@danielsogl/lighthouse-mcp/dist/tools/security.js

A comprehensive Model Context Protocol (MCP) server that provides web performance auditing, accessibility testing, SEO analysis, security assessment, and Core Web Vitals monitoring using Google Lighthouse. Enables LLMs and AI agents to perform detailed we

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.registerSecurityTools = registerSecurityTools;
const schemas_1 = require("../schemas");
const lighthouse_analysis_1 = require("../lighthouse-analysis");
function createStructuredSecurity(type, url, device, data, recommendations) {
    return {
        summary: `${type} analysis for ${url} on ${device}`,
        data,
        ...(recommendations && { recommendations }),
    };
}
function registerSecurityTools(server) {
    server.tool("get_security_audit", "Perform security audit checking HTTPS, CSP, and other security measures", schemas_1.securityAuditSchema, async ({ url, device, checks }) => {
        try {
            const result = await (0, lighthouse_analysis_1.getSecurityAudit)(url, device, checks);
            const audits = result.audits.map((audit) => {
                const auditItem = audit;
                return {
                    id: auditItem.id,
                    title: auditItem.title,
                    description: auditItem.description || "N/A",
                    score: auditItem.score !== null ? Math.round((auditItem.score || 0) * 100) : null,
                    displayValue: auditItem.displayValue || "N/A",
                    status: auditItem.score === 1 ? "pass" : auditItem.score === 0 ? "fail" : "warning",
                };
            });
            const structuredResult = createStructuredSecurity("Security Audit", result.url, result.device, {
                overallScore: result.overallScore,
                audits,
                auditCount: audits.length,
                passedAudits: audits.filter((a) => a.status === "pass").length,
                failedAudits: audits.filter((a) => a.status === "fail").length,
                fetchTime: result.fetchTime,
            }, [
                "Ensure all resources are served over HTTPS",
                "Implement Content Security Policy (CSP) headers to prevent XSS attacks",
                "Keep all dependencies and libraries up to date",
                "Use rel=noopener for external links to prevent window.opener attacks",
                "Enable HTTP Strict Transport Security (HSTS) headers",
            ]);
            return {
                content: [
                    {
                        type: "text",
                        text: JSON.stringify(structuredResult, null, 2),
                    },
                ],
            };
        }
        catch (error) {
            const errorMessage = error instanceof Error ? error.message : String(error);
            return {
                content: [
                    {
                        type: "text",
                        text: JSON.stringify({
                            error: "Security audit failed",
                            url,
                            device: device || "desktop",
                            message: errorMessage,
                        }, null, 2),
                    },
                ],
                isError: true,
            };
        }
    });
}