webmcp-cli 1.2.2 → 1.2.3

package/dist/rules/security/SEC-003.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-003.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-003.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,qBAAqB,GAAG;IAC5B,aAAa;IACb,WAAW;IACX,YAAY;IACZ,aAAa;IACb,WAAW;IACX,oBAAoB;IACpB,aAAa;IACb,aAAa;IACb,YAAY;IACZ,gBAAgB;CACjB,CAAC;AAEF,MAAM,qBAAqB,GAAG;IAC5B,WAAW;IACX,aAAa;IACb,iBAAiB;IACjB,oBAAoB;IACpB,eAAe;CAChB,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EACT,2EAA2E;IAC7E,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CACrD,CAAC;QAEF,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YAErC,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACxE,IAAI,CAAC,gBAAgB;gBAAE,SAAS;YAEhC,MAAM,eAAe,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,4DAA4D;aACtE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,8CAA8C;YAC3E,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,IAAI,EAAE,EAAE,CACP,SAAS,IAAI,wDAAwD,CACxE;YACD,WAAW,EAAE;gBACX,+DAA+D;gBAC/D,+DAA+D;gBAC/D,uDAAuD;aACxD;YACD,aAAa,EAAE,UAAU;SAC1B,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-004.d.ts

@@ -0,0 +1,9 @@
+/**
+ * SEC-004: Over-Parameterization Check
+ *
+ * Checks that tools don't request excessive personal or sensitive data.
+ * Classifies parameters by sensitivity and flags tools that collect
+ * too many sensitive fields.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_004: Rule;

package/dist/rules/security/SEC-004.js

@@ -0,0 +1,87 @@
+/**
+ * SEC-004: Over-Parameterization Check
+ *
+ * Checks that tools don't request excessive personal or sensitive data.
+ * Classifies parameters by sensitivity and flags tools that collect
+ * too many sensitive fields.
+ */
+import { createRuleResult } from '../runner.js';
+const SENSITIVE_PARAM_PATTERNS = [
+    { pattern: /\bssn\b|social.?security/i, level: 'high' },
+    { pattern: /\bpassword\b|\bpasswd\b/i, level: 'high' },
+    { pattern: /\bcredit.?card\b|\bcc.?num/i, level: 'high' },
+    { pattern: /\bcvv\b|\bcvc\b|\bsecurity.?code/i, level: 'high' },
+    { pattern: /\bbank.?account\b|\brouting.?number/i, level: 'high' },
+    { pattern: /\bpin\b/i, level: 'high' },
+    { pattern: /\bdate.?of.?birth\b|\bdob\b|\bbirthday/i, level: 'medium' },
+    { pattern: /\bemail\b/i, level: 'medium' },
+    { pattern: /\bphone\b|\bmobile\b|\bcell/i, level: 'medium' },
+    { pattern: /\baddress\b|\bstreet\b|\bzip.?code\b|\bpostal/i, level: 'medium' },
+    { pattern: /\bfull.?name\b|\bfirst.?name\b|\blast.?name\b/i, level: 'medium' },
+    { pattern: /\bdriver.?licen/i, level: 'high' },
+    { pattern: /\bpassport\b/i, level: 'high' },
+    { pattern: /\btax.?id\b/i, level: 'high' },
+];
+const MAX_SENSITIVE_PARAMS = 3;
+export const SEC_004 = {
+    id: 'SEC-004',
+    category: 'security',
+    name: 'Over-Parameterization Check',
+    description: 'Tools should not request excessive personal or sensitive data',
+    severity: 'warning',
+    maxScore: 8,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-004', 8, {
+                passed: true,
+                score: 8,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const violations = [];
+        for (const tool of tools) {
+            const schema = tool.inputSchema;
+            if (!schema?.properties)
+                continue;
+            const sensitiveParams = [];
+            let highCount = 0;
+            for (const [paramName, prop] of Object.entries(schema.properties)) {
+                const textToCheck = `${paramName} ${prop.description ?? ''}`;
+                for (const { pattern, level } of SENSITIVE_PARAM_PATTERNS) {
+                    if (pattern.test(textToCheck)) {
+                        sensitiveParams.push(paramName);
+                        if (level === 'high')
+                            highCount++;
+                        break;
+                    }
+                }
+            }
+            if (sensitiveParams.length > MAX_SENSITIVE_PARAMS || highCount >= 2) {
+                violations.push({ name: tool.name, sensitiveParams, highCount });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-004', 8, {
+                passed: true,
+                score: 8,
+                message: 'No tools request excessive sensitive data',
+            });
+        }
+        const penalty = violations.length * 4;
+        const score = Math.max(0, 8 - penalty);
+        return createRuleResult('SEC-004', 8, {
+            passed: false,
+            score,
+            message: `${violations.length} tool(s) request excessive sensitive data`,
+            details: violations.map((v) => `Tool "${v.name}" collects ${v.sensitiveParams.length} sensitive params (${v.highCount} high-sensitivity): [${v.sensitiveParams.join(', ')}]`),
+            suggestions: [
+                'Minimize the amount of personal data collected per tool',
+                'Split tools that need many sensitive fields into focused sub-tools',
+                'Only request data that is strictly necessary for the tool\'s function',
+            ],
+            affectedTools: violations.map((v) => v.name),
+        });
+    },
+};
+//# sourceMappingURL=SEC-004.js.map

package/dist/rules/security/SEC-004.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-004.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-004.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,wBAAwB,GAAoD;IAChF,EAAE,OAAO,EAAE,2BAA2B,EAAE,KAAK,EAAE,MAAM,EAAE;IACvD,EAAE,OAAO,EAAE,0BAA0B,EAAE,KAAK,EAAE,MAAM,EAAE;IACtD,EAAE,OAAO,EAAE,6BAA6B,EAAE,KAAK,EAAE,MAAM,EAAE;IACzD,EAAE,OAAO,EAAE,mCAAmC,EAAE,KAAK,EAAE,MAAM,EAAE;IAC/D,EAAE,OAAO,EAAE,sCAAsC,EAAE,KAAK,EAAE,MAAM,EAAE;IAClE,EAAE,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE;IACtC,EAAE,OAAO,EAAE,yCAAyC,EAAE,KAAK,EAAE,QAAQ,EAAE;IACvE,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE;IAC1C,EAAE,OAAO,EAAE,8BAA8B,EAAE,KAAK,EAAE,QAAQ,EAAE;IAC5D,EAAE,OAAO,EAAE,gDAAgD,EAAE,KAAK,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,gDAAgD,EAAE,KAAK,EAAE,QAAQ,EAAE;IAC9E,EAAE,OAAO,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,EAAE;IAC9C,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,EAAE;IAC3C,EAAE,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,MAAM,EAAE;CAC3C,CAAC;AAEF,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAE/B,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,6BAA6B;IACnC,WAAW,EAAE,+DAA+D;IAC5E,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAqE,EAAE,CAAC;QAExF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC;YAChC,IAAI,CAAC,MAAM,EAAE,UAAU;gBAAE,SAAS;YAElC,MAAM,eAAe,GAAa,EAAE,CAAC;YACrC,IAAI,SAAS,GAAG,CAAC,CAAC;YAElB,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClE,MAAM,WAAW,GAAG,GAAG,SAAS,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;gBAC7D,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,wBAAwB,EAAE,CAAC;oBAC1D,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;wBAC9B,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;wBAChC,IAAI,KAAK,KAAK,MAAM;4BAAE,SAAS,EAAE,CAAC;wBAClC,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,eAAe,CAAC,MAAM,GAAG,oBAAoB,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;gBACpE,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,CAAC;YACnE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,2CAA2C;aACrD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,2CAA2C;YACxE,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,SAAS,CAAC,CAAC,IAAI,cAAc,CAAC,CAAC,eAAe,CAAC,MAAM,sBAAsB,CAAC,CAAC,SAAS,wBAAwB,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAChJ;YACD,WAAW,EAAE;gBACX,yDAAyD;gBACzD,oEAAoE;gBACpE,uEAAuE;aACxE;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-005.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SEC-005: Sensitive Action Confirmation
+ *
+ * Checks that destructive or financial tools use requestUserInteraction()
+ * or requiresConfirmation to ensure human oversight.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_005: Rule;

package/dist/rules/security/SEC-005.js

@@ -0,0 +1,87 @@
+/**
+ * SEC-005: Sensitive Action Confirmation
+ *
+ * Checks that destructive or financial tools use requestUserInteraction()
+ * or requiresConfirmation to ensure human oversight.
+ */
+import { createRuleResult } from '../runner.js';
+import { CRITICAL_DESTRUCTIVE_KEYWORDS, hasKeyword, findMatchedKeywords, } from '../utils/keywords.js';
+const FINANCIAL_KEYWORDS = [
+    'purchase',
+    'buy',
+    'checkout',
+    'pay',
+    'transfer',
+    'withdraw',
+    'send money',
+    'subscribe',
+    'charge',
+    'refund',
+    'invoice',
+];
+const CONFIRMATION_PATTERNS = [
+    /requestUserInteraction/,
+    /confirm\s*\(/,
+    /requiresConfirmation/,
+    /userConfirm/i,
+    /awaitConfirmation/i,
+];
+export const SEC_005 = {
+    id: 'SEC-005',
+    category: 'security',
+    name: 'Sensitive Action Confirmation',
+    description: 'Destructive or financial tools must use requestUserInteraction() or requiresConfirmation',
+    severity: 'critical',
+    maxScore: 12,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-005', 12, {
+                passed: true,
+                score: 12,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const allSensitiveKeywords = [
+            ...CRITICAL_DESTRUCTIVE_KEYWORDS,
+            ...FINANCIAL_KEYWORDS,
+        ];
+        const violations = [];
+        for (const tool of tools) {
+            const textToSearch = `${tool.name} ${tool.description}`;
+            if (!hasKeyword(textToSearch, allSensitiveKeywords))
+                continue;
+            // Check annotation
+            const hasAnnotationConfirm = tool.annotations?.requiresConfirmation === true;
+            // Check execute source for confirmation calls
+            const src = tool.executeSource ?? '';
+            const hasCodeConfirm = CONFIRMATION_PATTERNS.some((p) => p.test(src));
+            if (!hasAnnotationConfirm && !hasCodeConfirm) {
+                const matchedKeywords = findMatchedKeywords(textToSearch, allSensitiveKeywords);
+                violations.push({ name: tool.name, keywords: matchedKeywords });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-005', 12, {
+                passed: true,
+                score: 12,
+                message: 'All sensitive tools require confirmation before execution',
+            });
+        }
+        const penalty = violations.length * 4;
+        const score = Math.max(0, 12 - penalty);
+        return createRuleResult('SEC-005', 12, {
+            passed: false,
+            score,
+            message: `${violations.length} sensitive tool(s) lack confirmation requirement`,
+            details: violations.map((v) => `Tool "${v.name}" performs sensitive actions [${v.keywords.join(', ')}] without confirmation`),
+            suggestions: [
+                'Add requiresConfirmation: true to annotations for destructive/financial tools',
+                'Use requestUserInteraction() in execute function before performing sensitive actions',
+                'Example: await navigator.modelContext.requestUserInteraction({ type: "confirmation" })',
+            ],
+            affectedTools: violations.map((v) => v.name),
+        });
+    },
+};
+//# sourceMappingURL=SEC-005.js.map

package/dist/rules/security/SEC-005.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-005.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-005.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EACL,6BAA6B,EAC7B,UAAU,EACV,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,kBAAkB,GAAG;IACzB,UAAU;IACV,KAAK;IACL,UAAU;IACV,KAAK;IACL,UAAU;IACV,UAAU;IACV,YAAY;IACZ,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,SAAS;CACV,CAAC;AAEF,MAAM,qBAAqB,GAAG;IAC5B,wBAAwB;IACxB,cAAc;IACd,sBAAsB;IACtB,cAAc;IACd,oBAAoB;CACrB,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,+BAA+B;IACrC,WAAW,EACT,0FAA0F;IAC5F,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,EAAE;IAEZ,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,oBAAoB,GAAG;YAC3B,GAAG,6BAA6B;YAChC,GAAG,kBAAkB;SACtB,CAAC;QACF,MAAM,UAAU,GAA2C,EAAE,CAAC;QAE9D,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAExD,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,oBAAoB,CAAC;gBAAE,SAAS;YAE9D,mBAAmB;YACnB,MAAM,oBAAoB,GACxB,IAAI,CAAC,WAAW,EAAE,oBAAoB,KAAK,IAAI,CAAC;YAElD,8CAA8C;YAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YACrC,MAAM,cAAc,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAEtE,IAAI,CAAC,oBAAoB,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC7C,MAAM,eAAe,GAAG,mBAAmB,CACzC,YAAY,EACZ,oBAAoB,CACrB,CAAC;gBACF,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EACL,2DAA2D;aAC9D,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,OAAO,CAAC,CAAC;QAExC,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,kDAAkD;YAC/E,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,SAAS,CAAC,CAAC,IAAI,iCAAiC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAChG;YACD,WAAW,EAAE;gBACX,+EAA+E;gBAC/E,sFAAsF;gBACtF,wFAAwF;aACzF;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-006.d.ts

@@ -0,0 +1,10 @@
+/**
+ * SEC-006: Misrepresentation (Static)
+ *
+ * Checks that tool descriptions match the detectable behavior
+ * of execute functions. Flags tools where the description says one thing
+ * but the code does something different (e.g., claims "read-only"
+ * but performs writes).
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_006: Rule;

package/dist/rules/security/SEC-006.js

@@ -0,0 +1,108 @@
+/**
+ * SEC-006: Misrepresentation (Static)
+ *
+ * Checks that tool descriptions match the detectable behavior
+ * of execute functions. Flags tools where the description says one thing
+ * but the code does something different (e.g., claims "read-only"
+ * but performs writes).
+ */
+import { createRuleResult } from '../runner.js';
+import { hasKeyword, READONLY_KEYWORDS, DESTRUCTIVE_KEYWORDS } from '../utils/keywords.js';
+const WRITE_PATTERNS = [
+    /\.remove\s*\(/,
+    /\.delete\s*\(/,
+    /fetch\s*\(.*method\s*:\s*['"](?:POST|PUT|DELETE|PATCH)/i,
+    /\.submit\s*\(/,
+    /localStorage\.setItem/,
+    /sessionStorage\.setItem/,
+    /document\.cookie\s*=/,
+    /\.set\s*\(/,
+    /\.save\s*\(/,
+    /\.update\s*\(/,
+    /\.create\s*\(/,
+    /\.push\s*\(/,
+    /\.splice\s*\(/,
+];
+const READ_PATTERNS = [
+    /fetch\s*\(.*method\s*:\s*['"]GET/i,
+    /\.get\s*\(/,
+    /\.find\s*\(/,
+    /\.filter\s*\(/,
+    /\.query\s*\(/,
+    /localStorage\.getItem/,
+    /sessionStorage\.getItem/,
+    /\.search\s*\(/,
+    /\.textContent\b/,
+    /\.innerText\b/,
+];
+export const SEC_006 = {
+    id: 'SEC-006',
+    category: 'security',
+    name: 'Misrepresentation (Static)',
+    description: 'Tool description should match detectable behavior of execute function',
+    severity: 'warning',
+    maxScore: 8,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-006', 8, {
+                passed: true,
+                score: 8,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const toolsWithExecute = tools.filter((t) => t.executeSource && t.executeSource.length > 0);
+        if (toolsWithExecute.length === 0) {
+            return createRuleResult('SEC-006', 8, {
+                passed: true,
+                score: 8,
+                message: 'No execute functions available for analysis',
+            });
+        }
+        const violations = [];
+        for (const tool of toolsWithExecute) {
+            const desc = `${tool.name} ${tool.description}`;
+            const src = tool.executeSource ?? '';
+            const descLooksReadOnly = hasKeyword(desc, READONLY_KEYWORDS) &&
+                !hasKeyword(desc, DESTRUCTIVE_KEYWORDS);
+            const codeHasWrites = WRITE_PATTERNS.some((p) => p.test(src));
+            const codeHasReads = READ_PATTERNS.some((p) => p.test(src));
+            if (descLooksReadOnly && codeHasWrites && !codeHasReads) {
+                violations.push({
+                    name: tool.name,
+                    issue: 'Description implies read-only but execute function performs writes',
+                });
+            }
+            const descLooksDestructive = hasKeyword(desc, DESTRUCTIVE_KEYWORDS);
+            const codeOnlyReads = codeHasReads && !codeHasWrites;
+            if (descLooksDestructive && codeOnlyReads) {
+                violations.push({
+                    name: tool.name,
+                    issue: 'Description implies destructive action but execute only reads data',
+                });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-006', 8, {
+                passed: true,
+                score: 8,
+                message: 'Tool descriptions match their execute function behavior',
+            });
+        }
+        const penalty = violations.length * 4;
+        const score = Math.max(0, 8 - penalty);
+        return createRuleResult('SEC-006', 8, {
+            passed: false,
+            score,
+            message: `${violations.length} tool(s) may misrepresent their behavior`,
+            details: violations.map((v) => `Tool "${v.name}": ${v.issue}`),
+            suggestions: [
+                'Ensure tool descriptions accurately reflect what the execute function does',
+                'A tool described as "read-only" should not perform writes',
+                'A tool described as "delete" should actually perform deletions',
+            ],
+            affectedTools: violations.map((v) => v.name),
+        });
+    },
+};
+//# sourceMappingURL=SEC-006.js.map

package/dist/rules/security/SEC-006.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-006.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-006.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAE3F,MAAM,cAAc,GAAG;IACrB,eAAe;IACf,eAAe;IACf,yDAAyD;IACzD,eAAe;IACf,uBAAuB;IACvB,yBAAyB;IACzB,sBAAsB;IACtB,YAAY;IACZ,aAAa;IACb,eAAe;IACf,eAAe;IACf,aAAa;IACb,eAAe;CAChB,CAAC;AAEF,MAAM,aAAa,GAAG;IACpB,mCAAmC;IACnC,YAAY;IACZ,aAAa;IACb,eAAe;IACf,cAAc;IACd,uBAAuB;IACvB,yBAAyB;IACzB,eAAe;IACf,iBAAiB;IACjB,eAAe;CAChB,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,4BAA4B;IAClC,WAAW,EACT,uEAAuE;IACzE,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CACrD,CAAC;QAEF,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAsC,EAAE,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,GAAG,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YAErC,MAAM,iBAAiB,GACrB,UAAU,CAAC,IAAI,EAAE,iBAAiB,CAAC;gBACnC,CAAC,UAAU,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YAC1C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAC9D,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAE5D,IAAI,iBAAiB,IAAI,aAAa,IAAI,CAAC,YAAY,EAAE,CAAC;gBACxD,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EAAE,oEAAoE;iBAC5E,CAAC,CAAC;YACL,CAAC;YAED,MAAM,oBAAoB,GAAG,UAAU,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACpE,MAAM,aAAa,GACjB,YAAY,IAAI,CAAC,aAAa,CAAC;YAEjC,IAAI,oBAAoB,IAAI,aAAa,EAAE,CAAC;gBAC1C,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EAAE,oEAAoE;iBAC5E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yDAAyD;aACnE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,0CAA0C;YACvE,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;YAC9D,WAAW,EAAE;gBACX,4EAA4E;gBAC5E,2DAA2D;gBAC3D,gEAAgE;aACjE;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-007.d.ts

@@ -0,0 +1,9 @@
+/**
+ * SEC-007: No Hidden Exfiltration
+ *
+ * Checks that execute functions don't make requests to unexpected domains.
+ * Flags tools that fetch/send data to third-party URLs not related to the
+ * page's own origin.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_007: Rule;

package/dist/rules/security/SEC-007.js

@@ -0,0 +1,108 @@
+/**
+ * SEC-007: No Hidden Exfiltration
+ *
+ * Checks that execute functions don't make requests to unexpected domains.
+ * Flags tools that fetch/send data to third-party URLs not related to the
+ * page's own origin.
+ */
+import { createRuleResult } from '../runner.js';
+const URL_PATTERN = /(?:fetch|XMLHttpRequest|\.open)\s*\(\s*['"`]([^'"`]+)['"`]/g;
+const DYNAMIC_URL_PATTERN = /(?:fetch|XMLHttpRequest|\.open)\s*\(\s*(?!['"`])/g;
+const SAFE_DOMAINS = [
+    'localhost',
+    '127.0.0.1',
+    'cdn.jsdelivr.net',
+    'unpkg.com',
+    'cdnjs.cloudflare.com',
+];
+function extractDomain(url) {
+    try {
+        const parsed = new URL(url);
+        return parsed.hostname;
+    }
+    catch {
+        return null;
+    }
+}
+export const SEC_007 = {
+    id: 'SEC-007',
+    category: 'security',
+    name: 'No Hidden Exfiltration',
+    description: 'Execute functions should not make requests to unexpected external domains',
+    severity: 'critical',
+    maxScore: 12,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-007', 12, {
+                passed: true,
+                score: 12,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const toolsWithExecute = tools.filter((t) => t.executeSource && t.executeSource.length > 0);
+        if (toolsWithExecute.length === 0) {
+            return createRuleResult('SEC-007', 12, {
+                passed: true,
+                score: 12,
+                message: 'No execute functions available for analysis',
+            });
+        }
+        let pageDomain = null;
+        try {
+            pageDomain = new URL(context.url).hostname;
+        }
+        catch {
+            // ignore
+        }
+        const violations = [];
+        for (const tool of toolsWithExecute) {
+            const src = tool.executeSource ?? '';
+            const foreignDomains = [];
+            // Check for static URLs in fetch/XHR calls
+            let match;
+            const urlRegex = new RegExp(URL_PATTERN.source, 'g');
+            while ((match = urlRegex.exec(src)) !== null) {
+                const url = match[1];
+                if (!url)
+                    continue;
+                const domain = extractDomain(url);
+                if (!domain)
+                    continue;
+                const isSameDomain = pageDomain && (domain === pageDomain || domain.endsWith(`.${pageDomain}`));
+                const isSafe = SAFE_DOMAINS.some((d) => domain === d || domain.endsWith(`.${d}`));
+                if (!isSameDomain && !isSafe && !url.startsWith('/')) {
+                    foreignDomains.push(domain);
+                }
+            }
+            if (foreignDomains.length > 0) {
+                violations.push({
+                    name: tool.name,
+                    domains: [...new Set(foreignDomains)],
+                });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-007', 12, {
+                passed: true,
+                score: 12,
+                message: 'No suspicious external requests detected in execute functions',
+            });
+        }
+        const penalty = violations.length * 6;
+        const score = Math.max(0, 12 - penalty);
+        return createRuleResult('SEC-007', 12, {
+            passed: false,
+            score,
+            message: `${violations.length} tool(s) make requests to unexpected external domains`,
+            details: violations.map((v) => `Tool "${v.name}" sends data to external domains: [${v.domains.join(', ')}]`),
+            suggestions: [
+                'Ensure execute functions only communicate with the page\'s own domain',
+                'If external APIs are needed, document them in the tool description',
+                'Avoid sending user data to third-party domains without explicit disclosure',
+            ],
+            affectedTools: violations.map((v) => v.name),
+        });
+    },
+};
+//# sourceMappingURL=SEC-007.js.map

package/dist/rules/security/SEC-007.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-007.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-007.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,WAAW,GAAG,6DAA6D,CAAC;AAClF,MAAM,mBAAmB,GAAG,mDAAmD,CAAC;AAEhF,MAAM,YAAY,GAAG;IACnB,WAAW;IACX,WAAW;IACX,kBAAkB;IAClB,WAAW;IACX,sBAAsB;CACvB,CAAC;AAEF,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,wBAAwB;IAC9B,WAAW,EACT,2EAA2E;IAC7E,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,EAAE;IAEZ,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,CACrD,CAAC;QAEF,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,CAAC;YACH,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QAED,MAAM,UAAU,GAA0C,EAAE,CAAC;QAE7D,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YACrC,MAAM,cAAc,GAAa,EAAE,CAAC;YAEpC,2CAA2C;YAC3C,IAAI,KAA6B,CAAC;YAClC,MAAM,QAAQ,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YACrD,OAAO,CAAC,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC7C,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACrB,IAAI,CAAC,GAAG;oBAAE,SAAS;gBACnB,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;gBAClC,IAAI,CAAC,MAAM;oBAAE,SAAS;gBAEtB,MAAM,YAAY,GAChB,UAAU,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC;gBAC7E,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAChD,CAAC;gBAEF,IAAI,CAAC,YAAY,IAAI,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACrD,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC;YAED,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,OAAO,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,CAAC;iBACtC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;gBACrC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,EAAE;gBACT,OAAO,EAAE,+DAA+D;aACzE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,GAAG,OAAO,CAAC,CAAC;QAExC,OAAO,gBAAgB,CAAC,SAAS,EAAE,EAAE,EAAE;YACrC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,uDAAuD;YACpF,OAAO,EAAE,UAAU,CAAC,GAAG,CACrB,CAAC,CAAC,EAAE,EAAE,CACJ,SAAS,CAAC,CAAC,IAAI,sCAAsC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/E;YACD,WAAW,EAAE;gBACX,uEAAuE;gBACvE,oEAAoE;gBACpE,4EAA4E;aAC7E;YACD,aAAa,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-008.d.ts

@@ -0,0 +1,8 @@
+/**
+ * SEC-008: Annotations Accurate
+ *
+ * Checks that MCP annotations (readOnlyHint, destructiveHint) match
+ * the actual behavior detectable in the execute function.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_008: Rule;

package/dist/rules/security/SEC-008.js

@@ -0,0 +1,109 @@
+/**
+ * SEC-008: Annotations Accurate
+ *
+ * Checks that MCP annotations (readOnlyHint, destructiveHint) match
+ * the actual behavior detectable in the execute function.
+ */
+import { createRuleResult } from '../runner.js';
+const WRITE_INDICATORS = [
+    /fetch\s*\(.*method\s*:\s*['"](?:POST|PUT|DELETE|PATCH)/i,
+    /\.submit\s*\(/,
+    /\.remove\s*\(/,
+    /\.delete\s*\(/,
+    /localStorage\.setItem/,
+    /sessionStorage\.setItem/,
+    /\.save\s*\(/,
+    /\.update\s*\(/,
+    /\.create\s*\(/,
+    /document\.cookie\s*=/,
+];
+const DESTRUCTIVE_INDICATORS = [
+    /\.remove\s*\(/,
+    /\.delete\s*\(/,
+    /fetch\s*\(.*method\s*:\s*['"]DELETE/i,
+    /\.destroy\s*\(/,
+    /\.drop\s*\(/,
+    /\.truncate\s*\(/,
+    /\.wipe\s*\(/,
+    /\.purge\s*\(/,
+];
+export const SEC_008 = {
+    id: 'SEC-008',
+    category: 'security',
+    name: 'Annotations Accurate',
+    description: 'MCP annotations (readOnlyHint, destructiveHint) should match execute function behavior',
+    severity: 'warning',
+    maxScore: 8,
+    async check(context) {
+        const tools = context.tools;
+        if (tools.length === 0) {
+            return createRuleResult('SEC-008', 8, {
+                passed: true,
+                score: 8,
+                message: 'No tools detected (rule not applicable)',
+            });
+        }
+        const toolsWithExecute = tools.filter((t) => t.executeSource && t.executeSource.length > 0 && t.annotations);
+        if (toolsWithExecute.length === 0) {
+            return createRuleResult('SEC-008', 8, {
+                passed: true,
+                score: 8,
+                message: 'No tools with both annotations and execute functions to analyze',
+            });
+        }
+        const violations = [];
+        for (const tool of toolsWithExecute) {
+            const src = tool.executeSource ?? '';
+            const annotations = tool.annotations;
+            if (!annotations)
+                continue;
+            const codeHasWrites = WRITE_INDICATORS.some((p) => p.test(src));
+            const codeHasDestructive = DESTRUCTIVE_INDICATORS.some((p) => p.test(src));
+            // readOnlyHint: true but code does writes
+            if (annotations.readOnlyHint === true && codeHasWrites) {
+                violations.push({
+                    name: tool.name,
+                    issue: 'readOnlyHint is true but execute function performs write operations',
+                });
+            }
+            // destructiveHint: false but code has destructive patterns
+            if (annotations.destructiveHint === false && codeHasDestructive) {
+                violations.push({
+                    name: tool.name,
+                    issue: 'destructiveHint is false but execute function contains destructive operations',
+                });
+            }
+            // destructiveHint: true but code only does reads
+            if (annotations.destructiveHint === true &&
+                !codeHasWrites &&
+                !codeHasDestructive) {
+                violations.push({
+                    name: tool.name,
+                    issue: 'destructiveHint is true but execute function shows no write/destructive patterns',
+                });
+            }
+        }
+        if (violations.length === 0) {
+            return createRuleResult('SEC-008', 8, {
+                passed: true,
+                score: 8,
+                message: 'Annotations match detected execute function behavior',
+            });
+        }
+        const penalty = violations.length * 4;
+        const score = Math.max(0, 8 - penalty);
+        return createRuleResult('SEC-008', 8, {
+            passed: false,
+            score,
+            message: `${violations.length} annotation mismatch(es) detected`,
+            details: violations.map((v) => `Tool "${v.name}": ${v.issue}`),
+            suggestions: [
+                'Update readOnlyHint to false if the tool performs any write operations',
+                'Set destructiveHint: true if the tool can delete or permanently modify data',
+                'Annotations should honestly reflect tool behavior to help agents make safe decisions',
+            ],
+            affectedTools: [...new Set(violations.map((v) => v.name))],
+        });
+    },
+};
+//# sourceMappingURL=SEC-008.js.map

package/dist/rules/security/SEC-008.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SEC-008.js","sourceRoot":"","sources":["../../../src/rules/security/SEC-008.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAEhD,MAAM,gBAAgB,GAAG;IACvB,yDAAyD;IACzD,eAAe;IACf,eAAe;IACf,eAAe;IACf,uBAAuB;IACvB,yBAAyB;IACzB,aAAa;IACb,eAAe;IACf,eAAe;IACf,sBAAsB;CACvB,CAAC;AAEF,MAAM,sBAAsB,GAAG;IAC7B,eAAe;IACf,eAAe;IACf,sCAAsC;IACtC,gBAAgB;IAChB,aAAa;IACb,iBAAiB;IACjB,aAAa;IACb,cAAc;CACf,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAS;IAC3B,EAAE,EAAE,SAAS;IACb,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EACT,wFAAwF;IAC1F,QAAQ,EAAE,SAAS;IACnB,QAAQ,EAAE,CAAC;IAEX,KAAK,CAAC,KAAK,CAAC,OAAoB;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAE5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,yCAAyC;aACnD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,gBAAgB,GAAG,KAAK,CAAC,MAAM,CACnC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,WAAW,CACtE,CAAC;QAEF,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,iEAAiE;aAC3E,CAAC,CAAC;QACL,CAAC;QAED,MAAM,UAAU,GAAsC,EAAE,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;YACpC,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;YACrC,IAAI,CAAC,WAAW;gBAAE,SAAS;YAE3B,MAAM,aAAa,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,MAAM,kBAAkB,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAE3E,0CAA0C;YAC1C,IAAI,WAAW,CAAC,YAAY,KAAK,IAAI,IAAI,aAAa,EAAE,CAAC;gBACvD,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EAAE,qEAAqE;iBAC7E,CAAC,CAAC;YACL,CAAC;YAED,2DAA2D;YAC3D,IAAI,WAAW,CAAC,eAAe,KAAK,KAAK,IAAI,kBAAkB,EAAE,CAAC;gBAChE,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EACH,+EAA+E;iBAClF,CAAC,CAAC;YACL,CAAC;YAED,iDAAiD;YACjD,IACE,WAAW,CAAC,eAAe,KAAK,IAAI;gBACpC,CAAC,aAAa;gBACd,CAAC,kBAAkB,EACnB,CAAC;gBACD,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EACH,kFAAkF;iBACrF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;gBACpC,MAAM,EAAE,IAAI;gBACZ,KAAK,EAAE,CAAC;gBACR,OAAO,EAAE,sDAAsD;aAChE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC;QAEvC,OAAO,gBAAgB,CAAC,SAAS,EAAE,CAAC,EAAE;YACpC,MAAM,EAAE,KAAK;YACb,KAAK;YACL,OAAO,EAAE,GAAG,UAAU,CAAC,MAAM,mCAAmC;YAChE,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;YAC9D,WAAW,EAAE;gBACX,wEAAwE;gBACxE,6EAA6E;gBAC7E,sFAAsF;aACvF;YACD,aAAa,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;SAC3D,CAAC,CAAC;IACL,CAAC;CACF,CAAC"}

package/dist/rules/security/SEC-009.d.ts

@@ -0,0 +1,9 @@
+/**
+ * SEC-009: Cross-Origin Awareness
+ *
+ * Flags tools that send data to cross-origin destinations.
+ * This is informational — not necessarily bad, but agents should
+ * be aware of cross-origin data flow.
+ */
+import type { Rule } from '../../core/types/rule.js';
+export declare const SEC_009: Rule;