agent-threat-rules 0.1.0 → 0.2.1

package/dist/mcp-tools/scan.d.ts

@@ -0,0 +1,24 @@
+/**
+ * atr_scan MCP tool - Scan content for agent threats
+ *
+ * Runs all configured detection layers:
+ * - Layer 1: Regex pattern matching (always)
+ * - Layer 2: Skill behavioral fingerprinting (if configured)
+ * - Layer 3: Semantic LLM-as-judge (if configured and triggered)
+ *
+ * @module agent-threat-rules/mcp-tools/scan
+ */
+import type { ATREngine } from '../engine.js';
+export interface ScanInput {
+    content: string;
+    event_type?: string;
+    min_severity?: string;
+}
+export declare function handleScan(engine: ATREngine, args: Record<string, unknown>): Promise<{
+    content: Array<{
+        type: string;
+        text: string;
+    }>;
+    isError?: boolean;
+}>;
+//# sourceMappingURL=scan.d.ts.map

package/dist/mcp-tools/scan.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../../src/mcp-tools/scan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAG9C,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAmBD,wBAAsB,UAAU,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC;IAC1F,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC,CAsED"}

package/dist/mcp-tools/scan.js

@@ -0,0 +1,87 @@
+/**
+ * atr_scan MCP tool - Scan content for agent threats
+ *
+ * Runs all configured detection layers:
+ * - Layer 1: Regex pattern matching (always)
+ * - Layer 2: Skill behavioral fingerprinting (if configured)
+ * - Layer 3: Semantic LLM-as-judge (if configured and triggered)
+ *
+ * @module agent-threat-rules/mcp-tools/scan
+ */
+const SEVERITY_ORDER = {
+    informational: 0,
+    low: 1,
+    medium: 2,
+    high: 3,
+    critical: 4,
+};
+const VALID_EVENT_TYPES = new Set([
+    'llm_input',
+    'llm_output',
+    'tool_call',
+    'tool_response',
+    'agent_behavior',
+    'multi_agent_message',
+]);
+export async function handleScan(engine, args) {
+    const content = args['content'];
+    if (typeof content !== 'string' || content.trim().length === 0) {
+        return {
+            content: [{ type: 'text', text: 'Error: "content" is required and must be a non-empty string.' }],
+            isError: true,
+        };
+    }
+    const eventTypeRaw = args['event_type'] ?? 'llm_input';
+    if (!VALID_EVENT_TYPES.has(eventTypeRaw)) {
+        return {
+            content: [{ type: 'text', text: `Error: Invalid event_type "${eventTypeRaw}". Valid types: ${[...VALID_EVENT_TYPES].join(', ')}` }],
+            isError: true,
+        };
+    }
+    const minSeverity = (args['min_severity'] ?? 'informational').toLowerCase();
+    if (!(minSeverity in SEVERITY_ORDER)) {
+        return {
+            content: [{ type: 'text', text: `Error: Invalid min_severity "${minSeverity}". Valid: informational, low, medium, high, critical` }],
+            isError: true,
+        };
+    }
+    const minIdx = SEVERITY_ORDER[minSeverity] ?? 0;
+    const event = {
+        type: eventTypeRaw,
+        timestamp: new Date().toISOString(),
+        content: content,
+        fields: {
+            user_input: content,
+            agent_output: content,
+            tool_response: content,
+            content: content,
+        },
+    };
+    // Use evaluateWithVerdict() to run all configured layers
+    const { verdict, layersUsed } = await engine.evaluateWithVerdict(event);
+    const filtered = verdict.matches.filter((m) => (SEVERITY_ORDER[m.rule.severity] ?? 0) >= minIdx);
+    const result = {
+        threats_found: filtered.length,
+        scan_timestamp: event.timestamp,
+        event_type: eventTypeRaw,
+        layers_used: layersUsed,
+        verdict: {
+            outcome: verdict.outcome,
+            reason: verdict.reason,
+        },
+        matches: filtered.map((m) => ({
+            rule_id: m.rule.id,
+            title: m.rule.title,
+            severity: m.rule.severity,
+            category: m.rule.tags.category,
+            confidence: Math.round(m.confidence * 100),
+            description: m.rule.description,
+            matched_patterns: m.matchedPatterns,
+            recommended_actions: m.rule.response.actions,
+        })),
+    };
+    return {
+        content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+    };
+}
+//# sourceMappingURL=scan.js.map

package/dist/mcp-tools/scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scan.js","sourceRoot":"","sources":["../../src/mcp-tools/scan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAWH,MAAM,cAAc,GAA2B;IAC7C,aAAa,EAAE,CAAC;IAChB,GAAG,EAAE,CAAC;IACN,MAAM,EAAE,CAAC;IACT,IAAI,EAAE,CAAC;IACP,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,MAAM,iBAAiB,GAAwB,IAAI,GAAG,CAAC;IACrD,WAAW;IACX,YAAY;IACZ,WAAW;IACX,eAAe;IACf,gBAAgB;IAChB,qBAAqB;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,MAAiB,EAAE,IAA6B;IAI/E,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;IAChC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,8DAA8D,EAAE,CAAC;YACjG,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAI,IAAI,CAAC,YAAY,CAAY,IAAI,WAAW,CAAC;IACnE,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACzC,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,8BAA8B,YAAY,mBAAmB,CAAC,GAAG,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACnI,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,CAAE,IAAI,CAAC,cAAc,CAAY,IAAI,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;IACxF,IAAI,CAAC,CAAC,WAAW,IAAI,cAAc,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,gCAAgC,WAAW,sDAAsD,EAAE,CAAC;YACpI,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,cAAc,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAEhD,MAAM,KAAK,GAAe;QACxB,IAAI,EAAE,YAA8B;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,OAAO,EAAE,OAAO;QAChB,MAAM,EAAE;YACN,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,OAAO;YACrB,aAAa,EAAE,OAAO;YACtB,OAAO,EAAE,OAAO;SACjB;KACF,CAAC;IAEF,yDAAyD;IACzD,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CACrC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,CACxD,CAAC;IAEF,MAAM,MAAM,GAAG;QACb,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,cAAc,EAAE,KAAK,CAAC,SAAS;QAC/B,UAAU,EAAE,YAAY;QACxB,WAAW,EAAE,UAAU;QACvB,OAAO,EAAE;YACP,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB;QACD,OAAO,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5B,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE;YAClB,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK;YACnB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ;YACzB,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ;YAC9B,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC;YAC1C,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW;YAC/B,gBAAgB,EAAE,CAAC,CAAC,eAAe;YACnC,mBAAmB,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO;SAC7C,CAAC,CAAC;KACJ,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC"}

package/dist/mcp-tools/submit-proposal.d.ts

@@ -0,0 +1,12 @@
+/**
+ * atr_submit_proposal MCP tool - Generate ATR rule draft from threat description
+ * @module agent-threat-rules/mcp-tools/submit-proposal
+ */
+export declare function handleSubmitProposal(args: Record<string, unknown>): {
+    content: Array<{
+        type: string;
+        text: string;
+    }>;
+    isError?: boolean;
+};
+//# sourceMappingURL=submit-proposal.d.ts.map

package/dist/mcp-tools/submit-proposal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"submit-proposal.d.ts","sourceRoot":"","sources":["../../src/mcp-tools/submit-proposal.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAyBH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IACnE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CA+EA"}

package/dist/mcp-tools/submit-proposal.js

@@ -0,0 +1,95 @@
+/**
+ * atr_submit_proposal MCP tool - Generate ATR rule draft from threat description
+ * @module agent-threat-rules/mcp-tools/submit-proposal
+ */
+import { RuleScaffolder } from '../rule-scaffolder.js';
+const VALID_CATEGORIES = new Set([
+    'prompt-injection',
+    'tool-poisoning',
+    'context-exfiltration',
+    'agent-manipulation',
+    'privilege-escalation',
+    'excessive-autonomy',
+    'data-poisoning',
+    'model-abuse',
+    'skill-compromise',
+]);
+const VALID_SEVERITIES = new Set([
+    'critical',
+    'high',
+    'medium',
+    'low',
+    'informational',
+]);
+export function handleSubmitProposal(args) {
+    const title = args['title'];
+    const category = args['category'];
+    const attackDescription = args['attack_description'];
+    const examplePayloads = args['example_payloads'];
+    const severity = args['severity'];
+    const mitreRefs = args['mitre_refs'];
+    // Validate required fields
+    if (typeof title !== 'string' || title.trim().length === 0) {
+        return {
+            content: [{ type: 'text', text: 'Error: "title" is required and must be a non-empty string.' }],
+            isError: true,
+        };
+    }
+    if (typeof category !== 'string' || !VALID_CATEGORIES.has(category)) {
+        return {
+            content: [{ type: 'text', text: `Error: "category" must be one of: ${[...VALID_CATEGORIES].join(', ')}` }],
+            isError: true,
+        };
+    }
+    if (typeof attackDescription !== 'string' || attackDescription.trim().length === 0) {
+        return {
+            content: [{ type: 'text', text: 'Error: "attack_description" is required and must be a non-empty string.' }],
+            isError: true,
+        };
+    }
+    if (!Array.isArray(examplePayloads) || examplePayloads.length === 0) {
+        return {
+            content: [{ type: 'text', text: 'Error: "example_payloads" must be a non-empty array of strings.' }],
+            isError: true,
+        };
+    }
+    for (const payload of examplePayloads) {
+        if (typeof payload !== 'string') {
+            return {
+                content: [{ type: 'text', text: 'Error: All items in "example_payloads" must be strings.' }],
+                isError: true,
+            };
+        }
+    }
+    if (severity && !VALID_SEVERITIES.has(severity)) {
+        return {
+            content: [{ type: 'text', text: `Error: "severity" must be one of: ${[...VALID_SEVERITIES].join(', ')}` }],
+            isError: true,
+        };
+    }
+    const scaffolder = new RuleScaffolder();
+    const result = scaffolder.scaffold({
+        title: title.trim(),
+        category: category,
+        attackDescription: attackDescription.trim(),
+        examplePayloads: examplePayloads.map((p) => p.trim()),
+        severity: severity,
+        mitreRefs: mitreRefs,
+    });
+    const response = {
+        generated_id: result.id,
+        warnings: result.warnings,
+        yaml_rule: result.yaml,
+        next_steps: [
+            'Review and refine the generated detection patterns',
+            'Add more specific regex patterns for your use case',
+            'Test with atr_scan using example payloads',
+            'Validate with atr_validate_rule before submitting',
+            'Submit as a PR to the ATR repository',
+        ],
+    };
+    return {
+        content: [{ type: 'text', text: JSON.stringify(response, null, 2) }],
+    };
+}
+//# sourceMappingURL=submit-proposal.js.map

package/dist/mcp-tools/submit-proposal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"submit-proposal.js","sourceRoot":"","sources":["../../src/mcp-tools/submit-proposal.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAGvD,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;IACpD,kBAAkB;IAClB,gBAAgB;IAChB,sBAAsB;IACtB,oBAAoB;IACpB,sBAAsB;IACtB,oBAAoB;IACpB,gBAAgB;IAChB,aAAa;IACb,kBAAkB;CACnB,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;IACpD,UAAU;IACV,MAAM;IACN,QAAQ;IACR,KAAK;IACL,eAAe;CAChB,CAAC,CAAC;AAEH,MAAM,UAAU,oBAAoB,CAAC,IAA6B;IAIhE,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAClC,MAAM,iBAAiB,GAAG,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAuB,CAAC;IACxD,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAyB,CAAC;IAE7D,2BAA2B;IAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4DAA4D,EAAE,CAAC;YAC/F,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpE,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,qCAAqC,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YAC1G,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,iBAAiB,KAAK,QAAQ,IAAI,iBAAiB,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,yEAAyE,EAAE,CAAC;YAC5G,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iEAAiE,EAAE,CAAC;YACpG,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,yDAAyD,EAAE,CAAC;gBAC5F,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChD,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,qCAAqC,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YAC1G,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,cAAc,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC;QACjC,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE;QACnB,QAAQ,EAAE,QAAuB;QACjC,iBAAiB,EAAE,iBAAiB,CAAC,IAAI,EAAE;QAC3C,eAAe,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7D,QAAQ,EAAE,QAAmC;QAC7C,SAAS,EAAE,SAAS;KACrB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG;QACf,YAAY,EAAE,MAAM,CAAC,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,MAAM,CAAC,IAAI;QACtB,UAAU,EAAE;YACV,oDAAoD;YACpD,oDAAoD;YACpD,2CAA2C;YAC3C,mDAAmD;YACnD,sCAAsC;SACvC;KACF,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACrE,CAAC;AACJ,CAAC"}

package/dist/mcp-tools/threat-summary.d.ts

@@ -0,0 +1,12 @@
+/**
+ * atr_threat_summary MCP tool - Aggregate threat statistics
+ * @module agent-threat-rules/mcp-tools/threat-summary
+ */
+import type { ATREngine } from '../engine.js';
+export declare function handleThreatSummary(engine: ATREngine, args: Record<string, unknown>): {
+    content: Array<{
+        type: string;
+        text: string;
+    }>;
+};
+//# sourceMappingURL=threat-summary.d.ts.map

package/dist/mcp-tools/threat-summary.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-summary.d.ts","sourceRoot":"","sources":["../../src/mcp-tools/threat-summary.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAE9C,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IACrF,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChD,CA8EA"}

package/dist/mcp-tools/threat-summary.js

@@ -0,0 +1,74 @@
+/**
+ * atr_threat_summary MCP tool - Aggregate threat statistics
+ * @module agent-threat-rules/mcp-tools/threat-summary
+ */
+export function handleThreatSummary(engine, args) {
+    const category = args['category'];
+    const rules = [...engine.getRules()];
+    const filtered = category
+        ? rules.filter((r) => r.tags.category === category)
+        : rules;
+    // Aggregate by category
+    const byCategory = {};
+    for (const rule of filtered) {
+        const cat = rule.tags.category;
+        byCategory[cat] = (byCategory[cat] ?? 0) + 1;
+    }
+    // Aggregate by severity
+    const bySeverity = {};
+    for (const rule of filtered) {
+        bySeverity[rule.severity] = (bySeverity[rule.severity] ?? 0) + 1;
+    }
+    // Aggregate by status
+    const byStatus = {};
+    for (const rule of filtered) {
+        byStatus[rule.status] = (byStatus[rule.status] ?? 0) + 1;
+    }
+    // Aggregate by source type
+    const bySourceType = {};
+    for (const rule of filtered) {
+        const src = rule.agent_source.type;
+        bySourceType[src] = (bySourceType[src] ?? 0) + 1;
+    }
+    // Count test cases
+    let totalTestCases = 0;
+    let rulesWithTests = 0;
+    for (const rule of filtered) {
+        if (rule.test_cases) {
+            rulesWithTests++;
+            totalTestCases +=
+                (rule.test_cases.true_positives?.length ?? 0) +
+                    (rule.test_cases.true_negatives?.length ?? 0);
+        }
+    }
+    // Top actions
+    const actionCounts = {};
+    for (const rule of filtered) {
+        for (const action of rule.response.actions) {
+            actionCounts[action] = (actionCounts[action] ?? 0) + 1;
+        }
+    }
+    const topActions = Object.entries(actionCounts)
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, 5)
+        .map(([action, count]) => ({ action, count }));
+    const result = {
+        summary_timestamp: new Date().toISOString(),
+        ...(category ? { filtered_category: category } : {}),
+        total_rules: filtered.length,
+        by_category: byCategory,
+        by_severity: bySeverity,
+        by_status: byStatus,
+        by_source_type: bySourceType,
+        test_coverage: {
+            rules_with_tests: rulesWithTests,
+            rules_without_tests: filtered.length - rulesWithTests,
+            total_test_cases: totalTestCases,
+        },
+        top_response_actions: topActions,
+    };
+    return {
+        content: [{ type: 'text', text: JSON.stringify(result, null, 2) }],
+    };
+}
+//# sourceMappingURL=threat-summary.js.map

package/dist/mcp-tools/threat-summary.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"threat-summary.js","sourceRoot":"","sources":["../../src/mcp-tools/threat-summary.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,MAAM,UAAU,mBAAmB,CAAC,MAAiB,EAAE,IAA6B;IAGlF,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAuB,CAAC;IACxD,MAAM,KAAK,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,QAAQ;QACvB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC;QACnD,CAAC,CAAC,KAAK,CAAC;IAEV,wBAAwB;IACxB,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC/B,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAA2B,EAAE,CAAC;IAC9C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,sBAAsB;IACtB,MAAM,QAAQ,GAA2B,EAAE,CAAC;IAC5C,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,2BAA2B;IAC3B,MAAM,YAAY,GAA2B,EAAE,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;QACnC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC;IAED,mBAAmB;IACnB,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,cAAc,EAAE,CAAC;YACjB,cAAc;gBACZ,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC,CAAC;oBAC7C,CAAC,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,cAAc;IACd,MAAM,YAAY,GAA2B,EAAE,CAAC;IAChD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC3C,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACzD,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC;SAC5C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;SAC3B,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;SACX,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG;QACb,iBAAiB,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC3C,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpD,WAAW,EAAE,QAAQ,CAAC,MAAM;QAC5B,WAAW,EAAE,UAAU;QACvB,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,QAAQ;QACnB,cAAc,EAAE,YAAY;QAC5B,aAAa,EAAE;YACb,gBAAgB,EAAE,cAAc;YAChC,mBAAmB,EAAE,QAAQ,CAAC,MAAM,GAAG,cAAc;YACrD,gBAAgB,EAAE,cAAc;SACjC;QACD,oBAAoB,EAAE,UAAU;KACjC,CAAC;IAEF,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;KACnE,CAAC;AACJ,CAAC"}

package/dist/mcp-tools/validate.d.ts

@@ -0,0 +1,15 @@
+/**
+ * atr_validate_rule MCP tool - Validate ATR rule YAML
+ * @module agent-threat-rules/mcp-tools/validate
+ */
+export interface ValidateInput {
+    yaml_content: string;
+}
+export declare function handleValidate(args: Record<string, unknown>): {
+    content: Array<{
+        type: string;
+        text: string;
+    }>;
+    isError?: boolean;
+};
+//# sourceMappingURL=validate.d.ts.map

package/dist/mcp-tools/validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/mcp-tools/validate.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IAC7D,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAwCA"}

package/dist/mcp-tools/validate.js

@@ -0,0 +1,45 @@
+/**
+ * atr_validate_rule MCP tool - Validate ATR rule YAML
+ * @module agent-threat-rules/mcp-tools/validate
+ */
+import yaml from 'js-yaml';
+import { validateRule } from '../loader.js';
+export function handleValidate(args) {
+    const yamlContent = args['yaml_content'];
+    if (typeof yamlContent !== 'string' || yamlContent.trim().length === 0) {
+        return {
+            content: [{ type: 'text', text: 'Error: "yaml_content" is required and must be a non-empty string.' }],
+            isError: true,
+        };
+    }
+    try {
+        const parsed = yaml.load(yamlContent);
+        if (!parsed || typeof parsed !== 'object') {
+            return {
+                content: [{ type: 'text', text: JSON.stringify({ valid: false, errors: ['YAML parsed to a non-object value.'] }, null, 2) }],
+            };
+        }
+        const result = validateRule(parsed);
+        const response = {
+            valid: result.valid,
+            errors: result.errors,
+            parsed_fields: {
+                id: parsed['id'] ?? null,
+                title: parsed['title'] ?? null,
+                severity: parsed['severity'] ?? null,
+                category: parsed['tags']?.['category'] ?? null,
+                status: parsed['status'] ?? null,
+            },
+        };
+        return {
+            content: [{ type: 'text', text: JSON.stringify(response, null, 2) }],
+        };
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return {
+            content: [{ type: 'text', text: JSON.stringify({ valid: false, errors: [`YAML parse error: ${msg}`] }, null, 2) }],
+        };
+    }
+}
+//# sourceMappingURL=validate.js.map

package/dist/mcp-tools/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/mcp-tools/validate.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,IAAI,MAAM,SAAS,CAAC;AAC3B,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAM5C,MAAM,UAAU,cAAc,CAAC,IAA6B;IAI1D,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IACzC,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvE,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,mEAAmE,EAAE,CAAC;YACtG,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC1C,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,oCAAoC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAC7H,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACf,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,aAAa,EAAE;gBACb,EAAE,EAAG,MAAkC,CAAC,IAAI,CAAC,IAAI,IAAI;gBACrD,KAAK,EAAG,MAAkC,CAAC,OAAO,CAAC,IAAI,IAAI;gBAC3D,QAAQ,EAAG,MAAkC,CAAC,UAAU,CAAC,IAAI,IAAI;gBACjE,QAAQ,EAAI,MAAkC,CAAC,MAAM,CAAyC,EAAE,CAAC,UAAU,CAAC,IAAI,IAAI;gBACpH,MAAM,EAAG,MAAkC,CAAC,QAAQ,CAAC,IAAI,IAAI;aAC9D;SACF,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACrE,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,qBAAqB,GAAG,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACnH,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/modules/index.d.ts

@@ -6,12 +6,13 @@
  *
  * Built-in modules:
  * - session: Cross-event behavioral analysis using SessionTracker
+ * - semantic: AI-driven semantic threat analysis using LLM-as-judge (v0.2)
  *
  * Reserved namespaces (planned):
- * - embedding: Semantic similarity detection (v0.2)
- * - protocol: MCP/transport-level inspection (v0.2)
- * - entropy: Information-theoretic anomaly detection (v0.3)
- * - tokenizer: Token-level analysis for smuggling detection (v0.3)
+ * - embedding: Vector similarity detection (v0.3)
+ * - protocol: MCP/transport-level inspection (v0.3)
+ * - entropy: Information-theoretic anomaly detection (v0.4)
+ * - tokenizer: Token-level analysis for smuggling detection (v0.4)
  *
  * @module agent-threat-rules/modules
  */

package/dist/modules/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,yCAAyC;IACzC,QAAQ,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;IAC7C,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,SAAS;IACxB,6CAA6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,iCAAiC;IACjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B,qBAAqB;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,aAAa,CAAC;QAChC,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,aAAa,CAAC;YAClB,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;YACtC,QAAQ,EAAE,OAAO,CAAC;YAClB,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;KACJ,CAAC,CAAC;IAEH;;;OAGG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;;;;;OAMG;IACH,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAE/E;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgC;IAExD,yEAAyE;IACzE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAM7B;IAEH;;;OAGG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI;IAOjC;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIjC;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAIxC;;OAEG;IACH,IAAI,IAAI,aAAa,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAQ7E;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAKlC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,yCAAyC;IACzC,QAAQ,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,CAAC;IAC7C,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,sEAAsE;IACtE,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,SAAS;IACxB,6CAA6C;IAC7C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IAEtB,iCAAiC;IACjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAE7B,qBAAqB;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IAEzB;;;OAGG;IACH,QAAQ,CAAC,SAAS,EAAE,aAAa,CAAC;QAChC,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,aAAa,CAAC;YAClB,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;YACtC,QAAQ,EAAE,OAAO,CAAC;YAClB,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;KACJ,CAAC,CAAC;IAEH;;;OAGG;IACH,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5B;;;;;;OAMG;IACH,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAE/E;;OAEG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgC;IAExD,yEAAyE;IACzE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAO7B;IAEH;;;OAGG;IACH,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI;IAOjC;;OAEG;IACH,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIjC;;OAEG;IACH,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,SAAS;IAIxC;;OAEG;IACH,IAAI,IAAI,aAAa,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAQ7E;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;CAKlC"}

package/dist/modules/index.js

@@ -6,12 +6,13 @@
  *
  * Built-in modules:
  * - session: Cross-event behavioral analysis using SessionTracker
+ * - semantic: AI-driven semantic threat analysis using LLM-as-judge (v0.2)
  *
  * Reserved namespaces (planned):
- * - embedding: Semantic similarity detection (v0.2)
- * - protocol: MCP/transport-level inspection (v0.2)
- * - entropy: Information-theoretic anomaly detection (v0.3)
- * - tokenizer: Token-level analysis for smuggling detection (v0.3)
+ * - embedding: Vector similarity detection (v0.3)
+ * - protocol: MCP/transport-level inspection (v0.3)
+ * - entropy: Information-theoretic anomaly detection (v0.4)
+ * - tokenizer: Token-level analysis for smuggling detection (v0.4)
  *
  * @module agent-threat-rules/modules
  */
@@ -23,6 +24,7 @@ export class ModuleRegistry {
     /** Reserved module namespaces (cannot be registered by third parties) */
     static RESERVED = new Set([
         'session',
+        'semantic',
         'embedding',
         'protocol',
         'entropy',

package/dist/modules/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAoGH;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAExD,yEAAyE;IACjE,MAAM,CAAU,QAAQ,GAAG,IAAI,GAAG,CAAC;QACzC,SAAS;QACT,WAAW;QACX,UAAU;QACV,SAAS;QACT,WAAW;KACZ,CAAC,CAAC;IAEH;;;OAGG;IACH,QAAQ,CAAC,MAAiB;QACxB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,WAAW,MAAM,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAY;QACrB,OAAO,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC;IACH,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/modules/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAoGH;;GAEG;AACH,MAAM,OAAO,cAAc;IACR,OAAO,GAAG,IAAI,GAAG,EAAqB,CAAC;IAExD,yEAAyE;IACjE,MAAM,CAAU,QAAQ,GAAG,IAAI,GAAG,CAAC;QACzC,SAAS;QACT,UAAU;QACV,WAAW;QACX,UAAU;QACV,SAAS;QACT,WAAW;KACZ,CAAC,CAAC;IAEH;;;OAGG;IACH,QAAQ,CAAC,MAAiB;QACxB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,WAAW,MAAM,CAAC,IAAI,yBAAyB,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAY;QACrB,OAAO,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACH,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW;SAC3B,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,MAAM,MAAM,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC;IACH,CAAC"}

package/dist/modules/semantic.d.ts

@@ -0,0 +1,105 @@
+/**
+ * ATR Semantic Module (Layer 3)
+ *
+ * AI-driven semantic analysis for detecting threats that bypass
+ * regex patterns (Layer 1) and behavioral fingerprinting (Layer 2).
+ *
+ * Uses LLM-as-judge to evaluate whether an agent event represents
+ * a genuine threat, even when the attacker uses:
+ * - Semantic paraphrasing to avoid keyword matching
+ * - Multi-language injection (non-English payloads)
+ * - Context-aware social engineering
+ * - Novel attack patterns not yet in the rule set
+ *
+ * Provider-agnostic: works with any OpenAI-compatible API.
+ *
+ * @module agent-threat-rules/modules/semantic
+ */
+import type { AgentEvent } from '../types.js';
+import type { ATRModule, ModuleCondition, ModuleResult } from './index.js';
+export interface SemanticModuleConfig {
+    /** OpenAI-compatible API endpoint */
+    apiUrl: string;
+    /** API key */
+    apiKey: string;
+    /** Model to use (default: gpt-4o-mini for cost efficiency) */
+    model?: string;
+    /** Max tokens for analysis (default: 512) */
+    maxTokens?: number;
+    /** Temperature (default: 0.1 for consistency) */
+    temperature?: number;
+    /** Timeout in ms (default: 10000) */
+    timeout?: number;
+    /** Cache TTL in ms for identical content (default: 300000 = 5min) */
+    cacheTtlMs?: number;
+    /** Max cache entries (default: 1000) */
+    maxCacheSize?: number;
+}
+/**
+ * Semantic detection module using LLM-as-judge.
+ *
+ * Usage in ATR YAML:
+ * ```yaml
+ * detection:
+ *   conditions:
+ *     semantic_check:
+ *       module: semantic
+ *       function: analyze_threat
+ *       args:
+ *         field: user_input
+ *       operator: gte
+ *       threshold: 0.7
+ *   condition: "semantic_check"
+ * ```
+ */
+export declare class SemanticModule implements ATRModule {
+    readonly name = "semantic";
+    readonly description = "AI-driven semantic threat analysis (Layer 3)";
+    readonly version = "0.1.0";
+    readonly functions: readonly [{
+        readonly name: "analyze_threat";
+        readonly description: "Analyze text for semantic threat indicators using LLM";
+        readonly args: readonly [{
+            readonly name: "field";
+            readonly type: "string";
+            readonly required: false;
+            readonly description: "Event field to analyze (default: content)";
+        }];
+    }, {
+        readonly name: "is_injection";
+        readonly description: "Binary check: is this a prompt injection attempt?";
+        readonly args: readonly [{
+            readonly name: "field";
+            readonly type: "string";
+            readonly required: false;
+            readonly description: "Event field to analyze (default: content)";
+        }];
+    }, {
+        readonly name: "classify_attack";
+        readonly description: "Classify the type of attack (returns category confidence)";
+        readonly args: readonly [{
+            readonly name: "field";
+            readonly type: "string";
+            readonly required: false;
+            readonly description: "Event field to analyze (default: content)";
+        }, {
+            readonly name: "target_category";
+            readonly type: "string";
+            readonly required: true;
+            readonly description: "ATR category to check against";
+        }];
+    }];
+    private readonly config;
+    private readonly cache;
+    constructor(config: SemanticModuleConfig);
+    initialize(): Promise<void>;
+    evaluate(event: AgentEvent, condition: ModuleCondition): Promise<ModuleResult>;
+    destroy(): Promise<void>;
+    private analyzeWithCache;
+    private callLLM;
+    private parseAnalysis;
+    private resolveEndpoint;
+    private hashContent;
+    private compareThreshold;
+}
+//# sourceMappingURL=semantic.d.ts.map

package/dist/modules/semantic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"semantic.d.ts","sourceRoot":"","sources":["../../src/modules/semantic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA0CD;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,cAAe,YAAW,SAAS;IAC9C,QAAQ,CAAC,IAAI,cAAc;IAC3B,QAAQ,CAAC,WAAW,kDAAkD;IACtE,QAAQ,CAAC,OAAO,WAAW;IAE3B,QAAQ,CAAC,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2CP;IAEX,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;IACxD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;gBAE3C,MAAM,EAAE,oBAAoB;IAalC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAK3B,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IA8C9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YAMhB,gBAAgB;YA2BhB,OAAO;IAsDrB,OAAO,CAAC,aAAa;IA0BrB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,WAAW;IAUnB,OAAO,CAAC,gBAAgB;CAUzB"}