opena2a-cli 0.6.3 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/detect.d.ts +9 -0
- package/dist/commands/detect.d.ts.map +1 -1
- package/dist/commands/detect.js +92 -59
- package/dist/commands/detect.js.map +1 -1
- package/dist/commands/identity.js +35 -0
- package/dist/commands/identity.js.map +1 -1
- package/dist/commands/review.d.ts.map +1 -1
- package/dist/commands/review.js +43 -38
- package/dist/commands/review.js.map +1 -1
- package/dist/index.js +2 -0
- package/dist/index.js.map +1 -1
- package/dist/report/detect-html.d.ts.map +1 -1
- package/dist/report/detect-html.js +3 -2
- package/dist/report/detect-html.js.map +1 -1
- package/dist/util/governance-scoring.d.ts +42 -0
- package/dist/util/governance-scoring.d.ts.map +1 -0
- package/dist/util/governance-scoring.js +65 -0
- package/dist/util/governance-scoring.js.map +1 -0
- package/dist/util/registry-enrichment.d.ts +60 -0
- package/dist/util/registry-enrichment.d.ts.map +1 -0
- package/dist/util/registry-enrichment.js +104 -0
- package/dist/util/registry-enrichment.js.map +1 -0
- package/dist/util/report-submission.d.ts +32 -0
- package/dist/util/report-submission.d.ts.map +1 -1
- package/dist/util/report-submission.js +54 -0
- package/dist/util/report-submission.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detect-html.d.ts","sourceRoot":"","sources":["../../src/report/detect-html.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAS1D,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"detect-html.d.ts","sourceRoot":"","sources":["../../src/report/detect-html.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAS1D,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CA0I/D"}
|
|
@@ -162,8 +162,9 @@ body{background:var(--bg);color:var(--text);font-family:var(--font);font-size:14
|
|
|
162
162
|
if(report.mcpServers.length>0){h+='<div style="font-size:12px;color:var(--dim);margin-bottom:8px;">Export full asset list for your CMDB: <span style="color:var(--primary);">opena2a detect --export-csv assets.csv</span></div>';}
|
|
163
163
|
h+='<div class="card">';
|
|
164
164
|
if(report.mcpServers.length===0){h+='<div style="color:var(--dim);">No MCP servers found</div>';}
|
|
165
|
-
|
|
166
|
-
if(
|
|
165
|
+
function trustBadge(sv){if(!sv.registryData)return'';var sc=Math.round(sv.registryData.trustScore*100);var col=sc>=70?'var(--pass)':sc>=40?'var(--warn)':'var(--fail)';var label='Trust: '+sc+'/100';if(sv.registryData.communityScans>0){label+=' | '+sv.registryData.communityScans+' scan'+(sv.registryData.communityScans!==1?'s':'');}return' <span style="font-size:11px;padding:2px 6px;border-radius:3px;background:'+col+'22;color:'+col+';border:1px solid '+col+'44;">'+label+'</span>';}
|
|
166
|
+
if(pMcp.length>0){h+='<div class="mcp-group"><div class="mcp-group-title">Project-local ('+pMcp.length+')</div>';for(var k=0;k<pMcp.length;k++){var sv=pMcp[k];var caps=(sv.capabilities||[]).filter(function(c){return c!=='unknown';});h+='<div class="mcp-row"><div class="mcp-name">'+esc(sv.name)+(sv.verified?' <span class="status-badge status-pass">verified</span>':'')+trustBadge(sv)+'</div>';if(caps.length>0){h+='<div class="mcp-caps">'+caps.map(function(c){return capDescs[c]||c;}).join(' | ')+'</div>';}h+='</div>';}h+='</div>';}
|
|
167
|
+
if(gMcp.length>0){h+='<div class="mcp-group"><div class="mcp-group-title">Machine-wide ('+gMcp.length+')</div>';var sens=gMcp.filter(function(x){return(x.capabilities||[]).some(function(c){return['shell-access','database','payments','cloud-services'].indexOf(c)!==-1;});});if(sens.length>0){for(var m=0;m<sens.length;m++){var sm=sens[m];var sc2=(sm.capabilities||[]).filter(function(c){return c!=='unknown';});h+='<div class="mcp-row"><div class="mcp-name">'+esc(sm.name)+trustBadge(sm)+'</div>';if(sc2.length>0){h+='<div class="mcp-caps">'+sc2.map(function(c){return capDescs[c]||c;}).join(' | ')+'</div>';}h+='</div>';}var ot=gMcp.length-sens.length;if(ot>0){h+='<div style="color:var(--dim);font-size:12px;padding:6px 0;">+ '+ot+' more with standard access</div>';}}else{h+='<div style="color:var(--dim);font-size:12px;">'+gMcp.length+' server'+(gMcp.length!==1?'s':'')+' with standard access</div>';}h+='</div>';}
|
|
167
168
|
h+='</div>';
|
|
168
169
|
|
|
169
170
|
var nw=(report.aiConfigs||[]).filter(function(c){return c.risk!=='low';});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detect-html.js","sourceRoot":"","sources":["../../src/report/detect-html.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWH,
|
|
1
|
+
{"version":3,"file":"detect-html.js","sourceRoot":"","sources":["../../src/report/detect-html.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAWH,gDA0IC;AAlJD,4CAA8B;AAE9B,SAAS,GAAG,CAAC,CAA4B;IACvC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAClB,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACxE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAAoB;IACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;IAClF,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAEtC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+BAwEsB,QAAQ,MAAM,QAAQ,OAAO,GAAG,OAAO,EAAE;;;;;mDAKrB,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAqDnD,CAAC;AACT,CAAC"}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared governance scoring utility.
|
|
3
|
+
*
|
|
4
|
+
* Calculates a governance score (0-100) based on agent governance status,
|
|
5
|
+
* MCP server verification, AI config risk, and identity posture.
|
|
6
|
+
* Used by both `detect` and `review` commands.
|
|
7
|
+
*/
|
|
8
|
+
export interface GovernanceScoringAgent {
|
|
9
|
+
governanceStatus: string;
|
|
10
|
+
identityStatus: string;
|
|
11
|
+
}
|
|
12
|
+
export interface GovernanceScoringMcpServer {
|
|
13
|
+
verified: boolean;
|
|
14
|
+
source: string;
|
|
15
|
+
risk: string;
|
|
16
|
+
}
|
|
17
|
+
export interface GovernanceScoringAiConfig {
|
|
18
|
+
risk: string;
|
|
19
|
+
}
|
|
20
|
+
export interface GovernanceScoringIdentity {
|
|
21
|
+
aimIdentities: number;
|
|
22
|
+
soulFiles: number;
|
|
23
|
+
}
|
|
24
|
+
export interface GovernanceScoringInput {
|
|
25
|
+
agents: GovernanceScoringAgent[];
|
|
26
|
+
mcpServers: GovernanceScoringMcpServer[];
|
|
27
|
+
aiConfigs: GovernanceScoringAiConfig[];
|
|
28
|
+
identity: GovernanceScoringIdentity;
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* Calculate governance score (0-100, where 100 = fully governed).
|
|
32
|
+
*
|
|
33
|
+
* Internally computes deductions for gaps, then inverts:
|
|
34
|
+
* governanceScore = 100 - deductions
|
|
35
|
+
*
|
|
36
|
+
* This way users see 100 as the goal and the score goes UP as they fix things.
|
|
37
|
+
*/
|
|
38
|
+
export declare function calculateGovernanceScore(input: GovernanceScoringInput): {
|
|
39
|
+
governanceScore: number;
|
|
40
|
+
deductions: number;
|
|
41
|
+
};
|
|
42
|
+
//# sourceMappingURL=governance-scoring.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-scoring.d.ts","sourceRoot":"","sources":["../../src/util/governance-scoring.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,sBAAsB;IACrC,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,yBAAyB;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACjC,UAAU,EAAE,0BAA0B,EAAE,CAAC;IACzC,SAAS,EAAE,yBAAyB,EAAE,CAAC;IACvC,QAAQ,EAAE,yBAAyB,CAAC;CACrC;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,sBAAsB,GAAG;IAAE,eAAe,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAsCvH"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Shared governance scoring utility.
|
|
4
|
+
*
|
|
5
|
+
* Calculates a governance score (0-100) based on agent governance status,
|
|
6
|
+
* MCP server verification, AI config risk, and identity posture.
|
|
7
|
+
* Used by both `detect` and `review` commands.
|
|
8
|
+
*/
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
exports.calculateGovernanceScore = calculateGovernanceScore;
|
|
11
|
+
/**
|
|
12
|
+
* Calculate governance score (0-100, where 100 = fully governed).
|
|
13
|
+
*
|
|
14
|
+
* Internally computes deductions for gaps, then inverts:
|
|
15
|
+
* governanceScore = 100 - deductions
|
|
16
|
+
*
|
|
17
|
+
* This way users see 100 as the goal and the score goes UP as they fix things.
|
|
18
|
+
*/
|
|
19
|
+
function calculateGovernanceScore(input) {
|
|
20
|
+
let deductions = 0;
|
|
21
|
+
// Ungoverned agents: 15 points each
|
|
22
|
+
for (const agent of input.agents) {
|
|
23
|
+
if (agent.governanceStatus === 'no governance')
|
|
24
|
+
deductions += 15;
|
|
25
|
+
if (agent.identityStatus === 'no identity')
|
|
26
|
+
deductions += 10;
|
|
27
|
+
}
|
|
28
|
+
// Unverified MCP servers -- only project-local servers affect the score.
|
|
29
|
+
// Global/machine-wide servers (Claude plugins, ~/.cursor, etc.) are shown
|
|
30
|
+
// for awareness but don't penalize the project governance score because
|
|
31
|
+
// the user cannot verify them at the project level.
|
|
32
|
+
for (const server of input.mcpServers) {
|
|
33
|
+
if (server.verified)
|
|
34
|
+
continue;
|
|
35
|
+
const isProjectLocal = server.source.includes('(project)');
|
|
36
|
+
if (!isProjectLocal)
|
|
37
|
+
continue;
|
|
38
|
+
if (server.risk === 'critical')
|
|
39
|
+
deductions += 20;
|
|
40
|
+
else if (server.risk === 'high')
|
|
41
|
+
deductions += 12;
|
|
42
|
+
else if (server.risk === 'medium')
|
|
43
|
+
deductions += 5;
|
|
44
|
+
else
|
|
45
|
+
deductions += 2;
|
|
46
|
+
}
|
|
47
|
+
// AI config risk
|
|
48
|
+
for (const config of input.aiConfigs) {
|
|
49
|
+
if (config.risk === 'critical')
|
|
50
|
+
deductions += 25;
|
|
51
|
+
else if (config.risk === 'high')
|
|
52
|
+
deductions += 15;
|
|
53
|
+
else if (config.risk === 'medium')
|
|
54
|
+
deductions += 5;
|
|
55
|
+
}
|
|
56
|
+
// Governance gap: no AIM identity is a multiplier
|
|
57
|
+
if (input.identity.aimIdentities === 0 && input.agents.length > 0)
|
|
58
|
+
deductions += 20;
|
|
59
|
+
if (input.identity.soulFiles === 0 && input.agents.length > 0)
|
|
60
|
+
deductions += 10;
|
|
61
|
+
// Cap deductions at 100, round
|
|
62
|
+
deductions = Math.min(Math.round(deductions), 100);
|
|
63
|
+
return { governanceScore: 100 - deductions, deductions };
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=governance-scoring.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-scoring.js","sourceRoot":"","sources":["../../src/util/governance-scoring.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAqCH,4DAsCC;AA9CD;;;;;;;GAOG;AACH,SAAgB,wBAAwB,CAAC,KAA6B;IACpE,IAAI,UAAU,GAAG,CAAC,CAAC;IAEnB,oCAAoC;IACpC,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjC,IAAI,KAAK,CAAC,gBAAgB,KAAK,eAAe;YAAE,UAAU,IAAI,EAAE,CAAC;QACjE,IAAI,KAAK,CAAC,cAAc,KAAK,aAAa;YAAE,UAAU,IAAI,EAAE,CAAC;IAC/D,CAAC;IAED,yEAAyE;IACzE,0EAA0E;IAC1E,wEAAwE;IACxE,oDAAoD;IACpD,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACtC,IAAI,MAAM,CAAC,QAAQ;YAAE,SAAS;QAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC3D,IAAI,CAAC,cAAc;YAAE,SAAS;QAC9B,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU;YAAE,UAAU,IAAI,EAAE,CAAC;aAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM;YAAE,UAAU,IAAI,EAAE,CAAC;aAC7C,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;YAAE,UAAU,IAAI,CAAC,CAAC;;YAC9C,UAAU,IAAI,CAAC,CAAC;IACvB,CAAC;IAED,iBAAiB;IACjB,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;QACrC,IAAI,MAAM,CAAC,IAAI,KAAK,UAAU;YAAE,UAAU,IAAI,EAAE,CAAC;aAC5C,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM;YAAE,UAAU,IAAI,EAAE,CAAC;aAC7C,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ;YAAE,UAAU,IAAI,CAAC,CAAC;IACrD,CAAC;IAED,kDAAkD;IAClD,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,UAAU,IAAI,EAAE,CAAC;IACpF,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,UAAU,IAAI,EAAE,CAAC;IAEhF,+BAA+B;IAC/B,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,GAAG,CAAC,CAAC;IAEnD,OAAO,EAAE,eAAe,EAAE,GAAG,GAAG,UAAU,EAAE,UAAU,EAAE,CAAC;AAC3D,CAAC"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Registry enrichment -- queries the OpenA2A Registry for community trust data
|
|
3
|
+
* about detected MCP servers and agents.
|
|
4
|
+
*
|
|
5
|
+
* Used by `opena2a detect --registry` to annotate scan results with trust scores,
|
|
6
|
+
* community scan counts, and verification status from the public registry.
|
|
7
|
+
*/
|
|
8
|
+
export interface RegistryEnrichment {
|
|
9
|
+
name: string;
|
|
10
|
+
packageType: string;
|
|
11
|
+
trustScore: number;
|
|
12
|
+
trustLevel: number;
|
|
13
|
+
verdict: string;
|
|
14
|
+
communityScans: number;
|
|
15
|
+
verified: boolean;
|
|
16
|
+
scanStatus: string;
|
|
17
|
+
}
|
|
18
|
+
export interface RegistryBatchResult {
|
|
19
|
+
packageId: string;
|
|
20
|
+
name: string;
|
|
21
|
+
packageType: string;
|
|
22
|
+
trustLevel: number;
|
|
23
|
+
trustScore: number;
|
|
24
|
+
verdict: string;
|
|
25
|
+
confidence: number;
|
|
26
|
+
scanStatus: string;
|
|
27
|
+
communityScans: number;
|
|
28
|
+
}
|
|
29
|
+
export interface RegistryBatchResponse {
|
|
30
|
+
queriedAt: string;
|
|
31
|
+
results: RegistryBatchResult[];
|
|
32
|
+
total: number;
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Enrich a list of assets with community trust data from the OpenA2A Registry.
|
|
36
|
+
*
|
|
37
|
+
* Uses the batch endpoint for efficiency. Handles errors gracefully -- if the
|
|
38
|
+
* registry is unreachable, slow, or returns unexpected data, returns an empty
|
|
39
|
+
* map instead of throwing.
|
|
40
|
+
*
|
|
41
|
+
* @param assets Array of { name, type } to query (e.g. MCP server names)
|
|
42
|
+
* @param registryBaseUrl Base URL of the registry (no trailing slash)
|
|
43
|
+
* @returns Map of "name:type" -> enrichment data
|
|
44
|
+
*/
|
|
45
|
+
export declare function enrichFromRegistry(assets: {
|
|
46
|
+
name: string;
|
|
47
|
+
type: string;
|
|
48
|
+
}[], registryBaseUrl?: string): Promise<Map<string, RegistryEnrichment>>;
|
|
49
|
+
/**
|
|
50
|
+
* Format a trust score (0-1 float) as a human-readable "X/100" string.
|
|
51
|
+
*/
|
|
52
|
+
export declare function formatTrustScore(score: number): string;
|
|
53
|
+
/**
|
|
54
|
+
* Build a concise trust label for text output.
|
|
55
|
+
* Examples: "Trust: 92/100 | 45 community scans"
|
|
56
|
+
* "Trust: 50/100 | listed"
|
|
57
|
+
* "No registry data"
|
|
58
|
+
*/
|
|
59
|
+
export declare function formatTrustLabel(enrichment: RegistryEnrichment | undefined): string;
|
|
60
|
+
//# sourceMappingURL=registry-enrichment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry-enrichment.d.ts","sourceRoot":"","sources":["../../src/util/registry-enrichment.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,mBAAmB,EAAE,CAAC;IAC/B,KAAK,EAAE,MAAM,CAAC;CACf;AAaD;;;;;;;;;;GAUG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,EAAE,EACxC,eAAe,CAAC,EAAE,MAAM,GACvB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAuD1C;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,kBAAkB,GAAG,SAAS,GAAG,MAAM,CAenF"}
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Registry enrichment -- queries the OpenA2A Registry for community trust data
|
|
4
|
+
* about detected MCP servers and agents.
|
|
5
|
+
*
|
|
6
|
+
* Used by `opena2a detect --registry` to annotate scan results with trust scores,
|
|
7
|
+
* community scan counts, and verification status from the public registry.
|
|
8
|
+
*/
|
|
9
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
10
|
+
exports.enrichFromRegistry = enrichFromRegistry;
|
|
11
|
+
exports.formatTrustScore = formatTrustScore;
|
|
12
|
+
exports.formatTrustLabel = formatTrustLabel;
|
|
13
|
+
// ---------------------------------------------------------------------------
|
|
14
|
+
// Constants
|
|
15
|
+
// ---------------------------------------------------------------------------
|
|
16
|
+
const REGISTRY_TIMEOUT_MS = 5000;
|
|
17
|
+
const DEFAULT_REGISTRY_BASE = 'https://api.oa2a.org';
|
|
18
|
+
// ---------------------------------------------------------------------------
|
|
19
|
+
// Public API
|
|
20
|
+
// ---------------------------------------------------------------------------
|
|
21
|
+
/**
|
|
22
|
+
* Enrich a list of assets with community trust data from the OpenA2A Registry.
|
|
23
|
+
*
|
|
24
|
+
* Uses the batch endpoint for efficiency. Handles errors gracefully -- if the
|
|
25
|
+
* registry is unreachable, slow, or returns unexpected data, returns an empty
|
|
26
|
+
* map instead of throwing.
|
|
27
|
+
*
|
|
28
|
+
* @param assets Array of { name, type } to query (e.g. MCP server names)
|
|
29
|
+
* @param registryBaseUrl Base URL of the registry (no trailing slash)
|
|
30
|
+
* @returns Map of "name:type" -> enrichment data
|
|
31
|
+
*/
|
|
32
|
+
async function enrichFromRegistry(assets, registryBaseUrl) {
|
|
33
|
+
const enrichments = new Map();
|
|
34
|
+
if (assets.length === 0) {
|
|
35
|
+
return enrichments;
|
|
36
|
+
}
|
|
37
|
+
const baseUrl = (registryBaseUrl || DEFAULT_REGISTRY_BASE).replace(/\/+$/, '');
|
|
38
|
+
const batchUrl = `${baseUrl}/api/v1/trust/batch`;
|
|
39
|
+
try {
|
|
40
|
+
const controller = new AbortController();
|
|
41
|
+
const timeout = setTimeout(() => controller.abort(), REGISTRY_TIMEOUT_MS);
|
|
42
|
+
const body = JSON.stringify({
|
|
43
|
+
packages: assets.map((a) => ({ name: a.name, type: a.type })),
|
|
44
|
+
});
|
|
45
|
+
const response = await fetch(batchUrl, {
|
|
46
|
+
method: 'POST',
|
|
47
|
+
headers: { 'Content-Type': 'application/json' },
|
|
48
|
+
body,
|
|
49
|
+
signal: controller.signal,
|
|
50
|
+
});
|
|
51
|
+
clearTimeout(timeout);
|
|
52
|
+
if (!response.ok) {
|
|
53
|
+
return enrichments;
|
|
54
|
+
}
|
|
55
|
+
const data = (await response.json());
|
|
56
|
+
if (!data.results || !Array.isArray(data.results)) {
|
|
57
|
+
return enrichments;
|
|
58
|
+
}
|
|
59
|
+
for (const result of data.results) {
|
|
60
|
+
const key = `${result.name}:${result.packageType}`;
|
|
61
|
+
enrichments.set(key, {
|
|
62
|
+
name: result.name,
|
|
63
|
+
packageType: result.packageType,
|
|
64
|
+
trustScore: result.trustScore,
|
|
65
|
+
trustLevel: result.trustLevel,
|
|
66
|
+
verdict: result.verdict,
|
|
67
|
+
communityScans: result.communityScans,
|
|
68
|
+
verified: result.verdict === 'verified' || result.trustLevel >= 4,
|
|
69
|
+
scanStatus: result.scanStatus,
|
|
70
|
+
});
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
catch {
|
|
74
|
+
// Registry unreachable, timed out, or returned bad data -- skip enrichment
|
|
75
|
+
}
|
|
76
|
+
return enrichments;
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Format a trust score (0-1 float) as a human-readable "X/100" string.
|
|
80
|
+
*/
|
|
81
|
+
function formatTrustScore(score) {
|
|
82
|
+
return `${Math.round(score * 100)}/100`;
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Build a concise trust label for text output.
|
|
86
|
+
* Examples: "Trust: 92/100 | 45 community scans"
|
|
87
|
+
* "Trust: 50/100 | listed"
|
|
88
|
+
* "No registry data"
|
|
89
|
+
*/
|
|
90
|
+
function formatTrustLabel(enrichment) {
|
|
91
|
+
if (!enrichment) {
|
|
92
|
+
return 'No registry data';
|
|
93
|
+
}
|
|
94
|
+
const score = formatTrustScore(enrichment.trustScore);
|
|
95
|
+
const parts = [`Trust: ${score}`];
|
|
96
|
+
if (enrichment.communityScans > 0) {
|
|
97
|
+
parts.push(`${enrichment.communityScans} community scan${enrichment.communityScans !== 1 ? 's' : ''}`);
|
|
98
|
+
}
|
|
99
|
+
else if (enrichment.verdict) {
|
|
100
|
+
parts.push(enrichment.verdict);
|
|
101
|
+
}
|
|
102
|
+
return parts.join(' | ');
|
|
103
|
+
}
|
|
104
|
+
//# sourceMappingURL=registry-enrichment.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"registry-enrichment.js","sourceRoot":"","sources":["../../src/util/registry-enrichment.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AAyDH,gDA0DC;AAKD,4CAEC;AAQD,4CAeC;AA9GD,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,mBAAmB,GAAG,IAAI,CAAC;AACjC,MAAM,qBAAqB,GAAG,sBAAsB,CAAC;AAErD,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACI,KAAK,UAAU,kBAAkB,CACtC,MAAwC,EACxC,eAAwB;IAExB,MAAM,WAAW,GAAG,IAAI,GAAG,EAA8B,CAAC;IAE1D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,eAAe,IAAI,qBAAqB,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC/E,MAAM,QAAQ,GAAG,GAAG,OAAO,qBAAqB,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;QAE1E,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1B,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;SAC9D,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YACrC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI;YACJ,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,OAAO,CAAC,CAAC;QAEtB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA0B,CAAC;QAE9D,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClD,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACnD,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE;gBACnB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,QAAQ,EAAE,MAAM,CAAC,OAAO,KAAK,UAAU,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC;gBACjE,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,2EAA2E;IAC7E,CAAC;IAED,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,UAA0C;IACzE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAED,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACtD,MAAM,KAAK,GAAG,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC;IAElC,IAAI,UAAU,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,cAAc,kBAAkB,UAAU,CAAC,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACzG,CAAC;SAAM,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;QAC9B,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}
|
|
@@ -67,4 +67,36 @@ export declare function getRegistryUrl(): Promise<string>;
|
|
|
67
67
|
* dismissed the prompt. This lets us demonstrate value first.
|
|
68
68
|
*/
|
|
69
69
|
export declare function recordScanAndMaybePrompt(): Promise<void>;
|
|
70
|
+
/**
|
|
71
|
+
* Normalize a detect result into the ScanReport format.
|
|
72
|
+
* Maps shadow AI findings so the registry can aggregate:
|
|
73
|
+
* - Which agents and MCP servers are in use across the community
|
|
74
|
+
* - What governance gaps are most common
|
|
75
|
+
* - Which MCP capabilities are widespread
|
|
76
|
+
*/
|
|
77
|
+
export declare function normalizeDetectReport(result: {
|
|
78
|
+
summary: {
|
|
79
|
+
governanceScore: number;
|
|
80
|
+
totalAgents: number;
|
|
81
|
+
mcpServers: number;
|
|
82
|
+
aiConfigs: number;
|
|
83
|
+
};
|
|
84
|
+
agents: {
|
|
85
|
+
name: string;
|
|
86
|
+
category: string;
|
|
87
|
+
governanceStatus: string;
|
|
88
|
+
}[];
|
|
89
|
+
mcpServers: {
|
|
90
|
+
name: string;
|
|
91
|
+
capabilities: string[];
|
|
92
|
+
source: string;
|
|
93
|
+
}[];
|
|
94
|
+
findings: {
|
|
95
|
+
severity: string;
|
|
96
|
+
category: string;
|
|
97
|
+
title: string;
|
|
98
|
+
whyItMatters: string;
|
|
99
|
+
}[];
|
|
100
|
+
scanDirectory: string;
|
|
101
|
+
}): ScanReport;
|
|
70
102
|
//# sourceMappingURL=report-submission.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"report-submission.d.ts","sourceRoot":"","sources":["../../src/util/report-submission.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,4BAA4B;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,iCAAiC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,wBAAwB;IACxB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,qCAAqC;IACrC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAID;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,GAAG,IAAI,CAgEzF;AAID,wBAAsB,gBAAgB,CACpC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,CAqClB;AASD,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,OAAO,CAAC,CAO5D;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CAQtD;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC,CAa9D"}
|
|
1
|
+
{"version":3,"file":"report-submission.d.ts","sourceRoot":"","sources":["../../src/util/report-submission.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAMH,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mBAAmB;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,sBAAsB;IACtB,cAAc,EAAE,MAAM,CAAC;IACvB,4BAA4B;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,iCAAiC;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,wBAAwB;IACxB,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,8BAA8B;IAC9B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,qCAAqC;IACrC,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAID;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,GAAG,IAAI,CAgEzF;AAID,wBAAsB,gBAAgB,CACpC,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,OAAO,CAAC,CAqClB;AASD,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,OAAO,CAAC,CAO5D;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,CAQtD;AAED;;;;GAIG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC,CAa9D;AAID;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE;IAC5C,OAAO,EAAE;QAAE,eAAe,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IACjG,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACvE,UAAU,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACvE,QAAQ,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IACxF,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG,UAAU,CA6Cb"}
|
|
@@ -18,6 +18,7 @@ exports.submitScanReport = submitScanReport;
|
|
|
18
18
|
exports.isContributeEnabled = isContributeEnabled;
|
|
19
19
|
exports.getRegistryUrl = getRegistryUrl;
|
|
20
20
|
exports.recordScanAndMaybePrompt = recordScanAndMaybePrompt;
|
|
21
|
+
exports.normalizeDetectReport = normalizeDetectReport;
|
|
21
22
|
const colors_js_1 = require("./colors.js");
|
|
22
23
|
// --- Governance scan normalization ---
|
|
23
24
|
/**
|
|
@@ -162,6 +163,59 @@ async function recordScanAndMaybePrompt() {
|
|
|
162
163
|
// Non-critical
|
|
163
164
|
}
|
|
164
165
|
}
|
|
166
|
+
// --- Detect scan normalization ---
|
|
167
|
+
/**
|
|
168
|
+
* Normalize a detect result into the ScanReport format.
|
|
169
|
+
* Maps shadow AI findings so the registry can aggregate:
|
|
170
|
+
* - Which agents and MCP servers are in use across the community
|
|
171
|
+
* - What governance gaps are most common
|
|
172
|
+
* - Which MCP capabilities are widespread
|
|
173
|
+
*/
|
|
174
|
+
function normalizeDetectReport(result) {
|
|
175
|
+
const score = result.summary.governanceScore;
|
|
176
|
+
let criticalCount = 0;
|
|
177
|
+
let highCount = 0;
|
|
178
|
+
let mediumCount = 0;
|
|
179
|
+
let lowCount = 0;
|
|
180
|
+
const findings = result.findings.map((f, i) => {
|
|
181
|
+
if (f.severity === 'critical')
|
|
182
|
+
criticalCount++;
|
|
183
|
+
else if (f.severity === 'high')
|
|
184
|
+
highCount++;
|
|
185
|
+
else if (f.severity === 'medium')
|
|
186
|
+
mediumCount++;
|
|
187
|
+
else
|
|
188
|
+
lowCount++;
|
|
189
|
+
return {
|
|
190
|
+
findingId: `DETECT-${f.category.toUpperCase()}-${String(i + 1).padStart(3, '0')}`,
|
|
191
|
+
severity: f.severity,
|
|
192
|
+
category: f.category,
|
|
193
|
+
title: f.title,
|
|
194
|
+
description: f.whyItMatters,
|
|
195
|
+
};
|
|
196
|
+
});
|
|
197
|
+
// Include MCP tool names for community intelligence
|
|
198
|
+
const mcpTools = result.mcpServers
|
|
199
|
+
.filter(s => s.source.includes('(project)'))
|
|
200
|
+
.map(s => s.name);
|
|
201
|
+
const verdict = score >= 80 ? 'pass' : score >= 50 ? 'warnings' : 'fail';
|
|
202
|
+
return {
|
|
203
|
+
packageName: 'shadow-ai-audit',
|
|
204
|
+
packageType: 'detect',
|
|
205
|
+
scannerName: 'opena2a-detect',
|
|
206
|
+
scannerVersion: '0.6.3',
|
|
207
|
+
overallScore: score,
|
|
208
|
+
scanDurationMs: 0,
|
|
209
|
+
criticalCount,
|
|
210
|
+
highCount,
|
|
211
|
+
mediumCount,
|
|
212
|
+
lowCount,
|
|
213
|
+
infoCount: 0,
|
|
214
|
+
verdict,
|
|
215
|
+
findings,
|
|
216
|
+
mcpTools: mcpTools.length > 0 ? mcpTools : undefined,
|
|
217
|
+
};
|
|
218
|
+
}
|
|
165
219
|
function printContributePrompt() {
|
|
166
220
|
process.stderr.write('\n');
|
|
167
221
|
process.stderr.write((0, colors_js_1.cyan)(' Your scans help the community detect unsafe tools.\n'));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"report-submission.js","sourceRoot":"","sources":["../../src/util/report-submission.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AAwDH,8DAgEC;AAID,4CAyCC;AASD,kDAOC;AAED,wCAQC;AAOD,4DAaC;
|
|
1
|
+
{"version":3,"file":"report-submission.js","sourceRoot":"","sources":["../../src/util/report-submission.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;AAwDH,8DAgEC;AAID,4CAyCC;AASD,kDAOC;AAED,wCAQC;AAOD,4DAaC;AAWD,sDAmDC;AA/QD,2CAAgD;AAgDhD,wCAAwC;AAExC;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,GAA4B;IACpE,0EAA0E;IAC1E,IAAI,CAAC,GAAG,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAE5C,MAAM,KAAK,GAAI,GAAG,CAAC,KAAgB,IAAI,CAAC,CAAC;IACzC,MAAM,KAAK,GAAI,GAAG,CAAC,KAAgB,IAAI,iBAAiB,CAAC;IACzD,MAAM,OAAO,GAAG,GAAG,CAAC,OAKlB,CAAC;IAEH,MAAM,QAAQ,GAAkB,EAAE,CAAC;IACnC,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,kEAAkE;IAClE,MAAM,WAAW,GAA2B;QAC1C,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU;QACpD,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM;QACnE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM;QACnE,aAAa,EAAE,MAAM;KACtB,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,QAAQ,CAAC;gBACrD,IAAI,QAAQ,KAAK,UAAU;oBAAE,aAAa,EAAE,CAAC;qBACxC,IAAI,QAAQ,KAAK,MAAM;oBAAE,SAAS,EAAE,CAAC;qBACrC,IAAI,QAAQ,KAAK,QAAQ;oBAAE,WAAW,EAAE,CAAC;;oBACzC,QAAQ,EAAE,CAAC;gBAEhB,QAAQ,CAAC,IAAI,CAAC;oBACZ,SAAS,EAAE,OAAO,CAAC,EAAE;oBACrB,QAAQ;oBACR,QAAQ,EAAE,YAAY;oBACtB,KAAK,EAAE,GAAG,OAAO,CAAC,IAAI,gBAAgB;oBACtC,WAAW,EAAE,WAAW,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC,IAAI,sDAAsD,MAAM,CAAC,MAAM,GAAG;iBAC1H,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;IAEzE,OAAO;QACL,WAAW,EAAG,GAAG,CAAC,IAAe,IAAI,SAAS;QAC9C,WAAW,EAAE,YAAY;QACzB,WAAW,EAAE,aAAa;QAC1B,cAAc,EAAE,OAAO;QACvB,YAAY,EAAE,KAAK;QACnB,cAAc,EAAE,CAAC;QACjB,aAAa;QACb,SAAS;QACT,WAAW;QACX,QAAQ;QACR,SAAS,EAAE,CAAC;QACZ,OAAO;QACP,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,qBAAqB;AAEd,KAAK,UAAU,gBAAgB,CACpC,WAAmB,EACnB,MAAkB,EAClB,OAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,GAAG,WAAW,2BAA2B,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,QAAQ,EAAE,kBAAkB;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,MAAM;gBACT,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,aAAa,EAAE,OAAO;aACvB,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAChB,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,8CAA8C,CAAC,CAAC,CAAC;YAC5E,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uDAAuD;QACvD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,IAAI,OAAO,EAAE,CAAC;gBACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,oDAAoD,CAAC,CAAC,CAAC;YAClF,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,kCAAkC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,iEAAiE;AAEjE,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,MAAO,QAAQ,CAAC,kCAAkC,CAAC,EAAmB,CAAC;IACtF,OAAO,SAAS,IAAI,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,mBAAmB;IACvC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;QAC/B,OAAO,GAAG,CAAC,mBAAmB,EAAE,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,cAAc;IAClC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,GAAG,CAAC,cAAc,EAAE,CAAC;QACpC,OAAO,MAAM,CAAC,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,6BAA6B;IAC1C,CAAC;AACH,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,wBAAwB;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,UAAU,EAAE,CAAC;QAC/B,GAAG,CAAC,kBAAkB,EAAE,CAAC;QAEzB,IAAI,GAAG,CAAC,sBAAsB,EAAE,EAAE,CAAC;YACjC,qBAAqB,EAAE,CAAC;YACxB,gDAAgD;YAChD,GAAG,CAAC,uBAAuB,EAAE,CAAC;QAChC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,eAAe;IACjB,CAAC;AACH,CAAC;AAED,oCAAoC;AAEpC;;;;;;GAMG;AACH,SAAgB,qBAAqB,CAAC,MAMrC;IACC,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC;IAC7C,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,MAAM,QAAQ,GAAkB,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3D,IAAI,CAAC,CAAC,QAAQ,KAAK,UAAU;YAAE,aAAa,EAAE,CAAC;aAC1C,IAAI,CAAC,CAAC,QAAQ,KAAK,MAAM;YAAE,SAAS,EAAE,CAAC;aACvC,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ;YAAE,WAAW,EAAE,CAAC;;YAC3C,QAAQ,EAAE,CAAC;QAEhB,OAAO;YACL,SAAS,EAAE,UAAU,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE;YACjF,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,KAAK,EAAE,CAAC,CAAC,KAAK;YACd,WAAW,EAAE,CAAC,CAAC,YAAY;SAC5B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU;SAC/B,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;SAC3C,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAEpB,MAAM,OAAO,GAAG,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC;IAEzE,OAAO;QACL,WAAW,EAAE,iBAAiB;QAC9B,WAAW,EAAE,QAAQ;QACrB,WAAW,EAAE,gBAAgB;QAC7B,cAAc,EAAE,OAAO;QACvB,YAAY,EAAE,KAAK;QACnB,cAAc,EAAE,CAAC;QACjB,aAAa;QACb,SAAS;QACT,WAAW;QACX,QAAQ;QACR,SAAS,EAAE,CAAC;QACZ,OAAO;QACP,QAAQ;QACR,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,gBAAI,EAAC,wDAAwD,CAAC,CAAC,CAAC;IACrF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,8DAA8D,CAAC,CAAC,CAAC;IAC1F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,aAAa,CAAC,GAAG,IAAA,kBAAM,EAAC,8BAA8B,CAAC,GAAG,IAAI,CAAC,CAAC;IACzF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAA,eAAG,EAAC,4CAA4C,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC"}
|