@kairosinternational/watchman 0.1.0

package/PHASE_3A_COMPLETE.md

@@ -0,0 +1,63 @@
+# Phase 3a Complete -- Watchman Core Engine
+
+Package: @kairosinternational/watchman v0.1.0
+Completed: 2026-04-09
+Theological anchor: Ezekiel 3:17
+
+## Architecture
+
+Framework-agnostic Node.js/TypeScript security engine.
+No UI, no Supabase, no middleware. Everything else wraps this.
+
+4 scanners, 13 rules, unified Finding/Report type system.
+
+## Threat Model -- Rules by Scanner
+
+### 1. AI Tool Integrity (`ai-tool-integrity`)
+
+| Rule | Detects | Default Severity |
+|------|---------|-----------------|
+| `prompt-injection` | Prompt injection signatures in source files and config (9 signature patterns: direct override, persona hijack, fake system prompt, rule suppression, role coercion, prompt extraction, token boundary injection, encoded payload, translation bypass) | critical/high/medium (per pattern) |
+| `tool-manifest-drift` | Tool definitions with missing names or suspiciously long descriptions that could hide injected instructions | high |
+| `unauthorized-model-call` | Direct AI provider API calls (OpenAI, Anthropic, Google, Cohere, Replicate, AI SDK) that bypass approved routing/gateway | medium |
+
+### 2. Secrets Exposure (`secrets-exposure`)
+
+| Rule | Detects | Default Severity |
+|------|---------|-----------------|
+| `known-patterns` | Hardcoded API keys and credentials matching 14 provider signatures (Anthropic, OpenAI, GitHub, Slack, Supabase JWT, AWS, npm, Stripe, Square, SendGrid, private keys) | critical |
+| `entropy-check` | High-entropy strings (Shannon >= 4.5 bits) in secret-like assignment contexts | high |
+| `response-echo` | Secrets or sensitive data echoed in HTTP responses, logs, or serialized env objects; stack trace exposure | high/medium |
+
+### 3. Dependency Integrity (`dependency-integrity`)
+
+| Rule | Detects | Default Severity |
+|------|---------|-----------------|
+| `hash-validation` | Lockfile entries missing integrity hashes or using weak SHA-1 | high/medium |
+| `typosquat-check` | Known malicious typosquat packages (21 entries) and fuzzy matches within edit distance 1 of popular packages | critical/high |
+| `transitive-drift` | Missing lockfiles and packages declared in package.json but absent from lockfile | high/medium |
+
+### 4. Runtime Monitor (`runtime-monitor`)
+
+| Rule | Detects | Default Severity |
+|------|---------|-----------------|
+| `process-spawn` | Shell execution (child_process, exec, eval, Function constructor) with special focus on user-input-to-exec flows | critical/medium |
+| `filesystem-access` | Access to sensitive paths (/etc/passwd, .ssh/, .aws/credentials) and user-controlled filesystem operations (path traversal) | critical/high/medium |
+| `outbound-network` | Connections to known bad destinations (C2, exfiltration services, cryptominers, ephemeral file hosts) and suspicious ports (4444, 9001, 31337, etc.) | critical/high/medium |
+| `resource-anomaly` | Infinite loops, tight intervals, large buffer allocations, user-controlled RegExp (ReDoS), user-controlled crypto parameters | high/medium |
+
+## Key Design Decisions
+
+- All scanners implement the same Scanner/Rule interface
+- Engine orchestrates scanners, collects findings, produces WatchmanReport
+- Severity hierarchy: critical > high > medium > low > info
+- `failOn` config determines pass/fail threshold (default: high)
+- Runtime monitor disabled by default (requires opt-in)
+- File collection excludes node_modules, .git, dist, build, .next by default
+
+## Patent-Relevant Innovation
+
+The combination of AI-specific threat detection (prompt injection,
+tool manifest drift, unauthorized model calls) with traditional
+security scanning (secrets, dependencies, runtime) in a single
+unified engine designed for AI-augmented development workflows.

package/dist/engine.d.ts

@@ -0,0 +1,9 @@
+import type { WatchmanConfig, Scanner, WatchmanReport } from './types/index.js';
+export declare class WatchmanEngine {
+    private scanners;
+    private config;
+    constructor(config: WatchmanConfig);
+    register(scanner: Scanner): void;
+    scan(): Promise<WatchmanReport>;
+}
+//# sourceMappingURL=engine.d.ts.map

package/dist/engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,cAAc,EAEd,OAAO,EAIP,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAkD1B,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAsC;IACtD,OAAO,CAAC,MAAM,CAAiB;gBAEnB,MAAM,EAAE,cAAc;IAIlC,QAAQ,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI;IAI1B,IAAI,IAAI,OAAO,CAAC,cAAc,CAAC;CAsDtC"}

package/dist/engine.js

@@ -0,0 +1,99 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WatchmanEngine = void 0;
+const promises_1 = require("node:fs/promises");
+const node_path_1 = require("node:path");
+const node_crypto_1 = require("node:crypto");
+const SEVERITY_ORDER = {
+    critical: 4,
+    high: 3,
+    medium: 2,
+    low: 1,
+    info: 0,
+};
+function severityAtLeast(a, threshold) {
+    return SEVERITY_ORDER[a] >= SEVERITY_ORDER[threshold];
+}
+function maxSeverity(findings) {
+    if (findings.length === 0)
+        return null;
+    return findings.reduce((max, f) => SEVERITY_ORDER[f.severity] > SEVERITY_ORDER[max] ? f.severity : max, 'info');
+}
+async function collectFiles(dir, exclude) {
+    const files = [];
+    async function walk(current) {
+        const entries = await (0, promises_1.readdir)(current, { withFileTypes: true });
+        for (const entry of entries) {
+            const fullPath = (0, node_path_1.join)(current, entry.name);
+            const rel = (0, node_path_1.relative)(dir, fullPath);
+            if (exclude.some((pattern) => rel.startsWith(pattern) || entry.name === pattern)) {
+                continue;
+            }
+            if (entry.isDirectory()) {
+                await walk(fullPath);
+            }
+            else if (entry.isFile()) {
+                files.push(fullPath);
+            }
+        }
+    }
+    await walk(dir);
+    return files;
+}
+class WatchmanEngine {
+    scanners = new Map();
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    register(scanner) {
+        this.scanners.set(scanner.id, scanner);
+    }
+    async scan() {
+        const start = performance.now();
+        const files = await collectFiles(this.config.projectRoot, this.config.exclude ?? []);
+        const results = [];
+        for (const [id, scanner] of this.scanners) {
+            const scannerConfig = this.config.scanners[id];
+            if (!scannerConfig?.enabled)
+                continue;
+            const findings = [];
+            const scanStart = performance.now();
+            const ctx = {
+                config: this.config,
+                scannerId: id,
+                scannerConfig,
+                files,
+                addFinding: (partial) => {
+                    findings.push({
+                        ...partial,
+                        id: (0, node_crypto_1.randomUUID)(),
+                        scanner: id,
+                    });
+                },
+            };
+            await scanner.scan(ctx);
+            results.push({
+                scanner: id,
+                findings,
+                duration: performance.now() - scanStart,
+                filesScanned: files.length,
+            });
+        }
+        const allFindings = results.flatMap((r) => r.findings);
+        const maxSev = maxSeverity(allFindings);
+        const failOn = this.config.failOn ?? 'high';
+        const passed = maxSev === null || !severityAtLeast(maxSev, failOn);
+        return {
+            timestamp: new Date().toISOString(),
+            projectRoot: this.config.projectRoot,
+            results,
+            totalFindings: allFindings.length,
+            maxSeverity: maxSev,
+            passed,
+            duration: performance.now() - start,
+        };
+    }
+}
+exports.WatchmanEngine = WatchmanEngine;
+//# sourceMappingURL=engine.js.map

package/dist/engine.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":";;;AAAA,+CAAiD;AACjD,yCAA2C;AAC3C,6CAAyC;AAYzC,MAAM,cAAc,GAA6B;IAC/C,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,CAAC;CACR,CAAC;AAEF,SAAS,eAAe,CAAC,CAAW,EAAE,SAAmB;IACvD,OAAO,cAAc,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CAAC,QAAmB;IACtC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,QAAQ,CAAC,MAAM,CAAW,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAC1C,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EACnE,MAAM,CACP,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,GAAW,EACX,OAAiB;IAEjB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,UAAU,IAAI,CAAC,OAAe;QACjC,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAO,EAAC,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,QAAQ,GAAG,IAAA,gBAAI,EAAC,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,GAAG,GAAG,IAAA,oBAAQ,EAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAEpC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;gBACjF,SAAS;YACX,CAAC;YAED,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;iBAAM,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;gBAC1B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAa,cAAc;IACjB,QAAQ,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC9C,MAAM,CAAiB;IAE/B,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,OAAgB;QACvB,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,IAAI;QACR,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,MAAM,YAAY,CAC9B,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAC1B,CAAC;QACF,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC/C,IAAI,CAAC,aAAa,EAAE,OAAO;gBAAE,SAAS;YAEtC,MAAM,QAAQ,GAAc,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;YAEpC,MAAM,GAAG,GAAgB;gBACvB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,SAAS,EAAE,EAAE;gBACb,aAAa;gBACb,KAAK;gBACL,UAAU,EAAE,CAAC,OAAO,EAAE,EAAE;oBACtB,QAAQ,CAAC,IAAI,CAAC;wBACZ,GAAG,OAAO;wBACV,EAAE,EAAE,IAAA,wBAAU,GAAE;wBAChB,OAAO,EAAE,EAAE;qBACZ,CAAC,CAAC;gBACL,CAAC;aACF,CAAC;YAEF,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAExB,OAAO,CAAC,IAAI,CAAC;gBACX,OAAO,EAAE,EAAE;gBACX,QAAQ;gBACR,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;gBACvC,YAAY,EAAE,KAAK,CAAC,MAAM;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,KAAK,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAEnE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,OAAO;YACP,aAAa,EAAE,WAAW,CAAC,MAAM;YACjC,WAAW,EAAE,MAAM;YACnB,MAAM;YACN,QAAQ,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK;SACpC,CAAC;IACJ,CAAC;CACF;AAlED,wCAkEC"}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export { WatchmanEngine } from './engine.js';
+export type { Severity, ScannerId, RuleConfig, ScannerConfig, WatchmanConfig, SourceLocation, Finding, ScanResult, WatchmanReport, ScanContext, Rule, Scanner, } from './types/index.js';
+export { DEFAULT_CONFIG } from './types/index.js';
+export { aiToolIntegrityScanner } from './scanners/ai-tool-integrity/index.js';
+export { secretsExposureScanner } from './scanners/secrets-exposure/index.js';
+export { dependencyIntegrityScanner } from './scanners/dependency-integrity/index.js';
+export { runtimeMonitorScanner } from './scanners/runtime-monitor/index.js';
+export { INJECTION_SIGNATURES } from './scanners/ai-tool-integrity/patterns/injection-signatures.js';
+export type { InjectionSignature } from './scanners/ai-tool-integrity/patterns/injection-signatures.js';
+export { SECRET_SIGNATURES } from './scanners/secrets-exposure/patterns/secret-signatures.js';
+export type { SecretSignature } from './scanners/secrets-exposure/patterns/secret-signatures.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,YAAY,EACV,QAAQ,EACR,SAAS,EACT,UAAU,EACV,aAAa,EACb,cAAc,EACd,cAAc,EACd,OAAO,EACP,UAAU,EACV,cAAc,EACd,WAAW,EACX,IAAI,EACJ,OAAO,GACR,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAC;AAC/E,OAAO,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAC9E,OAAO,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAG5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,+DAA+D,CAAC;AACrG,YAAY,EAAE,kBAAkB,EAAE,MAAM,+DAA+D,CAAC;AACxG,OAAO,EAAE,iBAAiB,EAAE,MAAM,2DAA2D,CAAC;AAC9F,YAAY,EAAE,eAAe,EAAE,MAAM,2DAA2D,CAAC"}

package/dist/index.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SECRET_SIGNATURES = exports.INJECTION_SIGNATURES = exports.runtimeMonitorScanner = exports.dependencyIntegrityScanner = exports.secretsExposureScanner = exports.aiToolIntegrityScanner = exports.DEFAULT_CONFIG = exports.WatchmanEngine = void 0;
+var engine_js_1 = require("./engine.js");
+Object.defineProperty(exports, "WatchmanEngine", { enumerable: true, get: function () { return engine_js_1.WatchmanEngine; } });
+var index_js_1 = require("./types/index.js");
+Object.defineProperty(exports, "DEFAULT_CONFIG", { enumerable: true, get: function () { return index_js_1.DEFAULT_CONFIG; } });
+var index_js_2 = require("./scanners/ai-tool-integrity/index.js");
+Object.defineProperty(exports, "aiToolIntegrityScanner", { enumerable: true, get: function () { return index_js_2.aiToolIntegrityScanner; } });
+var index_js_3 = require("./scanners/secrets-exposure/index.js");
+Object.defineProperty(exports, "secretsExposureScanner", { enumerable: true, get: function () { return index_js_3.secretsExposureScanner; } });
+var index_js_4 = require("./scanners/dependency-integrity/index.js");
+Object.defineProperty(exports, "dependencyIntegrityScanner", { enumerable: true, get: function () { return index_js_4.dependencyIntegrityScanner; } });
+var index_js_5 = require("./scanners/runtime-monitor/index.js");
+Object.defineProperty(exports, "runtimeMonitorScanner", { enumerable: true, get: function () { return index_js_5.runtimeMonitorScanner; } });
+// Pattern exports for in-memory scanning (used by adapters)
+var injection_signatures_js_1 = require("./scanners/ai-tool-integrity/patterns/injection-signatures.js");
+Object.defineProperty(exports, "INJECTION_SIGNATURES", { enumerable: true, get: function () { return injection_signatures_js_1.INJECTION_SIGNATURES; } });
+var secret_signatures_js_1 = require("./scanners/secrets-exposure/patterns/secret-signatures.js");
+Object.defineProperty(exports, "SECRET_SIGNATURES", { enumerable: true, get: function () { return secret_signatures_js_1.SECRET_SIGNATURES; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,yCAA6C;AAApC,2GAAA,cAAc,OAAA;AAgBvB,6CAAkD;AAAzC,0GAAA,cAAc,OAAA;AAEvB,kEAA+E;AAAtE,kHAAA,sBAAsB,OAAA;AAC/B,iEAA8E;AAArE,kHAAA,sBAAsB,OAAA;AAC/B,qEAAsF;AAA7E,sHAAA,0BAA0B,OAAA;AACnC,gEAA4E;AAAnE,iHAAA,qBAAqB,OAAA;AAE9B,4DAA4D;AAC5D,yGAAqG;AAA5F,+HAAA,oBAAoB,OAAA;AAE7B,kGAA8F;AAArF,yHAAA,iBAAiB,OAAA"}

package/dist/scanners/ai-tool-integrity/index.d.ts

@@ -0,0 +1,2 @@
+export { aiToolIntegrityScanner } from './scanner.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/ai-tool-integrity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/ai-tool-integrity/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC"}

package/dist/scanners/ai-tool-integrity/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.aiToolIntegrityScanner = void 0;
+var scanner_js_1 = require("./scanner.js");
+Object.defineProperty(exports, "aiToolIntegrityScanner", { enumerable: true, get: function () { return scanner_js_1.aiToolIntegrityScanner; } });
+//# sourceMappingURL=index.js.map

package/dist/scanners/ai-tool-integrity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/ai-tool-integrity/index.ts"],"names":[],"mappings":";;;AAAA,2CAAsD;AAA7C,oHAAA,sBAAsB,OAAA"}

package/dist/scanners/ai-tool-integrity/patterns/injection-signatures.d.ts

@@ -0,0 +1,7 @@
+export interface InjectionSignature {
+    pattern: RegExp;
+    label: string;
+    severity: 'critical' | 'high' | 'medium';
+}
+export declare const INJECTION_SIGNATURES: InjectionSignature[];
+//# sourceMappingURL=injection-signatures.d.ts.map

package/dist/scanners/ai-tool-integrity/patterns/injection-signatures.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection-signatures.d.ts","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/patterns/injection-signatures.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,CAAC;CAC1C;AAED,eAAO,MAAM,oBAAoB,EAAE,kBAAkB,EA8CpD,CAAC"}

package/dist/scanners/ai-tool-integrity/patterns/injection-signatures.js

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.INJECTION_SIGNATURES = void 0;
+exports.INJECTION_SIGNATURES = [
+    {
+        pattern: /ignore\s+(all\s+)?(previous|prior|above)\s+(instructions|prompts|rules)/i,
+        label: 'direct-override',
+        severity: 'critical',
+    },
+    {
+        pattern: /you\s+are\s+now\s+(a|an|the)\b/i,
+        label: 'persona-hijack',
+        severity: 'critical',
+    },
+    {
+        pattern: /system\s*:\s*\n/i,
+        label: 'fake-system-prompt',
+        severity: 'critical',
+    },
+    {
+        pattern: /\bdo\s+not\s+follow\s+(your|the)\s+(rules|guidelines|instructions)/i,
+        label: 'rule-suppression',
+        severity: 'high',
+    },
+    {
+        pattern: /\bpretend\s+(you\s+)?(are|to\s+be)\b/i,
+        label: 'role-coercion',
+        severity: 'high',
+    },
+    {
+        pattern: /\brepeat\s+(back|everything|the\s+(system|hidden))/i,
+        label: 'prompt-extraction',
+        severity: 'high',
+    },
+    {
+        pattern: /\[INST\]|\[\/INST\]|<\|im_start\|>|<\|im_end\|>/i,
+        label: 'token-boundary-injection',
+        severity: 'critical',
+    },
+    {
+        pattern: /\bbase64\s*[:(]\s*[A-Za-z0-9+/=]{20,}/,
+        label: 'encoded-payload',
+        severity: 'medium',
+    },
+    {
+        pattern: /\btranslate\s+(the\s+)?(following|this)\s+to\s+\w+\s*:/i,
+        label: 'translation-bypass',
+        severity: 'medium',
+    },
+];
+//# sourceMappingURL=injection-signatures.js.map

package/dist/scanners/ai-tool-integrity/patterns/injection-signatures.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"injection-signatures.js","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/patterns/injection-signatures.ts"],"names":[],"mappings":";;;AAMa,QAAA,oBAAoB,GAAyB;IACxD;QACE,OAAO,EAAE,0EAA0E;QACnF,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,OAAO,EAAE,iCAAiC;QAC1C,KAAK,EAAE,gBAAgB;QACvB,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,OAAO,EAAE,kBAAkB;QAC3B,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,OAAO,EAAE,qEAAqE;QAC9E,KAAK,EAAE,kBAAkB;QACzB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,KAAK,EAAE,eAAe;QACtB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,qDAAqD;QAC9D,KAAK,EAAE,mBAAmB;QAC1B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,OAAO,EAAE,kDAAkD;QAC3D,KAAK,EAAE,0BAA0B;QACjC,QAAQ,EAAE,UAAU;KACrB;IACD;QACE,OAAO,EAAE,uCAAuC;QAChD,KAAK,EAAE,iBAAiB;QACxB,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,OAAO,EAAE,yDAAyD;QAClE,KAAK,EAAE,oBAAoB;QAC3B,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC"}

package/dist/scanners/ai-tool-integrity/rules/prompt-injection.rule.d.ts

@@ -0,0 +1,3 @@
+import type { Rule } from '../../../types/index.js';
+export declare const promptInjectionRule: Rule;
+//# sourceMappingURL=prompt-injection.rule.d.ts.map

package/dist/scanners/ai-tool-integrity/rules/prompt-injection.rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection.rule.d.ts","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/rules/prompt-injection.rule.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAe,MAAM,yBAAyB,CAAC;AAcjE,eAAO,MAAM,mBAAmB,EAAE,IAkCjC,CAAC"}

package/dist/scanners/ai-tool-integrity/rules/prompt-injection.rule.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.promptInjectionRule = void 0;
+const promises_1 = require("node:fs/promises");
+const injection_signatures_js_1 = require("../patterns/injection-signatures.js");
+const SCANNABLE_EXTENSIONS = new Set([
+    '.ts', '.tsx', '.js', '.jsx', '.json', '.yaml', '.yml',
+    '.md', '.txt', '.env', '.toml', '.cfg', '.ini',
+]);
+function hasScannableExtension(file) {
+    const dot = file.lastIndexOf('.');
+    if (dot === -1)
+        return false;
+    return SCANNABLE_EXTENSIONS.has(file.slice(dot).toLowerCase());
+}
+exports.promptInjectionRule = {
+    id: 'prompt-injection',
+    name: 'Prompt Injection Detection',
+    description: 'Scans source files and config for prompt injection signatures',
+    async run(ctx) {
+        const targets = ctx.files.filter(hasScannableExtension);
+        for (const file of targets) {
+            let content;
+            try {
+                content = await (0, promises_1.readFile)(file, 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                for (const sig of injection_signatures_js_1.INJECTION_SIGNATURES) {
+                    if (sig.pattern.test(line)) {
+                        ctx.addFinding({
+                            rule: 'prompt-injection',
+                            severity: sig.severity,
+                            message: `Prompt injection signature detected: ${sig.label}`,
+                            location: { file, line: i + 1 },
+                            evidence: line.trim().slice(0, 200),
+                            suggestion: 'Review this content for prompt injection attempts. Sanitize user-facing strings.',
+                        });
+                    }
+                }
+            }
+        }
+    },
+};
+//# sourceMappingURL=prompt-injection.rule.js.map

package/dist/scanners/ai-tool-integrity/rules/prompt-injection.rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-injection.rule.js","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/rules/prompt-injection.rule.ts"],"names":[],"mappings":";;;AAAA,+CAA4C;AAE5C,iFAA2E;AAE3E,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM;IACtD,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM;CAC/C,CAAC,CAAC;AAEH,SAAS,qBAAqB,CAAC,IAAY;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,OAAO,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AACjE,CAAC;AAEY,QAAA,mBAAmB,GAAS;IACvC,EAAE,EAAE,kBAAkB;IACtB,IAAI,EAAE,4BAA4B;IAClC,WAAW,EAAE,+DAA+D;IAE5E,KAAK,CAAC,GAAG,CAAC,GAAgB;QACxB,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAExD,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;YAC3B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,KAAK,MAAM,GAAG,IAAI,8CAAoB,EAAE,CAAC;oBACvC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC3B,GAAG,CAAC,UAAU,CAAC;4BACb,IAAI,EAAE,kBAAkB;4BACxB,QAAQ,EAAE,GAAG,CAAC,QAAQ;4BACtB,OAAO,EAAE,wCAAwC,GAAG,CAAC,KAAK,EAAE;4BAC5D,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE;4BAC/B,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;4BACnC,UAAU,EAAE,kFAAkF;yBAC/F,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/scanners/ai-tool-integrity/rules/tool-manifest-drift.rule.d.ts

@@ -0,0 +1,3 @@
+import type { Rule } from '../../../types/index.js';
+export declare const toolManifestDriftRule: Rule;
+//# sourceMappingURL=tool-manifest-drift.rule.d.ts.map

package/dist/scanners/ai-tool-integrity/rules/tool-manifest-drift.rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-manifest-drift.rule.d.ts","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/rules/tool-manifest-drift.rule.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAe,MAAM,yBAAyB,CAAC;AAiBjE,eAAO,MAAM,qBAAqB,EAAE,IA6DnC,CAAC"}

package/dist/scanners/ai-tool-integrity/rules/tool-manifest-drift.rule.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toolManifestDriftRule = void 0;
+const promises_1 = require("node:fs/promises");
+const node_path_1 = require("node:path");
+const MANIFEST_FILENAMES = new Set([
+    'tools.json',
+    'tool-manifest.json',
+    'mcp.json',
+    '.mcp.json',
+    'ai-plugin.json',
+]);
+exports.toolManifestDriftRule = {
+    id: 'tool-manifest-drift',
+    name: 'Tool Manifest Drift',
+    description: 'Detects tool definitions with missing or suspicious fields that could indicate manifest tampering',
+    async run(ctx) {
+        const manifests = ctx.files.filter((f) => MANIFEST_FILENAMES.has((0, node_path_1.basename)(f)));
+        for (const file of manifests) {
+            let content;
+            try {
+                content = await (0, promises_1.readFile)(file, 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            let parsed;
+            try {
+                parsed = JSON.parse(content);
+            }
+            catch {
+                ctx.addFinding({
+                    rule: 'tool-manifest-drift',
+                    severity: 'medium',
+                    message: 'Tool manifest is not valid JSON',
+                    location: { file },
+                    suggestion: 'Fix JSON syntax in this manifest file.',
+                });
+                continue;
+            }
+            const tools = Array.isArray(parsed)
+                ? parsed
+                : parsed?.tools ?? [];
+            if (!Array.isArray(tools))
+                continue;
+            for (let i = 0; i < tools.length; i++) {
+                const tool = tools[i];
+                if (!tool.name) {
+                    ctx.addFinding({
+                        rule: 'tool-manifest-drift',
+                        severity: 'high',
+                        message: `Tool at index ${i} has no name — possible injection point`,
+                        location: { file },
+                        suggestion: 'Every tool definition must have an explicit name.',
+                    });
+                }
+                if (tool.description && tool.description.length > 2000) {
+                    ctx.addFinding({
+                        rule: 'tool-manifest-drift',
+                        severity: 'high',
+                        message: `Tool "${tool.name ?? i}" has suspiciously long description (${tool.description.length} chars)`,
+                        location: { file },
+                        evidence: tool.description.slice(0, 200),
+                        suggestion: 'Long descriptions may hide injected instructions. Review for embedded prompts.',
+                    });
+                }
+            }
+        }
+    },
+};
+//# sourceMappingURL=tool-manifest-drift.rule.js.map

package/dist/scanners/ai-tool-integrity/rules/tool-manifest-drift.rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-manifest-drift.rule.js","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/rules/tool-manifest-drift.rule.ts"],"names":[],"mappings":";;;AAAA,+CAA4C;AAC5C,yCAAqC;AAGrC,MAAM,kBAAkB,GAAG,IAAI,GAAG,CAAC;IACjC,YAAY;IACZ,oBAAoB;IACpB,UAAU;IACV,WAAW;IACX,gBAAgB;CACjB,CAAC,CAAC;AASU,QAAA,qBAAqB,GAAS;IACzC,EAAE,EAAE,qBAAqB;IACzB,IAAI,EAAE,qBAAqB;IAC3B,WAAW,EAAE,mGAAmG;IAEhH,KAAK,CAAC,GAAG,CAAC,GAAgB;QACxB,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,kBAAkB,CAAC,GAAG,CAAC,IAAA,oBAAQ,EAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE/E,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,IAAI,MAAe,CAAC;YACpB,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,UAAU,CAAC;oBACb,IAAI,EAAE,qBAAqB;oBAC3B,QAAQ,EAAE,QAAQ;oBAClB,OAAO,EAAE,iCAAiC;oBAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE;oBAClB,UAAU,EAAE,wCAAwC;iBACrD,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAqB,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;gBACnD,CAAC,CAAC,MAAM;gBACR,CAAC,CAAE,MAAkC,EAAE,KAAyB,IAAI,EAAE,CAAC;YAEzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;gBAAE,SAAS;YAEpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,GAAG,CAAC,UAAU,CAAC;wBACb,IAAI,EAAE,qBAAqB;wBAC3B,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,iBAAiB,CAAC,yCAAyC;wBACpE,QAAQ,EAAE,EAAE,IAAI,EAAE;wBAClB,UAAU,EAAE,mDAAmD;qBAChE,CAAC,CAAC;gBACL,CAAC;gBAED,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;oBACvD,GAAG,CAAC,UAAU,CAAC;wBACb,IAAI,EAAE,qBAAqB;wBAC3B,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,wCAAwC,IAAI,CAAC,WAAW,CAAC,MAAM,SAAS;wBACxG,QAAQ,EAAE,EAAE,IAAI,EAAE;wBAClB,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBACxC,UAAU,EAAE,gFAAgF;qBAC7F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/scanners/ai-tool-integrity/rules/unauthorized-model-call.rule.d.ts

@@ -0,0 +1,3 @@
+import type { Rule } from '../../../types/index.js';
+export declare const unauthorizedModelCallRule: Rule;
+//# sourceMappingURL=unauthorized-model-call.rule.d.ts.map

package/dist/scanners/ai-tool-integrity/rules/unauthorized-model-call.rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"unauthorized-model-call.rule.d.ts","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/rules/unauthorized-model-call.rule.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,IAAI,EAAe,MAAM,yBAAyB,CAAC;AAsBjE,eAAO,MAAM,yBAAyB,EAAE,IAmCvC,CAAC"}

package/dist/scanners/ai-tool-integrity/rules/unauthorized-model-call.rule.js

@@ -0,0 +1,56 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.unauthorizedModelCallRule = void 0;
+const promises_1 = require("node:fs/promises");
+const MODEL_CALL_PATTERNS = [
+    { pattern: /openai\.chat\.completions\.create/g, provider: 'OpenAI' },
+    { pattern: /anthropic\.messages\.create/g, provider: 'Anthropic' },
+    { pattern: /new\s+OpenAI\s*\(/g, provider: 'OpenAI' },
+    { pattern: /new\s+Anthropic\s*\(/g, provider: 'Anthropic' },
+    { pattern: /generateText\s*\(/g, provider: 'AI SDK' },
+    { pattern: /streamText\s*\(/g, provider: 'AI SDK' },
+    { pattern: /generateObject\s*\(/g, provider: 'AI SDK' },
+    { pattern: /google\.generativeai/gi, provider: 'Google AI' },
+    { pattern: /cohere\.chat\(/g, provider: 'Cohere' },
+    { pattern: /replicate\.run\(/g, provider: 'Replicate' },
+];
+const CODE_EXTENSIONS = new Set(['.ts', '.tsx', '.js', '.jsx', '.mjs', '.cjs']);
+function isCodeFile(file) {
+    const dot = file.lastIndexOf('.');
+    return dot !== -1 && CODE_EXTENSIONS.has(file.slice(dot).toLowerCase());
+}
+exports.unauthorizedModelCallRule = {
+    id: 'unauthorized-model-call',
+    name: 'Unauthorized Model Call',
+    description: 'Flags direct AI provider calls that may bypass approved routing or gateway patterns',
+    async run(ctx) {
+        const codeFiles = ctx.files.filter(isCodeFile);
+        for (const file of codeFiles) {
+            let content;
+            try {
+                content = await (0, promises_1.readFile)(file, 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                for (const { pattern, provider } of MODEL_CALL_PATTERNS) {
+                    pattern.lastIndex = 0;
+                    if (pattern.test(line)) {
+                        ctx.addFinding({
+                            rule: 'unauthorized-model-call',
+                            severity: 'medium',
+                            message: `Direct ${provider} API call detected — verify this is an approved integration point`,
+                            location: { file, line: i + 1 },
+                            evidence: line.trim().slice(0, 200),
+                            suggestion: `Route model calls through your approved AI gateway or service layer.`,
+                        });
+                    }
+                }
+            }
+        }
+    },
+};
+//# sourceMappingURL=unauthorized-model-call.rule.js.map

package/dist/scanners/ai-tool-integrity/rules/unauthorized-model-call.rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unauthorized-model-call.rule.js","sourceRoot":"","sources":["../../../../src/scanners/ai-tool-integrity/rules/unauthorized-model-call.rule.ts"],"names":[],"mappings":";;;AAAA,+CAA4C;AAG5C,MAAM,mBAAmB,GAAG;IAC1B,EAAE,OAAO,EAAE,oCAAoC,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrE,EAAE,OAAO,EAAE,8BAA8B,EAAE,QAAQ,EAAE,WAAW,EAAE;IAClE,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrD,EAAE,OAAO,EAAE,uBAAuB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC3D,EAAE,OAAO,EAAE,oBAAoB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACrD,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACnD,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IACvD,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,WAAW,EAAE;IAC5D,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,EAAE;IAClD,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE;CACxD,CAAC;AAEF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAEhF,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IAClC,OAAO,GAAG,KAAK,CAAC,CAAC,IAAI,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;AAC1E,CAAC;AAEY,QAAA,yBAAyB,GAAS;IAC7C,EAAE,EAAE,yBAAyB;IAC7B,IAAI,EAAE,yBAAyB;IAC/B,WAAW,EAAE,qFAAqF;IAElG,KAAK,CAAC,GAAG,CAAC,GAAgB;QACxB,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAE/C,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAe,CAAC;YACpB,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,IAAA,mBAAQ,EAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACtB,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,mBAAmB,EAAE,CAAC;oBACxD,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;oBACtB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACvB,GAAG,CAAC,UAAU,CAAC;4BACb,IAAI,EAAE,yBAAyB;4BAC/B,QAAQ,EAAE,QAAQ;4BAClB,OAAO,EAAE,UAAU,QAAQ,mEAAmE;4BAC9F,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE;4BAC/B,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;4BACnC,UAAU,EAAE,sEAAsE;yBACnF,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/scanners/ai-tool-integrity/scanner.d.ts

@@ -0,0 +1,3 @@
+import type { Scanner } from '../../types/index.js';
+export declare const aiToolIntegrityScanner: Scanner;
+//# sourceMappingURL=scanner.d.ts.map

package/dist/scanners/ai-tool-integrity/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../../src/scanners/ai-tool-integrity/scanner.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAqB,MAAM,sBAAsB,CAAC;AAWvE,eAAO,MAAM,sBAAsB,EAAE,OAapC,CAAC"}

package/dist/scanners/ai-tool-integrity/scanner.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.aiToolIntegrityScanner = void 0;
+const prompt_injection_rule_js_1 = require("./rules/prompt-injection.rule.js");
+const tool_manifest_drift_rule_js_1 = require("./rules/tool-manifest-drift.rule.js");
+const unauthorized_model_call_rule_js_1 = require("./rules/unauthorized-model-call.rule.js");
+const rules = [
+    prompt_injection_rule_js_1.promptInjectionRule,
+    tool_manifest_drift_rule_js_1.toolManifestDriftRule,
+    unauthorized_model_call_rule_js_1.unauthorizedModelCallRule,
+];
+exports.aiToolIntegrityScanner = {
+    id: 'ai-tool-integrity',
+    name: 'AI Tool Integrity',
+    description: 'Detects prompt injection, tool manifest drift, and unauthorized model calls',
+    rules,
+    async scan(ctx) {
+        for (const rule of rules) {
+            const ruleConfig = ctx.scannerConfig.rules?.[rule.id];
+            if (ruleConfig?.enabled === false)
+                continue;
+            await rule.run(ctx);
+        }
+    },
+};
+//# sourceMappingURL=scanner.js.map

package/dist/scanners/ai-tool-integrity/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../../src/scanners/ai-tool-integrity/scanner.ts"],"names":[],"mappings":";;;AACA,+EAAuE;AACvE,qFAA4E;AAC5E,6FAAoF;AAEpF,MAAM,KAAK,GAAW;IACpB,8CAAmB;IACnB,mDAAqB;IACrB,2DAAyB;CAC1B,CAAC;AAEW,QAAA,sBAAsB,GAAY;IAC7C,EAAE,EAAE,mBAAmB;IACvB,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,6EAA6E;IAC1F,KAAK;IAEL,KAAK,CAAC,IAAI,CAAC,GAAgB;QACzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,UAAU,GAAG,GAAG,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtD,IAAI,UAAU,EAAE,OAAO,KAAK,KAAK;gBAAE,SAAS;YAC5C,MAAM,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/scanners/dependency-integrity/index.d.ts

@@ -0,0 +1,2 @@
+export { dependencyIntegrityScanner } from './scanner.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/scanners/dependency-integrity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/scanners/dependency-integrity/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC"}

package/dist/scanners/dependency-integrity/index.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dependencyIntegrityScanner = void 0;
+var scanner_js_1 = require("./scanner.js");
+Object.defineProperty(exports, "dependencyIntegrityScanner", { enumerable: true, get: function () { return scanner_js_1.dependencyIntegrityScanner; } });
+//# sourceMappingURL=index.js.map

package/dist/scanners/dependency-integrity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/scanners/dependency-integrity/index.ts"],"names":[],"mappings":";;;AAAA,2CAA0D;AAAjD,wHAAA,0BAA0B,OAAA"}

package/dist/scanners/dependency-integrity/patterns/known-typosquats.d.ts

@@ -0,0 +1,8 @@
+export interface TyposquatEntry {
+    malicious: string;
+    legitimate: string;
+    technique: 'typosquat' | 'combosquat' | 'starjack' | 'scope-confusion';
+}
+export declare const KNOWN_TYPOSQUATS: TyposquatEntry[];
+export declare const SUBSTITUTION_PAIRS: [string, string][];
+//# sourceMappingURL=known-typosquats.d.ts.map

package/dist/scanners/dependency-integrity/patterns/known-typosquats.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"known-typosquats.d.ts","sourceRoot":"","sources":["../../../../src/scanners/dependency-integrity/patterns/known-typosquats.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,WAAW,GAAG,YAAY,GAAG,UAAU,GAAG,iBAAiB,CAAC;CACxE;AAGD,eAAO,MAAM,gBAAgB,EAAE,cAAc,EAsB5C,CAAC;AAGF,eAAO,MAAM,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,EAQhD,CAAC"}