@elliotllliu/agent-shield 0.3.1

package/dist/rules/mcp-manifest.js

@@ -0,0 +1,270 @@
+/**
+ * Rule: mcp-manifest
+ * Validates MCP (Model Context Protocol) server configurations.
+ *
+ * Checks:
+ * 1. Declared tools/resources vs actual code behavior
+ * 2. Overly broad tool descriptions that could mislead agents
+ * 3. Undeclared file system / network / exec capabilities
+ * 4. Suspicious tool names or descriptions
+ */
+// Patterns indicating MCP server tool registration
+const TOOL_REGISTER_RE = /\.tool\s*\(|addTool\s*\(|registerTool\s*\(|server\.setRequestHandler.*ListTools|tools:\s*\[/;
+// Patterns for MCP resource registration
+const RESOURCE_REGISTER_RE = /\.resource\s*\(|addResource\s*\(|registerResource\s*\(|server\.setRequestHandler.*ListResources|resources:\s*\[/;
+// Dangerous patterns in tool implementations
+const DANGEROUS_TOOL_PATTERNS = [
+    { pattern: /child_process|execSync|exec\(|spawn\(/, desc: "Tool executes shell commands", severity: "critical" },
+    { pattern: /fs\.unlink|fs\.rmdir|fs\.rm\b|rimraf/, desc: "Tool deletes files", severity: "warning" },
+    { pattern: /fs\.writeFile|fs\.appendFile|fs\.createWriteStream/, desc: "Tool writes to file system", severity: "warning" },
+    { pattern: /fetch\s*\(|axios|http\.request|https\.request/, desc: "Tool makes outbound HTTP requests", severity: "warning" },
+    { pattern: /eval\s*\(|new\s+Function\s*\(/, desc: "Tool uses dynamic code execution", severity: "critical" },
+    { pattern: /\.ssh|\.aws|\.env\b|credentials|secret/i, desc: "Tool accesses sensitive paths/credentials", severity: "critical" },
+];
+// Suspicious tool name/description patterns
+const SUSPICIOUS_TOOL_DESC = [
+    { pattern: /run.*any.*command|execute.*arbitrary|shell.*access/i, desc: "Tool claims unrestricted command execution" },
+    { pattern: /access.*all.*files|read.*entire.*filesystem/i, desc: "Tool claims full filesystem access" },
+    { pattern: /send.*data.*to|upload.*to|transmit.*to/i, desc: "Tool description mentions data transmission" },
+    { pattern: /modify.*system|change.*config/i, desc: "Tool claims system modification capability" },
+];
+// Dynamic tool loading patterns (runtime tool registration from external sources)
+const DYNAMIC_TOOL_PATTERNS = [
+    { pattern: /(?:fetch|axios|got|request)\s*\([^)]*(?:tools|schema|manifest|definition)/i, desc: "Fetches tool definitions from external URL" },
+    { pattern: /(?:import|require|load)\s*\([^)]*(?:tool|plugin|extension)\s*(?:url|endpoint|remote)/i, desc: "Dynamically imports tools from remote source" },
+    { pattern: /(?:register|add)Tool\s*\(\s*(?:await\s+)?(?:fetch|get|load)/i, desc: "Registers tools loaded from external source" },
+    { pattern: /tools\s*=\s*(?:await\s+)?(?:fetch|axios|got)\s*\(/i, desc: "Tool list fetched from remote URL" },
+];
+export const mcpManifestRule = {
+    id: "mcp-manifest",
+    name: "MCP Server Validation",
+    description: "Validates MCP server tool/resource declarations against actual code behavior",
+    run(files) {
+        const findings = [];
+        // Entity count and config checks work on any JSON with mcpServers
+        checkEntityCount(files, findings);
+        // Detect if this is an MCP server project for deeper checks
+        const isMcpServer = detectMcpServer(files);
+        if (!isMcpServer)
+            return findings;
+        // Check for MCP manifest/config files
+        checkMcpConfig(files, findings);
+        // Analyze tool implementations for dangerous patterns
+        checkToolImplementations(files, findings);
+        // Check tool descriptions for suspicious claims
+        checkToolDescriptions(files, findings);
+        // Check for dynamic tool loading from external sources
+        checkDynamicToolLoading(files, findings);
+        // Check if tools are registered but have no input validation
+        checkInputValidation(files, findings);
+        return findings;
+    },
+};
+function detectMcpServer(files) {
+    for (const file of files) {
+        // Check package.json for MCP-related deps
+        if (file.relativePath === "package.json") {
+            try {
+                const pkg = JSON.parse(file.content);
+                const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+                if (allDeps["@modelcontextprotocol/sdk"] ||
+                    allDeps["@anthropic-ai/sdk"] ||
+                    pkg.mcp) {
+                    return true;
+                }
+            }
+            catch {
+                // ignore parse errors
+            }
+        }
+        // Check for MCP imports in code
+        if (file.ext === ".ts" || file.ext === ".js" || file.ext === ".mjs") {
+            if (file.content.includes("@modelcontextprotocol/sdk") ||
+                file.content.includes("McpServer") ||
+                file.content.includes("createMcpServer") ||
+                TOOL_REGISTER_RE.test(file.content)) {
+                return true;
+            }
+        }
+        // Check for mcp.json or similar config
+        if (file.relativePath === "mcp.json" ||
+            file.relativePath.endsWith("/mcp.json")) {
+            return true;
+        }
+    }
+    return false;
+}
+function checkMcpConfig(files, findings) {
+    const mcpConfig = files.find((f) => f.relativePath === "mcp.json" || f.relativePath.endsWith("/mcp.json"));
+    if (mcpConfig) {
+        try {
+            const config = JSON.parse(mcpConfig.content);
+            // Check for overly broad permissions
+            if (config.permissions) {
+                const perms = Array.isArray(config.permissions)
+                    ? config.permissions
+                    : Object.keys(config.permissions);
+                if (perms.length > 5) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "warning",
+                        file: mcpConfig.relativePath,
+                        message: `MCP config declares ${perms.length} permissions — consider reducing scope`,
+                    });
+                }
+            }
+            // Check for wildcard or dangerous permissions
+            const configStr = JSON.stringify(config);
+            if (configStr.includes('"*"') || configStr.includes('"all"')) {
+                findings.push({
+                    rule: "mcp-manifest",
+                    severity: "critical",
+                    file: mcpConfig.relativePath,
+                    message: "MCP config uses wildcard/all permissions",
+                });
+            }
+        }
+        catch {
+            findings.push({
+                rule: "mcp-manifest",
+                severity: "warning",
+                file: mcpConfig.relativePath,
+                message: "Invalid JSON in MCP config file",
+            });
+        }
+    }
+}
+function checkToolImplementations(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs" || f.ext === ".cjs");
+    for (const file of codeFiles) {
+        // Only check files that register tools
+        if (!TOOL_REGISTER_RE.test(file.content) && !RESOURCE_REGISTER_RE.test(file.content)) {
+            continue;
+        }
+        for (let i = 0; i < file.lines.length; i++) {
+            const line = file.lines[i];
+            const trimmed = line.trimStart();
+            if (trimmed.startsWith("//") || trimmed.startsWith("*"))
+                continue;
+            for (const { pattern, desc, severity } of DANGEROUS_TOOL_PATTERNS) {
+                if (pattern.test(line)) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity,
+                        file: file.relativePath,
+                        line: i + 1,
+                        message: `MCP tool: ${desc}`,
+                        evidence: line.trim().slice(0, 120),
+                    });
+                    break;
+                }
+            }
+        }
+    }
+}
+function checkToolDescriptions(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs");
+    for (const file of codeFiles) {
+        // Look for tool description strings
+        for (let i = 0; i < file.lines.length; i++) {
+            const line = file.lines[i];
+            for (const { pattern, desc } of SUSPICIOUS_TOOL_DESC) {
+                if (pattern.test(line)) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "warning",
+                        file: file.relativePath,
+                        line: i + 1,
+                        message: `Suspicious MCP tool description: ${desc}`,
+                        evidence: line.trim().slice(0, 120),
+                    });
+                    break;
+                }
+            }
+        }
+    }
+}
+function checkInputValidation(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs");
+    for (const file of codeFiles) {
+        if (!TOOL_REGISTER_RE.test(file.content))
+            continue;
+        // Check for tools that accept path inputs without validation
+        const hasPathInput = /path|file|dir|folder/i.test(file.content);
+        const hasPathValidation = /sanitize|validate|allowlist|whitelist|isAbsolute|normalize|resolve/i.test(file.content);
+        const hasTraversalCheck = /\.\.\//i.test(file.content) || /path.*traversal/i.test(file.content);
+        if (hasPathInput && !hasPathValidation && !hasTraversalCheck) {
+            findings.push({
+                rule: "mcp-manifest",
+                severity: "warning",
+                file: file.relativePath,
+                message: "MCP tool accepts path inputs but has no visible path validation/sanitization",
+            });
+        }
+    }
+}
+/** Check for dynamic tool loading from external sources */
+function checkDynamicToolLoading(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs" || f.ext === ".py");
+    for (const file of codeFiles) {
+        for (let i = 0; i < file.lines.length; i++) {
+            const line = file.lines[i];
+            const trimmed = line.trimStart();
+            if (trimmed.startsWith("//") || trimmed.startsWith("#") || trimmed.startsWith("*"))
+                continue;
+            for (const { pattern, desc } of DYNAMIC_TOOL_PATTERNS) {
+                if (pattern.test(line)) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "critical",
+                        file: file.relativePath,
+                        line: i + 1,
+                        message: `Dynamic tool loading: ${desc}`,
+                        evidence: line.trim().slice(0, 120),
+                    });
+                    break;
+                }
+            }
+        }
+    }
+}
+/** Check entity count (Snyk W002: too many tools/resources) */
+function checkEntityCount(files, findings) {
+    for (const file of files) {
+        if (file.ext !== ".json")
+            continue;
+        try {
+            const config = JSON.parse(file.content);
+            const servers = config.mcpServers || config.servers || {};
+            for (const [serverName, serverConfig] of Object.entries(servers)) {
+                if (!serverConfig || typeof serverConfig !== "object")
+                    continue;
+                const sc = serverConfig;
+                const tools = Array.isArray(sc.tools) ? sc.tools.length : 0;
+                const resources = Array.isArray(sc.resources) ? sc.resources.length : 0;
+                const prompts = Array.isArray(sc.prompts) ? sc.prompts.length : 0;
+                const total = tools + resources + prompts;
+                if (total > 100) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "warning",
+                        file: file.relativePath,
+                        message: `W002: Server "${serverName}" exposes ${total} entities (${tools} tools, ${resources} resources, ${prompts} prompts) — agent performance may degrade above 100`,
+                    });
+                }
+                else if (total > 50) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "info",
+                        file: file.relativePath,
+                        message: `Server "${serverName}" exposes ${total} entities — consider reducing for optimal agent performance`,
+                    });
+                }
+            }
+        }
+        catch {
+            // Not valid JSON
+        }
+    }
+}
+//# sourceMappingURL=mcp-manifest.js.map

package/dist/rules/mcp-manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-manifest.js","sourceRoot":"","sources":["../../src/rules/mcp-manifest.ts"],"names":[],"mappings":"AAEA;;;;;;;;;GASG;AAEH,mDAAmD;AACnD,MAAM,gBAAgB,GACpB,6FAA6F,CAAC;AAEhG,yCAAyC;AACzC,MAAM,oBAAoB,GACxB,iHAAiH,CAAC;AAEpH,6CAA6C;AAC7C,MAAM,uBAAuB,GAA+E;IAC1G,EAAE,OAAO,EAAE,uCAAuC,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChH,EAAE,OAAO,EAAE,sCAAsC,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACpG,EAAE,OAAO,EAAE,oDAAoD,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC1H,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,mCAAmC,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC5H,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,kCAAkC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5G,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE;CAChI,CAAC;AAEF,4CAA4C;AAC5C,MAAM,oBAAoB,GAA6C;IACrE,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,4CAA4C,EAAE;IACtH,EAAE,OAAO,EAAE,8CAA8C,EAAE,IAAI,EAAE,oCAAoC,EAAE;IACvG,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,6CAA6C,EAAE;IAC3G,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,4CAA4C,EAAE;CAClG,CAAC;AAEF,kFAAkF;AAClF,MAAM,qBAAqB,GAA6C;IACtE,EAAE,OAAO,EAAE,4EAA4E,EAAE,IAAI,EAAE,4CAA4C,EAAE;IAC7I,EAAE,OAAO,EAAE,uFAAuF,EAAE,IAAI,EAAE,8CAA8C,EAAE;IAC1J,EAAE,OAAO,EAAE,8DAA8D,EAAE,IAAI,EAAE,6CAA6C,EAAE;IAChI,EAAE,OAAO,EAAE,oDAAoD,EAAE,IAAI,EAAE,mCAAmC,EAAE;CAC7G,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EAAE,8EAA8E;IAE3F,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,kEAAkE;QAClE,gBAAgB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAElC,4DAA4D;QAC5D,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,QAAQ,CAAC;QAElC,sCAAsC;QACtC,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEhC,sDAAsD;QACtD,wBAAwB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAE1C,gDAAgD;QAChD,qBAAqB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEvC,uDAAuD;QACvD,uBAAuB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEzC,6DAA6D;QAC7D,oBAAoB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEtC,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,SAAS,eAAe,CAAC,KAAoB;IAC3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,0CAA0C;QAC1C,IAAI,IAAI,CAAC,YAAY,KAAK,cAAc,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACrC,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;gBAChE,IACE,OAAO,CAAC,2BAA2B,CAAC;oBACpC,OAAO,CAAC,mBAAmB,CAAC;oBAC5B,GAAG,CAAC,GAAG,EACP,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;YACpE,IACE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;gBAClD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBACxC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EACnC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,IACE,IAAI,CAAC,YAAY,KAAK,UAAU;YAChC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EACvC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,KAAoB,EAAE,QAAmB;IAC/D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;IAEF,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAE7C,qCAAqC;YACrC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;oBAC7C,CAAC,CAAC,MAAM,CAAC,WAAW;oBACpB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,SAAS,CAAC,YAAY;wBAC5B,OAAO,EAAE,uBAAuB,KAAK,CAAC,MAAM,wCAAwC;qBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,8CAA8C;YAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,cAAc;oBACpB,QAAQ,EAAE,UAAU;oBACpB,IAAI,EAAE,SAAS,CAAC,YAAY;oBAC5B,OAAO,EAAE,0CAA0C;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,SAAS,CAAC,YAAY;gBAC5B,OAAO,EAAE,iCAAiC;aAC3C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAoB,EAAE,QAAmB;IACzE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CAClF,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,uCAAuC;QACvC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrF,SAAS;QACX,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,uBAAuB,EAAE,CAAC;gBAClE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ;wBACR,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,aAAa,IAAI,EAAE;wBAC5B,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACpC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAoB,EAAE,QAAmB;IACtE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CAC9D,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,oCAAoC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;YAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,oBAAoB,EAAE,CAAC;gBACrD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,oCAAoC,IAAI,EAAE;wBACnD,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACpC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAoB,EAAE,QAAmB;IACrE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CAC9D,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAS;QAEnD,6DAA6D;QAC7D,MAAM,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,MAAM,iBAAiB,GAAG,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnH,MAAM,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEhG,IAAI,YAAY,IAAI,CAAC,iBAAiB,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;gBACvB,OAAO,EAAE,8EAA8E;aACxF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,2DAA2D;AAC3D,SAAS,uBAAuB,CAAC,KAAoB,EAAE,QAAmB;IACxE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,CACjF,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAE7F,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,qBAAqB,EAAE,CAAC;gBACtD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,UAAU;wBACpB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,yBAAyB,IAAI,EAAE;wBACxC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACpC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,+DAA+D;AAC/D,SAAS,gBAAgB,CAAC,KAAoB,EAAE,QAAmB;IACjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO;YAAE,SAAS;QACnC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;YAE1D,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,YAAY,IAAI,OAAO,YAAY,KAAK,QAAQ;oBAAE,SAAS;gBAChE,MAAM,EAAE,GAAG,YAAuC,CAAC;gBACnD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5D,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxE,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClE,MAAM,KAAK,GAAG,KAAK,GAAG,SAAS,GAAG,OAAO,CAAC;gBAE1C,IAAI,KAAK,GAAG,GAAG,EAAE,CAAC;oBAChB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,OAAO,EAAE,iBAAiB,UAAU,aAAa,KAAK,cAAc,KAAK,WAAW,SAAS,eAAe,OAAO,qDAAqD;qBACzK,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,KAAK,GAAG,EAAE,EAAE,CAAC;oBACtB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,MAAM;wBAChB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,OAAO,EAAE,WAAW,UAAU,aAAa,KAAK,6DAA6D;qBAC9G,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/rules/network-ssrf.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const networkSsrfRule: Rule;

package/dist/rules/network-ssrf.js

@@ -0,0 +1,51 @@
+/**
+ * Rule: network-ssrf
+ * Detects Server-Side Request Forgery patterns — user-controlled URLs in HTTP requests.
+ */
+const SSRF_PATTERNS = [
+    // Template literals in fetch/request
+    { pattern: /fetch\s*\(\s*`[^`]*\$\{/, desc: "fetch() with template literal URL — potential SSRF", severity: "warning" },
+    { pattern: /axios\.\w+\s*\(\s*`[^`]*\$\{/, desc: "axios with template literal URL — potential SSRF", severity: "warning" },
+    { pattern: /http\.request\s*\(\s*`[^`]*\$\{/, desc: "http.request with template literal URL — potential SSRF", severity: "warning" },
+    // URL constructed from user input
+    { pattern: /new\s+URL\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.)/, desc: "URL from request parameters — potential SSRF", severity: "critical" },
+    { pattern: /fetch\s*\(\s*(?:req\.|request\.|params\.|query\.|body\.)/, desc: "fetch() with request parameter — potential SSRF", severity: "critical" },
+    // Redirect to user-controlled URL
+    { pattern: /redirect\s*\(\s*(?:req\.|request\.|params\.|query\.)/, desc: "Open redirect — user-controlled redirect URL", severity: "warning" },
+    // Internal network access patterns
+    { pattern: /127\.0\.0\.1|0\.0\.0\.0|localhost.*fetch|fetch.*localhost/i, desc: "Request to localhost — verify if intentional", severity: "warning" },
+    { pattern: /169\.254\.169\.254/, desc: "AWS metadata endpoint access — potential SSRF", severity: "critical" },
+];
+export const networkSsrfRule = {
+    id: "network-ssrf",
+    name: "Server-Side Request Forgery",
+    description: "Detects user-controlled URLs in HTTP requests and internal network access",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                const trimmed = line.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#"))
+                    continue;
+                for (const { pattern, desc, severity } of SSRF_PATTERNS) {
+                    if (pattern.test(line)) {
+                        findings.push({
+                            rule: "network-ssrf",
+                            severity,
+                            file: file.relativePath,
+                            line: i + 1,
+                            message: desc,
+                            evidence: line.trim().slice(0, 120),
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=network-ssrf.js.map

package/dist/rules/network-ssrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-ssrf.js","sourceRoot":"","sources":["../../src/rules/network-ssrf.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,aAAa,GAA+E;IAChG,qCAAqC;IACrC,EAAE,OAAO,EAAE,yBAAyB,EAAE,IAAI,EAAE,oDAAoD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACvH,EAAE,OAAO,EAAE,8BAA8B,EAAE,IAAI,EAAE,kDAAkD,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC1H,EAAE,OAAO,EAAE,iCAAiC,EAAE,IAAI,EAAE,yDAAyD,EAAE,QAAQ,EAAE,SAAS,EAAE;IACpI,kCAAkC;IAClC,EAAE,OAAO,EAAE,8DAA8D,EAAE,IAAI,EAAE,8CAA8C,EAAE,QAAQ,EAAE,UAAU,EAAE;IACvJ,EAAE,OAAO,EAAE,0DAA0D,EAAE,IAAI,EAAE,iDAAiD,EAAE,QAAQ,EAAE,UAAU,EAAE;IACtJ,kCAAkC;IAClC,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,8CAA8C,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC9I,mCAAmC;IACnC,EAAE,OAAO,EAAE,4DAA4D,EAAE,IAAI,EAAE,8CAA8C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACpJ,EAAE,OAAO,EAAE,oBAAoB,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,UAAU,EAAE;CAC/G,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,6BAA6B;IACnC,WAAW,EAAE,2EAA2E;IAExF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,aAAa,EAAE,CAAC;oBACxD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,cAAc;4BACpB,QAAQ;4BACR,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,IAAI;4BACb,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBACpC,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/obfuscation.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const obfuscationRule: Rule;

package/dist/rules/obfuscation.js

@@ -0,0 +1,51 @@
+/**
+ * Rule: obfuscation
+ * Detects base64 decoding + eval/exec combos and other obfuscation patterns.
+ */
+const OBFUSCATION_PATTERNS = [
+    { pattern: /atob\s*\(.*\beval\b|eval\s*\(.*\batob\b/, desc: "atob() + eval() combo", severity: "critical" },
+    { pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\beval\b/, desc: "Base64 decode + eval()", severity: "critical" },
+    { pattern: /Buffer\.from\s*\([^)]*,\s*["']base64["']\).*\bexec\b/, desc: "Base64 decode + exec()", severity: "critical" },
+    { pattern: /\bString\.fromCharCode\s*\(/, desc: "String.fromCharCode() — potential obfuscation", severity: "warning" },
+    { pattern: /\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}/, desc: "Hex-encoded string sequence", severity: "warning" },
+    { pattern: /\\u00[0-9a-f]{2}\\u00[0-9a-f]{2}/, desc: "Unicode-escaped string sequence", severity: "warning" },
+];
+export const obfuscationRule = {
+    id: "obfuscation",
+    name: "Code Obfuscation",
+    description: "Detects base64+eval combos, hex encoding, and other obfuscation techniques",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            // Check multi-line patterns across entire content
+            for (const { pattern, desc, severity } of OBFUSCATION_PATTERNS.slice(0, 3)) {
+                if (pattern.test(file.content)) {
+                    // Find the line with eval/exec
+                    for (let i = 0; i < file.lines.length; i++) {
+                        if (/\beval\b|\bexec\b/.test(file.lines[i])) {
+                            findings.push({ rule: "obfuscation", severity, file: file.relativePath, line: i + 1, message: desc, evidence: file.lines[i].trim().slice(0, 120) });
+                            break;
+                        }
+                    }
+                }
+            }
+            // Per-line patterns
+            for (let i = 0; i < file.lines.length; i++) {
+                const line = file.lines[i];
+                const trimmed = line.trimStart();
+                if (trimmed.startsWith("//") || trimmed.startsWith("#"))
+                    continue;
+                for (const { pattern, desc, severity } of OBFUSCATION_PATTERNS.slice(3)) {
+                    if (pattern.test(line)) {
+                        findings.push({ rule: "obfuscation", severity, file: file.relativePath, line: i + 1, message: desc, evidence: line.trim().slice(0, 120) });
+                        break;
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=obfuscation.js.map

package/dist/rules/obfuscation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.js","sourceRoot":"","sources":["../../src/rules/obfuscation.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,oBAAoB,GAIrB;IACH,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,uBAAuB,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC3G,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzH,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,wBAAwB,EAAE,QAAQ,EAAE,UAAU,EAAE;IACzH,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,+CAA+C,EAAE,QAAQ,EAAE,SAAS,EAAE;IACtH,EAAE,OAAO,EAAE,4CAA4C,EAAE,IAAI,EAAE,6BAA6B,EAAE,QAAQ,EAAE,SAAS,EAAE;IACnH,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,iCAAiC,EAAE,QAAQ,EAAE,SAAS,EAAE;CAC9G,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,aAAa;IACjB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,4EAA4E;IAEzF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,kDAAkD;YAClD,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;gBAC3E,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC/B,+BAA+B;oBAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3C,IAAI,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;4BAC7C,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;4BACrJ,MAAM;wBACR,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,oBAAoB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;oBACxE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;wBAC3I,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/phone-home.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const phoneHomeRule: Rule;

package/dist/rules/phone-home.js

@@ -0,0 +1,38 @@
+/**
+ * Rule: phone-home
+ * Detects periodic timers combined with HTTP requests — "calling home" patterns.
+ */
+const TIMER_RE = /setInterval\s*\(|cron\s*\(|schedule\s*\(|setTimeout.*setInterval|recurring|periodic/i;
+const HTTP_RE = /fetch\s*\(|axios\.|http\.request|https\.request|\.post\s*\(|\.get\s*\(/i;
+export const phoneHomeRule = {
+    id: "phone-home",
+    name: "Phone Home / Beacon",
+    description: "Detects periodic timers combined with HTTP requests (heartbeat/beacon pattern)",
+    run(files) {
+        const findings = [];
+        for (const file of files) {
+            if (file.ext === ".json" || file.ext === ".yaml" || file.ext === ".yml" || file.ext === ".md")
+                continue;
+            const hasTimer = TIMER_RE.test(file.content);
+            const hasHttp = HTTP_RE.test(file.content);
+            if (hasTimer && hasHttp) {
+                // Find the timer line
+                for (let i = 0; i < file.lines.length; i++) {
+                    if (TIMER_RE.test(file.lines[i])) {
+                        findings.push({
+                            rule: "phone-home",
+                            severity: "warning",
+                            file: file.relativePath,
+                            line: i + 1,
+                            message: "Periodic timer + HTTP request — possible beacon/phone-home pattern",
+                            evidence: file.lines[i].trim().slice(0, 120),
+                        });
+                        break;
+                    }
+                }
+            }
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=phone-home.js.map

package/dist/rules/phone-home.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"phone-home.js","sourceRoot":"","sources":["../../src/rules/phone-home.ts"],"names":[],"mappings":"AAEA;;;GAGG;AAEH,MAAM,QAAQ,GAAG,sFAAsF,CAAC;AACxG,MAAM,OAAO,GAAG,yEAAyE,CAAC;AAE1F,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,YAAY;IAChB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,gFAAgF;IAE7F,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,OAAO,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK;gBAAE,SAAS;YAExG,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAE3C,IAAI,QAAQ,IAAI,OAAO,EAAE,CAAC;gBACxB,sBAAsB;gBACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBAClC,QAAQ,CAAC,IAAI,CAAC;4BACZ,IAAI,EAAE,YAAY;4BAClB,QAAQ,EAAE,SAAS;4BACnB,IAAI,EAAE,IAAI,CAAC,YAAY;4BACvB,IAAI,EAAE,CAAC,GAAG,CAAC;4BACX,OAAO,EAAE,oEAAoE;4BAC7E,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;yBAC9C,CAAC,CAAC;wBACH,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/privilege.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const privilegeRule: Rule;

package/dist/rules/privilege.js

@@ -0,0 +1,111 @@
+import matter from "gray-matter";
+/**
+ * Rule: privilege
+ * Compares declared permissions in SKILL.md vs actual API usage in code.
+ */
+// Map of capabilities to code patterns that indicate their use
+const CAPABILITY_PATTERNS = {
+    exec: /child_process|execSync|exec\(|spawn\(|os\.system|subprocess|ShellAction/i,
+    read: /readFile|readFileSync|fs\.read|open\(.*["']r/i,
+    write: /writeFile|writeFileSync|fs\.write|appendFile|open\(.*["']w/i,
+    web_fetch: /fetch\s*\(|axios|http\.request|https\.request|requests\.(get|post)/i,
+    browser: /puppeteer|playwright|selenium|webdriver|BrowserAction/i,
+    network: /net\.connect|dgram|WebSocket|Socket/i,
+};
+export const privilegeRule = {
+    id: "privilege",
+    name: "Privilege Mismatch",
+    description: "Compares declared permissions in SKILL.md against actual code behavior",
+    run(files) {
+        const findings = [];
+        // Find SKILL.md
+        const skillMd = files.find((f) => f.relativePath === "SKILL.md" || f.relativePath.endsWith("/SKILL.md"));
+        if (!skillMd) {
+            // No SKILL.md — can't check permissions
+            findings.push({
+                rule: "privilege",
+                severity: "info",
+                file: ".",
+                message: "No SKILL.md found — permission analysis skipped",
+            });
+            return findings;
+        }
+        // Parse frontmatter
+        let meta = {};
+        try {
+            const { data } = matter(skillMd.content);
+            meta = data;
+        }
+        catch {
+            // not valid frontmatter
+        }
+        // Extract declared permissions (from frontmatter or body)
+        const declaredPerms = new Set();
+        if (Array.isArray(meta.permissions)) {
+            for (const p of meta.permissions) {
+                if (typeof p === "string")
+                    declaredPerms.add(p.toLowerCase());
+            }
+        }
+        // Also scan SKILL.md body for permission keywords
+        const bodyPermsMatch = skillMd.content.match(/permissions?:\s*([\w,\s]+)/i);
+        if (bodyPermsMatch) {
+            for (const p of bodyPermsMatch[1].split(/[,\s]+/)) {
+                if (p.trim())
+                    declaredPerms.add(p.trim().toLowerCase());
+            }
+        }
+        // Scan code files for actual capability usage
+        const codeFiles = files.filter((f) => f.ext !== ".md" && f.ext !== ".json" && f.ext !== ".yaml" && f.ext !== ".yml");
+        const usedCapabilities = new Set();
+        const capabilityLocations = {};
+        for (const file of codeFiles) {
+            for (const [cap, pattern] of Object.entries(CAPABILITY_PATTERNS)) {
+                for (let i = 0; i < file.lines.length; i++) {
+                    if (pattern.test(file.lines[i])) {
+                        usedCapabilities.add(cap);
+                        if (!capabilityLocations[cap])
+                            capabilityLocations[cap] = [];
+                        capabilityLocations[cap].push({ file: file.relativePath, line: i + 1 });
+                    }
+                }
+            }
+        }
+        // Report undeclared capabilities
+        for (const cap of usedCapabilities) {
+            if (declaredPerms.size > 0 && !declaredPerms.has(cap)) {
+                const locations = capabilityLocations[cap] || [];
+                const first = locations[0];
+                findings.push({
+                    rule: "privilege",
+                    severity: "warning",
+                    file: first?.file || skillMd.relativePath,
+                    line: first?.line,
+                    message: `Code uses '${cap}' capability but SKILL.md doesn't declare it (found in ${locations.length} location${locations.length > 1 ? "s" : ""})`,
+                });
+            }
+        }
+        // Report declared but unused permissions
+        for (const perm of declaredPerms) {
+            if (!usedCapabilities.has(perm) && CAPABILITY_PATTERNS[perm]) {
+                findings.push({
+                    rule: "privilege",
+                    severity: "info",
+                    file: skillMd.relativePath,
+                    message: `SKILL.md declares '${perm}' permission but code doesn't appear to use it`,
+                });
+            }
+        }
+        // Report used capabilities as info
+        if (usedCapabilities.size > 0) {
+            findings.push({
+                rule: "privilege",
+                severity: "info",
+                file: skillMd.relativePath,
+                message: `Detected capabilities: ${[...usedCapabilities].join(", ")}`,
+            });
+        }
+        return findings;
+    },
+};
+//# sourceMappingURL=privilege.js.map

package/dist/rules/privilege.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privilege.js","sourceRoot":"","sources":["../../src/rules/privilege.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAGjC;;;GAGG;AAEH,+DAA+D;AAC/D,MAAM,mBAAmB,GAA2B;IAClD,IAAI,EAAE,0EAA0E;IAChF,IAAI,EAAE,+CAA+C;IACrD,KAAK,EAAE,6DAA6D;IACpE,SAAS,EAAE,qEAAqE;IAChF,OAAO,EAAE,wDAAwD;IACjE,OAAO,EAAE,sCAAsC;CAChD,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAS;IACjC,EAAE,EAAE,WAAW;IACf,IAAI,EAAE,oBAAoB;IAC1B,WAAW,EAAE,wEAAwE;IAErF,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,gBAAgB;QAChB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,wCAAwC;YACxC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,GAAG;gBACT,OAAO,EAAE,iDAAiD;aAC3D,CAAC,CAAC;YACH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,GAAkB,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,GAAG,IAAqB,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;QAED,0DAA0D;QAC1D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;QACxC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjC,IAAI,OAAO,CAAC,KAAK,QAAQ;oBAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;QAED,kDAAkD;QAClD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC5E,IAAI,cAAc,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,IAAI,cAAc,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,CAAC,IAAI,EAAE;oBAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CACrF,CAAC;QAEF,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC3C,MAAM,mBAAmB,GAAqD,EAAE,CAAC;QAEjF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;wBACjC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;wBAC1B,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC;4BAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;wBAC7D,mBAAmB,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;oBAC3E,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;YACnC,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,MAAM,SAAS,GAAG,mBAAmB,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC3B,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,WAAW;oBACjB,QAAQ,EAAE,SAAS;oBACnB,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,OAAO,CAAC,YAAY;oBACzC,IAAI,EAAE,KAAK,EAAE,IAAI;oBACjB,OAAO,EAAE,cAAc,GAAG,0DAA0D,SAAS,CAAC,MAAM,YAAY,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG;iBACnJ,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,WAAW;oBACjB,QAAQ,EAAE,MAAM;oBAChB,IAAI,EAAE,OAAO,CAAC,YAAY;oBAC1B,OAAO,EAAE,sBAAsB,IAAI,gDAAgD;iBACpF,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mCAAmC;QACnC,IAAI,gBAAgB,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,IAAI,EAAE,OAAO,CAAC,YAAY;gBAC1B,OAAO,EAAE,0BAA0B,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aACtE,CAAC,CAAC;QACL,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC"}

package/dist/rules/prompt-injection.d.ts

@@ -0,0 +1,2 @@
+import type { Rule } from "../types.js";
+export declare const promptInjection: Rule;