@atbash/cli 0.3.9-dev.12 → 0.3.9-dev.15

package/dist/config.js

@@ -1,94 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CONFIG_FILE = void 0;
-exports.loadConfig = loadConfig;
-exports.saveConfig = saveConfig;
-exports.resolveAgentKey = resolveAgentKey;
-exports.resolveOrgName = resolveOrgName;
-exports.resolveEndpoint = resolveEndpoint;
-exports.resolveProvider = resolveProvider;
-exports.resolveProviderApiKey = resolveProviderApiKey;
-exports.resolveProviderEndpoint = resolveProviderEndpoint;
-exports.resolveProviderModel = resolveProviderModel;
-exports.resolveBlockchainRid = resolveBlockchainRid;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const os = __importStar(require("os"));
-const CONFIG_FILE = path.join(os.homedir(), ".atbashrc.json");
-exports.CONFIG_FILE = CONFIG_FILE;
-function loadConfig() {
-    try {
-        if (fs.existsSync(CONFIG_FILE)) {
-            const raw = fs.readFileSync(CONFIG_FILE, "utf-8");
-            if (!raw.trim())
-                return {};
-            return JSON.parse(raw);
-        }
-    }
-    catch (err) {
-        console.error("Failed to load config file", err);
-    }
-    return {};
-}
-function saveConfig(config) {
-    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2) + "\n", "utf-8");
-}
-/** Resolve a config value with priority: flag > env > file */
-function resolveAgentKey(flagValue) {
-    return flagValue || process.env.ATBASH_AGENT_KEY || loadConfig().agentKey;
-}
-function resolveOrgName(flagValue) {
-    return flagValue || process.env.ATBASH_ORG_NAME || loadConfig().orgName;
-}
-function resolveEndpoint(flagValue) {
-    return flagValue || process.env.ATBASH_ENDPOINT || loadConfig().judgeEndpoint;
-}
-function resolveProvider(flagValue) {
-    return flagValue || process.env.ATBASH_PROVIDER || loadConfig().provider || "";
-}
-function resolveProviderApiKey(flagValue) {
-    return flagValue || process.env.ATBASH_PROVIDER_API_KEY || loadConfig().providerApiKey || "";
-}
-function resolveProviderEndpoint(flagValue) {
-    return flagValue || process.env.ATBASH_PROVIDER_ENDPOINT || loadConfig().providerEndpoint || "";
-}
-function resolveProviderModel(flagValue) {
-    return flagValue || process.env.ATBASH_PROVIDER_MODEL || loadConfig().providerModel || "";
-}
-function resolveBlockchainRid(flagValue) {
-    return flagValue || process.env.ATBASH_BLOCKCHAIN_RID || loadConfig().blockchainRid || "";
-}
-//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAmBA,gCAWC;AAED,gCAEC;AAGD,0CAEC;AAED,wCAEC;AAED,0CAEC;AAED,0CAEC;AAED,sDAEC;AAED,0DAEC;AAED,oDAEC;AAED,oDAEC;AAnED,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAEzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,gBAAgB,CAAC,CAAC;AAiErD,kCAAW;AAlDpB,SAAgB,UAAU;IACxB,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YAClD,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE;gBAAE,OAAO,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;QACzC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAgB,UAAU,CAAC,MAAoB;IAC7C,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;AACjF,CAAC;AAED,8DAA8D;AAC9D,SAAgB,eAAe,CAAC,SAAkB;IAChD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,UAAU,EAAE,CAAC,QAAQ,CAAC;AAC5E,CAAC;AAED,SAAgB,cAAc,CAAC,SAAkB;IAC/C,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,UAAU,EAAE,CAAC,OAAO,CAAC;AAC1E,CAAC;AAED,SAAgB,eAAe,CAAC,SAAkB;IAChD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,UAAU,EAAE,CAAC,aAAa,CAAC;AAChF,CAAC;AAED,SAAgB,eAAe,CAAC,SAAkB;IAChD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,UAAU,EAAE,CAAC,QAAQ,IAAI,EAAE,CAAC;AACjF,CAAC;AAED,SAAgB,qBAAqB,CAAC,SAAkB;IACtD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,UAAU,EAAE,CAAC,cAAc,IAAI,EAAE,CAAC;AAC/F,CAAC;AAED,SAAgB,uBAAuB,CAAC,SAAkB;IACxD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,UAAU,EAAE,CAAC,gBAAgB,IAAI,EAAE,CAAC;AAClG,CAAC;AAED,SAAgB,oBAAoB,CAAC,SAAkB;IACrD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,UAAU,EAAE,CAAC,aAAa,IAAI,EAAE,CAAC;AAC5F,CAAC;AAED,SAAgB,oBAAoB,CAAC,SAAkB;IACrD,OAAO,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,UAAU,EAAE,CAAC,aAAa,IAAI,EAAE,CAAC;AAC5F,CAAC"}

package/dist/presets.d.ts

@@ -1,14 +0,0 @@
-/**
- * Reference policy shapes for the Atbash CLI.
- *
- * These are reference packs — the starting points an operator might author
- * against. They match the format produced by the dashboard's
- * buildCompactPolicyText(). Production policies are authored, versioned, and
- * signed in the dashboard, not loaded from here.
- */
-export declare const PRESETS: Record<string, {
-    name: string;
-    description: string;
-    policy: string;
-}>;
-export declare function listPresets(): string[];

package/dist/presets.js

@@ -1,73 +0,0 @@
-"use strict";
-/**
- * Reference policy shapes for the Atbash CLI.
- *
- * These are reference packs — the starting points an operator might author
- * against. They match the format produced by the dashboard's
- * buildCompactPolicyText(). Production policies are authored, versioned, and
- * signed in the dashboard, not loaded from here.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PRESETS = void 0;
-exports.listPresets = listPresets;
-exports.PRESETS = {
-    strict: {
-        name: "Strict",
-        description: "Reference shape for privileged-ops agents — blocks IAM elevation, credential export, and bulk exfil; holds every cross-border or over-threshold transfer",
-        policy: `Agent Policy
-Risk: high
-
-Enabled rules:
-- [Financial] CRITICAL -> BLOCK when Transfers exceeding threshold to unwhitelisted addresses (threshold: $1,000) <!--f1-->
-- [Financial] HIGH -> HOLD when Cross-border transactions (threshold: All) <!--f2-->
-- [Financial] CRITICAL -> BLOCK when Cryptocurrency wallet transfers without 2FA confirmation (threshold: Any amount) <!--f3-->
-- [Financial] HIGH -> HOLD when Invoice generation or payment request above threshold (threshold: $5,000) <!--f5-->
-- [Financial] CRITICAL -> BLOCK when Access to payment gateway API keys or merchant credentials (threshold: Any) <!--f6-->
-- [Communication] HIGH -> BLOCK when Mass emails exceeding recipient threshold without approval (threshold: 50 recipients) <!--c2-->
-- [Communication] CRITICAL -> BLOCK when Outbound messages to domains on blocklist (threshold: Custom list) <!--c5-->
-- [Communication] CRITICAL -> BLOCK when Sending messages impersonating another user or agent (threshold: Any) <!--c7-->
-- [File system] CRITICAL -> BLOCK when Read/write to restricted directories (threshold: /etc, /var, ~/.ssh) <!--fs1-->
-- [File system] CRITICAL -> BLOCK when Access to credential or secret files (threshold: .env, config, secrets.*) <!--fs3-->
-- [Code execution] CRITICAL -> BLOCK when Elevated privilege commands (threshold: sudo, chmod, rm -rf) <!--ce1-->
-- [Code execution] CRITICAL -> BLOCK when Spawning reverse shells or outbound listeners (threshold: Any) <!--ce3-->
-- [Network] CRITICAL -> BLOCK when Connections to malicious or blacklisted domains (threshold: Threat intel feed) <!--nw1-->
-- [Network] CRITICAL -> BLOCK when Data exfiltration exceeding size (threshold: 10 MB) <!--nw4-->
-- [Accounts] CRITICAL -> BLOCK when Privilege escalation or admin scope requests (threshold: Any) <!--ai1-->
-- [Accounts] CRITICAL -> BLOCK when Password or credential reset attempts (threshold: Any) <!--ai4-->`,
-    },
-    moderate: {
-        name: "Moderate",
-        description: "Reference shape for business-ops agents — blocks clear red lines, holds mid-blast-radius actions for human review",
-        policy: `Agent Policy
-Risk: medium
-
-Enabled rules:
-- [Financial] CRITICAL -> BLOCK when Transfers exceeding threshold to unwhitelisted addresses (threshold: $5,000) <!--f1-->
-- [Financial] HIGH -> HOLD when Cross-border transactions (threshold: All) <!--f2-->
-- [Financial] CRITICAL -> BLOCK when Cryptocurrency wallet transfers without 2FA (threshold: Any amount) <!--f3-->
-- [Financial] LOW -> PASS when Recurring payments to pre-approved vendors under threshold (threshold: $500) <!--f4-->
-- [Communication] MEDIUM -> HOLD when Emails to external domains with large attachments (threshold: 5 MB) <!--c1-->
-- [Communication] HIGH -> BLOCK when Mass emails exceeding recipient threshold (threshold: 50 recipients) <!--c2-->
-- [Communication] CRITICAL -> BLOCK when Outbound messages to domains on blocklist (threshold: Custom list) <!--c5-->
-- [Code execution] CRITICAL -> BLOCK when Elevated privilege commands (threshold: sudo, chmod, rm -rf) <!--ce1-->
-- [Code execution] CRITICAL -> BLOCK when Spawning reverse shells or outbound listeners (threshold: Any) <!--ce3-->
-- [Network] CRITICAL -> BLOCK when Connections to malicious or blacklisted domains (threshold: Threat intel feed) <!--nw1-->`,
-    },
-    minimal: {
-        name: "Minimal",
-        description: "Reference shape for audit-tier rollout — only the categorical red lines, intended for observation before enforcement is turned on",
-        policy: `Agent Policy
-Risk: low
-
-Enabled rules:
-- [Financial] CRITICAL -> BLOCK when Transfers exceeding threshold to unwhitelisted addresses (threshold: $10,000) <!--f1-->
-- [Financial] CRITICAL -> BLOCK when Cryptocurrency wallet transfers without 2FA (threshold: Any amount) <!--f3-->
-- [Code execution] CRITICAL -> BLOCK when Spawning reverse shells or outbound listeners (threshold: Any) <!--ce3-->
-- [Network] CRITICAL -> BLOCK when Connections to malicious or blacklisted domains (threshold: Threat intel feed) <!--nw1-->
-- [Network] CRITICAL -> BLOCK when Data exfiltration exceeding size (threshold: 10 MB) <!--nw4-->`,
-    },
-};
-function listPresets() {
-    return Object.keys(exports.PRESETS);
-}
-//# sourceMappingURL=presets.js.map

package/dist/presets.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"presets.js","sourceRoot":"","sources":["../src/presets.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AA8DH,kCAEC;AA9DY,QAAA,OAAO,GAA0E;IAC5F,MAAM,EAAE;QACN,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,0JAA0J;QACvK,MAAM,EAAE;;;;;;;;;;;;;;;;;;;sGAmB0F;KACnG;IAED,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,mHAAmH;QAChI,MAAM,EAAE;;;;;;;;;;;;;6HAaiH;KAC1H;IAED,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,mIAAmI;QAChJ,MAAM,EAAE;;;;;;;;kGAQsF;KAC/F;CACF,CAAC;AAEF,SAAgB,WAAW;IACzB,OAAO,MAAM,CAAC,IAAI,CAAC,eAAO,CAAC,CAAC;AAC9B,CAAC"}