@opena2a/oasb 0.1.0

package/dist/harness/arp-wrapper.js

@@ -0,0 +1,133 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ArpWrapper = void 0;
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const arp_1 = require("@opena2a/arp");
+const event_collector_1 = require("./event-collector");
+/**
+ * Wraps AgentRuntimeProtection for controlled testing.
+ * Creates temp dataDir per test, registers EventCollector,
+ * and provides injection + assertion helpers.
+ */
+class ArpWrapper {
+    constructor(labConfig) {
+        this._dataDir = labConfig?.dataDir ?? fs.mkdtempSync(path.join(os.tmpdir(), 'arp-lab-'));
+        const config = {
+            agentName: 'arp-lab-target',
+            agentDescription: 'Test target for ARP security lab',
+            declaredCapabilities: ['file read/write', 'HTTP requests'],
+            dataDir: this._dataDir,
+            monitors: {
+                process: {
+                    enabled: labConfig?.monitors?.process ?? false,
+                    intervalMs: labConfig?.processIntervalMs,
+                },
+                network: {
+                    enabled: labConfig?.monitors?.network ?? false,
+                    intervalMs: labConfig?.networkIntervalMs,
+                    allowedHosts: labConfig?.networkAllowedHosts,
+                },
+                filesystem: {
+                    enabled: labConfig?.monitors?.filesystem ?? false,
+                    watchPaths: labConfig?.filesystemWatchPaths,
+                    allowedPaths: labConfig?.filesystemAllowedPaths,
+                },
+            },
+            rules: labConfig?.rules,
+            intelligence: {
+                enabled: labConfig?.intelligence?.enabled ?? false,
+                budgetUsd: 0,
+            },
+            interceptors: {
+                process: { enabled: labConfig?.interceptors?.process ?? false },
+                network: {
+                    enabled: labConfig?.interceptors?.network ?? false,
+                    allowedHosts: labConfig?.interceptorNetworkAllowedHosts,
+                },
+                filesystem: {
+                    enabled: labConfig?.interceptors?.filesystem ?? false,
+                    allowedPaths: labConfig?.interceptorFilesystemAllowedPaths,
+                },
+            },
+        };
+        this.arp = new arp_1.AgentRuntimeProtection(config);
+        this.collector = new event_collector_1.EventCollector();
+        // Register event and enforcement collectors
+        this.arp.onEvent(this.collector.eventHandler);
+        this.arp.onEnforcement(this.collector.enforcementHandler);
+    }
+    async start() {
+        await this.arp.start();
+    }
+    async stop() {
+        await this.arp.stop();
+        this.collector.reset();
+        // Clean up temp dir
+        try {
+            fs.rmSync(this._dataDir, { recursive: true, force: true });
+        }
+        catch {
+            // Best effort cleanup
+        }
+    }
+    /** Get the underlying ARP instance */
+    getInstance() {
+        return this.arp;
+    }
+    /** Get the event engine for direct event injection */
+    getEngine() {
+        return this.arp.getEngine();
+    }
+    /** Get the enforcement engine */
+    getEnforcement() {
+        return this.arp.getEnforcement();
+    }
+    /** Inject a synthetic event into the ARP engine (for testing without real OS activity) */
+    async injectEvent(event) {
+        return this.getEngine().emit(event);
+    }
+    /** Wait for an event matching a predicate */
+    waitForEvent(predicate, timeoutMs = 10000) {
+        return this.collector.waitForEvent(predicate, timeoutMs);
+    }
+    /** Get the data directory */
+    get dataDir() {
+        return this._dataDir;
+    }
+}
+exports.ArpWrapper = ArpWrapper;

package/dist/harness/dvaa-client.d.ts

@@ -0,0 +1,45 @@
+interface ChatResponse {
+    id: string;
+    choices: Array<{
+        message: {
+            role: string;
+            content: string;
+        };
+        finish_reason: string;
+    }>;
+}
+interface MCPToolResponse {
+    success: boolean;
+    content?: string;
+    output?: string;
+    results?: unknown[];
+    note?: string;
+}
+interface HealthResponse {
+    status: string;
+    agent: string;
+    port: number;
+}
+interface StatsResponse {
+    totalRequests: number;
+    attacksDetected: number;
+    attacksSuccessful: number;
+}
+/**
+ * HTTP client for DVAA agent endpoints.
+ */
+export declare class DVAAClient {
+    /** Send a chat message to an API agent */
+    chat(port: number, message: string): Promise<ChatResponse>;
+    /** Execute an MCP tool on an MCP agent */
+    mcpExecute(port: number, tool: string, args: Record<string, unknown>): Promise<MCPToolResponse>;
+    /** Send an A2A message */
+    a2aMessage(port: number, from: string, message: string): Promise<ChatResponse>;
+    /** Health check */
+    health(port: number): Promise<HealthResponse>;
+    /** Get stats */
+    stats(port: number): Promise<StatsResponse>;
+    private get;
+    private post;
+}
+export {};

package/dist/harness/dvaa-client.js

@@ -0,0 +1,97 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DVAAClient = void 0;
+const http_1 = __importDefault(require("http"));
+/**
+ * HTTP client for DVAA agent endpoints.
+ */
+class DVAAClient {
+    /** Send a chat message to an API agent */
+    async chat(port, message) {
+        return this.post(port, '/v1/chat/completions', {
+            messages: [{ role: 'user', content: message }],
+        });
+    }
+    /** Execute an MCP tool on an MCP agent */
+    async mcpExecute(port, tool, args) {
+        return this.post(port, '/mcp/execute', {
+            tool,
+            arguments: args,
+        });
+    }
+    /** Send an A2A message */
+    async a2aMessage(port, from, message) {
+        return this.post(port, '/v1/chat/completions', {
+            messages: [
+                { role: 'system', content: `Message from agent: ${from}` },
+                { role: 'user', content: message },
+            ],
+        });
+    }
+    /** Health check */
+    async health(port) {
+        return this.get(port, '/health');
+    }
+    /** Get stats */
+    async stats(port) {
+        return this.get(port, '/stats');
+    }
+    get(port, path) {
+        return new Promise((resolve, reject) => {
+            const req = http_1.default.get(`http://localhost:${port}${path}`, (res) => {
+                let body = '';
+                res.on('data', (chunk) => { body += chunk; });
+                res.on('end', () => {
+                    try {
+                        resolve(JSON.parse(body));
+                    }
+                    catch {
+                        reject(new Error(`Invalid JSON from port ${port}${path}: ${body.slice(0, 200)}`));
+                    }
+                });
+            });
+            req.on('error', reject);
+            req.setTimeout(10000, () => {
+                req.destroy();
+                reject(new Error(`Request to port ${port}${path} timed out`));
+            });
+        });
+    }
+    post(port, path, body) {
+        const payload = JSON.stringify(body);
+        return new Promise((resolve, reject) => {
+            const req = http_1.default.request({
+                hostname: 'localhost',
+                port,
+                path,
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Content-Length': Buffer.byteLength(payload),
+                },
+            }, (res) => {
+                let data = '';
+                res.on('data', (chunk) => { data += chunk; });
+                res.on('end', () => {
+                    try {
+                        resolve(JSON.parse(data));
+                    }
+                    catch {
+                        reject(new Error(`Invalid JSON from port ${port}${path}: ${data.slice(0, 200)}`));
+                    }
+                });
+            });
+            req.on('error', reject);
+            req.setTimeout(10000, () => {
+                req.destroy();
+                reject(new Error(`POST to port ${port}${path} timed out`));
+            });
+            req.write(payload);
+            req.end();
+        });
+    }
+}
+exports.DVAAClient = DVAAClient;

package/dist/harness/dvaa-manager.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Manages the DVAA (Damn Vulnerable AI Agent) process lifecycle for integration tests.
+ */
+export declare class DVAAManager {
+    private process;
+    private started;
+    /** Start DVAA with all agents */
+    start(): Promise<void>;
+    /** Stop DVAA gracefully */
+    stop(): Promise<void>;
+    /** Get the DVAA process PID (for ARP to monitor) */
+    getPid(): number | undefined;
+    /** Check if DVAA is running */
+    isRunning(): boolean;
+    private waitForHealth;
+}

package/dist/harness/dvaa-manager.js

@@ -0,0 +1,131 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DVAAManager = void 0;
+const child_process_1 = require("child_process");
+const path = __importStar(require("path"));
+const http_1 = __importDefault(require("http"));
+const DVAA_PATH = path.resolve(__dirname, '../../../damn-vulnerable-ai-agent');
+const HEALTH_CHECK_TIMEOUT = 30000;
+const HEALTH_CHECK_INTERVAL = 500;
+/**
+ * Manages the DVAA (Damn Vulnerable AI Agent) process lifecycle for integration tests.
+ */
+class DVAAManager {
+    constructor() {
+        this.process = null;
+        this.started = false;
+    }
+    /** Start DVAA with all agents */
+    async start() {
+        if (this.started)
+            return;
+        const entryPoint = path.join(DVAA_PATH, 'src', 'index.js');
+        this.process = (0, child_process_1.fork)(entryPoint, [], {
+            cwd: DVAA_PATH,
+            stdio: 'pipe',
+            env: { ...process.env, NODE_ENV: 'test' },
+        });
+        this.process.on('error', (err) => {
+            console.error('DVAA process error:', err.message);
+        });
+        // Wait for health checks on key ports
+        await this.waitForHealth(3000); // Dashboard
+        await this.waitForHealth(3001); // SecureBot
+        await this.waitForHealth(3003); // LegacyBot
+        this.started = true;
+    }
+    /** Stop DVAA gracefully */
+    async stop() {
+        if (!this.process || !this.started)
+            return;
+        return new Promise((resolve) => {
+            const timeout = setTimeout(() => {
+                if (this.process) {
+                    this.process.kill('SIGKILL');
+                }
+                resolve();
+            }, 5000);
+            this.process.once('exit', () => {
+                clearTimeout(timeout);
+                resolve();
+            });
+            this.process.kill('SIGTERM');
+            this.started = false;
+            this.process = null;
+        });
+    }
+    /** Get the DVAA process PID (for ARP to monitor) */
+    getPid() {
+        return this.process?.pid;
+    }
+    /** Check if DVAA is running */
+    isRunning() {
+        return this.started && this.process !== null;
+    }
+    waitForHealth(port) {
+        const deadline = Date.now() + HEALTH_CHECK_TIMEOUT;
+        return new Promise((resolve, reject) => {
+            const check = () => {
+                if (Date.now() > deadline) {
+                    reject(new Error(`DVAA health check timed out on port ${port}`));
+                    return;
+                }
+                const req = http_1.default.get(`http://localhost:${port}/health`, (res) => {
+                    if (res.statusCode === 200) {
+                        res.resume();
+                        resolve();
+                    }
+                    else {
+                        res.resume();
+                        setTimeout(check, HEALTH_CHECK_INTERVAL);
+                    }
+                });
+                req.on('error', () => {
+                    setTimeout(check, HEALTH_CHECK_INTERVAL);
+                });
+                req.setTimeout(2000, () => {
+                    req.destroy();
+                    setTimeout(check, HEALTH_CHECK_INTERVAL);
+                });
+            };
+            check();
+        });
+    }
+}
+exports.DVAAManager = DVAAManager;

package/dist/harness/event-collector.d.ts

@@ -0,0 +1,32 @@
+import type { ARPEvent, EnforcementResult } from '@opena2a/arp';
+/**
+ * Collects ARP events and enforcement results for test assertions.
+ * Supports async waiting for specific events with timeout.
+ */
+export declare class EventCollector {
+    private events;
+    private enforcements;
+    private waiters;
+    /** Handler to register on ARP's onEvent */
+    readonly eventHandler: (event: ARPEvent) => void;
+    /** Handler to register on ARP's onEnforcement */
+    readonly enforcementHandler: (result: EnforcementResult) => void;
+    /** Wait for an event matching a predicate, with timeout */
+    waitForEvent(predicate: (event: ARPEvent) => boolean, timeoutMs?: number): Promise<ARPEvent>;
+    /** Check if any event matches a predicate */
+    hasEvent(predicate: (event: ARPEvent) => boolean): boolean;
+    /** Get all events */
+    getEvents(): ARPEvent[];
+    /** Get events by category */
+    eventsByCategory(category: string): ARPEvent[];
+    /** Get events by severity */
+    eventsBySeverity(severity: string): ARPEvent[];
+    /** Get events by source */
+    eventsBySource(source: string): ARPEvent[];
+    /** Get all enforcement results */
+    getEnforcements(): EnforcementResult[];
+    /** Get enforcement results by action */
+    enforcementsByAction(action: string): EnforcementResult[];
+    /** Reset all collected data */
+    reset(): void;
+}

package/dist/harness/event-collector.js

@@ -0,0 +1,85 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventCollector = void 0;
+/**
+ * Collects ARP events and enforcement results for test assertions.
+ * Supports async waiting for specific events with timeout.
+ */
+class EventCollector {
+    constructor() {
+        this.events = [];
+        this.enforcements = [];
+        this.waiters = [];
+        /** Handler to register on ARP's onEvent */
+        this.eventHandler = (event) => {
+            this.events.push(event);
+            // Check if any waiters match
+            for (let i = this.waiters.length - 1; i >= 0; i--) {
+                const waiter = this.waiters[i];
+                if (waiter.predicate(event)) {
+                    clearTimeout(waiter.timer);
+                    waiter.resolve(event);
+                    this.waiters.splice(i, 1);
+                }
+            }
+        };
+        /** Handler to register on ARP's onEnforcement */
+        this.enforcementHandler = (result) => {
+            this.enforcements.push(result);
+        };
+    }
+    /** Wait for an event matching a predicate, with timeout */
+    waitForEvent(predicate, timeoutMs = 10000) {
+        // Check existing events first
+        const existing = this.events.find(predicate);
+        if (existing)
+            return Promise.resolve(existing);
+        return new Promise((resolve, reject) => {
+            const timer = setTimeout(() => {
+                const idx = this.waiters.findIndex((w) => w.resolve === resolve);
+                if (idx >= 0)
+                    this.waiters.splice(idx, 1);
+                reject(new Error(`Timed out after ${timeoutMs}ms waiting for event`));
+            }, timeoutMs);
+            this.waiters.push({ predicate, resolve, timer });
+        });
+    }
+    /** Check if any event matches a predicate */
+    hasEvent(predicate) {
+        return this.events.some(predicate);
+    }
+    /** Get all events */
+    getEvents() {
+        return [...this.events];
+    }
+    /** Get events by category */
+    eventsByCategory(category) {
+        return this.events.filter((e) => e.category === category);
+    }
+    /** Get events by severity */
+    eventsBySeverity(severity) {
+        return this.events.filter((e) => e.severity === severity);
+    }
+    /** Get events by source */
+    eventsBySource(source) {
+        return this.events.filter((e) => e.source === source);
+    }
+    /** Get all enforcement results */
+    getEnforcements() {
+        return [...this.enforcements];
+    }
+    /** Get enforcement results by action */
+    enforcementsByAction(action) {
+        return this.enforcements.filter((e) => e.action === action);
+    }
+    /** Reset all collected data */
+    reset() {
+        this.events = [];
+        this.enforcements = [];
+        for (const waiter of this.waiters) {
+            clearTimeout(waiter.timer);
+        }
+        this.waiters = [];
+    }
+}
+exports.EventCollector = EventCollector;

package/dist/harness/metrics.d.ts

@@ -0,0 +1,13 @@
+import type { TestResult, TestAnnotation, SuiteMetrics } from './types';
+/**
+ * Computes detection effectiveness metrics from test results.
+ */
+export declare function computeMetrics(results: TestResult[]): SuiteMetrics;
+/** Create a test annotation for attack scenarios */
+export declare function attackAnnotation(opts: {
+    atlasId?: string;
+    owaspId?: string;
+    expectedSeverity?: 'info' | 'low' | 'medium' | 'high' | 'critical';
+}): TestAnnotation;
+/** Create a test annotation for benign scenarios */
+export declare function benignAnnotation(): TestAnnotation;

package/dist/harness/metrics.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeMetrics = computeMetrics;
+exports.attackAnnotation = attackAnnotation;
+exports.benignAnnotation = benignAnnotation;
+/**
+ * Computes detection effectiveness metrics from test results.
+ */
+function computeMetrics(results) {
+    const attacks = results.filter((r) => r.annotation.isAttack);
+    const benign = results.filter((r) => !r.annotation.isAttack);
+    const truePositives = attacks.filter((r) => r.detected).length;
+    const falseNegatives = attacks.filter((r) => !r.detected).length;
+    const trueNegatives = benign.filter((r) => !r.detected).length;
+    const falsePositives = benign.filter((r) => r.detected).length;
+    const detectionTimes = attacks
+        .filter((r) => r.detected && r.detectionTimeMs !== undefined)
+        .map((r) => r.detectionTimeMs);
+    detectionTimes.sort((a, b) => a - b);
+    const meanDetectionTimeMs = detectionTimes.length > 0
+        ? detectionTimes.reduce((sum, t) => sum + t, 0) / detectionTimes.length
+        : 0;
+    const p95Index = Math.ceil(detectionTimes.length * 0.95) - 1;
+    const p95DetectionTimeMs = detectionTimes.length > 0
+        ? detectionTimes[Math.max(0, p95Index)]
+        : 0;
+    return {
+        totalTests: results.length,
+        attacks: attacks.length,
+        benign: benign.length,
+        truePositives,
+        falsePositives,
+        trueNegatives,
+        falseNegatives,
+        detectionRate: attacks.length > 0 ? truePositives / attacks.length : 1,
+        falsePositiveRate: benign.length > 0 ? falsePositives / benign.length : 0,
+        meanDetectionTimeMs,
+        p95DetectionTimeMs,
+    };
+}
+/** Create a test annotation for attack scenarios */
+function attackAnnotation(opts) {
+    return {
+        isAttack: true,
+        expectedDetection: true,
+        ...opts,
+    };
+}
+/** Create a test annotation for benign scenarios */
+function benignAnnotation() {
+    return {
+        isAttack: false,
+        expectedDetection: false,
+    };
+}

package/dist/harness/mock-llm-adapter.d.ts

@@ -0,0 +1,33 @@
+import type { LLMAdapter, LLMResponse } from '@opena2a/arp';
+interface MockCall {
+    prompt: string;
+    maxTokens: number;
+    timestamp: number;
+}
+/**
+ * Deterministic LLM adapter for testing L2 intelligence layer.
+ * Returns structured responses based on input patterns.
+ */
+export declare class MockLLMAdapter implements LLMAdapter {
+    readonly name = "mock";
+    private calls;
+    private latencyMs;
+    private costPerCall;
+    constructor(options?: {
+        latencyMs?: number;
+        costPerCall?: number;
+    });
+    assess(prompt: string, maxTokens: number): Promise<LLMResponse>;
+    estimateCost(inputTokens: number, outputTokens: number): number;
+    healthCheck(): Promise<boolean>;
+    /** Get number of calls made */
+    getCallCount(): number;
+    /** Get all calls for assertions */
+    getCalls(): MockCall[];
+    /** Get the most recent call */
+    getLastCall(): MockCall | undefined;
+    /** Reset call history */
+    reset(): void;
+    private generateResponse;
+}
+export {};