UNPKG

@dollhousemcp/mcp-server

Version:

DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.

70 lines 12 kB
/** * Safety Tier Service * * Wrapper around @dollhousemcp/safety that adds DollhouseMCP-specific * integrations (logger, SecurityMonitor). * * Part of the Tiered Safety System (RFC #97). * * @since v2.0.0 */ // Re-export core types and functions from the standalone package export { matchesDangerZonePattern, hasCriticalSecurityViolations, generateDisplayCode, createConfirmationRequest, createExecutionContext, VerificationStore, showVerificationDialog, isDialogAvailable, defaultAuditLogger, consoleAuditLogger, createAuditLogger, DEFAULT_SAFETY_CONFIG, } from '@dollhousemcp/safety'; // Import for wrapping with DollhouseMCP integrations import { determineSafetyTier as baseDetermineSafetyTier, createVerificationChallenge as baseCreateVerificationChallenge, createDangerZoneOperation as baseCreateDangerZoneOperation, DEFAULT_SAFETY_CONFIG, } from '@dollhousemcp/safety'; import { logger } from '../../utils/logger.js'; import { SecurityMonitor } from '../../security/securityMonitor.js'; /** * Determine the safety tier based on risk score, security warnings, and goal content * * Wrapper that adds SecurityMonitor logging for danger zone triggers. */ export function determineSafetyTier(riskScore, securityWarnings, goal, config = DEFAULT_SAFETY_CONFIG, executionContext) { const result = baseDetermineSafetyTier(riskScore, securityWarnings, goal, config, executionContext); // Add DollhouseMCP-specific security monitoring if (result.tier === 'danger_zone') { const dangerPattern = result.factors.find((f) => f.startsWith('Matches danger zone pattern:')); if (dangerPattern) { SecurityMonitor.logSecurityEvent({ type: 'DANGER_ZONE_TRIGGERED', severity: 'HIGH', source: 'SafetyTierService.determineSafetyTier', details: `Goal matched danger zone pattern: ${dangerPattern}`, additionalData: { goal: goal.substring(0, 100), matchedPattern: dangerPattern, riskScore, factors: result.factors }, }); } } return result; } /** * Create a verification challenge for VERIFY or DANGER_ZONE tiers * * Wrapper that adds DollhouseMCP logger integration. */ export function createVerificationChallenge(reason, challengeType = 'display_code', expirationMinutes = 5) { const challenge = baseCreateVerificationChallenge(reason, challengeType, expirationMinutes); logger.info('Verification challenge created', { challengeId: challenge.challengeId, challengeType, reason, expiresAt: challenge.expiresAt, }); return challenge; } /** * Create a danger zone operation record * * Wrapper that adds SecurityMonitor logging. */ export function createDangerZoneOperation(operationType, reason, dangerZoneEnabled, config = DEFAULT_SAFETY_CONFIG) { const operation = baseCreateDangerZoneOperation(operationType, reason, dangerZoneEnabled, config); SecurityMonitor.logSecurityEvent({ type: 'DANGER_ZONE_OPERATION', severity: operation.blocked ? 'HIGH' : 'MEDIUM', source: 'SafetyTierService.createDangerZoneOperation', details: `Danger zone operation ${operation.blocked ? 'blocked' : 'allowed with verification'}: ${operationType}`, additionalData: { operationType, reason, blocked: operation.blocked }, }); return operation; } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2FmZXR5VGllclNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZWxlbWVudHMvYWdlbnRzL3NhZmV0eVRpZXJTZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7R0FTRztBQUVILGlFQUFpRTtBQUNqRSxPQUFPLEVBQ0wsd0JBQXdCLEVBQ3hCLDZCQUE2QixFQUM3QixtQkFBbUIsRUFDbkIseUJBQXlCLEVBQ3pCLHNCQUFzQixFQUN0QixpQkFBaUIsRUFDakIsc0JBQXNCLEVBQ3RCLGlCQUFpQixFQUNqQixrQkFBa0IsRUFDbEIsa0JBQWtCLEVBQ2xCLGlCQUFpQixFQUNqQixxQkFBcUIsR0FDdEIsTUFBTSxzQkFBc0IsQ0FBQztBQW1COUIscURBQXFEO0FBQ3JELE9BQU8sRUFDTCxtQkFBbUIsSUFBSSx1QkFBdUIsRUFDOUMsMkJBQTJCLElBQUksK0JBQStCLEVBQzlELHlCQUF5QixJQUFJLDZCQUE2QixFQUMxRCxxQkFBcUIsR0FDdEIsTUFBTSxzQkFBc0IsQ0FBQztBQVc5QixPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDL0MsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBRXBFOzs7O0dBSUc7QUFDSCxNQUFNLFVBQVUsbUJBQW1CLENBQ2pDLFNBQWlCLEVBQ2pCLGdCQUEwQixFQUMxQixJQUFZLEVBQ1osU0FBdUIscUJBQXFCLEVBQzVDLGdCQUFtQztJQUVuQyxNQUFNLE1BQU0sR0FBRyx1QkFBdUIsQ0FDcEMsU0FBUyxFQUNULGdCQUFnQixFQUNoQixJQUFJLEVBQ0osTUFBTSxFQUNOLGdCQUFnQixDQUNqQixDQUFDO0lBRUYsZ0RBQWdEO0lBQ2hELElBQUksTUFBTSxDQUFDLElBQUksS0FBSyxhQUFhLEVBQUUsQ0FBQztRQUNsQyxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQzlDLENBQUMsQ0FBQyxVQUFVLENBQUMsOEJBQThCLENBQUMsQ0FDN0MsQ0FBQztRQUNGLElBQUksYUFBYSxFQUFFLENBQUM7WUFDbEIsZUFBZSxDQUFDLGdCQUFnQixDQUFDO2dCQUMvQixJQUFJLEVBQUUsdUJBQXVCO2dCQUM3QixRQUFRLEVBQUUsTUFBTTtnQkFDaEIsTUFBTSxFQUFFLHVDQUF1QztnQkFDL0MsT0FBTyxFQUFFLHFDQUFxQyxhQUFhLEVBQUU7Z0JBQzdELGNBQWMsRUFBRSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxHQUFHLENBQUMsRUFBRSxjQUFjLEVBQUUsYUFBYSxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRTthQUNwSCxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxVQUFVLDJCQUEyQixDQUN6QyxNQUFjLEVBQ2QsZ0JBQTJDLGNBQWMsRUFDekQsb0JBQTRCLENBQUM7SUFFN0IsTUFBTSxTQUFTLEdBQUcsK0JBQStCLENBQy9DLE1BQU0sRUFDTixhQUFhLEVBQ2IsaUJBQWlCLENBQ2xCLENBQUM7SUFFRixNQUFNLENBQUMsSUFBSSxDQUFDLGdDQUFnQyxFQUFFO1FBQzVDLFdBQVcsRUFBRSxTQUFTLENBQUMsV0FBVztRQUNsQyxhQUFhO1FBQ2IsTUFBTTtRQUNOLFNBQVMsRUFBRSxTQUFTLENBQUMsU0FBUztLQUMvQixDQUFDLENBQUM7SUFFSCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILE1BQU0sVUFBVSx5QkFBeUIsQ0FDdkMsYUFBcUIsRUFDckIsTUFBYyxFQUNkLGlCQUEwQixFQUMxQixTQUF1QixxQkFBcUI7SUFFNUMsTUFBTSxTQUFTLEdBQUcsNkJBQTZCLENBQzdDLGFBQWEsRUFDYixNQUFNLEVBQ04saUJBQWlCLEVBQ2pCLE1BQU0sQ0FDUCxDQUFDO0lBRUYsZUFBZSxDQUFDLGdCQUFnQixDQUFDO1FBQy9CLElBQUksRUFBRSx1QkFBdUI7UUFDN0IsUUFBUSxFQUFFLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsUUFBUTtRQUMvQyxNQUFNLEVBQUUsNkNBQTZDO1FBQ3JELE9BQU8sRUFBRSx5QkFBeUIsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQywyQkFBMkIsS0FBSyxhQUFhLEVBQUU7UUFDakgsY0FBYyxFQUFFLEVBQUUsYUFBYSxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxDQUFDLE9BQU8sRUFBRTtLQUN0RSxDQUFDLENBQUM7SUFFSCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBTYWZldHkgVGllciBTZXJ2aWNlXG4gKlxuICogV3JhcHBlciBhcm91bmQgQGRvbGxob3VzZW1jcC9zYWZldHkgdGhhdCBhZGRzIERvbGxob3VzZU1DUC1zcGVjaWZpY1xuICogaW50ZWdyYXRpb25zIChsb2dnZXIsIFNlY3VyaXR5TW9uaXRvcikuXG4gKlxuICogUGFydCBvZiB0aGUgVGllcmVkIFNhZmV0eSBTeXN0ZW0gKFJGQyAjOTcpLlxuICpcbiAqIEBzaW5jZSB2Mi4wLjBcbiAqL1xuXG4vLyBSZS1leHBvcnQgY29yZSB0eXBlcyBhbmQgZnVuY3Rpb25zIGZyb20gdGhlIHN0YW5kYWxvbmUgcGFja2FnZVxuZXhwb3J0IHtcbiAgbWF0Y2hlc0RhbmdlclpvbmVQYXR0ZXJuLFxuICBoYXNDcml0aWNhbFNlY3VyaXR5VmlvbGF0aW9ucyxcbiAgZ2VuZXJhdGVEaXNwbGF5Q29kZSxcbiAgY3JlYXRlQ29uZmlybWF0aW9uUmVxdWVzdCxcbiAgY3JlYXRlRXhlY3V0aW9uQ29udGV4dCxcbiAgVmVyaWZpY2F0aW9uU3RvcmUsXG4gIHNob3dWZXJpZmljYXRpb25EaWFsb2csXG4gIGlzRGlhbG9nQXZhaWxhYmxlLFxuICBkZWZhdWx0QXVkaXRMb2dnZXIsXG4gIGNvbnNvbGVBdWRpdExvZ2dlcixcbiAgY3JlYXRlQXVkaXRMb2dnZXIsXG4gIERFRkFVTFRfU0FGRVRZX0NPTkZJRyxcbn0gZnJvbSAnQGRvbGxob3VzZW1jcC9zYWZldHknO1xuXG5leHBvcnQgdHlwZSB7XG4gIFNhZmV0eVRpZXIsXG4gIFZlcmlmaWNhdGlvbkNoYWxsZW5nZVR5cGUsXG4gIFNhZmV0eUNvbmZpZyxcbiAgVmVyaWZpY2F0aW9uQ2hhbGxlbmdlLFxuICBDb25maXJtYXRpb25SZXF1ZXN0LFxuICBEYW5nZXJab25lT3BlcmF0aW9uLFxuICBFeGVjdXRpb25Db250ZXh0LFxuICBTYWZldHlUaWVyUmVzdWx0LFxuICBTdG9yZWRDaGFsbGVuZ2UsXG4gIFNhZmV0eUF1ZGl0RXZlbnQsXG4gIFNhZmV0eUF1ZGl0RXZlbnRUeXBlLFxuICBBdWRpdExvZ2dlcixcbiAgRGlhbG9nT3B0aW9ucyxcbiAgRGlhbG9nUmVzdWx0LFxufSBmcm9tICdAZG9sbGhvdXNlbWNwL3NhZmV0eSc7XG5cbi8vIEltcG9ydCBmb3Igd3JhcHBpbmcgd2l0aCBEb2xsaG91c2VNQ1AgaW50ZWdyYXRpb25zXG5pbXBvcnQge1xuICBkZXRlcm1pbmVTYWZldHlUaWVyIGFzIGJhc2VEZXRlcm1pbmVTYWZldHlUaWVyLFxuICBjcmVhdGVWZXJpZmljYXRpb25DaGFsbGVuZ2UgYXMgYmFzZUNyZWF0ZVZlcmlmaWNhdGlvbkNoYWxsZW5nZSxcbiAgY3JlYXRlRGFuZ2VyWm9uZU9wZXJhdGlvbiBhcyBiYXNlQ3JlYXRlRGFuZ2VyWm9uZU9wZXJhdGlvbixcbiAgREVGQVVMVF9TQUZFVFlfQ09ORklHLFxufSBmcm9tICdAZG9sbGhvdXNlbWNwL3NhZmV0eSc7XG5cbmltcG9ydCB0eXBlIHtcbiAgU2FmZXR5Q29uZmlnLFxuICBTYWZldHlUaWVyUmVzdWx0LFxuICBFeGVjdXRpb25Db250ZXh0LFxuICBWZXJpZmljYXRpb25DaGFsbGVuZ2VUeXBlLFxuICBWZXJpZmljYXRpb25DaGFsbGVuZ2UsXG4gIERhbmdlclpvbmVPcGVyYXRpb24sXG59IGZyb20gJ0Bkb2xsaG91c2VtY3Avc2FmZXR5JztcblxuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCB7IFNlY3VyaXR5TW9uaXRvciB9IGZyb20gJy4uLy4uL3NlY3VyaXR5L3NlY3VyaXR5TW9uaXRvci5qcyc7XG5cbi8qKlxuICogRGV0ZXJtaW5lIHRoZSBzYWZldHkgdGllciBiYXNlZCBvbiByaXNrIHNjb3JlLCBzZWN1cml0eSB3YXJuaW5ncywgYW5kIGdvYWwgY29udGVudFxuICpcbiAqIFdyYXBwZXIgdGhhdCBhZGRzIFNlY3VyaXR5TW9uaXRvciBsb2dnaW5nIGZvciBkYW5nZXIgem9uZSB0cmlnZ2Vycy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGRldGVybWluZVNhZmV0eVRpZXIoXG4gIHJpc2tTY29yZTogbnVtYmVyLFxuICBzZWN1cml0eVdhcm5pbmdzOiBzdHJpbmdbXSxcbiAgZ29hbDogc3RyaW5nLFxuICBjb25maWc6IFNhZmV0eUNvbmZpZyA9IERFRkFVTFRfU0FGRVRZX0NPTkZJRyxcbiAgZXhlY3V0aW9uQ29udGV4dD86IEV4ZWN1dGlvbkNvbnRleHRcbik6IFNhZmV0eVRpZXJSZXN1bHQge1xuICBjb25zdCByZXN1bHQgPSBiYXNlRGV0ZXJtaW5lU2FmZXR5VGllcihcbiAgICByaXNrU2NvcmUsXG4gICAgc2VjdXJpdHlXYXJuaW5ncyxcbiAgICBnb2FsLFxuICAgIGNvbmZpZyxcbiAgICBleGVjdXRpb25Db250ZXh0XG4gICk7XG5cbiAgLy8gQWRkIERvbGxob3VzZU1DUC1zcGVjaWZpYyBzZWN1cml0eSBtb25pdG9yaW5nXG4gIGlmIChyZXN1bHQudGllciA9PT0gJ2Rhbmdlcl96b25lJykge1xuICAgIGNvbnN0IGRhbmdlclBhdHRlcm4gPSByZXN1bHQuZmFjdG9ycy5maW5kKChmKSA9PlxuICAgICAgZi5zdGFydHNXaXRoKCdNYXRjaGVzIGRhbmdlciB6b25lIHBhdHRlcm46JylcbiAgICApO1xuICAgIGlmIChkYW5nZXJQYXR0ZXJuKSB7XG4gICAgICBTZWN1cml0eU1vbml0b3IubG9nU2VjdXJpdHlFdmVudCh7XG4gICAgICAgIHR5cGU6ICdEQU5HRVJfWk9ORV9UUklHR0VSRUQnLFxuICAgICAgICBzZXZlcml0eTogJ0hJR0gnLFxuICAgICAgICBzb3VyY2U6ICdTYWZldHlUaWVyU2VydmljZS5kZXRlcm1pbmVTYWZldHlUaWVyJyxcbiAgICAgICAgZGV0YWlsczogYEdvYWwgbWF0Y2hlZCBkYW5nZXIgem9uZSBwYXR0ZXJuOiAke2RhbmdlclBhdHRlcm59YCxcbiAgICAgICAgYWRkaXRpb25hbERhdGE6IHsgZ29hbDogZ29hbC5zdWJzdHJpbmcoMCwgMTAwKSwgbWF0Y2hlZFBhdHRlcm46IGRhbmdlclBhdHRlcm4sIHJpc2tTY29yZSwgZmFjdG9yczogcmVzdWx0LmZhY3RvcnMgfSxcbiAgICAgIH0pO1xuICAgIH1cbiAgfVxuXG4gIHJldHVybiByZXN1bHQ7XG59XG5cbi8qKlxuICogQ3JlYXRlIGEgdmVyaWZpY2F0aW9uIGNoYWxsZW5nZSBmb3IgVkVSSUZZIG9yIERBTkdFUl9aT05FIHRpZXJzXG4gKlxuICogV3JhcHBlciB0aGF0IGFkZHMgRG9sbGhvdXNlTUNQIGxvZ2dlciBpbnRlZ3JhdGlvbi5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNyZWF0ZVZlcmlmaWNhdGlvbkNoYWxsZW5nZShcbiAgcmVhc29uOiBzdHJpbmcsXG4gIGNoYWxsZW5nZVR5cGU6IFZlcmlmaWNhdGlvbkNoYWxsZW5nZVR5cGUgPSAnZGlzcGxheV9jb2RlJyxcbiAgZXhwaXJhdGlvbk1pbnV0ZXM6IG51bWJlciA9IDVcbik6IFZlcmlmaWNhdGlvbkNoYWxsZW5nZSB7XG4gIGNvbnN0IGNoYWxsZW5nZSA9IGJhc2VDcmVhdGVWZXJpZmljYXRpb25DaGFsbGVuZ2UoXG4gICAgcmVhc29uLFxuICAgIGNoYWxsZW5nZVR5cGUsXG4gICAgZXhwaXJhdGlvbk1pbnV0ZXNcbiAgKTtcblxuICBsb2dnZXIuaW5mbygnVmVyaWZpY2F0aW9uIGNoYWxsZW5nZSBjcmVhdGVkJywge1xuICAgIGNoYWxsZW5nZUlkOiBjaGFsbGVuZ2UuY2hhbGxlbmdlSWQsXG4gICAgY2hhbGxlbmdlVHlwZSxcbiAgICByZWFzb24sXG4gICAgZXhwaXJlc0F0OiBjaGFsbGVuZ2UuZXhwaXJlc0F0LFxuICB9KTtcblxuICByZXR1cm4gY2hhbGxlbmdlO1xufVxuXG4vKipcbiAqIENyZWF0ZSBhIGRhbmdlciB6b25lIG9wZXJhdGlvbiByZWNvcmRcbiAqXG4gKiBXcmFwcGVyIHRoYXQgYWRkcyBTZWN1cml0eU1vbml0b3IgbG9nZ2luZy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNyZWF0ZURhbmdlclpvbmVPcGVyYXRpb24oXG4gIG9wZXJhdGlvblR5cGU6IHN0cmluZyxcbiAgcmVhc29uOiBzdHJpbmcsXG4gIGRhbmdlclpvbmVFbmFibGVkOiBib29sZWFuLFxuICBjb25maWc6IFNhZmV0eUNvbmZpZyA9IERFRkFVTFRfU0FGRVRZX0NPTkZJR1xuKTogRGFuZ2VyWm9uZU9wZXJhdGlvbiB7XG4gIGNvbnN0IG9wZXJhdGlvbiA9IGJhc2VDcmVhdGVEYW5nZXJab25lT3BlcmF0aW9uKFxuICAgIG9wZXJhdGlvblR5cGUsXG4gICAgcmVhc29uLFxuICAgIGRhbmdlclpvbmVFbmFibGVkLFxuICAgIGNvbmZpZ1xuICApO1xuXG4gIFNlY3VyaXR5TW9uaXRvci5sb2dTZWN1cml0eUV2ZW50KHtcbiAgICB0eXBlOiAnREFOR0VSX1pPTkVfT1BFUkFUSU9OJyxcbiAgICBzZXZlcml0eTogb3BlcmF0aW9uLmJsb2NrZWQgPyAnSElHSCcgOiAnTUVESVVNJyxcbiAgICBzb3VyY2U6ICdTYWZldHlUaWVyU2VydmljZS5jcmVhdGVEYW5nZXJab25lT3BlcmF0aW9uJyxcbiAgICBkZXRhaWxzOiBgRGFuZ2VyIHpvbmUgb3BlcmF0aW9uICR7b3BlcmF0aW9uLmJsb2NrZWQgPyAnYmxvY2tlZCcgOiAnYWxsb3dlZCB3aXRoIHZlcmlmaWNhdGlvbid9OiAke29wZXJhdGlvblR5cGV9YCxcbiAgICBhZGRpdGlvbmFsRGF0YTogeyBvcGVyYXRpb25UeXBlLCByZWFzb24sIGJsb2NrZWQ6IG9wZXJhdGlvbi5ibG9ja2VkIH0sXG4gIH0pO1xuXG4gIHJldHVybiBvcGVyYXRpb247XG59XG4iXX0=