@elliotllliu/agent-shield 0.3.1

package/dist/cli.js

@@ -0,0 +1,265 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { resolve, join } from "path";
+import { existsSync, statSync, writeFileSync, watch as fsWatch, mkdirSync } from "fs";
+import { scan } from "./scanner/index.js";
+import { printReport } from "./reporter/terminal.js";
+import { printJsonReport } from "./reporter/json.js";
+import { generateBadgeSvg, generateBadgeMarkdown } from "./reporter/badge.js";
+import { discoverAgents, printDiscovery } from "./discover.js";
+import { resolveAiConfig, runLlmAnalysis } from "./llm-analyzer.js";
+import { DEFAULT_CONFIG, DEFAULT_IGNORE } from "./config.js";
+const program = new Command();
+program
+    .name("agentshield")
+    .description("Security scanner for AI agent skills, MCP servers, and plugins")
+    .version("0.1.0");
+program
+    .command("scan")
+    .description("Scan a skill/plugin directory for security issues")
+    .argument("<directory>", "Target directory to scan")
+    .option("--json", "Output results as JSON")
+    .option("--fail-under <score>", "Exit with code 1 if score is below threshold", parseInt)
+    .option("--disable <rules>", "Comma-separated rules to disable")
+    .option("--enable <rules>", "Comma-separated rules to enable (only these)")
+    .option("--ai", "Enable AI-powered deep analysis (requires API key)")
+    .option("--provider <provider>", "AI provider: openai | anthropic | ollama (default: auto-detect)")
+    .option("--model <model>", "AI model to use (e.g. gpt-4o, claude-sonnet-4-20250514, llama3)")
+    .action(async (directory, options) => {
+    const target = resolve(directory);
+    if (!existsSync(target) || !statSync(target).isDirectory()) {
+        console.error(`Error: "${directory}" is not a valid directory`);
+        process.exit(1);
+    }
+    const configOverride = {};
+    if (options.disable || options.enable) {
+        configOverride.rules = {};
+        if (options.disable) {
+            configOverride.rules.disable = options.disable.split(",").map((s) => s.trim());
+        }
+        if (options.enable) {
+            configOverride.rules.enable = options.enable.split(",").map((s) => s.trim());
+        }
+    }
+    const result = scan(target, configOverride);
+    // AI-powered deep analysis (optional)
+    if (options.ai) {
+        const llmConfig = resolveAiConfig(options.provider, options.model);
+        if (!llmConfig) {
+            console.error("Error: --ai requires an API key. Set OPENAI_API_KEY, ANTHROPIC_API_KEY, or use --provider ollama.");
+            process.exit(1);
+        }
+        const providerLabel = options.provider || "auto";
+        console.error(`🤖 Running AI analysis (${providerLabel}/${llmConfig.model})...`);
+        const { collectFiles } = await import("./scanner/files.js");
+        const files = collectFiles(target);
+        const llmFindings = await runLlmAnalysis(files, llmConfig);
+        result.findings.push(...llmFindings);
+        const { computeScore } = await import("./score.js");
+        result.score = computeScore(result.findings);
+    }
+    if (options.json) {
+        printJsonReport(result);
+    }
+    else {
+        printReport(result);
+    }
+    const threshold = options.failUnder ?? result.score;
+    if (options.failUnder !== undefined && result.score < options.failUnder) {
+        process.exit(1);
+    }
+});
+program
+    .command("init")
+    .description("Generate .agentshield.yml and .agentshieldignore config files")
+    .argument("[directory]", "Target directory", ".")
+    .action((directory) => {
+    const target = resolve(directory);
+    if (!existsSync(target)) {
+        mkdirSync(target, { recursive: true });
+    }
+    const configPath = join(target, ".agentshield.yml");
+    const ignorePath = join(target, ".agentshieldignore");
+    if (existsSync(configPath)) {
+        console.log(`⚠️  ${configPath} already exists, skipping`);
+    }
+    else {
+        writeFileSync(configPath, DEFAULT_CONFIG);
+        console.log(`✅ Created ${configPath}`);
+    }
+    if (existsSync(ignorePath)) {
+        console.log(`⚠️  ${ignorePath} already exists, skipping`);
+    }
+    else {
+        writeFileSync(ignorePath, DEFAULT_IGNORE);
+        console.log(`✅ Created ${ignorePath}`);
+    }
+});
+program
+    .command("watch")
+    .description("Watch a directory and re-scan on file changes")
+    .argument("<directory>", "Target directory to watch")
+    .option("--json", "Output results as JSON")
+    .action((directory, options) => {
+    const target = resolve(directory);
+    if (!existsSync(target) || !statSync(target).isDirectory()) {
+        console.error(`Error: "${directory}" is not a valid directory`);
+        process.exit(1);
+    }
+    console.log(`👀 Watching ${target} for changes... (Ctrl+C to stop)\n`);
+    const runScan = () => {
+        console.clear();
+        console.log(`👀 Watching ${target} — last scan: ${new Date().toLocaleTimeString()}\n`);
+        const result = scan(target);
+        if (options.json) {
+            printJsonReport(result);
+        }
+        else {
+            printReport(result);
+        }
+    };
+    // Initial scan
+    runScan();
+    // Watch for changes
+    try {
+        const watcher = fsWatch(target, { recursive: true }, () => {
+            runScan();
+        });
+        process.on("SIGINT", () => {
+            watcher.close();
+            process.exit(0);
+        });
+    }
+    catch {
+        console.error("⚠️  fs.watch recursive not supported on this platform. Use: nodemon --exec 'agentshield scan .'");
+    }
+});
+program
+    .command("compare")
+    .description("Compare security scores between two directories or git refs")
+    .argument("<dirA>", "First directory")
+    .argument("<dirB>", "Second directory")
+    .option("--json", "Output as JSON")
+    .action((dirA, dirB, options) => {
+    const targetA = resolve(dirA);
+    const targetB = resolve(dirB);
+    for (const [label, dir] of [["A", targetA], ["B", targetB]]) {
+        if (!existsSync(dir) || !statSync(dir).isDirectory()) {
+            console.error(`Error: directory ${label} "${dir}" is not valid`);
+            process.exit(1);
+        }
+    }
+    const resultA = scan(targetA);
+    const resultB = scan(targetB);
+    if (options.json) {
+        console.log(JSON.stringify({
+            before: { target: resultA.target, score: resultA.score, findings: resultA.findings.length },
+            after: { target: resultB.target, score: resultB.score, findings: resultB.findings.length },
+            delta: resultB.score - resultA.score,
+        }, null, 2));
+        return;
+    }
+    console.log("\n🔄 AgentShield Comparison\n");
+    console.log(`  A: ${dirA} — Score: ${resultA.score}/100 (${resultA.findings.length} findings)`);
+    console.log(`  B: ${dirB} — Score: ${resultB.score}/100 (${resultB.findings.length} findings)`);
+    console.log();
+    const delta = resultB.score - resultA.score;
+    if (delta > 0) {
+        console.log(`  ✅ Improved by ${delta} points`);
+    }
+    else if (delta < 0) {
+        console.log(`  🔴 Degraded by ${Math.abs(delta)} points`);
+    }
+    else {
+        console.log(`  ➡️  No change`);
+    }
+    // Show new findings in B that aren't in A
+    const aKeys = new Set(resultA.findings.map((f) => `${f.rule}:${f.file}:${f.line}`));
+    const newFindings = resultB.findings.filter((f) => !aKeys.has(`${f.rule}:${f.file}:${f.line}`));
+    const fixedFindings = resultA.findings.filter((f) => {
+        const bKeys = new Set(resultB.findings.map((bf) => `${bf.rule}:${bf.file}:${bf.line}`));
+        return !bKeys.has(`${f.rule}:${f.file}:${f.line}`);
+    });
+    if (newFindings.length > 0) {
+        console.log(`\n  🆕 New findings (${newFindings.length}):`);
+        for (const f of newFindings.slice(0, 10)) {
+            console.log(`     ${f.file}${f.line ? `:${f.line}` : ""} — [${f.rule}] ${f.message}`);
+        }
+    }
+    if (fixedFindings.length > 0) {
+        console.log(`\n  ✅ Fixed (${fixedFindings.length}):`);
+        for (const f of fixedFindings.slice(0, 10)) {
+            console.log(`     ${f.file}${f.line ? `:${f.line}` : ""} — [${f.rule}] ${f.message}`);
+        }
+    }
+    console.log();
+});
+program
+    .command("badge")
+    .description("Generate a security badge for your project")
+    .argument("<directory>", "Target directory to scan")
+    .option("--svg", "Output raw SVG")
+    .option("--markdown", "Output markdown badge (default)")
+    .option("-o, --output <file>", "Save SVG to file")
+    .action((directory, options) => {
+    const target = resolve(directory);
+    if (!existsSync(target) || !statSync(target).isDirectory()) {
+        console.error(`Error: "${directory}" is not a valid directory`);
+        process.exit(1);
+    }
+    const result = scan(target);
+    if (options.svg || options.output) {
+        const svg = generateBadgeSvg(result);
+        if (options.output) {
+            writeFileSync(resolve(options.output), svg);
+            console.log(`✅ Badge saved to ${options.output}`);
+        }
+        else {
+            console.log(svg);
+        }
+    }
+    else {
+        // Default: markdown
+        const md = generateBadgeMarkdown(result.score);
+        console.log(md);
+        console.log(`\nPaste this in your README.md to show the badge.`);
+    }
+});
+program
+    .command("discover")
+    .description("Discover installed AI agents, MCP servers, and skills on this machine")
+    .option("--json", "Output as JSON")
+    .option("--scan", "Auto-scan all discovered config and skill directories")
+    .action((options) => {
+    const agents = discoverAgents();
+    if (options.json) {
+        console.log(JSON.stringify({ agents, totalAgents: agents.length, totalMcpServers: agents.reduce((s, a) => s + (a.mcpServerCount || 0), 0) }, null, 2));
+    }
+    else {
+        printDiscovery(agents);
+    }
+    if (options.scan && agents.length > 0) {
+        console.log("\n🔍 Scanning discovered configurations...\n");
+        for (const agent of agents) {
+            const paths = [];
+            if (agent.configPath)
+                paths.push(agent.configPath);
+            if (agent.skillsDir)
+                paths.push(agent.skillsDir);
+            for (const p of paths) {
+                if (existsSync(p) && statSync(p).isDirectory()) {
+                    console.log(`\n📁 ${agent.name}: ${p}`);
+                    const result = scan(p);
+                    printReport(result);
+                }
+            }
+        }
+    }
+});
+// Default: if first arg looks like a directory, treat as scan
+const args = process.argv.slice(2);
+if (args.length > 0 && !args[0].startsWith("-") && !["scan", "init", "watch", "compare", "badge", "discover", "help"].includes(args[0])) {
+    process.argv.splice(2, 0, "scan");
+}
+program.parse();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACtF,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/D,OAAO,EAAuB,eAAe,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACzF,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7D,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,gEAAgE,CAAC;KAC7E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mDAAmD,CAAC;KAChE,QAAQ,CAAC,aAAa,EAAE,0BAA0B,CAAC;KACnD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;KAC1C,MAAM,CAAC,sBAAsB,EAAE,8CAA8C,EAAE,QAAQ,CAAC;KACxF,MAAM,CAAC,mBAAmB,EAAE,kCAAkC,CAAC;KAC/D,MAAM,CAAC,kBAAkB,EAAE,8CAA8C,CAAC;KAC1E,MAAM,CAAC,MAAM,EAAE,oDAAoD,CAAC;KACpE,MAAM,CAAC,uBAAuB,EAAE,iEAAiE,CAAC;KAClG,MAAM,CAAC,iBAAiB,EAAE,iEAAiE,CAAC;KAC5F,MAAM,CAAC,KAAK,EAAE,SAAiB,EAAE,OAAmI,EAAE,EAAE;IACvK,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAElC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,cAAc,GAA4B,EAAE,CAAC;IACnD,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACtC,cAAc,CAAC,KAAK,GAAG,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACnB,cAAc,CAAC,KAAkC,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,cAAc,CAAC,KAAkC,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE5C,sCAAsC;IACtC,IAAI,OAAO,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,mGAAmG,CAAC,CAAC;YACnH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC;QACjD,OAAO,CAAC,KAAK,CAAC,2BAA2B,aAAa,IAAI,SAAS,CAAC,KAAK,MAAM,CAAC,CAAC;QACjF,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC3D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QACrC,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,eAAe,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,WAAW,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC;IACpD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,aAAa,EAAE,kBAAkB,EAAE,GAAG,CAAC;KAChD,MAAM,CAAC,CAAC,SAAiB,EAAE,EAAE;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAElC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IAEtD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,UAAU,2BAA2B,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,UAAU,2BAA2B,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,+CAA+C,CAAC;KAC5D,QAAQ,CAAC,aAAa,EAAE,2BAA2B,CAAC;KACpD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;KAC1C,MAAM,CAAC,CAAC,SAAiB,EAAE,OAA2B,EAAE,EAAE;IACzD,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,oCAAoC,CAAC,CAAC;IAEvE,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,iBAAiB,IAAI,IAAI,EAAE,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;QACvF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,CAAC;IAEF,eAAe;IACf,OAAO,EAAE,CAAC;IAEV,oBAAoB;IACpB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE;YACxD,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;YACxB,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,iGAAiG,CAAC,CAAC;IACnH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,6DAA6D,CAAC;KAC1E,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;KACrC,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;KACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAY,EAAE,IAAY,EAAE,OAA2B,EAAE,EAAE;IAClE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9B,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,CAAC,CAAU,EAAE,CAAC;QACrE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACrD,OAAO,CAAC,KAAK,CAAC,oBAAoB,KAAK,KAAK,GAAG,gBAAgB,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAE9B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzB,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC3F,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC1F,KAAK,EAAE,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK;SACrC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,OAAO,CAAC,KAAK,SAAS,OAAO,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;IAChG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,OAAO,CAAC,KAAK,SAAS,OAAO,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;IAChG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,SAAS,CAAC,CAAC;IACjD,CAAC;SAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjC,CAAC;IAED,0CAA0C;IAC1C,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAChG,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAClD,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACxF,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,wBAAwB,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC;QAC5D,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IACD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,aAAa,CAAC,MAAM,IAAI,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,4CAA4C,CAAC;KACzD,QAAQ,CAAC,aAAa,EAAE,0BAA0B,CAAC;KACnD,MAAM,CAAC,OAAO,EAAE,gBAAgB,CAAC;KACjC,MAAM,CAAC,YAAY,EAAE,iCAAiC,CAAC;KACvD,MAAM,CAAC,qBAAqB,EAAE,kBAAkB,CAAC;KACjD,MAAM,CAAC,CAAC,SAAiB,EAAE,OAA+D,EAAE,EAAE;IAC7F,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAE5B,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,oBAAoB;QACpB,MAAM,EAAE,GAAG,qBAAqB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACnE,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,UAAU,CAAC;KACnB,WAAW,CAAC,uEAAuE,CAAC;KACpF,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,QAAQ,EAAE,uDAAuD,CAAC;KACzE,MAAM,CAAC,CAAC,OAA2C,EAAE,EAAE;IACtD,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACzJ,CAAC;SAAM,CAAC;QACN,cAAc,CAAC,MAAM,CAAC,CAAC;IACzB,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,IAAI,KAAK,CAAC,UAAU;gBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACnD,IAAI,KAAK,CAAC,SAAS;gBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACjD,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;oBAC/C,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC;oBACxC,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;oBACvB,WAAW,CAAC,MAAM,CAAC,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,8DAA8D;AAC9D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;IAC1I,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,24 @@
+/** AgentShield configuration */
+export interface ScanConfig {
+    /** Rules to enable (default: all) */
+    rules?: {
+        enable?: string[];
+        disable?: string[];
+    };
+    /** Severity overrides: rule-id → severity */
+    severity?: Record<string, "critical" | "warning" | "info">;
+    /** Score threshold for CI (same as --fail-under) */
+    failUnder?: number;
+    /** Glob patterns to ignore */
+    ignore?: string[];
+}
+/** Load config from target directory or parents */
+export declare function loadConfig(dir: string): ScanConfig;
+/** Load .agentshieldignore patterns */
+export declare function loadIgnorePatterns(dir: string): string[];
+/** Check if a file path matches any ignore pattern */
+export declare function isIgnored(filePath: string, patterns: string[]): boolean;
+/** Default config content for `agentshield init` */
+export declare const DEFAULT_CONFIG = "# AgentShield Configuration\n# https://github.com/elliotllliu/agentshield\n\nrules:\n  # disable:\n  #   - supply-chain    # skip npm audit\n  #   - phone-home      # allow periodic HTTP\n\n# severity:\n#   sensitive-read: info   # downgrade to info\n\n# failUnder: 70   # CI threshold\n\n# ignore:\n#   - \"tests/**\"\n#   - \"*.test.ts\"\n";
+/** Default ignore content */
+export declare const DEFAULT_IGNORE = "# AgentShield Ignore\n# Patterns here will be excluded from scanning\n\nnode_modules/\ndist/\nbuild/\n.git/\n*.test.ts\n*.test.js\n*.spec.ts\n*.spec.js\n__tests__/\ncoverage/\n";

package/dist/config.js

@@ -0,0 +1,91 @@
+import { readFileSync, existsSync } from "fs";
+import { join } from "path";
+import { parse as parseYaml } from "./yaml-simple.js";
+const CONFIG_NAMES = [".agentshield.yml", ".agentshield.yaml", "agentshield.config.yml"];
+/** Load config from target directory or parents */
+export function loadConfig(dir) {
+    for (const name of CONFIG_NAMES) {
+        const configPath = join(dir, name);
+        if (existsSync(configPath)) {
+            try {
+                const content = readFileSync(configPath, "utf-8");
+                return parseYaml(content);
+            }
+            catch {
+                // invalid config, use defaults
+            }
+        }
+    }
+    return {};
+}
+/** Load .agentshieldignore patterns */
+export function loadIgnorePatterns(dir) {
+    const ignorePath = join(dir, ".agentshieldignore");
+    if (!existsSync(ignorePath))
+        return [];
+    try {
+        return readFileSync(ignorePath, "utf-8")
+            .split("\n")
+            .map((line) => line.trim())
+            .filter((line) => line && !line.startsWith("#"));
+    }
+    catch {
+        return [];
+    }
+}
+/** Check if a file path matches any ignore pattern */
+export function isIgnored(filePath, patterns) {
+    for (const pattern of patterns) {
+        // Simple glob matching: support * and **
+        if (pattern.endsWith("/")) {
+            // Directory pattern
+            if (filePath.startsWith(pattern) || filePath.includes("/" + pattern))
+                return true;
+        }
+        else if (pattern.includes("*")) {
+            const regex = new RegExp("^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
+            if (regex.test(filePath))
+                return true;
+        }
+        else {
+            // Exact match or suffix match
+            if (filePath === pattern || filePath.endsWith("/" + pattern) || filePath.endsWith(pattern))
+                return true;
+        }
+    }
+    return false;
+}
+/** Default config content for `agentshield init` */
+export const DEFAULT_CONFIG = `# AgentShield Configuration
+# https://github.com/elliotllliu/agentshield
+
+rules:
+  # disable:
+  #   - supply-chain    # skip npm audit
+  #   - phone-home      # allow periodic HTTP
+
+# severity:
+#   sensitive-read: info   # downgrade to info
+
+# failUnder: 70   # CI threshold
+
+# ignore:
+#   - "tests/**"
+#   - "*.test.ts"
+`;
+/** Default ignore content */
+export const DEFAULT_IGNORE = `# AgentShield Ignore
+# Patterns here will be excluded from scanning
+
+node_modules/
+dist/
+build/
+.git/
+*.test.ts
+*.test.js
+*.spec.ts
+*.spec.js
+__tests__/
+coverage/
+`;
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAiBtD,MAAM,YAAY,GAAG,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,CAAC;AAEzF,mDAAmD;AACnD,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,SAAS,CAAC,OAAO,CAAe,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,+BAA+B;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC;aACrC,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;aAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,QAAkB;IAC5D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,yCAAyC;QACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,oBAAoB;YACpB,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;QACpF,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,GAAG,CACzF,CAAC;YACF,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,8BAA8B;YAC9B,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1G,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,oDAAoD;AACpD,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;CAgB7B,CAAC;AAEF,6BAA6B;AAC7B,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;CAa7B,CAAC"}

package/dist/discover.d.ts

@@ -0,0 +1,9 @@
+export interface DiscoveredAgent {
+    name: string;
+    configPath: string | null;
+    skillsDir: string | null;
+    mcpServerCount?: number;
+    skillCount?: number;
+}
+export declare function discoverAgents(): DiscoveredAgent[];
+export declare function printDiscovery(agents: DiscoveredAgent[]): void;

package/dist/discover.js

@@ -0,0 +1,143 @@
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import chalk from "chalk";
+const AGENT_CONFIGS = [
+    {
+        name: "Claude Code",
+        configPaths: ["~/.claude.json"],
+        skillsDirs: ["~/.claude/skills"],
+    },
+    {
+        name: "Claude Desktop",
+        configPaths: [
+            "~/Library/Application Support/Claude/claude_desktop_config.json",
+            "~/.config/Claude/claude_desktop_config.json",
+        ],
+        skillsDirs: [],
+    },
+    {
+        name: "Cursor",
+        configPaths: ["~/.cursor/mcp.json"],
+        skillsDirs: ["~/.cursor/skills"],
+    },
+    {
+        name: "VS Code (Copilot)",
+        configPaths: [
+            "~/.vscode/mcp.json",
+            "~/Library/Application Support/Code/User/settings.json",
+            "~/.config/Code/User/settings.json",
+        ],
+        skillsDirs: ["~/.copilot/skills"],
+    },
+    {
+        name: "Windsurf",
+        configPaths: ["~/.codeium/windsurf/mcp_config.json"],
+        skillsDirs: ["~/.codeium/windsurf/skills"],
+    },
+    {
+        name: "Gemini CLI",
+        configPaths: ["~/.gemini/settings.json"],
+        skillsDirs: ["~/.gemini/skills"],
+    },
+    {
+        name: "Codex",
+        configPaths: ["~/.codex/config.json"],
+        skillsDirs: [],
+    },
+    {
+        name: "Kiro",
+        configPaths: ["~/.kiro/settings/mcp.json"],
+        skillsDirs: [],
+    },
+    {
+        name: "OpenCode",
+        configPaths: ["~/.config/opencode/config.json"],
+        skillsDirs: [],
+    },
+    {
+        name: "OpenClaw",
+        configPaths: ["~/.openclaw/config.yaml", "~/.openclaw/config.yml"],
+        skillsDirs: ["~/.openclaw/skills"],
+    },
+];
+function expandHome(p) {
+    if (p.startsWith("~/")) {
+        return join(homedir(), p.slice(2));
+    }
+    return p;
+}
+export function discoverAgents() {
+    const found = [];
+    for (const agent of AGENT_CONFIGS) {
+        let foundConfig = null;
+        let foundSkillsDir = null;
+        for (const configPath of agent.configPaths) {
+            const expanded = expandHome(configPath);
+            if (existsSync(expanded)) {
+                foundConfig = expanded;
+                break;
+            }
+        }
+        for (const skillsDir of agent.skillsDirs) {
+            const expanded = expandHome(skillsDir);
+            if (existsSync(expanded)) {
+                foundSkillsDir = expanded;
+                break;
+            }
+        }
+        if (foundConfig || foundSkillsDir) {
+            let mcpServerCount = 0;
+            if (foundConfig) {
+                try {
+                    const content = readFileSync(foundConfig, "utf-8");
+                    const parsed = JSON.parse(content);
+                    // Try common MCP keys
+                    const servers = parsed.mcpServers || parsed["mcp.servers"] || parsed.context_servers || {};
+                    if (typeof servers === "object" && servers !== null) {
+                        mcpServerCount = Object.keys(servers).length;
+                    }
+                }
+                catch {
+                    // Can't parse — still report agent
+                }
+            }
+            found.push({
+                name: agent.name,
+                configPath: foundConfig,
+                skillsDir: foundSkillsDir,
+                mcpServerCount,
+            });
+        }
+    }
+    return found;
+}
+export function printDiscovery(agents) {
+    console.log();
+    console.log(chalk.bold("🛡️  AgentShield Discovery"));
+    console.log(chalk.dim(`Scanning for installed AI agents on this machine...`));
+    console.log();
+    if (agents.length === 0) {
+        console.log(chalk.yellow("No AI agent installations detected."));
+        console.log(chalk.dim("Supported: Claude Code, Cursor, VS Code, Windsurf, Gemini CLI, Codex, Kiro, OpenClaw"));
+        return;
+    }
+    console.log(chalk.green(`Found ${agents.length} agent installation${agents.length > 1 ? "s" : ""}:`));
+    console.log();
+    for (const agent of agents) {
+        console.log(chalk.bold(`  ${agent.name}`));
+        if (agent.configPath) {
+            console.log(chalk.dim(`    Config: ${agent.configPath}`));
+            if (agent.mcpServerCount && agent.mcpServerCount > 0) {
+                console.log(`    MCP Servers: ${agent.mcpServerCount}`);
+            }
+        }
+        if (agent.skillsDir) {
+            console.log(chalk.dim(`    Skills: ${agent.skillsDir}`));
+        }
+        console.log();
+    }
+    console.log(chalk.dim("Run `agentshield scan <path>` on any config or skills directory above."));
+    console.log();
+}
+//# sourceMappingURL=discover.js.map

package/dist/discover.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discover.js","sourceRoot":"","sources":["../src/discover.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,KAAK,MAAM,OAAO,CAAC;AAQ1B,MAAM,aAAa,GAAkB;IACnC;QACE,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,CAAC,gBAAgB,CAAC;QAC/B,UAAU,EAAE,CAAC,kBAAkB,CAAC;KACjC;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE;YACX,iEAAiE;YACjE,6CAA6C;SAC9C;QACD,UAAU,EAAE,EAAE;KACf;IACD;QACE,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,CAAC,oBAAoB,CAAC;QACnC,UAAU,EAAE,CAAC,kBAAkB,CAAC;KACjC;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE;YACX,oBAAoB;YACpB,uDAAuD;YACvD,mCAAmC;SACpC;QACD,UAAU,EAAE,CAAC,mBAAmB,CAAC;KAClC;IACD;QACE,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,CAAC,qCAAqC,CAAC;QACpD,UAAU,EAAE,CAAC,4BAA4B,CAAC;KAC3C;IACD;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,CAAC,yBAAyB,CAAC;QACxC,UAAU,EAAE,CAAC,kBAAkB,CAAC;KACjC;IACD;QACE,IAAI,EAAE,OAAO;QACb,WAAW,EAAE,CAAC,sBAAsB,CAAC;QACrC,UAAU,EAAE,EAAE;KACf;IACD;QACE,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,CAAC,2BAA2B,CAAC;QAC1C,UAAU,EAAE,EAAE;KACf;IACD;QACE,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,CAAC,gCAAgC,CAAC;QAC/C,UAAU,EAAE,EAAE;KACf;IACD;QACE,IAAI,EAAE,UAAU;QAChB,WAAW,EAAE,CAAC,yBAAyB,EAAE,wBAAwB,CAAC;QAClE,UAAU,EAAE,CAAC,oBAAoB,CAAC;KACnC;CACF,CAAC;AAEF,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAUD,MAAM,UAAU,cAAc;IAC5B,MAAM,KAAK,GAAsB,EAAE,CAAC;IAEpC,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,IAAI,WAAW,GAAkB,IAAI,CAAC;QACtC,IAAI,cAAc,GAAkB,IAAI,CAAC;QAEzC,KAAK,MAAM,UAAU,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;YACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzB,WAAW,GAAG,QAAQ,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACzB,cAAc,GAAG,QAAQ,CAAC;gBAC1B,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,WAAW,IAAI,cAAc,EAAE,CAAC;YAClC,IAAI,cAAc,GAAG,CAAC,CAAC;YACvB,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;oBACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;oBACnC,sBAAsB;oBACtB,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC;oBAC3F,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;wBACpD,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;oBAC/C,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,mCAAmC;gBACrC,CAAC;YACH,CAAC;YACD,KAAK,CAAC,IAAI,CAAC;gBACT,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,UAAU,EAAE,WAAW;gBACvB,SAAS,EAAE,cAAc;gBACzB,cAAc;aACf,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAyB;IACtD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAC,CAAC;QAC/G,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,SAAS,MAAM,CAAC,MAAM,sBAAsB,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACtG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,cAAc,GAAG,CAAC,EAAE,CAAC;gBACrD,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QACD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC,CAAC;IACjG,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC"}

package/dist/llm/anthropic.d.ts

@@ -0,0 +1,10 @@
+import type { LlmProvider, LlmAnalysisResult } from "./types.js";
+/** Anthropic Claude provider */
+export declare class AnthropicProvider implements LlmProvider {
+    name: string;
+    private apiKey;
+    private model;
+    private baseUrl;
+    constructor(apiKey: string, model?: string, baseUrl?: string);
+    analyze(text: string, filename: string): Promise<LlmAnalysisResult>;
+}

package/dist/llm/anthropic.js

@@ -0,0 +1,67 @@
+import { SYSTEM_PROMPT, buildUserPrompt } from "./prompt.js";
+/** Anthropic Claude provider */
+export class AnthropicProvider {
+    name = "anthropic";
+    apiKey;
+    model;
+    baseUrl;
+    constructor(apiKey, model, baseUrl) {
+        this.apiKey = apiKey;
+        this.model = model || "claude-sonnet-4-20250514";
+        this.baseUrl = (baseUrl || "https://api.anthropic.com").replace(/\/$/, "");
+    }
+    async analyze(text, filename) {
+        const response = await fetch(`${this.baseUrl}/v1/messages`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                "x-api-key": this.apiKey,
+                "anthropic-version": "2023-06-01",
+            },
+            body: JSON.stringify({
+                model: this.model,
+                max_tokens: 2048,
+                system: SYSTEM_PROMPT,
+                messages: [
+                    { role: "user", content: buildUserPrompt(text, filename) },
+                ],
+                temperature: 0,
+            }),
+            signal: AbortSignal.timeout(30_000),
+        });
+        if (!response.ok) {
+            const body = await response.text().catch(() => "");
+            throw new Error(`Anthropic API error ${response.status}: ${body.slice(0, 200)}`);
+        }
+        const data = await response.json();
+        const content = data.content?.find(c => c.type === "text")?.text || "[]";
+        const findings = parseFindings(content);
+        return {
+            findings,
+            model: this.model,
+            tokensUsed: data.usage ? data.usage.input_tokens + data.usage.output_tokens : undefined,
+        };
+    }
+}
+function parseFindings(content) {
+    try {
+        // Strip markdown code fences if present
+        const cleaned = content.replace(/^```(?:json)?\n?/gm, "").replace(/\n?```$/gm, "").trim();
+        const parsed = JSON.parse(cleaned);
+        const arr = Array.isArray(parsed) ? parsed : (parsed.findings || parsed.results || []);
+        if (!Array.isArray(arr))
+            return [];
+        return arr
+            .filter((item) => item && typeof item === "object")
+            .map((item) => ({
+            line: typeof item.line === "number" ? item.line : undefined,
+            severity: item.severity === "critical" ? "critical" : "warning",
+            description: String(item.description || "LLM-detected prompt injection"),
+            evidence: item.evidence ? String(item.evidence).slice(0, 120) : undefined,
+        }));
+    }
+    catch {
+        return [];
+    }
+}
+//# sourceMappingURL=anthropic.js.map

package/dist/llm/anthropic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic.js","sourceRoot":"","sources":["../../src/llm/anthropic.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE7D,gCAAgC;AAChC,MAAM,OAAO,iBAAiB;IAC5B,IAAI,GAAG,WAAW,CAAC;IACX,MAAM,CAAS;IACf,KAAK,CAAS;IACd,OAAO,CAAS;IAExB,YAAY,MAAc,EAAE,KAAc,EAAE,OAAgB;QAC1D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,IAAI,0BAA0B,CAAC;QACjD,IAAI,CAAC,OAAO,GAAG,CAAC,OAAO,IAAI,2BAA2B,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAY,EAAE,QAAgB;QAC1C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,cAAc,EAAE;YAC1D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,IAAI,CAAC,MAAM;gBACxB,mBAAmB,EAAE,YAAY;aAClC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,aAAa;gBACrB,QAAQ,EAAE;oBACR,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;iBAC3D;gBACD,WAAW,EAAE,CAAC;aACf,CAAC;YACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAG/B,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC;QACzE,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAExC,OAAO;YACL,QAAQ;YACR,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;SACxF,CAAC;IACJ,CAAC;CACF;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,IAAI,CAAC;QACH,wCAAwC;QACxC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC1F,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,OAAO,EAAE,CAAC;QAEnC,OAAO,GAAG;aACP,MAAM,CAAC,CAAC,IAAa,EAAE,EAAE,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,CAAC;aAC3D,GAAG,CAAC,CAAC,IAA6B,EAAE,EAAE,CAAC,CAAC;YACvC,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;YAC3D,QAAQ,EAAE,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,UAAmB,CAAC,CAAC,CAAC,SAAkB;YACjF,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,+BAA+B,CAAC;YACxE,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;SAC1E,CAAC,CAAC,CAAC;IACR,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}