security-mcp 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/install.js +24 -3
- package/package.json +1 -1
package/dist/cli/install.js
CHANGED
|
@@ -102,6 +102,27 @@ function writeVsCodeSettings(configPath, dryRun) {
|
|
|
102
102
|
}
|
|
103
103
|
return configPath;
|
|
104
104
|
}
|
|
105
|
+
function installPolicy(dryRun) {
|
|
106
|
+
const policySrc = join(PKG_ROOT, "defaults", "security-policy.json");
|
|
107
|
+
const policyDest = join(process.cwd(), ".mcp", "policies", "security-policy.json");
|
|
108
|
+
const evidenceSrc = join(PKG_ROOT, "defaults", "evidence-map.json");
|
|
109
|
+
const evidenceDest = join(process.cwd(), ".mcp", "mappings", "evidence-map.json");
|
|
110
|
+
for (const { src, dest } of [{ src: policySrc, dest: policyDest }, { src: evidenceSrc, dest: evidenceDest }]) {
|
|
111
|
+
if (!existsSync(src)) {
|
|
112
|
+
process.stdout.write(` [skip] ${src} not found in package\n`);
|
|
113
|
+
continue;
|
|
114
|
+
}
|
|
115
|
+
if (existsSync(dest)) {
|
|
116
|
+
process.stdout.write(` [skip] already exists: ${dest}\n`);
|
|
117
|
+
continue;
|
|
118
|
+
}
|
|
119
|
+
if (!dryRun) {
|
|
120
|
+
mkdirSync(dirname(dest), { recursive: true });
|
|
121
|
+
copyFileSync(src, dest);
|
|
122
|
+
}
|
|
123
|
+
process.stdout.write(` ${dryRun ? "[dry-run] would copy" : "installed"}: ${dest}\n`);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
105
126
|
function installSkill(dryRun) {
|
|
106
127
|
const skillSrc = join(PKG_ROOT, "skills", "senior-security-engineer", "SKILL.md");
|
|
107
128
|
const skillDest = resolveHome("~/.claude/skills/senior-security-engineer/SKILL.md");
|
|
@@ -148,6 +169,8 @@ export async function runInstall(opts) {
|
|
|
148
169
|
process.stdout.write("\nInstalling Claude Code skill...\n");
|
|
149
170
|
installSkill(dryRun);
|
|
150
171
|
}
|
|
172
|
+
process.stdout.write("\nInstalling security policy...\n");
|
|
173
|
+
installPolicy(dryRun);
|
|
151
174
|
process.stdout.write("\n");
|
|
152
175
|
process.stdout.write(dryRun
|
|
153
176
|
? "Dry-run complete. Re-run without --dry-run to apply.\n"
|
|
@@ -155,7 +178,5 @@ export async function runInstall(opts) {
|
|
|
155
178
|
process.stdout.write("\nNext steps:\n");
|
|
156
179
|
process.stdout.write(" 1. Restart your editor.\n");
|
|
157
180
|
process.stdout.write(' 2. In Claude Code, type /senior-security-engineer to activate the security persona.\n');
|
|
158
|
-
process.stdout.write(' 3. Ask your AI: "Run security.run_pr_gate" to check your current diff.\n');
|
|
159
|
-
process.stdout.write(" 4. Copy defaults/security-policy.json to .mcp/policies/security-policy.json\n");
|
|
160
|
-
process.stdout.write(" and customize it for your project.\n\n");
|
|
181
|
+
process.stdout.write(' 3. Ask your AI: "Run security.run_pr_gate" to check your current diff.\n\n');
|
|
161
182
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "security-mcp",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.2",
|
|
4
4
|
"description": "AI security MCP server and enforcement gate for Claude Code, Cursor, GitHub Copilot, Codex, Replit, and any MCP-compatible editor. Applies OWASP, MITRE ATT&CK, NIST, Zero Trust, PCI DSS, SOC 2, and ISO 27001.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|