protect-mcp 0.5.0 → 0.5.2

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-YKM6W6T7.mjs";
+} from "./chunk-W4U5VNEC.mjs";
 import {
   ProtectGateway,
   buildDecisionContext,
@@ -18,7 +18,7 @@ import {
   resolveCredential,
   sendApprovalNotification,
   validateCredentials
-} from "./chunk-IUFFDQYZ.mjs";
+} from "./chunk-IWDR5WU3.mjs";
 import {
   createSandboxServer
 } from "./chunk-SU2FZH7U.mjs";
@@ -30,17 +30,20 @@ import {
 } from "./chunk-UEHLYOJY.mjs";
 import {
   startHookServer
-} from "./chunk-IAJJA5IW.mjs";
+} from "./chunk-Q4KOQUKV.mjs";
 import {
   checkRateLimit,
+  evaluateCedar,
   getSignerInfo,
   getToolPolicy,
   initSigning,
+  isCedarAvailable,
   isSigningEnabled,
+  loadCedarPolicies,
   loadPolicy,
   parseRateLimit,
   signDecision
-} from "./chunk-V52W3XIN.mjs";
+} from "./chunk-N4F76LTC.mjs";
 import {
   collectSignedReceipts,
   createAuditBundle
@@ -202,6 +205,273 @@ function validateEvidenceReceipt(receipt) {
   return errors;
 }
 
+// src/cedar-schema.ts
+function jsonSchemaToCedarType(schema, namespace, path) {
+  if (schema.enum) {
+    return "String";
+  }
+  const type = Array.isArray(schema.type) ? schema.type[0] : schema.type;
+  switch (type) {
+    case "string":
+      if (schema.format === "date-time") return "String";
+      if (schema.format === "uri") return "String";
+      return "String";
+    case "integer":
+    case "number":
+      return "Long";
+    case "boolean":
+      return "Bool";
+    case "array":
+      if (schema.items) {
+        const itemType = jsonSchemaToCedarType(schema.items, namespace, path + "_item");
+        return `Set<${itemType}>`;
+      }
+      return "Set<String>";
+    // Default to Set<String> for untyped arrays
+    case "object":
+      if (schema.properties && Object.keys(schema.properties).length > 0) {
+        const fields = Object.entries(schema.properties).map(([key, prop]) => {
+          const cedarType = jsonSchemaToCedarType(prop, namespace, path + "_" + sanitizeIdentifier(key));
+          const isRequired = schema.required?.includes(key) ?? false;
+          return `    "${sanitizeIdentifier(key)}": ${cedarType}${isRequired ? "" : "?"}`;
+        });
+        return `{
+${fields.join(",\n")}
+  }`;
+      }
+      return "Record";
+    // Empty objects
+    default:
+      return "String";
+  }
+}
+function sanitizeIdentifier(name) {
+  return name.replace(/[^a-zA-Z0-9_]/g, "_").replace(/^(\d)/, "_$1");
+}
+function cedarActionId(toolName) {
+  if (/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(toolName)) {
+    return toolName;
+  }
+  return toolName;
+}
+function generateCedarSchema(tools, config = {}) {
+  const ns = config.namespace || "ScopeBlind";
+  const includeTier = config.includeTier !== false;
+  const includeTimestamp = config.includeTimestamp !== false;
+  const includeAgentId = config.includeAgentId !== false;
+  const agentAttrs = [];
+  if (includeTier) agentAttrs.push('    "tier": String');
+  if (includeAgentId) agentAttrs.push('    "agent_id": String?');
+  const sessionFields = [];
+  if (includeTimestamp) sessionFields.push('    "timestamp": String?');
+  sessionFields.push('    "hook_event": String?');
+  const actionDeclarations = [];
+  const inputTypeDeclarations = [];
+  for (const tool of tools) {
+    const actionName = cedarActionId(tool.name);
+    const inputTypeName = `${sanitizeIdentifier(tool.name)}_Input`;
+    if (tool.inputSchema?.properties && Object.keys(tool.inputSchema.properties).length > 0) {
+      const fields = Object.entries(tool.inputSchema.properties).map(([key, prop]) => {
+        const cedarType = jsonSchemaToCedarType(prop, ns, sanitizeIdentifier(tool.name) + "_" + sanitizeIdentifier(key));
+        const isRequired = tool.inputSchema?.required?.includes(key) ?? false;
+        return `    "${sanitizeIdentifier(key)}": ${cedarType}${isRequired ? "" : "?"}`;
+      });
+      inputTypeDeclarations.push(
+        `  // Input type for tool: ${tool.name}` + (tool.description ? `
+  // ${tool.description}` : "") + `
+  type ${inputTypeName} = {
+${fields.join(",\n")}
+  };`
+      );
+      actionDeclarations.push(
+        `  action "${actionName}" in [Action::"MCP::Tool::call"] appliesTo {
+    principal: [Agent],
+    resource: [Tool],
+    context: {
+      "input": ${inputTypeName},
+      "tier": String${includeTimestamp ? ',\n      "timestamp": String?' : ""}${includeAgentId ? ',\n      "agent_id": String?' : ""}
+    }
+  };`
+      );
+    } else {
+      actionDeclarations.push(
+        `  action "${actionName}" in [Action::"MCP::Tool::call"] appliesTo {
+    principal: [Agent],
+    resource: [Tool],
+    context: {
+      "tier": String${includeTimestamp ? ',\n      "timestamp": String?' : ""}${includeAgentId ? ',\n      "agent_id": String?' : ""}
+    }
+  };`
+      );
+    }
+  }
+  actionDeclarations.push(
+    `  // Blanket action for policies matching any tool call
+  action "MCP::Tool::call" appliesTo {
+    principal: [Agent],
+    resource: [Tool],
+    context: {
+      "tier": String${includeTimestamp ? ',\n      "timestamp": String?' : ""}${includeAgentId ? ',\n      "agent_id": String?' : ""}
+    }
+  };`
+  );
+  const schemaText = [
+    `// Cedar schema for MCP tool governance`,
+    `// Generated by protect-mcp from ${tools.length} tool description(s)`,
+    `// Compatible with cedar-policy/cedar-for-agents`,
+    ``,
+    `namespace ${ns} {`,
+    ``,
+    `  // \u2500\u2500 Entity types \u2500\u2500`,
+    ``,
+    `  entity Agent${agentAttrs.length > 0 ? ` = {
+${agentAttrs.join(",\n")}
+  }` : ""};`,
+    ``,
+    `  entity Tool;`,
+    ``,
+    ...inputTypeDeclarations.length > 0 ? [`  // \u2500\u2500 Tool input types \u2500\u2500`, ``, ...inputTypeDeclarations, ``] : [],
+    `  // \u2500\u2500 Actions \u2500\u2500`,
+    ``,
+    ...actionDeclarations,
+    ``,
+    `}`,
+    ``
+  ].join("\n");
+  const schemaJson = buildSchemaJson(tools, ns, config);
+  return {
+    schemaText,
+    schemaJson,
+    toolCount: tools.length,
+    tools: tools.map((t) => t.name)
+  };
+}
+function buildSchemaJson(tools, namespace, config) {
+  const entityTypes = {
+    Agent: {
+      shape: {
+        type: "Record",
+        attributes: {
+          ...config.includeTier !== false ? { tier: { type: "String", required: false } } : {},
+          ...config.includeAgentId !== false ? { agent_id: { type: "String", required: false } } : {}
+        }
+      },
+      memberOfTypes: []
+    },
+    Tool: {
+      shape: { type: "Record", attributes: {} },
+      memberOfTypes: []
+    }
+  };
+  const actions = {};
+  for (const tool of tools) {
+    const contextAttrs = {
+      tier: { type: "String", required: false }
+    };
+    if (config.includeTimestamp !== false) {
+      contextAttrs["timestamp"] = { type: "String", required: false };
+    }
+    if (config.includeAgentId !== false) {
+      contextAttrs["agent_id"] = { type: "String", required: false };
+    }
+    if (tool.inputSchema?.properties) {
+      const inputAttrs = {};
+      for (const [key, prop] of Object.entries(tool.inputSchema.properties)) {
+        inputAttrs[sanitizeIdentifier(key)] = {
+          type: jsonSchemaToSchemaJsonType(prop),
+          required: tool.inputSchema.required?.includes(key) ?? false
+        };
+      }
+      contextAttrs["input"] = {
+        type: "Record",
+        attributes: inputAttrs,
+        required: false
+      };
+    }
+    actions[tool.name] = {
+      appliesTo: {
+        principalTypes: ["Agent"],
+        resourceTypes: ["Tool"],
+        context: { type: "Record", attributes: contextAttrs }
+      },
+      memberOf: [{ id: "MCP::Tool::call" }]
+    };
+  }
+  const blanketContext = {
+    tier: { type: "String", required: false }
+  };
+  if (config.includeTimestamp !== false) {
+    blanketContext["timestamp"] = { type: "String", required: false };
+  }
+  if (config.includeAgentId !== false) {
+    blanketContext["agent_id"] = { type: "String", required: false };
+  }
+  actions["MCP::Tool::call"] = {
+    appliesTo: {
+      principalTypes: ["Agent"],
+      resourceTypes: ["Tool"],
+      context: { type: "Record", attributes: blanketContext }
+    }
+  };
+  return {
+    [namespace]: {
+      entityTypes,
+      actions
+    }
+  };
+}
+function jsonSchemaToSchemaJsonType(schema) {
+  if (schema.enum) return "String";
+  const type = Array.isArray(schema.type) ? schema.type[0] : schema.type;
+  switch (type) {
+    case "string":
+      return "String";
+    case "integer":
+    case "number":
+      return "Long";
+    case "boolean":
+      return "EntityOrCommon";
+    // Cedar JSON schema uses this for Bool
+    case "array":
+      return "Set";
+    default:
+      return "String";
+  }
+}
+function generateSchemaStub(namespace = "ScopeBlind") {
+  return [
+    `// Cedar schema stub for protect-mcp`,
+    `// This defines the principal and resource entity types.`,
+    `// Tool-specific actions are auto-generated from MCP tools/list.`,
+    `//`,
+    `// Compatible with cedar-policy/cedar-for-agents @mcp_principal/@mcp_resource annotations.`,
+    `// See: https://github.com/cedar-policy/cedar-for-agents`,
+    ``,
+    `namespace ${namespace} {`,
+    ``,
+    `  // @mcp_principal`,
+    `  entity Agent = {`,
+    `    "tier": String,`,
+    `    "agent_id": String?`,
+    `  };`,
+    ``,
+    `  // @mcp_resource`,
+    `  entity Tool;`,
+    ``,
+    `  // @mcp_action`,
+    `  action "MCP::Tool::call" appliesTo {`,
+    `    principal: [Agent],`,
+    `    resource: [Tool],`,
+    `    context: {`,
+    `      "tier": String`,
+    `    }`,
+    `  };`,
+    ``,
+    `}`,
+    ``
+  ].join("\n");
+}
+
 // src/rekor-anchor.ts
 import { createHash } from "crypto";
 var REKOR_API = "https://rekor.sigstore.dev/api/v1";
@@ -1452,18 +1722,21 @@ export {
   createSandboxServer,
   destroySandbox,
   ed25519ToDIDKey,
+  evaluateCedar,
   evaluateTier,
   exportC2PAManifestJSON,
   exportJSONL,
   formatReportMarkdown,
   formatSimulation,
   generateC2PACommand,
+  generateCedarSchema,
   generateDatasetCard,
   generateHFMetadata,
   generateHookSettings,
   generateReport,
   generateSafetyTranscript,
   generateSampleCedarPolicy,
+  generateSchemaStub,
   generateVerifyReceiptSkill,
   getSignerInfo,
   getToolPolicy,
@@ -1471,11 +1744,13 @@ export {
   hashResponseBody,
   initSigning,
   isAgentId,
+  isCedarAvailable,
   isDisclosureMode,
   isEvidenceType,
   isManifestStatus,
   isSigningEnabled,
   listCredentialLabels,
+  loadCedarPolicies,
   loadPolicy,
   manifestToVC,
   meetsMinTier,

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "protect-mcp",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "mcpName": "io.github.tomjwxf/protect-mcp",
-  "description": "Security gateway for MCP servers. Shadow-mode logs, per-tool policies, optional local Ed25519-signed receipts. Programmatic hooks for trust tiers, credential config, and external policy engines.",
+  "description": "Enterprise security gateway for MCP servers and Claude Code hooks. Cedar policies, Ed25519-signed receipts, swarm tracking, and tamper detection. Shadow or enforce mode.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "dist/index.mjs",
@@ -46,7 +46,10 @@
     "receipts",
     "trust-tiers",
     "agent-governance",
-    "claude-code"
+    "claude-code",
+    "hooks",
+    "swarm",
+    "compliance"
   ],
   "author": "Tom Farley <tommy@scopeblind.com>",
   "license": "MIT",