Skip to content

Commit b3ab6e5

Browse files
docs(oas): regenerate OpenAPI for scanner_fetch_package_source field (MCP-2206)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
1 parent a829d5a commit b3ab6e5

2 files changed

Lines changed: 21 additions & 1 deletion

File tree

oas/docs.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

oas/swagger.yaml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -567,6 +567,26 @@ components:
567567
is small. The preferred fix remains replacing snap docker with a
568568
distro-packaged docker.
569569
type: boolean
570+
scanner_fetch_package_source:
571+
description: |-
572+
ScannerFetchPackageSource controls whether the scanner fetches the
573+
PUBLISHED source of package-runner servers (npx/uvx) — without executing
574+
it — when no local source is available (no Docker container, no local
575+
package cache, no working_dir). This is the primary quarantine/scan
576+
target: a quarantined-on-add server is never run locally, so without this
577+
the scan degrades to tool-definitions-only (no real source-level
578+
analysis). See MCP-2206.
579+
580+
Fetching uses `npm pack` (npm) and `uv pip download` / `pip download`
581+
(Python), which only download + unpack archives and NEVER run install,
582+
build, or setup.py — a scanner must not execute the untrusted code it is
583+
scanning. Extraction is hardened against path traversal and
584+
decompression bombs.
585+
586+
Default (nil) is ENABLED. Set to false on air-gapped deployments to
587+
forbid the scanner's network egress; such servers then fall back to the
588+
tool-definitions-only scan with no regression.
589+
type: boolean
570590
scanner_registry_url:
571591
type: string
572592
type: object

0 commit comments

Comments
 (0)