feat(static): add React Expo CSP parity by vatsalyagoel · Pull Request #3 · MakerXStudio/CSPAnalyser

vatsalyagoel · 2026-05-16T11:48:07Z

Adds React/Expo static-site CSP support across policy generation, CLI workflows, and MCP tools, including scoped style-src-attr fallback behavior without broad script/style unsafe-inline allowances.

Add React/Expo static profile detection and static hash policy generation behavior
Update policy optimization and scoring for scoped style attribute fallback tradeoffs
Expose static profile controls through CLI commands and documentation
Add MCP parity for cookies, nonce/strict-dynamic controls, hash_static, scoped session comparison, and updated MCP docs
Add focused unit and integration coverage for static, CLI, policy, and MCP behavior

Validation:

npx prettier --check ...
git diff --check
LSP diagnostics on changed MCP TypeScript files
npm run typecheck
npm run build
npm run lint
npm run test (41 files, 1153 tests)

Notes:

No PR template was found.
Excluded from this PR: package-lock.json and internal-docs/csp-is-dead.md.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

vatsalyagoel and others added 10 commits May 16, 2026 21:41

feat(static): detect React Expo static profiles

93c3096

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

feat(static): support React Expo hash policy builds

d8e3321

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

feat(policy): optimize React Expo static policies

66debec

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

feat(policy): score scoped style attribute fallbacks

e66e666

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

feat(cli): expose static profile options

d204091

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

docs(cli): document static profile workflows

8833e1a

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

feat(mcp): add MCP static policy parity

cb92bf1

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

docs(mcp): document MCP parity updates

3c0d29c

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

chore: update package lock dependencies

c8b13f0

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

chore: bump version to 1.3.0

bcd010e

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>

vatsalyagoel merged commit e5224a2 into main May 18, 2026
1 check passed

vatsalyagoel deleted the feature/mcp-static-profile-parity branch May 18, 2026 01:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(static): add React Expo CSP parity#3

feat(static): add React Expo CSP parity#3
vatsalyagoel merged 10 commits into
mainfrom
feature/mcp-static-profile-parity

vatsalyagoel commented May 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

vatsalyagoel commented May 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant