@agent-trust/gateway 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/gateway.d.ts +6 -0
- package/dist/gateway.d.ts.map +1 -1
- package/dist/gateway.js +95 -2
- package/dist/gateway.js.map +1 -1
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -1
- package/dist/index.js.map +1 -1
- package/dist/ml-analyzer.d.ts +121 -0
- package/dist/ml-analyzer.d.ts.map +1 -0
- package/dist/ml-analyzer.js +298 -0
- package/dist/ml-analyzer.js.map +1 -0
- package/dist/types.d.ts +7 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +15 -3
package/dist/gateway.d.ts
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { Router } from 'express';
|
|
2
2
|
import { BehaviorTracker } from './behavior-tracker';
|
|
3
|
+
import { MLBehaviorAnalyzer } from './ml-analyzer';
|
|
3
4
|
import { GatewayConfig } from './types';
|
|
4
5
|
/**
|
|
5
6
|
* AgentGateway — the core class that website owners instantiate.
|
|
@@ -14,12 +15,17 @@ export declare class AgentGateway {
|
|
|
14
15
|
private stationClient;
|
|
15
16
|
private actionRegistry;
|
|
16
17
|
private behaviorTracker;
|
|
18
|
+
private mlAnalyzer;
|
|
17
19
|
private config;
|
|
18
20
|
constructor(config: GatewayConfig);
|
|
19
21
|
/**
|
|
20
22
|
* Get the behavior tracker instance (for monitoring/dashboard).
|
|
21
23
|
*/
|
|
22
24
|
getBehaviorTracker(): BehaviorTracker;
|
|
25
|
+
/**
|
|
26
|
+
* Get the ML analyzer instance (for monitoring/status checks).
|
|
27
|
+
*/
|
|
28
|
+
getMLAnalyzer(): MLBehaviorAnalyzer;
|
|
23
29
|
/**
|
|
24
30
|
* Create and return the Express router for this gateway.
|
|
25
31
|
* Mount it on any path: app.use('/agent-gateway', gateway.router())
|
package/dist/gateway.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EACL,aAAa,EAId,MAAM,SAAS,CAAC;AAEjB;;;;;;;;GAQG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,cAAc,CAAiB;IACvC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,UAAU,CAAqB;IACvC,OAAO,CAAC,MAAM,CAAgB;gBAElB,MAAM,EAAE,aAAa;IAiBjC;;OAEG;IACH,kBAAkB,IAAI,eAAe;IAIrC;;OAEG;IACH,aAAa,IAAI,kBAAkB;IAInC;;;OAGG;IACH,MAAM,IAAI,MAAM;IAiThB;;OAEG;IACH,OAAO,IAAI,IAAI;CAGhB;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,GAAG,YAAY,CAEjE"}
|
package/dist/gateway.js
CHANGED
|
@@ -6,6 +6,7 @@ const express_1 = require("express");
|
|
|
6
6
|
const station_client_1 = require("./station-client");
|
|
7
7
|
const action_registry_1 = require("./action-registry");
|
|
8
8
|
const behavior_tracker_1 = require("./behavior-tracker");
|
|
9
|
+
const ml_analyzer_1 = require("./ml-analyzer");
|
|
9
10
|
const certificate_1 = require("./middleware/certificate");
|
|
10
11
|
/**
|
|
11
12
|
* AgentGateway — the core class that website owners instantiate.
|
|
@@ -23,6 +24,11 @@ class AgentGateway {
|
|
|
23
24
|
);
|
|
24
25
|
this.actionRegistry = new action_registry_1.ActionRegistry(config.actions);
|
|
25
26
|
this.behaviorTracker = new behavior_tracker_1.BehaviorTracker(config.behavior ?? {});
|
|
27
|
+
this.mlAnalyzer = new ml_analyzer_1.MLBehaviorAnalyzer(config.ml ?? {});
|
|
28
|
+
// Initialize ML models in the background (non-blocking)
|
|
29
|
+
this.mlAnalyzer.initialize().catch(() => {
|
|
30
|
+
// Silently handled — ML is optional
|
|
31
|
+
});
|
|
26
32
|
}
|
|
27
33
|
/**
|
|
28
34
|
* Get the behavior tracker instance (for monitoring/dashboard).
|
|
@@ -30,6 +36,12 @@ class AgentGateway {
|
|
|
30
36
|
getBehaviorTracker() {
|
|
31
37
|
return this.behaviorTracker;
|
|
32
38
|
}
|
|
39
|
+
/**
|
|
40
|
+
* Get the ML analyzer instance (for monitoring/status checks).
|
|
41
|
+
*/
|
|
42
|
+
getMLAnalyzer() {
|
|
43
|
+
return this.mlAnalyzer;
|
|
44
|
+
}
|
|
33
45
|
/**
|
|
34
46
|
* Create and return the Express router for this gateway.
|
|
35
47
|
* Mount it on any path: app.use('/agent-gateway', gateway.router())
|
|
@@ -47,7 +59,12 @@ class AgentGateway {
|
|
|
47
59
|
gatewayId: this.config.gatewayId,
|
|
48
60
|
actions: this.actionRegistry.getDiscoveryPayload(),
|
|
49
61
|
certificateIssuer: 'agent-trust-station',
|
|
50
|
-
version: '1.
|
|
62
|
+
version: '1.2.0',
|
|
63
|
+
security: {
|
|
64
|
+
behavioralTracking: true,
|
|
65
|
+
mlAnalysis: this.mlAnalyzer.isAvailable(),
|
|
66
|
+
scopeEnforcement: true
|
|
67
|
+
}
|
|
51
68
|
};
|
|
52
69
|
res.json(payload);
|
|
53
70
|
});
|
|
@@ -131,13 +148,89 @@ class AgentGateway {
|
|
|
131
148
|
});
|
|
132
149
|
return;
|
|
133
150
|
}
|
|
151
|
+
// ─── Scope Enforcement: Check certificate scope manifest ───
|
|
152
|
+
// If the certificate declares a scope, only actions listed in scope are allowed.
|
|
153
|
+
// This catches misaligned behavior — e.g., a "product-search" agent trying to access "checkout".
|
|
154
|
+
if (certificate.scope && certificate.scope.length > 0) {
|
|
155
|
+
if (!certificate.scope.includes(actionName)) {
|
|
156
|
+
// Record the scope violation
|
|
157
|
+
this.behaviorTracker.recordAction(certificate.sub, certificate.agentExternalId, actionName, params, false, false // Not a score violation — it's a scope violation
|
|
158
|
+
);
|
|
159
|
+
// Report scope violation to station
|
|
160
|
+
this.stationClient.submitReport({
|
|
161
|
+
agentId: certificate.sub,
|
|
162
|
+
gatewayId: this.config.gatewayId,
|
|
163
|
+
certificateJti: certificate.jti,
|
|
164
|
+
actions: [{
|
|
165
|
+
actionType: actionName,
|
|
166
|
+
outcome: 'failure',
|
|
167
|
+
metadata: {
|
|
168
|
+
reason: 'scope_violation',
|
|
169
|
+
declaredScope: certificate.scope,
|
|
170
|
+
attemptedAction: actionName,
|
|
171
|
+
params
|
|
172
|
+
},
|
|
173
|
+
performedAt: new Date().toISOString()
|
|
174
|
+
}]
|
|
175
|
+
}).catch(err => {
|
|
176
|
+
console.error(`[@agent-trust/gateway] Failed to submit scope violation report:`, err.message);
|
|
177
|
+
});
|
|
178
|
+
res.status(403).json({
|
|
179
|
+
success: false,
|
|
180
|
+
error: `Action "${actionName}" is outside this certificate's declared scope`,
|
|
181
|
+
declaredScope: certificate.scope,
|
|
182
|
+
hint: 'Request a new certificate with the correct scope, or use a wildcard scope.'
|
|
183
|
+
});
|
|
184
|
+
return;
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
// ─── ML Analysis: Check params for threats (prompt injection, malicious URLs) ───
|
|
188
|
+
if (this.mlAnalyzer.isAvailable()) {
|
|
189
|
+
const mlResult = await this.mlAnalyzer.analyzeRequest(params, certificate.sub);
|
|
190
|
+
if (!mlResult.safe) {
|
|
191
|
+
// Record the ML-detected threat as a behavioral event
|
|
192
|
+
this.behaviorTracker.recordAction(certificate.sub, certificate.agentExternalId, actionName, params, false, false);
|
|
193
|
+
// Report to station
|
|
194
|
+
this.stationClient.submitReport({
|
|
195
|
+
agentId: certificate.sub,
|
|
196
|
+
gatewayId: this.config.gatewayId,
|
|
197
|
+
certificateJti: certificate.jti,
|
|
198
|
+
actions: [{
|
|
199
|
+
actionType: actionName,
|
|
200
|
+
outcome: 'failure',
|
|
201
|
+
metadata: {
|
|
202
|
+
reason: 'ml_threat_detected',
|
|
203
|
+
threats: mlResult.threats,
|
|
204
|
+
analysisTimeMs: mlResult.analysisTimeMs,
|
|
205
|
+
params
|
|
206
|
+
},
|
|
207
|
+
performedAt: new Date().toISOString()
|
|
208
|
+
}]
|
|
209
|
+
}).catch(err => {
|
|
210
|
+
console.error(`[@agent-trust/gateway] Failed to submit ML threat report:`, err.message);
|
|
211
|
+
});
|
|
212
|
+
res.status(403).json({
|
|
213
|
+
success: false,
|
|
214
|
+
error: 'Request blocked: Threat detected in parameters',
|
|
215
|
+
threats: mlResult.threats.map(t => ({
|
|
216
|
+
type: t.type,
|
|
217
|
+
field: t.field,
|
|
218
|
+
confidence: t.confidence
|
|
219
|
+
})),
|
|
220
|
+
analysisTimeMs: mlResult.analysisTimeMs,
|
|
221
|
+
hint: 'Your request parameters contain content flagged as potentially malicious.'
|
|
222
|
+
});
|
|
223
|
+
return;
|
|
224
|
+
}
|
|
225
|
+
}
|
|
134
226
|
// Build agent context from certificate
|
|
135
227
|
const agentContext = {
|
|
136
228
|
agentId: certificate.sub,
|
|
137
229
|
externalId: certificate.agentExternalId,
|
|
138
230
|
developerId: certificate.developerId,
|
|
139
231
|
score: certificate.score,
|
|
140
|
-
identityVerified: certificate.identityVerified
|
|
232
|
+
identityVerified: certificate.identityVerified,
|
|
233
|
+
scope: certificate.scope
|
|
141
234
|
};
|
|
142
235
|
// Check if score meets threshold BEFORE executing
|
|
143
236
|
const scoreMet = agentContext.score >= action.minScore;
|
package/dist/gateway.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"gateway.js","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":";;;AAkZA,sCAEC;AApZD,qCAAiC;AACjC,qDAAiD;AACjD,uDAAmD;AACnD,yDAAqD;AACrD,+CAAmD;AACnD,0DAAuE;AAQvE;;;;;;;;GAQG;AACH,MAAa,YAAY;IAOvB,YAAY,MAAqB;QAC/B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,aAAa,GAAG,IAAI,8BAAa,CACpC,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,aAAa,EACpB,MAAM,CAAC,wBAAwB,IAAI,OAAO,CAAC,iBAAiB;SAC7D,CAAC;QACF,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,CAAC,eAAe,GAAG,IAAI,kCAAe,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,UAAU,GAAG,IAAI,gCAAkB,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAE1D,wDAAwD;QACxD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;YACtC,oCAAoC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAC;QAExB,8BAA8B;QAE9B;;;;WAIG;QACH,MAAM,CAAC,GAAG,CAAC,4BAA4B,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YACrD,MAAM,OAAO,GAAG;gBACd,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE;gBAClD,iBAAiB,EAAE,qBAAqB;gBACxC,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE;oBACR,kBAAkB,EAAE,IAAI;oBACxB,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE;oBACzC,gBAAgB,EAAE,IAAI;iBACvB;aACF,CAAC;YACF,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;QAEH;;;WAGG;QACH,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YACnC,GAAG,CAAC,IAAI,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE;aACnD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH;;;;WAIG;QACH,MAAM,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;YAC7C,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE;oBACJ,cAAc,EAAE,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE;iBACzD;aACF,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,qCAAqC;QAErC,oCAAoC;QACpC,MAAM,YAAY,GAAG,IAAA,yCAA2B,EAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAErE;;;;;;;;;;;WAWG;QACH,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,YAAY,EAAE,KAAK,EAAE,GAAmB,EAAE,GAAG,EAAE,EAAE;YACnF,MAAM,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAClC,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,GAAG,CAAC,gBAAiB,CAAC;YAE1C,0DAA0D;YAC1D,IAAI,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpD,MAAM,KAAK,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,0CAA0C;oBACjD,aAAa,EAAE,CAAC;oBAChB,KAAK,EAAE,KAAK,EAAE,cAAc,IAAI,EAAE;oBAClC,IAAI,EAAE,yFAAyF;iBAChG,CAAC,CAAC;gBAEH,8BAA8B;gBAC9B,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;oBAC9B,OAAO,EAAE,WAAW,CAAC,GAAG;oBACxB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;oBAChC,cAAc,EAAE,WAAW,CAAC,GAAG;oBAC/B,OAAO,EAAE,CAAC;4BACR,UAAU,EAAE,UAAU;4BACtB,OAAO,EAAE,SAAS;4BAClB,QAAQ,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE;4BAChD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;yBACtC,CAAC;iBACH,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;oBACb,OAAO,CAAC,KAAK,CAAC,iDAAiD,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;gBAChF,CAAC,CAAC,CAAC;gBAEH,OAAO;YACT,CAAC;YAED,yBAAyB;YACzB,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,IAAI,CAAC,eAAe,CAAC,YAAY,CAC/B,WAAW,CAAC,GAAG,EACf,WAAW,CAAC,eAAe,EAC3B,UAAU,EACV,MAAM,EACN,KAAK,EACL,KAAK,CACN,CAAC;gBAEF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,WAAW,UAAU,aAAa;oBACzC,gBAAgB,EAAE,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE;iBACvD,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,8DAA8D;YAC9D,iFAAiF;YACjF,iGAAiG;YACjG,IAAI,WAAW,CAAC,KAAK,IAAI,WAAW,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;oBAC5C,6BAA6B;oBAC7B,IAAI,CAAC,eAAe,CAAC,YAAY,CAC/B,WAAW,CAAC,GAAG,EACf,WAAW,CAAC,eAAe,EAC3B,UAAU,EACV,MAAM,EACN,KAAK,EACL,KAAK,CAAE,iDAAiD;qBACzD,CAAC;oBAEF,oCAAoC;oBACpC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;wBAC9B,OAAO,EAAE,WAAW,CAAC,GAAG;wBACxB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;wBAChC,cAAc,EAAE,WAAW,CAAC,GAAG;wBAC/B,OAAO,EAAE,CAAC;gCACR,UAAU,EAAE,UAAU;gCACtB,OAAO,EAAE,SAAS;gCAClB,QAAQ,EAAE;oCACR,MAAM,EAAE,iBAAiB;oCACzB,aAAa,EAAE,WAAW,CAAC,KAAK;oCAChC,eAAe,EAAE,UAAU;oCAC3B,MAAM;iCACP;gCACD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;6BACtC,CAAC;qBACH,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;wBACb,OAAO,CAAC,KAAK,CAAC,iEAAiE,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;oBAChG,CAAC,CAAC,CAAC;oBAEH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,WAAW,UAAU,gDAAgD;wBAC5E,aAAa,EAAE,WAAW,CAAC,KAAK;wBAChC,IAAI,EAAE,4EAA4E;qBACnF,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;YACH,CAAC;YAED,mFAAmF;YACnF,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,EAAE,CAAC;gBAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC;gBAC/E,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACnB,sDAAsD;oBACtD,IAAI,CAAC,eAAe,CAAC,YAAY,CAC/B,WAAW,CAAC,GAAG,EACf,WAAW,CAAC,eAAe,EAC3B,UAAU,EACV,MAAM,EACN,KAAK,EACL,KAAK,CACN,CAAC;oBAEF,oBAAoB;oBACpB,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;wBAC9B,OAAO,EAAE,WAAW,CAAC,GAAG;wBACxB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;wBAChC,cAAc,EAAE,WAAW,CAAC,GAAG;wBAC/B,OAAO,EAAE,CAAC;gCACR,UAAU,EAAE,UAAU;gCACtB,OAAO,EAAE,SAAS;gCAClB,QAAQ,EAAE;oCACR,MAAM,EAAE,oBAAoB;oCAC5B,OAAO,EAAE,QAAQ,CAAC,OAAO;oCACzB,cAAc,EAAE,QAAQ,CAAC,cAAc;oCACvC,MAAM;iCACP;gCACD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;6BACtC,CAAC;qBACH,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;wBACb,OAAO,CAAC,KAAK,CAAC,2DAA2D,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;oBAC1F,CAAC,CAAC,CAAC;oBAEH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBACnB,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,gDAAgD;wBACvD,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;4BAClC,IAAI,EAAE,CAAC,CAAC,IAAI;4BACZ,KAAK,EAAE,CAAC,CAAC,KAAK;4BACd,UAAU,EAAE,CAAC,CAAC,UAAU;yBACzB,CAAC,CAAC;wBACH,cAAc,EAAE,QAAQ,CAAC,cAAc;wBACvC,IAAI,EAAE,2EAA2E;qBAClF,CAAC,CAAC;oBACH,OAAO;gBACT,CAAC;YACH,CAAC;YAED,uCAAuC;YACvC,MAAM,YAAY,GAAiB;gBACjC,OAAO,EAAE,WAAW,CAAC,GAAG;gBACxB,UAAU,EAAE,WAAW,CAAC,eAAe;gBACvC,WAAW,EAAE,WAAW,CAAC,WAAW;gBACpC,KAAK,EAAE,WAAW,CAAC,KAAK;gBACxB,gBAAgB,EAAE,WAAW,CAAC,gBAAgB;gBAC9C,KAAK,EAAE,WAAW,CAAC,KAAK;aACzB,CAAC;YAEF,kDAAkD;YAClD,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC;YAEvD,qEAAqE;YACrE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAEnF,sCAAsC;YACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,YAAY,CAChD,WAAW,CAAC,GAAG,EACf,WAAW,CAAC,eAAe,EAC3B,UAAU,EACV,MAAM,EACN,MAAM,CAAC,OAAO,EACd,QAAQ,CACT,CAAC;YAEF,qCAAqC;YACrC,GAAG,CAAC,aAAa,GAAG,QAAQ,CAAC,aAAa,CAAC;YAC3C,GAAG,CAAC,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC;YAEnC,4DAA4D;YAC5D,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;gBAC9B,OAAO,EAAE,WAAW,CAAC,GAAG;gBACxB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,cAAc,EAAE,WAAW,CAAC,GAAG;gBAC/B,OAAO,EAAE,CAAC;wBACR,UAAU,EAAE,UAAU;wBACtB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;wBAC/C,QAAQ,EAAE;4BACR,MAAM;4BACN,aAAa,EAAE,QAAQ,CAAC,aAAa;4BACrC,aAAa,EAAE,QAAQ,CAAC,KAAK;4BAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;yBAC1B;wBACD,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;qBACtC,CAAC;aACH,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;gBACb,OAAO,CAAC,KAAK,CAAC,4DAA4D,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC3F,CAAC,CAAC,CAAC;YAEH,6BAA6B;YAC7B,MAAM,QAAQ,GAA4B,EAAE,GAAG,MAAM,EAAE,CAAC;YAExD,sCAAsC;YACtC,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,aAAa,GAAG,EAAE,EAAE,CAAC;gBAC7D,QAAQ,CAAC,QAAQ,GAAG;oBAClB,KAAK,EAAE,QAAQ,CAAC,aAAa;oBAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;oBACrB,OAAO,EAAE,QAAQ,CAAC,aAAa,GAAG,EAAE;wBAClC,CAAC,CAAC,sFAAsF;wBACxF,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;4BACzB,CAAC,CAAC,6DAA6D;4BAC/D,CAAC,CAAC,SAAS;iBAChB,CAAC;YACJ,CAAC;YAED,2CAA2C;YAC3C,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,uEAAuE;oBAC9E,QAAQ,EAAE;wBACR,KAAK,EAAE,QAAQ,CAAC,aAAa;wBAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;qBACtB;iBACF,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACjC,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;IACjC,CAAC;CACF;AAjWD,oCAiWC;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,SAAgB,aAAa,CAAC,MAAqB;IACjD,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;AAClC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,5 +2,7 @@ export { AgentGateway, createGateway } from './gateway';
|
|
|
2
2
|
export { StationClient } from './station-client';
|
|
3
3
|
export { ActionRegistry } from './action-registry';
|
|
4
4
|
export { BehaviorTracker } from './behavior-tracker';
|
|
5
|
+
export { MLBehaviorAnalyzer, createMLAnalyzer } from './ml-analyzer';
|
|
5
6
|
export type { GatewayConfig, ActionDefinition, ParameterDefinition, ActionHandler, AgentContext, ActionResult, PublicActionInfo, DiscoveryPayload, GatewayRequest, BehaviorConfig, BehaviorEvent, BehaviorFlag, SessionStats, AgentSession } from './types';
|
|
7
|
+
export type { MLAnalyzerConfig, MLThreat, MLThreatType, MLAnalysisResult } from './ml-analyzer';
|
|
6
8
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAErE,YAAY,EACV,aAAa,EACb,gBAAgB,EAChB,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EAEd,cAAc,EACd,aAAa,EACb,YAAY,EACZ,YAAY,EACZ,YAAY,EACb,MAAM,SAAS,CAAC;AAEjB,YAAY,EACV,gBAAgB,EAChB,QAAQ,EACR,YAAY,EACZ,gBAAgB,EACjB,MAAM,eAAe,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
// The gateway verifies the certificate, checks the agent's reputation score,
|
|
7
7
|
// monitors real-time behavior, and executes the requested action if trusted.
|
|
8
8
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
9
|
-
exports.BehaviorTracker = exports.ActionRegistry = exports.StationClient = exports.createGateway = exports.AgentGateway = void 0;
|
|
9
|
+
exports.createMLAnalyzer = exports.MLBehaviorAnalyzer = exports.BehaviorTracker = exports.ActionRegistry = exports.StationClient = exports.createGateway = exports.AgentGateway = void 0;
|
|
10
10
|
var gateway_1 = require("./gateway");
|
|
11
11
|
Object.defineProperty(exports, "AgentGateway", { enumerable: true, get: function () { return gateway_1.AgentGateway; } });
|
|
12
12
|
Object.defineProperty(exports, "createGateway", { enumerable: true, get: function () { return gateway_1.createGateway; } });
|
|
@@ -16,4 +16,7 @@ var action_registry_1 = require("./action-registry");
|
|
|
16
16
|
Object.defineProperty(exports, "ActionRegistry", { enumerable: true, get: function () { return action_registry_1.ActionRegistry; } });
|
|
17
17
|
var behavior_tracker_1 = require("./behavior-tracker");
|
|
18
18
|
Object.defineProperty(exports, "BehaviorTracker", { enumerable: true, get: function () { return behavior_tracker_1.BehaviorTracker; } });
|
|
19
|
+
var ml_analyzer_1 = require("./ml-analyzer");
|
|
20
|
+
Object.defineProperty(exports, "MLBehaviorAnalyzer", { enumerable: true, get: function () { return ml_analyzer_1.MLBehaviorAnalyzer; } });
|
|
21
|
+
Object.defineProperty(exports, "createMLAnalyzer", { enumerable: true, get: function () { return ml_analyzer_1.createMLAnalyzer; } });
|
|
19
22
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,iEAAiE;AACjE,EAAE;AACF,+EAA+E;AAC/E,qFAAqF;AACrF,6EAA6E;AAC7E,6EAA6E;;;AAE7E,qCAAwD;AAA/C,uGAAA,YAAY,OAAA;AAAE,wGAAA,aAAa,OAAA;AACpC,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AACtB,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AACvB,uDAAqD;AAA5C,mHAAA,eAAe,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,iEAAiE;AACjE,EAAE;AACF,+EAA+E;AAC/E,qFAAqF;AACrF,6EAA6E;AAC7E,6EAA6E;;;AAE7E,qCAAwD;AAA/C,uGAAA,YAAY,OAAA;AAAE,wGAAA,aAAa,OAAA;AACpC,mDAAiD;AAAxC,+GAAA,aAAa,OAAA;AACtB,qDAAmD;AAA1C,iHAAA,cAAc,OAAA;AACvB,uDAAqD;AAA5C,mHAAA,eAAe,OAAA;AACxB,6CAAqE;AAA5D,iHAAA,kBAAkB,OAAA;AAAE,+GAAA,gBAAgB,OAAA"}
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ML-Enhanced Behavioral Analysis
|
|
3
|
+
*
|
|
4
|
+
* Uses HuggingFace Transformers.js (ONNX Runtime) to run cybersecurity
|
|
5
|
+
* models directly in Node.js for advanced threat detection:
|
|
6
|
+
*
|
|
7
|
+
* 1. Prompt Injection Detection — catches jailbreak attempts in agent params
|
|
8
|
+
*
|
|
9
|
+
* This module is OPTIONAL. If @huggingface/transformers is not installed,
|
|
10
|
+
* the gateway works fine with rule-based detection only.
|
|
11
|
+
*
|
|
12
|
+
* Default model: protectai/deberta-v3-base-prompt-injection-v2 (157K+ downloads)
|
|
13
|
+
* — DeBERTa-v3-base fine-tuned on prompt injection datasets
|
|
14
|
+
* — Has proper onnx/ directory for Transformers.js compatibility
|
|
15
|
+
*
|
|
16
|
+
* Install: npm install @huggingface/transformers
|
|
17
|
+
*/
|
|
18
|
+
export type MLThreatType = 'prompt_injection' | 'malicious_url';
|
|
19
|
+
export interface MLThreat {
|
|
20
|
+
type: MLThreatType;
|
|
21
|
+
field: string;
|
|
22
|
+
confidence: number;
|
|
23
|
+
value: string;
|
|
24
|
+
}
|
|
25
|
+
export interface MLAnalysisResult {
|
|
26
|
+
safe: boolean;
|
|
27
|
+
threats: MLThreat[];
|
|
28
|
+
analysisTimeMs: number;
|
|
29
|
+
}
|
|
30
|
+
export interface MLAnalyzerConfig {
|
|
31
|
+
/** Enable/disable ML analysis (default: true if @huggingface/transformers is installed) */
|
|
32
|
+
enabled?: boolean;
|
|
33
|
+
/** Confidence threshold for prompt injection detection (0-1, default: 0.85) */
|
|
34
|
+
injectionThreshold?: number;
|
|
35
|
+
/** Confidence threshold for malicious URL detection (0-1, default: 0.80) */
|
|
36
|
+
urlThreshold?: number;
|
|
37
|
+
/** Minimum text length to analyze for injection (default: 10) */
|
|
38
|
+
minTextLength?: number;
|
|
39
|
+
/**
|
|
40
|
+
* Custom prompt injection model ID.
|
|
41
|
+
* Must have onnx/ directory on HuggingFace for Transformers.js compatibility.
|
|
42
|
+
* Default: protectai/deberta-v3-base-prompt-injection-v2
|
|
43
|
+
*/
|
|
44
|
+
injectionModel?: string;
|
|
45
|
+
/**
|
|
46
|
+
* Custom URL detection model ID (optional).
|
|
47
|
+
* Must have onnx/ directory on HuggingFace for Transformers.js compatibility.
|
|
48
|
+
* Default: none (URL detection uses pattern matching only)
|
|
49
|
+
*/
|
|
50
|
+
urlModel?: string;
|
|
51
|
+
/** Callback when an ML threat is detected */
|
|
52
|
+
onThreatDetected?: (threat: MLThreat, agentId: string) => void;
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* MLBehaviorAnalyzer — optional ML layer for the gateway.
|
|
56
|
+
*
|
|
57
|
+
* Loads HuggingFace models on first use and caches them.
|
|
58
|
+
* Models run locally via ONNX Runtime — no API calls to HuggingFace after download.
|
|
59
|
+
*
|
|
60
|
+
* Usage:
|
|
61
|
+
* const ml = new MLBehaviorAnalyzer({ injectionThreshold: 0.9 });
|
|
62
|
+
* await ml.initialize(); // Loads models (first time downloads them)
|
|
63
|
+
* const result = await ml.analyzeRequest(params, agentId);
|
|
64
|
+
* if (!result.safe) { // block or flag the request }
|
|
65
|
+
*/
|
|
66
|
+
export declare class MLBehaviorAnalyzer {
|
|
67
|
+
private config;
|
|
68
|
+
private injectionDetector;
|
|
69
|
+
private urlDetector;
|
|
70
|
+
private initialized;
|
|
71
|
+
private initPromise;
|
|
72
|
+
private available;
|
|
73
|
+
constructor(config?: MLAnalyzerConfig);
|
|
74
|
+
/**
|
|
75
|
+
* Initialize the ML models. Call this once at startup.
|
|
76
|
+
* Models are downloaded on first run and cached locally.
|
|
77
|
+
* If @huggingface/transformers is not installed, this is a no-op.
|
|
78
|
+
*/
|
|
79
|
+
initialize(): Promise<boolean>;
|
|
80
|
+
private _doInitialize;
|
|
81
|
+
/**
|
|
82
|
+
* Check if ML analysis is available and active.
|
|
83
|
+
*/
|
|
84
|
+
isAvailable(): boolean;
|
|
85
|
+
/**
|
|
86
|
+
* Analyze an agent's request parameters for threats.
|
|
87
|
+
*
|
|
88
|
+
* Checks:
|
|
89
|
+
* 1. All string params for prompt injection attempts
|
|
90
|
+
* 2. All URL-like params for phishing/malware (if URL model is loaded)
|
|
91
|
+
*
|
|
92
|
+
* Returns { safe: true } if no threats detected or ML is unavailable.
|
|
93
|
+
*/
|
|
94
|
+
analyzeRequest(params: Record<string, unknown>, agentId?: string): Promise<MLAnalysisResult>;
|
|
95
|
+
/**
|
|
96
|
+
* Recursively extract string values from nested objects/arrays.
|
|
97
|
+
*/
|
|
98
|
+
private extractStrings;
|
|
99
|
+
/**
|
|
100
|
+
* Check if a string looks like a URL.
|
|
101
|
+
*/
|
|
102
|
+
private isUrlLike;
|
|
103
|
+
/**
|
|
104
|
+
* Extract domain from a URL string.
|
|
105
|
+
*/
|
|
106
|
+
private extractDomain;
|
|
107
|
+
}
|
|
108
|
+
/**
|
|
109
|
+
* Factory function — creates an MLBehaviorAnalyzer instance.
|
|
110
|
+
*
|
|
111
|
+
* Example:
|
|
112
|
+
* const ml = createMLAnalyzer({
|
|
113
|
+
* injectionThreshold: 0.9,
|
|
114
|
+
* onThreatDetected: (threat, agentId) => {
|
|
115
|
+
* console.warn(`ML threat from ${agentId}:`, threat);
|
|
116
|
+
* }
|
|
117
|
+
* });
|
|
118
|
+
* await ml.initialize();
|
|
119
|
+
*/
|
|
120
|
+
export declare function createMLAnalyzer(config?: MLAnalyzerConfig): MLBehaviorAnalyzer;
|
|
121
|
+
//# sourceMappingURL=ml-analyzer.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ml-analyzer.d.ts","sourceRoot":"","sources":["../src/ml-analyzer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,MAAM,MAAM,YAAY,GAAG,kBAAkB,GAAG,eAAe,CAAC;AAEhE,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,QAAQ,EAAE,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,2FAA2F;IAC3F,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,+EAA+E;IAC/E,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAE5B,4EAA4E;IAC5E,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,iEAAiE;IACjE,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,6CAA6C;IAC7C,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CAChE;AAMD;;;;;;;;;;;GAWG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAA8H;IAC5I,OAAO,CAAC,iBAAiB,CAA2B;IACpD,OAAO,CAAC,WAAW,CAA2B;IAC9C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,WAAW,CAA8B;IACjD,OAAO,CAAC,SAAS,CAAS;gBAEd,MAAM,GAAE,gBAAqB;IAYzC;;;;OAIG;IACG,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC;YAYtB,aAAa;IA4D3B;;OAEG;IACH,WAAW,IAAI,OAAO;IAItB;;;;;;;;OAQG;IACG,cAAc,CAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC;IA0F5B;;OAEG;IACH,OAAO,CAAC,cAAc;IA2BtB;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;OAEG;IACH,OAAO,CAAC,aAAa;CAQtB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,kBAAkB,CAE9E"}
|
|
@@ -0,0 +1,298 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* ML-Enhanced Behavioral Analysis
|
|
4
|
+
*
|
|
5
|
+
* Uses HuggingFace Transformers.js (ONNX Runtime) to run cybersecurity
|
|
6
|
+
* models directly in Node.js for advanced threat detection:
|
|
7
|
+
*
|
|
8
|
+
* 1. Prompt Injection Detection — catches jailbreak attempts in agent params
|
|
9
|
+
*
|
|
10
|
+
* This module is OPTIONAL. If @huggingface/transformers is not installed,
|
|
11
|
+
* the gateway works fine with rule-based detection only.
|
|
12
|
+
*
|
|
13
|
+
* Default model: protectai/deberta-v3-base-prompt-injection-v2 (157K+ downloads)
|
|
14
|
+
* — DeBERTa-v3-base fine-tuned on prompt injection datasets
|
|
15
|
+
* — Has proper onnx/ directory for Transformers.js compatibility
|
|
16
|
+
*
|
|
17
|
+
* Install: npm install @huggingface/transformers
|
|
18
|
+
*/
|
|
19
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
20
|
+
if (k2 === undefined) k2 = k;
|
|
21
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
22
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
23
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
24
|
+
}
|
|
25
|
+
Object.defineProperty(o, k2, desc);
|
|
26
|
+
}) : (function(o, m, k, k2) {
|
|
27
|
+
if (k2 === undefined) k2 = k;
|
|
28
|
+
o[k2] = m[k];
|
|
29
|
+
}));
|
|
30
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
31
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
32
|
+
}) : function(o, v) {
|
|
33
|
+
o["default"] = v;
|
|
34
|
+
});
|
|
35
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
36
|
+
var ownKeys = function(o) {
|
|
37
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
38
|
+
var ar = [];
|
|
39
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
40
|
+
return ar;
|
|
41
|
+
};
|
|
42
|
+
return ownKeys(o);
|
|
43
|
+
};
|
|
44
|
+
return function (mod) {
|
|
45
|
+
if (mod && mod.__esModule) return mod;
|
|
46
|
+
var result = {};
|
|
47
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
48
|
+
__setModuleDefault(result, mod);
|
|
49
|
+
return result;
|
|
50
|
+
};
|
|
51
|
+
})();
|
|
52
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
53
|
+
exports.MLBehaviorAnalyzer = void 0;
|
|
54
|
+
exports.createMLAnalyzer = createMLAnalyzer;
|
|
55
|
+
/**
|
|
56
|
+
* MLBehaviorAnalyzer — optional ML layer for the gateway.
|
|
57
|
+
*
|
|
58
|
+
* Loads HuggingFace models on first use and caches them.
|
|
59
|
+
* Models run locally via ONNX Runtime — no API calls to HuggingFace after download.
|
|
60
|
+
*
|
|
61
|
+
* Usage:
|
|
62
|
+
* const ml = new MLBehaviorAnalyzer({ injectionThreshold: 0.9 });
|
|
63
|
+
* await ml.initialize(); // Loads models (first time downloads them)
|
|
64
|
+
* const result = await ml.analyzeRequest(params, agentId);
|
|
65
|
+
* if (!result.safe) { // block or flag the request }
|
|
66
|
+
*/
|
|
67
|
+
class MLBehaviorAnalyzer {
|
|
68
|
+
constructor(config = {}) {
|
|
69
|
+
this.injectionDetector = null;
|
|
70
|
+
this.urlDetector = null;
|
|
71
|
+
this.initialized = false;
|
|
72
|
+
this.initPromise = null;
|
|
73
|
+
this.available = false;
|
|
74
|
+
this.config = {
|
|
75
|
+
enabled: config.enabled ?? true,
|
|
76
|
+
injectionThreshold: config.injectionThreshold ?? 0.85,
|
|
77
|
+
urlThreshold: config.urlThreshold ?? 0.80,
|
|
78
|
+
minTextLength: config.minTextLength ?? 10,
|
|
79
|
+
injectionModel: config.injectionModel ?? 'protectai/deberta-v3-base-prompt-injection-v2',
|
|
80
|
+
urlModel: config.urlModel,
|
|
81
|
+
onThreatDetected: config.onThreatDetected
|
|
82
|
+
};
|
|
83
|
+
}
|
|
84
|
+
/**
|
|
85
|
+
* Initialize the ML models. Call this once at startup.
|
|
86
|
+
* Models are downloaded on first run and cached locally.
|
|
87
|
+
* If @huggingface/transformers is not installed, this is a no-op.
|
|
88
|
+
*/
|
|
89
|
+
async initialize() {
|
|
90
|
+
if (this.initialized)
|
|
91
|
+
return this.available;
|
|
92
|
+
if (this.initPromise) {
|
|
93
|
+
await this.initPromise;
|
|
94
|
+
return this.available;
|
|
95
|
+
}
|
|
96
|
+
this.initPromise = this._doInitialize();
|
|
97
|
+
await this.initPromise;
|
|
98
|
+
return this.available;
|
|
99
|
+
}
|
|
100
|
+
async _doInitialize() {
|
|
101
|
+
if (!this.config.enabled) {
|
|
102
|
+
this.initialized = true;
|
|
103
|
+
this.available = false;
|
|
104
|
+
return;
|
|
105
|
+
}
|
|
106
|
+
try {
|
|
107
|
+
// Dynamic import — if the package isn't installed, this throws
|
|
108
|
+
// Use string variable to avoid TypeScript module resolution error
|
|
109
|
+
const moduleName = '@huggingface/transformers';
|
|
110
|
+
const transformers = await Promise.resolve(`${moduleName}`).then(s => __importStar(require(s)));
|
|
111
|
+
const pipeline = transformers.pipeline;
|
|
112
|
+
console.log('[@agent-trust/gateway] Loading ML models for behavioral analysis...');
|
|
113
|
+
// Load prompt injection detector
|
|
114
|
+
// protectai/deberta-v3-base-prompt-injection-v2 has onnx/ directory
|
|
115
|
+
const startInjection = Date.now();
|
|
116
|
+
this.injectionDetector = await pipeline('text-classification', this.config.injectionModel);
|
|
117
|
+
console.log(`[@agent-trust/gateway] Prompt injection model loaded (${Date.now() - startInjection}ms)`);
|
|
118
|
+
// Optionally load URL detector if a model is specified
|
|
119
|
+
if (this.config.urlModel) {
|
|
120
|
+
try {
|
|
121
|
+
const startUrl = Date.now();
|
|
122
|
+
this.urlDetector = await pipeline('text-classification', this.config.urlModel);
|
|
123
|
+
console.log(`[@agent-trust/gateway] URL detection model loaded (${Date.now() - startUrl}ms)`);
|
|
124
|
+
}
|
|
125
|
+
catch (urlErr) {
|
|
126
|
+
const urlMsg = urlErr instanceof Error ? urlErr.message : String(urlErr);
|
|
127
|
+
console.warn(`[@agent-trust/gateway] URL model failed to load (continuing without it):`, urlMsg);
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
this.available = true;
|
|
131
|
+
console.log('[@agent-trust/gateway] ML behavioral analysis ACTIVE');
|
|
132
|
+
}
|
|
133
|
+
catch (error) {
|
|
134
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
135
|
+
if (message.includes('Cannot find module') || message.includes('MODULE_NOT_FOUND')) {
|
|
136
|
+
console.log('[@agent-trust/gateway] ML analysis disabled: @huggingface/transformers not installed. ' +
|
|
137
|
+
'Install it with: npm install @huggingface/transformers');
|
|
138
|
+
}
|
|
139
|
+
else {
|
|
140
|
+
console.warn('[@agent-trust/gateway] ML analysis disabled due to error:', message);
|
|
141
|
+
}
|
|
142
|
+
this.available = false;
|
|
143
|
+
}
|
|
144
|
+
this.initialized = true;
|
|
145
|
+
}
|
|
146
|
+
/**
|
|
147
|
+
* Check if ML analysis is available and active.
|
|
148
|
+
*/
|
|
149
|
+
isAvailable() {
|
|
150
|
+
return this.available && this.initialized;
|
|
151
|
+
}
|
|
152
|
+
/**
|
|
153
|
+
* Analyze an agent's request parameters for threats.
|
|
154
|
+
*
|
|
155
|
+
* Checks:
|
|
156
|
+
* 1. All string params for prompt injection attempts
|
|
157
|
+
* 2. All URL-like params for phishing/malware (if URL model is loaded)
|
|
158
|
+
*
|
|
159
|
+
* Returns { safe: true } if no threats detected or ML is unavailable.
|
|
160
|
+
*/
|
|
161
|
+
async analyzeRequest(params, agentId) {
|
|
162
|
+
const startTime = Date.now();
|
|
163
|
+
// If ML isn't available, return safe (rule-based checks still apply)
|
|
164
|
+
if (!this.available || !this.initialized) {
|
|
165
|
+
return { safe: true, threats: [], analysisTimeMs: 0 };
|
|
166
|
+
}
|
|
167
|
+
const threats = [];
|
|
168
|
+
// Recursively extract string values from params
|
|
169
|
+
const stringValues = this.extractStrings(params);
|
|
170
|
+
for (const { key, value } of stringValues) {
|
|
171
|
+
// Check for prompt injection
|
|
172
|
+
if (value.length >= this.config.minTextLength && this.injectionDetector) {
|
|
173
|
+
try {
|
|
174
|
+
const result = await this.injectionDetector(value);
|
|
175
|
+
// protectai model uses "INJECTION" label
|
|
176
|
+
// Other models may use "LABEL_1", "1", or "jailbreak"
|
|
177
|
+
const injectionResult = result.find(r => r.label.toUpperCase() === 'INJECTION' ||
|
|
178
|
+
r.label.toLowerCase().includes('injection') ||
|
|
179
|
+
r.label.toLowerCase().includes('jailbreak') ||
|
|
180
|
+
r.label === 'LABEL_1' ||
|
|
181
|
+
r.label === '1');
|
|
182
|
+
if (injectionResult && injectionResult.score >= this.config.injectionThreshold) {
|
|
183
|
+
const threat = {
|
|
184
|
+
type: 'prompt_injection',
|
|
185
|
+
field: key,
|
|
186
|
+
confidence: Math.round(injectionResult.score * 100) / 100,
|
|
187
|
+
value: value.substring(0, 100) + (value.length > 100 ? '...' : '')
|
|
188
|
+
};
|
|
189
|
+
threats.push(threat);
|
|
190
|
+
if (this.config.onThreatDetected && agentId) {
|
|
191
|
+
this.config.onThreatDetected(threat, agentId);
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
catch (e) {
|
|
196
|
+
// Model inference failed for this value — skip it
|
|
197
|
+
console.warn('[@agent-trust/gateway] ML injection check failed for field:', key);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
// Check for malicious URLs (only if URL model is loaded)
|
|
201
|
+
if (this.isUrlLike(value) && this.urlDetector) {
|
|
202
|
+
try {
|
|
203
|
+
const domain = this.extractDomain(value);
|
|
204
|
+
if (domain) {
|
|
205
|
+
const result = await this.urlDetector(domain);
|
|
206
|
+
const malwareResult = result.find(r => r.label.toLowerCase().includes('malware') ||
|
|
207
|
+
r.label.toLowerCase().includes('malicious') ||
|
|
208
|
+
r.label.toLowerCase().includes('phishing') ||
|
|
209
|
+
r.label === 'LABEL_1' ||
|
|
210
|
+
r.label === '1');
|
|
211
|
+
if (malwareResult && malwareResult.score >= this.config.urlThreshold) {
|
|
212
|
+
const threat = {
|
|
213
|
+
type: 'malicious_url',
|
|
214
|
+
field: key,
|
|
215
|
+
confidence: Math.round(malwareResult.score * 100) / 100,
|
|
216
|
+
value: value.substring(0, 200)
|
|
217
|
+
};
|
|
218
|
+
threats.push(threat);
|
|
219
|
+
if (this.config.onThreatDetected && agentId) {
|
|
220
|
+
this.config.onThreatDetected(threat, agentId);
|
|
221
|
+
}
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
catch (e) {
|
|
226
|
+
console.warn('[@agent-trust/gateway] ML URL check failed for field:', key);
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
return {
|
|
231
|
+
safe: threats.length === 0,
|
|
232
|
+
threats,
|
|
233
|
+
analysisTimeMs: Date.now() - startTime
|
|
234
|
+
};
|
|
235
|
+
}
|
|
236
|
+
// ─── Helpers ───
|
|
237
|
+
/**
|
|
238
|
+
* Recursively extract string values from nested objects/arrays.
|
|
239
|
+
*/
|
|
240
|
+
extractStrings(obj, prefix = '') {
|
|
241
|
+
const result = [];
|
|
242
|
+
for (const [key, value] of Object.entries(obj)) {
|
|
243
|
+
const fullKey = prefix ? `${prefix}.${key}` : key;
|
|
244
|
+
if (typeof value === 'string') {
|
|
245
|
+
result.push({ key: fullKey, value });
|
|
246
|
+
}
|
|
247
|
+
else if (Array.isArray(value)) {
|
|
248
|
+
value.forEach((item, i) => {
|
|
249
|
+
if (typeof item === 'string') {
|
|
250
|
+
result.push({ key: `${fullKey}[${i}]`, value: item });
|
|
251
|
+
}
|
|
252
|
+
else if (typeof item === 'object' && item !== null) {
|
|
253
|
+
result.push(...this.extractStrings(item, `${fullKey}[${i}]`));
|
|
254
|
+
}
|
|
255
|
+
});
|
|
256
|
+
}
|
|
257
|
+
else if (typeof value === 'object' && value !== null) {
|
|
258
|
+
result.push(...this.extractStrings(value, fullKey));
|
|
259
|
+
}
|
|
260
|
+
}
|
|
261
|
+
return result;
|
|
262
|
+
}
|
|
263
|
+
/**
|
|
264
|
+
* Check if a string looks like a URL.
|
|
265
|
+
*/
|
|
266
|
+
isUrlLike(value) {
|
|
267
|
+
return /^https?:\/\//i.test(value) || /^www\./i.test(value);
|
|
268
|
+
}
|
|
269
|
+
/**
|
|
270
|
+
* Extract domain from a URL string.
|
|
271
|
+
*/
|
|
272
|
+
extractDomain(url) {
|
|
273
|
+
try {
|
|
274
|
+
const parsed = new URL(url.startsWith('www.') ? `https://${url}` : url);
|
|
275
|
+
return parsed.hostname;
|
|
276
|
+
}
|
|
277
|
+
catch {
|
|
278
|
+
return null;
|
|
279
|
+
}
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
exports.MLBehaviorAnalyzer = MLBehaviorAnalyzer;
|
|
283
|
+
/**
|
|
284
|
+
* Factory function — creates an MLBehaviorAnalyzer instance.
|
|
285
|
+
*
|
|
286
|
+
* Example:
|
|
287
|
+
* const ml = createMLAnalyzer({
|
|
288
|
+
* injectionThreshold: 0.9,
|
|
289
|
+
* onThreatDetected: (threat, agentId) => {
|
|
290
|
+
* console.warn(`ML threat from ${agentId}:`, threat);
|
|
291
|
+
* }
|
|
292
|
+
* });
|
|
293
|
+
* await ml.initialize();
|
|
294
|
+
*/
|
|
295
|
+
function createMLAnalyzer(config) {
|
|
296
|
+
return new MLBehaviorAnalyzer(config);
|
|
297
|
+
}
|
|
298
|
+
//# sourceMappingURL=ml-analyzer.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ml-analyzer.js","sourceRoot":"","sources":["../src/ml-analyzer.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA4UH,4CAEC;AA1RD;;;;;;;;;;;GAWG;AACH,MAAa,kBAAkB;IAQ7B,YAAY,SAA2B,EAAE;QANjC,sBAAiB,GAAsB,IAAI,CAAC;QAC5C,gBAAW,GAAsB,IAAI,CAAC;QACtC,gBAAW,GAAG,KAAK,CAAC;QACpB,gBAAW,GAAyB,IAAI,CAAC;QACzC,cAAS,GAAG,KAAK,CAAC;QAGxB,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI;YAC/B,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,IAAI,IAAI;YACrD,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;YACzC,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;YACzC,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,+CAA+C;YACxF,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC1C,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC,SAAS,CAAC;QAC5C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,WAAW,CAAC;YACvB,OAAO,IAAI,CAAC,SAAS,CAAC;QACxB,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,IAAI,CAAC,WAAW,CAAC;QACvB,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;YACvB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,+DAA+D;YAC/D,kEAAkE;YAClE,MAAM,UAAU,GAAG,2BAA2B,CAAC;YAC/C,MAAM,YAAY,GAAG,yBAAuC,UAAU,uCAAC,CAAC;YACxE,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;YAEvC,OAAO,CAAC,GAAG,CAAC,qEAAqE,CAAC,CAAC;YAEnF,iCAAiC;YACjC,oEAAoE;YACpE,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAClC,IAAI,CAAC,iBAAiB,GAAG,MAAM,QAAQ,CACrC,qBAAqB,EACrB,IAAI,CAAC,MAAM,CAAC,cAAc,CACF,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,yDAAyD,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,KAAK,CAAC,CAAC;YAEvG,uDAAuD;YACvD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBAC5B,IAAI,CAAC,WAAW,GAAG,MAAM,QAAQ,CAC/B,qBAAqB,EACrB,IAAI,CAAC,MAAM,CAAC,QAAQ,CACI,CAAC;oBAC3B,OAAO,CAAC,GAAG,CAAC,sDAAsD,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,KAAK,CAAC,CAAC;gBAChG,CAAC;gBAAC,OAAO,MAAe,EAAE,CAAC;oBACzB,MAAM,MAAM,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBACzE,OAAO,CAAC,IAAI,CAAC,0EAA0E,EAAE,MAAM,CAAC,CAAC;gBACnG,CAAC;YACH,CAAC;YAED,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAEvE,IAAI,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACnF,OAAO,CAAC,GAAG,CACT,wFAAwF;oBACxF,wDAAwD,CACzD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CAAC,2DAA2D,EAAE,OAAO,CAAC,CAAC;YACrF,CAAC;YAED,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;QACzB,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,WAAW,CAAC;IAC5C,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,cAAc,CAClB,MAA+B,EAC/B,OAAgB;QAEhB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,qEAAqE;QACrE,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,OAAO,GAAe,EAAE,CAAC;QAE/B,gDAAgD;QAChD,MAAM,YAAY,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAEjD,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,YAAY,EAAE,CAAC;YAC1C,6BAA6B;YAC7B,IAAI,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;gBACxE,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;oBACnD,yCAAyC;oBACzC,sDAAsD;oBACtD,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CACjC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,WAAW;wBACrC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;wBAC3C,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;wBAC3C,CAAC,CAAC,KAAK,KAAK,SAAS;wBACrB,CAAC,CAAC,KAAK,KAAK,GAAG,CACrB,CAAC;oBAEF,IAAI,eAAe,IAAI,eAAe,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;wBAC/E,MAAM,MAAM,GAAa;4BACvB,IAAI,EAAE,kBAAkB;4BACxB,KAAK,EAAE,GAAG;4BACV,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG;4BACzD,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;yBACnE,CAAC;wBACF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;wBAErB,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,OAAO,EAAE,CAAC;4BAC5C,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;wBAChD,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,kDAAkD;oBAClD,OAAO,CAAC,IAAI,CAAC,6DAA6D,EAAE,GAAG,CAAC,CAAC;gBACnF,CAAC;YACH,CAAC;YAED,yDAAyD;YACzD,IAAI,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;oBACzC,IAAI,MAAM,EAAE,CAAC;wBACX,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;wBAC9C,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAC/B,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC;4BACzC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;4BAC3C,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;4BAC1C,CAAC,CAAC,KAAK,KAAK,SAAS;4BACrB,CAAC,CAAC,KAAK,KAAK,GAAG,CACrB,CAAC;wBAEF,IAAI,aAAa,IAAI,aAAa,CAAC,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;4BACrE,MAAM,MAAM,GAAa;gCACvB,IAAI,EAAE,eAAe;gCACrB,KAAK,EAAE,GAAG;gCACV,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG;gCACvD,KAAK,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC;6BAC/B,CAAC;4BACF,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;4BAErB,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,OAAO,EAAE,CAAC;gCAC5C,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;4BAChD,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,OAAO,CAAC,IAAI,CAAC,uDAAuD,EAAE,GAAG,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;YAC1B,OAAO;YACP,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACvC,CAAC;IACJ,CAAC;IAED,kBAAkB;IAElB;;OAEG;IACK,cAAc,CACpB,GAA4B,EAC5B,MAAM,GAAG,EAAE;QAEX,MAAM,MAAM,GAA0C,EAAE,CAAC;QAEzD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YAElD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACvC,CAAC;iBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;oBACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;oBACxD,CAAC;yBAAM,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;wBACrD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,IAA+B,EAAE,GAAG,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC3F,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACvD,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,KAAgC,EAAE,OAAO,CAAC,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACK,SAAS,CAAC,KAAa;QAC7B,OAAO,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,GAAW;QAC/B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YACxE,OAAO,MAAM,CAAC,QAAQ,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AA9PD,gDA8PC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,gBAAgB,CAAC,MAAyB;IACxD,OAAO,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC;AACxC,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Request } from 'express';
|
|
2
|
+
import type { MLAnalyzerConfig } from './ml-analyzer';
|
|
2
3
|
export interface GatewayConfig {
|
|
3
4
|
/** URL of the Agent Trust Station (e.g., "https://station.example.com") */
|
|
4
5
|
stationUrl: string;
|
|
@@ -12,6 +13,8 @@ export interface GatewayConfig {
|
|
|
12
13
|
publicKeyRefreshInterval?: number;
|
|
13
14
|
/** Behavioral tracking configuration (optional — enabled by default) */
|
|
14
15
|
behavior?: BehaviorConfig;
|
|
16
|
+
/** ML-based threat detection configuration (optional — auto-enabled if @huggingface/transformers is installed) */
|
|
17
|
+
ml?: MLAnalyzerConfig;
|
|
15
18
|
}
|
|
16
19
|
export interface BehaviorConfig {
|
|
17
20
|
/** Enable/disable behavioral tracking (default: true) */
|
|
@@ -64,6 +67,8 @@ export interface AgentContext {
|
|
|
64
67
|
score: number;
|
|
65
68
|
/** Whether the agent's identity has been verified */
|
|
66
69
|
identityVerified: boolean;
|
|
70
|
+
/** Declared scope/purpose manifest — which actions this agent is authorized to perform */
|
|
71
|
+
scope?: string[];
|
|
67
72
|
}
|
|
68
73
|
export interface ActionResult {
|
|
69
74
|
success: boolean;
|
|
@@ -90,6 +95,8 @@ export interface CertificatePayload {
|
|
|
90
95
|
status: string;
|
|
91
96
|
totalActions: number;
|
|
92
97
|
successRate: number | null;
|
|
98
|
+
/** Declared scope/purpose manifest — limits which actions this certificate authorizes */
|
|
99
|
+
scope?: string[];
|
|
93
100
|
iat: number;
|
|
94
101
|
exp: number;
|
|
95
102
|
iss: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAItD,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,UAAU,EAAE,MAAM,CAAC;IAEnB,qEAAqE;IACrE,SAAS,EAAE,MAAM,CAAC;IAElB,4DAA4D;IAC5D,aAAa,EAAE,MAAM,CAAC;IAEtB,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAE1C,uFAAuF;IACvF,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAElC,wEAAwE;IACxE,QAAQ,CAAC,EAAE,cAAc,CAAC;IAE1B,kHAAkH;IAClH,EAAE,CAAC,EAAE,gBAAgB,CAAC;CACvB;AAID,MAAM,WAAW,cAAc;IAC7B,yDAAyD;IACzD,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,6FAA6F;IAC7F,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,yEAAyE;IACzE,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B,iEAAiE;IACjE,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B,sFAAsF;IACtF,yBAAyB,CAAC,EAAE,MAAM,CAAC;IAEnC,4FAA4F;IAC5F,2BAA2B,CAAC,EAAE,MAAM,CAAC;IAErC,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B,iFAAiF;IACjF,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,oDAAoD;IACpD,oBAAoB,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;CACvD;AAID,MAAM,WAAW,gBAAgB;IAC/B,0DAA0D;IAC1D,WAAW,EAAE,MAAM,CAAC;IAEpB,mEAAmE;IACnE,QAAQ,EAAE,MAAM,CAAC;IAEjB,uCAAuC;IACvC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAEhD,gDAAgD;IAChD,OAAO,EAAE,aAAa,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,qBAAqB;IACrB,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC;IAE3D,yCAAyC;IACzC,QAAQ,EAAE,OAAO,CAAC;IAElB,iCAAiC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,uEAAuE;AACvE,MAAM,MAAM,aAAa,GAAG,CAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,EAAE,YAAY,KAChB,OAAO,CAAC,OAAO,CAAC,CAAC;AAItB,MAAM,WAAW,YAAY;IAC3B,yDAAyD;IACzD,OAAO,EAAE,MAAM,CAAC;IAEhB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IAEnB,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IAEpB,+DAA+D;IAC/D,KAAK,EAAE,MAAM,CAAC;IAEd,qDAAqD;IACrD,gBAAgB,EAAE,OAAO,CAAC;IAE1B,0FAA0F;IAC1F,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC;CACjB;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,yFAAyF;IACzF,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,KAAK,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,SAAS,GAAG,SAAS,CAAC;QAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC,CAAC;IACH,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,wEAAwE;AACxE,MAAM,WAAW,cAAe,SAAQ,OAAO;IAC7C,gBAAgB,CAAC,EAAE,kBAAkB,CAAC;IACtC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;CAChC;AAID,MAAM,MAAM,YAAY,GACpB,YAAY,GACZ,mBAAmB,GACnB,oBAAoB,GACpB,iBAAiB,GACjB,iBAAiB,GACjB,iBAAiB,GACjB,gBAAgB,CAAC;AAErB,MAAM,WAAW,aAAa;IAC5B,mBAAmB;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,+BAA+B;IAC/B,IAAI,EAAE,YAAY,CAAC;IACnB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,4CAA4C;IAC5C,aAAa,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,YAAY,EAAE,YAAY,CAAC;IAC3B,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,qCAAqC;IACrC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,iDAAiD;IACjD,uBAAuB,EAAE,MAAM,CAAC;IAChC,gDAAgD;IAChD,eAAe,EAAE,MAAM,CAAC;IACxB,mEAAmE;IACnE,eAAe,EAAE,MAAM,CAAC;IACxB,2CAA2C;IAC3C,cAAc,EAAE,YAAY,EAAE,CAAC;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,qDAAqD;IACrD,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,cAAc,EAAE,MAAM,CAAC;IACvB,0EAA0E;IAC1E,aAAa,EAAE,MAAM,CAAC;IACtB,4CAA4C;IAC5C,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,qCAAqC;IACrC,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,CAAC;IACzB,qDAAqD;IACrD,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,uCAAuC;IACvC,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agent-trust/gateway",
|
|
3
|
-
"version": "1.
|
|
4
|
-
"description": "Express middleware that lets trusted AI agents interact with your website. Verifies cryptographic certificates, checks reputation scores, and
|
|
3
|
+
"version": "1.2.0",
|
|
4
|
+
"description": "Express middleware that lets trusted AI agents interact with your website. Verifies cryptographic certificates, enforces scope manifests, checks reputation scores, reports behavior, and detects prompt injection attacks with ML.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
7
7
|
"scripts": {
|
|
@@ -19,7 +19,16 @@
|
|
|
19
19
|
"certificate",
|
|
20
20
|
"reputation",
|
|
21
21
|
"ai-agents",
|
|
22
|
-
"agenttrust"
|
|
22
|
+
"agenttrust",
|
|
23
|
+
"prompt-injection",
|
|
24
|
+
"ml",
|
|
25
|
+
"security",
|
|
26
|
+
"behavioral-analysis",
|
|
27
|
+
"huggingface",
|
|
28
|
+
"onnx",
|
|
29
|
+
"scope",
|
|
30
|
+
"scope-manifest",
|
|
31
|
+
"authorization"
|
|
23
32
|
],
|
|
24
33
|
"author": "AgentTrust",
|
|
25
34
|
"license": "MIT",
|
|
@@ -38,6 +47,9 @@
|
|
|
38
47
|
"dependencies": {
|
|
39
48
|
"jsonwebtoken": "^9.0.2"
|
|
40
49
|
},
|
|
50
|
+
"optionalDependencies": {
|
|
51
|
+
"@huggingface/transformers": "^3.8.1"
|
|
52
|
+
},
|
|
41
53
|
"devDependencies": {
|
|
42
54
|
"@types/express": "^4.17.21",
|
|
43
55
|
"@types/jsonwebtoken": "^9.0.6",
|