@panguard-ai/atr 0.2.0

package/dist/skill-fingerprint.js

@@ -0,0 +1,337 @@
+/**
+ * Skill Behavioral Fingerprint
+ * Skill 行為指紋追蹤器
+ *
+ * Tracks what each skill "normally does" across invocations, then detects
+ * behavioral drift when a previously-trusted skill starts acting differently.
+ *
+ * Solves the "installed then turns malicious" scenario:
+ * - First N invocations: build fingerprint (what APIs, what patterns, what scope)
+ * - After fingerprint stabilizes: flag any deviation as anomaly
+ *
+ * 追蹤每個 skill 的「正常行為」，然後在行為偏移時偵測：
+ * - 前 N 次呼叫：建立指紋
+ * - 指紋穩定後：任何偏離都標記為異常
+ *
+ * @module agent-threat-rules/skill-fingerprint
+ */
+import { createHash } from 'node:crypto';
+// ---------------------------------------------------------------------------
+// Pattern detectors (regex-based, no LLM needed)
+// ---------------------------------------------------------------------------
+const FS_WRITE_PATTERN = /(?:write(?:File)?|appendFile|fs\.write|truncate|mkdir|rmdir|unlink|rm\s+-)/i;
+const FS_READ_PATTERN = /(?:read(?:File)?|readdir|stat|access|exists|glob|find\s)/i;
+const FS_DELETE_PATTERN = /(?:unlink|rm\s+-rf|delete(?:File)?|removeDir|rmdir)/i;
+const NETWORK_PATTERN = /(?:https?:\/\/|fetch|curl|wget|axios|http\.request|net\.connect|socket)[\s('"]*([a-zA-Z0-9.-]+(?:\.[a-zA-Z]{2,}))/i;
+const ENV_PATTERN = /(?:process\.env|os\.environ|getenv|System\.getenv)\[?['"(]?([A-Z_][A-Z0-9_]*)/i;
+const ENV_INLINE_PATTERN = /\$\{?([A-Z_][A-Z0-9_]{2,})\}?/g;
+const EXEC_PATTERN = /(?:child_process|spawn|exec(?:File)?|system\(|popen|subprocess|shell_exec|os\.system)\s*\(\s*['"(]?([^\s'")\]]{1,80})/i;
+const EXFIL_PATTERN = /(?:base64|btoa|encode|compress|deflate|gzip).*(?:http|fetch|curl|send|post|upload)/i;
+const REDIRECT_PATTERN = /(?:redirect|forward|proxy|tunnel)\s+(?:to\s+)?(?:https?:\/\/)/i;
+/** Classify a text content into behavioral capabilities */
+function extractCapabilities(text) {
+    const result = {
+        filesystemOps: [],
+        networkTargets: [],
+        envAccesses: [],
+        processExecs: [],
+        outputPatterns: [],
+    };
+    if (!text || text.length === 0)
+        return result;
+    // Limit analysis to first 10KB to prevent ReDoS
+    const safeText = text.slice(0, 10_240);
+    // Filesystem
+    if (FS_WRITE_PATTERN.test(safeText))
+        result.filesystemOps.push('write');
+    if (FS_READ_PATTERN.test(safeText))
+        result.filesystemOps.push('read');
+    if (FS_DELETE_PATTERN.test(safeText))
+        result.filesystemOps.push('delete');
+    // Network targets
+    const netMatch = safeText.match(NETWORK_PATTERN);
+    if (netMatch?.[1])
+        result.networkTargets.push(netMatch[1]);
+    // Environment variable accesses
+    const envMatch = safeText.match(ENV_PATTERN);
+    if (envMatch?.[1])
+        result.envAccesses.push(envMatch[1]);
+    // Also check inline env vars like $HOME, ${API_KEY}
+    for (const m of safeText.matchAll(ENV_INLINE_PATTERN)) {
+        if (m[1] && !result.envAccesses.includes(m[1])) {
+            result.envAccesses.push(m[1]);
+        }
+    }
+    // Process executions
+    const execMatch = safeText.match(EXEC_PATTERN);
+    if (execMatch?.[1])
+        result.processExecs.push(execMatch[1]);
+    // Output patterns
+    if (EXFIL_PATTERN.test(safeText))
+        result.outputPatterns.push('exfiltration');
+    if (REDIRECT_PATTERN.test(safeText))
+        result.outputPatterns.push('redirect');
+    return result;
+}
+// ---------------------------------------------------------------------------
+// Fingerprint Store
+// ---------------------------------------------------------------------------
+/** Default invocations needed before fingerprint is considered stable */
+const DEFAULT_STABILITY_THRESHOLD = 10;
+/** Consecutive invocations with no new capabilities to mark stable */
+const DEFAULT_STABLE_STREAK = 5;
+/** Maximum number of skills to track */
+const MAX_SKILLS = 5_000;
+export class SkillFingerprintStore {
+    fingerprints = new Map();
+    stabilityThreshold;
+    stableStreak;
+    constructor(config) {
+        this.stabilityThreshold = config?.stabilityThreshold ?? DEFAULT_STABILITY_THRESHOLD;
+        this.stableStreak = config?.stableStreak ?? DEFAULT_STABLE_STREAK;
+    }
+    /**
+     * Record a skill invocation and detect behavioral anomalies.
+     * Returns anomalies if the fingerprint was stable and new capabilities appeared.
+     *
+     * 記錄 skill 呼叫並偵測行為異常。
+     * 如果指紋已穩定且出現新能力，回傳異常列表。
+     */
+    recordInvocation(skillName, event) {
+        const now = Date.now();
+        const fp = this.getOrCreate(skillName, now);
+        fp.invocationCount++;
+        fp.lastSeen = now;
+        // Extract capabilities from event content + fields
+        const content = [
+            event.content ?? '',
+            event.fields?.['tool_args'] ?? '',
+            event.fields?.['tool_response'] ?? '',
+        ].join('\n');
+        const caps = extractCapabilities(content);
+        // Check for anomalies (only if fingerprint is stable)
+        const anomalies = [];
+        const isStable = fp.stableHash !== null;
+        if (isStable) {
+            // Detect NEW capabilities not in the stable fingerprint
+            for (const op of caps.filesystemOps) {
+                if (!fp.filesystemOps.has(op)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_filesystem_op',
+                        description: `Skill "${skillName}" performing new filesystem operation: ${op} (not in baseline)`,
+                        severity: op === 'delete' ? 'critical' : op === 'write' ? 'high' : 'medium',
+                        newValue: op,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const target of caps.networkTargets) {
+                if (!fp.networkTargets.has(target)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_network_target',
+                        description: `Skill "${skillName}" contacting new network target: ${target}`,
+                        severity: 'high',
+                        newValue: target,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const env of caps.envAccesses) {
+                if (!fp.envAccesses.has(env)) {
+                    const isSensitive = /(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/i.test(env);
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_env_access',
+                        description: `Skill "${skillName}" accessing new env var: ${env}`,
+                        severity: isSensitive ? 'critical' : 'medium',
+                        newValue: env,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const proc of caps.processExecs) {
+                if (!fp.processExecs.has(proc)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_process_exec',
+                        description: `Skill "${skillName}" executing new process: ${proc}`,
+                        severity: 'critical',
+                        newValue: proc,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const pat of caps.outputPatterns) {
+                if (!fp.outputPatterns.has(pat)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_output_pattern',
+                        description: `Skill "${skillName}" exhibiting new pattern: ${pat}`,
+                        severity: pat === 'exfiltration' ? 'critical' : 'high',
+                        newValue: pat,
+                        timestamp: now,
+                    });
+                }
+            }
+        }
+        // Update fingerprint with observed capabilities
+        let newCapsSeen = false;
+        for (const op of caps.filesystemOps) {
+            if (!fp.filesystemOps.has(op)) {
+                fp.filesystemOps.add(op);
+                newCapsSeen = true;
+            }
+        }
+        for (const t of caps.networkTargets) {
+            if (!fp.networkTargets.has(t)) {
+                fp.networkTargets.add(t);
+                newCapsSeen = true;
+            }
+        }
+        for (const e of caps.envAccesses) {
+            if (!fp.envAccesses.has(e)) {
+                fp.envAccesses.add(e);
+                newCapsSeen = true;
+            }
+        }
+        for (const p of caps.processExecs) {
+            if (!fp.processExecs.has(p)) {
+                fp.processExecs.add(p);
+                newCapsSeen = true;
+            }
+        }
+        for (const o of caps.outputPatterns) {
+            if (!fp.outputPatterns.has(o)) {
+                fp.outputPatterns.add(o);
+                newCapsSeen = true;
+            }
+        }
+        // Track stability
+        if (!isStable) {
+            if (newCapsSeen) {
+                fp.stableStreak = 0;
+            }
+            else {
+                fp.stableStreak++;
+            }
+            // Mark stable when threshold met
+            if (fp.invocationCount >= this.stabilityThreshold &&
+                fp.stableStreak >= this.stableStreak) {
+                fp.stableHash = this.computeCapabilityHash(fp);
+            }
+        }
+        return anomalies;
+    }
+    /**
+     * Get an immutable fingerprint snapshot for a skill.
+     * 取得某 skill 的不可變指紋快照。
+     */
+    getFingerprint(skillName) {
+        const fp = this.fingerprints.get(skillName);
+        if (!fp)
+            return undefined;
+        return {
+            skillName: fp.skillName,
+            invocationCount: fp.invocationCount,
+            firstSeen: fp.firstSeen,
+            lastSeen: fp.lastSeen,
+            isStable: fp.stableHash !== null,
+            capabilities: {
+                filesystemOps: new Set(fp.filesystemOps),
+                networkTargets: new Set(fp.networkTargets),
+                envAccesses: new Set(fp.envAccesses),
+                processExecs: new Set(fp.processExecs),
+                outputPatterns: new Set(fp.outputPatterns),
+            },
+            capabilityHash: fp.stableHash ?? this.computeCapabilityHash(fp),
+        };
+    }
+    /** Get all tracked skill names */
+    getTrackedSkills() {
+        return [...this.fingerprints.keys()];
+    }
+    /** Get count of stable fingerprints */
+    getStableCount() {
+        let count = 0;
+        for (const fp of this.fingerprints.values()) {
+            if (fp.stableHash !== null)
+                count++;
+        }
+        return count;
+    }
+    /** Get total tracked skills */
+    getTrackedCount() {
+        return this.fingerprints.size;
+    }
+    /**
+     * Reset a skill's fingerprint (e.g., after a legitimate update).
+     * 重置 skill 指紋（例如合法更新後）。
+     */
+    resetFingerprint(skillName) {
+        this.fingerprints.delete(skillName);
+    }
+    /**
+     * Evict fingerprints not seen since cutoffMs ago.
+     * 清除超過 cutoffMs 未活動的指紋。
+     */
+    cleanup(cutoffMs) {
+        const cutoff = Date.now() - cutoffMs;
+        let evicted = 0;
+        for (const [name, fp] of this.fingerprints) {
+            if (fp.lastSeen < cutoff) {
+                this.fingerprints.delete(name);
+                evicted++;
+            }
+        }
+        return evicted;
+    }
+    // -----------------------------------------------------------------------
+    // Private
+    // -----------------------------------------------------------------------
+    getOrCreate(skillName, now) {
+        const existing = this.fingerprints.get(skillName);
+        if (existing)
+            return existing;
+        // Evict oldest if at capacity
+        if (this.fingerprints.size >= MAX_SKILLS) {
+            let oldestName;
+            let oldestTime = Infinity;
+            for (const [name, fp] of this.fingerprints) {
+                if (fp.lastSeen < oldestTime) {
+                    oldestTime = fp.lastSeen;
+                    oldestName = name;
+                }
+            }
+            if (oldestName)
+                this.fingerprints.delete(oldestName);
+        }
+        const fp = {
+            skillName,
+            invocationCount: 0,
+            firstSeen: now,
+            lastSeen: now,
+            filesystemOps: new Set(),
+            networkTargets: new Set(),
+            envAccesses: new Set(),
+            processExecs: new Set(),
+            outputPatterns: new Set(),
+            stableHash: null,
+            stableStreak: 0,
+        };
+        this.fingerprints.set(skillName, fp);
+        return fp;
+    }
+    computeCapabilityHash(fp) {
+        const parts = [
+            [...fp.filesystemOps].sort().join(','),
+            [...fp.networkTargets].sort().join(','),
+            [...fp.envAccesses].sort().join(','),
+            [...fp.processExecs].sort().join(','),
+            [...fp.outputPatterns].sort().join(','),
+        ];
+        return createHash('sha256').update(parts.join('|')).digest('hex').slice(0, 16);
+    }
+}
+//# sourceMappingURL=skill-fingerprint.js.map

package/dist/skill-fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-fingerprint.js","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAkEzC,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,6EAA6E,CAAC;AACvG,MAAM,eAAe,GAAG,2DAA2D,CAAC;AACpF,MAAM,iBAAiB,GAAG,sDAAsD,CAAC;AAEjF,MAAM,eAAe,GAAG,oHAAoH,CAAC;AAE7I,MAAM,WAAW,GAAG,gFAAgF,CAAC;AACrG,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D,MAAM,YAAY,GAAG,wHAAwH,CAAC;AAE9I,MAAM,aAAa,GAAG,qFAAqF,CAAC;AAC5G,MAAM,gBAAgB,GAAG,gEAAgE,CAAC;AAE1F,2DAA2D;AAC3D,SAAS,mBAAmB,CAAC,IAAY;IAOvC,MAAM,MAAM,GAAG;QACb,aAAa,EAAE,EAAc;QAC7B,cAAc,EAAE,EAAc;QAC9B,WAAW,EAAE,EAAc;QAC3B,YAAY,EAAE,EAAc;QAC5B,cAAc,EAAE,EAAc;KAC/B,CAAC;IAEF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAE9C,gDAAgD;IAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEvC,aAAa;IACb,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxE,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtE,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE1E,kBAAkB;IAClB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,gCAAgC;IAChC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,oDAAoD;IACpD,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,kBAAkB;IAClB,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7E,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE5E,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,yEAAyE;AACzE,MAAM,2BAA2B,GAAG,EAAE,CAAC;AAEvC,sEAAsE;AACtE,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,wCAAwC;AACxC,MAAM,UAAU,GAAG,KAAK,CAAC;AASzB,MAAM,OAAO,qBAAqB;IACf,YAAY,GAAG,IAAI,GAAG,EAA8B,CAAC;IACrD,kBAAkB,CAAS;IAC3B,YAAY,CAAS;IAEtC,YAAY,MAA+B;QACzC,IAAI,CAAC,kBAAkB,GAAG,MAAM,EAAE,kBAAkB,IAAI,2BAA2B,CAAC;QACpF,IAAI,CAAC,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,qBAAqB,CAAC;IACpE,CAAC;IAED;;;;;;OAMG;IACH,gBAAgB,CACd,SAAiB,EACjB,KAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC5C,EAAE,CAAC,eAAe,EAAE,CAAC;QACrB,EAAE,CAAC,QAAQ,GAAG,GAAG,CAAC;QAElB,mDAAmD;QACnD,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,OAAO,IAAI,EAAE;YACnB,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE;YACjC,KAAK,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE;SACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE1C,sDAAsD;QACtD,MAAM,SAAS,GAAsB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,KAAK,IAAI,CAAC;QAExC,IAAI,QAAQ,EAAE,CAAC;YACb,wDAAwD;YACxD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC9B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,mBAAmB;wBAChC,WAAW,EAAE,UAAU,SAAS,0CAA0C,EAAE,oBAAoB;wBAChG,QAAQ,EAAE,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;wBAC3E,QAAQ,EAAE,EAAE;wBACZ,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,oCAAoC,MAAM,EAAE;wBAC5E,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,MAAM;wBAChB,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,WAAW,GAAG,2CAA2C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC1E,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,gBAAgB;wBAC7B,WAAW,EAAE,UAAU,SAAS,4BAA4B,GAAG,EAAE;wBACjE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;wBAC7C,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,kBAAkB;wBAC/B,WAAW,EAAE,UAAU,SAAS,4BAA4B,IAAI,EAAE;wBAClE,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,IAAI;wBACd,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,6BAA6B,GAAG,EAAE;wBAClE,QAAQ,EAAE,GAAG,KAAK,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;wBACtD,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC5E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC9E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,WAAW,EAAE,CAAC;gBAChB,EAAE,CAAC,YAAY,GAAG,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,CAAC;YAED,iCAAiC;YACjC,IACE,EAAE,CAAC,eAAe,IAAI,IAAI,CAAC,kBAAkB;gBAC7C,EAAE,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,EACpC,CAAC;gBACD,EAAE,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,SAAiB;QAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE;YAAE,OAAO,SAAS,CAAC;QAE1B,OAAO;YACL,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,eAAe,EAAE,EAAE,CAAC,eAAe;YACnC,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,QAAQ,EAAE,EAAE,CAAC,UAAU,KAAK,IAAI;YAChC,YAAY,EAAE;gBACZ,aAAa,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC;gBACxC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;gBAC1C,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,WAAW,CAAC;gBACpC,YAAY,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC;gBACtC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;aAC3C;YACD,cAAc,EAAE,EAAE,CAAC,UAAU,IAAI,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,uCAAuC;IACvC,cAAc;QACZ,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,EAAE,CAAC,UAAU,KAAK,IAAI;gBAAE,KAAK,EAAE,CAAC;QACtC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+BAA+B;IAC/B,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,gBAAgB,CAAC,SAAiB;QAChC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,QAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC/B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0EAA0E;IAC1E,UAAU;IACV,0EAA0E;IAElE,WAAW,CAAC,SAAiB,EAAE,GAAW;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,8BAA8B;QAC9B,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;YACzC,IAAI,UAA8B,CAAC;YACnC,IAAI,UAAU,GAAG,QAAQ,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,UAAU,EAAE,CAAC;oBAC7B,UAAU,GAAG,EAAE,CAAC,QAAQ,CAAC;oBACzB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YACD,IAAI,UAAU;gBAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,EAAE,GAAuB;YAC7B,SAAS;YACT,eAAe,EAAE,CAAC;YAClB,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;YACb,aAAa,EAAE,IAAI,GAAG,EAAE;YACxB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,WAAW,EAAE,IAAI,GAAG,EAAE;YACtB,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;SAChB,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,qBAAqB,CAAC,EAAsB;QAClD,MAAM,KAAK,GAAG;YACZ,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACtC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACvC,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACpC,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACrC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;SACxC,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjF,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,129 @@
+/**
+ * ATR (Agent Threat Rules) type definitions
+ * @module agent-threat-rules/types
+ */
+export type ATRStatus = 'draft' | 'experimental' | 'stable' | 'deprecated';
+export type ATRSeverity = 'critical' | 'high' | 'medium' | 'low' | 'informational';
+export type ATRCategory = 'prompt-injection' | 'tool-poisoning' | 'context-exfiltration' | 'agent-manipulation' | 'privilege-escalation' | 'excessive-autonomy' | 'data-poisoning' | 'model-abuse' | 'skill-compromise';
+export type ATRConfidence = 'high' | 'medium' | 'low';
+export type ATRSourceType = 'llm_io' | 'tool_call' | 'mcp_exchange' | 'agent_behavior' | 'multi_agent_comm' | 'context_window' | 'memory_access' | 'skill_lifecycle' | 'skill_permission' | 'skill_chain';
+export type ATRMatchType = 'contains' | 'regex' | 'exact' | 'starts_with';
+export type ATROperator = 'gt' | 'lt' | 'eq' | 'gte' | 'lte' | 'deviation_from_baseline';
+export type ATRAction = 'block_input' | 'block_output' | 'block_tool' | 'quarantine_session' | 'reset_context' | 'alert' | 'snapshot' | 'escalate' | 'reduce_permissions' | 'kill_agent';
+export interface ATRReferences {
+    owasp_llm?: string[];
+    mitre_atlas?: string[];
+    mitre_attack?: string[];
+    cve?: string[];
+}
+export interface ATRTags {
+    category: ATRCategory;
+    subcategory?: string;
+    confidence?: ATRConfidence;
+}
+export interface ATRAgentSource {
+    type: ATRSourceType;
+    framework?: string[];
+    provider?: string[];
+}
+export interface ATRPatternCondition {
+    field: string;
+    patterns: string[];
+    match_type: ATRMatchType;
+    case_sensitive?: boolean;
+}
+export interface ATRBehavioralCondition {
+    metric: string;
+    operator: ATROperator;
+    threshold: number;
+    window?: string;
+}
+export interface ATRSequenceStep {
+    field?: string;
+    patterns?: string[];
+    match_type?: ATRMatchType;
+    metric?: string;
+    operator?: ATROperator;
+    threshold?: number;
+}
+export interface ATRSequenceCondition {
+    ordered: boolean;
+    within: string;
+    steps: ATRSequenceStep[];
+}
+/** Array-format condition: {field, operator, value} used by most rules */
+export interface ATRArrayCondition {
+    field: string;
+    operator: string;
+    value: string;
+    description?: string;
+}
+/** Named-map conditions or array conditions */
+export type ATRConditions = ATRArrayCondition[] | Record<string, ATRPatternCondition | ATRBehavioralCondition | ATRSequenceCondition>;
+export interface ATRDetection {
+    conditions: ATRConditions;
+    /** "any" = OR across all conditions, "all" = AND. For named format: boolean expression string. */
+    condition: string;
+    false_positives?: string[];
+}
+export interface ATRResponse {
+    actions: ATRAction[];
+    auto_response_threshold?: string;
+    message_template?: string;
+}
+export interface ATRTestCase {
+    input?: string;
+    tool_response?: string;
+    agent_output?: string;
+    tool_name?: string;
+    tool_args?: string;
+    expected: 'trigger' | 'no_trigger' | 'triggered' | 'not_triggered';
+}
+export interface ATRTestCases {
+    true_positives: ATRTestCase[];
+    true_negatives: ATRTestCase[];
+}
+export interface ATRRule {
+    title: string;
+    id: string;
+    status: ATRStatus;
+    description: string;
+    author: string;
+    date: string;
+    modified?: string;
+    severity: ATRSeverity;
+    references?: ATRReferences;
+    tags: ATRTags;
+    agent_source: ATRAgentSource;
+    detection: ATRDetection;
+    response: ATRResponse;
+    test_cases?: ATRTestCases;
+}
+/** Event types that the ATR engine can evaluate */
+export type AgentEventType = 'llm_input' | 'llm_output' | 'tool_call' | 'tool_response' | 'agent_behavior' | 'multi_agent_message';
+/** An agent event to evaluate against ATR rules */
+export interface AgentEvent {
+    type: AgentEventType;
+    timestamp: string;
+    /** The text content to analyze */
+    content: string;
+    /** Specific field values for pattern matching */
+    fields?: Record<string, string>;
+    /** Behavioral metrics for threshold-based detection */
+    metrics?: Record<string, number>;
+    /** Session identifier for correlation */
+    sessionId?: string;
+    /** Source agent identifier */
+    agentId?: string;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/** Result when an ATR rule matches an event */
+export interface ATRMatch {
+    rule: ATRRule;
+    matchedConditions: string[];
+    matchedPatterns: string[];
+    confidence: number;
+    timestamp: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,cAAc,GAAG,QAAQ,GAAG,YAAY,CAAC;AAE3E,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,eAAe,CAAC;AAEnF,MAAM,MAAM,WAAW,GACnB,kBAAkB,GAClB,gBAAgB,GAChB,sBAAsB,GACtB,oBAAoB,GACpB,sBAAsB,GACtB,oBAAoB,GACpB,gBAAgB,GAChB,aAAa,GACb,kBAAkB,CAAC;AAEvB,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEtD,MAAM,MAAM,aAAa,GACrB,QAAQ,GACR,WAAW,GACX,cAAc,GACd,gBAAgB,GAChB,kBAAkB,GAClB,gBAAgB,GAChB,eAAe,GACf,iBAAiB,GACjB,kBAAkB,GAClB,aAAa,CAAC;AAElB,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC;AAE1E,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,GAAG,yBAAyB,CAAC;AAEzF,MAAM,MAAM,SAAS,GACjB,aAAa,GACb,cAAc,GACd,YAAY,GACZ,oBAAoB,GACpB,eAAe,GACf,OAAO,GACP,UAAU,GACV,UAAU,GACV,oBAAoB,GACpB,YAAY,CAAC;AAEjB,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,WAAW,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,aAAa,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,aAAa,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,YAAY,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,WAAW,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,eAAe,EAAE,CAAC;CAC1B;AAED,0EAA0E;AAC1E,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,+CAA+C;AAC/C,MAAM,MAAM,aAAa,GACrB,iBAAiB,EAAE,GACnB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,sBAAsB,GAAG,oBAAoB,CAAC,CAAC;AAExF,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,aAAa,CAAC;IAC1B,kGAAkG;IAClG,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,SAAS,GAAG,YAAY,GAAG,WAAW,GAAG,eAAe,CAAC;CACpE;AAED,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,WAAW,EAAE,CAAC;IAC9B,cAAc,EAAE,WAAW,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,SAAS,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,aAAa,CAAC;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,YAAY,EAAE,cAAc,CAAC;IAC7B,SAAS,EAAE,YAAY,CAAC;IACxB,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,YAAY,CAAC;CAC3B;AAED,mDAAmD;AACnD,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,YAAY,GACZ,WAAW,GACX,eAAe,GACf,gBAAgB,GAChB,qBAAqB,CAAC;AAE1B,mDAAmD;AACnD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,+CAA+C;AAC/C,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/types.js

@@ -0,0 +1,6 @@
+/**
+ * ATR (Agent Threat Rules) type definitions
+ * @module agent-threat-rules/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/package.json

@@ -0,0 +1,75 @@
+{
+  "name": "@panguard-ai/atr",
+  "version": "0.2.0",
+  "type": "module",
+  "description": "Open detection rules for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and agent manipulation.",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "atr": "./dist/cli.js",
+    "agent-threat-rules": "./dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./mcp": {
+      "import": "./dist/mcp-server.js",
+      "types": "./dist/mcp-server.d.ts"
+    },
+    "./rules": "./rules",
+    "./spec": "./spec/atr-schema.yaml"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Agent-Threat-Rule/agent-threat-rules.git"
+  },
+  "homepage": "https://github.com/Agent-Threat-Rule/agent-threat-rules",
+  "bugs": {
+    "url": "https://github.com/Agent-Threat-Rule/agent-threat-rules/issues"
+  },
+  "keywords": [
+    "ai-security",
+    "agent-security",
+    "prompt-injection",
+    "sigma-rules",
+    "threat-detection",
+    "mcp-security",
+    "llm-security",
+    "atr"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist",
+    "spec",
+    "rules",
+    "package.json",
+    "README.md"
+  ],
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.0",
+    "js-yaml": "^4.1.0"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^22.14.0",
+    "tsx": "^4.7.0",
+    "typescript": "~5.7.3",
+    "vitest": "^3.0.0"
+  },
+  "scripts": {
+    "build": "tsc --build",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "dev": "tsc --build --watch",
+    "validate": "tsx tests/validate-rules.ts"
+  }
+}