npm - @elliotllliu/agentshield - Versions diffs - 0.1.0 → 0.2.0 - Mend

@elliotllliu/agentshield 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md +84 -3
package/README.zh-CN.md +66 -0
package/dist/cli.js +175 -5
package/dist/cli.js.map +1 -1
package/dist/config.d.ts +24 -0
package/dist/config.js +91 -0
package/dist/config.js.map +1 -0
package/dist/reporter/badge.d.ts +7 -0
package/dist/reporter/badge.js +50 -0
package/dist/reporter/badge.js.map +1 -0
package/dist/rules/index.js +2 -0
package/dist/rules/index.js.map +1 -1
package/dist/rules/mcp-manifest.d.ts +2 -0
package/dist/rules/mcp-manifest.js +195 -0
package/dist/rules/mcp-manifest.js.map +1 -0
package/dist/scanner/index.d.ts +2 -2
package/dist/scanner/index.js +33 -3
package/dist/scanner/index.js.map +1 -1
package/dist/types.d.ts +10 -0
package/dist/yaml-simple.d.ts +6 -0
package/dist/yaml-simple.js +98 -0
package/dist/yaml-simple.js.map +1 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -7,7 +7,7 @@ Catch data exfiltration, backdoors, privilege escalation, and supply chain vulne
 ## Quick Start
 ```bash
-npx agentshield scan ./my-skill/
+npx @elliotllliu/agentshield scan ./my-skill/
 ```
 ## What It Detects
@@ -29,6 +29,8 @@ npx agentshield scan ./my-skill/
 | `sensitive-read` | 🟡 Warning | Accesses `~/.ssh/id_rsa`, `~/.aws/credentials`, etc. |
 | `excessive-perms` | 🟡 Warning | Too many or dangerous permissions in SKILL.md |
 | `phone-home` | 🟡 Warning | Periodic timers + HTTP requests (beacon/heartbeat pattern) |
+| `mcp-manifest` | 🟡 Warning | MCP server: wildcard perms, undeclared capabilities, suspicious tool descriptions |
+| `mcp-manifest` | 🟡 Warning | MCP server tool/resource declarations vs actual code behavior |
 ## Example Output
@@ -63,18 +65,97 @@ agentshield scan ./skill/ --json
 # Fail CI if score is below threshold
 agentshield scan ./skill/ --fail-under 70
+# Disable specific rules
+agentshield scan ./skill/ --disable supply-chain,phone-home
+# Only run specific rules
+agentshield scan ./skill/ --enable backdoor,data-exfil
 # Shorthand (directory as first arg)
 agentshield ./skill/
+# Generate config files
+agentshield init
+# Watch mode (re-scan on changes)
+agentshield watch ./skill/
+# Compare two versions
+agentshield compare ./skill-v1/ ./skill-v2/
+```
+## Configuration
+Create `.agentshield.yml` in your project (or run `agentshield init`):
+```yaml
+rules:
+  disable:
+    - supply-chain    # skip npm audit
+    - phone-home      # allow periodic HTTP
+severity:
+  sensitive-read: info   # downgrade to info
+failUnder: 70   # CI threshold
+ignore:
+  - "tests/**"
+  - "*.test.ts"
+```
+### `.agentshieldignore`
+Exclude files from scanning (same syntax as `.gitignore`):
+```
+node_modules/
+dist/
+*.test.ts
+__tests__/
 ```
 ## CI Integration
+### GitHub Action (recommended)
+```yaml
+# .github/workflows/security.yml
+name: Security Scan
+on: [push, pull_request]
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: elliotllliu/agentshield@main
+        with:
+          path: './skills/'
+          fail-under: '70'
+```
+### npx one-liner
 ```yaml
-# GitHub Actions
 - name: Security scan
-  run: npx agentshield scan ./skills/ --fail-under 70
+  run: npx -y @elliotllliu/agentshield scan ./skills/ --fail-under 70
 ```
+### Action Inputs
+| Input | Default | Description |
+|-------|---------|-------------|
+| `path` | `.` | Directory to scan |
+| `fail-under` | *(none)* | Fail if score is below threshold (0-100) |
+| `format` | `terminal` | Output format: `terminal` or `json` |
+### Action Outputs
+| Output | Description |
+|--------|-------------|
+| `score` | Security score (0-100) |
+| `findings` | Number of findings |
 ## Scoring
 Starts at 100, deducts per finding:

package/README.zh-CN.md ADDED Viewed

@@ -0,0 +1,66 @@
+# 🛡️ AgentShield
+AI Agent 技能/插件安全扫描器
+在安装第三方 AI 技能之前，扫描数据窃取、后门、权限越界和供应链漏洞。
+## 快速开始
+```bash
+npx @elliotllliu/agentshield scan ./my-skill/
+```
+## 检测能力
+| 规则 | 级别 | 说明 |
+|------|------|------|
+| `data-exfil` | 🔴 严重 | 读取敏感文件 + 发送 HTTP 请求（数据外泄） |
+| `backdoor` | 🔴 严重 | `eval()`、`exec()`、动态代码执行 |
+| `reverse-shell` | 🔴 严重 | Socket 外连 + Shell 管道（反弹 Shell） |
+| `crypto-mining` | 🔴 严重 | 挖矿池连接、已知挖矿程序 |
+| `credential-hardcode` | 🔴 严重 | 硬编码 AWS Key、GitHub PAT、Stripe Key |
+| `env-leak` | 🔴 严重 | 环境变量读取 + HTTP 外发 |
+| `obfuscation` | 🔴 严重 | base64+eval 混淆、十六进制编码 |
+| `typosquatting` | 🔴 严重 | npm 包名拼写仿冒（如 `1odash`） |
+| `hidden-files` | 🔴 严重 | `.env` 文件包含明文密钥 |
+| `network-ssrf` | 🟡 警告 | 用户可控 URL、SSRF、AWS 元数据端点 |
+| `privilege` | 🟡 警告 | SKILL.md 声明权限 vs 代码实际行为不匹配 |
+| `supply-chain` | 🟡 警告 | npm 依赖已知 CVE 漏洞 |
+| `sensitive-read` | 🟡 警告 | 读取 SSH 密钥、AWS 凭证等 |
+| `excessive-perms` | 🟡 警告 | 权限声明过多或过于危险 |
+| `phone-home` | 🟡 警告 | 定时器 + HTTP 请求（心跳/信标模式） |
+## 使用方法
+```bash
+# 扫描目录
+npx @elliotllliu/agentshield scan ./path/to/skill/
+# JSON 输出（适用于 CI/CD）
+npx @elliotllliu/agentshield scan ./skill/ --json
+# CI 门禁：分数低于阈值则失败
+npx @elliotllliu/agentshield scan ./skill/ --fail-under 70
+```
+## GitHub Actions 集成
+```yaml
+- uses: elliotllliu/agentshield@main
+  with:
+    path: './skills/'
+    fail-under: '70'
+```
+## 安全评分
+| 分数 | 风险等级 |
+|------|----------|
+| 90-100 | 低风险 ✅ |
+| 70-89 | 中等风险 🟡 |
+| 40-69 | 高风险 🟠 |
+| 0-39 | 严重风险 🔴 |
+## 许可证
+MIT

package/dist/cli.js CHANGED Viewed

@@ -1,10 +1,12 @@
 #!/usr/bin/env node
 import { Command } from "commander";
-import { resolve } from "path";
-import { existsSync, statSync } from "fs";
+import { resolve, join } from "path";
+import { existsSync, statSync, writeFileSync, watch as fsWatch, mkdirSync } from "fs";
 import { scan } from "./scanner/index.js";
 import { printReport } from "./reporter/terminal.js";
 import { printJsonReport } from "./reporter/json.js";
+import { generateBadgeSvg, generateBadgeMarkdown } from "./reporter/badge.js";
+import { DEFAULT_CONFIG, DEFAULT_IGNORE } from "./config.js";
 const program = new Command();
 program
     .name("agentshield")
@@ -16,27 +18,195 @@ program
     .argument("<directory>", "Target directory to scan")
     .option("--json", "Output results as JSON")
     .option("--fail-under <score>", "Exit with code 1 if score is below threshold", parseInt)
+    .option("--disable <rules>", "Comma-separated rules to disable")
+    .option("--enable <rules>", "Comma-separated rules to enable (only these)")
     .action((directory, options) => {
     const target = resolve(directory);
     if (!existsSync(target) || !statSync(target).isDirectory()) {
         console.error(`Error: "${directory}" is not a valid directory`);
         process.exit(1);
     }
-    const result = scan(target);
+    const configOverride = {};
+    if (options.disable || options.enable) {
+        configOverride.rules = {};
+        if (options.disable) {
+            configOverride.rules.disable = options.disable.split(",").map((s) => s.trim());
+        }
+        if (options.enable) {
+            configOverride.rules.enable = options.enable.split(",").map((s) => s.trim());
+        }
+    }
+    const result = scan(target, configOverride);
     if (options.json) {
         printJsonReport(result);
     }
     else {
         printReport(result);
     }
+    const threshold = options.failUnder ?? result.score;
     if (options.failUnder !== undefined && result.score < options.failUnder) {
         process.exit(1);
     }
 });
+program
+    .command("init")
+    .description("Generate .agentshield.yml and .agentshieldignore config files")
+    .argument("[directory]", "Target directory", ".")
+    .action((directory) => {
+    const target = resolve(directory);
+    if (!existsSync(target)) {
+        mkdirSync(target, { recursive: true });
+    }
+    const configPath = join(target, ".agentshield.yml");
+    const ignorePath = join(target, ".agentshieldignore");
+    if (existsSync(configPath)) {
+        console.log(`⚠️  ${configPath} already exists, skipping`);
+    }
+    else {
+        writeFileSync(configPath, DEFAULT_CONFIG);
+        console.log(`✅ Created ${configPath}`);
+    }
+    if (existsSync(ignorePath)) {
+        console.log(`⚠️  ${ignorePath} already exists, skipping`);
+    }
+    else {
+        writeFileSync(ignorePath, DEFAULT_IGNORE);
+        console.log(`✅ Created ${ignorePath}`);
+    }
+});
+program
+    .command("watch")
+    .description("Watch a directory and re-scan on file changes")
+    .argument("<directory>", "Target directory to watch")
+    .option("--json", "Output results as JSON")
+    .action((directory, options) => {
+    const target = resolve(directory);
+    if (!existsSync(target) || !statSync(target).isDirectory()) {
+        console.error(`Error: "${directory}" is not a valid directory`);
+        process.exit(1);
+    }
+    console.log(`👀 Watching ${target} for changes... (Ctrl+C to stop)\n`);
+    const runScan = () => {
+        console.clear();
+        console.log(`👀 Watching ${target} — last scan: ${new Date().toLocaleTimeString()}\n`);
+        const result = scan(target);
+        if (options.json) {
+            printJsonReport(result);
+        }
+        else {
+            printReport(result);
+        }
+    };
+    // Initial scan
+    runScan();
+    // Watch for changes
+    try {
+        const watcher = fsWatch(target, { recursive: true }, () => {
+            runScan();
+        });
+        process.on("SIGINT", () => {
+            watcher.close();
+            process.exit(0);
+        });
+    }
+    catch {
+        console.error("⚠️  fs.watch recursive not supported on this platform. Use: nodemon --exec 'agentshield scan .'");
+    }
+});
+program
+    .command("compare")
+    .description("Compare security scores between two directories or git refs")
+    .argument("<dirA>", "First directory")
+    .argument("<dirB>", "Second directory")
+    .option("--json", "Output as JSON")
+    .action((dirA, dirB, options) => {
+    const targetA = resolve(dirA);
+    const targetB = resolve(dirB);
+    for (const [label, dir] of [["A", targetA], ["B", targetB]]) {
+        if (!existsSync(dir) || !statSync(dir).isDirectory()) {
+            console.error(`Error: directory ${label} "${dir}" is not valid`);
+            process.exit(1);
+        }
+    }
+    const resultA = scan(targetA);
+    const resultB = scan(targetB);
+    if (options.json) {
+        console.log(JSON.stringify({
+            before: { target: resultA.target, score: resultA.score, findings: resultA.findings.length },
+            after: { target: resultB.target, score: resultB.score, findings: resultB.findings.length },
+            delta: resultB.score - resultA.score,
+        }, null, 2));
+        return;
+    }
+    console.log("\n🔄 AgentShield Comparison\n");
+    console.log(`  A: ${dirA} — Score: ${resultA.score}/100 (${resultA.findings.length} findings)`);
+    console.log(`  B: ${dirB} — Score: ${resultB.score}/100 (${resultB.findings.length} findings)`);
+    console.log();
+    const delta = resultB.score - resultA.score;
+    if (delta > 0) {
+        console.log(`  ✅ Improved by ${delta} points`);
+    }
+    else if (delta < 0) {
+        console.log(`  🔴 Degraded by ${Math.abs(delta)} points`);
+    }
+    else {
+        console.log(`  ➡️  No change`);
+    }
+    // Show new findings in B that aren't in A
+    const aKeys = new Set(resultA.findings.map((f) => `${f.rule}:${f.file}:${f.line}`));
+    const newFindings = resultB.findings.filter((f) => !aKeys.has(`${f.rule}:${f.file}:${f.line}`));
+    const fixedFindings = resultA.findings.filter((f) => {
+        const bKeys = new Set(resultB.findings.map((bf) => `${bf.rule}:${bf.file}:${bf.line}`));
+        return !bKeys.has(`${f.rule}:${f.file}:${f.line}`);
+    });
+    if (newFindings.length > 0) {
+        console.log(`\n  🆕 New findings (${newFindings.length}):`);
+        for (const f of newFindings.slice(0, 10)) {
+            console.log(`     ${f.file}${f.line ? `:${f.line}` : ""} — [${f.rule}] ${f.message}`);
+        }
+    }
+    if (fixedFindings.length > 0) {
+        console.log(`\n  ✅ Fixed (${fixedFindings.length}):`);
+        for (const f of fixedFindings.slice(0, 10)) {
+            console.log(`     ${f.file}${f.line ? `:${f.line}` : ""} — [${f.rule}] ${f.message}`);
+        }
+    }
+    console.log();
+});
+program
+    .command("badge")
+    .description("Generate a security badge for your project")
+    .argument("<directory>", "Target directory to scan")
+    .option("--svg", "Output raw SVG")
+    .option("--markdown", "Output markdown badge (default)")
+    .option("-o, --output <file>", "Save SVG to file")
+    .action((directory, options) => {
+    const target = resolve(directory);
+    if (!existsSync(target) || !statSync(target).isDirectory()) {
+        console.error(`Error: "${directory}" is not a valid directory`);
+        process.exit(1);
+    }
+    const result = scan(target);
+    if (options.svg || options.output) {
+        const svg = generateBadgeSvg(result);
+        if (options.output) {
+            writeFileSync(resolve(options.output), svg);
+            console.log(`✅ Badge saved to ${options.output}`);
+        }
+        else {
+            console.log(svg);
+        }
+    }
+    else {
+        // Default: markdown
+        const md = generateBadgeMarkdown(result.score);
+        console.log(md);
+        console.log(`\nPaste this in your README.md to show the badge.`);
+    }
+});
 // Default: if first arg looks like a directory, treat as scan
 const args = process.argv.slice(2);
-if (args.length > 0 && !args[0].startsWith("-") && args[0] !== "scan" && args[0] !== "help") {
-    // Rewrite: `agentshield ./dir` → `agentshield scan ./dir`
+if (args.length > 0 && !args[0].startsWith("-") && !["scan", "init", "watch", "compare", "badge", "help"].includes(args[0])) {
     process.argv.splice(2, 0, "scan");
 }
 program.parse();

package/dist/cli.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;~~AAC/B~~,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;~~AAC1C~~,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;~~AAErD~~,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,gEAAgE,CAAC;KAC7E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mDAAmD,CAAC;KAChE,QAAQ,CAAC,aAAa,EAAE,0BAA0B,CAAC;KACnD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;KAC1C,MAAM,CAAC,sBAAsB,EAAE,8CAA8C,EAAE,QAAQ,CAAC;KACxF,MAAM,CAAC,CAAC,SAAiB,EAAE,~~OAA+C~~,EAAE,EAAE;~~IAC7E~~,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAElC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;~~IAE5B~~,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,eAAe,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,WAAW,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,~~8DAA8D~~;~~AAC9D~~,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;~~AACnC~~,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,~~CAAE~~,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;IAC7F,~~0DAA0D~~;~~IAC1D~~,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,OAAO,CAAC,KAAK,EAAE,CAAC"}
1	+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,IAAI,OAAO,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACtF,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7D,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,aAAa,CAAC;KACnB,WAAW,CAAC,gEAAgE,CAAC;KAC7E,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,mDAAmD,CAAC;KAChE,QAAQ,CAAC,aAAa,EAAE,0BAA0B,CAAC;KACnD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;KAC1C,MAAM,CAAC,sBAAsB,EAAE,8CAA8C,EAAE,QAAQ,CAAC;KACxF,MAAM,CAAC,mBAAmB,EAAE,kCAAkC,CAAC;KAC/D,MAAM,CAAC,kBAAkB,EAAE,8CAA8C,CAAC;KAC1E,MAAM,CAAC,CAAC,SAAiB,EAAE,OAAkF,EAAE,EAAE;IAChH,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAElC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,cAAc,GAA4B,EAAE,CAAC;IACnD,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACtC,cAAc,CAAC,KAAK,GAAG,EAAE,CAAC;QAC1B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACnB,cAAc,CAAC,KAAkC,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/G,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAClB,cAAc,CAAC,KAAkC,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,eAAe,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,WAAW,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC;IACpD,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,+DAA+D,CAAC;KAC5E,QAAQ,CAAC,aAAa,EAAE,kBAAkB,EAAE,GAAG,CAAC;KAChD,MAAM,CAAC,CAAC,SAAiB,EAAE,EAAE;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAElC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;IAEtD,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,UAAU,2BAA2B,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,OAAO,UAAU,2BAA2B,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,aAAa,UAAU,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,+CAA+C,CAAC;KAC5D,QAAQ,CAAC,aAAa,EAAE,2BAA2B,CAAC;KACpD,MAAM,CAAC,QAAQ,EAAE,wBAAwB,CAAC;KAC1C,MAAM,CAAC,CAAC,SAAiB,EAAE,OAA2B,EAAE,EAAE;IACzD,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,oCAAoC,CAAC,CAAC;IAEvE,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,iBAAiB,IAAI,IAAI,EAAE,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;QACvF,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,eAAe,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,MAAM,CAAC,CAAC;QACtB,CAAC;IACH,CAAC,CAAC;IAEF,eAAe;IACf,OAAO,EAAE,CAAC;IAEV,oBAAoB;IACpB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE;YACxD,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;YACxB,OAAO,CAAC,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,iGAAiG,CAAC,CAAC;IACnH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,SAAS,CAAC;KAClB,WAAW,CAAC,6DAA6D,CAAC;KAC1E,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;KACrC,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;KACtC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,CAAC,IAAY,EAAE,IAAY,EAAE,OAA2B,EAAE,EAAE;IAClE,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9B,KAAK,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,CAAC,CAAU,EAAE,CAAC;QACrE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;YACrD,OAAO,CAAC,KAAK,CAAC,oBAAoB,KAAK,KAAK,GAAG,gBAAgB,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAE9B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;YACzB,MAAM,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC3F,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC1F,KAAK,EAAE,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK;SACrC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACb,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,OAAO,CAAC,KAAK,SAAS,OAAO,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;IAChG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,aAAa,OAAO,CAAC,KAAK,SAAS,OAAO,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC,CAAC;IAChG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,SAAS,CAAC,CAAC;IACjD,CAAC;SAAM,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjC,CAAC;IAED,0CAA0C;IAC1C,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAChG,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAClD,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACxF,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,wBAAwB,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC;QAC5D,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IACD,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,aAAa,CAAC,MAAM,IAAI,CAAC,CAAC;QACtD,KAAK,MAAM,CAAC,IAAI,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACxF,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,4CAA4C,CAAC;KACzD,QAAQ,CAAC,aAAa,EAAE,0BAA0B,CAAC;KACnD,MAAM,CAAC,OAAO,EAAE,gBAAgB,CAAC;KACjC,MAAM,CAAC,YAAY,EAAE,iCAAiC,CAAC;KACvD,MAAM,CAAC,qBAAqB,EAAE,kBAAkB,CAAC;KACjD,MAAM,CAAC,CAAC,SAAiB,EAAE,OAA+D,EAAE,EAAE;IAC7F,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,WAAW,SAAS,4BAA4B,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAE5B,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,oBAAoB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,oBAAoB;QACpB,MAAM,EAAE,GAAG,qBAAqB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACnE,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,8DAA8D;AAC9D,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;IAC9H,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/config.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/** AgentShield configuration */
+export interface ScanConfig {
+    /** Rules to enable (default: all) */
+    rules?: {
+        enable?: string[];
+        disable?: string[];
+    };
+    /** Severity overrides: rule-id → severity */
+    severity?: Record<string, "critical" | "warning" | "info">;
+    /** Score threshold for CI (same as --fail-under) */
+    failUnder?: number;
+    /** Glob patterns to ignore */
+    ignore?: string[];
+}
+/** Load config from target directory or parents */
+export declare function loadConfig(dir: string): ScanConfig;
+/** Load .agentshieldignore patterns */
+export declare function loadIgnorePatterns(dir: string): string[];
+/** Check if a file path matches any ignore pattern */
+export declare function isIgnored(filePath: string, patterns: string[]): boolean;
+/** Default config content for `agentshield init` */
+export declare const DEFAULT_CONFIG = "# AgentShield Configuration\n# https://github.com/elliotllliu/agentshield\n\nrules:\n  # disable:\n  #   - supply-chain    # skip npm audit\n  #   - phone-home      # allow periodic HTTP\n\n# severity:\n#   sensitive-read: info   # downgrade to info\n\n# failUnder: 70   # CI threshold\n\n# ignore:\n#   - \"tests/**\"\n#   - \"*.test.ts\"\n";
+/** Default ignore content */
+export declare const DEFAULT_IGNORE = "# AgentShield Ignore\n# Patterns here will be excluded from scanning\n\nnode_modules/\ndist/\nbuild/\n.git/\n*.test.ts\n*.test.js\n*.spec.ts\n*.spec.js\n__tests__/\ncoverage/\n";

package/dist/config.js ADDED Viewed

@@ -0,0 +1,91 @@
+import { readFileSync, existsSync } from "fs";
+import { join } from "path";
+import { parse as parseYaml } from "./yaml-simple.js";
+const CONFIG_NAMES = [".agentshield.yml", ".agentshield.yaml", "agentshield.config.yml"];
+/** Load config from target directory or parents */
+export function loadConfig(dir) {
+    for (const name of CONFIG_NAMES) {
+        const configPath = join(dir, name);
+        if (existsSync(configPath)) {
+            try {
+                const content = readFileSync(configPath, "utf-8");
+                return parseYaml(content);
+            }
+            catch {
+                // invalid config, use defaults
+            }
+        }
+    }
+    return {};
+}
+/** Load .agentshieldignore patterns */
+export function loadIgnorePatterns(dir) {
+    const ignorePath = join(dir, ".agentshieldignore");
+    if (!existsSync(ignorePath))
+        return [];
+    try {
+        return readFileSync(ignorePath, "utf-8")
+            .split("\n")
+            .map((line) => line.trim())
+            .filter((line) => line && !line.startsWith("#"));
+    }
+    catch {
+        return [];
+    }
+}
+/** Check if a file path matches any ignore pattern */
+export function isIgnored(filePath, patterns) {
+    for (const pattern of patterns) {
+        // Simple glob matching: support * and **
+        if (pattern.endsWith("/")) {
+            // Directory pattern
+            if (filePath.startsWith(pattern) || filePath.includes("/" + pattern))
+                return true;
+        }
+        else if (pattern.includes("*")) {
+            const regex = new RegExp("^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
+            if (regex.test(filePath))
+                return true;
+        }
+        else {
+            // Exact match or suffix match
+            if (filePath === pattern || filePath.endsWith("/" + pattern) || filePath.endsWith(pattern))
+                return true;
+        }
+    }
+    return false;
+}
+/** Default config content for `agentshield init` */
+export const DEFAULT_CONFIG = `# AgentShield Configuration
+# https://github.com/elliotllliu/agentshield
+rules:
+  # disable:
+  #   - supply-chain    # skip npm audit
+  #   - phone-home      # allow periodic HTTP
+# severity:
+#   sensitive-read: info   # downgrade to info
+# failUnder: 70   # CI threshold
+# ignore:
+#   - "tests/**"
+#   - "*.test.ts"
+`;
+/** Default ignore content */
+export const DEFAULT_IGNORE = `# AgentShield Ignore
+# Patterns here will be excluded from scanning
+node_modules/
+dist/
+build/
+.git/
+*.test.ts
+*.test.js
+*.spec.ts
+*.spec.js
+__tests__/
+coverage/
+`;
+//# sourceMappingURL=config.js.map

package/dist/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAiBtD,MAAM,YAAY,GAAG,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,wBAAwB,CAAC,CAAC;AAEzF,mDAAmD;AACnD,MAAM,UAAU,UAAU,CAAC,GAAW;IACpC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,SAAS,CAAC,OAAO,CAAe,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,+BAA+B;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,oBAAoB,CAAC,CAAC;IACnD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IAEvC,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC;aACrC,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;aAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,QAAkB;IAC5D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,yCAAyC;QACzC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,oBAAoB;YACpB,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;QACpF,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,GAAG,CACzF,CAAC;YACF,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,8BAA8B;YAC9B,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1G,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,oDAAoD;AACpD,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;CAgB7B,CAAC;AAEF,6BAA6B;AAC7B,MAAM,CAAC,MAAM,cAAc,GAAG;;;;;;;;;;;;;CAa7B,CAAC"}

package/dist/reporter/badge.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { ScanResult } from "../types.js";
+/**
+ * Generate a shields.io-style SVG badge for the security score.
+ */
+export declare function generateBadgeSvg(result: ScanResult): string;
+/** Generate a markdown badge string */
+export declare function generateBadgeMarkdown(score: number, repoUrl?: string): string;

package/dist/reporter/badge.js ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Generate a shields.io-style SVG badge for the security score.
+ */
+export function generateBadgeSvg(result) {
+    const score = result.score;
+    const { color, label } = getBadgeStyle(score);
+    const scoreText = `${score}/100`;
+    // Shield dimensions
+    const labelWidth = 90;
+    const valueWidth = 60;
+    const totalWidth = labelWidth + valueWidth;
+    return `<svg xmlns="http://www.w3.org/2000/svg" width="${totalWidth}" height="20" role="img" aria-label="AgentShield: ${scoreText}">
+  <title>AgentShield: ${scoreText} (${label})</title>
+  <linearGradient id="s" x2="0" y2="100%">
+    <stop offset="0" stop-color="#bbb" stop-opacity=".1"/>
+    <stop offset="1" stop-opacity=".1"/>
+  </linearGradient>
+  <clipPath id="r">
+    <rect width="${totalWidth}" height="20" rx="3" fill="#fff"/>
+  </clipPath>
+  <g clip-path="url(#r)">
+    <rect width="${labelWidth}" height="20" fill="#555"/>
+    <rect x="${labelWidth}" width="${valueWidth}" height="20" fill="${color}"/>
+    <rect width="${totalWidth}" height="20" fill="url(#s)"/>
+  </g>
+  <g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110">
+    <text aria-hidden="true" x="${labelWidth * 5}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)">${"🛡️ AgentShield"}</text>
+    <text x="${labelWidth * 5}" y="140" transform="scale(.1)">${"🛡️ AgentShield"}</text>
+    <text aria-hidden="true" x="${(labelWidth + valueWidth / 2) * 10}" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)">${scoreText}</text>
+    <text x="${(labelWidth + valueWidth / 2) * 10}" y="140" transform="scale(.1)">${scoreText}</text>
+  </g>
+</svg>`;
+}
+/** Generate a markdown badge string */
+export function generateBadgeMarkdown(score, repoUrl) {
+    const { color, label } = getBadgeStyle(score);
+    const badgeUrl = `https://img.shields.io/badge/AgentShield-${score}%2F100-${color.replace("#", "")}?logo=data:image/svg%2bxml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCI+PHBhdGggZmlsbD0id2hpdGUiIGQ9Ik0xMiAxTDMgNXY2YzAgNS41NSAzLjg0IDEwLjc0IDkgMTIgNS4xNi0xLjI2IDktNi40NSA5LTEyVjVsLTktNHoiLz48L3N2Zz4=`;
+    const link = repoUrl || "https://github.com/elliotllliu/agentshield";
+    return `[![AgentShield ${score}/100](${badgeUrl})](${link})`;
+}
+function getBadgeStyle(score) {
+    if (score >= 90)
+        return { color: "#4c1", label: "Low Risk" };
+    if (score >= 70)
+        return { color: "#dfb317", label: "Moderate Risk" };
+    if (score >= 40)
+        return { color: "#fe7d37", label: "High Risk" };
+    return { color: "#e05d44", label: "Critical Risk" };
+}
+//# sourceMappingURL=badge.js.map

package/dist/reporter/badge.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"badge.js","sourceRoot":"","sources":["../../src/reporter/badge.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAkB;IACjD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAC3B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,GAAG,KAAK,MAAM,CAAC;IAEjC,oBAAoB;IACpB,MAAM,UAAU,GAAG,EAAE,CAAC;IACtB,MAAM,UAAU,GAAG,EAAE,CAAC;IACtB,MAAM,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;IAE3C,OAAO,kDAAkD,UAAU,qDAAqD,SAAS;wBAC3G,SAAS,KAAK,KAAK;;;;;;mBAMxB,UAAU;;;mBAGV,UAAU;eACd,UAAU,YAAY,UAAU,uBAAuB,KAAK;mBACxD,UAAU;;;kCAGK,UAAU,GAAG,CAAC,oEAAoE,iBAAiB;eACtH,UAAU,GAAG,CAAC,mCAAmC,iBAAiB;kCAC/C,CAAC,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,EAAE,oEAAoE,SAAS;eAClI,CAAC,UAAU,GAAG,UAAU,GAAG,CAAC,CAAC,GAAG,EAAE,mCAAmC,SAAS;;OAEtF,CAAC;AACR,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,OAAgB;IACnE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,4CAA4C,KAAK,UAAU,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,oPAAoP,CAAC;IACvV,MAAM,IAAI,GAAG,OAAO,IAAI,4CAA4C,CAAC;IACrE,OAAO,kBAAkB,KAAK,SAAS,QAAQ,MAAM,IAAI,GAAG,CAAC;AAC/D,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IAC7D,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;IACrE,IAAI,KAAK,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IACjE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;AACtD,CAAC"}

package/dist/rules/index.js CHANGED Viewed

@@ -13,6 +13,7 @@ import { excessivePermsRule } from "./excessive-perms.js";
 import { phoneHomeRule } from "./phone-home.js";
 import { credentialHardcodeRule } from "./credential-hardcode.js";
 import { networkSsrfRule } from "./network-ssrf.js";
+import { mcpManifestRule } from "./mcp-manifest.js";
 /** All registered rules */
 export const rules = [
     // Original 5
@@ -32,6 +33,7 @@ export const rules = [
     phoneHomeRule,
     credentialHardcodeRule,
     networkSsrfRule,
+    mcpManifestRule,
 ];
 /** Get a rule by ID */
 export function getRule(id) {

package/dist/rules/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,2BAA2B;AAC3B,MAAM,CAAC,MAAM,KAAK,GAAW;IAC3B,aAAa;IACb,aAAa;IACb,YAAY;IACZ,aAAa;IACb,eAAe;IACf,iBAAiB;IACjB,SAAS;IACT,eAAe;IACf,WAAW;IACX,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,aAAa;IACb,sBAAsB;IACtB,eAAe;CAChB,CAAC;AAEF,uBAAuB;AACvB,MAAM,UAAU,OAAO,CAAC,EAAU;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACxC,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,2BAA2B;AAC3B,MAAM,CAAC,MAAM,KAAK,GAAW;IAC3B,aAAa;IACb,aAAa;IACb,YAAY;IACZ,aAAa;IACb,eAAe;IACf,iBAAiB;IACjB,SAAS;IACT,eAAe;IACf,WAAW;IACX,gBAAgB;IAChB,gBAAgB;IAChB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,aAAa;IACb,sBAAsB;IACtB,eAAe;IACf,eAAe;CAChB,CAAC;AAEF,uBAAuB;AACvB,MAAM,UAAU,OAAO,CAAC,EAAU;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACxC,CAAC"}

package/dist/rules/mcp-manifest.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { Rule } from "../types.js";
2	+ export declare const mcpManifestRule: Rule;

package/dist/rules/mcp-manifest.js ADDED Viewed

@@ -0,0 +1,195 @@
+/**
+ * Rule: mcp-manifest
+ * Validates MCP (Model Context Protocol) server configurations.
+ *
+ * Checks:
+ * 1. Declared tools/resources vs actual code behavior
+ * 2. Overly broad tool descriptions that could mislead agents
+ * 3. Undeclared file system / network / exec capabilities
+ * 4. Suspicious tool names or descriptions
+ */
+// Patterns indicating MCP server tool registration
+const TOOL_REGISTER_RE = /\.tool\s*\(|addTool\s*\(|registerTool\s*\(|server\.setRequestHandler.*ListTools|tools:\s*\[/;
+// Patterns for MCP resource registration
+const RESOURCE_REGISTER_RE = /\.resource\s*\(|addResource\s*\(|registerResource\s*\(|server\.setRequestHandler.*ListResources|resources:\s*\[/;
+// Dangerous patterns in tool implementations
+const DANGEROUS_TOOL_PATTERNS = [
+    { pattern: /child_process|execSync|exec\(|spawn\(/, desc: "Tool executes shell commands", severity: "critical" },
+    { pattern: /fs\.unlink|fs\.rmdir|fs\.rm\b|rimraf/, desc: "Tool deletes files", severity: "warning" },
+    { pattern: /fs\.writeFile|fs\.appendFile|fs\.createWriteStream/, desc: "Tool writes to file system", severity: "warning" },
+    { pattern: /fetch\s*\(|axios|http\.request|https\.request/, desc: "Tool makes outbound HTTP requests", severity: "warning" },
+    { pattern: /eval\s*\(|new\s+Function\s*\(/, desc: "Tool uses dynamic code execution", severity: "critical" },
+    { pattern: /\.ssh|\.aws|\.env\b|credentials|secret/i, desc: "Tool accesses sensitive paths/credentials", severity: "critical" },
+];
+// Suspicious tool name/description patterns
+const SUSPICIOUS_TOOL_DESC = [
+    { pattern: /run.*any.*command|execute.*arbitrary|shell.*access/i, desc: "Tool claims unrestricted command execution" },
+    { pattern: /access.*all.*files|read.*entire.*filesystem/i, desc: "Tool claims full filesystem access" },
+    { pattern: /send.*data.*to|upload.*to|transmit.*to/i, desc: "Tool description mentions data transmission" },
+    { pattern: /modify.*system|change.*config/i, desc: "Tool claims system modification capability" },
+];
+export const mcpManifestRule = {
+    id: "mcp-manifest",
+    name: "MCP Server Validation",
+    description: "Validates MCP server tool/resource declarations against actual code behavior",
+    run(files) {
+        const findings = [];
+        // Detect if this is an MCP server project
+        const isMcpServer = detectMcpServer(files);
+        if (!isMcpServer)
+            return findings;
+        // Check for MCP manifest/config files
+        checkMcpConfig(files, findings);
+        // Analyze tool implementations for dangerous patterns
+        checkToolImplementations(files, findings);
+        // Check tool descriptions for suspicious claims
+        checkToolDescriptions(files, findings);
+        // Check if tools are registered but have no input validation
+        checkInputValidation(files, findings);
+        return findings;
+    },
+};
+function detectMcpServer(files) {
+    for (const file of files) {
+        // Check package.json for MCP-related deps
+        if (file.relativePath === "package.json") {
+            try {
+                const pkg = JSON.parse(file.content);
+                const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+                if (allDeps["@modelcontextprotocol/sdk"] ||
+                    allDeps["@anthropic-ai/sdk"] ||
+                    pkg.mcp) {
+                    return true;
+                }
+            }
+            catch {
+                // ignore parse errors
+            }
+        }
+        // Check for MCP imports in code
+        if (file.ext === ".ts" || file.ext === ".js" || file.ext === ".mjs") {
+            if (file.content.includes("@modelcontextprotocol/sdk") ||
+                file.content.includes("McpServer") ||
+                file.content.includes("createMcpServer") ||
+                TOOL_REGISTER_RE.test(file.content)) {
+                return true;
+            }
+        }
+        // Check for mcp.json or similar config
+        if (file.relativePath === "mcp.json" ||
+            file.relativePath.endsWith("/mcp.json")) {
+            return true;
+        }
+    }
+    return false;
+}
+function checkMcpConfig(files, findings) {
+    const mcpConfig = files.find((f) => f.relativePath === "mcp.json" || f.relativePath.endsWith("/mcp.json"));
+    if (mcpConfig) {
+        try {
+            const config = JSON.parse(mcpConfig.content);
+            // Check for overly broad permissions
+            if (config.permissions) {
+                const perms = Array.isArray(config.permissions)
+                    ? config.permissions
+                    : Object.keys(config.permissions);
+                if (perms.length > 5) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "warning",
+                        file: mcpConfig.relativePath,
+                        message: `MCP config declares ${perms.length} permissions — consider reducing scope`,
+                    });
+                }
+            }
+            // Check for wildcard or dangerous permissions
+            const configStr = JSON.stringify(config);
+            if (configStr.includes('"*"') || configStr.includes('"all"')) {
+                findings.push({
+                    rule: "mcp-manifest",
+                    severity: "critical",
+                    file: mcpConfig.relativePath,
+                    message: "MCP config uses wildcard/all permissions",
+                });
+            }
+        }
+        catch {
+            findings.push({
+                rule: "mcp-manifest",
+                severity: "warning",
+                file: mcpConfig.relativePath,
+                message: "Invalid JSON in MCP config file",
+            });
+        }
+    }
+}
+function checkToolImplementations(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs" || f.ext === ".cjs");
+    for (const file of codeFiles) {
+        // Only check files that register tools
+        if (!TOOL_REGISTER_RE.test(file.content) && !RESOURCE_REGISTER_RE.test(file.content)) {
+            continue;
+        }
+        for (let i = 0; i < file.lines.length; i++) {
+            const line = file.lines[i];
+            const trimmed = line.trimStart();
+            if (trimmed.startsWith("//") || trimmed.startsWith("*"))
+                continue;
+            for (const { pattern, desc, severity } of DANGEROUS_TOOL_PATTERNS) {
+                if (pattern.test(line)) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity,
+                        file: file.relativePath,
+                        line: i + 1,
+                        message: `MCP tool: ${desc}`,
+                        evidence: line.trim().slice(0, 120),
+                    });
+                    break;
+                }
+            }
+        }
+    }
+}
+function checkToolDescriptions(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs");
+    for (const file of codeFiles) {
+        // Look for tool description strings
+        for (let i = 0; i < file.lines.length; i++) {
+            const line = file.lines[i];
+            for (const { pattern, desc } of SUSPICIOUS_TOOL_DESC) {
+                if (pattern.test(line)) {
+                    findings.push({
+                        rule: "mcp-manifest",
+                        severity: "warning",
+                        file: file.relativePath,
+                        line: i + 1,
+                        message: `Suspicious MCP tool description: ${desc}`,
+                        evidence: line.trim().slice(0, 120),
+                    });
+                    break;
+                }
+            }
+        }
+    }
+}
+function checkInputValidation(files, findings) {
+    const codeFiles = files.filter((f) => f.ext === ".ts" || f.ext === ".js" || f.ext === ".mjs");
+    for (const file of codeFiles) {
+        if (!TOOL_REGISTER_RE.test(file.content))
+            continue;
+        // Check for tools that accept path inputs without validation
+        const hasPathInput = /path|file|dir|folder/i.test(file.content);
+        const hasPathValidation = /sanitize|validate|allowlist|whitelist|isAbsolute|normalize|resolve/i.test(file.content);
+        const hasTraversalCheck = /\.\.\//i.test(file.content) || /path.*traversal/i.test(file.content);
+        if (hasPathInput && !hasPathValidation && !hasTraversalCheck) {
+            findings.push({
+                rule: "mcp-manifest",
+                severity: "warning",
+                file: file.relativePath,
+                message: "MCP tool accepts path inputs but has no visible path validation/sanitization",
+            });
+        }
+    }
+}
+//# sourceMappingURL=mcp-manifest.js.map

package/dist/rules/mcp-manifest.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mcp-manifest.js","sourceRoot":"","sources":["../../src/rules/mcp-manifest.ts"],"names":[],"mappings":"AAEA;;;;;;;;;GASG;AAEH,mDAAmD;AACnD,MAAM,gBAAgB,GACpB,6FAA6F,CAAC;AAEhG,yCAAyC;AACzC,MAAM,oBAAoB,GACxB,iHAAiH,CAAC;AAEpH,6CAA6C;AAC7C,MAAM,uBAAuB,GAA+E;IAC1G,EAAE,OAAO,EAAE,uCAAuC,EAAE,IAAI,EAAE,8BAA8B,EAAE,QAAQ,EAAE,UAAU,EAAE;IAChH,EAAE,OAAO,EAAE,sCAAsC,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;IACpG,EAAE,OAAO,EAAE,oDAAoD,EAAE,IAAI,EAAE,4BAA4B,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC1H,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,mCAAmC,EAAE,QAAQ,EAAE,SAAS,EAAE;IAC5H,EAAE,OAAO,EAAE,+BAA+B,EAAE,IAAI,EAAE,kCAAkC,EAAE,QAAQ,EAAE,UAAU,EAAE;IAC5G,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,2CAA2C,EAAE,QAAQ,EAAE,UAAU,EAAE;CAChI,CAAC;AAEF,4CAA4C;AAC5C,MAAM,oBAAoB,GAA6C;IACrE,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,4CAA4C,EAAE;IACtH,EAAE,OAAO,EAAE,8CAA8C,EAAE,IAAI,EAAE,oCAAoC,EAAE;IACvG,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,6CAA6C,EAAE;IAC3G,EAAE,OAAO,EAAE,gCAAgC,EAAE,IAAI,EAAE,4CAA4C,EAAE;CAClG,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAS;IACnC,EAAE,EAAE,cAAc;IAClB,IAAI,EAAE,uBAAuB;IAC7B,WAAW,EAAE,8EAA8E;IAE3F,GAAG,CAAC,KAAoB;QACtB,MAAM,QAAQ,GAAc,EAAE,CAAC;QAE/B,0CAA0C;QAC1C,MAAM,WAAW,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW;YAAE,OAAO,QAAQ,CAAC;QAElC,sCAAsC;QACtC,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEhC,sDAAsD;QACtD,wBAAwB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAE1C,gDAAgD;QAChD,qBAAqB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEvC,6DAA6D;QAC7D,oBAAoB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;QAEtC,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,SAAS,eAAe,CAAC,KAAoB;IAC3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,0CAA0C;QAC1C,IAAI,IAAI,CAAC,YAAY,KAAK,cAAc,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACrC,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;gBAChE,IACE,OAAO,CAAC,2BAA2B,CAAC;oBACpC,OAAO,CAAC,mBAAmB,CAAC;oBAC5B,GAAG,CAAC,GAAG,EACP,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,sBAAsB;YACxB,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,KAAK,KAAK,IAAI,IAAI,CAAC,GAAG,KAAK,MAAM,EAAE,CAAC;YACpE,IACE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;gBAClD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;gBACxC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EACnC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,IACE,IAAI,CAAC,YAAY,KAAK,UAAU;YAChC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EACvC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,KAAoB,EAAE,QAAmB;IAC/D,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAC1B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,CAC7E,CAAC;IAEF,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YAE7C,qCAAqC;YACrC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;oBAC7C,CAAC,CAAC,MAAM,CAAC,WAAW;oBACpB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBACpC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,SAAS,CAAC,YAAY;wBAC5B,OAAO,EAAE,uBAAuB,KAAK,CAAC,MAAM,wCAAwC;qBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,8CAA8C;YAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7D,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,cAAc;oBACpB,QAAQ,EAAE,UAAU;oBACpB,IAAI,EAAE,SAAS,CAAC,YAAY;oBAC5B,OAAO,EAAE,0CAA0C;iBACpD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,SAAS,CAAC,YAAY;gBAC5B,OAAO,EAAE,iCAAiC;aAC3C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAoB,EAAE,QAAmB;IACzE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CAClF,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,uCAAuC;QACvC,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrF,SAAS;QACX,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAElE,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,uBAAuB,EAAE,CAAC;gBAClE,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ;wBACR,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,aAAa,IAAI,EAAE;wBAC5B,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACpC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,KAAoB,EAAE,QAAmB;IACtE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CAC9D,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,oCAAoC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;YAE5B,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,oBAAoB,EAAE,CAAC;gBACrD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,QAAQ,CAAC,IAAI,CAAC;wBACZ,IAAI,EAAE,cAAc;wBACpB,QAAQ,EAAE,SAAS;wBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;wBACvB,IAAI,EAAE,CAAC,GAAG,CAAC;wBACX,OAAO,EAAE,oCAAoC,IAAI,EAAE;wBACnD,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;qBACpC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAoB,EAAE,QAAmB;IACrE,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAC5B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,GAAG,KAAK,MAAM,CAC9D,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,SAAS;QAEnD,6DAA6D;QAC7D,MAAM,YAAY,GAAG,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChE,MAAM,iBAAiB,GAAG,qEAAqE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnH,MAAM,iBAAiB,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEhG,IAAI,YAAY,IAAI,CAAC,iBAAiB,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC7D,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,IAAI,CAAC,YAAY;gBACvB,OAAO,EAAE,8EAA8E;aACxF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/scanner/index.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
-import type { ScanResult } from "../types.js";
+import type { ScanResult, ScanConfig } from "../types.js";
 /** Run all rules against a target directory */
-export declare function scan(targetDir: string): ScanResult;
+export declare function scan(targetDir: string, configOverride?: Partial<ScanConfig>): ScanResult;

package/dist/scanner/index.js CHANGED Viewed

@@ -1,14 +1,44 @@
 import { collectFiles, totalLines } from "./files.js";
 import { rules } from "../rules/index.js";
 import { computeScore } from "../score.js";
+import { loadConfig, loadIgnorePatterns, isIgnored } from "../config.js";
 /** Run all rules against a target directory */
-export function scan(targetDir) {
+export function scan(targetDir, configOverride) {
     const start = Date.now();
-    const files = collectFiles(targetDir);
+    // Load config
+    const fileConfig = loadConfig(targetDir);
+    const config = { ...fileConfig, ...configOverride };
+    // Load ignore patterns
+    const ignorePatterns = loadIgnorePatterns(targetDir);
+    if (config.ignore) {
+        ignorePatterns.push(...config.ignore);
+    }
+    // Collect and filter files
+    let files = collectFiles(targetDir);
+    if (ignorePatterns.length > 0) {
+        files = files.filter((f) => !isIgnored(f.relativePath, ignorePatterns));
+    }
+    // Filter rules based on config
+    let activeRules = [...rules];
+    if (config.rules?.enable) {
+        activeRules = activeRules.filter((r) => config.rules.enable.includes(r.id));
+    }
+    if (config.rules?.disable) {
+        activeRules = activeRules.filter((r) => !config.rules.disable.includes(r.id));
+    }
+    // Run rules
     const findings = [];
-    for (const rule of rules) {
+    for (const rule of activeRules) {
         findings.push(...rule.run(files));
     }
+    // Apply severity overrides
+    if (config.severity) {
+        for (const finding of findings) {
+            if (config.severity[finding.rule]) {
+                finding.severity = config.severity[finding.rule];
+            }
+        }
+    }
     // Sort: critical first, then warning, then info
     const severityOrder = { critical: 0, warning: 1, info: 2 };
     findings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);

package/dist/scanner/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;~~AAG3C~~,+CAA+C;AAC/C,MAAM,UAAU,IAAI,CAAC,SAAiB;~~IACpC~~,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;~~IACzB~~,MAAM,KAAK,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;~~IACtC~~,MAAM,QAAQ,GAAc,EAAE,CAAC;~~IAE~~/B,KAAK,MAAM,IAAI,IAAI,~~KAAK~~,EAAE,CAAC;~~QACzB~~,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,gDAAgD;IAChD,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC3D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE/E,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,YAAY,EAAE,UAAU,CAAC,KAAK,CAAC;QAC/B,QAAQ;QACR,KAAK,EAAE,YAAY,CAAC,QAAQ,CAAC;QAC7B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC7B,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAGzE,+CAA+C;AAC/C,MAAM,UAAU,IAAI,CAAC,SAAiB,EAAE,cAAoC;IAC1E,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,cAAc;IACd,MAAM,UAAU,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;IACzC,MAAM,MAAM,GAAe,EAAE,GAAG,UAAU,EAAE,GAAG,cAAc,EAAE,CAAC;IAEhE,uBAAuB;IACvB,MAAM,cAAc,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IACrD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,cAAc,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,2BAA2B;IAC3B,IAAI,KAAK,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACpC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC,CAAC;IAC1E,CAAC;IAED,+BAA+B;IAC/B,IAAI,WAAW,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;QACzB,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,KAAM,CAAC,MAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC1B,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,KAAM,CAAC,OAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAClF,CAAC;IAED,YAAY;IACZ,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,QAAQ,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,2BAA2B;IAC3B,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAE,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,MAAM,aAAa,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;IAC3D,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE/E,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,KAAK,CAAC,MAAM;QAC1B,YAAY,EAAE,UAAU,CAAC,KAAK,CAAC;QAC/B,QAAQ;QACR,KAAK,EAAE,YAAY,CAAC,QAAQ,CAAC;QAC7B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;KAC7B,CAAC;AACJ,CAAC"}

package/dist/types.d.ts CHANGED Viewed

@@ -40,3 +40,13 @@ export interface SkillMetadata {
     permissions?: string[];
     [key: string]: unknown;
 }
+/** Scan configuration from .agentshield.yml */
+export interface ScanConfig {
+    rules?: {
+        enable?: string[];
+        disable?: string[];
+    };
+    severity?: Record<string, "critical" | "warning" | "info">;
+    failUnder?: number;
+    ignore?: string[];
+}

package/dist/yaml-simple.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Minimal YAML parser for simple config files.
+ * Supports: scalars, lists, nested objects (2 levels deep).
+ * For complex YAML, use the 'yaml' package.
+ */
+export declare function parse(input: string): Record<string, unknown>;

package/dist/yaml-simple.js ADDED Viewed

@@ -0,0 +1,98 @@
+/**
+ * Minimal YAML parser for simple config files.
+ * Supports: scalars, lists, nested objects (2 levels deep).
+ * For complex YAML, use the 'yaml' package.
+ */
+export function parse(input) {
+    const result = {};
+    const lines = input.split("\n");
+    let currentKey = "";
+    let currentSubKey = "";
+    let currentList = null;
+    for (const rawLine of lines) {
+        // Skip comments and empty lines
+        const line = rawLine.replace(/#.*$/, "");
+        if (!line.trim())
+            continue;
+        const indent = rawLine.search(/\S/);
+        // List item
+        if (line.trim().startsWith("- ")) {
+            const value = line.trim().slice(2).trim().replace(/^["']|["']$/g, "");
+            if (currentList) {
+                currentList.push(value);
+            }
+            continue;
+        }
+        // Key: value
+        const match = line.match(/^(\s*)(\w+)\s*:\s*(.*)/);
+        if (!match)
+            continue;
+        const [, , key, rawValue] = match;
+        const value = rawValue.trim().replace(/^["']|["']$/g, "");
+        if (indent === 0) {
+            // Top-level key
+            if (currentList && currentKey) {
+                // Save previous list
+                if (currentSubKey) {
+                    result[currentKey][currentSubKey] = currentList;
+                }
+                else {
+                    result[currentKey] = currentList;
+                }
+                currentList = null;
+                currentSubKey = "";
+            }
+            currentKey = key;
+            if (value) {
+                // Scalar value
+                result[currentKey] = parseScalar(value);
+            }
+            else {
+                // Object or list follows
+                if (!result[currentKey] || typeof result[currentKey] !== "object") {
+                    result[currentKey] = {};
+                }
+            }
+        }
+        else if (indent === 2 && currentKey) {
+            // Sub-key
+            if (currentList && currentSubKey) {
+                result[currentKey][currentSubKey] = currentList;
+                currentList = null;
+            }
+            currentSubKey = key;
+            if (value) {
+                if (typeof result[currentKey] !== "object")
+                    result[currentKey] = {};
+                result[currentKey][currentSubKey] = parseScalar(value);
+            }
+            else {
+                // List follows
+                currentList = [];
+            }
+        }
+    }
+    // Save trailing list
+    if (currentList) {
+        if (currentSubKey && currentKey) {
+            if (typeof result[currentKey] !== "object")
+                result[currentKey] = {};
+            result[currentKey][currentSubKey] = currentList;
+        }
+        else if (currentKey) {
+            result[currentKey] = currentList;
+        }
+    }
+    return result;
+}
+function parseScalar(value) {
+    if (value === "true")
+        return true;
+    if (value === "false")
+        return false;
+    const num = Number(value);
+    if (!isNaN(num) && value !== "")
+        return num;
+    return value;
+}
+//# sourceMappingURL=yaml-simple.js.map

package/dist/yaml-simple.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"yaml-simple.js","sourceRoot":"","sources":["../src/yaml-simple.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,UAAU,KAAK,CAAC,KAAa;IACjC,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,UAAU,GAAG,EAAE,CAAC;IACpB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,WAAW,GAAoB,IAAI,CAAC;IAExC,KAAK,MAAM,OAAO,IAAI,KAAK,EAAE,CAAC;QAC5B,gCAAgC;QAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAE3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEpC,YAAY;QACZ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;YACtE,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC1B,CAAC;YACD,SAAS;QACX,CAAC;QAED,aAAa;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,CAAC,EAAE,AAAD,EAAG,GAAG,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;QAClC,MAAM,KAAK,GAAG,QAAS,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAE3D,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;YACjB,gBAAgB;YAChB,IAAI,WAAW,IAAI,UAAU,EAAE,CAAC;gBAC9B,qBAAqB;gBACrB,IAAI,aAAa,EAAE,CAAC;oBACjB,MAAM,CAAC,UAAU,CAA6B,CAAC,aAAa,CAAC,GAAG,WAAW,CAAC;gBAC/E,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,UAAU,CAAC,GAAG,WAAW,CAAC;gBACnC,CAAC;gBACD,WAAW,GAAG,IAAI,CAAC;gBACnB,aAAa,GAAG,EAAE,CAAC;YACrB,CAAC;YAED,UAAU,GAAG,GAAI,CAAC;YAClB,IAAI,KAAK,EAAE,CAAC;gBACV,eAAe;gBACf,MAAM,CAAC,UAAU,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,yBAAyB;gBACzB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAClE,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;aAAM,IAAI,MAAM,KAAK,CAAC,IAAI,UAAU,EAAE,CAAC;YACtC,UAAU;YACV,IAAI,WAAW,IAAI,aAAa,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAA6B,CAAC,aAAa,CAAC,GAAG,WAAW,CAAC;gBAC7E,WAAW,GAAG,IAAI,CAAC;YACrB,CAAC;YAED,aAAa,GAAG,GAAI,CAAC;YACrB,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ;oBAAE,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;gBACnE,MAAM,CAAC,UAAU,CAA6B,CAAC,aAAa,CAAC,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;YACtF,CAAC;iBAAM,CAAC;gBACN,eAAe;gBACf,WAAW,GAAG,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,aAAa,IAAI,UAAU,EAAE,CAAC;YAChC,IAAI,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ;gBAAE,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;YACnE,MAAM,CAAC,UAAU,CAA6B,CAAC,aAAa,CAAC,GAAG,WAAW,CAAC;QAC/E,CAAC;aAAM,IAAI,UAAU,EAAE,CAAC;YACtB,MAAM,CAAC,UAAU,CAAC,GAAG,WAAW,CAAC;QACnC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAClC,IAAI,KAAK,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IACpC,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,EAAE;QAAE,OAAO,GAAG,CAAC;IAC5C,OAAO,KAAK,CAAC;AACf,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@elliotllliu/agentshield",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Security scanner for AI agent skills, MCP servers, and plugins",
   "type": "module",
   "bin": {