visus-mcp 0.6.2 → 0.9.0

package/.claude/settings.local.json

@@ -55,7 +55,21 @@
       "Bash(/tmp/test-google.sh:*)",
       "Bash(git reset:*)",
       "Bash(npx visus-mcp:*)",
-      "WebSearch"
+      "WebSearch",
+      "WebFetch(domain:glama.ai)",
+      "Bash(unzip:*)",
+      "Bash(mkdir:*)",
+      "Bash(comm -13:*)",
+      "Bash(comm -23:*)",
+      "Bash(npx @modelcontextprotocol/registry-cli:*)",
+      "Bash(make:*)",
+      "Bash(tar:*)",
+      "Bash(./mcp-publisher:*)",
+      "Bash(/tmp/mcp-publisher auth login:*)",
+      "Bash(/tmp/mcp-publisher login:*)",
+      "Bash(/tmp/mcp-publisher publish:*)",
+      "WebFetch(domain:airc.nist.gov)",
+      "WebFetch(domain:csf.tools)"
     ],
     "deny": [],
     "ask": []

package/.env.status

@@ -0,0 +1,7 @@
+# Sensitive infrastructure values for STATUS.md
+# This file is gitignored and contains the real values that are replaced with placeholders in STATUS.md
+
+AWS_ACCOUNT_ID=080746528746
+API_ENDPOINT=https://wyomy29zd7.execute-api.us-east-1.amazonaws.com
+LAMBDA_FUNCTION_NAME=VisusRendererStack-dev-RendererFunction3AA1789A-554zTOoz3FVg
+MAINTAINER_EMAIL=lowmls@gmail.com

package/CHANGELOG.md

@@ -0,0 +1,110 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.9.0] - 2026-03-26
+
+### Added
+
+- **NIST AI RMF Framework Mappings** (`src/sanitizer/framework-mapper.ts`)
+  - Added NIST AI Risk Management Framework (AI 100-1) mappings for all 43 injection patterns
+  - Maps threats to four core functions: GOVERN, MAP, MEASURE, and MANAGE
+  - Examples: GOVERN-1.1 (Legal Requirements), MEASURE-2.7 (AI System Security), MANAGE-2.3 (Respond to Unknown Risks)
+  - Provides comprehensive risk management alignment for federal/government users
+
+- **NIST CSF 2.0 Framework Mappings** (`src/sanitizer/framework-mapper.ts`)
+  - Added NIST Cybersecurity Framework 2.0 mappings for all 43 injection patterns
+  - Maps threats to six core functions: IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, and GOVERN
+  - Examples: DE.CM-01 (Network Monitoring), PR.DS-01 (Data at Rest Protection), PR.AC-04 (Access Control)
+  - Widely adopted enterprise cybersecurity framework for compliance and audit requirements
+
+- **Enhanced Threat Reporting** (`src/sanitizer/threat-reporter.ts`)
+  - Expanded framework coverage from 4 to 6 compliance frameworks
+  - Updated TOON format from 10 fields to 12 fields (added nist_ai_rmf, nist_csf_2_0)
+  - Enhanced Markdown threat report table with new AI-RMF and CSF 2.0 columns
+  - All threat reports now include comprehensive 6-framework alignment
+
+### Changed
+
+- **Framework Badge** (README.md) - Updated security badge to highlight NIST AI RMF and CSF 2.0
+- **Tool Descriptions** (README.md) - All 4 MCP tools now reference 6 frameworks in their descriptions
+- **Framework Alignments Section** (README.md) - Expanded to document all 6 frameworks with descriptions
+- **Test Coverage** (tests/threat-reporter.test.ts) - Updated to verify 6 frameworks and 12 TOON fields
+
+### Fixed
+
+- **server.json Version Sync** - Ensured server.json version matches package.json per MCP Registry requirements
+
+## [0.8.1] - 2026-03-25
+
+### Added
+
+- **PDF Content Handler** (`src/content-handlers/pdf-handler.ts`)
+  - Handles `application/pdf` content type
+  - Extracts text and metadata (title, author, subject, keywords, creator, producer) from PDF files
+  - Passes all extracted text through the 43-pattern injection detection pipeline
+  - Returns sanitized plain text, discarding binary objects
+  - Returns structured error (`PDF_PARSE_FAILED`) for corrupt or encrypted PDFs
+
+- **JSON Content Handler** (`src/content-handlers/json-handler.ts`)
+  - Handles `application/json` and `text/json` content types
+  - Recursively traverses JSON object tree and sanitizes all string values
+  - Preserves original JSON structure in output
+  - Handles arrays, nested objects, and mixed-type arrays correctly
+  - Falls back to plain text sanitization pipeline if JSON parsing fails
+  - Tracks and reports count of sanitized fields per request
+
+- **SVG Content Handler** (`src/content-handlers/svg-handler.ts`)
+  - Handles `image/svg+xml` content type
+  - Strips dangerous elements unconditionally:
+    - `<script>` elements and all children
+    - `<use>` elements with external `href`/`xlink:href` attributes
+    - `<foreignObject>` elements and all children
+    - All event handler attributes (onload, onclick, onerror, etc.)
+    - `<set>` and `<animate>` elements referencing external resources
+    - `data:` URI attributes
+  - Extracts and scans text content (title, desc, text elements) for injection patterns
+  - Preserves safe presentation attributes (fill, stroke, transform, viewBox, etc.)
+  - Returns structured error (`SVG_PARSE_FAILED`) if XML parsing fails
+
+- **Content Type Routing** (`src/content-handlers/index.ts`)
+  - Central routing system for content-type specific handlers
+  - Normalizes MIME types (strips parameters, lowercases)
+  - Routes content to appropriate handler based on MIME type
+  - Returns structured rejection (`UNSUPPORTED_CONTENT_TYPE`) for unsupported types
+  - No unhandled exceptions - all errors return structured responses
+
+- **Updated `visus_fetch` Tool** (`src/tools/fetch.ts`)
+  - Integrated content handler routing for PDF, JSON, and SVG
+  - Checks Content-Type header and routes to specialized handlers before existing HTML/XML flow
+  - Maintains backward compatibility with existing HTML/XML/RSS conversion logic
+
+- **Comprehensive Test Suite** (`tests/content-handlers.test.ts`)
+  - 20 test cases covering all three handlers
+  - Tests for clean content (no false positives)
+  - Tests for injection detection and sanitization
+  - Tests for error handling (corrupt/invalid content)
+  - Tests for edge cases (nested structures, arrays, malformed input)
+
+### Fixed
+
+- **PDF Text Extraction** - Fixed critical bug where PDF content was passed as corrupted UTF-8 strings instead of binary data
+  - Root cause: `response.text()` in `playwright-renderer.ts` converted all response bodies to strings, mangling binary PDFs
+  - Fix: Use `response.arrayBuffer()` for binary content types (`application/pdf`, `image/*`, `application/octet-stream`)
+  - Impact: PDF handler now receives proper binary data, text extraction works correctly
+  - Files modified: `src/types.ts`, `src/browser/playwright-renderer.ts`, `src/tools/fetch.ts`, `src/tools/read.ts`, `src/tools/fetch-structured.ts`
+  - Note: Some complex PDFs may fail with "Invalid Root reference" error - this is a limitation of the pdf-parse library, not Visus
+
+### Changed
+
+- Added `pdf-parse` dependency (v2.4.5) for PDF text extraction
+- Updated `BrowserRenderResult.html` type to `string | Buffer` to support binary content
+
+## [0.6.2] - 2026-03-14
+
+Previous releases documented in git history.

package/CLAUDE.md

@@ -2,6 +2,8 @@
 
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 
+**Repository:** https://github.com/visus-mcp/visus-mcp
+
 ## Project Overview
 
 **Visus** (`visus-mcp`) is an MCP tool that provides Claude with secure, sanitized access to web pages. Unlike other MCP browser tools (Firecrawl, Playwright MCP, ScrapeGraphAI), Visus runs ALL fetched content through an injection sanitization pipeline before the LLM reads it.
@@ -519,3 +521,4 @@ Both README.md and SECURITY.md must lead with the security narrative, not featur
 - PII redaction types and format
 - Honest limitations (novel obfuscation, AI-generated benign-looking instructions)
 - Vulnerability reporting: security@lateos.ai or GitHub Security tab
+- remember that my gitHub repo is located at https://github.com/visus-mcp/visus-mcp

package/README.md

@@ -1,11 +1,11 @@
 # Visus — Secure Web Access for Claude
 
 [![npm version](https://img.shields.io/npm/v/visus-mcp?color=crimson&label=npm)](https://www.npmjs.com/package/visus-mcp)
-[![tests](https://img.shields.io/badge/tests-246%20passing-brightgreen)](https://github.com/visus-mcp/visus-mcp)
+[![tests](https://img.shields.io/badge/tests-294%20passing-brightgreen)](https://github.com/visus-mcp/visus-mcp)
 [![tools](https://img.shields.io/badge/MCP%20tools-4-blue)](https://github.com/visus-mcp/visus-mcp)
 [![mcp](https://img.shields.io/badge/MCP-compatible-brightgreen)](https://modelcontextprotocol.io)
 [![license](https://img.shields.io/badge/license-MIT-blue)](https://github.com/visus-mcp/visus-mcp/blob/main/LICENSE)
-[![security](https://img.shields.io/badge/frameworks-NIST%20%7C%20OWASP%20%7C%20MITRE%20%7C%20ISO42001-orange)](https://github.com/visus-mcp/visus-mcp/blob/main/SECURITY.md)
+[![security](https://img.shields.io/badge/frameworks-NIST%20AI%20RMF%20%7C%20CSF%202.0%20%7C%20OWASP%20%7C%20MITRE%20%7C%20ISO42001-orange)](https://github.com/visus-mcp/visus-mcp/blob/main/SECURITY.md)
 [![iso42001](https://img.shields.io/badge/ISO%2FIEC-42001%3A2023-blueviolet)](https://www.iso.org/standard/81230.html)
 
 > **Your AI agent shouldn't have to read garbage.**
@@ -19,7 +19,7 @@ Claude handles most of it. But it still has to read all of it first. You still p
 
 Built as infrastructure, not a replacement for Claude's own safety training. The two layers together are stronger than either alone.
 ```bash
-npx visus-mcp@0.6.0
+npx visus-mcp@0.9.0
 ```
 
 *"What the web shows you, Lateos reads safely."*
@@ -47,17 +47,23 @@ visus-mcp fetches the same page and delivers:
 ## How Visus Works
 
 ```
-URL → Playwright Render → Format Detection (HTML/JSON/XML/RSS)
-→ Reader Extraction (optional) → Injection Sanitizer (43 patterns)
-→ PII Redactor → Token Ceiling (24k cap) → Clean Content → Claude
+URL → Playwright Render → Content-Type Detection
+→ Specialized Handlers (PDF/JSON/SVG) OR HTML Pipeline
+→ Injection Sanitizer (43 patterns) → PII Redactor
+→ Token Ceiling (24k cap) → Clean Content → Claude
 ```
 
 ### Security Pipeline
 
 1. **Browser Rendering**: Headless Chromium via Playwright fetches the page
-2. **Injection Detection**: 43 pattern categories scan for prompt injection attempts
-3. **PII Redaction**: Emails, phone numbers, SSNs, credit cards, and IP addresses are redacted
-4. **Clean Delivery**: Stripped, formatted, token-efficient content reaches your LLM — with a compliance report attached if anything was flagged
+2. **Content-Type Routing**: Detects MIME type and routes to specialized handlers:
+   - **PDF** (`application/pdf`) — Extracts text and metadata, sanitizes all fields
+   - **JSON** (`application/json`) — Recursively sanitizes all string values, preserves structure
+   - **SVG** (`image/svg+xml`) — Strips dangerous elements (`<script>`, event handlers), scans text
+   - **HTML/XML/RSS** — Uses existing conversion and reader extraction pipeline
+3. **Injection Detection**: 43 pattern categories scan for prompt injection attempts
+4. **PII Redaction**: Emails, phone numbers, SSNs, credit cards, and IP addresses are redacted
+5. **Clean Delivery**: Stripped, formatted, token-efficient content reaches your LLM — with a compliance report attached if anything was flagged
 
 **This pipeline runs before content enters Claude's context window** — reducing token consumption, keeping PII out of conversation history, and generating audit logs when injection patterns are detected.
 
@@ -179,7 +185,7 @@ Restart Claude Desktop. Visus tools are now available to Claude.
 
 ### `visus_fetch`
 
-Fetch and sanitize a web page with automatic format detection. Supports HTML, JSON, XML, and RSS/Atom feeds. Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Fetch and sanitize a web page with automatic format detection. Supports HTML, JSON, XML, and RSS/Atom feeds. Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Supported Formats:**
 - **HTML** (`text/html`, `application/xhtml+xml`) - Standard web pages, returned as-is
@@ -189,7 +195,7 @@ Fetch and sanitize a web page with automatic format detection. Supports HTML, JS
 
 ### `visus_read`
 
-Extract clean article content from a web page using Mozilla Readability (reader mode). Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Extract clean article content from a web page using Mozilla Readability (reader mode). Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Input:**
 ```json
@@ -221,7 +227,7 @@ Extract clean article content from a web page using Mozilla Readability (reader
 
 ### `visus_search`
 
-Search the web via DuckDuckGo and return sanitized results with prompt injection and PII removed. Use before `visus_fetch` or `visus_read` to safely discover and then read pages. Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Search the web via DuckDuckGo and return sanitized results with prompt injection and PII removed. Use before `visus_fetch` or `visus_read` to safely discover and then read pages. Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Input:**
 ```json
@@ -254,7 +260,7 @@ All search result titles and snippets are independently sanitized before reachin
 
 ### `visus_fetch_structured`
 
-Extract structured data from a web page according to a schema. Includes NIST AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
+Extract structured data from a web page according to a schema. Includes NIST AI RMF / CSF 2.0 / AI 600-1 / OWASP LLM / MITRE ATLAS / ISO/IEC 42001 aligned threat report when injection or PII is detected.
 
 **Input:**
 ```json
@@ -307,7 +313,7 @@ Findings are encoded using [TOON format](https://toonformat.dev) for token effic
 - Pattern ID and category
 - Severity level (CRITICAL, HIGH, MEDIUM, LOW)
 - Confidence score
-- Framework alignments (OWASP LLM Top 10, NIST AI 600-1, MITRE ATLAS, ISO/IEC 42001)
+- Framework alignments (OWASP LLM Top 10, NIST AI 600-1, NIST AI RMF, NIST CSF 2.0, MITRE ATLAS, ISO/IEC 42001)
 - Remediation status
 
 ### 2. Markdown Compliance Report (Human-Readable)
@@ -322,10 +328,12 @@ A formatted Markdown table renders cleanly in Claude Desktop and GitHub, showing
 
 ### Framework Alignments
 
-Every detected threat is mapped to four compliance frameworks:
+Every detected threat is mapped to six compliance frameworks:
 
 - **[OWASP LLM Top 10 (2025)](https://owasp.org/www-project-top-10-for-large-language-model-applications/)**: Industry-standard LLM security risks
 - **[NIST AI 600-1](https://csrc.nist.gov/pubs/ai/600/1/final)**: Generative AI Profile for risk management
+- **[NIST AI RMF](https://www.nist.gov/itl/ai-risk-management-framework)**: AI Risk Management Framework (AI 100-1) with GOVERN, MAP, MEASURE, and MANAGE functions
+- **[NIST CSF 2.0](https://www.nist.gov/cyberframework)**: Cybersecurity Framework 2.0 with IDENTIFY, PROTECT, DETECT, RESPOND, RECOVER, and GOVERN functions
 - **[MITRE ATLAS](https://atlas.mitre.org/)**: Adversarial Threat Landscape for AI Systems
 - **[ISO/IEC 42001:2023](https://www.iso.org/standard/81230.html)**: International AI Management System standard — Annex A controls for AI system security, data quality, and responsible AI governance. Globally recognized for enterprise and regulatory procurement.
 
@@ -372,7 +380,7 @@ When a HIGH severity injection is detected:
 **Generated:** 2026-03-23T14:30:00.000Z
 **Source:** https://malicious.example.com
 **Overall Severity:** HIGH
-**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | MITRE ATLAS | ISO/IEC 42001
+**Framework:** OWASP LLM Top 10 | NIST AI 600-1 | NIST AI RMF | NIST CSF 2.0 | MITRE ATLAS | ISO/IEC 42001
 
 ### Findings Summary
 | Severity | Count |
@@ -383,9 +391,9 @@ When a HIGH severity injection is detected:
 | 🟢 LOW | 0 |
 
 ### Findings Detail
-| # | Category | Severity | Confidence | OWASP | MITRE | ISO 42001 |
-|---|---|---|---|---|---|---|
-| 1 | role_hijacking | CRITICAL | 95% | LLM01:2025 | AML.T0051.000 | A.6.1.5 |
+| # | Category | Severity | Conf | OWASP | AI-RMF | CSF 2.0 | MITRE | ISO |
+|---|---|---|---|---|---|---|---|---|
+| 1 | role_hijacking | CRITICAL | 95% | LLM01:2025 | MEASURE-2.7 | DE.CM-01 | AML.T0051.000 | A.6.1.5 |
 
 ### Remediation Status
 ✅ All findings sanitized. Content delivered clean.
@@ -848,6 +856,8 @@ Copyright (c) 2026 Lateos (Leo Chongolnee)
 
 Built by [Leo Chongolnee](https://github.com/leochong) (@leochong) as part of the Lateos platform.
 
+**Repository:** https://github.com/visus-mcp/visus-mcp
+
 Inspired by the MCP ecosystem and informed by CISSP/CEH security principles.
 
 ---

package/SECURITY.md

@@ -2,6 +2,8 @@
 
 This document describes the threat model, security guarantees, and honest limitations of Visus.
 
+**Repository:** https://github.com/visus-mcp/visus-mcp
+
 ---
 
 ## Threat Model