protect-mcp 0.5.0 → 0.5.2

package/dist/index.js

@@ -35041,18 +35041,21 @@ __export(index_exports, {
   createSandboxServer: () => createSandboxServer,
   destroySandbox: () => destroySandbox,
   ed25519ToDIDKey: () => ed25519ToDIDKey,
+  evaluateCedar: () => evaluateCedar,
   evaluateTier: () => evaluateTier,
   exportC2PAManifestJSON: () => exportC2PAManifestJSON,
   exportJSONL: () => exportJSONL,
   formatReportMarkdown: () => formatReportMarkdown,
   formatSimulation: () => formatSimulation,
   generateC2PACommand: () => generateC2PACommand,
+  generateCedarSchema: () => generateCedarSchema,
   generateDatasetCard: () => generateDatasetCard,
   generateHFMetadata: () => generateHFMetadata,
   generateHookSettings: () => generateHookSettings,
   generateReport: () => generateReport,
   generateSafetyTranscript: () => generateSafetyTranscript,
   generateSampleCedarPolicy: () => generateSampleCedarPolicy,
+  generateSchemaStub: () => generateSchemaStub,
   generateVerifyReceiptSkill: () => generateVerifyReceiptSkill,
   getSignerInfo: () => getSignerInfo,
   getToolPolicy: () => getToolPolicy,
@@ -35060,11 +35063,13 @@ __export(index_exports, {
   hashResponseBody: () => hashResponseBody,
   initSigning: () => initSigning,
   isAgentId: () => isAgentId,
+  isCedarAvailable: () => isCedarAvailable,
   isDisclosureMode: () => isDisclosureMode,
   isEvidenceType: () => isEvidenceType,
   isManifestStatus: () => isManifestStatus,
   isSigningEnabled: () => isSigningEnabled,
   listCredentialLabels: () => listCredentialLabels,
+  loadCedarPolicies: () => loadCedarPolicies,
   loadPolicy: () => loadPolicy,
   manifestToVC: () => manifestToVC,
   meetsMinTier: () => meetsMinTier,
@@ -35731,7 +35736,7 @@ function buildEntities(req) {
     }
   ];
 }
-async function evaluateCedar(policySet, req) {
+async function evaluateCedar(policySet, req, schema) {
   const available = await ensureCedarWasm();
   if (!available) {
     return {
@@ -35742,16 +35747,21 @@ async function evaluateCedar(policySet, req) {
   }
   try {
     const agentId = req.agentId || req.tier;
+    const context = {
+      tier: req.tier,
+      ...req.context || {}
+    };
+    if (req.toolInput && Object.keys(req.toolInput).length > 0) {
+      context.input = req.toolInput;
+    }
     const authRequest = {
       principal: { type: "Agent", id: agentId },
       action: { type: "Action", id: "MCP::Tool::call" },
       resource: { type: "Tool", id: req.tool },
-      context: {
-        tier: req.tier,
-        ...req.context || {}
-      }
+      context
     };
     const entities = buildEntities(req);
+    const cedarSchema = schema?.schemaJson ?? null;
     let result;
     if (typeof cedarWasm.isAuthorized === "function") {
       result = cedarWasm.isAuthorized({
@@ -35761,8 +35771,7 @@ async function evaluateCedar(policySet, req) {
         action: authRequest.action,
         resource: authRequest.resource,
         context: authRequest.context,
-        schema: null
-        // No schema enforcement — Cedar still evaluates correctly
+        schema: cedarSchema
       });
     } else if (typeof cedarWasm.checkAuthorization === "function") {
       result = cedarWasm.checkAuthorization(
@@ -35780,7 +35789,7 @@ async function evaluateCedar(policySet, req) {
           action: authRequest.action,
           resource: authRequest.resource,
           context: authRequest.context,
-          schema: null
+          schema: cedarSchema
         });
       } else {
         return {
@@ -38381,6 +38390,273 @@ If swarm data exists, show the agent topology (coordinator \u2192 workers).
 `;
 }
 
+// src/cedar-schema.ts
+function jsonSchemaToCedarType(schema, namespace, path) {
+  if (schema.enum) {
+    return "String";
+  }
+  const type = Array.isArray(schema.type) ? schema.type[0] : schema.type;
+  switch (type) {
+    case "string":
+      if (schema.format === "date-time") return "String";
+      if (schema.format === "uri") return "String";
+      return "String";
+    case "integer":
+    case "number":
+      return "Long";
+    case "boolean":
+      return "Bool";
+    case "array":
+      if (schema.items) {
+        const itemType = jsonSchemaToCedarType(schema.items, namespace, path + "_item");
+        return `Set<${itemType}>`;
+      }
+      return "Set<String>";
+    // Default to Set<String> for untyped arrays
+    case "object":
+      if (schema.properties && Object.keys(schema.properties).length > 0) {
+        const fields = Object.entries(schema.properties).map(([key, prop]) => {
+          const cedarType = jsonSchemaToCedarType(prop, namespace, path + "_" + sanitizeIdentifier(key));
+          const isRequired = schema.required?.includes(key) ?? false;
+          return `    "${sanitizeIdentifier(key)}": ${cedarType}${isRequired ? "" : "?"}`;
+        });
+        return `{
+${fields.join(",\n")}
+  }`;
+      }
+      return "Record";
+    // Empty objects
+    default:
+      return "String";
+  }
+}
+function sanitizeIdentifier(name) {
+  return name.replace(/[^a-zA-Z0-9_]/g, "_").replace(/^(\d)/, "_$1");
+}
+function cedarActionId(toolName) {
+  if (/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(toolName)) {
+    return toolName;
+  }
+  return toolName;
+}
+function generateCedarSchema(tools, config = {}) {
+  const ns = config.namespace || "ScopeBlind";
+  const includeTier = config.includeTier !== false;
+  const includeTimestamp = config.includeTimestamp !== false;
+  const includeAgentId = config.includeAgentId !== false;
+  const agentAttrs = [];
+  if (includeTier) agentAttrs.push('    "tier": String');
+  if (includeAgentId) agentAttrs.push('    "agent_id": String?');
+  const sessionFields = [];
+  if (includeTimestamp) sessionFields.push('    "timestamp": String?');
+  sessionFields.push('    "hook_event": String?');
+  const actionDeclarations = [];
+  const inputTypeDeclarations = [];
+  for (const tool of tools) {
+    const actionName = cedarActionId(tool.name);
+    const inputTypeName = `${sanitizeIdentifier(tool.name)}_Input`;
+    if (tool.inputSchema?.properties && Object.keys(tool.inputSchema.properties).length > 0) {
+      const fields = Object.entries(tool.inputSchema.properties).map(([key, prop]) => {
+        const cedarType = jsonSchemaToCedarType(prop, ns, sanitizeIdentifier(tool.name) + "_" + sanitizeIdentifier(key));
+        const isRequired = tool.inputSchema?.required?.includes(key) ?? false;
+        return `    "${sanitizeIdentifier(key)}": ${cedarType}${isRequired ? "" : "?"}`;
+      });
+      inputTypeDeclarations.push(
+        `  // Input type for tool: ${tool.name}` + (tool.description ? `
+  // ${tool.description}` : "") + `
+  type ${inputTypeName} = {
+${fields.join(",\n")}
+  };`
+      );
+      actionDeclarations.push(
+        `  action "${actionName}" in [Action::"MCP::Tool::call"] appliesTo {
+    principal: [Agent],
+    resource: [Tool],
+    context: {
+      "input": ${inputTypeName},
+      "tier": String${includeTimestamp ? ',\n      "timestamp": String?' : ""}${includeAgentId ? ',\n      "agent_id": String?' : ""}
+    }
+  };`
+      );
+    } else {
+      actionDeclarations.push(
+        `  action "${actionName}" in [Action::"MCP::Tool::call"] appliesTo {
+    principal: [Agent],
+    resource: [Tool],
+    context: {
+      "tier": String${includeTimestamp ? ',\n      "timestamp": String?' : ""}${includeAgentId ? ',\n      "agent_id": String?' : ""}
+    }
+  };`
+      );
+    }
+  }
+  actionDeclarations.push(
+    `  // Blanket action for policies matching any tool call
+  action "MCP::Tool::call" appliesTo {
+    principal: [Agent],
+    resource: [Tool],
+    context: {
+      "tier": String${includeTimestamp ? ',\n      "timestamp": String?' : ""}${includeAgentId ? ',\n      "agent_id": String?' : ""}
+    }
+  };`
+  );
+  const schemaText = [
+    `// Cedar schema for MCP tool governance`,
+    `// Generated by protect-mcp from ${tools.length} tool description(s)`,
+    `// Compatible with cedar-policy/cedar-for-agents`,
+    ``,
+    `namespace ${ns} {`,
+    ``,
+    `  // \u2500\u2500 Entity types \u2500\u2500`,
+    ``,
+    `  entity Agent${agentAttrs.length > 0 ? ` = {
+${agentAttrs.join(",\n")}
+  }` : ""};`,
+    ``,
+    `  entity Tool;`,
+    ``,
+    ...inputTypeDeclarations.length > 0 ? [`  // \u2500\u2500 Tool input types \u2500\u2500`, ``, ...inputTypeDeclarations, ``] : [],
+    `  // \u2500\u2500 Actions \u2500\u2500`,
+    ``,
+    ...actionDeclarations,
+    ``,
+    `}`,
+    ``
+  ].join("\n");
+  const schemaJson = buildSchemaJson(tools, ns, config);
+  return {
+    schemaText,
+    schemaJson,
+    toolCount: tools.length,
+    tools: tools.map((t) => t.name)
+  };
+}
+function buildSchemaJson(tools, namespace, config) {
+  const entityTypes = {
+    Agent: {
+      shape: {
+        type: "Record",
+        attributes: {
+          ...config.includeTier !== false ? { tier: { type: "String", required: false } } : {},
+          ...config.includeAgentId !== false ? { agent_id: { type: "String", required: false } } : {}
+        }
+      },
+      memberOfTypes: []
+    },
+    Tool: {
+      shape: { type: "Record", attributes: {} },
+      memberOfTypes: []
+    }
+  };
+  const actions = {};
+  for (const tool of tools) {
+    const contextAttrs = {
+      tier: { type: "String", required: false }
+    };
+    if (config.includeTimestamp !== false) {
+      contextAttrs["timestamp"] = { type: "String", required: false };
+    }
+    if (config.includeAgentId !== false) {
+      contextAttrs["agent_id"] = { type: "String", required: false };
+    }
+    if (tool.inputSchema?.properties) {
+      const inputAttrs = {};
+      for (const [key, prop] of Object.entries(tool.inputSchema.properties)) {
+        inputAttrs[sanitizeIdentifier(key)] = {
+          type: jsonSchemaToSchemaJsonType(prop),
+          required: tool.inputSchema.required?.includes(key) ?? false
+        };
+      }
+      contextAttrs["input"] = {
+        type: "Record",
+        attributes: inputAttrs,
+        required: false
+      };
+    }
+    actions[tool.name] = {
+      appliesTo: {
+        principalTypes: ["Agent"],
+        resourceTypes: ["Tool"],
+        context: { type: "Record", attributes: contextAttrs }
+      },
+      memberOf: [{ id: "MCP::Tool::call" }]
+    };
+  }
+  const blanketContext = {
+    tier: { type: "String", required: false }
+  };
+  if (config.includeTimestamp !== false) {
+    blanketContext["timestamp"] = { type: "String", required: false };
+  }
+  if (config.includeAgentId !== false) {
+    blanketContext["agent_id"] = { type: "String", required: false };
+  }
+  actions["MCP::Tool::call"] = {
+    appliesTo: {
+      principalTypes: ["Agent"],
+      resourceTypes: ["Tool"],
+      context: { type: "Record", attributes: blanketContext }
+    }
+  };
+  return {
+    [namespace]: {
+      entityTypes,
+      actions
+    }
+  };
+}
+function jsonSchemaToSchemaJsonType(schema) {
+  if (schema.enum) return "String";
+  const type = Array.isArray(schema.type) ? schema.type[0] : schema.type;
+  switch (type) {
+    case "string":
+      return "String";
+    case "integer":
+    case "number":
+      return "Long";
+    case "boolean":
+      return "EntityOrCommon";
+    // Cedar JSON schema uses this for Bool
+    case "array":
+      return "Set";
+    default:
+      return "String";
+  }
+}
+function generateSchemaStub(namespace = "ScopeBlind") {
+  return [
+    `// Cedar schema stub for protect-mcp`,
+    `// This defines the principal and resource entity types.`,
+    `// Tool-specific actions are auto-generated from MCP tools/list.`,
+    `//`,
+    `// Compatible with cedar-policy/cedar-for-agents @mcp_principal/@mcp_resource annotations.`,
+    `// See: https://github.com/cedar-policy/cedar-for-agents`,
+    ``,
+    `namespace ${namespace} {`,
+    ``,
+    `  // @mcp_principal`,
+    `  entity Agent = {`,
+    `    "tier": String,`,
+    `    "agent_id": String?`,
+    `  };`,
+    ``,
+    `  // @mcp_resource`,
+    `  entity Tool;`,
+    ``,
+    `  // @mcp_action`,
+    `  action "MCP::Tool::call" appliesTo {`,
+    `    principal: [Agent],`,
+    `    resource: [Tool],`,
+    `    context: {`,
+    `      "tier": String`,
+    `    }`,
+    `  };`,
+    ``,
+    `}`,
+    ``
+  ].join("\n");
+}
+
 // src/rekor-anchor.ts
 var import_node_crypto5 = require("crypto");
 var REKOR_API = "https://rekor.sigstore.dev/api/v1";
@@ -39807,18 +40083,21 @@ function createSandboxServer() {
   createSandboxServer,
   destroySandbox,
   ed25519ToDIDKey,
+  evaluateCedar,
   evaluateTier,
   exportC2PAManifestJSON,
   exportJSONL,
   formatReportMarkdown,
   formatSimulation,
   generateC2PACommand,
+  generateCedarSchema,
   generateDatasetCard,
   generateHFMetadata,
   generateHookSettings,
   generateReport,
   generateSafetyTranscript,
   generateSampleCedarPolicy,
+  generateSchemaStub,
   generateVerifyReceiptSkill,
   getSignerInfo,
   getToolPolicy,
@@ -39826,11 +40105,13 @@ function createSandboxServer() {
   hashResponseBody,
   initSigning,
   isAgentId,
+  isCedarAvailable,
   isDisclosureMode,
   isEvidenceType,
   isManifestStatus,
   isSigningEnabled,
   listCredentialLabels,
+  loadCedarPolicies,
   loadPolicy,
   manifestToVC,
   meetsMinTier,