@goplus/agentguard 1.0.0

package/dist/scanner/index.js

@@ -0,0 +1,349 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanner = exports.SkillScanner = void 0;
+const child_process_1 = require("child_process");
+const crypto = __importStar(require("crypto"));
+const file_walker_js_1 = require("./file-walker.js");
+const index_js_1 = require("./rules/index.js");
+/**
+ * Skill Scanner - Module A
+ * Scans skill code for security risks
+ */
+class SkillScanner {
+    options;
+    externalScannerAvailable = null;
+    constructor(options = {}) {
+        this.options = {
+            useExternalScanner: true,
+            deep: false,
+            ...options,
+        };
+    }
+    /**
+     * Check if cisco-ai-defense/skill-scanner is installed
+     */
+    async checkExternalScanner() {
+        if (this.externalScannerAvailable !== null) {
+            return this.externalScannerAvailable;
+        }
+        return new Promise((resolve) => {
+            const proc = (0, child_process_1.spawn)('skill-scanner', ['--version'], {
+                shell: true,
+                stdio: 'pipe',
+            });
+            proc.on('error', () => {
+                this.externalScannerAvailable = false;
+                resolve(false);
+            });
+            proc.on('close', (code) => {
+                this.externalScannerAvailable = code === 0;
+                resolve(code === 0);
+            });
+        });
+    }
+    /**
+     * Run external skill-scanner CLI
+     */
+    async runExternalScanner(dirPath) {
+        return new Promise((resolve) => {
+            const args = ['scan', dirPath, '--format', 'json'];
+            if (this.options.deep) {
+                args.push('--use-behavioral');
+            }
+            const proc = (0, child_process_1.spawn)('skill-scanner', args, {
+                shell: true,
+                stdio: ['ignore', 'pipe', 'pipe'],
+            });
+            let stdout = '';
+            let stderr = '';
+            proc.stdout?.on('data', (data) => {
+                stdout += data.toString();
+            });
+            proc.stderr?.on('data', (data) => {
+                stderr += data.toString();
+            });
+            proc.on('error', () => {
+                resolve(null);
+            });
+            proc.on('close', (code) => {
+                if (code !== 0 && code !== 1) {
+                    // code 1 means findings detected
+                    console.warn('External scanner failed:', stderr);
+                    resolve(null);
+                    return;
+                }
+                try {
+                    const result = this.parseExternalResult(stdout);
+                    resolve(result);
+                }
+                catch (err) {
+                    console.warn('Failed to parse external scanner result:', err);
+                    resolve(null);
+                }
+            });
+        });
+    }
+    /**
+     * Parse external skill-scanner JSON output
+     */
+    parseExternalResult(jsonOutput) {
+        // Try to extract JSON from output (may contain non-JSON text)
+        const jsonMatch = jsonOutput.match(/\{[\s\S]*\}/);
+        if (!jsonMatch) {
+            throw new Error('No JSON found in output');
+        }
+        const data = JSON.parse(jsonMatch[0]);
+        // Map external findings to our format
+        const evidence = [];
+        const riskTags = new Set();
+        if (data.findings && Array.isArray(data.findings)) {
+            for (const finding of data.findings) {
+                // Map finding type to our risk tags
+                const tag = this.mapExternalFindingToTag(finding.type || finding.category);
+                if (tag) {
+                    riskTags.add(tag);
+                    evidence.push({
+                        tag,
+                        file: finding.file || finding.location?.file || 'unknown',
+                        line: finding.line || finding.location?.line || 0,
+                        match: finding.match || finding.description || '',
+                        context: finding.context,
+                    });
+                }
+            }
+        }
+        // Determine risk level
+        const riskLevel = this.calculateRiskLevel(Array.from(riskTags));
+        return {
+            risk_level: riskLevel,
+            risk_tags: Array.from(riskTags),
+            evidence,
+            summary: data.summary || `Found ${evidence.length} security findings`,
+            metadata: {
+                files_scanned: data.files_scanned || 0,
+                scan_duration_ms: data.duration_ms || 0,
+                scan_time: new Date().toISOString(),
+            },
+        };
+    }
+    /**
+     * Map external finding type to our risk tags
+     */
+    mapExternalFindingToTag(externalType) {
+        const mapping = {
+            'command-injection': 'SHELL_EXEC',
+            'code-execution': 'SHELL_EXEC',
+            'remote-code-loading': 'REMOTE_LOADER',
+            'dynamic-import': 'REMOTE_LOADER',
+            'env-access': 'READ_ENV_SECRETS',
+            'secret-access': 'READ_ENV_SECRETS',
+            'ssh-key-access': 'READ_SSH_KEYS',
+            'credential-access': 'READ_KEYCHAIN',
+            'data-exfiltration': 'NET_EXFIL_UNRESTRICTED',
+            'webhook-exfil': 'WEBHOOK_EXFIL',
+            'obfuscation': 'OBFUSCATION',
+            'prompt-injection': 'PROMPT_INJECTION',
+            'private-key': 'PRIVATE_KEY_PATTERN',
+            'mnemonic': 'MNEMONIC_PATTERN',
+        };
+        return mapping[externalType?.toLowerCase()] || null;
+    }
+    /**
+     * Run built-in scanner
+     */
+    async runBuiltinScanner(dirPath) {
+        const startTime = Date.now();
+        const files = await (0, file_walker_js_1.walkDirectory)(dirPath);
+        const evidence = [];
+        const riskTags = new Set();
+        const allRules = [...index_js_1.ALL_RULES, ...(this.options.additionalRules || [])];
+        for (const file of files) {
+            const rules = (0, index_js_1.getRulesForExtension)(file.extension);
+            for (const rule of rules) {
+                for (const pattern of rule.patterns) {
+                    const lines = file.content.split('\n');
+                    for (let i = 0; i < lines.length; i++) {
+                        const line = lines[i];
+                        const match = line.match(pattern);
+                        if (match) {
+                            // Run validator if present
+                            if (rule.validator && !rule.validator(file.content, match)) {
+                                continue;
+                            }
+                            riskTags.add(rule.id);
+                            evidence.push({
+                                tag: rule.id,
+                                file: file.relativePath,
+                                line: i + 1,
+                                match: match[0].slice(0, 100), // Truncate long matches
+                            });
+                        }
+                    }
+                }
+            }
+        }
+        const riskLevel = this.calculateRiskLevel(Array.from(riskTags));
+        return {
+            risk_level: riskLevel,
+            risk_tags: Array.from(riskTags),
+            evidence,
+            summary: this.generateSummary(riskTags, evidence),
+            metadata: {
+                files_scanned: files.length,
+                scan_duration_ms: Date.now() - startTime,
+                scan_time: new Date().toISOString(),
+            },
+        };
+    }
+    /**
+     * Calculate risk level from tags
+     */
+    calculateRiskLevel(tags) {
+        const allRules = [...index_js_1.ALL_RULES, ...(this.options.additionalRules || [])];
+        for (const tag of tags) {
+            const rule = allRules.find((r) => r.id === tag);
+            if (rule?.severity === 'critical')
+                return 'critical';
+        }
+        for (const tag of tags) {
+            const rule = allRules.find((r) => r.id === tag);
+            if (rule?.severity === 'high')
+                return 'high';
+        }
+        for (const tag of tags) {
+            const rule = allRules.find((r) => r.id === tag);
+            if (rule?.severity === 'medium')
+                return 'medium';
+        }
+        return 'low';
+    }
+    /**
+     * Generate human-readable summary
+     */
+    generateSummary(tags, evidence) {
+        if (tags.size === 0) {
+            return 'No security issues detected';
+        }
+        const parts = [];
+        if (tags.has('SHELL_EXEC') || tags.has('REMOTE_LOADER')) {
+            parts.push('code execution capabilities');
+        }
+        if (tags.has('PRIVATE_KEY_PATTERN') || tags.has('MNEMONIC_PATTERN')) {
+            parts.push('hardcoded secrets');
+        }
+        if (tags.has('PROMPT_INJECTION')) {
+            parts.push('prompt injection attempts');
+        }
+        if (tags.has('WALLET_DRAINING') || tags.has('UNLIMITED_APPROVAL')) {
+            parts.push('dangerous Web3 patterns');
+        }
+        if (tags.has('WEBHOOK_EXFIL') || tags.has('NET_EXFIL_UNRESTRICTED')) {
+            parts.push('data exfiltration risks');
+        }
+        return `Found ${evidence.length} findings: ${parts.join(', ') || 'various security concerns'}`;
+    }
+    /**
+     * Calculate artifact hash for a directory
+     */
+    async calculateArtifactHash(dirPath) {
+        const files = await (0, file_walker_js_1.walkDirectory)(dirPath);
+        const hash = crypto.createHash('sha256');
+        // Sort files for consistent hashing
+        files.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+        for (const file of files) {
+            hash.update(file.relativePath);
+            hash.update(file.content);
+        }
+        return `sha256:${hash.digest('hex')}`;
+    }
+    /**
+     * Main scan method
+     */
+    async scan(payload) {
+        const { skill, payload: scanPayload, options } = payload;
+        // Validate payload
+        if (scanPayload.type !== 'dir') {
+            // For now, only support directory scanning
+            // TODO: Support zip and repo_url
+            throw new Error(`Unsupported payload type: ${scanPayload.type}. Only 'dir' is supported.`);
+        }
+        const dirPath = scanPayload.ref.replace('file://', '');
+        // Check if directory exists
+        if (!(await (0, file_walker_js_1.pathExists)(dirPath))) {
+            throw new Error(`Directory not found: ${dirPath}`);
+        }
+        if (!(await (0, file_walker_js_1.isDirectory)(dirPath))) {
+            throw new Error(`Path is not a directory: ${dirPath}`);
+        }
+        // Try external scanner first if enabled
+        if (this.options.useExternalScanner) {
+            const externalAvailable = await this.checkExternalScanner();
+            if (externalAvailable) {
+                const externalResult = await this.runExternalScanner(dirPath);
+                if (externalResult) {
+                    return externalResult;
+                }
+            }
+        }
+        // Fall back to built-in scanner
+        return this.runBuiltinScanner(dirPath);
+    }
+    /**
+     * Quick scan - scan and return basic info
+     */
+    async quickScan(dirPath) {
+        const hash = await this.calculateArtifactHash(dirPath);
+        const skill = {
+            id: 'unknown',
+            source: dirPath,
+            version_ref: 'unknown',
+            artifact_hash: hash,
+        };
+        const result = await this.scan({
+            skill,
+            payload: { type: 'dir', ref: dirPath },
+        });
+        return {
+            risk_level: result.risk_level,
+            risk_tags: result.risk_tags,
+            summary: result.summary,
+        };
+    }
+}
+exports.SkillScanner = SkillScanner;
+// Export singleton instance
+exports.scanner = new SkillScanner();
+//# sourceMappingURL=index.js.map

package/dist/scanner/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/scanner/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAsC;AACtC,+CAAiC;AAUjC,qDAA0E;AAC1E,+CAAmE;AAcnE;;;GAGG;AACH,MAAa,YAAY;IACf,OAAO,CAAiB;IACxB,wBAAwB,GAAmB,IAAI,CAAC;IAExD,YAAY,UAA0B,EAAE;QACtC,IAAI,CAAC,OAAO,GAAG;YACb,kBAAkB,EAAE,IAAI;YACxB,IAAI,EAAE,KAAK;YACX,GAAG,OAAO;SACX,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,oBAAoB;QAChC,IAAI,IAAI,CAAC,wBAAwB,KAAK,IAAI,EAAE,CAAC;YAC3C,OAAO,IAAI,CAAC,wBAAwB,CAAC;QACvC,CAAC;QAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,IAAA,qBAAK,EAAC,eAAe,EAAE,CAAC,WAAW,CAAC,EAAE;gBACjD,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,MAAM;aACd,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,IAAI,CAAC,wBAAwB,GAAG,KAAK,CAAC;gBACtC,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,CAAC,wBAAwB,GAAG,IAAI,KAAK,CAAC,CAAC;gBAC3C,OAAO,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;YACtB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAC,OAAe;QAC9C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;YAEnD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAChC,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,qBAAK,EAAC,eAAe,EAAE,IAAI,EAAE;gBACxC,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC/B,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACxB,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBAC7B,iCAAiC;oBACjC,OAAO,CAAC,IAAI,CAAC,0BAA0B,EAAE,MAAM,CAAC,CAAC;oBACjD,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;oBAChD,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,IAAI,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC;oBAC9D,OAAO,CAAC,IAAI,CAAC,CAAC;gBAChB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,UAAkB;QAC5C,8DAA8D;QAC9D,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAEtC,sCAAsC;QACtC,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAiB,IAAI,GAAG,EAAE,CAAC;QAEzC,IAAI,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACpC,oCAAoC;gBACpC,MAAM,GAAG,GAAG,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC;gBAC3E,IAAI,GAAG,EAAE,CAAC;oBACR,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;oBAClB,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG;wBACH,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS;wBACzD,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC;wBACjD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,WAAW,IAAI,EAAE;wBACjD,OAAO,EAAE,OAAO,CAAC,OAAO;qBACzB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC/B,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,SAAS,QAAQ,CAAC,MAAM,oBAAoB;YACrE,QAAQ,EAAE;gBACR,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,CAAC;gBACtC,gBAAgB,EAAE,IAAI,CAAC,WAAW,IAAI,CAAC;gBACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,uBAAuB,CAAC,YAAoB;QAClD,MAAM,OAAO,GAA4B;YACvC,mBAAmB,EAAE,YAAY;YACjC,gBAAgB,EAAE,YAAY;YAC9B,qBAAqB,EAAE,eAAe;YACtC,gBAAgB,EAAE,eAAe;YACjC,YAAY,EAAE,kBAAkB;YAChC,eAAe,EAAE,kBAAkB;YACnC,gBAAgB,EAAE,eAAe;YACjC,mBAAmB,EAAE,eAAe;YACpC,mBAAmB,EAAE,wBAAwB;YAC7C,eAAe,EAAE,eAAe;YAChC,aAAa,EAAE,aAAa;YAC5B,kBAAkB,EAAE,kBAAkB;YACtC,aAAa,EAAE,qBAAqB;YACpC,UAAU,EAAE,kBAAkB;SAC/B,CAAC;QAEF,OAAO,OAAO,CAAC,YAAY,EAAE,WAAW,EAAE,CAAC,IAAI,IAAI,CAAC;IACtD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,OAAe;QAC7C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAA,8BAAa,EAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAiB,IAAI,GAAG,EAAE,CAAC;QAEzC,MAAM,QAAQ,GAAG,CAAC,GAAG,oBAAS,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC;QAEzE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAA,+BAAoB,EAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAEnD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACpC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAEvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;wBACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;wBAElC,IAAI,KAAK,EAAE,CAAC;4BACV,2BAA2B;4BAC3B,IAAI,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;gCAC3D,SAAS;4BACX,CAAC;4BAED,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;4BACtB,QAAQ,CAAC,IAAI,CAAC;gCACZ,GAAG,EAAE,IAAI,CAAC,EAAE;gCACZ,IAAI,EAAE,IAAI,CAAC,YAAY;gCACvB,IAAI,EAAE,CAAC,GAAG,CAAC;gCACX,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,wBAAwB;6BACxD,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAEhE,OAAO;YACL,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC/B,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC;YACjD,QAAQ,EAAE;gBACR,aAAa,EAAE,KAAK,CAAC,MAAM;gBAC3B,gBAAgB,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBACxC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,kBAAkB,CAAC,IAAe;QACxC,MAAM,QAAQ,GAAG,CAAC,GAAG,oBAAS,EAAE,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,CAAC;QAEzE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,EAAE,QAAQ,KAAK,UAAU;gBAAE,OAAO,UAAU,CAAC;QACvD,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,EAAE,QAAQ,KAAK,MAAM;gBAAE,OAAO,MAAM,CAAC;QAC/C,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC;YAChD,IAAI,IAAI,EAAE,QAAQ,KAAK,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QACnD,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,IAAkB,EAAE,QAAwB;QAClE,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACpB,OAAO,6BAA6B,CAAC;QACvC,CAAC;QAED,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,IAAI,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;YACxD,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACpE,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAClC,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACjC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC1C,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAClE,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACxC,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,wBAAwB,CAAC,EAAE,CAAC;YACpE,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,SAAS,QAAQ,CAAC,MAAM,cAAc,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,2BAA2B,EAAE,CAAC;IACjG,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,qBAAqB,CAAC,OAAe;QACzC,MAAM,KAAK,GAAG,MAAM,IAAA,8BAAa,EAAC,OAAO,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAEzC,oCAAoC;QACpC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QAEnE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,UAAU,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,OAAoB;QAC7B,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAEzD,mBAAmB;QACnB,IAAI,WAAW,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC/B,2CAA2C;YAC3C,iCAAiC;YACjC,MAAM,IAAI,KAAK,CAAC,6BAA6B,WAAW,CAAC,IAAI,4BAA4B,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAEvD,4BAA4B;QAC5B,IAAI,CAAC,CAAC,MAAM,IAAA,2BAAU,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,CAAC,MAAM,IAAA,4BAAW,EAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;QACzD,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC;YACpC,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAE5D,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;gBAC9D,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,cAAc,CAAC;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,OAAO,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CAAC,OAAe;QAK7B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,KAAK,GAAkB;YAC3B,EAAE,EAAE,SAAS;YACb,MAAM,EAAE,OAAO;YACf,WAAW,EAAE,SAAS;YACtB,aAAa,EAAE,IAAI;SACpB,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC;YAC7B,KAAK;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE;SACvC,CAAC,CAAC;QAEH,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,CAAC;IACJ,CAAC;CACF;AAnWD,oCAmWC;AAED,4BAA4B;AACf,QAAA,OAAO,GAAG,IAAI,YAAY,EAAE,CAAC"}

package/dist/scanner/rules/exfiltration.d.ts

@@ -0,0 +1,6 @@
+import type { ScanRule } from '../../types/scanner.js';
+/**
+ * Data exfiltration detection rules
+ */
+export declare const EXFILTRATION_RULES: ScanRule[];
+//# sourceMappingURL=exfiltration.d.ts.map

package/dist/scanner/rules/exfiltration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exfiltration.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/exfiltration.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEvD;;GAEG;AACH,eAAO,MAAM,kBAAkB,EAAE,QAAQ,EAwCxC,CAAC"}

package/dist/scanner/rules/exfiltration.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EXFILTRATION_RULES = void 0;
+/**
+ * Data exfiltration detection rules
+ */
+exports.EXFILTRATION_RULES = [
+    {
+        id: 'NET_EXFIL_UNRESTRICTED',
+        description: 'Detects unrestricted network data exfiltration',
+        severity: 'high',
+        file_patterns: ['*.js', '*.ts', '*.mjs', '*.py'],
+        patterns: [
+            // Generic POST requests (may need context analysis)
+            /fetch\s*\([^)]+,\s*\{[^}]*method\s*:\s*['"`]POST['"`]/,
+            /axios\.post\s*\(/,
+            /requests\.post\s*\(/,
+            /http\.request\s*\([^)]*method\s*:\s*['"`]POST['"`]/,
+            // FormData upload
+            /new\s+FormData\s*\(/,
+            // File upload patterns
+            /enctype\s*[:=]\s*['"`]multipart\/form-data['"`]/,
+        ],
+    },
+    {
+        id: 'WEBHOOK_EXFIL',
+        description: 'Detects webhook-based data exfiltration',
+        severity: 'critical',
+        file_patterns: ['*'],
+        patterns: [
+            // Discord webhooks
+            /discord(?:app)?\.com\/api\/webhooks/i,
+            /discordapp\.com\/api\/webhooks/i,
+            // Telegram bot API
+            /api\.telegram\.org\/bot/i,
+            /telegram-bot-api/i,
+            // Slack webhooks
+            /hooks\.slack\.com/i,
+            // Generic webhook patterns
+            /webhook\s*[:=]\s*['"`]https?:/i,
+            /ngrok\.io/i,
+            /requestbin/i,
+            /pipedream/i,
+            /webhook\.site/i,
+        ],
+    },
+];
+//# sourceMappingURL=exfiltration.js.map

package/dist/scanner/rules/exfiltration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exfiltration.js","sourceRoot":"","sources":["../../../src/scanner/rules/exfiltration.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACU,QAAA,kBAAkB,GAAe;IAC5C;QACE,EAAE,EAAE,wBAAwB;QAC5B,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC;QAChD,QAAQ,EAAE;YACR,oDAAoD;YACpD,uDAAuD;YACvD,kBAAkB;YAClB,qBAAqB;YACrB,oDAAoD;YACpD,kBAAkB;YAClB,qBAAqB;YACrB,uBAAuB;YACvB,iDAAiD;SAClD;KACF;IACD;QACE,EAAE,EAAE,eAAe;QACnB,WAAW,EAAE,yCAAyC;QACtD,QAAQ,EAAE,UAAU;QACpB,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,QAAQ,EAAE;YACR,mBAAmB;YACnB,sCAAsC;YACtC,iCAAiC;YACjC,mBAAmB;YACnB,0BAA0B;YAC1B,mBAAmB;YACnB,iBAAiB;YACjB,oBAAoB;YACpB,2BAA2B;YAC3B,gCAAgC;YAChC,YAAY;YACZ,aAAa;YACb,YAAY;YACZ,gBAAgB;SACjB;KACF;CACF,CAAC"}

package/dist/scanner/rules/index.d.ts

@@ -0,0 +1,18 @@
+import type { ScanRule, RiskTag } from '../../types/scanner.js';
+/**
+ * All built-in scan rules
+ */
+export declare const ALL_RULES: ScanRule[];
+/**
+ * Get rules by severity
+ */
+export declare function getRulesBySeverity(severity: 'low' | 'medium' | 'high' | 'critical'): ScanRule[];
+/**
+ * Get rule by ID
+ */
+export declare function getRuleById(id: RiskTag): ScanRule | undefined;
+/**
+ * Get rules for specific file extension
+ */
+export declare function getRulesForExtension(extension: string): ScanRule[];
+//# sourceMappingURL=index.d.ts.map

package/dist/scanner/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AAWhE;;GAEG;AACH,eAAO,MAAM,SAAS,EAAE,QAAQ,EAQ/B,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,EAAE,CAE/F;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,EAAE,EAAE,OAAO,GAAG,QAAQ,GAAG,SAAS,CAE7D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,QAAQ,EAAE,CAUlE"}

package/dist/scanner/rules/index.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ALL_RULES = void 0;
+exports.getRulesBySeverity = getRulesBySeverity;
+exports.getRuleById = getRuleById;
+exports.getRulesForExtension = getRulesForExtension;
+// Import all rule modules
+const shell_exec_js_1 = require("./shell-exec.js");
+const remote_loader_js_1 = require("./remote-loader.js");
+const secrets_js_1 = require("./secrets.js");
+const web3_js_1 = require("./web3.js");
+const obfuscation_js_1 = require("./obfuscation.js");
+const prompt_injection_js_1 = require("./prompt-injection.js");
+const exfiltration_js_1 = require("./exfiltration.js");
+/**
+ * All built-in scan rules
+ */
+exports.ALL_RULES = [
+    ...shell_exec_js_1.SHELL_EXEC_RULES,
+    ...remote_loader_js_1.REMOTE_LOADER_RULES,
+    ...secrets_js_1.SECRETS_RULES,
+    ...web3_js_1.WEB3_RULES,
+    ...obfuscation_js_1.OBFUSCATION_RULES,
+    ...prompt_injection_js_1.PROMPT_INJECTION_RULES,
+    ...exfiltration_js_1.EXFILTRATION_RULES,
+];
+/**
+ * Get rules by severity
+ */
+function getRulesBySeverity(severity) {
+    return exports.ALL_RULES.filter(rule => rule.severity === severity);
+}
+/**
+ * Get rule by ID
+ */
+function getRuleById(id) {
+    return exports.ALL_RULES.find(rule => rule.id === id);
+}
+/**
+ * Get rules for specific file extension
+ */
+function getRulesForExtension(extension) {
+    return exports.ALL_RULES.filter(rule => {
+        return rule.file_patterns.some(pattern => {
+            if (pattern === '*')
+                return true;
+            if (pattern.startsWith('*.')) {
+                return extension === pattern.slice(1);
+            }
+            return false;
+        });
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/scanner/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanner/rules/index.ts"],"names":[],"mappings":";;;AA2BA,gDAEC;AAKD,kCAEC;AAKD,oDAUC;AAjDD,0BAA0B;AAC1B,mDAAmD;AACnD,yDAAyD;AACzD,6CAA6C;AAC7C,uCAAuC;AACvC,qDAAqD;AACrD,+DAA+D;AAC/D,uDAAuD;AAEvD;;GAEG;AACU,QAAA,SAAS,GAAe;IACnC,GAAG,gCAAgB;IACnB,GAAG,sCAAmB;IACtB,GAAG,0BAAa;IAChB,GAAG,oBAAU;IACb,GAAG,kCAAiB;IACpB,GAAG,4CAAsB;IACzB,GAAG,oCAAkB;CACtB,CAAC;AAEF;;GAEG;AACH,SAAgB,kBAAkB,CAAC,QAAgD;IACjF,OAAO,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,EAAW;IACrC,OAAO,iBAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,SAAiB;IACpD,OAAO,iBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE;QAC7B,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;YACvC,IAAI,OAAO,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACjC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,OAAO,SAAS,KAAK,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/scanner/rules/obfuscation.d.ts

@@ -0,0 +1,6 @@
+import type { ScanRule } from '../../types/scanner.js';
+/**
+ * Code obfuscation detection rules
+ */
+export declare const OBFUSCATION_RULES: ScanRule[];
+//# sourceMappingURL=obfuscation.d.ts.map

package/dist/scanner/rules/obfuscation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/obfuscation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEvD;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,QAAQ,EA6BvC,CAAC"}

package/dist/scanner/rules/obfuscation.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OBFUSCATION_RULES = void 0;
+/**
+ * Code obfuscation detection rules
+ */
+exports.OBFUSCATION_RULES = [
+    {
+        id: 'OBFUSCATION',
+        description: 'Detects code obfuscation techniques',
+        severity: 'high',
+        file_patterns: ['*.js', '*.ts', '*.mjs', '*.py'],
+        patterns: [
+            // JavaScript eval
+            /\beval\s*\(/,
+            /new\s+Function\s*\(/,
+            /setTimeout\s*\(\s*['"`]/,
+            /setInterval\s*\(\s*['"`]/,
+            // Base64 decode + execute
+            /atob\s*\([^)]+\).*eval/,
+            /Buffer\.from\s*\([^,]+,\s*['"`]base64['"`]\s*\).*eval/,
+            // Python eval/exec
+            /\bexec\s*\(/,
+            /\beval\s*\(/,
+            /\bcompile\s*\([^)]+,\s*['"`]<[^>]+>['"`],\s*['"`]exec['"`]\s*\)/,
+            // Hex encoding patterns
+            /\\x[0-9a-fA-F]{2}(?:\\x[0-9a-fA-F]{2}){10,}/,
+            // Unicode encoding patterns
+            /\\u[0-9a-fA-F]{4}(?:\\u[0-9a-fA-F]{4}){10,}/,
+            // Character code obfuscation
+            /String\.fromCharCode\s*\(\s*\d+(?:\s*,\s*\d+){10,}\s*\)/,
+            // Packed JavaScript
+            /eval\s*\(\s*function\s*\(\s*p\s*,\s*a\s*,\s*c\s*,\s*k\s*,\s*e\s*,\s*[dr]\s*\)/,
+        ],
+    },
+];
+//# sourceMappingURL=obfuscation.js.map

package/dist/scanner/rules/obfuscation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"obfuscation.js","sourceRoot":"","sources":["../../../src/scanner/rules/obfuscation.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACU,QAAA,iBAAiB,GAAe;IAC3C;QACE,EAAE,EAAE,aAAa;QACjB,WAAW,EAAE,qCAAqC;QAClD,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC;QAChD,QAAQ,EAAE;YACR,kBAAkB;YAClB,aAAa;YACb,qBAAqB;YACrB,yBAAyB;YACzB,0BAA0B;YAC1B,0BAA0B;YAC1B,wBAAwB;YACxB,uDAAuD;YACvD,mBAAmB;YACnB,aAAa;YACb,aAAa;YACb,iEAAiE;YACjE,wBAAwB;YACxB,6CAA6C;YAC7C,4BAA4B;YAC5B,6CAA6C;YAC7C,6BAA6B;YAC7B,yDAAyD;YACzD,oBAAoB;YACpB,+EAA+E;SAChF;KACF;CACF,CAAC"}

package/dist/scanner/rules/prompt-injection.d.ts

@@ -0,0 +1,6 @@
+import type { ScanRule } from '../../types/scanner.js';
+/**
+ * Prompt injection detection rules
+ */
+export declare const PROMPT_INJECTION_RULES: ScanRule[];
+//# sourceMappingURL=prompt-injection.d.ts.map

package/dist/scanner/rules/prompt-injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/prompt-injection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEvD;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,QAAQ,EA8B5C,CAAC"}

package/dist/scanner/rules/prompt-injection.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PROMPT_INJECTION_RULES = void 0;
+/**
+ * Prompt injection detection rules
+ */
+exports.PROMPT_INJECTION_RULES = [
+    {
+        id: 'PROMPT_INJECTION',
+        description: 'Detects prompt injection attempts',
+        severity: 'critical',
+        file_patterns: ['*'],
+        patterns: [
+            // Ignore instructions
+            /ignore\s+(previous|all|above|prior)\s+(instructions?|rules?|guidelines?)/i,
+            /disregard\s+(previous|all|above|prior)\s+(instructions?|rules?|guidelines?)/i,
+            /forget\s+(previous|all|above|prior)\s+(instructions?|rules?|guidelines?)/i,
+            // Jailbreak attempts
+            /you\s+are\s+(now|a)\s+(?:DAN|jailbroken|unrestricted)/i,
+            /pretend\s+(?:you\s+are|to\s+be)\s+(?:a\s+)?(?:different|new|unrestricted)/i,
+            /act\s+as\s+(?:if\s+)?(?:you\s+have\s+)?no\s+(?:restrictions?|rules?|limitations?)/i,
+            // Bypass confirmation
+            /(?:no|without|skip)\s+(?:need\s+(?:for\s+)?)?confirm(?:ation)?/i,
+            /bypass\s+(?:security|safety|restrictions?|confirm)/i,
+            /auto(?:matically)?\s+(?:approve|confirm|execute|run)/i,
+            // Role manipulation
+            /you\s+must\s+(?:always\s+)?(?:obey|follow|execute)/i,
+            /system\s*:\s*you\s+are/i,
+            /\[system\].*\[\/system\]/is,
+            // Chinese variations
+            /忽略(?:之前|所有|上面)(?:的)?(?:指令|规则|说明)/,
+            /无需确认/,
+            /自动执行/,
+            /跳过验证/,
+        ],
+    },
+];
+//# sourceMappingURL=prompt-injection.js.map

package/dist/scanner/rules/prompt-injection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection.js","sourceRoot":"","sources":["../../../src/scanner/rules/prompt-injection.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACU,QAAA,sBAAsB,GAAe;IAChD;QACE,EAAE,EAAE,kBAAkB;QACtB,WAAW,EAAE,mCAAmC;QAChD,QAAQ,EAAE,UAAU;QACpB,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,QAAQ,EAAE;YACR,sBAAsB;YACtB,2EAA2E;YAC3E,8EAA8E;YAC9E,2EAA2E;YAC3E,qBAAqB;YACrB,wDAAwD;YACxD,4EAA4E;YAC5E,oFAAoF;YACpF,sBAAsB;YACtB,iEAAiE;YACjE,qDAAqD;YACrD,uDAAuD;YACvD,oBAAoB;YACpB,qDAAqD;YACrD,yBAAyB;YACzB,4BAA4B;YAC5B,qBAAqB;YACrB,kCAAkC;YAClC,MAAM;YACN,MAAM;YACN,MAAM;SACP;KACF;CACF,CAAC"}

package/dist/scanner/rules/remote-loader.d.ts

@@ -0,0 +1,6 @@
+import type { ScanRule } from '../../types/scanner.js';
+/**
+ * Remote code loading detection rules
+ */
+export declare const REMOTE_LOADER_RULES: ScanRule[];
+//# sourceMappingURL=remote-loader.d.ts.map

package/dist/scanner/rules/remote-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-loader.d.ts","sourceRoot":"","sources":["../../../src/scanner/rules/remote-loader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAEvD;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,QAAQ,EAuBzC,CAAC"}