@wardnmesh/sdk-node 0.2.1

package/LICENSE

@@ -0,0 +1,47 @@
+ELASTIC LICENSE 2.0
+
+I. SHARING AND INTEGRATION
+
+1. You may not provide the software to third parties as a hosted or managed
+   service, where the service provides users with access to any substantial
+   set of the features or functionality of this software.
+
+2. You may not move, change, disable, or circumvent the license key functionality
+   in the software, and you may not remove or obscure any functionality in the
+   software that is protected by the license key.
+
+3. You may not alter, remove, or obscure any licensing, copyright, or other
+   notices of the licensor in the software. Any use of the licensor’s trademarks
+   is subject to applicable law.
+
+II. LIMITATIONS
+
+1. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+   SOFTWARE.
+
+2. This license does not grant you any right to any of the licensor's trademarks
+   or other brand features.
+
+III. GRANT OF RIGHTS
+
+1. Subject to the terms and conditions of this license, you are granted a
+   non-exclusive, royalty-free, worldwide, non-sublicensable license to use,
+   copy, distribute, make available, and prepare derivative works of the software.
+
+2. Provide the software to third parties as a hosted or managed service, where
+   the service provides users with access to any substantial set of the features
+   or functionality of this software, is allowed only if you have a separate
+   written agreement with the licensor.
+
+IV. TERMINATION
+
+1. If you violate any term of this license, your rights under this license will
+   terminate immediately.
+
+2. If your rights under this license terminate, you must stop using the
+   software and destroy all copies of the software in your possession or control.

package/README.md

@@ -0,0 +1,178 @@
+# @wardnmesh/sdk-node
+
+**WardnMesh.AI** (formerly AgentGuard) is an active defense middleware for AI Agents. This SDK allows you to verify LLM inputs/outputs, block prompt injections, and prevent data exfiltration in real-time.
+
+## Features
+
+- 🛡️ **Active Defense**: Blocks prompt injections, jailbreaks, and PII leaks.
+- ⚡ **Middleware First**: Easy integration with Express and Next.js.
+- 🔍 **Telemetry**: Real-time violation reporting to Central Control Bus (CCB).
+- 🧠 **Context Aware**: Tracks tool usage history to detect multi-step attacks (Sequence Detection).
+- 🚀 **Fail-Open**: Designed to prioritize application availability (blocks are logged, errors are ignored by default).
+
+## Installation
+
+```bash
+npm install @wardnmesh/sdk-node
+# or
+yarn add @wardnmesh/sdk-node
+```
+
+## Quick Start
+
+### 1. Initialize the Guard
+
+Initialize the singleton `Wardn` instance at the start of your application.
+
+```typescript
+import Wardn, { Rule, RiskLevel } from '@wardnmesh/sdk-node';
+
+const rules: Rule[] = [
+  {
+    id: 'block-aws-keys',
+    name: 'Block AWS Keys',
+    category: 'safety',
+    severity: 'critical',
+    description: 'Prevents leakage of AWS Access Keys',
+    detector: {
+      type: 'pattern',
+      config: {
+        targetTool: 'llm_output', 
+        targetParameter: 'content',
+        patterns: [
+          { name: 'AWS Key ID', regex: 'AKIA[0-9A-Z]{16}', description: 'AWS Access Key ID' }
+        ]
+      }
+    },
+    escalation: { 1: 'block' }
+  }
+];
+
+// Initialize (Singleton)
+const guard = Wardn.init({
+  rules,
+  enabled: true,
+  maxHistorySize: 50, // Limit memory usage
+  telemetry: {
+    enabled: true,
+    serviceName: 'my-agent-service'
+  }
+});
+```
+
+### 2. Usage with Express
+
+Use the `createExpressMiddleware` to automatically scan incoming requests.
+
+```typescript
+import express from 'express';
+import { createExpressMiddleware } from '@wardnmesh/sdk-node';
+
+const app = express();
+
+// IMPORTANT: body-parser or express.json() must be used BEFORE WardnMesh
+app.use(express.json());
+
+// Apply Middleware
+app.use(createExpressMiddleware(guard, {
+  // Optional: Custom request extraction
+  extractRequest: (req) => ({
+    sessionId: req.headers['x-session-id'] as string,
+    prompt: req.body.user_prompt
+  }),
+  // Optional: Custom block handler
+  onBlock: (req, res, result) => {
+    res.status(400).json({ error: 'Security Violation Detected', violations: result.violations });
+  }
+}));
+
+app.post('/chat', (req, res) => {
+  // If we reach here, the request is safe!
+  res.json({ response: 'Hello world' });
+});
+
+app.listen(3000);
+```
+
+### 3. Usage with Next.js (App Router)
+
+Wrap your API Route handlers with `withAgentGuard`.
+
+```typescript
+// app/api/chat/route.ts
+import { NextResponse } from 'next/server';
+import { withAgentGuard } from '@wardnmesh/sdk-node';
+import { guard } from '@/lib/wardn'; // Import your initialized guard instance
+
+export const POST = withAgentGuard(guard, async (req) => {
+  const body = await req.json();
+  // Process request...
+  return NextResponse.json({ message: 'Safe!' });
+});
+```
+
+## Configuration
+
+### `WardnConfig`
+
+| Property | Type | Default | Description |
+|----------|------|---------|-------------|
+| `rules` | `Rule[]` | Required | Array of active security rules. |
+| `enabled` | `boolean` | `true` | Master switch for the SDK. |
+| `maxHistorySize` | `number` | `50` | Max tool calls to keep in session state (prevents memory bloat). |
+| `telemetry.enabled` | `boolean` | `false` | Enable sending data to CCB. |
+| `telemetry.serviceName` | `string` | `unknown` | Identifier for this service. |
+
+### Interactive Setup (Recommended)
+
+Run the initialization wizard to automatically configure telemetry and generate your `.env` file:
+
+```bash
+npx wardn-init
+```
+
+### Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `WARDN_API_KEY` | **Required** for telemetry. Get yours at <https://wardnmesh.ai> |
+| `WARDN_API_URL` | Optional. Defaults to `https://api.wardnmesh.ai` |
+| `WARDN_TELEMETRY_ENABLED` | Set to `true` to enable cloud syncing. |
+
+## Custom State Management
+
+By default, `Wardn` uses an in-memory state provider. For production (serverless/distributed), implement `SessionStateProvider`:
+
+```typescript
+import { SessionStateProvider } from '@wardnmesh/sdk-node';
+
+class RedisStateProvider implements SessionStateProvider {
+  // ... implement getState and setState using Redis
+}
+
+Wardn.init(config, new RedisStateProvider());
+```
+
+## Other Integration Options
+
+### For Claude Code & Claude Desktop
+
+If you're using **Claude Code CLI** or **Claude Desktop**, use the **WardnMesh MCP Server** instead of this SDK:
+
+```bash
+npm install -g @wardnmesh/mcp-server
+```
+
+The MCP Server provides:
+- 🔧 **Auto-setup** for Claude Code hooks
+- 🛡️ **Real-time scanning** of user prompts and tool arguments
+- 🔍 **Security checks** for Bash commands, file operations, and content
+
+**Learn more:** [MCP Server Documentation](../mcp-server/README.md)
+
+### For Other Platforms
+
+- **OpenAI API**: Use this SDK with custom middleware
+- **LangChain**: Use this SDK with callback handlers
+- **CrewAI**: Use the Python SDK (`pip install wardnmesh`)
+- **Cursor/VS Code**: Coming soon - MCP Server integration

package/bin/setup.js

@@ -0,0 +1,119 @@
+#!/usr/bin/env node
+
+const readline = require("readline");
+const fs = require("fs");
+const path = require("path");
+
+const rl = readline.createInterface({
+  input: process.stdin,
+  output: process.stdout,
+});
+
+const DO_NOT_TRACK_DOMAINS = ["localhost", "127.0.0.1"];
+
+console.log("\x1b[36m%s\x1b[0m", "🛡️  WardnMesh SDK Setup");
+console.log("-----------------------------------");
+console.log(
+  "This script will help you configure WardnMesh for your project.\n"
+);
+console.log(
+  "\x1b[33m%s\x1b[0m",
+  "PRIVACY NOTICE: WardnMesh respects your user privacy."
+);
+console.log(
+  "\x1b[33m%s\x1b[0m",
+  "No personal data, raw prompts, or secrets are ever sent to our servers."
+);
+console.log(
+  "\x1b[33m%s\x1b[0m",
+  "Only security violation metadata (redacted) is synced for threat analysis.\n"
+);
+
+const questions = [
+  {
+    key: "enableTelemetry",
+    text: "Would you like to enable real-time threat telemetry syncing to WardnMesh Cloud? (Y/n) ",
+    default: "Y",
+    type: "boolean",
+  },
+  {
+    key: "apiKey",
+    text: "Enter your WardnMesh API Key (leave blank to skip): ",
+    type: "secret",
+    condition: (answers) => answers.enableTelemetry,
+  },
+  {
+    key: "apiUrl",
+    text: "Enter WardnMesh API URL (default: https://api.wardnmesh.ai): ",
+    default: "https://api.wardnmesh.ai",
+    condition: (answers) => answers.enableTelemetry,
+  },
+];
+
+async function ask(question) {
+  return new Promise((resolve) => {
+    rl.question(question.text, (answer) => {
+      resolve(answer.trim());
+    });
+  });
+}
+
+async function run() {
+  const config = {};
+
+  for (const q of questions) {
+    if (q.condition && !q.condition(config)) continue;
+
+    let answer = await ask(q.text);
+
+    if (q.type === "boolean") {
+      config[q.key] = answer.toLowerCase() !== "n";
+    } else {
+      config[q.key] = answer || q.default || "";
+    }
+  }
+
+  rl.close();
+
+  console.log("\n\x1b[32mConfiguration Complete!\x1b[0m");
+
+  // Generate .env content
+  let envContent = "";
+  if (config.enableTelemetry) {
+    envContent += `\n# WardnMesh Security SDK\n`;
+    envContent += `WARDN_TELEMETRY_ENABLED=true\n`;
+    if (config.apiUrl) envContent += `WARDN_API_URL=${config.apiUrl}\n`;
+    if (config.apiKey) envContent += `WARDN_API_KEY=${config.apiKey}\n`;
+  }
+
+  if (envContent) {
+    const envPath = path.resolve(process.cwd(), ".env");
+    console.log(`\nAppending the following to ${envPath}:`);
+    console.log("\x1b[90m%s\x1b[0m", envContent);
+
+    try {
+      fs.appendFileSync(envPath, envContent);
+      console.log("✅ .env updated successfully.");
+    } catch (err) {
+      console.error("❌ Failed to write to .env:", err.message);
+      console.log("Please verify permissions or add the variables manually.");
+    }
+  } else {
+    console.log("No changes made to .env (Telemetry disabled).");
+  }
+
+  console.log("\nNext Step: Initialize Wardn in your code:");
+  console.log(`
+  import { Wardn } from '@wardnmesh/sdk-node';
+  
+  Wardn.init({
+    rules: [/* your rules */],
+    telemetry: {
+      enabled: process.env.WARDN_TELEMETRY_ENABLED === 'true',
+      serviceName: 'my-agent-service'
+    }
+  });
+  `);
+}
+
+run().catch(console.error);

package/dist/agent-guard.d.ts

@@ -0,0 +1,28 @@
+import { AgentGuardConfig, ScanResult, AgentRequest } from "./types";
+import { SessionStateProvider } from "./state/session-manager";
+export declare class AgentGuard {
+    private static instance;
+    private config;
+    private stateProvider;
+    private telemetry;
+    private patternDetector;
+    private sequenceDetector;
+    private stateDetector;
+    private semanticDetector;
+    private constructor();
+    private initTelemetry;
+    static getInstance(): AgentGuard;
+    static init(config: AgentGuardConfig, stateProvider?: SessionStateProvider): AgentGuard;
+    /** Main entry point to scan an agent request */
+    scan(request: AgentRequest): Promise<ScanResult>;
+    /** Normalize request to ToolData format */
+    private normalizeRequest;
+    /** Run detector for a single rule */
+    private detectViolation;
+    /** Handle semantic detection */
+    private detectSemanticViolation;
+    /** Report violation to telemetry */
+    private reportViolation;
+    /** Report scan completion to telemetry */
+    private reportScanComplete;
+}

package/dist/agent-guard.js

@@ -0,0 +1,206 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentGuard = void 0;
+const pattern_1 = require("./detectors/pattern");
+const sequence_1 = require("./detectors/sequence");
+const state_1 = require("./detectors/state");
+const session_manager_1 = require("./state/session-manager");
+const reporter_1 = require("./telemetry/reporter");
+const semantic_detector_1 = require("./detectors/semantic-detector");
+/** Synchronous state adapter for in-request state management */
+class SyncStateAdapter {
+    constructor(initialState, maxHistory = 50) {
+        this.maxHistory = maxHistory;
+        this.state = {
+            startTime: initialState.startTime || new Date().toISOString(),
+            toolCalls: initialState.toolCalls || [],
+            recentTools: initialState.recentTools || [],
+            detectedViolations: initialState.detectedViolations || [],
+            customState: initialState.customState || {},
+            currentFile: initialState.currentFile,
+        };
+    }
+    getRecentTools(count) {
+        const tools = this.state.recentTools || [];
+        return count ? tools.slice(-count) : tools;
+    }
+    setCustomState(key, value) {
+        this.state.customState[key] = value;
+    }
+    getCustomState(key) {
+        return this.state.customState[key];
+    }
+    addToolCall(tool) {
+        if (!this.state.recentTools)
+            this.state.recentTools = [];
+        this.state.recentTools.push(tool);
+        if (this.state.recentTools.length > this.maxHistory) {
+            this.state.recentTools.shift();
+        }
+    }
+    exportState() {
+        return this.state;
+    }
+}
+class AgentGuard {
+    constructor(config, stateProvider) {
+        this.config = config;
+        this.stateProvider = stateProvider || new session_manager_1.InMemorySessionStateProvider();
+        this.telemetry = this.initTelemetry();
+        this.patternDetector = new pattern_1.PatternDetector();
+        this.sequenceDetector = new sequence_1.SequenceDetector();
+        this.stateDetector = new state_1.StateDetector();
+        this.semanticDetector = semantic_detector_1.SemanticDetector.getInstance();
+        // Emit startup event
+        this.telemetry.emit({
+            eventType: "agent_started",
+            timestamp: new Date().toISOString(),
+            data: {
+                config: {
+                    appName: this.config.telemetry?.serviceName,
+                    ruleCount: this.config.rules.length,
+                },
+            },
+        });
+    }
+    initTelemetry() {
+        if (this.config.telemetry?.enabled && process.env.CCB_ENDPOINT) {
+            return new reporter_1.CCBReporter(process.env.CCB_ENDPOINT, process.env.CCB_API_KEY || "", this.config.telemetry.serviceName || "unknown-service");
+        }
+        return new reporter_1.ConsoleReporter();
+    }
+    static getInstance() {
+        if (!AgentGuard.instance) {
+            throw new Error("AgentGuard not initialized. Call AgentGuard.init() first.");
+        }
+        return AgentGuard.instance;
+    }
+    static init(config, stateProvider) {
+        AgentGuard.instance = new AgentGuard(config, stateProvider);
+        return AgentGuard.instance;
+    }
+    /** Main entry point to scan an agent request */
+    async scan(request) {
+        const start = Date.now();
+        const violations = [];
+        const sessionId = request.sessionId || "default";
+        try {
+            const rawState = await this.stateProvider.getState(sessionId);
+            const stateAdapter = new SyncStateAdapter(rawState, this.config.maxHistorySize);
+            const toolData = this.normalizeRequest(request);
+            stateAdapter.addToolCall(toolData);
+            // Lazy load semantic model if needed
+            if (this.config.rules.some((r) => r.detector.type === "semantic")) {
+                await this.semanticDetector.init();
+            }
+            // Run all detectors
+            for (const rule of this.config.rules) {
+                const violation = await this.detectViolation(rule, toolData, stateAdapter);
+                if (violation) {
+                    violations.push(violation);
+                    this.reportViolation(violation, toolData, sessionId);
+                }
+            }
+            await this.stateProvider.setState(sessionId, stateAdapter.exportState());
+            const result = {
+                allowed: !violations.some((v) => v.severity === "critical"),
+                violations,
+                latencyMs: Date.now() - start,
+                metadata: { analyzedRules: this.config.rules.length },
+            };
+            this.reportScanComplete(result, sessionId);
+            return result;
+        }
+        catch (error) {
+            // Fail-Open Resilience: Never crash the application
+            console.error("[AgentGuard] Scan failed, failing open:", error);
+            this.telemetry.emit({
+                eventType: "error",
+                timestamp: new Date().toISOString(),
+                data: {
+                    error: error instanceof Error ? error.message : "Unknown error",
+                    sessionId,
+                },
+            });
+            return {
+                allowed: true, // Fail-open
+                violations: [],
+                latencyMs: Date.now() - start,
+                metadata: {
+                    error: true,
+                    errorDetails: error instanceof Error ? error.message : "Unknown",
+                },
+            };
+        }
+    }
+    /** Normalize request to ToolData format */
+    normalizeRequest(request) {
+        return {
+            toolName: request.toolName || "llm_input",
+            parameters: request.parameters || { prompt: request.prompt || "" },
+            result: { success: true },
+            duration: 0,
+            timestamp: new Date().toISOString(),
+        };
+    }
+    /** Run detector for a single rule */
+    async detectViolation(rule, toolData, stateAdapter) {
+        switch (rule.detector.type) {
+            case "pattern":
+                return this.patternDetector.detect(toolData, rule, stateAdapter);
+            case "sequence":
+                return this.sequenceDetector.detect(toolData, rule, stateAdapter);
+            case "state":
+                return this.stateDetector.detect(toolData, rule, stateAdapter);
+            case "semantic":
+                return this.detectSemanticViolation(rule, toolData);
+            default:
+                return null;
+        }
+    }
+    /** Handle semantic detection */
+    async detectSemanticViolation(rule, toolData) {
+        const prompt = toolData.parameters.prompt ||
+            JSON.stringify(toolData.parameters);
+        const config = rule.detector.config;
+        const { detected, reason, score } = await this.semanticDetector.scan(prompt, config.threshold || 0.75);
+        if (!detected)
+            return null;
+        return {
+            id: crypto.randomUUID(),
+            ruleId: rule.id,
+            ruleName: rule.name,
+            severity: rule.severity,
+            description: reason || "Semantic Violation",
+            context: {
+                toolName: toolData.toolName,
+                toolData,
+                additionalInfo: { score },
+            },
+            timestamp: new Date().toISOString(),
+        };
+    }
+    /** Report violation to telemetry */
+    reportViolation(violation, toolData, sessionId) {
+        this.telemetry.emit({
+            eventType: "violation_detected",
+            timestamp: new Date().toISOString(),
+            data: { violation, toolData },
+            metadata: { sessionId },
+        });
+    }
+    /** Report scan completion to telemetry */
+    reportScanComplete(result, sessionId) {
+        this.telemetry.emit({
+            eventType: "scan_complete",
+            timestamp: new Date().toISOString(),
+            data: {
+                allowed: result.allowed,
+                latencyMs: result.latencyMs,
+                violationCount: result.violations.length,
+            },
+            metadata: { sessionId },
+        });
+    }
+}
+exports.AgentGuard = AgentGuard;

package/dist/config/security-limits.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Security Limits Configuration
+ * Centralized configuration for all security-related limits and thresholds
+ */
+export declare const SECURITY_LIMITS: {
+    readonly MAX_RULES: 1000;
+    readonly MAX_PATTERNS_PER_RULE: 100;
+    readonly MAX_SCAN_LENGTH: 50000;
+    readonly MAX_PARAMETER_DEPTH: 10;
+    readonly REGEX_TIMEOUT_MS: 100;
+    readonly REGEX_CACHE_SIZE: 500;
+    readonly RULE_REFRESH_INTERVAL_MS: 60000;
+    readonly FETCH_TIMEOUT_MS: 10000;
+    readonly MIN_UPDATE_INTERVAL_MS: 1000;
+    readonly MAX_UPDATES_PER_MINUTE: 10;
+    readonly MAX_CACHE_FILE_SIZE_BYTES: number;
+    readonly MAX_SESSION_HISTORY: 50;
+    readonly UPDATE_CHECK_INTERVAL_MS: number;
+    readonly UPDATE_CHECK_CACHE_TTL_MS: number;
+};
+/**
+ * Feature Flags
+ */
+export declare const FEATURE_FLAGS: {
+    readonly ENABLE_UPDATE_CHECK: true;
+    readonly ENABLE_TELEMETRY: true;
+    readonly ENABLE_SEMANTIC_DETECTION: false;
+    readonly ENABLE_AUTO_FIX: false;
+};
+/**
+ * Environment-specific Configuration
+ */
+export declare const ENV_CONFIG: {
+    readonly DEVELOPMENT: {
+        readonly LOG_LEVEL: "debug";
+        readonly STRICT_VALIDATION: false;
+    };
+    readonly PRODUCTION: {
+        readonly LOG_LEVEL: "info";
+        readonly STRICT_VALIDATION: true;
+    };
+};

package/dist/config/security-limits.js

@@ -0,0 +1,52 @@
+"use strict";
+/**
+ * Security Limits Configuration
+ * Centralized configuration for all security-related limits and thresholds
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ENV_CONFIG = exports.FEATURE_FLAGS = exports.SECURITY_LIMITS = void 0;
+exports.SECURITY_LIMITS = {
+    // Rule Management
+    MAX_RULES: 1000,
+    MAX_PATTERNS_PER_RULE: 100,
+    // Content Scanning
+    MAX_SCAN_LENGTH: 50000, // 50KB max content to scan (ReDoS prevention)
+    MAX_PARAMETER_DEPTH: 10, // Max depth for nested parameter extraction
+    // Pattern Matching
+    REGEX_TIMEOUT_MS: 100, // Max time for a single regex match
+    REGEX_CACHE_SIZE: 500, // Max cached regex patterns
+    // Telemetry & Performance
+    RULE_REFRESH_INTERVAL_MS: 60000, // 1 minute
+    FETCH_TIMEOUT_MS: 10000, // 10 seconds for HTTP requests
+    // Rate Limiting
+    MIN_UPDATE_INTERVAL_MS: 1000, // Minimum 1 second between rule updates
+    MAX_UPDATES_PER_MINUTE: 10,
+    // Cache & Storage
+    MAX_CACHE_FILE_SIZE_BYTES: 10 * 1024 * 1024, // 10 MB
+    MAX_SESSION_HISTORY: 50,
+    // Update Management
+    UPDATE_CHECK_INTERVAL_MS: 24 * 60 * 60 * 1000, // 24 hours
+    UPDATE_CHECK_CACHE_TTL_MS: 6 * 60 * 60 * 1000, // 6 hours
+};
+/**
+ * Feature Flags
+ */
+exports.FEATURE_FLAGS = {
+    ENABLE_UPDATE_CHECK: true,
+    ENABLE_TELEMETRY: true,
+    ENABLE_SEMANTIC_DETECTION: false, // Expensive, opt-in
+    ENABLE_AUTO_FIX: false, // Future feature
+};
+/**
+ * Environment-specific Configuration
+ */
+exports.ENV_CONFIG = {
+    DEVELOPMENT: {
+        LOG_LEVEL: 'debug',
+        STRICT_VALIDATION: false,
+    },
+    PRODUCTION: {
+        LOG_LEVEL: 'info',
+        STRICT_VALIDATION: true,
+    },
+};

package/dist/detectors/base.d.ts

@@ -0,0 +1,22 @@
+import { ToolData, Violation, Rule, Detector, StateProvider, DetectorType } from '../types';
+/**
+ * Abstract base detector class
+ *
+ * Provides common functionality for all detectors.
+ */
+export declare abstract class BaseDetector implements Detector {
+    abstract detect(toolData: ToolData, rule: Rule, sessionState: StateProvider): Violation | null;
+    abstract getType(): DetectorType | string;
+    /**
+     * Generate unique violation ID
+     */
+    protected generateViolationId(): string;
+    /**
+     * Create violation object
+     */
+    protected createViolation(rule: Rule, toolData: ToolData, additionalInfo?: Record<string, unknown>): Violation;
+    /**
+     * Extract value from object using JSON path
+     */
+    protected extractValue(obj: Record<string, unknown>, path: string): unknown;
+}