npm - policylayer - Versions diffs - 0.1.2 → 0.1.4 - Mend

policylayer 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,1125 @@
 #!/usr/bin/env node
-import{Command as D}from"commander";import{readFileSync as $}from"fs";import{existsSync as v,readFileSync as j}from"fs";import{join as p}from"path";import{homedir as a}from"os";import{parse as h}from"smol-toml";function x(r){return[{path:p(r,".mcp.json"),source:".mcp.json (project)",type:"json-mcp"},{path:p(r,".cursor/mcp.json"),source:".cursor/mcp.json (project)",type:"json-mcp"},{path:p(r,".vscode/settings.json"),source:"VS Code (project)",type:"json-vscode"},{path:p(r,".codex/config.toml"),source:".codex/config.toml (project)",type:"toml-codex"},{path:p(a(),".claude.json"),source:"~/.claude.json (user)",type:"json-mcp"},{path:p(a(),"Library/Application Support/Claude/claude_desktop_config.json"),source:"Claude Desktop (user)",type:"json-mcp"},{path:p(a(),".codeium/windsurf/mcp_config.json"),source:"Windsurf (user)",type:"json-mcp"},{path:p(a(),".codex/config.toml"),source:"~/.codex/config.toml (user)",type:"toml-codex"}]}function R(r){return JSON.parse(r).mcpServers||{}}function w(r){let e=JSON.parse(r);return e.mcp?e.mcp.servers||{}:null}function C(r){return h(r).mcp_servers||{}}function u(r){let e=[],o=x(r);for(let{path:n,source:t,type:s}of o)if(v(n))try{let i=j(n,"utf-8"),c=null;switch(s){case"json-mcp":c=R(i);break;case"json-vscode":c=w(i);break;case"toml-codex":c=C(i);break}if(c===null)continue;e.push({source:t,path:n,servers:Object.keys(c),raw:{mcpServers:c}})}catch{}return e}var k=[/^sk-/,/^ghp_/,/^gho_/,/^ghu_/,/^ghs_/,/^glpat-/,/^xoxb-/,/^xoxp-/,/^Bearer\s/,/^pk_/,/^sk_live_/,/^sk_test_/,/^ict_/,/^[a-z]{2,6}_[a-f0-9]{16,}$/i,/^[a-f0-9]{32,}$/i],E=[/\/Users\//,/\/home\//,/\\Users\\/,/^[A-Z]:\\/,/^\//];function b(r){return k.some(e=>e.test(r))}function M(r){return E.some(e=>e.test(r))}function _(r){return!!(r.startsWith("@")&&r.includes("/")||/^[a-z][\w.-]*$/.test(r))}function g(r){let e={};for(let[o,n]of Object.entries(r)){let t={};if(n.command){let s=n.command.split(/[/\\]/);t.command=s[s.length-1]||n.command}Array.isArray(n.args)&&(t.args=n.args.filter(s=>typeof s!="string"||b(s)||M(s)||s.startsWith("-")?!1:_(s))),e[o]=t}return e}async function l(r,e){let o=await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({mcpServers:r})}),n=await o.json();if(!o.ok)throw new Error(n.error||`Scan failed with status ${o.status}`);return n}function m(r){let e=[];for(let o of r)e.push(`  Found ${o.servers.length} server${o.servers.length===1?"":"s"} in ${o.source}`);return e.join(`
-`)}function d(r){return["No MCP configuration found.","","Checked:",...r.map(o=>`  - ${o}`),"","Use --config <path> to specify a config file,","or try the web scanner at https://policylayer.com/scan"].join(`
-`)}function y(r){return["","  Report ready:",`  ${r}`,""].join(`
-`)}function S(r){return["","Dry run -- would send:",JSON.stringify(r,null,2)].join(`
-`)}var f=new D;f.name("policylayer").description("Scan your MCP config for security risks").version("0.1.0");f.command("scan").description("Scan MCP server configuration").option("--config <path>","Path to MCP config file").option("--dry-run","Show what would be sent without sending").option("--api-url <url>","Scan API URL","https://policylayer.com/api/scan").action(async r=>{try{let e={};if(r.config)try{let t=JSON.parse($(r.config,"utf-8")),s=t.mcpServers||t;e=s;let i=Object.keys(s).length;console.log(`  Found ${i} server${i===1?"":"s"} in ${r.config}`)}catch(t){console.error(`Error reading config: ${r.config}`),console.error(t.message),process.exit(1)}else{let t=u(process.cwd());t.length===0&&(console.log(d([".mcp.json (project root)","~/.claude.json (user-level)","Claude Desktop config (macOS)",".cursor/mcp.json (project)",".vscode/settings.json (project)","Windsurf config (user)",".codex/config.toml (project)","~/.codex/config.toml (user)"])),process.exit(0)),console.log(m(t));let s=t.filter(c=>c.source.includes("user")),i=t.filter(c=>!c.source.includes("user"));for(let c of s)Object.assign(e,c.raw.mcpServers);for(let c of i)Object.assign(e,c.raw.mcpServers)}let o=g(e);if(r.dryRun){console.log(S({mcpServers:o}));return}console.log("  Sending server identifiers only -- secrets stripped");let n=await l(o,r.apiUrl);console.log(y(n.url))}catch(e){console.error(`Error: ${e.message}`),process.exit(1)}});f.parse();
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+// ../classifier/dist/verbs.js
+var require_verbs = __commonJS({
+  "../classifier/dist/verbs.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.VERB_MAP = void 0;
+    exports.splitName = splitName;
+    exports.findFirstVerb = findFirstVerb;
+    exports.firstVerbIsRead = firstVerbIsRead;
+    exports.VERB_MAP = {};
+    var READ_VERBS = [
+      "get",
+      "list",
+      "search",
+      "read",
+      "fetch",
+      "query",
+      "browse",
+      "view",
+      "show",
+      "describe",
+      "find",
+      "check",
+      "lookup",
+      "retrieve",
+      "locate",
+      "inspect",
+      "ask",
+      "count",
+      "poll",
+      "download",
+      "extract",
+      "screenshot",
+      "introspect",
+      "detect",
+      "analyze",
+      "analyse",
+      "scan",
+      "validate",
+      "verify",
+      "monitor",
+      "watch",
+      "observe",
+      "consume",
+      "load",
+      "data",
+      "docs",
+      "enrich",
+      "translate",
+      "cognify",
+      "take",
+      "test",
+      "snapshot",
+      "geocode",
+      "status",
+      "support",
+      "matrix",
+      "expert",
+      "is"
+    ];
+    var DESTRUCTIVE_VERBS = [
+      "delete",
+      "remove",
+      "destroy",
+      "drop",
+      "truncate",
+      "purge",
+      "wipe",
+      "erase",
+      "revoke",
+      "cancel",
+      "uninstall",
+      "reset",
+      "clear",
+      "force",
+      "decompile",
+      "unpublish",
+      "discard"
+    ];
+    var EXECUTE_VERBS = [
+      "run",
+      "execute",
+      "invoke",
+      "trigger",
+      "start",
+      "deploy",
+      "build",
+      "restart",
+      "scale",
+      "compile",
+      "launch",
+      "emulate",
+      "initialize",
+      "initialise",
+      "navigate",
+      "parse",
+      "rephrase",
+      "transform",
+      "stop",
+      "performance",
+      "wait",
+      "new",
+      "produce"
+    ];
+    var WRITE_VERBS = [
+      "create",
+      "add",
+      "update",
+      "set",
+      "modify",
+      "put",
+      "patch",
+      "edit",
+      "configure",
+      "enable",
+      "disable",
+      "assign",
+      "upload",
+      "write",
+      "send",
+      "post",
+      "publish",
+      "manage",
+      "save",
+      "install",
+      "boot",
+      "setup",
+      "select",
+      "click",
+      "tap",
+      "press",
+      "scroll",
+      "swipe",
+      "drag",
+      "activate",
+      "handle",
+      "switch",
+      "generate",
+      "move",
+      "copy",
+      "import",
+      "export",
+      "connect",
+      "disconnect",
+      "close",
+      "open",
+      "attach",
+      "insert",
+      "apply",
+      "convert",
+      "merge",
+      "register",
+      "submit",
+      "approve",
+      "reject",
+      "mark",
+      "comment",
+      "annotate",
+      "pin",
+      "lock",
+      "unlock",
+      "archive",
+      "restore",
+      "suspend",
+      "resume",
+      "terminate",
+      "complete",
+      "uncomplete",
+      "rename",
+      "fill",
+      "invite",
+      "alter",
+      "vote",
+      "plan",
+      "planner",
+      "replace",
+      "upsert",
+      "type",
+      "resize",
+      "push",
+      "issue",
+      "autofix",
+      "login",
+      "checkout",
+      "commit",
+      "promote",
+      "resolve",
+      "unarchive",
+      "schedule",
+      "migrate"
+    ];
+    for (const v of READ_VERBS)
+      exports.VERB_MAP[v] = "Read";
+    for (const v of DESTRUCTIVE_VERBS)
+      exports.VERB_MAP[v] = "Destructive";
+    for (const v of EXECUTE_VERBS)
+      exports.VERB_MAP[v] = "Execute";
+    for (const v of WRITE_VERBS)
+      exports.VERB_MAP[v] = "Write";
+    function splitName(name) {
+      const parts = name.split(/[-_]/);
+      const words = [];
+      for (const part of parts) {
+        const camelParts = part.replace(/([a-z])([A-Z])/g, "$1_$2").toLowerCase().split("_");
+        words.push(...camelParts.filter(Boolean));
+      }
+      return words;
+    }
+    function findFirstVerb(words) {
+      for (const word of words) {
+        const cat = exports.VERB_MAP[word];
+        if (cat)
+          return cat;
+      }
+      return null;
+    }
+    function firstVerbIsRead(words) {
+      for (const word of words) {
+        if (exports.VERB_MAP[word])
+          return exports.VERB_MAP[word] === "Read";
+      }
+      return false;
+    }
+  }
+});
+// ../classifier/dist/schema.js
+var require_schema = __commonJS({
+  "../classifier/dist/schema.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.analyseSchema = analyseSchema;
+    var CODE_EXECUTION_PROPS = /* @__PURE__ */ new Set([
+      "sql",
+      "query",
+      "raw_sql",
+      "raw_query",
+      "statement",
+      "code",
+      "script",
+      "command",
+      "shell",
+      "shell_command",
+      "cmd",
+      "bash",
+      "exec",
+      "expression",
+      "eval",
+      "python",
+      "javascript",
+      "js",
+      "lua",
+      "ruby"
+    ]);
+    var FILESYSTEM_PROPS = /* @__PURE__ */ new Set([
+      "path",
+      "file",
+      "file_path",
+      "filepath",
+      "filename",
+      "directory",
+      "dir",
+      "folder",
+      "source_path",
+      "dest_path",
+      "destination",
+      "target_path",
+      "working_directory",
+      "cwd"
+    ]);
+    var NETWORK_PROPS = /* @__PURE__ */ new Set([
+      "url",
+      "uri",
+      "endpoint",
+      "host",
+      "hostname",
+      "webhook",
+      "webhook_url",
+      "callback_url",
+      "redirect_url",
+      "api_url",
+      "base_url"
+    ]);
+    var CREDENTIAL_PROPS = /* @__PURE__ */ new Set([
+      "password",
+      "secret",
+      "token",
+      "api_key",
+      "apikey",
+      "private_key",
+      "access_token",
+      "auth",
+      "credentials",
+      "connection_string"
+    ]);
+    var INJECTION_PROPS = /* @__PURE__ */ new Set([
+      "html",
+      "body",
+      "template",
+      "content",
+      "raw_body",
+      "raw_html",
+      "markup",
+      "payload"
+    ]);
+    function extractProperties(schema, prefix = "") {
+      const props = [];
+      const properties = schema.properties;
+      if (!properties || typeof properties !== "object")
+        return props;
+      for (const [key, value] of Object.entries(properties)) {
+        if (!value || typeof value !== "object")
+          continue;
+        const fullName = prefix ? `${prefix}.${key}` : key;
+        props.push({
+          name: fullName,
+          type: value.type,
+          description: value.description
+        });
+        if (value.type === "object" && value.properties) {
+          props.push(...extractProperties(value, fullName));
+        }
+        if (value.type === "array" && value.items && typeof value.items === "object") {
+          const items = value.items;
+          if (items.type === "object" && items.properties) {
+            props.push(...extractProperties(items, `${fullName}[]`));
+          }
+        }
+      }
+      return props;
+    }
+    function normalisePropName(name) {
+      const leaf = name.includes(".") ? name.split(".").pop() : name;
+      return leaf.toLowerCase().replace(/[-_\s]/g, "_");
+    }
+    function analyseSchema(schema) {
+      const signals = [];
+      const properties = extractProperties(schema);
+      if (properties.length === 0)
+        return signals;
+      const seen = /* @__PURE__ */ new Set();
+      for (const prop of properties) {
+        const norm = normalisePropName(prop.name);
+        if (CODE_EXECUTION_PROPS.has(norm) && !seen.has("code_exec")) {
+          seen.add("code_exec");
+          signals.push({
+            signal: `Accepts freeform code/query input (${prop.name})`,
+            weight: 0.15
+          });
+        }
+        if (FILESYSTEM_PROPS.has(norm) && !seen.has("filesystem")) {
+          seen.add("filesystem");
+          signals.push({
+            signal: `Accepts file system path (${prop.name})`,
+            weight: 0.1
+          });
+        }
+        if (NETWORK_PROPS.has(norm) && !seen.has("network")) {
+          seen.add("network");
+          signals.push({
+            signal: `Accepts URL/endpoint input (${prop.name})`,
+            weight: 0.08
+          });
+        }
+        if (CREDENTIAL_PROPS.has(norm) && !seen.has("credential")) {
+          seen.add("credential");
+          signals.push({
+            signal: `Handles credentials or secrets (${prop.name})`,
+            weight: 0.12
+          });
+        }
+        if (INJECTION_PROPS.has(norm) && !seen.has("injection")) {
+          seen.add("injection");
+          signals.push({
+            signal: `Accepts raw HTML/template content (${prop.name})`,
+            weight: 0.05
+          });
+        }
+      }
+      if (properties.length >= 10) {
+        signals.push({
+          signal: `High parameter count (${properties.length} properties)`,
+          weight: 0.05
+        });
+      }
+      return signals;
+    }
+  }
+});
+// ../classifier/dist/blast-radius.js
+var require_blast_radius = __commonJS({
+  "../classifier/dist/blast-radius.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.analyseBlastRadius = analyseBlastRadius;
+    var BULK_NAME_PATTERNS = [
+      /\ball[_-]?/i,
+      /\bbulk[_-]?/i,
+      /\bbatch[_-]?/i,
+      /\bmass[_-]?/i,
+      /\bglobal[_-]?/i,
+      /[_-]all$/i
+    ];
+    var SINGLE_NAME_PATTERNS = [
+      /by[_-]?id$/i,
+      /by[_-]?name$/i,
+      /by[_-]?slug$/i,
+      /by[_-]?key$/i,
+      /by[_-]?email$/i,
+      /[_-]one$/i,
+      /[_-]single$/i
+    ];
+    var BULK_DESC = /\b(all\s+(?:records?|items?|users?|entries|data|files?|messages?|documents?)|every\s+|entire\s+|everything|in\s+bulk|batch\s+(?:delete|remove|update)|mass\s+(?:delete|remove|update)|wipe\s+(?:all|everything)|clear\s+(?:all|everything))\b/i;
+    var SINGLE_DESC = /\b(a\s+(?:single|specific|particular|given)|(?:one|individual)\s+(?:record|item|user|entry|file|message|document)|by\s+(?:its?\s+)?(?:ID|identifier|key|name))\b/i;
+    var ADMIN_NAME = /^(?:admin|root|system|sudo|superuser|master)[_-]/i;
+    var ADMIN_DESC = /\b(admin(?:istrat(?:or|ive))?|root|system[_-]?level|superuser|privileged|elevated\s+permissions?)\b/i;
+    function analyseBlastRadius(name, description) {
+      const signals = [];
+      const isBulk = BULK_NAME_PATTERNS.some((p) => p.test(name)) || BULK_DESC.test(description);
+      const isSingle = SINGLE_NAME_PATTERNS.some((p) => p.test(name)) || SINGLE_DESC.test(description);
+      if (isBulk && !isSingle) {
+        signals.push({
+          signal: "Bulk/mass operation \u2014 affects multiple targets",
+          weight: 0.15
+        });
+      } else if (isSingle && !isBulk) {
+        signals.push({
+          signal: "Single-target operation",
+          weight: -0.05
+        });
+      }
+      if (ADMIN_NAME.test(name) || ADMIN_DESC.test(description)) {
+        signals.push({
+          signal: "Admin/system-level operation",
+          weight: 0.1
+        });
+      }
+      return signals;
+    }
+  }
+});
+// ../classifier/dist/classify.js
+var require_classify = __commonJS({
+  "../classifier/dist/classify.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.classifyTool = classifyTool2;
+    var verbs_1 = require_verbs();
+    var schema_1 = require_schema();
+    var blast_radius_1 = require_blast_radius();
+    var FINANCIAL_COMPOUND = /(?:^|[_-])(?:create[_-]?payment|create[_-]?charge|create[_-]?refund|create[_-]?payment[_-]?link|process[_-]?payment|finalize[_-]?invoice|finalise[_-]?invoice|send[_-]?invoice)(?:[_A-Z-]|$)/i;
+    var FINANCIAL_VERBS_SEGMENT = /^(pay|charge|refund|transfer|withdraw|deposit|finalize|finalise)$/i;
+    var DESTRUCTIVE_DESC = /\b(permanently|irreversible|cannot be undone|destroy|clear,?\s*(copy,?\s*)?delete|wipe|purge)\b/i;
+    var FINANCIAL_DESC = /\b(process\s+payment|initiate\s+transfer|send\s+money|charge\s+customer|collect\s+payment)\b/i;
+    var READ_DESC = /\b(lists?|retrieves?|gets?|fetche?s?|search(?:es)?|shows?|views?|browses?|quer(?:y|ies)|reads?)\b/i;
+    var WRITE_DESC = /\b(create|add|update|modify|edit|configure|set|save|write|send|upload|install|manage|assign)\b/i;
+    var EXECUTE_DESC = /\b(run|execute|invoke|trigger|start|deploy|build|restart|scale)\b/i;
+    var DESTRUCTIVE_DESC_FALLBACK = /\b(delete|remove|destroy|drop|purge|wipe|erase|revoke|cancel|uninstall|reset|clear)\b/i;
+    var SEVERITY_MAP = {
+      Read: "Low",
+      Write: "Medium",
+      Execute: "Medium",
+      Destructive: "High",
+      Financial: "Critical",
+      Other: "Low"
+    };
+    var BASE_WEIGHT = {
+      Read: 0.1,
+      Other: 0.15,
+      Write: 0.3,
+      Execute: 0.5,
+      Destructive: 0.7,
+      Financial: 0.85
+    };
+    function classifyTool2(input) {
+      const { name, description, inputSchema, serverContext } = input;
+      const signals = [];
+      const { category, confidence } = categorise(name, description, serverContext);
+      const schemaSignals = inputSchema ? (0, schema_1.analyseSchema)(inputSchema) : [];
+      signals.push(...schemaSignals);
+      const blastSignals = (0, blast_radius_1.analyseBlastRadius)(name, description);
+      signals.push(...blastSignals);
+      let riskWeight = BASE_WEIGHT[category];
+      const schemaModifier = Math.min(0.3, schemaSignals.reduce((sum, s) => sum + s.weight, 0));
+      if (schemaModifier > 0)
+        riskWeight += schemaModifier;
+      const blastModifier = blastSignals.reduce((sum, s) => sum + s.weight, 0);
+      riskWeight += blastModifier;
+      if (confidence === "low") {
+        riskWeight *= 0.8;
+      }
+      riskWeight = Math.max(0, Math.min(1, riskWeight));
+      riskWeight = Math.round(riskWeight * 100) / 100;
+      const severity = deriveSeverity(category, riskWeight);
+      return { category, severity, confidence, riskWeight, signals };
+    }
+    function categorise(name, description, serverContext) {
+      const words = (0, verbs_1.splitName)(name);
+      if (FINANCIAL_COMPOUND.test(name)) {
+        return { category: "Financial", confidence: "high" };
+      }
+      for (const word of words) {
+        if (FINANCIAL_VERBS_SEGMENT.test(word)) {
+          if (!(0, verbs_1.firstVerbIsRead)(words)) {
+            return { category: "Financial", confidence: "high" };
+          }
+          break;
+        }
+      }
+      if (DESTRUCTIVE_DESC.test(description)) {
+        return { category: "Destructive", confidence: "medium" };
+      }
+      if (FINANCIAL_DESC.test(description)) {
+        return { category: "Financial", confidence: "medium" };
+      }
+      const verbCat = (0, verbs_1.findFirstVerb)(words);
+      if (verbCat) {
+        return { category: verbCat, confidence: "high" };
+      }
+      if (DESTRUCTIVE_DESC_FALLBACK.test(description)) {
+        return { category: "Destructive", confidence: "medium" };
+      }
+      if (EXECUTE_DESC.test(description)) {
+        return { category: "Execute", confidence: "medium" };
+      }
+      if (WRITE_DESC.test(description)) {
+        return { category: "Write", confidence: "medium" };
+      }
+      if (READ_DESC.test(description)) {
+        return { category: "Read", confidence: "medium" };
+      }
+      if (serverContext && serverContext.toolCount >= 3) {
+        const safe = serverContext.dominantCategory !== "Financial" && serverContext.dominantCategory !== "Destructive";
+        if (safe) {
+          return { category: serverContext.dominantCategory, confidence: "low" };
+        }
+      }
+      return { category: "Other", confidence: "low" };
+    }
+    function deriveSeverity(category, riskWeight) {
+      if (riskWeight >= 0.85)
+        return "Critical";
+      if (riskWeight >= 0.6)
+        return "High";
+      if (riskWeight >= 0.35)
+        return "Medium";
+      return SEVERITY_MAP[category];
+    }
+  }
+});
+// ../classifier/dist/index.js
+var require_dist = __commonJS({
+  "../classifier/dist/index.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.classifyTool = void 0;
+    var classify_1 = require_classify();
+    Object.defineProperty(exports, "classifyTool", { enumerable: true, get: function() {
+      return classify_1.classifyTool;
+    } });
+  }
+});
+// src/index.ts
+import { Command } from "commander";
+import { join as join2 } from "path";
+// src/discover.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { parse as parseToml } from "smol-toml";
+function buildDescriptors(cwd) {
+  return [
+    { path: join(cwd, ".mcp.json"), source: ".mcp.json (project)", type: "json-mcp" },
+    { path: join(cwd, ".cursor/mcp.json"), source: ".cursor/mcp.json (project)", type: "json-mcp" },
+    { path: join(cwd, ".vscode/settings.json"), source: "VS Code (project)", type: "json-vscode" },
+    { path: join(cwd, ".codex/config.toml"), source: ".codex/config.toml (project)", type: "toml-codex" },
+    { path: join(homedir(), ".claude.json"), source: "~/.claude.json (user)", type: "json-mcp" },
+    { path: join(homedir(), "Library/Application Support/Claude/claude_desktop_config.json"), source: "Claude Desktop (user)", type: "json-mcp" },
+    { path: join(homedir(), ".codeium/windsurf/mcp_config.json"), source: "Windsurf (user)", type: "json-mcp" },
+    { path: join(homedir(), ".codex/config.toml"), source: "~/.codex/config.toml (user)", type: "toml-codex" }
+  ];
+}
+function discoverConfigs(cwd) {
+  const results = [];
+  for (const { path, source, type } of buildDescriptors(cwd)) {
+    if (!existsSync(path)) continue;
+    try {
+      const content = readFileSync(path, "utf-8");
+      let servers = null;
+      if (type === "json-mcp") {
+        const raw = JSON.parse(content);
+        servers = raw.mcpServers || {};
+      } else if (type === "json-vscode") {
+        const raw = JSON.parse(content);
+        if (!raw.mcp) continue;
+        servers = raw.mcp.servers || {};
+      } else if (type === "toml-codex") {
+        const raw = parseToml(content);
+        servers = raw.mcp_servers || {};
+      }
+      if (!servers || Object.keys(servers).length === 0) continue;
+      results.push({ source, path, servers });
+    } catch {
+    }
+  }
+  return results;
+}
+function mergeConfigs(results) {
+  const merged = {};
+  const userConfigs = results.filter((r) => r.source.includes("user"));
+  const projectConfigs = results.filter((r) => !r.source.includes("user"));
+  for (const c of userConfigs) Object.assign(merged, c.servers);
+  for (const c of projectConfigs) Object.assign(merged, c.servers);
+  return merged;
+}
+// src/live-scan.ts
+import { spawn } from "child_process";
+var DEFAULT_TIMEOUT_MS = 3e4;
+async function liveScan(command, args, timeoutMs = DEFAULT_TIMEOUT_MS, env) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(command, args, {
+      stdio: ["pipe", "pipe", "pipe"],
+      env: {
+        ...process.env,
+        ...env,
+        NODE_NO_WARNINGS: "1",
+        BROWSER: "none",
+        NO_BROWSER: "1"
+      }
+    });
+    let nextId = 1;
+    const pending = /* @__PURE__ */ new Map();
+    let buffer = "";
+    let settled = false;
+    const timer = setTimeout(() => {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        reject(new Error(`Timed out after ${timeoutMs}ms`));
+      }
+    }, timeoutMs);
+    function cleanup() {
+      clearTimeout(timer);
+      try {
+        child.stdin.end();
+      } catch {
+      }
+      try {
+        child.kill("SIGKILL");
+      } catch {
+      }
+    }
+    function settle(fn) {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        fn();
+      }
+    }
+    child.stdout.on("data", (chunk) => {
+      buffer += chunk.toString();
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || !trimmed.startsWith("{")) continue;
+        try {
+          const resp = JSON.parse(trimmed);
+          if (resp.id && pending.has(resp.id)) {
+            const p = pending.get(resp.id);
+            pending.delete(resp.id);
+            p.resolve(resp);
+          }
+        } catch {
+        }
+      }
+    });
+    child.on("error", (err) => {
+      settle(() => reject(new Error(`Failed to spawn ${command}: ${err.message}`)));
+    });
+    child.on("exit", (code) => {
+      settle(() => reject(new Error(`${command} exited with code ${code} before discovery completed`)));
+    });
+    function sendRequest(method, params) {
+      return new Promise((res, rej) => {
+        const id = nextId++;
+        pending.set(id, { resolve: res, reject: rej });
+        const msg = JSON.stringify({ jsonrpc: "2.0", id, method, params }) + "\n";
+        child.stdin.write(msg);
+      });
+    }
+    function sendNotification(method) {
+      const msg = JSON.stringify({ jsonrpc: "2.0", method }) + "\n";
+      child.stdin.write(msg);
+    }
+    (async () => {
+      const initResp = await sendRequest("initialize", {
+        protocolVersion: "2024-11-05",
+        capabilities: {},
+        clientInfo: { name: "policylayer-scan", version: "0.1.0" }
+      });
+      if (initResp.error) {
+        throw new Error(`Initialize failed: ${initResp.error.message}`);
+      }
+      sendNotification("notifications/initialized");
+      const allTools = [];
+      let cursor;
+      let pages = 0;
+      do {
+        const params = {};
+        if (cursor) params.cursor = cursor;
+        const resp = await sendRequest("tools/list", params);
+        if (resp.error) {
+          throw new Error(`tools/list failed: ${resp.error.message}`);
+        }
+        const result = resp.result;
+        if (result.tools) allTools.push(...result.tools);
+        cursor = result.nextCursor || void 0;
+        pages++;
+      } while (cursor && pages < 100);
+      settle(() => resolve(allTools));
+    })().catch((err) => {
+      settle(() => reject(err));
+    });
+  });
+}
+// src/classify.ts
+var import_classifier = __toESM(require_dist(), 1);
+var API_BASE = process.env.POLICYLAYER_API_URL || "https://api.policylayer.com";
+async function classifyViaApi(packages) {
+  try {
+    const res = await fetch(`${API_BASE}/api/scan/lookup`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ packages }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+function classifyLocally(serverName, pkg, tools) {
+  return {
+    name: serverName,
+    package: pkg,
+    source: "local",
+    tools: tools.map((t) => {
+      const result = (0, import_classifier.classifyTool)({
+        name: t.name,
+        description: t.description || "",
+        inputSchema: t.inputSchema
+      });
+      const signalsSummary = result.signals.length > 0 ? result.signals.map((s) => s.signal).join("; ") : null;
+      return {
+        name: t.name,
+        description: t.description || "",
+        category: result.category,
+        severity: result.severity,
+        riskNote: signalsSummary,
+        riskWeight: result.riskWeight,
+        riskType: null,
+        confidence: result.confidence,
+        inputSchema: t.inputSchema
+      };
+    })
+  };
+}
+// src/policy.ts
+import { writeFileSync } from "fs";
+function generatePolicyYaml(servers) {
+  let yaml = 'version: "1"\ndefault: deny\n\ntools:\n';
+  for (const server of servers) {
+    yaml += `  # ${server.name} (${server.tools.length} tools)
+`;
+    for (const tool of server.tools) {
+      switch (tool.category) {
+        case "Read":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: allow
+        rate_limit: 60/minute
+`;
+          break;
+        case "Write":
+        case "Execute":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: allow
+        rate_limit: 10/hour
+`;
+          break;
+        case "Financial":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: deny
+        on_deny: "Financial operation blocked by policy"
+`;
+          break;
+        case "Destructive":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: deny
+        on_deny: "Destructive operation blocked by policy"
+`;
+          break;
+        default:
+          yaml += `  ${tool.name}:
+    rules:
+      - action: allow
+        rate_limit: 30/minute
+`;
+      }
+    }
+  }
+  return yaml.trim();
+}
+function writePolicyFile(path, servers) {
+  const yaml = generatePolicyYaml(servers);
+  writeFileSync(path, yaml + "\n");
+}
+// src/report.ts
+var API_BASE2 = process.env.POLICYLAYER_API_URL || "https://api.policylayer.com";
+function buildSummary(servers) {
+  const categories = {};
+  const severities = {};
+  let totalTools = 0;
+  for (const s of servers) {
+    for (const t of s.tools) {
+      totalTools++;
+      categories[t.category] = (categories[t.category] || 0) + 1;
+      severities[t.severity] = (severities[t.severity] || 0) + 1;
+    }
+  }
+  return { totalServers: servers.length, totalTools, categories, severities };
+}
+async function submitReport(servers, policy) {
+  const summary = buildSummary(servers);
+  const unknownTools = servers.filter((s) => s.source === "local").flatMap(
+    (s) => s.tools.map((t) => ({
+      serverName: s.name,
+      serverPackage: s.package,
+      toolName: t.name,
+      toolDescription: t.description,
+      inputSchema: t.inputSchema || null,
+      suggestedCategory: t.category
+    }))
+  );
+  try {
+    const res = await fetch(`${API_BASE2}/api/scan/submit`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        source: "cli",
+        summary,
+        servers: servers.map((s) => ({
+          name: s.name,
+          package: s.package,
+          toolCount: s.tools.length,
+          tools: s.tools
+        })),
+        policy,
+        unknownTools: unknownTools.length > 0 ? unknownTools : void 0
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return null;
+    const liveServers = servers.filter((s) => s.source === "local" && s.tools.length > 0);
+    if (liveServers.length > 0) {
+      contributeTools(liveServers).catch(() => {
+      });
+    }
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+async function contributeTools(servers) {
+  await fetch(`${API_BASE2}/api/scan/contribute`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      servers: servers.map((s) => ({
+        package: s.package,
+        tools: s.tools.map((t) => ({
+          name: t.name,
+          description: t.description,
+          inputSchema: t.inputSchema
+        }))
+      }))
+    }),
+    signal: AbortSignal.timeout(1e4)
+  });
+}
+// src/index.ts
+var program = new Command();
+program.name("policylayer").description("Scan your MCP servers for security risks").version("0.1.0").option("-d, --dir <path>", "directory to scan for config files", process.cwd()).option("-o, --output <path>", "output path for policy YAML", "policylayer.yaml").option("--no-live", "skip live scanning, classify from config only").option("--no-report", "skip submitting report to PolicyLayer").option("--timeout <ms>", "timeout per server in milliseconds", "30000").option("--json", "output results as JSON").action(run);
+async function run(opts) {
+  const cwd = opts.dir;
+  const timeoutMs = parseInt(opts.timeout, 10);
+  if (!opts.json) console.log("Discovering MCP config files...");
+  const configs = discoverConfigs(cwd);
+  if (configs.length === 0) {
+    if (opts.json) {
+      console.log(JSON.stringify({ error: "No MCP config files found", configs: [] }));
+    } else {
+      console.log("No MCP config files found. Checked:");
+      console.log("  .mcp.json, .cursor/mcp.json, .vscode/settings.json, .codex/config.toml");
+      console.log("  ~/.claude.json, Claude Desktop, Windsurf, ~/.codex/config.toml");
+    }
+    process.exit(0);
+  }
+  if (!opts.json) {
+    console.log(`Found ${configs.length} config file(s):`);
+    for (const c of configs) {
+      console.log(`  ${c.source} \u2014 ${Object.keys(c.servers).length} server(s)`);
+    }
+    console.log();
+  }
+  const merged = mergeConfigs(configs);
+  const serverNames = Object.keys(merged);
+  if (!opts.json) {
+    console.log(`${serverNames.length} unique server(s) across all configs`);
+    console.log();
+  }
+  const liveResults = /* @__PURE__ */ new Map();
+  if (opts.live) {
+    if (!opts.json) console.log("Live scanning servers...");
+    for (const [name, entry] of Object.entries(merged)) {
+      const { command, args } = resolveCommand(entry);
+      if (!command) {
+        if (!opts.json) console.log(`  ${name}: skipped (no command/url)`);
+        continue;
+      }
+      try {
+        if (!opts.json) process.stdout.write(`  ${name}: scanning...`);
+        const tools = await liveScan(command, args, timeoutMs, entry.env);
+        liveResults.set(name, tools);
+        if (!opts.json) console.log(`\r  ${name}: ${tools.length} tool(s) discovered`);
+      } catch (err) {
+        if (!opts.json) console.log(`\r  ${name}: failed (${err.message})`);
+      }
+    }
+    if (!opts.json) console.log();
+  }
+  const classified = [];
+  const lookupKeys = [];
+  const keyToName = /* @__PURE__ */ new Map();
+  for (const name of serverNames) {
+    const keys = buildLookupKeys(name, merged[name]);
+    for (const key of keys) {
+      lookupKeys.push(key);
+      keyToName.set(key, name);
+    }
+  }
+  const uniqueKeys = [...new Set(lookupKeys)];
+  const apiResult = uniqueKeys.length > 0 ? await classifyViaApi(uniqueKeys) : null;
+  const matchedByPkg = /* @__PURE__ */ new Map();
+  if (apiResult) {
+    for (const m of apiResult.matched) {
+      matchedByPkg.set(m.slug, m);
+      matchedByPkg.set(m.name, m);
+      for (const pkg of m.packages) {
+        matchedByPkg.set(pkg, m);
+      }
+    }
+  }
+  for (const [name, entry] of Object.entries(merged)) {
+    const pkg = resolvePackage(name, entry) || name;
+    const liveTools = liveResults.get(name);
+    const apiMatch = matchedByPkg.get(pkg) || matchedByPkg.get(name);
+    if (apiMatch && !liveTools) {
+      classified.push({
+        name: apiMatch.name,
+        package: pkg,
+        source: "api",
+        tools: apiMatch.tools.map((t) => ({
+          name: t.name,
+          description: t.description || "",
+          category: t.category,
+          severity: t.severity,
+          riskNote: t.riskNote,
+          riskWeight: t.riskWeight,
+          riskType: t.riskType,
+          confidence: t.confidence
+        }))
+      });
+    } else if (liveTools && liveTools.length > 0) {
+      classified.push(classifyLocally(name, pkg, liveTools));
+    } else {
+      if (!opts.json) console.log(`  ${name}: no tools found, skipping`);
+    }
+  }
+  if (classified.length === 0) {
+    if (opts.json) {
+      console.log(JSON.stringify({ error: "No tools discovered", servers: 0 }));
+    } else {
+      console.log("No tools discovered from any server.");
+    }
+    process.exit(0);
+  }
+  const policyYaml = generatePolicyYaml(classified);
+  const outputPath = join2(cwd, opts.output);
+  writePolicyFile(outputPath, classified);
+  let reportResult = null;
+  if (opts.report) {
+    reportResult = await submitReport(classified, policyYaml);
+  }
+  const totalTools = classified.reduce((sum, s) => sum + s.tools.length, 0);
+  const categories = {};
+  for (const s of classified) {
+    for (const t of s.tools) {
+      categories[t.category] = (categories[t.category] || 0) + 1;
+    }
+  }
+  if (opts.json) {
+    console.log(JSON.stringify({
+      servers: classified.length,
+      tools: totalTools,
+      categories,
+      policyFile: outputPath,
+      reportUrl: reportResult?.url || null,
+      reportId: reportResult?.id || null,
+      results: classified
+    }, null, 2));
+  } else {
+    console.log("Scan complete.");
+    console.log();
+    console.log(`  Servers:  ${classified.length}`);
+    console.log(`  Tools:    ${totalTools}`);
+    console.log(`  Categories: ${Object.entries(categories).map(([k, v]) => `${k}(${v})`).join(" ")}`);
+    console.log();
+    console.log(`  Policy:   ${outputPath}`);
+    if (reportResult) {
+      console.log(`  Report:   ${reportResult.url}`);
+    }
+    console.log();
+    const highRisk = classified.flatMap(
+      (s) => s.tools.filter((t) => t.category === "Financial" || t.category === "Destructive")
+    );
+    if (highRisk.length > 0) {
+      console.log(`  ${highRisk.length} high-risk tool(s) detected:`);
+      for (const t of highRisk.slice(0, 10)) {
+        console.log(`    - ${t.name} (${t.category})`);
+      }
+      if (highRisk.length > 10) {
+        console.log(`    ... and ${highRisk.length - 10} more`);
+      }
+    }
+  }
+}
+function resolveCommand(entry) {
+  if (entry.command) {
+    return { command: entry.command, args: (entry.args || []).map(String) };
+  }
+  return { command: "", args: [] };
+}
+function resolvePackage(name, entry) {
+  if (entry.command === "npx") {
+    const args = (entry.args || []).map(String);
+    for (const arg of args) {
+      if (!arg.startsWith("-")) return arg;
+    }
+  }
+  if (entry.args) {
+    for (const arg of entry.args) {
+      const s = String(arg);
+      if (s.startsWith("@") && s.includes("/")) return s;
+    }
+  }
+  return null;
+}
+function buildLookupKeys(name, entry) {
+  const keys = [];
+  const pkg = resolvePackage(name, entry);
+  if (pkg) keys.push(pkg);
+  keys.push(name);
+  const stripped = name.replace(/[-_]mcp[-_]server$/i, "").replace(/[-_]mcp$/i, "").replace(/[-_]server$/i, "");
+  if (stripped !== name) keys.push(stripped);
+  return [...new Set(keys)];
+}
+program.parse();

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "policylayer",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "type": "module",
-  "description": "Scan your MCP config for security risks",
+  "description": "Scan your MCP servers for security risks — live tool discovery + classification + shareable report",
   "bin": {
     "policylayer": "./dist/index.js"
   },
@@ -14,7 +14,6 @@
   },
   "scripts": {
     "build": "tsup",
-    "test": "vitest run",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -22,7 +21,8 @@
     "security",
     "scan",
     "claude",
-    "ai-agents"
+    "ai-agents",
+    "policylayer"
   ],
   "license": "MIT",
   "dependencies": {
@@ -30,9 +30,8 @@
     "smol-toml": "^1.6.1"
   },
   "devDependencies": {
-    "@types/node": "^25.5.0",
+    "@types/node": "^22.0.0",
     "tsup": "^8.5.1",
-    "typescript": "^5.9.3",
-    "vitest": "^4.1.0"
+    "typescript": "^5.9.3"
   }
 }

package/README.md DELETED Viewed

@@ -1,81 +0,0 @@
-# policylayer
-Scan your MCP config. See what your AI agent can do. Get a shareable report.
-## Quick start
-```bash
-npx -y policylayer scan
-```
-That's it. The CLI finds your MCP config, analyses it against 115+ known servers, and prints a report URL.
-## What it does
-1. **Finds your config** -- checks `.mcp.json`, `~/.claude.json`, Claude Desktop, Cursor, VS Code, Windsurf, and Codex configs automatically
-2. **Strips secrets** -- only server names and package identifiers are sent. API keys, tokens, env vars, and file paths are removed before anything leaves your machine
-3. **Sends to the scan API** -- analyses your servers against a database of 2,500+ tools with severity classifications
-4. **Prints a report URL** -- permanent, shareable, no login required
-## Commands
-### `policylayer scan`
-Scan your MCP configuration.
-```bash
-npx -y policylayer scan
-```
-**Options:**
-| Flag | Description |
-|------|-------------|
-| `--config <path>` | Path to a specific config file (skips auto-detection) |
-| `--dry-run` | Show the stripped payload without sending it |
-### Examples
-```bash
-# Auto-detect config and scan
-npx -y policylayer scan
-# Scan a specific config file
-npx -y policylayer scan --config .mcp.json
-# See what would be sent (nothing leaves your machine)
-npx -y policylayer scan --dry-run
-```
-## Config detection
-The CLI searches these paths in order and uses the first one found:
-| Client | Path |
-|--------|------|
-| Claude Code (project) | `.mcp.json` |
-| Claude Code (user) | `~/.claude.json` |
-| Claude Desktop | `~/Library/Application Support/Claude/claude_desktop_config.json` |
-| Cursor | `.cursor/mcp.json` |
-| VS Code | `.vscode/settings.json` |
-| Windsurf | `~/.codeium/windsurf/mcp_config.json` |
-| Codex (project) | `.codex/config.toml` |
-| Codex (user) | `~/.codex/config.toml` |
-## Privacy
-The CLI **never sends** your raw config. Before anything leaves your machine:
-- Environment variables are stripped
-- Auth tokens (`sk-`, `ghp_`, `ict_`, Bearer tokens, etc.) are removed
-- Absolute file paths are removed
-- Command flags are removed
-- Only server names and npm package identifiers are sent
-Use `--dry-run` to see exactly what would be sent.
-## Links
-- [Example report](https://policylayer.com/scan/report/65545482-5d1d-472f-9fca-472ff1181d0d)
-- [Scan your config online](https://policylayer.com/scan)
-- [Intercept](https://github.com/policylayer/intercept) -- enforce limits on every MCP tool call