@guava-parity/guard-scanner 13.0.0 → 16.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (96) hide show
  1. package/README.md +170 -215
  2. package/README_ja.md +252 -0
  3. package/SECURITY.md +12 -4
  4. package/SKILL.md +148 -57
  5. package/dist/cli.cjs +5997 -0
  6. package/dist/cli.d.mts +1 -0
  7. package/dist/cli.d.ts +1 -0
  8. package/dist/cli.mjs +6003 -0
  9. package/dist/index.cjs +4825 -0
  10. package/dist/index.d.mts +17 -0
  11. package/dist/index.d.ts +17 -0
  12. package/dist/index.mjs +4798 -0
  13. package/dist/mcp-server.cjs +4756 -0
  14. package/dist/mcp-server.d.mts +1 -0
  15. package/dist/mcp-server.d.ts +1 -0
  16. package/dist/mcp-server.mjs +4767 -0
  17. package/dist/openclaw-plugin.cjs +4863 -0
  18. package/dist/openclaw-plugin.d.mts +11 -0
  19. package/dist/openclaw-plugin.d.ts +11 -0
  20. package/dist/openclaw-plugin.mjs +4854 -0
  21. package/dist/types.cjs +18 -0
  22. package/dist/types.d.mts +215 -0
  23. package/dist/types.d.ts +215 -0
  24. package/dist/types.mjs +1 -0
  25. package/docs/EVIDENCE_DRIVEN.md +182 -0
  26. package/docs/banner.png +0 -0
  27. package/docs/data/benchmark-ledger.json +1428 -0
  28. package/docs/data/corpus-metrics.json +11 -0
  29. package/docs/data/fp-ledger.json +18 -0
  30. package/docs/data/latest.json +25837 -2481
  31. package/docs/data/quality-contract.json +36 -0
  32. package/docs/generated/npm-audit-20260312.json +96 -0
  33. package/docs/generated/openclaw-upstream-status.json +25 -0
  34. package/docs/glossary.md +46 -0
  35. package/docs/index.html +1085 -496
  36. package/docs/logo.png +0 -0
  37. package/docs/openclaw-compatibility-audit.md +45 -0
  38. package/docs/openclaw-continuous-compatibility-plan.md +37 -0
  39. package/docs/rules/a2a-contagion.md +68 -0
  40. package/docs/rules/advanced-exfil.md +52 -0
  41. package/docs/rules/agent-protocol.md +108 -0
  42. package/docs/rules/api-abuse.md +68 -0
  43. package/docs/rules/autonomous-risk.md +92 -0
  44. package/docs/rules/config-impact.md +132 -0
  45. package/docs/rules/credential-handling.md +100 -0
  46. package/docs/rules/cve-patterns.md +332 -0
  47. package/docs/rules/data-exposure.md +84 -0
  48. package/docs/rules/exfiltration.md +36 -0
  49. package/docs/rules/financial-access.md +84 -0
  50. package/docs/rules/identity-hijack.md +140 -0
  51. package/docs/rules/inference-manipulation.md +60 -0
  52. package/docs/rules/leaky-skills.md +52 -0
  53. package/docs/rules/malicious-code.md +108 -0
  54. package/docs/rules/mcp-security.md +148 -0
  55. package/docs/rules/memory-poisoning.md +84 -0
  56. package/docs/rules/model-poisoning.md +44 -0
  57. package/docs/rules/obfuscation.md +60 -0
  58. package/docs/rules/persistence.md +108 -0
  59. package/docs/rules/pii-exposure.md +116 -0
  60. package/docs/rules/prompt-injection.md +148 -0
  61. package/docs/rules/prompt-worm.md +44 -0
  62. package/docs/rules/safeguard-bypass.md +44 -0
  63. package/docs/rules/sandbox-escape.md +100 -0
  64. package/docs/rules/secret-detection.md +44 -0
  65. package/docs/rules/supply-chain-v2.md +92 -0
  66. package/docs/rules/suspicious-download.md +60 -0
  67. package/docs/rules/trust-boundary.md +76 -0
  68. package/docs/rules/trust-exploitation.md +92 -0
  69. package/docs/rules/unverifiable-deps.md +84 -0
  70. package/docs/rules/vdb-injection.md +84 -0
  71. package/docs/security-vulnerability-report-20260312.md +53 -0
  72. package/docs/spec/PRD_V2_ARCHITECTURE.md +55 -0
  73. package/docs/spec/capabilities.json +174 -0
  74. package/docs/spec/finding.schema.json +104 -0
  75. package/docs/spec/integration-manifest.md +39 -0
  76. package/docs/spec/plugin-trust.json +11 -0
  77. package/docs/spec/sbom.json +33 -0
  78. package/docs/threat-model.md +65 -0
  79. package/docs/v13-architecture-manifest.md +55 -0
  80. package/hooks/context.ts +306 -0
  81. package/hooks/guard-scanner/plugin.ts +24 -1
  82. package/openclaw-plugin.mts +107 -0
  83. package/openclaw.plugin.json +30 -53
  84. package/package.json +66 -13
  85. package/src/asset-auditor.js +0 -508
  86. package/src/ci-reporter.js +0 -135
  87. package/src/cli.js +0 -294
  88. package/src/html-template.js +0 -239
  89. package/src/ioc-db.js +0 -54
  90. package/src/mcp-server.js +0 -702
  91. package/src/patterns.js +0 -611
  92. package/src/quarantine.js +0 -41
  93. package/src/runtime-guard.js +0 -346
  94. package/src/scanner.js +0 -1157
  95. package/src/vt-client.js +0 -202
  96. package/src/watcher.js +0 -170
package/dist/index.d.mts ADDED
@@ -0,0 +1,17 @@
1
+ import { GuardScannerConstructor, ScannerOptions, GuardScannerInstance, RuntimeCheckStats, RuntimeDecision } from './types.mjs';
2
+ export { CapabilityMetrics, CustomRule, Finding, GuardMode, McpRequest, PluginConfig, SarifReport, ScanReport, ScanResult, Severity } from './types.mjs';
3
+
4
+ declare const GuardScanner: GuardScannerConstructor;
5
+ declare const VERSION: string;
6
+ declare const THRESHOLDS: Record<string, unknown>;
7
+ declare const SEVERITY_WEIGHTS: Record<string, number>;
8
+ declare const scanToolCall: (toolName: string, params: Record<string, unknown> | string, options?: Record<string, unknown>) => RuntimeDecision;
9
+ declare const RUNTIME_CHECKS: Record<string, unknown>[];
10
+ declare const getCheckStats: () => RuntimeCheckStats;
11
+ declare const LAYER_NAMES: Record<number, string>;
12
+ declare const MCPServer: new () => unknown;
13
+ declare const startServer: () => void;
14
+ declare const TOOLS: Record<string, unknown>[];
15
+ declare function createScanner(options?: ScannerOptions): GuardScannerInstance;
16
+
17
+ export { GuardScanner, GuardScannerConstructor, GuardScannerInstance, LAYER_NAMES, MCPServer, RUNTIME_CHECKS, RuntimeCheckStats, RuntimeDecision, SEVERITY_WEIGHTS, ScannerOptions, THRESHOLDS, TOOLS, VERSION, createScanner, getCheckStats, scanToolCall, startServer };
package/dist/index.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import { GuardScannerConstructor, ScannerOptions, GuardScannerInstance, RuntimeCheckStats, RuntimeDecision } from './types.js';
2
+ export { CapabilityMetrics, CustomRule, Finding, GuardMode, McpRequest, PluginConfig, SarifReport, ScanReport, ScanResult, Severity } from './types.js';
3
+
4
+ declare const GuardScanner: GuardScannerConstructor;
5
+ declare const VERSION: string;
6
+ declare const THRESHOLDS: Record<string, unknown>;
7
+ declare const SEVERITY_WEIGHTS: Record<string, number>;
8
+ declare const scanToolCall: (toolName: string, params: Record<string, unknown> | string, options?: Record<string, unknown>) => RuntimeDecision;
9
+ declare const RUNTIME_CHECKS: Record<string, unknown>[];
10
+ declare const getCheckStats: () => RuntimeCheckStats;
11
+ declare const LAYER_NAMES: Record<number, string>;
12
+ declare const MCPServer: new () => unknown;
13
+ declare const startServer: () => void;
14
+ declare const TOOLS: Record<string, unknown>[];
15
+ declare function createScanner(options?: ScannerOptions): GuardScannerInstance;
16
+
17
+ export { GuardScanner, GuardScannerConstructor, GuardScannerInstance, LAYER_NAMES, MCPServer, RUNTIME_CHECKS, RuntimeCheckStats, RuntimeDecision, SEVERITY_WEIGHTS, ScannerOptions, THRESHOLDS, TOOLS, VERSION, createScanner, getCheckStats, scanToolCall, startServer };