@goplus/agentguard 1.0.0

package/dist/tests/scanner.test.js

@@ -0,0 +1,57 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = require("node:test");
+const strict_1 = __importDefault(require("node:assert/strict"));
+const index_js_1 = require("../scanner/rules/index.js");
+(0, node_test_1.describe)('Scanner Rules', () => {
+    (0, node_test_1.it)('should have 20 detection rules', () => {
+        // Each RiskTag should map to at least one rule
+        const ruleIds = new Set(index_js_1.ALL_RULES.map((r) => r.id));
+        strict_1.default.ok(ruleIds.size >= 20, `Expected at least 20 unique rules, got ${ruleIds.size}`);
+    });
+    (0, node_test_1.it)('should find rule by ID', () => {
+        const rule = (0, index_js_1.getRuleById)('SHELL_EXEC');
+        strict_1.default.ok(rule, 'SHELL_EXEC rule should exist');
+        strict_1.default.equal(rule.severity, 'high');
+    });
+    (0, node_test_1.it)('should filter rules by severity', () => {
+        const critical = (0, index_js_1.getRulesBySeverity)('critical');
+        strict_1.default.ok(critical.length > 0, 'Should have critical rules');
+        strict_1.default.ok(critical.every((r) => r.severity === 'critical'));
+        const high = (0, index_js_1.getRulesBySeverity)('high');
+        strict_1.default.ok(high.length > 0, 'Should have high rules');
+        strict_1.default.ok(high.every((r) => r.severity === 'high'));
+    });
+    (0, node_test_1.it)('should filter rules for .ts extension', () => {
+        const tsRules = (0, index_js_1.getRulesForExtension)('.ts');
+        strict_1.default.ok(tsRules.length > 0, 'Should have rules for .ts files');
+    });
+    (0, node_test_1.it)('should filter rules for .sol extension', () => {
+        const solRules = (0, index_js_1.getRulesForExtension)('.sol');
+        strict_1.default.ok(solRules.length > 0, 'Should have rules for .sol files');
+        const solRuleIds = solRules.map((r) => r.id);
+        strict_1.default.ok(solRuleIds.includes('WALLET_DRAINING') || solRuleIds.includes('REENTRANCY_PATTERN'), 'Solidity rules should include Web3-specific rules');
+    });
+    (0, node_test_1.it)('should have CRITICAL rules for key security threats', () => {
+        const criticalIds = ['AUTO_UPDATE', 'REMOTE_LOADER', 'READ_SSH_KEYS', 'READ_KEYCHAIN',
+            'PRIVATE_KEY_PATTERN', 'MNEMONIC_PATTERN', 'WALLET_DRAINING', 'PROMPT_INJECTION', 'WEBHOOK_EXFIL'];
+        for (const id of criticalIds) {
+            const rule = (0, index_js_1.getRuleById)(id);
+            strict_1.default.ok(rule, `Rule ${id} should exist`);
+            strict_1.default.equal(rule.severity, 'critical', `Rule ${id} should be CRITICAL`);
+        }
+    });
+    (0, node_test_1.it)('all rules should have required fields', () => {
+        for (const rule of index_js_1.ALL_RULES) {
+            strict_1.default.ok(rule.id, `Rule should have an id`);
+            strict_1.default.ok(rule.severity, `Rule ${rule.id} should have severity`);
+            strict_1.default.ok(rule.patterns && rule.patterns.length > 0, `Rule ${rule.id} should have patterns`);
+            strict_1.default.ok(rule.file_patterns && rule.file_patterns.length > 0, `Rule ${rule.id} should have file_patterns`);
+            strict_1.default.ok(rule.description, `Rule ${rule.id} should have description`);
+        }
+    });
+});
+//# sourceMappingURL=scanner.test.js.map

package/dist/tests/scanner.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.test.js","sourceRoot":"","sources":["../../src/tests/scanner.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,wDAA6G;AAE7G,IAAA,oBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAA,cAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,+CAA+C;QAC/C,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,oBAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACpD,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,EAAE,0CAA0C,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1F,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,IAAI,GAAG,IAAA,sBAAW,EAAC,YAAY,CAAC,CAAC;QACvC,gBAAM,CAAC,EAAE,CAAC,IAAI,EAAE,8BAA8B,CAAC,CAAC;QAChD,gBAAM,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,QAAQ,GAAG,IAAA,6BAAkB,EAAC,UAAU,CAAC,CAAC;QAChD,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,4BAA4B,CAAC,CAAC;QAC7D,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC;QAE5D,MAAM,IAAI,GAAG,IAAA,6BAAkB,EAAC,MAAM,CAAC,CAAC;QACxC,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,wBAAwB,CAAC,CAAC;QACrD,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,OAAO,GAAG,IAAA,+BAAoB,EAAC,KAAK,CAAC,CAAC;QAC5C,gBAAM,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,iCAAiC,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,QAAQ,GAAG,IAAA,+BAAoB,EAAC,MAAM,CAAC,CAAC;QAC9C,gBAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,kCAAkC,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC7C,gBAAM,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAC3F,mDAAmD,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,WAAW,GAAG,CAAC,aAAa,EAAE,eAAe,EAAE,eAAe,EAAE,eAAe;YACnF,qBAAqB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,eAAe,CAAC,CAAC;QAErG,KAAK,MAAM,EAAE,IAAI,WAAW,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,IAAA,sBAAW,EAAC,EAAS,CAAC,CAAC;YACpC,gBAAM,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;YAC3C,gBAAM,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,KAAK,MAAM,IAAI,IAAI,oBAAS,EAAE,CAAC;YAC7B,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,wBAAwB,CAAC,CAAC;YAC7C,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,CAAC,EAAE,uBAAuB,CAAC,CAAC;YACjE,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,QAAQ,IAAI,CAAC,EAAE,uBAAuB,CAAC,CAAC;YAC7F,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,QAAQ,IAAI,CAAC,EAAE,4BAA4B,CAAC,CAAC;YAC5G,gBAAM,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,IAAI,CAAC,EAAE,0BAA0B,CAAC,CAAC;QACzE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/types/action.d.ts

@@ -0,0 +1,198 @@
+import type { SkillIdentity, CapabilityModel } from './skill.js';
+import type { RiskLevel } from './scanner.js';
+/**
+ * Action types that can be scanned
+ */
+export type ActionType = 'network_request' | 'exec_command' | 'read_file' | 'write_file' | 'secret_access' | 'web3_tx' | 'web3_sign';
+/**
+ * Policy decision
+ */
+export type Decision = 'allow' | 'deny' | 'confirm';
+/**
+ * Evidence for action decisions
+ */
+export interface ActionEvidence {
+    /** Evidence type */
+    type: string;
+    /** Field that triggered */
+    field?: string;
+    /** Matched pattern */
+    match?: string;
+    /** Description */
+    description: string;
+}
+/**
+ * Policy decision result
+ */
+export interface PolicyDecision {
+    /** Decision: allow, deny, or confirm */
+    decision: Decision;
+    /** Risk level */
+    risk_level: RiskLevel;
+    /** Risk tags that contributed to decision */
+    risk_tags: string[];
+    /** Evidence supporting the decision */
+    evidence: ActionEvidence[];
+    /** Effective capabilities (if modified) */
+    effective_capabilities?: Partial<CapabilityModel>;
+    /** Human-readable explanation */
+    explanation?: string;
+}
+/**
+ * Network request action data
+ */
+export interface NetworkRequestData {
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+    url: string;
+    headers?: Record<string, string>;
+    body_preview?: string;
+}
+/**
+ * Command execution action data
+ */
+export interface ExecCommandData {
+    command: string;
+    args?: string[];
+    cwd?: string;
+    env?: Record<string, string>;
+}
+/**
+ * File operation action data
+ */
+export interface FileOperationData {
+    path: string;
+    content_preview?: string;
+}
+/**
+ * Secret access action data
+ */
+export interface SecretAccessData {
+    secret_name: string;
+    access_type: 'read' | 'write';
+}
+/**
+ * Web3 transaction action data
+ */
+export interface Web3TxData {
+    chain_id: number;
+    from: string;
+    to: string;
+    value: string;
+    data?: string;
+    gas_limit?: string;
+    origin?: string;
+}
+/**
+ * Web3 signature action data
+ */
+export interface Web3SignData {
+    chain_id: number;
+    signer: string;
+    message?: string;
+    typed_data?: unknown;
+    origin?: string;
+}
+/**
+ * Union type for all action data
+ */
+export type ActionData = NetworkRequestData | ExecCommandData | FileOperationData | SecretAccessData | Web3TxData | Web3SignData;
+/**
+ * Action context
+ */
+export interface ActionContext {
+    /** Session identifier */
+    session_id: string;
+    /** Whether user is present/active */
+    user_present: boolean;
+    /** Environment */
+    env: 'prod' | 'dev' | 'test';
+    /** Action timestamp */
+    time: string;
+}
+/**
+ * Action envelope - the complete action request
+ */
+export interface ActionEnvelope {
+    /** Actor information */
+    actor: {
+        skill: SkillIdentity;
+        record_key?: string;
+    };
+    /** Action details */
+    action: {
+        type: ActionType;
+        data: ActionData;
+    };
+    /** Action context */
+    context: ActionContext;
+}
+/**
+ * Web3 intent for simulation
+ */
+export interface Web3Intent {
+    chain_id: number;
+    from: string;
+    to: string;
+    value: string;
+    data?: string;
+    origin?: string;
+    kind: 'tx' | 'sign';
+}
+/**
+ * Asset change from simulation
+ */
+export interface AssetChange {
+    asset_type: 'native' | 'erc20' | 'erc721' | 'erc1155';
+    token_address?: string;
+    token_id?: string;
+    amount: string;
+    direction: 'in' | 'out';
+}
+/**
+ * Approval change from simulation
+ */
+export interface ApprovalChange {
+    token_address: string;
+    spender: string;
+    amount: string;
+    is_unlimited: boolean;
+}
+/**
+ * Web3 simulation result
+ */
+export interface Web3SimulationResult {
+    /** Decision */
+    decision: Decision;
+    /** Risk level */
+    risk_level: RiskLevel;
+    /** Risk tags */
+    risk_tags: string[];
+    /** Human-readable explanation */
+    explanation: string;
+    /** GoPlus raw response */
+    goplus?: {
+        simulation?: {
+            success: boolean;
+            balance_changes: AssetChange[];
+            approval_changes: ApprovalChange[];
+        };
+        address_risk?: {
+            is_malicious: boolean;
+            is_phishing: boolean;
+            risk_type?: string[];
+        };
+        token_risk?: {
+            is_honeypot: boolean;
+            has_hidden_tax: boolean;
+            buy_tax?: string;
+            sell_tax?: string;
+        };
+    };
+    /** Guardrail recommendations */
+    guardrail?: {
+        require_user_confirmation: boolean;
+        suggested_change?: string;
+        capabilities_patch?: Partial<CapabilityModel>;
+    };
+}
+//# sourceMappingURL=action.d.ts.map

package/dist/types/action.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"action.d.ts","sourceRoot":"","sources":["../../src/types/action.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AACjE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAE9C;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,iBAAiB,GACjB,cAAc,GACd,WAAW,GACX,YAAY,GACZ,eAAe,GACf,SAAS,GACT,WAAW,CAAC;AAEhB;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;AAEpD;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,oBAAoB;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,2BAA2B;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kBAAkB;IAClB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,QAAQ,EAAE,QAAQ,CAAC;IACnB,iBAAiB;IACjB,UAAU,EAAE,SAAS,CAAC;IACtB,6CAA6C;IAC7C,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,uCAAuC;IACvC,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,2CAA2C;IAC3C,sBAAsB,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;IAClD,iCAAiC;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,OAAO,CAAC;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAClB,kBAAkB,GAClB,eAAe,GACf,iBAAiB,GACjB,gBAAgB,GAChB,UAAU,GACV,YAAY,CAAC;AAEjB;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,yBAAyB;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,YAAY,EAAE,OAAO,CAAC;IACtB,kBAAkB;IAClB,GAAG,EAAE,MAAM,GAAG,KAAK,GAAG,MAAM,CAAC;IAC7B,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wBAAwB;IACxB,KAAK,EAAE;QACL,KAAK,EAAE,aAAa,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,qBAAqB;IACrB,MAAM,EAAE;QACN,IAAI,EAAE,UAAU,CAAC;QACjB,IAAI,EAAE,UAAU,CAAC;KAClB,CAAC;IACF,qBAAqB;IACrB,OAAO,EAAE,aAAa,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,IAAI,GAAG,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,QAAQ,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,CAAC;IACtD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,IAAI,GAAG,KAAK,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,eAAe;IACf,QAAQ,EAAE,QAAQ,CAAC;IACnB,iBAAiB;IACjB,UAAU,EAAE,SAAS,CAAC;IACtB,gBAAgB;IAChB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,0BAA0B;IAC1B,MAAM,CAAC,EAAE;QACP,UAAU,CAAC,EAAE;YACX,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,WAAW,EAAE,CAAC;YAC/B,gBAAgB,EAAE,cAAc,EAAE,CAAC;SACpC,CAAC;QACF,YAAY,CAAC,EAAE;YACb,YAAY,EAAE,OAAO,CAAC;YACtB,WAAW,EAAE,OAAO,CAAC;YACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;SACtB,CAAC;QACF,UAAU,CAAC,EAAE;YACX,WAAW,EAAE,OAAO,CAAC;YACrB,cAAc,EAAE,OAAO,CAAC;YACxB,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;SACnB,CAAC;KACH,CAAC;IACF,gCAAgC;IAChC,SAAS,CAAC,EAAE;QACV,yBAAyB,EAAE,OAAO,CAAC;QACnC,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,kBAAkB,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;KAC/C,CAAC;CACH"}

package/dist/types/action.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=action.js.map

package/dist/types/action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action.js","sourceRoot":"","sources":["../../src/types/action.ts"],"names":[],"mappings":""}

package/dist/types/index.d.ts

@@ -0,0 +1,5 @@
+export * from './skill.js';
+export * from './scanner.js';
+export * from './registry.js';
+export * from './action.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,eAAe,CAAC;AAC9B,cAAc,aAAa,CAAC"}

package/dist/types/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+// Re-export all types
+__exportStar(require("./skill.js"), exports);
+__exportStar(require("./scanner.js"), exports);
+__exportStar(require("./registry.js"), exports);
+__exportStar(require("./action.js"), exports);
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,sBAAsB;AACtB,6CAA2B;AAC3B,+CAA6B;AAC7B,gDAA8B;AAC9B,8CAA4B"}

package/dist/types/registry.d.ts

@@ -0,0 +1,104 @@
+import type { SkillIdentity, CapabilityModel } from './skill.js';
+/**
+ * Trust levels for skills
+ */
+export type TrustLevel = 'untrusted' | 'restricted' | 'trusted';
+/**
+ * Record status
+ */
+export type RecordStatus = 'active' | 'revoked';
+/**
+ * Review information
+ */
+export interface ReviewInfo {
+    /** Who reviewed this skill */
+    reviewed_by: string;
+    /** When the review happened */
+    reviewed_at: string;
+    /** References to evidence (e.g., scan IDs) */
+    evidence_refs: string[];
+    /** Review notes */
+    notes: string;
+}
+/**
+ * Trust record in the registry
+ */
+export interface TrustRecord {
+    /** Unique key: source@version#hash */
+    record_key: string;
+    /** Skill identity */
+    skill: SkillIdentity;
+    /** Trust level */
+    trust_level: TrustLevel;
+    /** Capability snapshot */
+    capabilities: CapabilityModel;
+    /** Expiration time (ISO 8601) */
+    expires_at?: string;
+    /** Review information */
+    review: ReviewInfo;
+    /** Record status */
+    status: RecordStatus;
+    /** Created timestamp */
+    created_at: string;
+    /** Updated timestamp */
+    updated_at: string;
+}
+/**
+ * Request to attest (add/update) a trust record
+ */
+export interface AttestRequest {
+    /** Skill identity */
+    skill: SkillIdentity;
+    /** Trust level to assign */
+    trust_level: TrustLevel;
+    /** Capabilities to grant */
+    capabilities: CapabilityModel;
+    /** Optional expiration */
+    expires_at?: string;
+    /** Review information */
+    review: Omit<ReviewInfo, 'reviewed_at'>;
+}
+/**
+ * Match criteria for revocation
+ */
+export interface RevokeMatch {
+    /** Source pattern (exact or wildcard) */
+    source?: string;
+    /** Version pattern */
+    version_ref?: string;
+    /** Specific record key */
+    record_key?: string;
+}
+/**
+ * Filters for listing records
+ */
+export interface ListFilters {
+    /** Filter by trust level */
+    trust_level?: TrustLevel;
+    /** Filter by status */
+    status?: RecordStatus;
+    /** Filter by source pattern */
+    source_pattern?: string;
+    /** Include expired records */
+    include_expired?: boolean;
+}
+/**
+ * Registry storage format
+ */
+export interface RegistryData {
+    /** Schema version */
+    version: number;
+    /** Last updated timestamp */
+    updated_at: string;
+    /** Trust records */
+    records: TrustRecord[];
+}
+/**
+ * Check if a record is expired
+ */
+export declare function isRecordExpired(record: TrustRecord): boolean;
+/**
+ * Check if skill matches a record (considering hash)
+ */
+export declare function skillMatchesRecord(skill: SkillIdentity, record: TrustRecord): boolean;
+//# sourceMappingURL=registry.d.ts.map

package/dist/types/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/types/registry.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEjE;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,WAAW,GAAG,YAAY,GAAG,SAAS,CAAC;AAEhE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,8CAA8C;IAC9C,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB;IACnB,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,sCAAsC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,qBAAqB;IACrB,KAAK,EAAE,aAAa,CAAC;IACrB,kBAAkB;IAClB,WAAW,EAAE,UAAU,CAAC;IACxB,0BAA0B;IAC1B,YAAY,EAAE,eAAe,CAAC;IAC9B,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,MAAM,EAAE,UAAU,CAAC;IACnB,oBAAoB;IACpB,MAAM,EAAE,YAAY,CAAC;IACrB,wBAAwB;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,qBAAqB;IACrB,KAAK,EAAE,aAAa,CAAC;IACrB,4BAA4B;IAC5B,WAAW,EAAE,UAAU,CAAC;IACxB,4BAA4B;IAC5B,YAAY,EAAE,eAAe,CAAC;IAC9B,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yBAAyB;IACzB,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;CACzC;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0BAA0B;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,4BAA4B;IAC5B,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,uBAAuB;IACvB,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,+BAA+B;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,8BAA8B;IAC9B,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB;IACpB,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAG5D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,GAAG,OAAO,CAMrF"}

package/dist/types/registry.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isRecordExpired = isRecordExpired;
+exports.skillMatchesRecord = skillMatchesRecord;
+/**
+ * Check if a record is expired
+ */
+function isRecordExpired(record) {
+    if (!record.expires_at)
+        return false;
+    return new Date(record.expires_at) < new Date();
+}
+/**
+ * Check if skill matches a record (considering hash)
+ */
+function skillMatchesRecord(skill, record) {
+    return (skill.source === record.skill.source &&
+        skill.version_ref === record.skill.version_ref &&
+        skill.artifact_hash === record.skill.artifact_hash);
+}
+//# sourceMappingURL=registry.js.map

package/dist/types/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/types/registry.ts"],"names":[],"mappings":";;AA2GA,0CAGC;AAKD,gDAMC;AAjBD;;GAEG;AACH,SAAgB,eAAe,CAAC,MAAmB;IACjD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IACrC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,KAAoB,EAAE,MAAmB;IAC1E,OAAO,CACL,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,KAAK,CAAC,MAAM;QACpC,KAAK,CAAC,WAAW,KAAK,MAAM,CAAC,KAAK,CAAC,WAAW;QAC9C,KAAK,CAAC,aAAa,KAAK,MAAM,CAAC,KAAK,CAAC,aAAa,CACnD,CAAC;AACJ,CAAC"}

package/dist/types/scanner.d.ts

@@ -0,0 +1,88 @@
+import type { SkillIdentity } from './skill.js';
+/**
+ * Risk levels for scan results
+ */
+export type RiskLevel = 'low' | 'medium' | 'high' | 'critical';
+/**
+ * Risk tag identifiers
+ */
+export type RiskTag = 'SHELL_EXEC' | 'REMOTE_LOADER' | 'AUTO_UPDATE' | 'READ_ENV_SECRETS' | 'READ_SSH_KEYS' | 'READ_KEYCHAIN' | 'NET_EXFIL_UNRESTRICTED' | 'WEBHOOK_EXFIL' | 'OBFUSCATION' | 'PROMPT_INJECTION' | 'PRIVATE_KEY_PATTERN' | 'MNEMONIC_PATTERN' | 'WALLET_DRAINING' | 'UNLIMITED_APPROVAL' | 'DANGEROUS_SELFDESTRUCT' | 'HIDDEN_TRANSFER' | 'PROXY_UPGRADE' | 'FLASH_LOAN_RISK' | 'REENTRANCY_PATTERN' | 'SIGNATURE_REPLAY';
+/**
+ * Evidence of a detected risk
+ */
+export interface ScanEvidence {
+    /** Risk tag that was triggered */
+    tag: RiskTag;
+    /** File path relative to scan root */
+    file: string;
+    /** Line number (1-indexed) */
+    line: number;
+    /** Matched content (truncated if too long) */
+    match: string;
+    /** Additional context */
+    context?: string;
+}
+/**
+ * Scan payload types
+ */
+export type ScanPayloadType = 'dir' | 'zip' | 'repo_url';
+/**
+ * Scan request payload
+ */
+export interface ScanPayload {
+    /** Skill identity */
+    skill: SkillIdentity;
+    /** Payload to scan */
+    payload: {
+        type: ScanPayloadType;
+        ref: string;
+    };
+    /** Scan options */
+    options?: {
+        /** Hint for languages to scan */
+        language_hint?: string[];
+        /** Enable deep analysis (slower) */
+        deep?: boolean;
+    };
+}
+/**
+ * Scan result
+ */
+export interface ScanResult {
+    /** Overall risk level */
+    risk_level: RiskLevel;
+    /** All detected risk tags */
+    risk_tags: RiskTag[];
+    /** Detailed evidence for each finding */
+    evidence: ScanEvidence[];
+    /** Human-readable summary */
+    summary: string;
+    /** Scan metadata */
+    metadata?: {
+        files_scanned: number;
+        scan_duration_ms: number;
+        scan_time: string;
+    };
+}
+/**
+ * Rule definition for the scanner
+ */
+export interface ScanRule {
+    /** Rule identifier */
+    id: RiskTag;
+    /** Rule description */
+    description: string;
+    /** Risk level when triggered */
+    severity: RiskLevel;
+    /** File patterns to scan (glob) */
+    file_patterns: string[];
+    /** Detection patterns (regex) */
+    patterns: RegExp[];
+    /** Optional validator function for complex rules */
+    validator?: (content: string, match: RegExpMatchArray) => boolean;
+}
+/**
+ * Calculate overall risk level from tags
+ */
+export declare function calculateRiskLevel(tags: RiskTag[], rules: ScanRule[]): RiskLevel;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/types/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/types/scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/D;;GAEG;AACH,MAAM,MAAM,OAAO,GAEf,YAAY,GACZ,eAAe,GACf,aAAa,GAEb,kBAAkB,GAClB,eAAe,GACf,eAAe,GAEf,wBAAwB,GACxB,eAAe,GAEf,aAAa,GAEb,kBAAkB,GAElB,qBAAqB,GACrB,kBAAkB,GAClB,iBAAiB,GACjB,oBAAoB,GACpB,wBAAwB,GACxB,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,oBAAoB,GACpB,kBAAkB,CAAC;AAEvB;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kCAAkC;IAClC,GAAG,EAAE,OAAO,CAAC;IACb,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,8CAA8C;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,yBAAyB;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG,KAAK,GAAG,KAAK,GAAG,UAAU,CAAC;AAEzD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,qBAAqB;IACrB,KAAK,EAAE,aAAa,CAAC;IACrB,sBAAsB;IACtB,OAAO,EAAE;QACP,IAAI,EAAE,eAAe,CAAC;QACtB,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,mBAAmB;IACnB,OAAO,CAAC,EAAE;QACR,iCAAiC;QACjC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;QACzB,oCAAoC;QACpC,IAAI,CAAC,EAAE,OAAO,CAAC;KAChB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,6BAA6B;IAC7B,SAAS,EAAE,OAAO,EAAE,CAAC;IACrB,yCAAyC;IACzC,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,oBAAoB;IACpB,QAAQ,CAAC,EAAE;QACT,aAAa,EAAE,MAAM,CAAC;QACtB,gBAAgB,EAAE,MAAM,CAAC;QACzB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,sBAAsB;IACtB,EAAE,EAAE,OAAO,CAAC;IACZ,uBAAuB;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,gCAAgC;IAChC,QAAQ,EAAE,SAAS,CAAC;IACpB,mCAAmC;IACnC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,iCAAiC;IACjC,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,oDAAoD;IACpD,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,KAAK,OAAO,CAAC;CACnE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,SAAS,CAUhF"}

package/dist/types/scanner.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateRiskLevel = calculateRiskLevel;
+/**
+ * Calculate overall risk level from tags
+ */
+function calculateRiskLevel(tags, rules) {
+    const severities = tags.map((tag) => {
+        const rule = rules.find((r) => r.id === tag);
+        return rule?.severity ?? 'low';
+    });
+    if (severities.includes('critical'))
+        return 'critical';
+    if (severities.includes('high'))
+        return 'high';
+    if (severities.includes('medium'))
+        return 'medium';
+    return 'low';
+}
+//# sourceMappingURL=scanner.js.map

package/dist/types/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/types/scanner.ts"],"names":[],"mappings":";;AAwHA,gDAUC;AAbD;;GAEG;AACH,SAAgB,kBAAkB,CAAC,IAAe,EAAE,KAAiB;IACnE,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAClC,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC;QAC7C,OAAO,IAAI,EAAE,QAAQ,IAAI,KAAK,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,IAAI,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAC;IACvD,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC/C,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAC;IACnD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/types/skill.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Skill Identity - Strong binding to source + version + hash
+ */
+export interface SkillIdentity {
+    /** Skill name identifier */
+    id: string;
+    /** Source repository (e.g., github.com/org/repo) */
+    source: string;
+    /** Version reference (e.g., v1.0.0) */
+    version_ref: string;
+    /** Artifact hash (e.g., sha256:abc...) */
+    artifact_hash: string;
+}
+/**
+ * Web3 capability configuration
+ */
+export interface Web3Capability {
+    /** Allowed chain IDs */
+    chains_allowlist: number[];
+    /** Allowed RPC endpoints */
+    rpc_allowlist: string[];
+    /** Transaction policy */
+    tx_policy: 'allow' | 'confirm_high_risk' | 'deny';
+}
+/**
+ * Capability Model - Minimum privilege snapshot
+ */
+export interface CapabilityModel {
+    /** Allowed network domains (supports wildcards like *.example.com) */
+    network_allowlist: string[];
+    /** Allowed filesystem paths */
+    filesystem_allowlist: string[];
+    /** Command execution permission */
+    exec: 'allow' | 'deny';
+    /** Allowed secrets (env var names) */
+    secrets_allowlist: string[];
+    /** Web3 specific capabilities */
+    web3?: Web3Capability;
+}
+/**
+ * Default capability model - most restrictive
+ */
+export declare const DEFAULT_CAPABILITY: CapabilityModel;
+/**
+ * Generate record key from skill identity
+ */
+export declare function generateRecordKey(skill: SkillIdentity): string;
+/**
+ * Validate skill identity
+ */
+export declare function validateSkillIdentity(skill: unknown): skill is SkillIdentity;
+//# sourceMappingURL=skill.d.ts.map

package/dist/types/skill.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill.d.ts","sourceRoot":"","sources":["../../src/types/skill.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,oDAAoD;IACpD,MAAM,EAAE,MAAM,CAAC;IACf,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wBAAwB;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,4BAA4B;IAC5B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,yBAAyB;IACzB,SAAS,EAAE,OAAO,GAAG,mBAAmB,GAAG,MAAM,CAAC;CACnD;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,sEAAsE;IACtE,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,+BAA+B;IAC/B,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,mCAAmC;IACnC,IAAI,EAAE,OAAO,GAAG,MAAM,CAAC;IACvB,sCAAsC;IACtC,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,iCAAiC;IACjC,IAAI,CAAC,EAAE,cAAc,CAAC;CACvB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,eAKhC,CAAC;AAEF;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAE9D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,aAAa,CAS5E"}

package/dist/types/skill.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CAPABILITY = void 0;
+exports.generateRecordKey = generateRecordKey;
+exports.validateSkillIdentity = validateSkillIdentity;
+/**
+ * Default capability model - most restrictive
+ */
+exports.DEFAULT_CAPABILITY = {
+    network_allowlist: [],
+    filesystem_allowlist: [],
+    exec: 'deny',
+    secrets_allowlist: [],
+};
+/**
+ * Generate record key from skill identity
+ */
+function generateRecordKey(skill) {
+    return `${skill.source}@${skill.version_ref}#${skill.artifact_hash}`;
+}
+/**
+ * Validate skill identity
+ */
+function validateSkillIdentity(skill) {
+    if (!skill || typeof skill !== 'object')
+        return false;
+    const s = skill;
+    return (typeof s.id === 'string' &&
+        typeof s.source === 'string' &&
+        typeof s.version_ref === 'string' &&
+        typeof s.artifact_hash === 'string');
+}
+//# sourceMappingURL=skill.js.map