open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/commands/mcp-baseline-reset.md
Kjell Tore Guttormsen 001df2ebe8 feat(commands): E14 part 3 — /security mcp-baseline-reset slash command 
Wave C step C3: closes E14 with the user-facing reset command.

After a legitimate MCP server upgrade the sticky baseline (added in C1)
becomes a stale "what the tool used to say" anchor and every subsequent
post-mcp-verify advisory will re-flag the change. /security mcp-baseline-reset
lets the user acknowledge the upgrade so the next call seeds a fresh
baseline.

New files:
- scanners/mcp-baseline-reset.mjs — small CLI wrapper around clearBaseline /
  listBaselines. Modes: --list (read-only), --target <name>, no-args (all).
  Outputs JSON summary on stdout. Exit 0 always (idempotent).
- commands/mcp-baseline-reset.md — dispatcher following mcp-inspect.md
  shape. Frontmatter: name=security:mcp-baseline-reset, sonnet model,
  Read/Bash/AskUserQuestion tools. 4-step body (list -> confirm scope
  -> execute -> confirm result).
- tests/scanners/mcp-baseline-reset.test.mjs — 10 CLI tests across
  --list, --target, clear-all, idempotency, history preservation, and
  bare-positional sugar.

Updated:
- commands/security.md — new row in commands table after mcp-inspect.
- CLAUDE.md — new commands-table row + new v7.3.0 narrative section
  describing the baseline schema, cumulative-drift detection, reset
  semantics, and the LLM_SECURITY_MCP_CACHE_FILE override.
- Plugin README.md — new MCP-baseline-reset row in commands table,
  scanner count 12 standalone -> 13 standalone, new "MCP Description
  Drift (E14, v7.3.0)" subsection explaining the sticky baseline,
  cumulative threshold, reset semantics, and env-var override.
- Root marketplace README.md — scanner count 22 -> 23 (10 orchestrated +
  13 standalone), command count 19 -> 20, test count 1511 -> 1768.

Wave C complete: 1738 -> 1768 tests (+30 across C1/C2/C3). Per plan,
Wave C does NOT bump the plugin version — that lands at the wave-bundle
release. The advisory text in post-mcp-verify already references the
new command path so the user has a ready remediation step.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-30 16:49:01 +02:00

2.3 KiB
Raw Blame History

name description allowed-tools model
security:mcp-baseline-reset Reset MCP description baseline cache Read, Bash, AskUserQuestion sonnet

/security mcp-baseline-reset

Reset the sticky description baseline used by post-mcp-verify.mjs for cumulative-drift detection (E14, OWASP MCP05).

Why this matters

The cache stores a per-tool baseline description plus a rolling 10-event history. Cumulative drift is measured as levenshtein(current, baseline) / max(|current|, |baseline|); when the ratio crosses the threshold (default 0.25), post-mcp-verify.mjs emits a MEDIUM mcp-cumulative-drift advisory.

After a legitimate MCP server upgrade the old baseline is stale — every subsequent call will keep tripping the advisory. Reset the baseline once to acknowledge the upgrade. The next MCP invocation will seed a fresh baseline from the new description.

Resetting removes the slow-burn detection window for that server until the new baseline is established. Only do this for upgrades you trust.

Step 1 — List current baselines

Run the listing CLI in read-only mode:

node <plugin-root>/scanners/mcp-baseline-reset.mjs --list

Parse the JSON baselines[] array. If count == 0, report "No baselines stored yet" and stop.

Step 2 — Confirm scope

Use AskUserQuestion to confirm the user's intent:

  • Question: "Reset which baselines?"
  • Options derived from Step 1's output:
    • "All baselines (N tools)" — clears every entry
    • One option per tool, e.g. mcp__tavily__tavily_search
    • "Cancel" — abort

Step 3 — Execute

If the user picked all:

node <plugin-root>/scanners/mcp-baseline-reset.mjs

If the user picked a specific tool:

node <plugin-root>/scanners/mcp-baseline-reset.mjs --target <toolName>

Capture stdout JSON.

Step 4 — Confirm result

Report from the JSON response:

Cleared <cleared> baseline(s):
  - <tool 1>
  - <tool 2>
  ...
Remaining baselines: <remaining>

Add a one-line reminder: "The next MCP call to each cleared tool will seed a fresh baseline from the incoming description."

Notes

  • The CLI exits 0 even when nothing was cleared (idempotent).
  • History entries are preserved across reset for audit purposes.
  • This command does not connect to MCP servers — it only mutates the local cache at ~/.cache/llm-security/mcp-descriptions.json.