agent-threat-rules 0.1.0 → 0.2.1

package/dist/action-executor.js

@@ -0,0 +1,130 @@
+/**
+ * Action Executor - Executes ATR response actions via platform adapters.
+ *
+ * Deduplicates actions, sorts by priority, and delegates execution
+ * to a PlatformAdapter. Handles per-action errors so one failure
+ * does not block the rest.
+ *
+ * @module agent-threat-rules/action-executor
+ */
+/** Priority order: lower number = higher priority (executed first) */
+const ACTION_PRIORITY = {
+    kill_agent: 0,
+    block_input: 1,
+    block_output: 2,
+    block_tool: 3,
+    quarantine_session: 4,
+    reduce_permissions: 5,
+    reset_context: 6,
+    alert: 7,
+    escalate: 8,
+    snapshot: 9,
+};
+/** Map action names to PlatformAdapter method names */
+const ACTION_METHOD_MAP = {
+    block_input: 'blockInput',
+    block_output: 'blockOutput',
+    block_tool: 'blockTool',
+    quarantine_session: 'quarantineSession',
+    reset_context: 'resetContext',
+    alert: 'alert',
+    snapshot: 'snapshot',
+    escalate: 'escalate',
+    reduce_permissions: 'reducePermissions',
+    kill_agent: 'killAgent',
+};
+export class ActionExecutor {
+    adapter;
+    dryRun;
+    onActionComplete;
+    constructor(config) {
+        this.adapter = config.adapter;
+        this.dryRun = config.dryRun ?? false;
+        this.onActionComplete = config.onActionComplete;
+    }
+    /**
+     * Execute all actions from the verdict context.
+     *
+     * Actions are deduplicated, sorted by priority, and executed
+     * sequentially. Each action is wrapped in try/catch so a single
+     * failure does not prevent subsequent actions from running.
+     *
+     * Returns a frozen array of ActionResult.
+     */
+    async execute(context) {
+        const actions = this.deduplicateAndSort(context.verdict.actions);
+        const results = [];
+        for (const action of actions) {
+            const result = await this.executeOne(action, context);
+            results.push(result);
+            if (this.onActionComplete) {
+                this.onActionComplete(result);
+            }
+        }
+        return Object.freeze(results);
+    }
+    /**
+     * Deduplicate actions and sort by priority (highest priority first).
+     */
+    deduplicateAndSort(actions) {
+        const unique = [...new Set(actions)];
+        return unique.sort((a, b) => {
+            const pa = ACTION_PRIORITY[a] ?? 99;
+            const pb = ACTION_PRIORITY[b] ?? 99;
+            return pa - pb;
+        });
+    }
+    /**
+     * Execute a single action, returning a result even on failure.
+     */
+    async executeOne(action, context) {
+        const timestamp = new Date().toISOString();
+        if (this.dryRun) {
+            return Object.freeze({
+                action,
+                success: true,
+                message: `[dry-run] Would execute: ${action}`,
+                timestamp,
+            });
+        }
+        try {
+            const methodName = ACTION_METHOD_MAP[action];
+            if (!methodName) {
+                return Object.freeze({
+                    action,
+                    success: false,
+                    message: `Unknown action: ${action}`,
+                    timestamp,
+                });
+            }
+            const method = this.adapter[methodName];
+            if (typeof method !== 'function') {
+                return Object.freeze({
+                    action,
+                    success: false,
+                    message: `Adapter "${this.adapter.name}" does not implement: ${methodName}`,
+                    timestamp,
+                });
+            }
+            return await method.call(this.adapter, context);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            return Object.freeze({
+                action,
+                success: false,
+                message: `Action "${action}" failed: ${message}`,
+                timestamp,
+            });
+        }
+    }
+    /** Get the adapter name for diagnostics */
+    getAdapterName() {
+        return this.adapter.name;
+    }
+    /** Check if dry-run mode is enabled */
+    isDryRun() {
+        return this.dryRun;
+    }
+}
+//# sourceMappingURL=action-executor.js.map

package/dist/action-executor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"action-executor.js","sourceRoot":"","sources":["../src/action-executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AASH,sEAAsE;AACtE,MAAM,eAAe,GAAwC;IAC3D,UAAU,EAAE,CAAC;IACb,WAAW,EAAE,CAAC;IACd,YAAY,EAAE,CAAC;IACf,UAAU,EAAE,CAAC;IACb,kBAAkB,EAAE,CAAC;IACrB,kBAAkB,EAAE,CAAC;IACrB,aAAa,EAAE,CAAC;IAChB,KAAK,EAAE,CAAC;IACR,QAAQ,EAAE,CAAC;IACX,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,uDAAuD;AACvD,MAAM,iBAAiB,GAAuD;IAC5E,WAAW,EAAE,YAAY;IACzB,YAAY,EAAE,aAAa;IAC3B,UAAU,EAAE,WAAW;IACvB,kBAAkB,EAAE,mBAAmB;IACvC,aAAa,EAAE,cAAc;IAC7B,KAAK,EAAE,OAAO;IACd,QAAQ,EAAE,UAAU;IACpB,QAAQ,EAAE,UAAU;IACpB,kBAAkB,EAAE,mBAAmB;IACvC,UAAU,EAAE,WAAW;CACxB,CAAC;AAQF,MAAM,OAAO,cAAc;IACR,OAAO,CAAkB;IACzB,MAAM,CAAU;IAChB,gBAAgB,CAAkC;IAEnE,YAAY,MAA4B;QACtC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,KAAK,CAAC;QACrC,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;IAClD,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,OAAO,CAAC,OAAyB;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACjE,MAAM,OAAO,GAAmB,EAAE,CAAC;QAEnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAErB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACK,kBAAkB,CACxB,OAA6B;QAE7B,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;QACrC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAC1B,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpC,MAAM,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACpC,OAAO,EAAE,GAAG,EAAE,CAAC;QACjB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CACtB,MAAiB,EACjB,OAAyB;QAEzB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE3C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,MAAM;gBACN,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,4BAA4B,MAAM,EAAE;gBAC7C,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,MAAM;oBACN,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,mBAAmB,MAAM,EAAE;oBACpC,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAEzB,CAAC;YAEd,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;gBACjC,OAAO,MAAM,CAAC,MAAM,CAAC;oBACnB,MAAM;oBACN,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,YAAY,IAAI,CAAC,OAAO,CAAC,IAAI,yBAAyB,UAAU,EAAE;oBAC3E,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;YAED,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,MAAM,CAAC,MAAM,CAAC;gBACnB,MAAM;gBACN,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,WAAW,MAAM,aAAa,OAAO,EAAE;gBAChD,SAAS;aACV,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,cAAc;QACZ,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,uCAAuC;IACvC,QAAQ;QACN,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF"}

package/dist/adapters/default-adapter.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Default Platform Adapter - No-op implementation for CLI and testing.
+ *
+ * Every method logs the action and returns a success result.
+ * This adapter is safe to use in any environment as it performs
+ * no actual enforcement.
+ *
+ * @module agent-threat-rules/adapters/default-adapter
+ */
+import type { ActionResult, ExecutionContext, PlatformAdapter } from '../types.js';
+export declare class DefaultAdapter implements PlatformAdapter {
+    readonly name = "default";
+    blockInput(ctx: ExecutionContext): Promise<ActionResult>;
+    blockOutput(ctx: ExecutionContext): Promise<ActionResult>;
+    blockTool(ctx: ExecutionContext): Promise<ActionResult>;
+    quarantineSession(ctx: ExecutionContext): Promise<ActionResult>;
+    resetContext(ctx: ExecutionContext): Promise<ActionResult>;
+    alert(ctx: ExecutionContext): Promise<ActionResult>;
+    snapshot(ctx: ExecutionContext): Promise<ActionResult>;
+    escalate(ctx: ExecutionContext): Promise<ActionResult>;
+    reducePermissions(ctx: ExecutionContext): Promise<ActionResult>;
+    killAgent(ctx: ExecutionContext): Promise<ActionResult>;
+}
+//# sourceMappingURL=default-adapter.d.ts.map

package/dist/adapters/default-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/default-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAcrB,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,IAAI,aAAa;IAEpB,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIxD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIzD,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI1D,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAInD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAItD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAItD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAI/D,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;CAG9D"}

package/dist/adapters/default-adapter.js

@@ -0,0 +1,51 @@
+/**
+ * Default Platform Adapter - No-op implementation for CLI and testing.
+ *
+ * Every method logs the action and returns a success result.
+ * This adapter is safe to use in any environment as it performs
+ * no actual enforcement.
+ *
+ * @module agent-threat-rules/adapters/default-adapter
+ */
+function createResult(action, ctx) {
+    return Object.freeze({
+        action,
+        success: true,
+        message: `[${action}] logged (no-op) for verdict: ${ctx.verdict.outcome}`,
+        timestamp: new Date().toISOString(),
+    });
+}
+export class DefaultAdapter {
+    name = 'default';
+    async blockInput(ctx) {
+        return createResult('block_input', ctx);
+    }
+    async blockOutput(ctx) {
+        return createResult('block_output', ctx);
+    }
+    async blockTool(ctx) {
+        return createResult('block_tool', ctx);
+    }
+    async quarantineSession(ctx) {
+        return createResult('quarantine_session', ctx);
+    }
+    async resetContext(ctx) {
+        return createResult('reset_context', ctx);
+    }
+    async alert(ctx) {
+        return createResult('alert', ctx);
+    }
+    async snapshot(ctx) {
+        return createResult('snapshot', ctx);
+    }
+    async escalate(ctx) {
+        return createResult('escalate', ctx);
+    }
+    async reducePermissions(ctx) {
+        return createResult('reduce_permissions', ctx);
+    }
+    async killAgent(ctx) {
+        return createResult('kill_agent', ctx);
+    }
+}
+//# sourceMappingURL=default-adapter.js.map

package/dist/adapters/default-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"default-adapter.js","sourceRoot":"","sources":["../../src/adapters/default-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,SAAS,YAAY,CACnB,MAA8B,EAC9B,GAAqB;IAErB,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM;QACN,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,IAAI,MAAM,iCAAiC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE;QACzE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,SAAS,CAAC;IAE1B,KAAK,CAAC,UAAU,CAAC,GAAqB;QACpC,OAAO,YAAY,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,OAAO,YAAY,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,OAAO,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAqB;QACtC,OAAO,YAAY,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAqB;QAC/B,OAAO,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,OAAO,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,OAAO,YAAY,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,OAAO,YAAY,CAAC,oBAAoB,EAAE,GAAG,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,OAAO,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;IACzC,CAAC;CACF"}

package/dist/adapters/stdio-adapter.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Stdio Platform Adapter - Adapter for Claude Code hook integration.
+ *
+ * Block actions write JSON responses to an internal buffer that can
+ * be flushed to stdout. Alert and snapshot actions log to stderr
+ * to avoid interfering with the JSON protocol on stdout.
+ *
+ * @module agent-threat-rules/adapters/stdio-adapter
+ */
+import type { ActionResult, ExecutionContext, PlatformAdapter } from '../types.js';
+export declare class StdioAdapter implements PlatformAdapter {
+    readonly name = "stdio";
+    private readonly responseBuffer;
+    /**
+     * Get buffered responses and clear the buffer.
+     * Returns a frozen copy.
+     */
+    flushResponses(): readonly unknown[];
+    blockInput(ctx: ExecutionContext): Promise<ActionResult>;
+    blockOutput(ctx: ExecutionContext): Promise<ActionResult>;
+    blockTool(ctx: ExecutionContext): Promise<ActionResult>;
+    quarantineSession(ctx: ExecutionContext): Promise<ActionResult>;
+    resetContext(ctx: ExecutionContext): Promise<ActionResult>;
+    alert(ctx: ExecutionContext): Promise<ActionResult>;
+    snapshot(ctx: ExecutionContext): Promise<ActionResult>;
+    escalate(ctx: ExecutionContext): Promise<ActionResult>;
+    reducePermissions(ctx: ExecutionContext): Promise<ActionResult>;
+    killAgent(ctx: ExecutionContext): Promise<ActionResult>;
+}
+//# sourceMappingURL=stdio-adapter.d.ts.map

package/dist/adapters/stdio-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-adapter.d.ts","sourceRoot":"","sources":["../../src/adapters/stdio-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,aAAa,CAAC;AAcrB,qBAAa,YAAa,YAAW,eAAe;IAClD,QAAQ,CAAC,IAAI,WAAW;IACxB,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAEhD;;;OAGG;IACH,cAAc,IAAI,SAAS,OAAO,EAAE;IAM9B,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAUxD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAUzD,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAU/D,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAS1D,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWnD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAetD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAWtD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;IAU/D,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC;CAS9D"}

package/dist/adapters/stdio-adapter.js

@@ -0,0 +1,128 @@
+/**
+ * Stdio Platform Adapter - Adapter for Claude Code hook integration.
+ *
+ * Block actions write JSON responses to an internal buffer that can
+ * be flushed to stdout. Alert and snapshot actions log to stderr
+ * to avoid interfering with the JSON protocol on stdout.
+ *
+ * @module agent-threat-rules/adapters/stdio-adapter
+ */
+function makeResult(action, message) {
+    return Object.freeze({
+        action,
+        success: true,
+        message,
+        timestamp: new Date().toISOString(),
+    });
+}
+export class StdioAdapter {
+    name = 'stdio';
+    responseBuffer = [];
+    /**
+     * Get buffered responses and clear the buffer.
+     * Returns a frozen copy.
+     */
+    flushResponses() {
+        const copy = Object.freeze([...this.responseBuffer]);
+        this.responseBuffer.length = 0;
+        return copy;
+    }
+    async blockInput(ctx) {
+        const entry = {
+            action: 'block_input',
+            verdict: ctx.verdict.outcome,
+            reason: ctx.verdict.reason,
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('block_input', 'Input blocked via stdio protocol');
+    }
+    async blockOutput(ctx) {
+        const entry = {
+            action: 'block_output',
+            verdict: ctx.verdict.outcome,
+            reason: ctx.verdict.reason,
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('block_output', 'Output blocked via stdio protocol');
+    }
+    async blockTool(ctx) {
+        const entry = {
+            action: 'block_tool',
+            verdict: ctx.verdict.outcome,
+            reason: ctx.verdict.reason,
+            tool: ctx.event.fields?.['tool_name'] ?? 'unknown',
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('block_tool', 'Tool blocked via stdio protocol');
+    }
+    async quarantineSession(ctx) {
+        const entry = {
+            action: 'quarantine_session',
+            verdict: ctx.verdict.outcome,
+            sessionId: ctx.sessionId ?? 'unknown',
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('quarantine_session', 'Session quarantined via stdio protocol');
+    }
+    async resetContext(ctx) {
+        const entry = {
+            action: 'reset_context',
+            verdict: ctx.verdict.outcome,
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('reset_context', 'Context reset via stdio protocol');
+    }
+    async alert(ctx) {
+        const alertMsg = {
+            type: 'alert',
+            severity: ctx.verdict.highestSeverity,
+            reason: ctx.verdict.reason,
+            matchCount: ctx.verdict.matchCount,
+        };
+        process.stderr.write(JSON.stringify(alertMsg) + '\n');
+        return makeResult('alert', 'Alert written to stderr');
+    }
+    async snapshot(ctx) {
+        const snapshotData = {
+            type: 'snapshot',
+            event: {
+                type: ctx.event.type,
+                contentPreview: ctx.event.content.slice(0, 200),
+            },
+            verdict: ctx.verdict.outcome,
+            matchCount: ctx.verdict.matchCount,
+            timestamp: new Date().toISOString(),
+        };
+        process.stderr.write(JSON.stringify(snapshotData) + '\n');
+        return makeResult('snapshot', 'Snapshot written to stderr');
+    }
+    async escalate(ctx) {
+        const escalation = {
+            type: 'escalation',
+            severity: ctx.verdict.highestSeverity,
+            reason: ctx.verdict.reason,
+            matchCount: ctx.verdict.matchCount,
+        };
+        process.stderr.write(JSON.stringify(escalation) + '\n');
+        return makeResult('escalate', 'Escalation written to stderr');
+    }
+    async reducePermissions(ctx) {
+        const entry = {
+            action: 'reduce_permissions',
+            verdict: ctx.verdict.outcome,
+            reason: ctx.verdict.reason,
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('reduce_permissions', 'Permissions reduced via stdio protocol');
+    }
+    async killAgent(ctx) {
+        const entry = {
+            action: 'kill_agent',
+            verdict: ctx.verdict.outcome,
+            reason: ctx.verdict.reason,
+        };
+        this.responseBuffer.push(entry);
+        return makeResult('kill_agent', 'Agent kill requested via stdio protocol');
+    }
+}
+//# sourceMappingURL=stdio-adapter.js.map

package/dist/adapters/stdio-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stdio-adapter.js","sourceRoot":"","sources":["../../src/adapters/stdio-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,SAAS,UAAU,CACjB,MAA8B,EAC9B,OAAe;IAEf,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,MAAM;QACN,OAAO,EAAE,IAAI;QACb,OAAO;QACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,YAAY;IACd,IAAI,GAAG,OAAO,CAAC;IACP,cAAc,GAAc,EAAE,CAAC;IAEhD;;;OAGG;IACH,cAAc;QACZ,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAqB;QACpC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,aAAa;YACrB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,aAAa,EAAE,kCAAkC,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,GAAqB;QACrC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,cAAc,EAAE,mCAAmC,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,SAAS;SACnD,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,YAAY,EAAE,iCAAiC,CAAC,CAAC;IACrE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,SAAS;SACtC,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,oBAAoB,EAAE,wCAAwC,CAAC,CAAC;IACpF,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,GAAqB;QACtC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;SAC7B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,eAAe,EAAE,kCAAkC,CAAC,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAqB;QAC/B,MAAM,QAAQ,GAAG;YACf,IAAI,EAAE,OAAO;YACb,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;YACrC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;SACnC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;QACtD,OAAO,UAAU,CAAC,OAAO,EAAE,yBAAyB,CAAC,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,MAAM,YAAY,GAAG;YACnB,IAAI,EAAE,UAAU;YAChB,KAAK,EAAE;gBACL,IAAI,EAAE,GAAG,CAAC,KAAK,CAAC,IAAI;gBACpB,cAAc,EAAE,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;aAChD;YACD,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;YAClC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1D,OAAO,UAAU,CAAC,UAAU,EAAE,4BAA4B,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,GAAqB;QAClC,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE,GAAG,CAAC,OAAO,CAAC,eAAe;YACrC,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;YAC1B,UAAU,EAAE,GAAG,CAAC,OAAO,CAAC,UAAU;SACnC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC;QACxD,OAAO,UAAU,CAAC,UAAU,EAAE,8BAA8B,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,GAAqB;QAC3C,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,oBAAoB;YAC5B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,oBAAoB,EAAE,wCAAwC,CAAC,CAAC;IACpF,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,GAAqB;QACnC,MAAM,KAAK,GAAG;YACZ,MAAM,EAAE,YAAY;YACpB,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,OAAO;YAC5B,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM;SAC3B,CAAC;QACF,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC,YAAY,EAAE,yCAAyC,CAAC,CAAC;IAC7E,CAAC;CACF"}

package/dist/cli.js

@@ -38,11 +38,17 @@ ${BOLD}Usage:${RESET}
   atr validate <rule.yaml|dir>             Validate rule file(s)
   atr test <rule.yaml|dir>                 Run embedded test cases
   atr stats [--rules <dir>]                Show rule collection statistics
+  atr guard [--rules <dir>] [--dry-run]    Start as Claude Code hook (stdio)
+  atr mcp                                  Start MCP server (stdio transport)
+  atr scaffold                             Interactive rule scaffolding
 
 ${BOLD}Options:${RESET}
   --rules <dir>    Custom rules directory (default: bundled rules)
   --json           Output results as JSON
   --severity <s>   Minimum severity to report (critical|high|medium|low|informational)
+  --dry-run        Log actions without executing (guard mode)
+  --fail-open      Default to allow on errors (guard mode, default: true)
+  --timeout <ms>   Evaluation timeout in ms (guard mode, default: 5000)
   --help           Show this help message
 
 ${BOLD}Examples:${RESET}
@@ -57,6 +63,15 @@ ${BOLD}Examples:${RESET}
 
   ${DIM}# Show stats for bundled rules${RESET}
   atr stats
+
+  ${DIM}# Run as a Claude Code guard hook${RESET}
+  atr guard --rules ./my-rules
+
+  ${DIM}# Start MCP server for AI agent integration${RESET}
+  atr mcp
+
+  ${DIM}# Interactively scaffold a new rule${RESET}
+  atr scaffold
 `);
 }
 function parseArgs(argv) {
@@ -67,7 +82,7 @@ function parseArgs(argv) {
     for (let i = 1; i < args.length; i++) {
         if (args[i].startsWith('--')) {
             const key = args[i].slice(2);
-            if (key === 'json' || key === 'help') {
+            if (key === 'json' || key === 'help' || key === 'dry-run' || key === 'fail-open') {
                 options[key] = 'true';
             }
             else {
@@ -511,6 +526,100 @@ function cmdStats(options) {
     }
     console.log('');
 }
+// --- GUARD command ---
+async function cmdGuard(options) {
+    const rulesDir = options['rules'] ? resolve(options['rules']) : RULES_DIR;
+    const dryRun = options['dry-run'] === 'true';
+    const failOpen = options['fail-open'] !== 'false';
+    const timeoutMs = options['timeout'] ? parseInt(options['timeout'], 10) : 5000;
+    const { ActionExecutor } = await import('./action-executor.js');
+    const { StdioAdapter } = await import('./adapters/stdio-adapter.js');
+    const { HookHandler } = await import('./hook-handler.js');
+    const engine = new ATREngine({ rulesDir });
+    const ruleCount = await engine.loadRules();
+    const adapter = new StdioAdapter();
+    const executor = new ActionExecutor({ adapter, dryRun });
+    const handler = new HookHandler({ engine, executor, timeoutMs, failOpen });
+    process.stderr.write(`[atr-guard] Loaded ${ruleCount} rules from ${rulesDir}` +
+        `${dryRun ? ' (dry-run)' : ''}\n`);
+    await handler.startStdioLoop();
+}
+// --- MCP command ---
+async function cmdMcp() {
+    const { startMCPServer } = await import('./mcp-server.js');
+    await startMCPServer();
+}
+// --- SCAFFOLD command ---
+async function cmdScaffold() {
+    const { createInterface } = await import('node:readline');
+    const { RuleScaffolder } = await import('./rule-scaffolder.js');
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const ask = (question) => new Promise((resolve) => rl.question(question, resolve));
+    console.log(`\n${BOLD}ATR Rule Scaffolder${RESET}`);
+    console.log(`${DIM}Generate a draft ATR detection rule interactively.${RESET}\n`);
+    const title = await ask('Rule title: ');
+    if (!title.trim()) {
+        console.error(`${RED}Error: Title is required.${RESET}`);
+        rl.close();
+        process.exit(1);
+    }
+    const categories = [
+        'prompt-injection', 'tool-poisoning', 'context-exfiltration',
+        'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
+        'data-poisoning', 'model-abuse', 'skill-compromise',
+    ];
+    console.log(`\nCategories: ${categories.join(', ')}`);
+    const category = await ask('Category: ');
+    if (!categories.includes(category.trim())) {
+        console.error(`${RED}Error: Invalid category.${RESET}`);
+        rl.close();
+        process.exit(1);
+    }
+    const attackDescription = await ask('Attack description: ');
+    if (!attackDescription.trim()) {
+        console.error(`${RED}Error: Description is required.${RESET}`);
+        rl.close();
+        process.exit(1);
+    }
+    console.log('\nEnter example payloads (one per line, empty line to finish):');
+    const payloads = [];
+    while (true) {
+        const payload = await ask(`  Payload ${payloads.length + 1}: `);
+        if (!payload.trim())
+            break;
+        payloads.push(payload.trim());
+    }
+    if (payloads.length === 0) {
+        console.error(`${RED}Error: At least one example payload is required.${RESET}`);
+        rl.close();
+        process.exit(1);
+    }
+    const severities = ['critical', 'high', 'medium', 'low', 'informational'];
+    const severity = await ask(`Severity [${severities.join('/')}] (default: medium): `);
+    const finalSeverity = severity.trim() && severities.includes(severity.trim())
+        ? severity.trim()
+        : 'medium';
+    rl.close();
+    const scaffolder = new RuleScaffolder();
+    const result = scaffolder.scaffold({
+        title: title.trim(),
+        category: category.trim(),
+        attackDescription: attackDescription.trim(),
+        examplePayloads: payloads,
+        severity: finalSeverity,
+    });
+    console.log(`\n${GREEN}Generated rule ${result.id}:${RESET}\n`);
+    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
+    console.log(result.yaml);
+    console.log(`${DIM}${'─'.repeat(60)}${RESET}`);
+    if (result.warnings.length > 0) {
+        console.log(`\n${BOLD}Warnings:${RESET}`);
+        for (const w of result.warnings) {
+            console.log(`  - ${w}`);
+        }
+    }
+    console.log(`\n${DIM}Copy this YAML to a .yaml file in rules/${category.trim()}/ and validate with: atr validate <file>${RESET}\n`);
+}
 // --- Main ---
 async function main() {
     const { command, target, options } = parseArgs(process.argv);
@@ -531,6 +640,15 @@ async function main() {
         case 'stats':
             cmdStats(options);
             break;
+        case 'guard':
+            await cmdGuard(options);
+            break;
+        case 'mcp':
+            await cmdMcp();
+            break;
+        case 'scaffold':
+            await cmdScaffold();
+            break;
         default:
             console.error(`${RED}Unknown command: ${command}${RESET}`);
             printUsage();