js",
46
+ "./telemetry": "./src/core/telemetry.js",
47
+ "./x402-receipts": "./src/core/x402-receipts.js",
48
+ "./receipt": "./src/core/receipt.js"
49
+ },
50
+ "files": [
51
+ "assets",
52
+ "bin",
53
+ "src",
54
+ "schemas",
55
+ "examples",
56
+ "docs",
57
+ "action.yml",
58
+ "README.md",
59
+ "CHANGELOG.md",
60
+ "LICENSE"
61
+ ],
62
+ "engines": {
63
+ "node": ">=20.0.0"
64
+ },
65
+ "scripts": {
66
+ "start": "node ./bin/mythos-sentinel.js",
67
+ "scan": "node ./bin/mythos-sentinel.js scan .",
68
+ "mcp": "node ./bin/mythos-sentinel-mcp.js",
69
+ "test": "node --test",
70
+ "test:coverage": "node --test --experimental-test-coverage",
71
+ "doctor": "node ./bin/mythos-sentinel.js doctor",
72
+ "ci:local": "npm test && node ./bin/mythos-sentinel.js doctor && node ./bin/mythos-sentinel.js scan . --json --out .mythos/reports/self-scan.json --fail-on none && node ./bin/mythos-sentinel.js check-payment --domain unknown.example --amount 0.01",
73
+ "release:check": "bash ./scripts/release-check.sh",
74
+ "prepublishOnly": "npm run release:check",
75
+ "ui": "node ./bin/mythos-sentinel.js ui",
76
+ "proxy": "node ./bin/mythos-sentinel.js proxy"
77
+ },
78
+ "packageManager": "npm@10.0.0"
79
+ }
package/schemas/agent-receipt.schema.json ADDED
@@ -0,0 +1,17 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mythos.dev/schemas/agent-receipt.v0.json",
4
+ "title": "Mythos Agent Work Receipt",
5
+ "type": "object",
6
+ "required": ["schema", "createdAt", "agent", "diff", "verification", "snapshots"],
7
+ "properties": {
8
+ "schema": { "type": "string" },
9
+ "createdAt": { "type": "string" },
10
+ "agent": { "type": "object" },
11
+ "workspace": { "type": "string" },
12
+ "summary": { "type": "string" },
13
+ "diff": { "type": "object" },
14
+ "verification": { "type": "object" },
15
+ "snapshots": { "type": "object" }
16
+ }
17
+ }
package/schemas/policy.schema.json ADDED
@@ -0,0 +1,322 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mythos.dev/schemas/policy.v0.json",
4
+ "title": "Mythos Sentinel Policy",
5
+ "type": "object",
6
+ "required": [
7
+ "version",
8
+ "mode"
9
+ ],
10
+ "properties": {
11
+ "version": {
12
+ "type": "string"
13
+ },
14
+ "mode": {
15
+ "enum": [
16
+ "monitor",
17
+ "enforce"
18
+ ]
19
+ },
20
+ "project": {
21
+ "type": "string"
22
+ },
23
+ "filesystem": {
24
+ "type": "object",
25
+ "properties": {
26
+ "deny": {
27
+ "type": "array",
28
+ "items": {
29
+ "type": "string"
30
+ }
31
+ },
32
+ "allowRead": {
33
+ "type": "array",
34
+ "items": {
35
+ "type": "string"
36
+ }
37
+ },
38
+ "allowWrite": {
39
+ "type": "array",
40
+ "items": {
41
+ "type": "string"
42
+ }
43
+ }
44
+ },
45
+ "additionalProperties": true
46
+ },
47
+ "commands": {
48
+ "type": "object",
49
+ "properties": {
50
+ "blockedPatterns": {
51
+ "type": "array",
52
+ "items": {
53
+ "type": "string"
54
+ }
55
+ },
56
+ "approvalPatterns": {
57
+ "type": "array",
58
+ "items": {
59
+ "type": "string"
60
+ }
61
+ }
62
+ },
63
+ "additionalProperties": true
64
+ },
65
+ "network": {
66
+ "type": "object",
67
+ "properties": {
68
+ "blockUnknown": {
69
+ "type": "boolean"
70
+ },
71
+ "allowedDomains": {
72
+ "type": "array",
73
+ "items": {
74
+ "type": "string"
75
+ }
76
+ },
77
+ "deniedDomains": {
78
+ "type": "array",
79
+ "items": {
80
+ "type": "string"
81
+ }
82
+ }
83
+ },
84
+ "additionalProperties": true
85
+ },
86
+ "payments": {
87
+ "type": "object",
88
+ "properties": {
89
+ "x402": {
90
+ "type": "object",
91
+ "properties": {
92
+ "enabled": {
93
+ "type": "boolean"
94
+ },
95
+ "maxPerRequestUSDC": {
96
+ "type": "number"
97
+ },
98
+ "maxDailyUSDC": {
99
+ "type": "number"
100
+ },
101
+ "requireApprovalAboveUSDC": {
102
+ "type": "number"
103
+ },
104
+ "allowedDomains": {
105
+ "type": "array",
106
+ "items": {
107
+ "type": "string"
108
+ }
109
+ },
110
+ "deniedDomains": {
111
+ "type": "array",
112
+ "items": {
113
+ "type": "string"
114
+ }
115
+ },
116
+ "strategy": {
117
+ "enum": [
118
+ "strict",
119
+ "balanced",
120
+ "explorer"
121
+ ]
122
+ },
123
+ "enforceAllowlist": {
124
+ "type": "boolean"
125
+ },
126
+ "trustedDomains": {
127
+ "type": "array",
128
+ "items": {
129
+ "type": "string"
130
+ }
131
+ },
132
+ "unknown": {
133
+ "type": "object",
134
+ "properties": {
135
+ "allowTrial": {
136
+ "type": "boolean"
137
+ },
138
+ "maxPerRequestUSDC": {
139
+ "type": "number"
140
+ },
141
+ "maxDailyUSDC": {
142
+ "type": "number"
143
+ },
144
+ "requireApprovalAboveUSDC": {
145
+ "type": "number"
146
+ }
147
+ },
148
+ "additionalProperties": true
149
+ },
150
+ "routeScore": {
151
+ "type": "object",
152
+ "properties": {
153
+ "autoAllowMinScore": {
154
+ "type": "number"
155
+ },
156
+ "requireApprovalBelowScore": {
157
+ "type": "number"
158
+ },
159
+ "blockBelowScore": {
160
+ "type": "number"
161
+ }
162
+ },
163
+ "additionalProperties": true
164
+ }
165
+ },
166
+ "additionalProperties": true
167
+ }
168
+ },
169
+ "additionalProperties": true
170
+ },
171
+ "findings": {
172
+ "type": "object",
173
+ "properties": {
174
+ "failOn": {
175
+ "type": "array",
176
+ "items": {
177
+ "enum": [
178
+ "info",
179
+ "low",
180
+ "medium",
181
+ "high",
182
+ "critical"
183
+ ]
184
+ }
185
+ },
186
+ "warnOn": {
187
+ "type": "array",
188
+ "items": {
189
+ "enum": [
190
+ "info",
191
+ "low",
192
+ "medium",
193
+ "high",
194
+ "critical"
195
+ ]
196
+ }
197
+ }
198
+ },
199
+ "additionalProperties": true
200
+ },
201
+ "scanner": {
202
+ "type": "object",
203
+ "properties": {
204
+ "ignore": {
205
+ "type": "array",
206
+ "items": {
207
+ "type": "string"
208
+ }
209
+ },
210
+ "useMythosIgnore": {
211
+ "type": "boolean"
212
+ }
213
+ },
214
+ "additionalProperties": true
215
+ },
216
+ "receipts": {
217
+ "type": "object",
218
+ "properties": {
219
+ "require": {
220
+ "type": "boolean"
221
+ },
222
+ "includeFileHashes": {
223
+ "type": "boolean"
224
+ }
225
+ },
226
+ "additionalProperties": true
227
+ },
228
+ "routeScore": {
229
+ "type": "object",
230
+ "properties": {
231
+ "enabled": {
232
+ "type": "boolean"
233
+ },
234
+ "catalogMode": {
235
+ "type": "string"
236
+ },
237
+ "seedCategories": {
238
+ "type": "array",
239
+ "items": {
240
+ "type": "string"
241
+ }
242
+ },
243
+ "telemetry": {
244
+ "type": "object",
245
+ "additionalProperties": true
246
+ }
247
+ },
248
+ "additionalProperties": true
249
+ },
250
+ "mcpProxy": {
251
+ "type": "object",
252
+ "properties": {
253
+ "enabled": {
254
+ "type": "boolean"
255
+ },
256
+ "mode": {
257
+ "enum": [
258
+ "monitor",
259
+ "enforce"
260
+ ]
261
+ },
262
+ "approvalMode": {
263
+ "enum": [
264
+ "return_error",
265
+ "allow_with_annotation"
266
+ ]
267
+ },
268
+ "toolNameStrategy": {
269
+ "enum": [
270
+ "preserve_unless_collision",
271
+ "prefix"
272
+ ]
273
+ },
274
+ "exposeSentinelTools": {
275
+ "type": "boolean"
276
+ },
277
+ "upstreams": {
278
+ "type": "array",
279
+ "items": {
280
+ "type": "object",
281
+ "required": [
282
+ "id",
283
+ "command"
284
+ ],
285
+ "properties": {
286
+ "id": {
287
+ "type": "string"
288
+ },
289
+ "name": {
290
+ "type": "string"
291
+ },
292
+ "command": {
293
+ "type": "string"
294
+ },
295
+ "args": {
296
+ "type": "array",
297
+ "items": {
298
+ "type": "string"
299
+ }
300
+ },
301
+ "cwd": {
302
+ "type": "string"
303
+ },
304
+ "env": {
305
+ "type": "object",
306
+ "additionalProperties": {
307
+ "type": "string"
308
+ }
309
+ },
310
+ "initTimeoutMs": {
311
+ "type": "number"
312
+ }
313
+ },
314
+ "additionalProperties": true
315
+ }
316
+ }
317
+ },
318
+ "additionalProperties": true
319
+ }
320
+ },
321
+ "additionalProperties": true
322
+ }
package/schemas/sentinel-report.schema.json ADDED
@@ -0,0 +1,14 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mythos.dev/schemas/sentinel-report.v0.json",
4
+ "title": "Mythos Sentinel Report",
5
+ "type": "object",
6
+ "required": ["schema", "tool", "target", "summary", "findings"],
7
+ "properties": {
8
+ "schema": { "type": "string" },
9
+ "tool": { "type": "object" },
10
+ "target": { "type": "string" },
11
+ "summary": { "type": "object" },
12
+ "findings": { "type": "array" }
13
+ }
14
+ }
package/schemas/skill.manifest.schema.json ADDED
@@ -0,0 +1,42 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
3
+ "$id": "https://mythos.dev/schemas/skill-manifest.v0.json",
4
+ "title": "Mythos Skill Permission Manifest",
5
+ "type": "object",
6
+ "required": ["name", "permissions"],
7
+ "properties": {
8
+ "name": { "type": "string" },
9
+ "version": { "type": "string" },
10
+ "permissions": {
11
+ "type": "object",
12
+ "properties": {
13
+ "filesystem": {
14
+ "type": "object",
15
+ "properties": {
16
+ "read": { "type": "array", "items": { "type": "string" } },
17
+ "write": { "type": "array", "items": { "type": "string" } }
18
+ }
19
+ },
20
+ "network": {
21
+ "type": "object",
22
+ "properties": {
23
+ "allow": { "type": "array", "items": { "type": "string" } }
24
+ }
25
+ },
26
+ "payments": {
27
+ "type": "object",
28
+ "properties": {
29
+ "maxUSDCPerRequest": { "type": "number" },
30
+ "maxUSDCDaily": { "type": "number" }
31
+ }
32
+ },
33
+ "secrets": {
34
+ "type": "object",
35
+ "properties": {
36
+ "deny": { "type": "array", "items": { "type": "string" } }
37
+ }
38
+ }
39
+ }
40
+ }
41
+ }
42
+ }