security-mcp 1.0.4 → 1.1.0

package/dist/repo/fs.js

@@ -1,14 +1,19 @@
 import { readFile } from "node:fs/promises";
 import path from "node:path";
-const ROOT = process.cwd();
-// ROOT_PREFIX ensures /home/u/project-adjacent doesn't pass a startsWith check for /home/u/project
-const ROOT_PREFIX = ROOT.endsWith(path.sep) ? ROOT : ROOT + path.sep;
+function getWorkspaceRoot() {
+    return process.cwd();
+}
+function getWorkspacePrefix(root) {
+    return root.endsWith(path.sep) ? root : root + path.sep;
+}
 export async function readFileSafe(relPath) {
-    const p = path.resolve(ROOT, relPath);
+    const root = getWorkspaceRoot();
+    const rootPrefix = getWorkspacePrefix(root);
+    const p = path.resolve(root, relPath);
     // Allow exact match to ROOT itself or any path strictly under it.
     // Using ROOT_PREFIX prevents the classic prefix-collision bypass
     // (e.g. /app-sibling matching /app as a prefix). CWE-22.
-    if (p !== ROOT && !p.startsWith(ROOT_PREFIX)) {
+    if (p !== root && !p.startsWith(rootPrefix)) {
         throw new Error("Path traversal blocked");
     }
     return await readFile(p, "utf8");

package/dist/repo/search.js

@@ -42,7 +42,19 @@ function scanLines(file, lines, opts, re, matches) {
 export async function searchRepo(opts) {
     const files = await fg(["**/*.*"], {
         dot: true,
-        ignore: ["**/node_modules/**", "**/.git/**", "**/dist/**"]
+        ignore: [
+            "**/node_modules/**",
+            "**/.git/**",
+            "**/dist/**",
+            "**/.claude/**",
+            // Exclude tool-internal files — they contain detection patterns and remediation
+            // examples that would trigger their own scanners (false positives in self-scan).
+            // When deployed as a package, these live in node_modules and are ignored naturally.
+            "src/gate/**",
+            "src/mcp/**",
+            "src/cli/**",
+            "prompts/**"
+        ]
     });
     const re = opts.isRegex ? compileUserRegex(opts.query) : null;
     const matches = [];

package/dist/review/store.js

@@ -0,0 +1,208 @@
+import { createHash, createHmac, randomUUID } from "node:crypto";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import path from "node:path";
+const REVIEW_DIR = path.join(".mcp", "reviews");
+const REPORT_DIR = path.join(".mcp", "reports");
+const CHECKLIST_DEFAULTS_DIR = path.join(path.dirname(path.dirname(path.dirname(new URL(import.meta.url).pathname))), "defaults", "checklists");
+async function ensureDir(dirPath) {
+    await mkdir(dirPath, { recursive: true });
+}
+function reviewPath(runId) {
+    return path.join(process.cwd(), REVIEW_DIR, `${runId}.json`);
+}
+function reportPath(runId) {
+    return path.join(process.cwd(), REPORT_DIR, `${runId}.attestation.json`);
+}
+async function writeJson(filePath, value) {
+    await ensureDir(path.dirname(filePath));
+    await writeFile(filePath, JSON.stringify(value, null, 2) + "\n", "utf-8");
+}
+function checklistPath(runId) {
+    return path.join(process.cwd(), REVIEW_DIR, `${runId}-checklist.json`);
+}
+async function readChecklistRaw(runId) {
+    try {
+        const raw = await readFile(checklistPath(runId), "utf-8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+function computeAllCriticalComplete(items) {
+    return items
+        .filter((i) => i.critical)
+        .every((i) => i.status === "completed" || i.status === "na");
+}
+/**
+ * Initialize a checklist for a run from the surface template.
+ */
+export async function initChecklist(runId, surface) {
+    // Load template from defaults/checklists/{surface}.json
+    let template;
+    try {
+        const raw = await readFile(path.join(CHECKLIST_DEFAULTS_DIR, `${surface}.json`), "utf-8");
+        template = JSON.parse(raw);
+    }
+    catch {
+        // Fallback to empty template
+        template = { surface, items: [] };
+    }
+    const items = template.items.map((item) => ({
+        id: item.id,
+        surface,
+        description: item.description,
+        critical: item.critical,
+        status: "pending",
+        runId
+    }));
+    const state = {
+        runId,
+        surface,
+        items,
+        allCriticalComplete: false
+    };
+    await writeJson(checklistPath(runId), state);
+    return state;
+}
+/**
+ * Mark a checklist item as completed.
+ */
+export async function completeChecklistItem(runId, itemId, completedBy, evidence) {
+    const state = await readChecklistRaw(runId);
+    if (!state)
+        throw new Error(`No checklist found for runId: ${runId}`);
+    const item = state.items.find((i) => i.id === itemId);
+    if (!item)
+        throw new Error(`Checklist item not found: ${itemId}`);
+    item.status = "completed";
+    item.completedBy = completedBy;
+    item.completedAt = new Date().toISOString();
+    if (evidence)
+        item.evidence = evidence;
+    state.allCriticalComplete = computeAllCriticalComplete(state.items);
+    await writeJson(checklistPath(runId), state);
+    return state;
+}
+/**
+ * Mark a checklist item as not applicable.
+ */
+export async function markChecklistItemNA(runId, itemId, completedBy, reason) {
+    const state = await readChecklistRaw(runId);
+    if (!state)
+        throw new Error(`No checklist found for runId: ${runId}`);
+    const item = state.items.find((i) => i.id === itemId);
+    if (!item)
+        throw new Error(`Checklist item not found: ${itemId}`);
+    item.status = "na";
+    item.completedBy = completedBy;
+    item.completedAt = new Date().toISOString();
+    item.evidence = reason;
+    state.allCriticalComplete = computeAllCriticalComplete(state.items);
+    await writeJson(checklistPath(runId), state);
+    return state;
+}
+/**
+ * Mark a checklist item as failed.
+ */
+export async function failChecklistItem(runId, itemId, completedBy, reason) {
+    const state = await readChecklistRaw(runId);
+    if (!state)
+        throw new Error(`No checklist found for runId: ${runId}`);
+    const item = state.items.find((i) => i.id === itemId);
+    if (!item)
+        throw new Error(`Checklist item not found: ${itemId}`);
+    item.status = "failed";
+    item.completedBy = completedBy;
+    item.completedAt = new Date().toISOString();
+    item.evidence = reason;
+    state.allCriticalComplete = computeAllCriticalComplete(state.items);
+    await writeJson(checklistPath(runId), state);
+    return state;
+}
+/**
+ * Sign off on a checklist. Requires all non-NA critical items to be completed.
+ */
+export async function signOffChecklist(runId, signedOffBy) {
+    const state = await readChecklistRaw(runId);
+    if (!state)
+        throw new Error(`No checklist found for runId: ${runId}`);
+    const blockers = state.items.filter((i) => i.critical && (i.status === "pending" || i.status === "failed"));
+    if (blockers.length > 0) {
+        const list = blockers.map((b) => `${b.id}: ${b.description} (${b.status})`).join("; ");
+        throw new Error(`Cannot sign off: ${blockers.length} critical item(s) are not completed: ${list}`);
+    }
+    state.signedOffBy = signedOffBy;
+    state.signedOffAt = new Date().toISOString();
+    state.allCriticalComplete = true;
+    await writeJson(checklistPath(runId), state);
+    return state;
+}
+/**
+ * Read checklist state for a run.
+ */
+export async function readChecklist(runId) {
+    return readChecklistRaw(runId);
+}
+export async function createReviewRun(opts) {
+    const now = new Date().toISOString();
+    const cleanTargets = (opts.targets ?? []).map((target) => target.trim()).filter(Boolean);
+    const run = {
+        id: randomUUID(),
+        createdAt: now,
+        updatedAt: now,
+        mode: opts.mode,
+        targets: cleanTargets,
+        baseRef: opts.baseRef,
+        headRef: opts.headRef,
+        requiredSteps: ["scan_strategy", "threat_model", "checklist", "run_pr_gate"],
+        steps: {
+            start_review: {
+                status: "completed",
+                updatedAt: now,
+                details: {
+                    mode: opts.mode,
+                    targets: cleanTargets,
+                    baseRef: opts.baseRef,
+                    headRef: opts.headRef
+                }
+            }
+        }
+    };
+    await writeJson(reviewPath(run.id), run);
+    return run;
+}
+export async function readReviewRun(runId) {
+    const raw = await readFile(reviewPath(runId), "utf-8");
+    return JSON.parse(raw);
+}
+export async function updateReviewStep(runId, step, status, details) {
+    const run = await readReviewRun(runId);
+    run.steps[step] = {
+        status,
+        updatedAt: new Date().toISOString(),
+        details
+    };
+    run.updatedAt = new Date().toISOString();
+    await writeJson(reviewPath(run.id), run);
+    return run;
+}
+export async function createReviewAttestation(runId, payload, signatureKey) {
+    const digestInput = JSON.stringify(payload);
+    const sha256 = createHash("sha256").update(digestInput).digest("hex");
+    const hmacSha256 = signatureKey
+        ? createHmac("sha256", signatureKey).update(digestInput).digest("hex")
+        : undefined;
+    await writeJson(reportPath(runId), {
+        ...payload,
+        integrity: {
+            sha256,
+            ...(hmacSha256 ? { hmacSha256 } : {})
+        }
+    });
+    return {
+        path: reportPath(runId),
+        sha256,
+        hmacSha256
+    };
+}

package/dist/tests/run.js

@@ -0,0 +1,103 @@
+import assert from "node:assert/strict";
+import { existsSync, readFileSync, rmSync } from "node:fs";
+import path from "node:path";
+import { runPrGate } from "../gate/policy.js";
+import { createReviewAttestation, createReviewRun, readReviewRun, updateReviewStep } from "../review/store.js";
+function repoPath(...parts) {
+    return path.join(process.cwd(), ...parts);
+}
+function cleanupFixtureReviewArtifacts(fixtureName) {
+    const fixtureRoot = repoPath("fixtures", fixtureName, ".mcp");
+    rmSync(path.join(fixtureRoot, "reports"), { recursive: true, force: true });
+    rmSync(path.join(fixtureRoot, "reviews"), { recursive: true, force: true });
+}
+async function withFixture(fixtureName, fn) {
+    const previous = process.cwd();
+    process.chdir(repoPath("fixtures", fixtureName));
+    try {
+        return await fn();
+    }
+    finally {
+        process.chdir(previous);
+    }
+}
+async function runPromptConformanceTests() {
+    const prompt = readFileSync(repoPath("prompts", "SECURITY_PROMPT.md"), "utf-8");
+    const skill = readFileSync(repoPath("skills", "senior-security-engineer", "SKILL.md"), "utf-8");
+    const readme = readFileSync(repoPath("README.md"), "utf-8");
+    const serverSource = readFileSync(repoPath("src", "mcp", "server.ts"), "utf-8");
+    assert.match(prompt, /security\.start_review/);
+    assert.match(prompt, /security\.attest_review/);
+    assert.match(prompt, /Human approval is mandatory/i);
+    assert.match(skill, /90% fixing/);
+    assert.match(skill, /security\.self_heal_loop/);
+    assert.match(readme, /security\.start_review/);
+    assert.match(readme, /security\.attest_review/);
+    assert.match(serverSource, /"security\.start_review"/);
+    assert.match(serverSource, /"security\.attest_review"/);
+}
+async function runFixtureGateTests() {
+    await withFixture("web-insecure", async () => {
+        const result = await runPrGate({
+            mode: "folder_by_folder",
+            targets: ["src"],
+            policyPath: ".mcp/policies/security-policy.json"
+        });
+        const ids = result.findings.map((finding) => finding.id);
+        assert.ok(ids.includes("WEB_HEADERS_MISSING"));
+        assert.ok(ids.includes("DANGEROUSLY_SET_INNER_HTML"));
+        assert.ok(ids.includes("SSRF_GUARD_REQUIRED"));
+        assert.ok(result.confidence);
+    });
+    await withFixture("infra-insecure", async () => {
+        const result = await runPrGate({
+            mode: "folder_by_folder",
+            targets: ["terraform"],
+            policyPath: ".mcp/policies/security-policy.json"
+        });
+        const ids = result.findings.map((finding) => finding.id);
+        assert.ok(ids.includes("PUBLIC_EXPOSURE_RISK"));
+        assert.ok(ids.includes("CONTROL_EVIDENCE_MISSING"));
+    });
+    await withFixture("ai-insecure", async () => {
+        const result = await runPrGate({
+            mode: "folder_by_folder",
+            targets: ["ai"],
+            policyPath: ".mcp/policies/security-policy.json"
+        });
+        const ids = result.findings.map((finding) => finding.id);
+        assert.ok(ids.includes("AI_OUTPUT_BOUNDS_MISSING"));
+    });
+}
+async function runReviewWorkflowTests() {
+    cleanupFixtureReviewArtifacts("web-insecure");
+    await withFixture("web-insecure", async () => {
+        const run = await createReviewRun({
+            mode: "folder_by_folder",
+            targets: ["src"]
+        });
+        await updateReviewStep(run.id, "scan_strategy", "completed", { mode: "folder_by_folder", targets: ["src"] });
+        await updateReviewStep(run.id, "threat_model", "completed", { feature: "fixture web flow" });
+        await updateReviewStep(run.id, "checklist", "completed", { surface: "web" });
+        await updateReviewStep(run.id, "run_pr_gate", "completed", { status: "FAIL", confidence: { score: 20 } });
+        const saved = await readReviewRun(run.id);
+        assert.equal(saved.steps["run_pr_gate"]?.status, "completed");
+        const attestation = await createReviewAttestation(run.id, {
+            runId: run.id,
+            steps: saved.steps
+        });
+        assert.ok(existsSync(attestation.path));
+        assert.match(attestation.sha256, /^[a-f0-9]{64}$/);
+    });
+    cleanupFixtureReviewArtifacts("web-insecure");
+}
+async function main() {
+    await runPromptConformanceTests();
+    await runFixtureGateTests();
+    await runReviewWorkflowTests();
+    console.log("security-mcp tests passed");
+}
+main().catch((error) => {
+    console.error(error);
+    process.exit(1);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "security-mcp",
-  "version": "1.0.4",
+  "version": "1.1.0",
   "description": "AI security MCP server and enforcement gate for Claude Code, Cursor, GitHub Copilot, Codex, Replit, and any MCP-compatible editor. Applies OWASP, MITRE ATT&CK, NIST, Zero Trust, PCI DSS, SOC 2, and ISO 27001.",
   "type": "module",
   "license": "MIT",
@@ -53,21 +53,31 @@
   ],
   "scripts": {
     "build": "tsc -p tsconfig.json",
+    "lint": "eslint . --max-warnings=0",
     "prepublishOnly": "npm run build",
     "start": "node dist/cli/index.js serve",
     "mcp:server": "node dist/mcp/server.js",
-    "ci:pr-gate": "node dist/ci/pr-gate.js"
+    "ci:pr-gate": "node dist/ci/pr-gate.js",
+    "test": "npm run build && node dist/tests/run.js"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.26.0",
+    "@modelcontextprotocol/sdk": "^1.27.1",
     "execa": "^9.5.2",
     "fast-glob": "^3.3.3",
     "picomatch": "^3.0.1",
     "zod": "^3.24.1"
   },
+  "overrides": {
+    "express-rate-limit": "^8.2.2",
+    "hono": "^4.12.7"
+  },
   "devDependencies": {
+    "@eslint/js": "^9.22.0",
     "@types/node": "^22.13.5",
     "@types/picomatch": "^2.3.4",
+    "eslint": "^9.22.0",
+    "globals": "^16.0.0",
+    "typescript-eslint": "^8.26.0",
     "typescript": "^5.7.3"
   },
   "engines": {