policylayer 0.1.3 → 0.1.5

package/README.md

@@ -5,51 +5,59 @@ Scan your MCP config. See what your AI agent can do. Get a shareable report.
 ## Quick start
 
 ```bash
-npx -y policylayer scan
+npx -y policylayer
 ```
 
-That's it. The CLI finds your MCP config, analyses it against 115+ known servers, and prints a report URL.
+That's it. The CLI finds your MCP config, live-scans each server, classifies every tool, and prints a report URL.
 
 ## What it does
 
 1. **Finds your config** -- checks `.mcp.json`, `~/.claude.json`, Claude Desktop, Cursor, VS Code, Windsurf, and Codex configs automatically
-2. **Strips secrets** -- only server names and package identifiers are sent. API keys, tokens, env vars, and file paths are removed before anything leaves your machine
-3. **Sends to the scan API** -- analyses your servers against a database of 2,500+ tools with severity classifications
-4. **Prints a report URL** -- permanent, shareable, no login required
+2. **Live-scans servers** -- spawns each MCP server, performs the JSON-RPC handshake, and discovers every tool with its full schema
+3. **Classifies tools** -- checks against the PolicyLayer database of 2,500+ classified tools. Unknown tools are classified locally using schema analysis, blast radius detection, and verb matching
+4. **Generates a policy YAML** -- suggested default rules for every tool, ready to use with [Intercept](https://github.com/policylayer/intercept)
+5. **Prints a report URL** -- permanent, shareable, no login required
+6. **Contributes back** -- live-scanned tool data is contributed to the database so future scans are faster for everyone
 
 ## Commands
 
-### `policylayer scan`
-
-Scan your MCP configuration.
-
 ```bash
-npx -y policylayer scan
+npx -y policylayer
 ```
 
 **Options:**
 
 | Flag | Description |
 |------|-------------|
-| `--config <path>` | Path to a specific config file (skips auto-detection) |
-| `--dry-run` | Show the stripped payload without sending it |
+| `-d, --dir <path>` | Directory to scan for config files (default: cwd) |
+| `-o, --output <path>` | Output path for policy YAML (default: `policylayer.yaml`) |
+| `--no-live` | Skip live scanning, classify from config only |
+| `--no-report` | Skip submitting report to PolicyLayer |
+| `--timeout <ms>` | Timeout per server in milliseconds (default: 30000) |
+| `--json` | Output results as JSON |
 
 ### Examples
 
 ```bash
 # Auto-detect config and scan
-npx -y policylayer scan
+npx -y policylayer
+
+# Scan a specific directory
+npx -y policylayer -d ~/projects/my-app
+
+# Skip live scanning (faster, less detailed)
+npx -y policylayer --no-live
 
-# Scan a specific config file
-npx -y policylayer scan --config .mcp.json
+# Output as JSON for piping
+npx -y policylayer --json
 
-# See what would be sent (nothing leaves your machine)
-npx -y policylayer scan --dry-run
+# Custom policy output path
+npx -y policylayer -o my-policy.yaml
 ```
 
 ## Config detection
 
-The CLI searches these paths in order and uses the first one found:
+The CLI searches these paths and uses all configs found:
 
 | Client | Path |
 |--------|------|
@@ -67,15 +75,15 @@ The CLI searches these paths in order and uses the first one found:
 The CLI **never sends** your raw config. Before anything leaves your machine:
 
 - Environment variables are stripped
-- Auth tokens (`sk-`, `ghp_`, `ict_`, Bearer tokens, etc.) are removed
-- Absolute file paths are removed
-- Command flags are removed
-- Only server names and npm package identifiers are sent
+- Auth tokens are removed
+- Only server names, package identifiers, and tool schemas are sent
+- Live-scanned tool data (names, descriptions, schemas) is contributed to improve the database
 
-Use `--dry-run` to see exactly what would be sent.
+Use `--no-report` to skip sending anything.
 
 ## Links
 
 - [Example report](https://policylayer.com/scan/report/65545482-5d1d-472f-9fca-472ff1181d0d)
 - [Scan your config online](https://policylayer.com/scan)
+- [Policy library](https://policylayer.com/policies)
 - [Intercept](https://github.com/policylayer/intercept) -- enforce limits on every MCP tool call

package/dist/index.js

@@ -1,6 +1,1125 @@
 #!/usr/bin/env node
-import{Command as D}from"commander";import{readFileSync as P}from"fs";import{existsSync as v,readFileSync as h}from"fs";import{join as p}from"path";import{homedir as a}from"os";import{parse as j}from"smol-toml";function R(r){return[{path:p(r,".mcp.json"),source:".mcp.json (project)",type:"json-mcp"},{path:p(r,".cursor/mcp.json"),source:".cursor/mcp.json (project)",type:"json-mcp"},{path:p(r,".vscode/settings.json"),source:"VS Code (project)",type:"json-vscode"},{path:p(r,".codex/config.toml"),source:".codex/config.toml (project)",type:"toml-codex"},{path:p(a(),".claude.json"),source:"~/.claude.json (user)",type:"json-mcp"},{path:p(a(),"Library/Application Support/Claude/claude_desktop_config.json"),source:"Claude Desktop (user)",type:"json-mcp"},{path:p(a(),".codeium/windsurf/mcp_config.json"),source:"Windsurf (user)",type:"json-mcp"},{path:p(a(),".codex/config.toml"),source:"~/.codex/config.toml (user)",type:"toml-codex"}]}function x(r){return JSON.parse(r).mcpServers||{}}function w(r){let e=JSON.parse(r);return e.mcp?e.mcp.servers||{}:null}function C(r){return j(r).mcp_servers||{}}function f(r){let e=[],o=R(r);for(let{path:s,source:t,type:n}of o)if(v(s))try{let i=h(s,"utf-8"),c=null;switch(n){case"json-mcp":c=x(i);break;case"json-vscode":c=w(i);break;case"toml-codex":c=C(i);break}if(c===null)continue;e.push({source:t,path:s,servers:Object.keys(c),raw:{mcpServers:c}})}catch{}return e}var k=[/^sk-/,/^ghp_/,/^gho_/,/^ghu_/,/^ghs_/,/^glpat-/,/^xoxb-/,/^xoxp-/,/^Bearer\s/,/^pk_/,/^sk_live_/,/^sk_test_/,/^ict_/,/^[a-z]{2,6}_[a-f0-9]{16,}$/i,/^[a-f0-9]{32,}$/i],b=[/\/Users\//,/\/home\//,/\\Users\\/,/^[A-Z]:\\/,/^\//];function E(r){return k.some(e=>e.test(r))}function M(r){return b.some(e=>e.test(r))}function _(r){return!!(r.startsWith("@")&&r.includes("/")||/^[a-z][\w.-]*$/.test(r))}function g(r){let e={};for(let[o,s]of Object.entries(r)){let t={};if(s.command){let n=s.command.split(/[/\\]/);t.command=n[n.length-1]||s.command}Array.isArray(s.args)&&(t.args=s.args.filter(n=>typeof n!="string"||E(n)||M(n)||n.startsWith("-")?!1:_(n))),e[o]=t}return e}async function l(r,e){let o=await fetch(e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({mcpServers:r})}),s=await o.json();if(!o.ok)throw new Error(s.error||`Scan failed with status ${o.status}`);return s}function m(r){let e=[];for(let o of r)e.push(`  Found ${o.servers.length} server${o.servers.length===1?"":"s"} in ${o.source}`);return e.join(`
-`)}function d(r){return["No MCP configuration found.","","Checked:",...r.map(o=>`  - ${o}`),"","Use --config <path> to specify a config file,","or try the web scanner at https://policylayer.com/scan"].join(`
-`)}function y(r){return["","  Report ready:",`  ${r}`,"","  Run this scan on every PR:","  https://github.com/PolicyLayer/scan-action",""].join(`
-`)}function S(r){return["","Dry run -- would send:",JSON.stringify(r,null,2)].join(`
-`)}var u=new D;u.name("policylayer").description("Scan your MCP config for security risks").version("0.1.0");u.command("scan").description("Scan MCP server configuration").option("--config <path>","Path to MCP config file").option("--dry-run","Show what would be sent without sending").option("--api-url <url>","Scan API URL","https://policylayer.com/api/scan").action(async r=>{try{let e={};if(r.config)try{let t=JSON.parse(P(r.config,"utf-8")),n=t.mcpServers||t;e=n;let i=Object.keys(n).length;console.log(`  Found ${i} server${i===1?"":"s"} in ${r.config}`)}catch(t){console.error(`Error reading config: ${r.config}`),console.error(t.message),process.exit(1)}else{let t=f(process.cwd());t.length===0&&(console.log(d([".mcp.json (project root)","~/.claude.json (user-level)","Claude Desktop config (macOS)",".cursor/mcp.json (project)",".vscode/settings.json (project)","Windsurf config (user)",".codex/config.toml (project)","~/.codex/config.toml (user)"])),process.exit(0)),console.log(m(t));let n=t.filter(c=>c.source.includes("user")),i=t.filter(c=>!c.source.includes("user"));for(let c of n)Object.assign(e,c.raw.mcpServers);for(let c of i)Object.assign(e,c.raw.mcpServers)}let o=g(e);if(r.dryRun){console.log(S({mcpServers:o}));return}console.log("  Sending server identifiers only -- secrets stripped");let s=await l(o,r.apiUrl);console.log(y(s.url))}catch(e){console.error(`Error: ${e.message}`),process.exit(1)}});u.parse();
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// ../classifier/dist/verbs.js
+var require_verbs = __commonJS({
+  "../classifier/dist/verbs.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.VERB_MAP = void 0;
+    exports.splitName = splitName;
+    exports.findFirstVerb = findFirstVerb;
+    exports.firstVerbIsRead = firstVerbIsRead;
+    exports.VERB_MAP = {};
+    var READ_VERBS = [
+      "get",
+      "list",
+      "search",
+      "read",
+      "fetch",
+      "query",
+      "browse",
+      "view",
+      "show",
+      "describe",
+      "find",
+      "check",
+      "lookup",
+      "retrieve",
+      "locate",
+      "inspect",
+      "ask",
+      "count",
+      "poll",
+      "download",
+      "extract",
+      "screenshot",
+      "introspect",
+      "detect",
+      "analyze",
+      "analyse",
+      "scan",
+      "validate",
+      "verify",
+      "monitor",
+      "watch",
+      "observe",
+      "consume",
+      "load",
+      "data",
+      "docs",
+      "enrich",
+      "translate",
+      "cognify",
+      "take",
+      "test",
+      "snapshot",
+      "geocode",
+      "status",
+      "support",
+      "matrix",
+      "expert",
+      "is"
+    ];
+    var DESTRUCTIVE_VERBS = [
+      "delete",
+      "remove",
+      "destroy",
+      "drop",
+      "truncate",
+      "purge",
+      "wipe",
+      "erase",
+      "revoke",
+      "cancel",
+      "uninstall",
+      "reset",
+      "clear",
+      "force",
+      "decompile",
+      "unpublish",
+      "discard"
+    ];
+    var EXECUTE_VERBS = [
+      "run",
+      "execute",
+      "invoke",
+      "trigger",
+      "start",
+      "deploy",
+      "build",
+      "restart",
+      "scale",
+      "compile",
+      "launch",
+      "emulate",
+      "initialize",
+      "initialise",
+      "navigate",
+      "parse",
+      "rephrase",
+      "transform",
+      "stop",
+      "performance",
+      "wait",
+      "new",
+      "produce"
+    ];
+    var WRITE_VERBS = [
+      "create",
+      "add",
+      "update",
+      "set",
+      "modify",
+      "put",
+      "patch",
+      "edit",
+      "configure",
+      "enable",
+      "disable",
+      "assign",
+      "upload",
+      "write",
+      "send",
+      "post",
+      "publish",
+      "manage",
+      "save",
+      "install",
+      "boot",
+      "setup",
+      "select",
+      "click",
+      "tap",
+      "press",
+      "scroll",
+      "swipe",
+      "drag",
+      "activate",
+      "handle",
+      "switch",
+      "generate",
+      "move",
+      "copy",
+      "import",
+      "export",
+      "connect",
+      "disconnect",
+      "close",
+      "open",
+      "attach",
+      "insert",
+      "apply",
+      "convert",
+      "merge",
+      "register",
+      "submit",
+      "approve",
+      "reject",
+      "mark",
+      "comment",
+      "annotate",
+      "pin",
+      "lock",
+      "unlock",
+      "archive",
+      "restore",
+      "suspend",
+      "resume",
+      "terminate",
+      "complete",
+      "uncomplete",
+      "rename",
+      "fill",
+      "invite",
+      "alter",
+      "vote",
+      "plan",
+      "planner",
+      "replace",
+      "upsert",
+      "type",
+      "resize",
+      "push",
+      "issue",
+      "autofix",
+      "login",
+      "checkout",
+      "commit",
+      "promote",
+      "resolve",
+      "unarchive",
+      "schedule",
+      "migrate"
+    ];
+    for (const v of READ_VERBS)
+      exports.VERB_MAP[v] = "Read";
+    for (const v of DESTRUCTIVE_VERBS)
+      exports.VERB_MAP[v] = "Destructive";
+    for (const v of EXECUTE_VERBS)
+      exports.VERB_MAP[v] = "Execute";
+    for (const v of WRITE_VERBS)
+      exports.VERB_MAP[v] = "Write";
+    function splitName(name) {
+      const parts = name.split(/[-_]/);
+      const words = [];
+      for (const part of parts) {
+        const camelParts = part.replace(/([a-z])([A-Z])/g, "$1_$2").toLowerCase().split("_");
+        words.push(...camelParts.filter(Boolean));
+      }
+      return words;
+    }
+    function findFirstVerb(words) {
+      for (const word of words) {
+        const cat = exports.VERB_MAP[word];
+        if (cat)
+          return cat;
+      }
+      return null;
+    }
+    function firstVerbIsRead(words) {
+      for (const word of words) {
+        if (exports.VERB_MAP[word])
+          return exports.VERB_MAP[word] === "Read";
+      }
+      return false;
+    }
+  }
+});
+
+// ../classifier/dist/schema.js
+var require_schema = __commonJS({
+  "../classifier/dist/schema.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.analyseSchema = analyseSchema;
+    var CODE_EXECUTION_PROPS = /* @__PURE__ */ new Set([
+      "sql",
+      "query",
+      "raw_sql",
+      "raw_query",
+      "statement",
+      "code",
+      "script",
+      "command",
+      "shell",
+      "shell_command",
+      "cmd",
+      "bash",
+      "exec",
+      "expression",
+      "eval",
+      "python",
+      "javascript",
+      "js",
+      "lua",
+      "ruby"
+    ]);
+    var FILESYSTEM_PROPS = /* @__PURE__ */ new Set([
+      "path",
+      "file",
+      "file_path",
+      "filepath",
+      "filename",
+      "directory",
+      "dir",
+      "folder",
+      "source_path",
+      "dest_path",
+      "destination",
+      "target_path",
+      "working_directory",
+      "cwd"
+    ]);
+    var NETWORK_PROPS = /* @__PURE__ */ new Set([
+      "url",
+      "uri",
+      "endpoint",
+      "host",
+      "hostname",
+      "webhook",
+      "webhook_url",
+      "callback_url",
+      "redirect_url",
+      "api_url",
+      "base_url"
+    ]);
+    var CREDENTIAL_PROPS = /* @__PURE__ */ new Set([
+      "password",
+      "secret",
+      "token",
+      "api_key",
+      "apikey",
+      "private_key",
+      "access_token",
+      "auth",
+      "credentials",
+      "connection_string"
+    ]);
+    var INJECTION_PROPS = /* @__PURE__ */ new Set([
+      "html",
+      "body",
+      "template",
+      "content",
+      "raw_body",
+      "raw_html",
+      "markup",
+      "payload"
+    ]);
+    function extractProperties(schema, prefix = "") {
+      const props = [];
+      const properties = schema.properties;
+      if (!properties || typeof properties !== "object")
+        return props;
+      for (const [key, value] of Object.entries(properties)) {
+        if (!value || typeof value !== "object")
+          continue;
+        const fullName = prefix ? `${prefix}.${key}` : key;
+        props.push({
+          name: fullName,
+          type: value.type,
+          description: value.description
+        });
+        if (value.type === "object" && value.properties) {
+          props.push(...extractProperties(value, fullName));
+        }
+        if (value.type === "array" && value.items && typeof value.items === "object") {
+          const items = value.items;
+          if (items.type === "object" && items.properties) {
+            props.push(...extractProperties(items, `${fullName}[]`));
+          }
+        }
+      }
+      return props;
+    }
+    function normalisePropName(name) {
+      const leaf = name.includes(".") ? name.split(".").pop() : name;
+      return leaf.toLowerCase().replace(/[-_\s]/g, "_");
+    }
+    function analyseSchema(schema) {
+      const signals = [];
+      const properties = extractProperties(schema);
+      if (properties.length === 0)
+        return signals;
+      const seen = /* @__PURE__ */ new Set();
+      for (const prop of properties) {
+        const norm = normalisePropName(prop.name);
+        if (CODE_EXECUTION_PROPS.has(norm) && !seen.has("code_exec")) {
+          seen.add("code_exec");
+          signals.push({
+            signal: `Accepts freeform code/query input (${prop.name})`,
+            weight: 0.15
+          });
+        }
+        if (FILESYSTEM_PROPS.has(norm) && !seen.has("filesystem")) {
+          seen.add("filesystem");
+          signals.push({
+            signal: `Accepts file system path (${prop.name})`,
+            weight: 0.1
+          });
+        }
+        if (NETWORK_PROPS.has(norm) && !seen.has("network")) {
+          seen.add("network");
+          signals.push({
+            signal: `Accepts URL/endpoint input (${prop.name})`,
+            weight: 0.08
+          });
+        }
+        if (CREDENTIAL_PROPS.has(norm) && !seen.has("credential")) {
+          seen.add("credential");
+          signals.push({
+            signal: `Handles credentials or secrets (${prop.name})`,
+            weight: 0.12
+          });
+        }
+        if (INJECTION_PROPS.has(norm) && !seen.has("injection")) {
+          seen.add("injection");
+          signals.push({
+            signal: `Accepts raw HTML/template content (${prop.name})`,
+            weight: 0.05
+          });
+        }
+      }
+      if (properties.length >= 10) {
+        signals.push({
+          signal: `High parameter count (${properties.length} properties)`,
+          weight: 0.05
+        });
+      }
+      return signals;
+    }
+  }
+});
+
+// ../classifier/dist/blast-radius.js
+var require_blast_radius = __commonJS({
+  "../classifier/dist/blast-radius.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.analyseBlastRadius = analyseBlastRadius;
+    var BULK_NAME_PATTERNS = [
+      /\ball[_-]?/i,
+      /\bbulk[_-]?/i,
+      /\bbatch[_-]?/i,
+      /\bmass[_-]?/i,
+      /\bglobal[_-]?/i,
+      /[_-]all$/i
+    ];
+    var SINGLE_NAME_PATTERNS = [
+      /by[_-]?id$/i,
+      /by[_-]?name$/i,
+      /by[_-]?slug$/i,
+      /by[_-]?key$/i,
+      /by[_-]?email$/i,
+      /[_-]one$/i,
+      /[_-]single$/i
+    ];
+    var BULK_DESC = /\b(all\s+(?:records?|items?|users?|entries|data|files?|messages?|documents?)|every\s+|entire\s+|everything|in\s+bulk|batch\s+(?:delete|remove|update)|mass\s+(?:delete|remove|update)|wipe\s+(?:all|everything)|clear\s+(?:all|everything))\b/i;
+    var SINGLE_DESC = /\b(a\s+(?:single|specific|particular|given)|(?:one|individual)\s+(?:record|item|user|entry|file|message|document)|by\s+(?:its?\s+)?(?:ID|identifier|key|name))\b/i;
+    var ADMIN_NAME = /^(?:admin|root|system|sudo|superuser|master)[_-]/i;
+    var ADMIN_DESC = /\b(admin(?:istrat(?:or|ive))?|root|system[_-]?level|superuser|privileged|elevated\s+permissions?)\b/i;
+    function analyseBlastRadius(name, description) {
+      const signals = [];
+      const isBulk = BULK_NAME_PATTERNS.some((p) => p.test(name)) || BULK_DESC.test(description);
+      const isSingle = SINGLE_NAME_PATTERNS.some((p) => p.test(name)) || SINGLE_DESC.test(description);
+      if (isBulk && !isSingle) {
+        signals.push({
+          signal: "Bulk/mass operation \u2014 affects multiple targets",
+          weight: 0.15
+        });
+      } else if (isSingle && !isBulk) {
+        signals.push({
+          signal: "Single-target operation",
+          weight: -0.05
+        });
+      }
+      if (ADMIN_NAME.test(name) || ADMIN_DESC.test(description)) {
+        signals.push({
+          signal: "Admin/system-level operation",
+          weight: 0.1
+        });
+      }
+      return signals;
+    }
+  }
+});
+
+// ../classifier/dist/classify.js
+var require_classify = __commonJS({
+  "../classifier/dist/classify.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.classifyTool = classifyTool2;
+    var verbs_1 = require_verbs();
+    var schema_1 = require_schema();
+    var blast_radius_1 = require_blast_radius();
+    var FINANCIAL_COMPOUND = /(?:^|[_-])(?:create[_-]?payment|create[_-]?charge|create[_-]?refund|create[_-]?payment[_-]?link|process[_-]?payment|finalize[_-]?invoice|finalise[_-]?invoice|send[_-]?invoice)(?:[_A-Z-]|$)/i;
+    var FINANCIAL_VERBS_SEGMENT = /^(pay|charge|refund|transfer|withdraw|deposit|finalize|finalise)$/i;
+    var DESTRUCTIVE_DESC = /\b(permanently|irreversible|cannot be undone|destroy|clear,?\s*(copy,?\s*)?delete|wipe|purge)\b/i;
+    var FINANCIAL_DESC = /\b(process\s+payment|initiate\s+transfer|send\s+money|charge\s+customer|collect\s+payment)\b/i;
+    var READ_DESC = /\b(lists?|retrieves?|gets?|fetche?s?|search(?:es)?|shows?|views?|browses?|quer(?:y|ies)|reads?)\b/i;
+    var WRITE_DESC = /\b(create|add|update|modify|edit|configure|set|save|write|send|upload|install|manage|assign)\b/i;
+    var EXECUTE_DESC = /\b(run|execute|invoke|trigger|start|deploy|build|restart|scale)\b/i;
+    var DESTRUCTIVE_DESC_FALLBACK = /\b(delete|remove|destroy|drop|purge|wipe|erase|revoke|cancel|uninstall|reset|clear)\b/i;
+    var SEVERITY_MAP = {
+      Read: "Low",
+      Write: "Medium",
+      Execute: "Medium",
+      Destructive: "High",
+      Financial: "Critical",
+      Other: "Low"
+    };
+    var BASE_WEIGHT = {
+      Read: 0.1,
+      Other: 0.15,
+      Write: 0.3,
+      Execute: 0.5,
+      Destructive: 0.7,
+      Financial: 0.85
+    };
+    function classifyTool2(input) {
+      const { name, description, inputSchema, serverContext } = input;
+      const signals = [];
+      const { category, confidence } = categorise(name, description, serverContext);
+      const schemaSignals = inputSchema ? (0, schema_1.analyseSchema)(inputSchema) : [];
+      signals.push(...schemaSignals);
+      const blastSignals = (0, blast_radius_1.analyseBlastRadius)(name, description);
+      signals.push(...blastSignals);
+      let riskWeight = BASE_WEIGHT[category];
+      const schemaModifier = Math.min(0.3, schemaSignals.reduce((sum, s) => sum + s.weight, 0));
+      if (schemaModifier > 0)
+        riskWeight += schemaModifier;
+      const blastModifier = blastSignals.reduce((sum, s) => sum + s.weight, 0);
+      riskWeight += blastModifier;
+      if (confidence === "low") {
+        riskWeight *= 0.8;
+      }
+      riskWeight = Math.max(0, Math.min(1, riskWeight));
+      riskWeight = Math.round(riskWeight * 100) / 100;
+      const severity = deriveSeverity(category, riskWeight);
+      return { category, severity, confidence, riskWeight, signals };
+    }
+    function categorise(name, description, serverContext) {
+      const words = (0, verbs_1.splitName)(name);
+      if (FINANCIAL_COMPOUND.test(name)) {
+        return { category: "Financial", confidence: "high" };
+      }
+      for (const word of words) {
+        if (FINANCIAL_VERBS_SEGMENT.test(word)) {
+          if (!(0, verbs_1.firstVerbIsRead)(words)) {
+            return { category: "Financial", confidence: "high" };
+          }
+          break;
+        }
+      }
+      if (DESTRUCTIVE_DESC.test(description)) {
+        return { category: "Destructive", confidence: "medium" };
+      }
+      if (FINANCIAL_DESC.test(description)) {
+        return { category: "Financial", confidence: "medium" };
+      }
+      const verbCat = (0, verbs_1.findFirstVerb)(words);
+      if (verbCat) {
+        return { category: verbCat, confidence: "high" };
+      }
+      if (DESTRUCTIVE_DESC_FALLBACK.test(description)) {
+        return { category: "Destructive", confidence: "medium" };
+      }
+      if (EXECUTE_DESC.test(description)) {
+        return { category: "Execute", confidence: "medium" };
+      }
+      if (WRITE_DESC.test(description)) {
+        return { category: "Write", confidence: "medium" };
+      }
+      if (READ_DESC.test(description)) {
+        return { category: "Read", confidence: "medium" };
+      }
+      if (serverContext && serverContext.toolCount >= 3) {
+        const safe = serverContext.dominantCategory !== "Financial" && serverContext.dominantCategory !== "Destructive";
+        if (safe) {
+          return { category: serverContext.dominantCategory, confidence: "low" };
+        }
+      }
+      return { category: "Other", confidence: "low" };
+    }
+    function deriveSeverity(category, riskWeight) {
+      if (riskWeight >= 0.85)
+        return "Critical";
+      if (riskWeight >= 0.6)
+        return "High";
+      if (riskWeight >= 0.35)
+        return "Medium";
+      return SEVERITY_MAP[category];
+    }
+  }
+});
+
+// ../classifier/dist/index.js
+var require_dist = __commonJS({
+  "../classifier/dist/index.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.classifyTool = void 0;
+    var classify_1 = require_classify();
+    Object.defineProperty(exports, "classifyTool", { enumerable: true, get: function() {
+      return classify_1.classifyTool;
+    } });
+  }
+});
+
+// src/index.ts
+import { Command } from "commander";
+import { join as join2 } from "path";
+
+// src/discover.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { parse as parseToml } from "smol-toml";
+function buildDescriptors(cwd) {
+  return [
+    { path: join(cwd, ".mcp.json"), source: ".mcp.json (project)", type: "json-mcp" },
+    { path: join(cwd, ".cursor/mcp.json"), source: ".cursor/mcp.json (project)", type: "json-mcp" },
+    { path: join(cwd, ".vscode/settings.json"), source: "VS Code (project)", type: "json-vscode" },
+    { path: join(cwd, ".codex/config.toml"), source: ".codex/config.toml (project)", type: "toml-codex" },
+    { path: join(homedir(), ".claude.json"), source: "~/.claude.json (user)", type: "json-mcp" },
+    { path: join(homedir(), "Library/Application Support/Claude/claude_desktop_config.json"), source: "Claude Desktop (user)", type: "json-mcp" },
+    { path: join(homedir(), ".codeium/windsurf/mcp_config.json"), source: "Windsurf (user)", type: "json-mcp" },
+    { path: join(homedir(), ".codex/config.toml"), source: "~/.codex/config.toml (user)", type: "toml-codex" }
+  ];
+}
+function discoverConfigs(cwd) {
+  const results = [];
+  for (const { path, source, type } of buildDescriptors(cwd)) {
+    if (!existsSync(path)) continue;
+    try {
+      const content = readFileSync(path, "utf-8");
+      let servers = null;
+      if (type === "json-mcp") {
+        const raw = JSON.parse(content);
+        servers = raw.mcpServers || {};
+      } else if (type === "json-vscode") {
+        const raw = JSON.parse(content);
+        if (!raw.mcp) continue;
+        servers = raw.mcp.servers || {};
+      } else if (type === "toml-codex") {
+        const raw = parseToml(content);
+        servers = raw.mcp_servers || {};
+      }
+      if (!servers || Object.keys(servers).length === 0) continue;
+      results.push({ source, path, servers });
+    } catch {
+    }
+  }
+  return results;
+}
+function mergeConfigs(results) {
+  const merged = {};
+  const userConfigs = results.filter((r) => r.source.includes("user"));
+  const projectConfigs = results.filter((r) => !r.source.includes("user"));
+  for (const c of userConfigs) Object.assign(merged, c.servers);
+  for (const c of projectConfigs) Object.assign(merged, c.servers);
+  return merged;
+}
+
+// src/live-scan.ts
+import { spawn } from "child_process";
+var DEFAULT_TIMEOUT_MS = 3e4;
+async function liveScan(command, args, timeoutMs = DEFAULT_TIMEOUT_MS, env) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(command, args, {
+      stdio: ["pipe", "pipe", "pipe"],
+      env: {
+        ...process.env,
+        ...env,
+        NODE_NO_WARNINGS: "1",
+        BROWSER: "none",
+        NO_BROWSER: "1"
+      }
+    });
+    let nextId = 1;
+    const pending = /* @__PURE__ */ new Map();
+    let buffer = "";
+    let settled = false;
+    const timer = setTimeout(() => {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        reject(new Error(`Timed out after ${timeoutMs}ms`));
+      }
+    }, timeoutMs);
+    function cleanup() {
+      clearTimeout(timer);
+      try {
+        child.stdin.end();
+      } catch {
+      }
+      try {
+        child.kill("SIGKILL");
+      } catch {
+      }
+    }
+    function settle(fn) {
+      if (!settled) {
+        settled = true;
+        cleanup();
+        fn();
+      }
+    }
+    child.stdout.on("data", (chunk) => {
+      buffer += chunk.toString();
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || !trimmed.startsWith("{")) continue;
+        try {
+          const resp = JSON.parse(trimmed);
+          if (resp.id && pending.has(resp.id)) {
+            const p = pending.get(resp.id);
+            pending.delete(resp.id);
+            p.resolve(resp);
+          }
+        } catch {
+        }
+      }
+    });
+    child.on("error", (err) => {
+      settle(() => reject(new Error(`Failed to spawn ${command}: ${err.message}`)));
+    });
+    child.on("exit", (code) => {
+      settle(() => reject(new Error(`${command} exited with code ${code} before discovery completed`)));
+    });
+    function sendRequest(method, params) {
+      return new Promise((res, rej) => {
+        const id = nextId++;
+        pending.set(id, { resolve: res, reject: rej });
+        const msg = JSON.stringify({ jsonrpc: "2.0", id, method, params }) + "\n";
+        child.stdin.write(msg);
+      });
+    }
+    function sendNotification(method) {
+      const msg = JSON.stringify({ jsonrpc: "2.0", method }) + "\n";
+      child.stdin.write(msg);
+    }
+    (async () => {
+      const initResp = await sendRequest("initialize", {
+        protocolVersion: "2024-11-05",
+        capabilities: {},
+        clientInfo: { name: "policylayer-scan", version: "0.1.0" }
+      });
+      if (initResp.error) {
+        throw new Error(`Initialize failed: ${initResp.error.message}`);
+      }
+      sendNotification("notifications/initialized");
+      const allTools = [];
+      let cursor;
+      let pages = 0;
+      do {
+        const params = {};
+        if (cursor) params.cursor = cursor;
+        const resp = await sendRequest("tools/list", params);
+        if (resp.error) {
+          throw new Error(`tools/list failed: ${resp.error.message}`);
+        }
+        const result = resp.result;
+        if (result.tools) allTools.push(...result.tools);
+        cursor = result.nextCursor || void 0;
+        pages++;
+      } while (cursor && pages < 100);
+      settle(() => resolve(allTools));
+    })().catch((err) => {
+      settle(() => reject(err));
+    });
+  });
+}
+
+// src/classify.ts
+var import_classifier = __toESM(require_dist(), 1);
+var API_BASE = process.env.POLICYLAYER_API_URL || "https://api.policylayer.com";
+async function classifyViaApi(packages) {
+  try {
+    const res = await fetch(`${API_BASE}/api/scan/lookup`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ packages }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+function classifyLocally(serverName, pkg, tools) {
+  return {
+    name: serverName,
+    package: pkg,
+    source: "local",
+    tools: tools.map((t) => {
+      const result = (0, import_classifier.classifyTool)({
+        name: t.name,
+        description: t.description || "",
+        inputSchema: t.inputSchema
+      });
+      const signalsSummary = result.signals.length > 0 ? result.signals.map((s) => s.signal).join("; ") : null;
+      return {
+        name: t.name,
+        description: t.description || "",
+        category: result.category,
+        severity: result.severity,
+        riskNote: signalsSummary,
+        riskWeight: result.riskWeight,
+        riskType: null,
+        confidence: result.confidence,
+        inputSchema: t.inputSchema
+      };
+    })
+  };
+}
+
+// src/policy.ts
+import { writeFileSync } from "fs";
+function generatePolicyYaml(servers) {
+  let yaml = 'version: "1"\ndefault: deny\n\ntools:\n';
+  for (const server of servers) {
+    yaml += `  # ${server.name} (${server.tools.length} tools)
+`;
+    for (const tool of server.tools) {
+      switch (tool.category) {
+        case "Read":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: allow
+        rate_limit: 60/minute
+
+`;
+          break;
+        case "Write":
+        case "Execute":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: allow
+        rate_limit: 10/hour
+
+`;
+          break;
+        case "Financial":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: deny
+        on_deny: "Financial operation blocked by policy"
+
+`;
+          break;
+        case "Destructive":
+          yaml += `  ${tool.name}:
+    rules:
+      - action: deny
+        on_deny: "Destructive operation blocked by policy"
+
+`;
+          break;
+        default:
+          yaml += `  ${tool.name}:
+    rules:
+      - action: allow
+        rate_limit: 30/minute
+
+`;
+      }
+    }
+  }
+  return yaml.trim();
+}
+function writePolicyFile(path, servers) {
+  const yaml = generatePolicyYaml(servers);
+  writeFileSync(path, yaml + "\n");
+}
+
+// src/report.ts
+var API_BASE2 = process.env.POLICYLAYER_API_URL || "https://api.policylayer.com";
+function buildSummary(servers) {
+  const categories = {};
+  const severities = {};
+  let totalTools = 0;
+  for (const s of servers) {
+    for (const t of s.tools) {
+      totalTools++;
+      categories[t.category] = (categories[t.category] || 0) + 1;
+      severities[t.severity] = (severities[t.severity] || 0) + 1;
+    }
+  }
+  return { totalServers: servers.length, totalTools, categories, severities };
+}
+async function submitReport(servers, policy) {
+  const summary = buildSummary(servers);
+  const unknownTools = servers.filter((s) => s.source === "local").flatMap(
+    (s) => s.tools.map((t) => ({
+      serverName: s.name,
+      serverPackage: s.package,
+      toolName: t.name,
+      toolDescription: t.description,
+      inputSchema: t.inputSchema || null,
+      suggestedCategory: t.category
+    }))
+  );
+  try {
+    const res = await fetch(`${API_BASE2}/api/scan/submit`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        source: "cli",
+        summary,
+        servers: servers.map((s) => ({
+          name: s.name,
+          package: s.package,
+          toolCount: s.tools.length,
+          tools: s.tools
+        })),
+        policy,
+        unknownTools: unknownTools.length > 0 ? unknownTools : void 0
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    if (!res.ok) return null;
+    const liveServers = servers.filter((s) => s.source === "local" && s.tools.length > 0);
+    if (liveServers.length > 0) {
+      contributeTools(liveServers).catch(() => {
+      });
+    }
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+async function contributeTools(servers) {
+  await fetch(`${API_BASE2}/api/scan/contribute`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      servers: servers.map((s) => ({
+        package: s.package,
+        tools: s.tools.map((t) => ({
+          name: t.name,
+          description: t.description,
+          inputSchema: t.inputSchema
+        }))
+      }))
+    }),
+    signal: AbortSignal.timeout(1e4)
+  });
+}
+
+// src/index.ts
+var program = new Command();
+program.name("policylayer").description("Scan your MCP servers for security risks").version("0.1.0").option("-d, --dir <path>", "directory to scan for config files", process.cwd()).option("-o, --output <path>", "output path for policy YAML", "policylayer.yaml").option("--no-live", "skip live scanning, classify from config only").option("--no-report", "skip submitting report to PolicyLayer").option("--timeout <ms>", "timeout per server in milliseconds", "30000").option("--json", "output results as JSON").action(run);
+async function run(opts) {
+  const cwd = opts.dir;
+  const timeoutMs = parseInt(opts.timeout, 10);
+  if (!opts.json) console.log("Discovering MCP config files...");
+  const configs = discoverConfigs(cwd);
+  if (configs.length === 0) {
+    if (opts.json) {
+      console.log(JSON.stringify({ error: "No MCP config files found", configs: [] }));
+    } else {
+      console.log("No MCP config files found. Checked:");
+      console.log("  .mcp.json, .cursor/mcp.json, .vscode/settings.json, .codex/config.toml");
+      console.log("  ~/.claude.json, Claude Desktop, Windsurf, ~/.codex/config.toml");
+    }
+    process.exit(0);
+  }
+  if (!opts.json) {
+    console.log(`Found ${configs.length} config file(s):`);
+    for (const c of configs) {
+      console.log(`  ${c.source} \u2014 ${Object.keys(c.servers).length} server(s)`);
+    }
+    console.log();
+  }
+  const merged = mergeConfigs(configs);
+  const serverNames = Object.keys(merged);
+  if (!opts.json) {
+    console.log(`${serverNames.length} unique server(s) across all configs`);
+    console.log();
+  }
+  const liveResults = /* @__PURE__ */ new Map();
+  if (opts.live) {
+    if (!opts.json) console.log("Live scanning servers...");
+    for (const [name, entry] of Object.entries(merged)) {
+      const { command, args } = resolveCommand(entry);
+      if (!command) {
+        if (!opts.json) console.log(`  ${name}: skipped (no command/url)`);
+        continue;
+      }
+      try {
+        if (!opts.json) process.stdout.write(`  ${name}: scanning...`);
+        const tools = await liveScan(command, args, timeoutMs, entry.env);
+        liveResults.set(name, tools);
+        if (!opts.json) console.log(`\r  ${name}: ${tools.length} tool(s) discovered`);
+      } catch (err) {
+        if (!opts.json) console.log(`\r  ${name}: failed (${err.message})`);
+      }
+    }
+    if (!opts.json) console.log();
+  }
+  const classified = [];
+  const lookupKeys = [];
+  const keyToName = /* @__PURE__ */ new Map();
+  for (const name of serverNames) {
+    const keys = buildLookupKeys(name, merged[name]);
+    for (const key of keys) {
+      lookupKeys.push(key);
+      keyToName.set(key, name);
+    }
+  }
+  const uniqueKeys = [...new Set(lookupKeys)];
+  const apiResult = uniqueKeys.length > 0 ? await classifyViaApi(uniqueKeys) : null;
+  const matchedByPkg = /* @__PURE__ */ new Map();
+  if (apiResult) {
+    for (const m of apiResult.matched) {
+      matchedByPkg.set(m.slug, m);
+      matchedByPkg.set(m.name, m);
+      for (const pkg of m.packages) {
+        matchedByPkg.set(pkg, m);
+      }
+    }
+  }
+  for (const [name, entry] of Object.entries(merged)) {
+    const pkg = resolvePackage(name, entry) || name;
+    const liveTools = liveResults.get(name);
+    const apiMatch = matchedByPkg.get(pkg) || matchedByPkg.get(name);
+    if (apiMatch && !liveTools) {
+      classified.push({
+        name: apiMatch.name,
+        package: pkg,
+        source: "api",
+        tools: apiMatch.tools.map((t) => ({
+          name: t.name,
+          description: t.description || "",
+          category: t.category,
+          severity: t.severity,
+          riskNote: t.riskNote,
+          riskWeight: t.riskWeight,
+          riskType: t.riskType,
+          confidence: t.confidence
+        }))
+      });
+    } else if (liveTools && liveTools.length > 0) {
+      classified.push(classifyLocally(name, pkg, liveTools));
+    } else {
+      if (!opts.json) console.log(`  ${name}: no tools found, skipping`);
+    }
+  }
+  if (classified.length === 0) {
+    if (opts.json) {
+      console.log(JSON.stringify({ error: "No tools discovered", servers: 0 }));
+    } else {
+      console.log("No tools discovered from any server.");
+    }
+    process.exit(0);
+  }
+  const policyYaml = generatePolicyYaml(classified);
+  const outputPath = join2(cwd, opts.output);
+  writePolicyFile(outputPath, classified);
+  let reportResult = null;
+  if (opts.report) {
+    reportResult = await submitReport(classified, policyYaml);
+  }
+  const totalTools = classified.reduce((sum, s) => sum + s.tools.length, 0);
+  const categories = {};
+  for (const s of classified) {
+    for (const t of s.tools) {
+      categories[t.category] = (categories[t.category] || 0) + 1;
+    }
+  }
+  if (opts.json) {
+    console.log(JSON.stringify({
+      servers: classified.length,
+      tools: totalTools,
+      categories,
+      policyFile: outputPath,
+      reportUrl: reportResult?.url || null,
+      reportId: reportResult?.id || null,
+      results: classified
+    }, null, 2));
+  } else {
+    console.log("Scan complete.");
+    console.log();
+    console.log(`  Servers:  ${classified.length}`);
+    console.log(`  Tools:    ${totalTools}`);
+    console.log(`  Categories: ${Object.entries(categories).map(([k, v]) => `${k}(${v})`).join(" ")}`);
+    console.log();
+    console.log(`  Policy:   ${outputPath}`);
+    if (reportResult) {
+      console.log(`  Report:   ${reportResult.url}`);
+    }
+    console.log();
+    const highRisk = classified.flatMap(
+      (s) => s.tools.filter((t) => t.category === "Financial" || t.category === "Destructive")
+    );
+    if (highRisk.length > 0) {
+      console.log(`  ${highRisk.length} high-risk tool(s) detected:`);
+      for (const t of highRisk.slice(0, 10)) {
+        console.log(`    - ${t.name} (${t.category})`);
+      }
+      if (highRisk.length > 10) {
+        console.log(`    ... and ${highRisk.length - 10} more`);
+      }
+    }
+  }
+}
+function resolveCommand(entry) {
+  if (entry.command) {
+    return { command: entry.command, args: (entry.args || []).map(String) };
+  }
+  return { command: "", args: [] };
+}
+function resolvePackage(name, entry) {
+  if (entry.command === "npx") {
+    const args = (entry.args || []).map(String);
+    for (const arg of args) {
+      if (!arg.startsWith("-")) return arg;
+    }
+  }
+  if (entry.args) {
+    for (const arg of entry.args) {
+      const s = String(arg);
+      if (s.startsWith("@") && s.includes("/")) return s;
+    }
+  }
+  return null;
+}
+function buildLookupKeys(name, entry) {
+  const keys = [];
+  const pkg = resolvePackage(name, entry);
+  if (pkg) keys.push(pkg);
+  keys.push(name);
+  const stripped = name.replace(/[-_]mcp[-_]server$/i, "").replace(/[-_]mcp$/i, "").replace(/[-_]server$/i, "");
+  if (stripped !== name) keys.push(stripped);
+  return [...new Set(keys)];
+}
+program.parse();

package/package.json

@@ -1,20 +1,20 @@
 {
   "name": "policylayer",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "type": "module",
-  "description": "Scan your MCP config for security risks",
+  "description": "Scan your MCP servers for security risks — live tool discovery + classification + shareable report",
   "bin": {
     "policylayer": "./dist/index.js"
   },
   "files": [
-    "dist"
+    "dist",
+    "README.md"
   ],
   "engines": {
     "node": ">=20"
   },
   "scripts": {
     "build": "tsup",
-    "test": "vitest run",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -22,7 +22,8 @@
     "security",
     "scan",
     "claude",
-    "ai-agents"
+    "ai-agents",
+    "policylayer"
   ],
   "license": "MIT",
   "dependencies": {
@@ -30,9 +31,8 @@
     "smol-toml": "^1.6.1"
   },
   "devDependencies": {
-    "@types/node": "^25.5.0",
+    "@types/node": "^22.0.0",
     "tsup": "^8.5.1",
-    "typescript": "^5.9.3",
-    "vitest": "^4.1.0"
+    "typescript": "^5.9.3"
   }
 }