security-mcp 1.0.5 → 1.1.1

package/defaults/agent-run-schema.json

@@ -0,0 +1,98 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://github.com/AbrahamOO/security-mcp/blob/main/defaults/agent-run-schema.json",
+  "title": "AgentRunManifest",
+  "description": "Schema for .mcp/agent-runs/{agentRunId}/manifest.json — the coordination state for a multi-agent security run.",
+  "type": "object",
+  "required": ["agentRunId", "runId", "createdAt", "updatedAt", "phase", "internetPermitted", "stackContext", "scope", "agents"],
+  "additionalProperties": false,
+  "properties": {
+    "agentRunId": {
+      "type": "string",
+      "minLength": 32,
+      "maxLength": 32,
+      "description": "32-character hex identifier for this agent run."
+    },
+    "runId": {
+      "type": "string",
+      "format": "uuid",
+      "description": "UUID of the parent review run from security.start_review."
+    },
+    "createdAt": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "updatedAt": {
+      "type": "string",
+      "format": "date-time"
+    },
+    "phase": {
+      "type": "integer",
+      "enum": [0, 1, 2, 3],
+      "description": "Current execution phase: 0=init, 1=parallel discovery, 2=adversarial+compliance, 3=synthesis."
+    },
+    "internetPermitted": {
+      "type": "boolean",
+      "description": "Whether the user permitted internet access for this run."
+    },
+    "stackContext": {
+      "type": "object",
+      "required": ["languages", "frameworks", "databases", "cloudProvider", "paymentProcessor", "hasAI", "hasMobile", "hasPII", "hasPayments", "packageManagers", "ciPlatform"],
+      "additionalProperties": false,
+      "properties": {
+        "languages":       { "type": "array", "items": { "type": "string" } },
+        "frameworks":      { "type": "array", "items": { "type": "string" } },
+        "databases":       { "type": "array", "items": { "type": "string" } },
+        "cloudProvider":   { "type": "array", "items": { "type": "string" } },
+        "paymentProcessor":{ "type": "array", "items": { "type": "string" } },
+        "hasAI":           { "type": "boolean" },
+        "hasMobile":       { "type": "boolean" },
+        "hasPII":          { "type": "boolean" },
+        "hasPayments":     { "type": "boolean" },
+        "packageManagers": { "type": "array", "items": { "type": "string" } },
+        "ciPlatform":      { "type": "array", "items": { "type": "string" } }
+      }
+    },
+    "scope": {
+      "type": "object",
+      "required": ["mode", "targets", "baseRef", "headRef"],
+      "additionalProperties": false,
+      "properties": {
+        "mode": {
+          "type": "string",
+          "enum": ["recent_changes", "folder_by_folder", "file_by_file"]
+        },
+        "targets": {
+          "type": "array",
+          "items": { "type": "string" }
+        },
+        "baseRef": { "type": "string" },
+        "headRef": { "type": "string" }
+      }
+    },
+    "agents": {
+      "type": "object",
+      "description": "Map of agent name to its lifecycle record.",
+      "additionalProperties": {
+        "$ref": "#/$defs/AgentRecord"
+      }
+    }
+  },
+  "$defs": {
+    "AgentRecord": {
+      "type": "object",
+      "required": ["status", "startedAt", "completedAt", "findingsPath", "summary"],
+      "additionalProperties": false,
+      "properties": {
+        "status": {
+          "type": "string",
+          "enum": ["pending", "running", "completed", "completed_partial", "failed"]
+        },
+        "startedAt":    { "type": ["string", "null"], "format": "date-time" },
+        "completedAt":  { "type": ["string", "null"], "format": "date-time" },
+        "findingsPath": { "type": ["string", "null"] },
+        "summary":      { "type": ["string", "null"] }
+      }
+    }
+  }
+}

package/defaults/checklists/ai.json

@@ -0,0 +1,25 @@
+{
+  "surface": "ai",
+  "items": [
+    { "id": "ai_input_sanitization", "description": "All AI inputs sanitized and validated before being passed to models", "critical": true },
+    { "id": "ai_prompt_separation", "description": "System prompt structurally separated from user content — no string concatenation", "critical": true },
+    { "id": "ai_rag_untrusted", "description": "Indirect prompt injection: retrieved RAG context treated as untrusted and isolated", "critical": true },
+    { "id": "ai_output_schema", "description": "Model outputs validated against JSON schema before acting on them", "critical": true },
+    { "id": "ai_pii_scan", "description": "Output PII scan in place — no SSN, card numbers, tokens in model responses", "critical": true },
+    { "id": "ai_rate_limiting", "description": "AI endpoints rate-limited independently from regular API — token budgets enforced", "critical": true },
+    { "id": "ai_access_logging", "description": "Model access logging enabled — user, timestamp, token counts, model version logged", "critical": false },
+    { "id": "ai_redteam_done", "description": "Red-team test cases executed — jailbreak, injection, PII exfil probes reviewed", "critical": true },
+    { "id": "ai_tool_allowlist", "description": "AI agent tool calls routed through allowlist — no unconstrained tool execution", "critical": true },
+    { "id": "ai_human_in_loop", "description": "Human-in-the-loop approval required for high-impact agentic actions (delete, send, execute)", "critical": true },
+    { "id": "ai_no_eval_output", "description": "Model output never passed to eval() or executed as code", "critical": true },
+    { "id": "ai_no_shell_exec", "description": "Model output never passed directly to shell commands — allowlisted templates only", "critical": true },
+    { "id": "ai_data_minimization", "description": "Only minimum necessary data included in prompts — no bulk data injection", "critical": false },
+    { "id": "ai_model_versioning", "description": "Model version pinned — changes to model version go through security review", "critical": false },
+    { "id": "ai_abuse_monitoring", "description": "Abuse monitoring in place — anomaly detection on token usage and response patterns", "critical": false },
+    { "id": "ai_threat_model", "description": "AI-specific threat model completed — MITRE ATLAS and OWASP LLM Top 10 reviewed", "critical": true },
+    { "id": "ai_rag_authz", "description": "RAG retrieval enforces authorization — documents filtered by user permissions", "critical": true },
+    { "id": "ai_no_pii_in_prompts", "description": "No PII, credentials, or secrets in prompt templates", "critical": true },
+    { "id": "ai_fallback_handling", "description": "Model failures handled gracefully — no sensitive error details exposed to users", "critical": false },
+    { "id": "ai_owasp_llm_top10", "description": "OWASP LLM Top 10 controls reviewed and addressed for this AI surface", "critical": true }
+  ]
+}

package/defaults/checklists/api.json

@@ -0,0 +1,27 @@
+{
+  "surface": "api",
+  "items": [
+    { "id": "api_authn_required", "description": "All new endpoints require authentication (JWT RS256/ES256 validated, not HS256)", "critical": true },
+    { "id": "api_authz_server_side", "description": "Authorization checked server-side for every resource operation — IDOR prevention confirmed", "critical": true },
+    { "id": "api_input_validation", "description": "Server-side schema validation on all new inputs (Zod/Valibot/Yup/Joi)", "critical": true },
+    { "id": "api_rate_limiting", "description": "Rate limiting configured on all new endpoints — per-user and per-IP", "critical": true },
+    { "id": "api_cors_allowlist", "description": "CORS origin allowlist reviewed — no wildcard on authenticated endpoints", "critical": true },
+    { "id": "api_request_size", "description": "Request size limits enforced — no unbounded body parsing", "critical": false },
+    { "id": "api_ssrf_protection", "description": "SSRF protection on any server-side HTTP client — block private IPs and metadata endpoints", "critical": true },
+    { "id": "api_webhook_sig", "description": "Webhook signatures verified with HMAC-SHA256 and replay protection", "critical": true },
+    { "id": "api_openapi_updated", "description": "OpenAPI spec updated for all new endpoints", "critical": false },
+    { "id": "api_csrf", "description": "CSRF protections present on all state-mutating browser-accessible endpoints", "critical": true },
+    { "id": "api_error_messages", "description": "Error responses reviewed — no stack traces, internal paths, or schema details", "critical": false },
+    { "id": "api_logging", "description": "Security events logged for all auth decisions — no PII or secrets in logs", "critical": false },
+    { "id": "api_jwt_expiry", "description": "JWT expiry enforced — access tokens max 15 minutes, refresh tokens rotated", "critical": true },
+    { "id": "api_sql_injection", "description": "No raw SQL string concatenation — parameterized queries or ORM used throughout", "critical": true },
+    { "id": "api_mass_assignment", "description": "Mass assignment prevention — explicit field allowlists, not object spread from request body", "critical": true },
+    { "id": "api_sensitive_data", "description": "Sensitive data (PII, credentials) not included in API responses unless required", "critical": true },
+    { "id": "api_versioning", "description": "API versioning strategy in place — old versions have defined deprecation timeline", "critical": false },
+    { "id": "api_dependency_scan", "description": "Backend dependencies scanned — no CRITICAL CVEs unresolved", "critical": true },
+    { "id": "api_secrets_scan", "description": "Secrets scan clean — no hardcoded credentials or API keys", "critical": true },
+    { "id": "api_sast_pass", "description": "SAST scan passed with no CRITICAL findings", "critical": true },
+    { "id": "api_threat_model", "description": "Threat model completed and reviewed for this API surface change", "critical": true },
+    { "id": "api_health_endpoint", "description": "Health/readiness endpoints do not expose sensitive version or config info", "critical": false }
+  ]
+}

package/defaults/checklists/infra.json

@@ -0,0 +1,27 @@
+{
+  "surface": "infra",
+  "items": [
+    { "id": "infra_no_public_ingress", "description": "No 0.0.0.0/0 ingress rules in any firewall or security group", "critical": true },
+    { "id": "infra_private_endpoints", "description": "All managed services accessed via VPC endpoints or private connectivity", "critical": true },
+    { "id": "infra_no_public_storage", "description": "No world-readable storage buckets or containers", "critical": true },
+    { "id": "infra_secrets_manager", "description": "All secrets stored in secret manager — not in env files, CI logs, or container images", "critical": true },
+    { "id": "infra_iam_least_privilege", "description": "IAM roles follow least privilege — no wildcard permissions or admin roles", "critical": true },
+    { "id": "infra_network_segmentation", "description": "Network segmentation reviewed — web, app, and data tiers isolated", "critical": true },
+    { "id": "infra_waf_rules", "description": "WAF rules updated if new public endpoints added", "critical": false },
+    { "id": "infra_audit_logging", "description": "Cloud audit logging confirmed for all new resources", "critical": true },
+    { "id": "infra_iac_scan", "description": "IaC scan passed (Checkov/tfsec/Terrascan) with no HIGH/CRITICAL findings", "critical": true },
+    { "id": "infra_container_scan", "description": "Container scan passed — no CRITICAL CVEs with available fix", "critical": true },
+    { "id": "infra_tf_state_encrypted", "description": "Terraform state stored with encryption and locking — restricted access", "critical": true },
+    { "id": "infra_tf_versions_pinned", "description": "Provider and module versions pinned to exact versions — no floating ranges", "critical": false },
+    { "id": "infra_drift_detection", "description": "Drift detection enabled — unauthorized changes trigger alerts", "critical": false },
+    { "id": "infra_backup_verified", "description": "Backups configured and restore tested for all data stores", "critical": true },
+    { "id": "infra_tls_config", "description": "TLS 1.3 configured — TLS 1.0/1.1 disabled on all endpoints", "critical": true },
+    { "id": "infra_encryption_at_rest", "description": "Encryption at rest with CMEK/KMS for all data stores", "critical": true },
+    { "id": "infra_mfa_enforced", "description": "MFA enforced for all console and cloud provider access", "critical": true },
+    { "id": "infra_sbom_generated", "description": "SBOM generated for all container images included in this change", "critical": false },
+    { "id": "infra_provenance", "description": "SLSA provenance attestation generated for release artifacts", "critical": false },
+    { "id": "infra_threat_model", "description": "Threat model completed and reviewed for this infrastructure change", "critical": true },
+    { "id": "infra_zero_trust", "description": "Zero Trust controls applied — explicit authentication for all service-to-service calls", "critical": true },
+    { "id": "infra_ddos_protection", "description": "DDoS protection enabled for public-facing load balancers", "critical": false }
+  ]
+}

package/defaults/checklists/mobile.json

@@ -0,0 +1,25 @@
+{
+  "surface": "mobile",
+  "items": [
+    { "id": "mobile_ios_ats", "description": "iOS: NSAllowsArbitraryLoads is false — ATS strictly enforced", "critical": true },
+    { "id": "mobile_android_debuggable", "description": "Android: android:debuggable=false in release build manifest", "critical": true },
+    { "id": "mobile_android_cleartext", "description": "Android: usesCleartextTraffic=false — TLS enforced for all network traffic", "critical": true },
+    { "id": "mobile_cert_pinning", "description": "Certificate pinning implemented for high-value API calls", "critical": true },
+    { "id": "mobile_secure_storage", "description": "Sensitive data not stored in SharedPreferences, external storage, or plist in plaintext", "critical": true },
+    { "id": "mobile_keychain_keystore", "description": "Secrets stored in iOS Keychain / Android Keystore — not in code or config files", "critical": true },
+    { "id": "mobile_biometric_auth", "description": "Biometric authentication properly tied to Keychain/Keystore — not bypassable", "critical": false },
+    { "id": "mobile_screenshot_prevention", "description": "Screenshot prevention enabled for sensitive screens (payment, auth)", "critical": false },
+    { "id": "mobile_clipboard_protection", "description": "Sensitive fields (passwords, card numbers) block clipboard access", "critical": false },
+    { "id": "mobile_network_security_config", "description": "Android Network Security Config restricts cleartext and pins certificates", "critical": true },
+    { "id": "mobile_obfuscation", "description": "Release build uses code obfuscation (ProGuard/R8 for Android, Swift symbol stripping for iOS)", "critical": false },
+    { "id": "mobile_root_jailbreak_detection", "description": "Root/jailbreak detection implemented for high-risk operations", "critical": false },
+    { "id": "mobile_deep_links", "description": "Deep links validated — no open redirect or intent injection via deep link handling", "critical": true },
+    { "id": "mobile_api_keys_absent", "description": "No API keys, secrets, or credentials embedded in app binary or resources", "critical": true },
+    { "id": "mobile_masvs_l2", "description": "OWASP MASVS L2 checklist completed for release build", "critical": true },
+    { "id": "mobile_dependency_scan", "description": "Mobile dependencies scanned for known CVEs", "critical": true },
+    { "id": "mobile_threat_model", "description": "Threat model completed and reviewed for this mobile surface change", "critical": true },
+    { "id": "mobile_data_residency", "description": "Data residency requirements met — no user data stored on device beyond session", "critical": false },
+    { "id": "mobile_backup_prevention", "description": "allowBackup=false in Android manifest — sensitive data not included in backups", "critical": true },
+    { "id": "mobile_logging", "description": "No sensitive data logged in production builds — crash reporting sanitized", "critical": true }
+  ]
+}

package/defaults/checklists/payments.json

@@ -0,0 +1,25 @@
+{
+  "surface": "payments",
+  "items": [
+    { "id": "pci_no_pan_in_logs", "description": "No card numbers, CVV, or PAN in any log, database, cache, or error message", "critical": true },
+    { "id": "pci_webhook_verified", "description": "Payment processor webhook signatures verified with HMAC-SHA256 and replay protection", "critical": true },
+    { "id": "pci_scope_documented", "description": "PCI scope clearly defined and documented — CDE boundaries explicit", "critical": true },
+    { "id": "pci_network_segmented", "description": "Payment-adjacent systems network-segmented from non-payment systems", "critical": true },
+    { "id": "pci_audit_trail", "description": "Complete audit trail maintained for all payment operations — tamper-evident logs", "critical": true },
+    { "id": "pci_no_raw_card_storage", "description": "Raw card data never stored — tokenization used throughout", "critical": true },
+    { "id": "pci_tls_required", "description": "TLS 1.2+ required on all payment data flows — no fallback to older protocols", "critical": true },
+    { "id": "pci_strong_crypto", "description": "Strong cryptography used — no weak ciphers, MD5, SHA1 for security purposes", "critical": true },
+    { "id": "pci_access_control", "description": "Access to payment data restricted to minimum necessary roles — least privilege", "critical": true },
+    { "id": "pci_vulnerability_mgmt", "description": "Payment system dependencies scanned — no CRITICAL vulnerabilities unresolved", "critical": true },
+    { "id": "pci_waf_in_place", "description": "WAF in place and tuned for payment endpoints — OWASP rule sets active", "critical": true },
+    { "id": "pci_ids_ips", "description": "IDS/IPS monitoring payment data flows with alerting configured", "critical": false },
+    { "id": "pci_file_integrity", "description": "File integrity monitoring on payment system files — alerts on unauthorized change", "critical": false },
+    { "id": "pci_vendor_managed", "description": "Payment processing handled by PCI-compliant vendor (Stripe/Braintree/Adyen) — not custom", "critical": true },
+    { "id": "pci_pen_test", "description": "Penetration test conducted within the last 12 months for payment scope", "critical": false },
+    { "id": "pci_anti_fraud", "description": "Anti-fraud controls in place — velocity checks, geographic anomaly detection", "critical": true },
+    { "id": "pci_chargeback_monitoring", "description": "Chargeback monitoring and alerting configured with defined response process", "critical": false },
+    { "id": "pci_data_retention", "description": "Payment data retention policy enforced — data purged per PCI DSS schedule", "critical": true },
+    { "id": "pci_ir_playbook", "description": "Payment fraud and PCI breach IR playbooks exist and are current", "critical": true },
+    { "id": "pci_threat_model", "description": "Threat model completed and reviewed for this payment surface change", "critical": true }
+  ]
+}

package/defaults/checklists/web.json

@@ -0,0 +1,30 @@
+{
+  "surface": "web",
+  "items": [
+    { "id": "web_csp_nonce", "description": "Content-Security-Policy uses nonce-based control — no unsafe-inline or unsafe-eval", "critical": true },
+    { "id": "web_hsts", "description": "Strict-Transport-Security with includeSubDomains and preload, max-age >= 1 year", "critical": true },
+    { "id": "web_xframe", "description": "X-Frame-Options: DENY or SAMEORIGIN", "critical": true },
+    { "id": "web_xcto", "description": "X-Content-Type-Options: nosniff on all responses", "critical": true },
+    { "id": "web_referrer", "description": "Referrer-Policy: strict-origin-when-cross-origin", "critical": false },
+    { "id": "web_permissions", "description": "Permissions-Policy restricts camera, microphone, geolocation to self or none", "critical": false },
+    { "id": "web_no_inline_js", "description": "No inline JavaScript or inline event handlers (onclick, onerror, etc.)", "critical": true },
+    { "id": "web_sri", "description": "Subresource Integrity (SRI) on all third-party scripts and stylesheets", "critical": true },
+    { "id": "web_csrf", "description": "CSRF protection (SameSite cookies + CSRF tokens) on all state-changing endpoints", "critical": true },
+    { "id": "web_xss_no_dsi", "description": "dangerouslySetInnerHTML absent or sanitized with proven HTML sanitizer", "critical": true },
+    { "id": "web_secure_cookies", "description": "Session cookies have HttpOnly, Secure, SameSite=Strict flags", "critical": true },
+    { "id": "web_cors", "description": "CORS origin allowlist reviewed — no wildcard on authenticated endpoints", "critical": true },
+    { "id": "web_error_messages", "description": "Error messages reviewed — no stack traces, schema details, or enum leakage", "critical": false },
+    { "id": "web_open_redirect", "description": "No open redirect vulnerabilities — all redirects use allowlisted destinations", "critical": true },
+    { "id": "web_clickjacking", "description": "Clickjacking prevention verified in staging (X-Frame-Options + CSP frame-ancestors)", "critical": false },
+    { "id": "web_subresource_integrity", "description": "All CDN resources have SRI hashes verified and up-to-date", "critical": false },
+    { "id": "web_auth_headers", "description": "Authorization tokens not stored in localStorage — use HttpOnly cookies", "critical": true },
+    { "id": "web_rate_limiting", "description": "Rate limiting configured on login, registration, and password-reset endpoints", "critical": true },
+    { "id": "web_ssrf_guard", "description": "SSRF protection on server-side HTTP calls — private IP ranges blocked", "critical": true },
+    { "id": "web_dependency_scan", "description": "Frontend dependencies scanned for CVEs — no CRITICAL/HIGH unresolved", "critical": true },
+    { "id": "web_threat_model", "description": "Threat model completed and reviewed for this web surface change", "critical": true },
+    { "id": "web_sast_pass", "description": "SAST scan passed with no CRITICAL findings", "critical": true },
+    { "id": "web_secrets_scan", "description": "Secrets scan clean — no credentials or tokens in source code", "critical": true },
+    { "id": "web_logging", "description": "Required security events logged — no PII, tokens, or secrets in logs", "critical": false },
+    { "id": "web_staging_verified", "description": "Security headers verified in staging environment with automated check", "critical": false }
+  ]
+}