Skip to content

feat(inventory): add privacy controls for config discovery (#87)#279

Merged
hello-args merged 8 commits into
MCP-Audit:developfrom
sachinML:fix/87-inventory-consent-gate
Jun 17, 2026
Merged

feat(inventory): add privacy controls for config discovery (#87)#279
hello-args merged 8 commits into
MCP-Audit:developfrom
sachinML:fix/87-inventory-consent-gate

Conversation

@sachinML

@sachinML sachinML commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Fixes #87

Summary

  • --redact-paths — replaces home directory with ~ in terminal output and JSON reports
  • --paths-only — lists discovered config file paths without parsing server details
  • --config-path — scopes inventory to a single explicit file instead of auto-discovery
  • Documented inventory privacy model in SECURITY.md

Changes

  • src/mcts/inventory/discoverers.py — added redact_home() helper
  • src/mcts/inventory/runner.pyrun_inventory() accepts optional config_path
  • src/mcts/cli/main.py — three new flags on mcts inventory
  • SECURITY.md — new "Inventory Privacy" section
  • docs/platform/cli.md — documented new flags in options table
  • CHANGELOG.md — added entry
  • tests/test_inventory.py — 4 new tests

Test plan

  • test_redact_home — verifies home path is replaced with ~
  • test_paths_only_returns_tuples — verifies --paths-only discovery output
  • test_config_path_scopes_to_single_file — verifies single-file scoping
  • test_config_path_missing_file_returns_empty — verifies graceful handling of missing file

@sachinML sachinML force-pushed the fix/87-inventory-consent-gate branch from ca3bf1c to d12210b Compare June 16, 2026 16:54
@sachinML sachinML mentioned this pull request Jun 16, 2026
Closed
4 tasks
This was referenced Jun 17, 2026
Open
Open
Open
Open
Open
Open
Open
Open
hello-args added a commit to sachinML/MCPAudit that referenced this pull request Jun 17, 2026
@hello-args
fix(inventory): complete privacy controls for MCP-Audit#87 (PR MCP-Au…
15ed43b 
…dit#279)

- Fix --redact-paths flag, JSON redaction, and InventoryReport kwargs
- Add paths-only flag conflicts, config_path through scan-all
- Harden redact_home; add CLI and unit tests
- Update SECURITY.md, inventory.md, and cli.md
hello-args and others added 2 commits June 17, 2026 23:47
@hello-args @sachinML
fix(inventory): complete privacy controls for MCP-Audit#87 (PR MCP-Au…
9ee8fa7 
…dit#279)

- Fix --redact-paths flag, JSON redaction, and InventoryReport kwargs
- Add paths-only flag conflicts, config_path through scan-all
- Harden redact_home; add CLI and unit tests
- Update SECURITY.md, inventory.md, and cli.md

Co-authored-by: Sachin Kumar Jha <sjha979@gmail.com>
@hello-args
merge branch 'develop' into fix/87-inventory-consent-gate
d1b9e62
@hello-args hello-args force-pushed the fix/87-inventory-consent-gate branch from ea5c883 to d1b9e62 Compare June 17, 2026 18:18
@hello-args hello-args merged commit a058130 into MCP-Audit:develop Jun 17, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY] mcts inventory reads local MCP configs without consent gate

2 participants

@sachinML @hello-args