npm - protect-mcp - Versions diffs - 0.6.2 → 0.7.0 - Mend

protect-mcp 0.6.2 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +47 -0
package/README.md +11 -0
package/dist/{chunk-UV53U6D4.mjs → chunk-546U3A7R.mjs} +79 -47
package/dist/{chunk-PLKRTBDR.mjs → chunk-OHUTUFTC.mjs} +1 -1
package/dist/{chunk-3YCKR72H.mjs → chunk-X63ELMU4.mjs} +1 -1
package/dist/{chunk-S4ICHNSP.mjs → chunk-ZBKJANP7.mjs} +2 -2
package/dist/cli.js +204 -53
package/dist/cli.mjs +137 -12
package/dist/hook-server.js +50 -47
package/dist/hook-server.mjs +2 -2
package/dist/{http-transport-MO32ESHZ.mjs → http-transport-R5AO7X6D.mjs} +2 -2
package/dist/index.d.mts +38 -5
package/dist/index.d.ts +38 -5
package/dist/index.js +82 -48
package/dist/index.mjs +8 -4
package/package.json +4 -3

package/dist/index.js CHANGED Viewed

@@ -35080,12 +35080,14 @@ __export(index_exports, {
   parseLogFile: () => parseLogFile,
   parseNotificationConfigFromEnv: () => parseNotificationConfigFromEnv,
   parseRateLimit: () => parseRateLimit,
+  policySetFromSource: () => policySetFromSource,
   queryExternalPDP: () => queryExternalPDP,
   receiptToVP: () => receiptToVP,
   receiptsToHFRows: () => receiptsToHFRows,
   redactFields: () => redactFields,
   resolveCredential: () => resolveCredential,
   revealField: () => revealField,
+  runEvaluatorSelfTest: () => runEvaluatorSelfTest,
   runInSandbox: () => runInSandbox,
   sendApprovalNotification: () => sendApprovalNotification,
   signCommittedDecision: () => signCommittedDecision,
@@ -35798,14 +35800,18 @@ function buildEntities(req) {
     }
   ];
 }
-async function evaluateCedar(policySet, req, schema) {
+function onEvalError(reason, failClosed, extra) {
+  return {
+    allowed: !failClosed,
+    reason: failClosed ? reason : `${reason} (observe mode; would DENY under enforcement)`,
+    metadata: { error: true, fail_closed: failClosed, would_deny: true, ...extra || {} }
+  };
+}
+async function evaluateCedar(policySet, req, schema, options) {
+  const failClosed = options?.failClosed ?? true;
   const available = await ensureCedarWasm();
   if (!available) {
-    return {
-      allowed: true,
-      reason: "cedar_wasm_not_available",
-      metadata: { fallback: true }
-    };
+    return onEvalError("cedar_wasm_not_available", failClosed, { fallback: true });
   }
   try {
     const agentId = req.agentId || req.tier;
@@ -35827,7 +35833,7 @@ async function evaluateCedar(policySet, req, schema) {
     let result;
     if (typeof cedarWasm.isAuthorized === "function") {
       result = cedarWasm.isAuthorized({
-        policies: policySet.source,
+        policies: { staticPolicies: policySet.source },
         entities,
         principal: authRequest.principal,
         action: authRequest.action,
@@ -35845,7 +35851,7 @@ async function evaluateCedar(policySet, req, schema) {
       const cedarEngine = cedarWasm.default || cedarWasm;
       if (typeof cedarEngine.isAuthorized === "function") {
         result = cedarEngine.isAuthorized({
-          policies: policySet.source,
+          policies: { staticPolicies: policySet.source },
           entities,
           principal: authRequest.principal,
           action: authRequest.action,
@@ -35854,61 +35860,87 @@ async function evaluateCedar(policySet, req, schema) {
           schema: cedarSchema
         });
       } else {
-        return {
-          allowed: true,
-          reason: "cedar_wasm_api_unsupported",
-          metadata: { fallback: true, exports: Object.keys(cedarWasm) }
-        };
+        return onEvalError("cedar_wasm_api_unsupported", failClosed, { exports: Object.keys(cedarWasm) });
       }
     }
-    const decision = parseWasmResult(result);
+    const parsed = parseWasmResult(result);
+    const policyErrors = extractPolicyErrors(result);
+    if (parsed.kind === "error") {
+      return onEvalError(`cedar_unparseable_result: ${parsed.diagnostics}`, failClosed);
+    }
+    if (policyErrors.length > 0) {
+      return onEvalError(
+        `cedar_policy_errored: ${policyErrors.length} policy error(s); decision is unsound`,
+        failClosed,
+        { policy_errors: policyErrors.slice(0, 5), policy_digest: policySet.digest }
+      );
+    }
     return {
-      allowed: decision.allowed,
-      reason: decision.allowed ? void 0 : `cedar_deny${decision.diagnostics ? ": " + decision.diagnostics : ""}`,
+      allowed: parsed.kind === "allow",
+      reason: parsed.kind === "allow" ? void 0 : `cedar_deny${parsed.diagnostics ? ": " + parsed.diagnostics : ""}`,
       metadata: {
         policy_digest: policySet.digest,
-        ...decision.matchedPolicies ? { matched_policies: decision.matchedPolicies } : {}
+        ...parsed.matchedPolicies ? { matched_policies: parsed.matchedPolicies } : {}
       }
     };
   } catch (err) {
-    return {
-      allowed: true,
-      reason: `cedar_eval_error: ${err instanceof Error ? err.message : "unknown"}`,
-      metadata: { fallback: true, error: true }
-    };
+    return onEvalError(`cedar_eval_error: ${err instanceof Error ? err.message : "unknown"}`, failClosed);
   }
 }
 function parseWasmResult(result) {
-  if (!result) {
-    return { allowed: true, diagnostics: "null result from Cedar WASM" };
-  }
-  if (result.type === "allow" || result.type === "Allow") {
-    return { allowed: true };
-  }
-  if (result.type === "deny" || result.type === "Deny") {
-    return {
-      allowed: false,
-      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0,
-      matchedPolicies: result.diagnostics?.reasons
-    };
-  }
-  if (result.decision === "Allow") {
-    return { allowed: true };
-  }
-  if (result.decision === "Deny") {
-    return {
-      allowed: false,
-      diagnostics: result.diagnostics ? JSON.stringify(result.diagnostics) : void 0
-    };
-  }
-  if (typeof result === "boolean") {
-    return { allowed: result };
-  }
-  return { allowed: true, diagnostics: `unknown result format: ${JSON.stringify(result)}` };
+  if (!result) return { kind: "error", diagnostics: "null result from Cedar WASM" };
+  if (result.type === "failure") {
+    return { kind: "error", diagnostics: `cedar failure: ${JSON.stringify(result.errors ?? [])}` };
+  }
+  if (result.type === "success" && result.response) {
+    const dec = result.response.decision;
+    const reasons = result.response.diagnostics?.reason;
+    if (dec === "allow" || dec === "Allow") return { kind: "allow", matchedPolicies: reasons };
+    if (dec === "deny" || dec === "Deny") {
+      return { kind: "deny", diagnostics: result.response.diagnostics ? JSON.stringify(result.response.diagnostics) : void 0, matchedPolicies: reasons };
+    }
+  }
+  if (result.type === "allow" || result.decision === "Allow") return { kind: "allow" };
+  if (result.type === "deny" || result.decision === "Deny") return { kind: "deny" };
+  if (typeof result === "boolean") return result ? { kind: "allow" } : { kind: "deny" };
+  return { kind: "error", diagnostics: `unknown result format: ${JSON.stringify(result)}` };
+}
+function extractPolicyErrors(result) {
+  if (!result || typeof result !== "object") return [];
+  const raw = result.errors ?? result.response?.diagnostics?.errors ?? result.diagnostics?.errors ?? [];
+  if (!Array.isArray(raw)) return [];
+  return raw.map((e) => typeof e === "string" ? e : e?.message ?? e?.error ?? JSON.stringify(e)).filter(Boolean);
 }
 async function isCedarAvailable() {
   return ensureCedarWasm();
 }
+function policySetFromSource(source, name = "inline") {
+  const digest = (0, import_node_crypto2.createHash)("sha256").update(source).digest("hex").slice(0, 16);
+  return { source, digest, fileCount: 1, files: [name] };
+}
+async function runEvaluatorSelfTest() {
+  const wasmAvailable = await isCedarAvailable();
+  const cases = [];
+  const run = async (name, expected, policy, context) => {
+    const d = await evaluateCedar(policy, { tool: "Bash", tier: "unknown", context }, void 0, { failClosed: true });
+    const actual = d.allowed ? "ALLOW" : "DENY";
+    cases.push({ name, expected, actual, pass: actual === expected, reason: d.reason });
+  };
+  if (!wasmAvailable) {
+    await run("engine unavailable denies", "DENY", policySetFromSource("permit(principal, action, resource);"), {});
+    return { wasmAvailable, passed: cases.every((c) => c.pass), cases };
+  }
+  const correct = policySetFromSource(
+    'forbid(principal, action, resource) when { ["rm", "dd", "mkfs"].contains(context.command) };\npermit(principal, action, resource);'
+  );
+  await run("forbid denies rm", "DENY", correct, { command: "rm" });
+  await run("permit allows ls", "ALLOW", correct, { command: "ls" });
+  const broken = policySetFromSource(
+    'forbid(principal, action, resource) when { context.command in ["rm", "dd"] };\npermit(principal, action, resource);'
+  );
+  await run("in-on-String forbid does not permit-all", "DENY", broken, { command: "rm" });
+  return { wasmAvailable, passed: cases.every((c) => c.pass), cases };
+}
 // src/notifications.ts
 async function sendApprovalNotification(config, notification) {
@@ -42732,12 +42764,14 @@ function createSandboxServer() {
   parseLogFile,
   parseNotificationConfigFromEnv,
   parseRateLimit,
+  policySetFromSource,
   queryExternalPDP,
   receiptToVP,
   receiptsToHFRows,
   redactFields,
   resolveCredential,
   revealField,
+  runEvaluatorSelfTest,
   runInSandbox,
   sendApprovalNotification,
   signCommittedDecision,

package/dist/index.mjs CHANGED Viewed

@@ -6,7 +6,7 @@ import {
   formatSimulation,
   parseLogFile,
   simulate
-} from "./chunk-S4ICHNSP.mjs";
+} from "./chunk-ZBKJANP7.mjs";
 import {
   ProtectGateway,
   buildDecisionContext,
@@ -18,7 +18,7 @@ import {
   resolveCredential,
   sendApprovalNotification,
   validateCredentials
-} from "./chunk-PLKRTBDR.mjs";
+} from "./chunk-OHUTUFTC.mjs";
 import {
   createSandboxServer
 } from "./chunk-J6L4XCTE.mjs";
@@ -33,7 +33,7 @@ import {
   forwardReceipt,
   getScopeBlindBridge,
   startHookServer
-} from "./chunk-3YCKR72H.mjs";
+} from "./chunk-X63ELMU4.mjs";
 import {
   checkRateLimit,
   evaluateCedar,
@@ -45,8 +45,10 @@ import {
   loadCedarPolicies,
   loadPolicy,
   parseRateLimit,
+  policySetFromSource,
+  runEvaluatorSelfTest,
   signDecision
-} from "./chunk-UV53U6D4.mjs";
+} from "./chunk-546U3A7R.mjs";
 import {
   ed25519,
   sha256
@@ -1995,12 +1997,14 @@ export {
   parseLogFile,
   parseNotificationConfigFromEnv,
   parseRateLimit,
+  policySetFromSource,
   queryExternalPDP,
   receiptToVP,
   receiptsToHFRows,
   redactFields,
   resolveCredential,
   revealField,
+  runEvaluatorSelfTest,
   runInSandbox,
   sendApprovalNotification,
   signCommittedDecision,

package/package.json CHANGED Viewed

@@ -1,8 +1,8 @@
 {
   "name": "protect-mcp",
-  "version": "0.6.2",
+  "version": "0.7.0",
   "mcpName": "com.scopeblind/protect-mcp",
-  "description": "Cedar policy + signed receipts for AI agent decisions. Same primitive shipping in ScopeBlind cold-chain hardware. scopeblind.com/cold-chain",
+  "description": "Fail-closed Cedar policy gate + signed receipts for AI agent tool calls. Blocks what breaks the rules before it runs, denies on any policy error, and proves the gate is live with a startup self-test.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "dist/index.mjs",
@@ -24,7 +24,8 @@
   "files": [
     "dist",
     "policies",
-    "README.md"
+    "README.md",
+    "CHANGELOG.md"
   ],
   "keywords": [
     "scopeblind",