protect-mcp 0.4.4 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/README.md +12 -0
  2. package/dist/{bundle-TXOTFJIJ.mjs → bundle-XTR3YMPO.mjs} +1 -0
  3. package/dist/chunk-PQJP2ZCI.mjs +8 -0
  4. package/dist/chunk-SU2FZH7U.mjs +35167 -0
  5. package/dist/cli.mjs +8 -7
  6. package/dist/demo-server.d.mts +2 -87
  7. package/dist/demo-server.d.ts +2 -87
  8. package/dist/demo-server.js +35026 -4
  9. package/dist/demo-server.mjs +2 -1
  10. package/dist/{ed25519-EDO4K4EP.mjs → ed25519-V7HDL2WC.mjs} +1 -0
  11. package/dist/{http-transport-VLIPOPIC.mjs → http-transport-XCHIKTYG.mjs} +1 -0
  12. package/dist/index.js +35037 -15
  13. package/dist/index.mjs +2 -1
  14. package/dist/{report-ENQ3KUI2.mjs → report-5XCNW6FB.mjs} +1 -0
  15. package/dist/{utils-IDWBSHJU.mjs → utils-6AYZFE5A.mjs} +1 -0
  16. package/package.json +2 -1
  17. package/policies/cedar/spending-authority.cedar +134 -0
  18. package/dist/chunk-U76JZVH6.mjs +0 -144
package/README.md CHANGED
@@ -222,8 +222,20 @@ Ship with protect-mcp — each prevents a real attack:
222
222
  | `data-exfiltration.json` | Agent data theft via outbound tool abuse | A02, A04 |
223
223
  | `financial-safe.json` | Unauthorized financial transaction | A05, A06 |
224
224
 
225
+ Cedar-native policies are also available in `policies/cedar/`:
226
+
227
+ | Policy | Purpose |
228
+ |--------|---------|
229
+ | `clinejection.cedar` | Cedar equivalent of the clinejection JSON policy |
230
+ | `terraform-destroy.cedar` | Cedar equivalent of the terraform-destroy JSON policy |
231
+ | `spending-authority.cedar` | Spending authority controls — caps per-tool transaction amounts and requires elevated tiers for high-value operations |
232
+
225
233
  ```bash
234
+ # JSON policy
226
235
  npx protect-mcp --policy node_modules/protect-mcp/policies/clinejection.json -- node server.js
236
+
237
+ # Cedar policy (requires @cedar-policy/cedar-wasm)
238
+ npx protect-mcp --policy node_modules/protect-mcp/policies/cedar/spending-authority.cedar --enforce -- node server.js
227
239
  ```
228
240
 
229
241
  Full OWASP Agentic Top 10 mapping: [scopeblind.com/docs/owasp](https://scopeblind.com/docs/owasp)
package/dist/{bundle-TXOTFJIJ.mjs → bundle-XTR3YMPO.mjs} RENAMED
@@ -2,6 +2,7 @@ import {
2
2
  collectSignedReceipts,
3
3
  createAuditBundle
4
4
  } from "./chunk-5JXFV37Y.mjs";
5
+ import "./chunk-PQJP2ZCI.mjs";
5
6
  export {
6
7
  collectSignedReceipts,
7
8
  createAuditBundle
package/dist/chunk-PQJP2ZCI.mjs ADDED
@@ -0,0 +1,8 @@
1
+ var __getOwnPropNames = Object.getOwnPropertyNames;
2
+ var __commonJS = (cb, mod) => function __require() {
3
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
4
+ };
5
+
6
+ export {
7
+ __commonJS
8
+ };