From 493e91538b861c484a0b5fe619c2745da6df8956 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 28 Jul 2025 16:21:49 +0000 Subject: [PATCH 1/2] Initial plan From e4a435cf8adcb5ed96382ac52ccf426cf974981f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 28 Jul 2025 16:46:49 +0000 Subject: [PATCH 2/2] Successfully upgrade Zod to version 4.0.10 with all breaking changes fixed Co-authored-by: ori-gold-px <77228321+ori-gold-px@users.noreply.github.com> --- package-lock.json | 65 ++++++++++++++++----- package.json | 2 +- src/tools/codeDefenderGetHeaderInventory.ts | 8 +-- src/tools/codeDefenderGetIncidents.ts | 8 +-- src/tools/codeDefenderGetScriptInventory.ts | 8 +-- src/tools/getAccountInfo.ts | 8 +-- src/tools/getAttackReportingOvertime.ts | 8 +-- src/tools/getAttackReportingOverview.ts | 8 +-- src/tools/getCustomRules.ts | 4 +- src/tools/getTrafficData.ts | 7 ++- src/types/cyberfraud/customRules.ts | 2 +- src/types/cyberfraud/trafficData.ts | 61 +++++++++---------- 12 files changed, 113 insertions(+), 76 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8c791ed..bc81b45 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11,7 +11,7 @@ "dependencies": { "@modelcontextprotocol/sdk": "^1.16.0", "node-fetch": "^3.3.2", - "zod": "^3.25.67" + "zod": "^4.0.10" }, "bin": { "human-mcp-server": "dist/index.cjs" @@ -1048,6 +1048,16 @@ "mcp-inspector-client": "bin/start.js" } }, + "node_modules/@modelcontextprotocol/inspector-client/node_modules/zod": { + "version": "3.25.76", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, "node_modules/@modelcontextprotocol/inspector-server": { "version": "0.16.2", "resolved": "https://registry.npmjs.org/@modelcontextprotocol/inspector-server/-/inspector-server-0.16.2.tgz", @@ -1065,6 +1075,26 @@ "mcp-inspector-server": "build/index.js" } }, + "node_modules/@modelcontextprotocol/inspector-server/node_modules/zod": { + "version": "3.25.76", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, + "node_modules/@modelcontextprotocol/inspector/node_modules/zod": { + "version": "3.25.76", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, "node_modules/@modelcontextprotocol/sdk": { "version": "1.17.0", "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.17.0.tgz", @@ -1097,6 +1127,24 @@ "node": ">=16.20.0" } }, + "node_modules/@modelcontextprotocol/sdk/node_modules/zod": { + "version": "3.25.76", + "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz", + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/colinhacks" + } + }, + "node_modules/@modelcontextprotocol/sdk/node_modules/zod-to-json-schema": { + "version": "3.24.6", + "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.6.tgz", + "integrity": "sha512-h/z3PKvcTcTetyjl1fkj79MHNEjm+HpD6NXheWjzOekY7kV+lwDYnHw+ivHkijnCSMz1yJaWBD9vu/Fcmk+vEg==", + "license": "ISC", + "peerDependencies": { + "zod": "^3.24.1" + } + }, "node_modules/@nodelib/fs.scandir": { "version": "2.1.5", "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", @@ -7675,22 +7723,13 @@ } }, "node_modules/zod": { - "version": "3.25.67", - "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.67.tgz", - "integrity": "sha512-idA2YXwpCdqUSKRCACDE6ItZD9TZzy3OZMtpfLoh6oPR47lipysRrJfjzMqFxQ3uJuUPyUeWe1r9vLH33xO/Qw==", + "version": "4.0.10", + "resolved": "https://registry.npmjs.org/zod/-/zod-4.0.10.tgz", + "integrity": "sha512-3vB+UU3/VmLL2lvwcY/4RV2i9z/YU0DTV/tDuYjrwmx5WeJ7hwy+rGEEx8glHp6Yxw7ibRbKSaIFBgReRPe5KA==", "license": "MIT", "funding": { "url": "https://github.com/sponsors/colinhacks" } - }, - "node_modules/zod-to-json-schema": { - "version": "3.24.5", - "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.24.5.tgz", - "integrity": "sha512-/AuWwMP+YqiPbsJx5D6TfgRTc4kTLjsh5SOcd4bLsfUg2RcEXrFMJl1DGgdHy2aCfsIA/cr/1JM0xcB2GZji8g==", - "license": "ISC", - "peerDependencies": { - "zod": "^3.24.1" - } } } } diff --git a/package.json b/package.json index bd27f85..36b4524 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ "dependencies": { "@modelcontextprotocol/sdk": "^1.16.0", "node-fetch": "^3.3.2", - "zod": "^3.25.67" + "zod": "^4.0.10" }, "repository": { "type": "git", diff --git a/src/tools/codeDefenderGetHeaderInventory.ts b/src/tools/codeDefenderGetHeaderInventory.ts index dc9cd05..5bd5391 100644 --- a/src/tools/codeDefenderGetHeaderInventory.ts +++ b/src/tools/codeDefenderGetHeaderInventory.ts @@ -94,15 +94,15 @@ export function registerCodeDefenderGetHeaderInventory(server: McpServer, codeDe - Executive reporting with quantifiable security metrics Response provides detailed security header intelligence optimized for PCI DSS compliance, security posture assessment, and operational governance with comprehensive policy validation and configuration analysis.`, - inputSchema: CodeDefenderHeaderInventoryInputSchema.shape, - outputSchema: makeStructuredResponseSchema(CodeDefenderGetHeaderInventoryOutputSchema).shape, + inputSchema: CodeDefenderHeaderInventoryInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(CodeDefenderGetHeaderInventoryOutputSchema).shape as any, annotations: { title: 'HUMAN Get Code Defender Header Inventory', readOnlyHint: true, openWorldHint: true, }, }, - async (params: CodeDefenderHeaderInventoryParams) => - mcpToolHandler(async () => codeDefenderService.getCodeDefenderHeaderInventory(params)), + (async (params: CodeDefenderHeaderInventoryParams, extra: any) => + mcpToolHandler(async () => codeDefenderService.getCodeDefenderHeaderInventory(params))) as any, ); } diff --git a/src/tools/codeDefenderGetIncidents.ts b/src/tools/codeDefenderGetIncidents.ts index 4768efb..ca4f62f 100644 --- a/src/tools/codeDefenderGetIncidents.ts +++ b/src/tools/codeDefenderGetIncidents.ts @@ -90,15 +90,15 @@ export function registerCodeDefenderGetIncidents(server: McpServer, codeDefender - Page type correlation for sensitive area protection validation Response provides detailed incident intelligence optimized for security operations, incident response, compliance monitoring, and forensic investigation with actionable threat indicators and comprehensive attack attribution.`, - inputSchema: CodeDefenderIncidentsInputSchema.shape, - outputSchema: makeStructuredResponseSchema(CodeDefenderGetIncidentsOutputSchema).shape, + inputSchema: CodeDefenderIncidentsInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(CodeDefenderGetIncidentsOutputSchema).shape as any, annotations: { title: 'HUMAN Get Code Defender Incidents', readOnlyHint: true, openWorldHint: true, }, }, - async (params: CodeDefenderIncidentsParams) => - mcpToolHandler(async () => codeDefenderService.getCodeDefenderIncidents(params)), + (async (params: CodeDefenderIncidentsParams, extra: any) => + mcpToolHandler(async () => codeDefenderService.getCodeDefenderIncidents(params))) as any, ); } diff --git a/src/tools/codeDefenderGetScriptInventory.ts b/src/tools/codeDefenderGetScriptInventory.ts index 2a3c0d5..48924e9 100644 --- a/src/tools/codeDefenderGetScriptInventory.ts +++ b/src/tools/codeDefenderGetScriptInventory.ts @@ -94,15 +94,15 @@ export function registerCodeDefenderGetScriptInventory(server: McpServer, codeDe - Executive reporting with quantifiable security metrics Response provides detailed script intelligence optimized for PCI DSS compliance, supply chain security management, and operational governance with comprehensive risk assessment and vendor attribution.`, - inputSchema: CodeDefenderScriptInventoryInputSchema.shape, - outputSchema: makeStructuredResponseSchema(CodeDefenderGetScriptInventoryOutputSchema).shape, + inputSchema: CodeDefenderScriptInventoryInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(CodeDefenderGetScriptInventoryOutputSchema).shape as any, annotations: { title: 'HUMAN Get Code Defender Script Inventory', readOnlyHint: true, openWorldHint: true, }, }, - async (params: CodeDefenderScriptInventoryParams) => - mcpToolHandler(async () => codeDefenderService.getCodeDefenderScriptInventory(params)), + (async (params: CodeDefenderScriptInventoryParams, extra: any) => + mcpToolHandler(async () => codeDefenderService.getCodeDefenderScriptInventory(params))) as any, ); } diff --git a/src/tools/getAccountInfo.ts b/src/tools/getAccountInfo.ts index 0a3d09e..4bf9f0b 100644 --- a/src/tools/getAccountInfo.ts +++ b/src/tools/getAccountInfo.ts @@ -80,15 +80,15 @@ Key Features: • Sensitive transaction pattern analysis and fraud detection Response provides detailed account intelligence optimized for incident response, fraud investigation, customer support, and compliance auditing with actionable threat indicators and comprehensive security assessment.`, - inputSchema: CyberfraudAccountInfoInputSchema.shape, - outputSchema: makeStructuredResponseSchema(CyberfraudAccountInfoOutputSchema).shape, + inputSchema: CyberfraudAccountInfoInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(CyberfraudAccountInfoOutputSchema).shape as any, annotations: { title: 'HUMAN Get Account Info', readOnlyHint: true, openWorldHint: true, }, }, - async (params: CyberfraudAccountInfoInput) => - mcpToolHandler(async () => cyberfraudService.getAccountInfo(params)), + (async (params: CyberfraudAccountInfoInput, extra: any) => + mcpToolHandler(async () => cyberfraudService.getAccountInfo(params))) as any, ); } diff --git a/src/tools/getAttackReportingOvertime.ts b/src/tools/getAttackReportingOvertime.ts index 683069d..c1a125b 100644 --- a/src/tools/getAttackReportingOvertime.ts +++ b/src/tools/getAttackReportingOvertime.ts @@ -94,15 +94,15 @@ export function registerCyberfraudGetAttackReportingOvertime(server: McpServer, - Correlate with external events or system changes Response provides time-series attack intelligence optimized for temporal analysis, incident response, and security operations center monitoring with quantifiable attack progression metrics.`, - inputSchema: CyberfraudOvertimeInputSchema.shape, - outputSchema: makeStructuredResponseSchema(CyberfraudOvertimeOutputSchema).shape, + inputSchema: CyberfraudOvertimeInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(CyberfraudOvertimeOutputSchema).shape as any, annotations: { title: 'HUMAN Get Attack Reporting Overtime', readOnlyHint: true, openWorldHint: true, }, }, - async (params: CyberfraudOvertimeParams) => - mcpToolHandler(async () => cyberfraudService.getAttackReportingOvertime(params)), + (async (params: CyberfraudOvertimeParams, extra: any) => + mcpToolHandler(async () => cyberfraudService.getAttackReportingOvertime(params))) as any, ); } diff --git a/src/tools/getAttackReportingOverview.ts b/src/tools/getAttackReportingOverview.ts index 7d66afe..8283340 100644 --- a/src/tools/getAttackReportingOverview.ts +++ b/src/tools/getAttackReportingOverview.ts @@ -80,15 +80,15 @@ export function registerCyberfraudGetAttackReportingOverview(server: McpServer, 4. PAGINATE: Use page/pageSize to explore large datasets efficiently Response provides detailed cluster intelligence optimized for incident response, threat hunting, and security analysis with actionable threat indicators and comprehensive attack attribution.`, - inputSchema: CyberfraudOverviewInputSchema.shape, - outputSchema: makeStructuredResponseSchema(CyberfraudOverviewOutputSchema).shape, + inputSchema: CyberfraudOverviewInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(CyberfraudOverviewOutputSchema).shape as any, annotations: { title: 'HUMAN Get Attack Reporting Overview', readOnlyHint: true, openWorldHint: true, }, }, - async (params: CyberfraudOverviewParams) => - mcpToolHandler(async () => cyberfraudService.getAttackReportingOverview(params)), + (async (params: CyberfraudOverviewParams, extra: any) => + mcpToolHandler(async () => cyberfraudService.getAttackReportingOverview(params))) as any, ); } diff --git a/src/tools/getCustomRules.ts b/src/tools/getCustomRules.ts index 080e700..7413eb6 100644 --- a/src/tools/getCustomRules.ts +++ b/src/tools/getCustomRules.ts @@ -85,13 +85,13 @@ export function registerCyberfraudGetCustomRules(server: McpServer, cyberfraudSe Response provides complete custom security rule inventory optimized for policy management, compliance auditing, security posture assessment, and operational monitoring with detailed rule metadata and configuration analysis.`, inputSchema: {}, - outputSchema: makeStructuredResponseSchema(CyberfraudCustomRulesOutputSchema).shape, + outputSchema: makeStructuredResponseSchema(CyberfraudCustomRulesOutputSchema).shape as any, annotations: { title: 'HUMAN Get Custom Rules', readOnlyHint: true, openWorldHint: true, }, }, - async () => mcpToolHandler(async () => cyberfraudService.getCustomRules()), + (async (extra: any) => mcpToolHandler(async () => cyberfraudService.getCustomRules())) as any, ); } diff --git a/src/tools/getTrafficData.ts b/src/tools/getTrafficData.ts index 7f9c18a..64f1b2b 100644 --- a/src/tools/getTrafficData.ts +++ b/src/tools/getTrafficData.ts @@ -75,14 +75,15 @@ CORRECT USAGE: • "source": Platform filter (web/mobile) Response provides structured data optimized for security dashboards, threat analysis, and executive reporting with quantifiable metrics and actionable intelligence.`, - inputSchema: TrafficDataInputSchema.shape, - outputSchema: makeStructuredResponseSchema(TrafficDataOutputSchema).shape, + inputSchema: TrafficDataInputSchema.shape as any, + outputSchema: makeStructuredResponseSchema(TrafficDataOutputSchema).shape as any, annotations: { title: 'HUMAN Get Traffic Data', readOnlyHint: true, openWorldHint: true, }, }, - async (params: TrafficDataInput) => mcpToolHandler(async () => cyberfraudService.getTrafficData(params)), + (async (params: TrafficDataInput, extra: any) => + mcpToolHandler(async () => cyberfraudService.getTrafficData(params))) as any, ); } diff --git a/src/types/cyberfraud/customRules.ts b/src/types/cyberfraud/customRules.ts index cd4f2b5..4ec0f20 100644 --- a/src/types/cyberfraud/customRules.ts +++ b/src/types/cyberfraud/customRules.ts @@ -27,7 +27,7 @@ export const CyberfraudCustomRuleSchema = z '📝 RULE DOCUMENTATION: Detailed explanation of rule purpose, business justification, and context. Critical for compliance auditing, knowledge transfer, and policy maintenance. May be empty for legacy rules.', ), conditions: z - .record(z.any()) + .record(z.string(), z.unknown()) .optional() .describe( '🎯 MATCHING LOGIC: Complex conditional structure defining when rule applies. Contains operator-based logic ($and, $or, $eq, $in, $re) with conditionType specifications (socketIps, userAgent, path, domain, socketIpASN). Critical for understanding rule scope and impact analysis.', diff --git a/src/types/cyberfraud/trafficData.ts b/src/types/cyberfraud/trafficData.ts index e98c146..7b6dd82 100644 --- a/src/types/cyberfraud/trafficData.ts +++ b/src/types/cyberfraud/trafficData.ts @@ -1,27 +1,28 @@ import { z } from 'zod'; import { DATE_FORMAT_EXAMPLE_END, DATE_FORMAT_EXAMPLE_START } from '../../utils/constants'; -export const TrafficDataSourceEnum = z.enum(['web', 'mobile'], { - description: +export const TrafficDataSourceEnum = z + .enum(['web', 'mobile']) + .describe( 'Platform filter: ["web"], ["mobile"], or ["web","mobile"]. NOTE: Mobile traffic may be minimal/absent in some environments (observed 99.999% web dominance). Use both for complete coverage, individual for platform-specific analysis.', -}); -export const TrafficDataOvertimeEnum = z.enum( - ['legitimate', 'blocked', 'potentialBlock', 'whitelist', 'blacklist', 'goodKnownBots', 'captchaSolved'], - { - description: - 'TIME-SERIES ANALYSIS: Returns intervals with ~20min timestamps for trend visualization. ❌ MUTUALLY EXCLUSIVE with "count" parameter. 🚨 CRITICAL: DO NOT combine with "tops" - causes misleading aggregation with all data front-loaded into first interval. ✅ BEST FOR: Attack timelines, trend charts, pattern detection. EXAMPLE: {"overtime": ["blocked"]} → Attack volume over time. COMBINE WITH: filters for focus, but NEVER with "tops".', - }, -); -export const TrafficDataTopsEnum = z.enum(['incidents', 'path'], { - description: + ); +export const TrafficDataOvertimeEnum = z + .enum(['legitimate', 'blocked', 'potentialBlock', 'whitelist', 'blacklist', 'goodKnownBots', 'captchaSolved']) + .describe( + 'TIME-SERIES ANALYSIS: Returns intervals with ~20min timestamps for trend visualization. ❌ MUTUALLY EXCLUSIVE with "count" parameter. 🚨 CRITICAL: DO NOT combine with "tops" - causes misleading aggregation with all data front-loaded into first interval. ✅ BEST FOR: Attack timelines, trend charts, pattern detection. EXAMPLE: {"overtime": ["blocked"]} → Attack volume over time. COMBINE WITH: filters for focus, but NEVER with "tops".', + ); +export const TrafficDataTopsEnum = z + .enum(['incidents', 'path']) + .describe( '🔄 RESPONSE TRANSFORMER: Completely changes response structure from aggregates to detailed breakdowns. 🚨 CRITICAL: DO NOT combine with "overtime" - causes misleading aggregation where all historical data appears in first interval with zeros after. ⚠️ CRITICAL INSIGHTS: "incidents" reveals attack classification (Bot Behavior, Spoof, Bad Reputation, etc.), "path" shows URL-specific targeting. WITHOUT tops: Aggregate totals. WITH tops: Individual breakdowns per category. ✅ SAFE USAGE: Combine with "count" only.', -}); -export const TrafficDataTrafficEnum = z.enum(['blocked', 'blacklist', 'potentialBlock'], { - description: + ); +export const TrafficDataTrafficEnum = z + .enum(['blocked', 'blacklist', 'potentialBlock']) + .describe( 'SECURITY-ONLY FILTER: Shows EXCLUSIVELY blocked/suspicious traffic. COMPLEMENTS count/overtime metrics, does NOT replace them. ✅ USE CASE: Pure security analysis, threat-focused reporting. EXCLUDES: All legitimate traffic. COMBINE WITH: Any count/overtime metrics for security-centric view.', -}); -export const TrafficDataPageTypeEnum = z.enum( - [ + ); +export const TrafficDataPageTypeEnum = z + .enum([ 'login', 'login_attempt', 'checkout', @@ -32,14 +33,12 @@ export const TrafficDataPageTypeEnum = z.enum( 'apiCall', 'resource', 'mobileUserAgents', - ], - { - description: - 'PAGE TYPE FILTER: Focuses analysis on specific user journeys. ⚠️ SCOPE WARNING: Very restrictive (observed 87% data reduction). USE CASES: Login security analysis, checkout protection, API endpoint monitoring. COMBINE WITH: Security metrics for targeted threat analysis.', - }, -); -export const TrafficDataCountEnum = z.enum( - [ + ]) + .describe( + 'PAGE TYPE FILTER: Focuses analysis on specific user journeys. ⚠️ SCOPE WARNING: Very restrictive (observed 87% data reduction). USE CASES: Login security analysis, checkout protection, API endpoint monitoring. COMBINE WITH: Security metrics for targeted threat analysis.', + ); +export const TrafficDataCountEnum = z + .enum([ 'legitimate', 'potentialBlock', 'blocked', @@ -49,12 +48,10 @@ export const TrafficDataCountEnum = z.enum( 'captchaSolved', 'mobile', 'web', - ], - { - description: - 'AGGREGATE ANALYSIS: Returns total counts across entire time range. ❌ MUTUALLY EXCLUSIVE with "overtime" parameter. ⚠️ LIMITATION: Will NOT return path breakdowns even with tops=["path"] - returns aggregate totals only. ✅ BEST FOR: Dashboards, KPIs, executive summaries. EXAMPLE: {"count": ["legitimate", "blocked"]} → Simple totals.', - }, -); + ]) + .describe( + 'AGGREGATE ANALYSIS: Returns total counts across entire time range. ❌ MUTUALLY EXCLUSIVE with "overtime" parameter. ⚠️ LIMITATION: Will NOT return path breakdowns even with tops=["path"] - returns aggregate totals only. ✅ BEST FOR: Dashboards, KPIs, executive summaries. EXAMPLE: {"count": ["legitimate", "blocked"]} → Simple totals.', + ); export const TrafficDataMetricsEnrichmentSchema = z .object({