shellward 0.5.14 → 0.5.16

package/README.md

@@ -61,6 +61,7 @@ Your AI agent has full access to tools — shell, email, HTTP, file system. One
 | **LangChain** | SDK | LLM application framework |
 | **AutoGPT** | SDK | Autonomous AI agents |
 | **OpenAI Agents** | SDK | GPT agent platform |
+| **Hermes Agent** | MCP Server | Nous Research's self-improving agent — register via MCP Integration |
 | **Dify / Coze** | SDK | Low-code AI platforms |
 | **Any MCP Client** | MCP Server | stdio JSON-RPC, zero dependencies |
 | **Any AI Agent** | SDK | `npm install shellward` — 3 lines to integrate |
@@ -330,6 +331,7 @@ ShellWard is built for teams that need runtime security for AI agents — whethe
 | **LangChain** | SDK | LLM 应用开发框架 |
 | **AutoGPT** | SDK | 自主 AI Agent |
 | **OpenAI Agents** | SDK | GPT Agent 平台 |
+| **Hermes Agent** | MCP 服务器 | Nous Research 自改进 Agent — 通过 MCP Integration 接入 |
 | **Dify / Coze** | SDK | 低代码 AI 平台 |
 | **任意 MCP 客户端** | MCP 服务器 | stdio JSON-RPC，零依赖 |
 | **任意 AI Agent** | SDK | `npm install shellward`，3 行代码接入 |
@@ -400,6 +402,24 @@ guard.checkOutbound('send_email', {...})  // → { allowed: false } (读过敏
 >
 > 最新研究 ([arXiv:2603.08665](https://arxiv.org/abs/2603.08665)) 显示 GenAI 在 7 小时内发现 38 个真实漏洞 — AI 驱动的攻击正在规模化，防御必须内建到 Agent 层。
 
+### 交流 · Community
+
+微信公众号 **「AI不止语」**（微信搜索 `AI_BuZhiYu`）— 技术问答 · 项目更新 · 实战文章
+
+| 渠道 | 加入方式 |
+|------|---------|
+| QQ 群 | [点击加入](https://qm.qq.com/q/EeNQA9xCxy)（群号 1071280067） |
+| 微信群 | 关注公众号后回复「群」获取入群方式 |
+
+### 姊妹项目
+
+| 项目 | 说明 |
+|------|------|
+| [ai-coding-guide](https://github.com/jnMetaCode/ai-coding-guide) | AI 编程工具实战指南 — 66 个 Claude Code 技巧 + 9 款工具最佳实践 + 可复制配置模板 |
+| [agency-agents-zh](https://github.com/jnMetaCode/agency-agents-zh) | 187 个专业角色，让 AI 变成安全工程师、DBA、产品经理等 |
+| [agency-orchestrator](https://github.com/jnMetaCode/agency-orchestrator) | 多智能体编排引擎 — 用 YAML 编排 187 个角色协作，支持 DeepSeek/Claude/OpenAI/Ollama，零代码 |
+| [superpowers-zh](https://github.com/jnMetaCode/superpowers-zh) | AI 编程超能力 · 中文版 — 20 个 skills，让你的 AI 编程助手真正会干活 |
+
 ### 作者
 
 [jnMetaCode](https://github.com/jnMetaCode) · Apache-2.0

package/dist/index.js

@@ -18,7 +18,7 @@ import { setupSessionGuard } from './layers/session-guard.js';
 import { registerAllCommands } from './commands/index.js';
 import { checkForUpdate } from './update-check.js';
 import { runAutoCheckOnStartup } from './auto-check.js';
-const CURRENT_VERSION = '0.5.10';
+const CURRENT_VERSION = '0.5.16';
 // Re-export core engine for SDK usage
 export { ShellWard } from './core/engine.js';
 /**

package/dist/mcp-server.js

@@ -18,6 +18,7 @@
 //   }
 import { ShellWard } from './core/engine.js';
 import { readFileSync } from 'fs';
+import { createInterface } from 'readline';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -290,51 +291,33 @@ function handleRequest(req) {
     }
 }
 // ===== Stdio Transport =====
-// Use raw Buffer to handle UTF-8 multi-byte characters correctly.
-// Content-Length is in bytes, not characters.
-let rawBuffer = Buffer.alloc(0);
-// Keep event loop alive — prevent Node.js from exiting before mcp-proxy connects
-process.stdin.resume();
-process.stdin.on('data', (chunk) => {
-    rawBuffer = Buffer.concat([rawBuffer, chunk]);
-    while (true) {
-        const headerEnd = rawBuffer.indexOf('\r\n\r\n');
-        if (headerEnd === -1)
-            break;
-        const header = rawBuffer.slice(0, headerEnd).toString('ascii');
-        const lengthMatch = header.match(/Content-Length:\s*(\d+)/i);
-        if (!lengthMatch) {
-            rawBuffer = rawBuffer.slice(headerEnd + 4);
-            continue;
-        }
-        const contentLength = parseInt(lengthMatch[1], 10);
-        const bodyStart = headerEnd + 4;
-        if (rawBuffer.length < bodyStart + contentLength)
-            break;
-        const body = rawBuffer.slice(bodyStart, bodyStart + contentLength).toString('utf8');
-        rawBuffer = rawBuffer.slice(bodyStart + contentLength);
-        try {
-            const req = JSON.parse(body);
-            const res = handleRequest(req);
-            if (res) {
-                send(res);
-            }
-        }
-        catch {
-            send({
-                jsonrpc: '2.0',
-                id: null,
-                error: { code: -32700, message: 'Parse error' },
-            });
+// MCP stdio: newline-delimited JSON-RPC messages (no Content-Length framing).
+// Each message is a single JSON object followed by \n.
+// Messages MUST NOT contain embedded newlines.
+const rl = createInterface({ input: process.stdin, terminal: false });
+rl.on('line', (line) => {
+    const trimmed = line.trim();
+    if (!trimmed)
+        return;
+    try {
+        const req = JSON.parse(trimmed);
+        const res = handleRequest(req);
+        if (res) {
+            send(res);
         }
     }
+    catch {
+        send({
+            jsonrpc: '2.0',
+            id: null,
+            error: { code: -32700, message: 'Parse error' },
+        });
+    }
 });
 function send(msg) {
-    const body = JSON.stringify(msg);
-    const header = `Content-Length: ${Buffer.byteLength(body)}\r\n\r\n`;
-    process.stdout.write(header + body);
+    process.stdout.write(JSON.stringify(msg) + '\n');
 }
-process.stdin.on('end', () => process.exit(0));
+rl.on('close', () => process.exit(0));
 process.stdin.on('error', () => process.exit(1));
 // Log to stderr so it doesn't interfere with stdio protocol
 process.stderr.write(`[ShellWard MCP] Server started (mode: ${guard.config.mode}, locale: ${guard.locale})\n`);

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "shellward",
-  "version": "0.5.14",
+  "version": "0.5.16",
   "mcpName": "io.github.jnMetaCode/shellward",
-  "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents.",
+  "description": "AI agent security & MCP security middleware — prompt injection detection, AI firewall, runtime guardrails & data-loss prevention for LLM tool calls. 8-layer defense against data exfiltration & dangerous commands. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents, Hermes Agent.",
   "keywords": [
     "shellward",
     "ai-security",

package/server.json

@@ -6,12 +6,12 @@
     "url": "https://github.com/jnMetaCode/shellward",
     "source": "github"
   },
-  "version": "0.5.14",
+  "version": "0.5.15",
   "packages": [
     {
       "registryType": "npm",
       "identifier": "shellward",
-      "version": "0.5.14",
+      "version": "0.5.15",
       "runtime": "node",
       "transport": {
         "type": "stdio"

package/src/index.ts

@@ -20,7 +20,7 @@ import { registerAllCommands } from './commands/index.js'
 import { checkForUpdate } from './update-check.js'
 import { runAutoCheckOnStartup } from './auto-check.js'
 
-const CURRENT_VERSION = '0.5.10'
+const CURRENT_VERSION = '0.5.16'
 
 // Re-export core engine for SDK usage
 export { ShellWard } from './core/engine.js'

package/src/mcp-server.ts

@@ -19,6 +19,7 @@
 
 import { ShellWard } from './core/engine.js'
 import { readFileSync } from 'fs'
+import { createInterface } from 'readline'
 import { fileURLToPath } from 'url'
 import { dirname, join } from 'path'
 
@@ -332,58 +333,36 @@ function handleRequest(req: JsonRpcRequest): JsonRpcResponse | null {
 }
 
 // ===== Stdio Transport =====
-// Use raw Buffer to handle UTF-8 multi-byte characters correctly.
-// Content-Length is in bytes, not characters.
+// MCP stdio: newline-delimited JSON-RPC messages (no Content-Length framing).
+// Each message is a single JSON object followed by \n.
+// Messages MUST NOT contain embedded newlines.
 
-let rawBuffer = Buffer.alloc(0)
+const rl = createInterface({ input: process.stdin, terminal: false })
 
-// Keep event loop alive — prevent Node.js from exiting before mcp-proxy connects
-process.stdin.resume()
+rl.on('line', (line: string) => {
+  const trimmed = line.trim()
+  if (!trimmed) return
 
-process.stdin.on('data', (chunk: Buffer) => {
-  rawBuffer = Buffer.concat([rawBuffer, chunk])
-
-  while (true) {
-    const headerEnd = rawBuffer.indexOf('\r\n\r\n')
-    if (headerEnd === -1) break
-
-    const header = rawBuffer.slice(0, headerEnd).toString('ascii')
-    const lengthMatch = header.match(/Content-Length:\s*(\d+)/i)
-    if (!lengthMatch) {
-      rawBuffer = rawBuffer.slice(headerEnd + 4)
-      continue
-    }
-
-    const contentLength = parseInt(lengthMatch[1], 10)
-    const bodyStart = headerEnd + 4
-    if (rawBuffer.length < bodyStart + contentLength) break
-
-    const body = rawBuffer.slice(bodyStart, bodyStart + contentLength).toString('utf8')
-    rawBuffer = rawBuffer.slice(bodyStart + contentLength)
-
-    try {
-      const req = JSON.parse(body) as JsonRpcRequest
-      const res = handleRequest(req)
-      if (res) {
-        send(res)
-      }
-    } catch {
-      send({
-        jsonrpc: '2.0',
-        id: null,
-        error: { code: -32700, message: 'Parse error' },
-      })
+  try {
+    const req = JSON.parse(trimmed) as JsonRpcRequest
+    const res = handleRequest(req)
+    if (res) {
+      send(res)
     }
+  } catch {
+    send({
+      jsonrpc: '2.0',
+      id: null,
+      error: { code: -32700, message: 'Parse error' },
+    })
   }
 })
 
 function send(msg: JsonRpcResponse) {
-  const body = JSON.stringify(msg)
-  const header = `Content-Length: ${Buffer.byteLength(body)}\r\n\r\n`
-  process.stdout.write(header + body)
+  process.stdout.write(JSON.stringify(msg) + '\n')
 }
 
-process.stdin.on('end', () => process.exit(0))
+rl.on('close', () => process.exit(0))
 process.stdin.on('error', () => process.exit(1))
 
 // Log to stderr so it doesn't interfere with stdio protocol