@dollhousemcp/mcp-server
Version:
DollhouseMCP - A Model Context Protocol (MCP) server that enables dynamic AI persona management from markdown files, allowing Claude and other compatible AI assistants to activate and switch between different behavioral personas.
70 lines • 12 kB
JavaScript
/**
* Safety Tier Service
*
* Wrapper around @dollhousemcp/safety that adds DollhouseMCP-specific
* integrations (logger, SecurityMonitor).
*
* Part of the Tiered Safety System (RFC #97).
*
* @since v2.0.0
*/
// Re-export core types and functions from the standalone package
export { matchesDangerZonePattern, hasCriticalSecurityViolations, generateDisplayCode, createConfirmationRequest, createExecutionContext, VerificationStore, showVerificationDialog, isDialogAvailable, defaultAuditLogger, consoleAuditLogger, createAuditLogger, DEFAULT_SAFETY_CONFIG, } from '@dollhousemcp/safety';
// Import for wrapping with DollhouseMCP integrations
import { determineSafetyTier as baseDetermineSafetyTier, createVerificationChallenge as baseCreateVerificationChallenge, createDangerZoneOperation as baseCreateDangerZoneOperation, DEFAULT_SAFETY_CONFIG, } from '@dollhousemcp/safety';
import { logger } from '../../utils/logger.js';
import { SecurityMonitor } from '../../security/securityMonitor.js';
/**
* Determine the safety tier based on risk score, security warnings, and goal content
*
* Wrapper that adds SecurityMonitor logging for danger zone triggers.
*/
export function determineSafetyTier(riskScore, securityWarnings, goal, config = DEFAULT_SAFETY_CONFIG, executionContext) {
const result = baseDetermineSafetyTier(riskScore, securityWarnings, goal, config, executionContext);
// Add DollhouseMCP-specific security monitoring
if (result.tier === 'danger_zone') {
const dangerPattern = result.factors.find((f) => f.startsWith('Matches danger zone pattern:'));
if (dangerPattern) {
SecurityMonitor.logSecurityEvent({
type: 'DANGER_ZONE_TRIGGERED',
severity: 'HIGH',
source: 'SafetyTierService.determineSafetyTier',
details: `Goal matched danger zone pattern: ${dangerPattern}`,
additionalData: { goal: goal.substring(0, 100), matchedPattern: dangerPattern, riskScore, factors: result.factors },
});
}
}
return result;
}
/**
* Create a verification challenge for VERIFY or DANGER_ZONE tiers
*
* Wrapper that adds DollhouseMCP logger integration.
*/
export function createVerificationChallenge(reason, challengeType = 'display_code', expirationMinutes = 5) {
const challenge = baseCreateVerificationChallenge(reason, challengeType, expirationMinutes);
logger.info('Verification challenge created', {
challengeId: challenge.challengeId,
challengeType,
reason,
expiresAt: challenge.expiresAt,
});
return challenge;
}
/**
* Create a danger zone operation record
*
* Wrapper that adds SecurityMonitor logging.
*/
export function createDangerZoneOperation(operationType, reason, dangerZoneEnabled, config = DEFAULT_SAFETY_CONFIG) {
const operation = baseCreateDangerZoneOperation(operationType, reason, dangerZoneEnabled, config);
SecurityMonitor.logSecurityEvent({
type: 'DANGER_ZONE_OPERATION',
severity: operation.blocked ? 'HIGH' : 'MEDIUM',
source: 'SafetyTierService.createDangerZoneOperation',
details: `Danger zone operation ${operation.blocked ? 'blocked' : 'allowed with verification'}: ${operationType}`,
additionalData: { operationType, reason, blocked: operation.blocked },
});
return operation;
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2FmZXR5VGllclNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvZWxlbWVudHMvYWdlbnRzL3NhZmV0eVRpZXJTZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOzs7Ozs7Ozs7R0FTRztBQUVILGlFQUFpRTtBQUNqRSxPQUFPLEVBQ0wsd0JBQXdCLEVBQ3hCLDZCQUE2QixFQUM3QixtQkFBbUIsRUFDbkIseUJBQXlCLEVBQ3pCLHNCQUFzQixFQUN0QixpQkFBaUIsRUFDakIsc0JBQXNCLEVBQ3RCLGlCQUFpQixFQUNqQixrQkFBa0IsRUFDbEIsa0JBQWtCLEVBQ2xCLGlCQUFpQixFQUNqQixxQkFBcUIsR0FDdEIsTUFBTSxzQkFBc0IsQ0FBQztBQW1COUIscURBQXFEO0FBQ3JELE9BQU8sRUFDTCxtQkFBbUIsSUFBSSx1QkFBdUIsRUFDOUMsMkJBQTJCLElBQUksK0JBQStCLEVBQzlELHlCQUF5QixJQUFJLDZCQUE2QixFQUMxRCxxQkFBcUIsR0FDdEIsTUFBTSxzQkFBc0IsQ0FBQztBQVc5QixPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDL0MsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBRXBFOzs7O0dBSUc7QUFDSCxNQUFNLFVBQVUsbUJBQW1CLENBQ2pDLFNBQWlCLEVBQ2pCLGdCQUEwQixFQUMxQixJQUFZLEVBQ1osU0FBdUIscUJBQXFCLEVBQzVDLGdCQUFtQztJQUVuQyxNQUFNLE1BQU0sR0FBRyx1QkFBdUIsQ0FDcEMsU0FBUyxFQUNULGdCQUFnQixFQUNoQixJQUFJLEVBQ0osTUFBTSxFQUNOLGdCQUFnQixDQUNqQixDQUFDO0lBRUYsZ0RBQWdEO0lBQ2hELElBQUksTUFBTSxDQUFDLElBQUksS0FBSyxhQUFhLEVBQUUsQ0FBQztRQUNsQyxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQzlDLENBQUMsQ0FBQyxVQUFVLENBQUMsOEJBQThCLENBQUMsQ0FDN0MsQ0FBQztRQUNGLElBQUksYUFBYSxFQUFFLENBQUM7WUFDbEIsZUFBZSxDQUFDLGdCQUFnQixDQUFDO2dCQUMvQixJQUFJLEVBQUUsdUJBQXVCO2dCQUM3QixRQUFRLEVBQUUsTUFBTTtnQkFDaEIsTUFBTSxFQUFFLHVDQUF1QztnQkFDL0MsT0FBTyxFQUFFLHFDQUFxQyxhQUFhLEVBQUU7Z0JBQzdELGNBQWMsRUFBRSxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxHQUFHLENBQUMsRUFBRSxjQUFjLEVBQUUsYUFBYSxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRTthQUNwSCxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxVQUFVLDJCQUEyQixDQUN6QyxNQUFjLEVBQ2QsZ0JBQTJDLGNBQWMsRUFDekQsb0JBQTRCLENBQUM7SUFFN0IsTUFBTSxTQUFTLEdBQUcsK0JBQStCLENBQy9DLE1BQU0sRUFDTixhQUFhLEVBQ2IsaUJBQWlCLENBQ2xCLENBQUM7SUFFRixNQUFNLENBQUMsSUFBSSxDQUFDLGdDQUFnQyxFQUFFO1FBQzVDLFdBQVcsRUFBRSxTQUFTLENBQUMsV0FBVztRQUNsQyxhQUFhO1FBQ2IsTUFBTTtRQUNOLFNBQVMsRUFBRSxTQUFTLENBQUMsU0FBUztLQUMvQixDQUFDLENBQUM7SUFFSCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILE1BQU0sVUFBVSx5QkFBeUIsQ0FDdkMsYUFBcUIsRUFDckIsTUFBYyxFQUNkLGlCQUEwQixFQUMxQixTQUF1QixxQkFBcUI7SUFFNUMsTUFBTSxTQUFTLEdBQUcsNkJBQTZCLENBQzdDLGFBQWEsRUFDYixNQUFNLEVBQ04saUJBQWlCLEVBQ2pCLE1BQU0sQ0FDUCxDQUFDO0lBRUYsZUFBZSxDQUFDLGdCQUFnQixDQUFDO1FBQy9CLElBQUksRUFBRSx1QkFBdUI7UUFDN0IsUUFBUSxFQUFFLFNBQVMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsUUFBUTtRQUMvQyxNQUFNLEVBQUUsNkNBQTZDO1FBQ3JELE9BQU8sRUFBRSx5QkFBeUIsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQywyQkFBMkIsS0FBSyxhQUFhLEVBQUU7UUFDakgsY0FBYyxFQUFFLEVBQUUsYUFBYSxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxDQUFDLE9BQU8sRUFBRTtLQUN0RSxDQUFDLENBQUM7SUFFSCxPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiBTYWZldHkgVGllciBTZXJ2aWNlXG4gKlxuICogV3JhcHBlciBhcm91bmQgQGRvbGxob3VzZW1jcC9zYWZldHkgdGhhdCBhZGRzIERvbGxob3VzZU1DUC1zcGVjaWZpY1xuICogaW50ZWdyYXRpb25zIChsb2dnZXIsIFNlY3VyaXR5TW9uaXRvcikuXG4gKlxuICogUGFydCBvZiB0aGUgVGllcmVkIFNhZmV0eSBTeXN0ZW0gKFJGQyAjOTcpLlxuICpcbiAqIEBzaW5jZSB2Mi4wLjBcbiAqL1xuXG4vLyBSZS1leHBvcnQgY29yZSB0eXBlcyBhbmQgZnVuY3Rpb25zIGZyb20gdGhlIHN0YW5kYWxvbmUgcGFja2FnZVxuZXhwb3J0IHtcbiAgbWF0Y2hlc0RhbmdlclpvbmVQYXR0ZXJuLFxuICBoYXNDcml0aWNhbFNlY3VyaXR5VmlvbGF0aW9ucyxcbiAgZ2VuZXJhdGVEaXNwbGF5Q29kZSxcbiAgY3JlYXRlQ29uZmlybWF0aW9uUmVxdWVzdCxcbiAgY3JlYXRlRXhlY3V0aW9uQ29udGV4dCxcbiAgVmVyaWZpY2F0aW9uU3RvcmUsXG4gIHNob3dWZXJpZmljYXRpb25EaWFsb2csXG4gIGlzRGlhbG9nQXZhaWxhYmxlLFxuICBkZWZhdWx0QXVkaXRMb2dnZXIsXG4gIGNvbnNvbGVBdWRpdExvZ2dlcixcbiAgY3JlYXRlQXVkaXRMb2dnZXIsXG4gIERFRkFVTFRfU0FGRVRZX0NPTkZJRyxcbn0gZnJvbSAnQGRvbGxob3VzZW1jcC9zYWZldHknO1xuXG5leHBvcnQgdHlwZSB7XG4gIFNhZmV0eVRpZXIsXG4gIFZlcmlmaWNhdGlvbkNoYWxsZW5nZVR5cGUsXG4gIFNhZmV0eUNvbmZpZyxcbiAgVmVyaWZpY2F0aW9uQ2hhbGxlbmdlLFxuICBDb25maXJtYXRpb25SZXF1ZXN0LFxuICBEYW5nZXJab25lT3BlcmF0aW9uLFxuICBFeGVjdXRpb25Db250ZXh0LFxuICBTYWZldHlUaWVyUmVzdWx0LFxuICBTdG9yZWRDaGFsbGVuZ2UsXG4gIFNhZmV0eUF1ZGl0RXZlbnQsXG4gIFNhZmV0eUF1ZGl0RXZlbnRUeXBlLFxuICBBdWRpdExvZ2dlcixcbiAgRGlhbG9nT3B0aW9ucyxcbiAgRGlhbG9nUmVzdWx0LFxufSBmcm9tICdAZG9sbGhvdXNlbWNwL3NhZmV0eSc7XG5cbi8vIEltcG9ydCBmb3Igd3JhcHBpbmcgd2l0aCBEb2xsaG91c2VNQ1AgaW50ZWdyYXRpb25zXG5pbXBvcnQge1xuICBkZXRlcm1pbmVTYWZldHlUaWVyIGFzIGJhc2VEZXRlcm1pbmVTYWZldHlUaWVyLFxuICBjcmVhdGVWZXJpZmljYXRpb25DaGFsbGVuZ2UgYXMgYmFzZUNyZWF0ZVZlcmlmaWNhdGlvbkNoYWxsZW5nZSxcbiAgY3JlYXRlRGFuZ2VyWm9uZU9wZXJhdGlvbiBhcyBiYXNlQ3JlYXRlRGFuZ2VyWm9uZU9wZXJhdGlvbixcbiAgREVGQVVMVF9TQUZFVFlfQ09ORklHLFxufSBmcm9tICdAZG9sbGhvdXNlbWNwL3NhZmV0eSc7XG5cbmltcG9ydCB0eXBlIHtcbiAgU2FmZXR5Q29uZmlnLFxuICBTYWZldHlUaWVyUmVzdWx0LFxuICBFeGVjdXRpb25Db250ZXh0LFxuICBWZXJpZmljYXRpb25DaGFsbGVuZ2VUeXBlLFxuICBWZXJpZmljYXRpb25DaGFsbGVuZ2UsXG4gIERhbmdlclpvbmVPcGVyYXRpb24sXG59IGZyb20gJ0Bkb2xsaG91c2VtY3Avc2FmZXR5JztcblxuaW1wb3J0IHsgbG9nZ2VyIH0gZnJvbSAnLi4vLi4vdXRpbHMvbG9nZ2VyLmpzJztcbmltcG9ydCB7IFNlY3VyaXR5TW9uaXRvciB9IGZyb20gJy4uLy4uL3NlY3VyaXR5L3NlY3VyaXR5TW9uaXRvci5qcyc7XG5cbi8qKlxuICogRGV0ZXJtaW5lIHRoZSBzYWZldHkgdGllciBiYXNlZCBvbiByaXNrIHNjb3JlLCBzZWN1cml0eSB3YXJuaW5ncywgYW5kIGdvYWwgY29udGVudFxuICpcbiAqIFdyYXBwZXIgdGhhdCBhZGRzIFNlY3VyaXR5TW9uaXRvciBsb2dnaW5nIGZvciBkYW5nZXIgem9uZSB0cmlnZ2Vycy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGRldGVybWluZVNhZmV0eVRpZXIoXG4gIHJpc2tTY29yZTogbnVtYmVyLFxuICBzZWN1cml0eVdhcm5pbmdzOiBzdHJpbmdbXSxcbiAgZ29hbDogc3RyaW5nLFxuICBjb25maWc6IFNhZmV0eUNvbmZpZyA9IERFRkFVTFRfU0FGRVRZX0NPTkZJRyxcbiAgZXhlY3V0aW9uQ29udGV4dD86IEV4ZWN1dGlvbkNvbnRleHRcbik6IFNhZmV0eVRpZXJSZXN1bHQge1xuICBjb25zdCByZXN1bHQgPSBiYXNlRGV0ZXJtaW5lU2FmZXR5VGllcihcbiAgICByaXNrU2NvcmUsXG4gICAgc2VjdXJpdHlXYXJuaW5ncyxcbiAgICBnb2FsLFxuICAgIGNvbmZpZyxcbiAgICBleGVjdXRpb25Db250ZXh0XG4gICk7XG5cbiAgLy8gQWRkIERvbGxob3VzZU1DUC1zcGVjaWZpYyBzZWN1cml0eSBtb25pdG9yaW5nXG4gIGlmIChyZXN1bHQudGllciA9PT0gJ2Rhbmdlcl96b25lJykge1xuICAgIGNvbnN0IGRhbmdlclBhdHRlcm4gPSByZXN1bHQuZmFjdG9ycy5maW5kKChmKSA9PlxuICAgICAgZi5zdGFydHNXaXRoKCdNYXRjaGVzIGRhbmdlciB6b25lIHBhdHRlcm46JylcbiAgICApO1xuICAgIGlmIChkYW5nZXJQYXR0ZXJuKSB7XG4gICAgICBTZWN1cml0eU1vbml0b3IubG9nU2VjdXJpdHlFdmVudCh7XG4gICAgICAgIHR5cGU6ICdEQU5HRVJfWk9ORV9UUklHR0VSRUQnLFxuICAgICAgICBzZXZlcml0eTogJ0hJR0gnLFxuICAgICAgICBzb3VyY2U6ICdTYWZldHlUaWVyU2VydmljZS5kZXRlcm1pbmVTYWZldHlUaWVyJyxcbiAgICAgICAgZGV0YWlsczogYEdvYWwgbWF0Y2hlZCBkYW5nZXIgem9uZSBwYXR0ZXJuOiAke2RhbmdlclBhdHRlcm59YCxcbiAgICAgICAgYWRkaXRpb25hbERhdGE6IHsgZ29hbDogZ29hbC5zdWJzdHJpbmcoMCwgMTAwKSwgbWF0Y2hlZFBhdHRlcm46IGRhbmdlclBhdHRlcm4sIHJpc2tTY29yZSwgZmFjdG9yczogcmVzdWx0LmZhY3RvcnMgfSxcbiAgICAgIH0pO1xuICAgIH1cbiAgfVxuXG4gIHJldHVybiByZXN1bHQ7XG59XG5cbi8qKlxuICogQ3JlYXRlIGEgdmVyaWZpY2F0aW9uIGNoYWxsZW5nZSBmb3IgVkVSSUZZIG9yIERBTkdFUl9aT05FIHRpZXJzXG4gKlxuICogV3JhcHBlciB0aGF0IGFkZHMgRG9sbGhvdXNlTUNQIGxvZ2dlciBpbnRlZ3JhdGlvbi5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNyZWF0ZVZlcmlmaWNhdGlvbkNoYWxsZW5nZShcbiAgcmVhc29uOiBzdHJpbmcsXG4gIGNoYWxsZW5nZVR5cGU6IFZlcmlmaWNhdGlvbkNoYWxsZW5nZVR5cGUgPSAnZGlzcGxheV9jb2RlJyxcbiAgZXhwaXJhdGlvbk1pbnV0ZXM6IG51bWJlciA9IDVcbik6IFZlcmlmaWNhdGlvbkNoYWxsZW5nZSB7XG4gIGNvbnN0IGNoYWxsZW5nZSA9IGJhc2VDcmVhdGVWZXJpZmljYXRpb25DaGFsbGVuZ2UoXG4gICAgcmVhc29uLFxuICAgIGNoYWxsZW5nZVR5cGUsXG4gICAgZXhwaXJhdGlvbk1pbnV0ZXNcbiAgKTtcblxuICBsb2dnZXIuaW5mbygnVmVyaWZpY2F0aW9uIGNoYWxsZW5nZSBjcmVhdGVkJywge1xuICAgIGNoYWxsZW5nZUlkOiBjaGFsbGVuZ2UuY2hhbGxlbmdlSWQsXG4gICAgY2hhbGxlbmdlVHlwZSxcbiAgICByZWFzb24sXG4gICAgZXhwaXJlc0F0OiBjaGFsbGVuZ2UuZXhwaXJlc0F0LFxuICB9KTtcblxuICByZXR1cm4gY2hhbGxlbmdlO1xufVxuXG4vKipcbiAqIENyZWF0ZSBhIGRhbmdlciB6b25lIG9wZXJhdGlvbiByZWNvcmRcbiAqXG4gKiBXcmFwcGVyIHRoYXQgYWRkcyBTZWN1cml0eU1vbml0b3IgbG9nZ2luZy5cbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIGNyZWF0ZURhbmdlclpvbmVPcGVyYXRpb24oXG4gIG9wZXJhdGlvblR5cGU6IHN0cmluZyxcbiAgcmVhc29uOiBzdHJpbmcsXG4gIGRhbmdlclpvbmVFbmFibGVkOiBib29sZWFuLFxuICBjb25maWc6IFNhZmV0eUNvbmZpZyA9IERFRkFVTFRfU0FGRVRZX0NPTkZJR1xuKTogRGFuZ2VyWm9uZU9wZXJhdGlvbiB7XG4gIGNvbnN0IG9wZXJhdGlvbiA9IGJhc2VDcmVhdGVEYW5nZXJab25lT3BlcmF0aW9uKFxuICAgIG9wZXJhdGlvblR5cGUsXG4gICAgcmVhc29uLFxuICAgIGRhbmdlclpvbmVFbmFibGVkLFxuICAgIGNvbmZpZ1xuICApO1xuXG4gIFNlY3VyaXR5TW9uaXRvci5sb2dTZWN1cml0eUV2ZW50KHtcbiAgICB0eXBlOiAnREFOR0VSX1pPTkVfT1BFUkFUSU9OJyxcbiAgICBzZXZlcml0eTogb3BlcmF0aW9uLmJsb2NrZWQgPyAnSElHSCcgOiAnTUVESVVNJyxcbiAgICBzb3VyY2U6ICdTYWZldHlUaWVyU2VydmljZS5jcmVhdGVEYW5nZXJab25lT3BlcmF0aW9uJyxcbiAgICBkZXRhaWxzOiBgRGFuZ2VyIHpvbmUgb3BlcmF0aW9uICR7b3BlcmF0aW9uLmJsb2NrZWQgPyAnYmxvY2tlZCcgOiAnYWxsb3dlZCB3aXRoIHZlcmlmaWNhdGlvbid9OiAke29wZXJhdGlvblR5cGV9YCxcbiAgICBhZGRpdGlvbmFsRGF0YTogeyBvcGVyYXRpb25UeXBlLCByZWFzb24sIGJsb2NrZWQ6IG9wZXJhdGlvbi5ibG9ja2VkIH0sXG4gIH0pO1xuXG4gIHJldHVybiBvcGVyYXRpb247XG59XG4iXX0=