agent-threat-rules 0.1.0 → 0.2.1

package/dist/skill-fingerprint.js

@@ -0,0 +1,326 @@
+/**
+ * Skill Behavioral Fingerprint
+ *
+ * Tracks what each skill "normally does" across invocations, then detects
+ * behavioral drift when a previously-trusted skill starts acting differently.
+ *
+ * Solves the "installed then turns malicious" scenario:
+ * - First N invocations: build fingerprint (what APIs, what patterns, what scope)
+ * - After fingerprint stabilizes: flag any deviation as anomaly
+ *
+ * @module agent-threat-rules/skill-fingerprint
+ */
+import { createHash } from 'node:crypto';
+// ---------------------------------------------------------------------------
+// Pattern detectors (regex-based, no LLM needed)
+// ---------------------------------------------------------------------------
+const FS_WRITE_PATTERN = /(?:write(?:File)?|appendFile|fs\.write|truncate|mkdir|rmdir|unlink|rm\s+-)/i;
+const FS_READ_PATTERN = /(?:read(?:File)?|readdir|stat|access|exists|glob|find\s)/i;
+const FS_DELETE_PATTERN = /(?:unlink|rm\s+-rf|delete(?:File)?|removeDir|rmdir)/i;
+const NETWORK_PATTERN = /(?:https?:\/\/|fetch|curl|wget|axios|http\.request|net\.connect|socket)[\s('"]*([a-zA-Z0-9.-]+(?:\.[a-zA-Z]{2,}))/i;
+const ENV_PATTERN = /(?:process\.env|os\.environ|getenv|System\.getenv)\[?['"(]?([A-Z_][A-Z0-9_]*)/i;
+const ENV_INLINE_PATTERN = /\$\{?([A-Z_][A-Z0-9_]{2,})\}?/g;
+const EXEC_PATTERN = /(?:child_process|spawn|exec(?:File)?|system\(|popen|subprocess|shell_exec|os\.system)\s*\(\s*['"(]?([^\s'")\]]{1,80})/i;
+const EXFIL_PATTERN = /(?:base64|btoa|encode|compress|deflate|gzip).*(?:http|fetch|curl|send|post|upload)/i;
+const REDIRECT_PATTERN = /(?:redirect|forward|proxy|tunnel)\s+(?:to\s+)?(?:https?:\/\/)/i;
+/** Classify a text content into behavioral capabilities */
+function extractCapabilities(text) {
+    const result = {
+        filesystemOps: [],
+        networkTargets: [],
+        envAccesses: [],
+        processExecs: [],
+        outputPatterns: [],
+    };
+    if (!text || text.length === 0)
+        return result;
+    // Limit analysis to first 10KB to prevent ReDoS
+    const safeText = text.slice(0, 10_240);
+    // Filesystem
+    if (FS_WRITE_PATTERN.test(safeText))
+        result.filesystemOps.push('write');
+    if (FS_READ_PATTERN.test(safeText))
+        result.filesystemOps.push('read');
+    if (FS_DELETE_PATTERN.test(safeText))
+        result.filesystemOps.push('delete');
+    // Network targets
+    const netMatch = safeText.match(NETWORK_PATTERN);
+    if (netMatch?.[1])
+        result.networkTargets.push(netMatch[1]);
+    // Environment variable accesses
+    const envMatch = safeText.match(ENV_PATTERN);
+    if (envMatch?.[1])
+        result.envAccesses.push(envMatch[1]);
+    // Also check inline env vars like $HOME, ${API_KEY}
+    for (const m of safeText.matchAll(ENV_INLINE_PATTERN)) {
+        if (m[1] && !result.envAccesses.includes(m[1])) {
+            result.envAccesses.push(m[1]);
+        }
+    }
+    // Process executions
+    const execMatch = safeText.match(EXEC_PATTERN);
+    if (execMatch?.[1])
+        result.processExecs.push(execMatch[1]);
+    // Output patterns
+    if (EXFIL_PATTERN.test(safeText))
+        result.outputPatterns.push('exfiltration');
+    if (REDIRECT_PATTERN.test(safeText))
+        result.outputPatterns.push('redirect');
+    return result;
+}
+// ---------------------------------------------------------------------------
+// Fingerprint Store
+// ---------------------------------------------------------------------------
+/** Default invocations needed before fingerprint is considered stable */
+const DEFAULT_STABILITY_THRESHOLD = 10;
+/** Consecutive invocations with no new capabilities to mark stable */
+const DEFAULT_STABLE_STREAK = 5;
+/** Maximum number of skills to track */
+const MAX_SKILLS = 5_000;
+export class SkillFingerprintStore {
+    fingerprints = new Map();
+    stabilityThreshold;
+    stableStreak;
+    constructor(config) {
+        this.stabilityThreshold = config?.stabilityThreshold ?? DEFAULT_STABILITY_THRESHOLD;
+        this.stableStreak = config?.stableStreak ?? DEFAULT_STABLE_STREAK;
+    }
+    /**
+     * Record a skill invocation and detect behavioral anomalies.
+     * Returns anomalies if the fingerprint was stable and new capabilities appeared.
+     */
+    recordInvocation(skillName, event) {
+        const now = Date.now();
+        const fp = this.getOrCreate(skillName, now);
+        fp.invocationCount++;
+        fp.lastSeen = now;
+        // Extract capabilities from event content + fields
+        const content = [
+            event.content ?? '',
+            event.fields?.['tool_args'] ?? '',
+            event.fields?.['tool_response'] ?? '',
+        ].join('\n');
+        const caps = extractCapabilities(content);
+        // Check for anomalies (only if fingerprint is stable)
+        const anomalies = [];
+        const isStable = fp.stableHash !== null;
+        if (isStable) {
+            // Detect NEW capabilities not in the stable fingerprint
+            for (const op of caps.filesystemOps) {
+                if (!fp.filesystemOps.has(op)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_filesystem_op',
+                        description: `Skill "${skillName}" performing new filesystem operation: ${op} (not in baseline)`,
+                        severity: op === 'delete' ? 'critical' : op === 'write' ? 'high' : 'medium',
+                        newValue: op,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const target of caps.networkTargets) {
+                if (!fp.networkTargets.has(target)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_network_target',
+                        description: `Skill "${skillName}" contacting new network target: ${target}`,
+                        severity: 'high',
+                        newValue: target,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const env of caps.envAccesses) {
+                if (!fp.envAccesses.has(env)) {
+                    const isSensitive = /(?:KEY|SECRET|TOKEN|PASSWORD|CREDENTIAL)/i.test(env);
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_env_access',
+                        description: `Skill "${skillName}" accessing new env var: ${env}`,
+                        severity: isSensitive ? 'critical' : 'medium',
+                        newValue: env,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const proc of caps.processExecs) {
+                if (!fp.processExecs.has(proc)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_process_exec',
+                        description: `Skill "${skillName}" executing new process: ${proc}`,
+                        severity: 'critical',
+                        newValue: proc,
+                        timestamp: now,
+                    });
+                }
+            }
+            for (const pat of caps.outputPatterns) {
+                if (!fp.outputPatterns.has(pat)) {
+                    anomalies.push({
+                        skillName,
+                        anomalyType: 'new_output_pattern',
+                        description: `Skill "${skillName}" exhibiting new pattern: ${pat}`,
+                        severity: pat === 'exfiltration' ? 'critical' : 'high',
+                        newValue: pat,
+                        timestamp: now,
+                    });
+                }
+            }
+        }
+        // Update fingerprint with observed capabilities
+        let newCapsSeen = false;
+        for (const op of caps.filesystemOps) {
+            if (!fp.filesystemOps.has(op)) {
+                fp.filesystemOps.add(op);
+                newCapsSeen = true;
+            }
+        }
+        for (const t of caps.networkTargets) {
+            if (!fp.networkTargets.has(t)) {
+                fp.networkTargets.add(t);
+                newCapsSeen = true;
+            }
+        }
+        for (const e of caps.envAccesses) {
+            if (!fp.envAccesses.has(e)) {
+                fp.envAccesses.add(e);
+                newCapsSeen = true;
+            }
+        }
+        for (const p of caps.processExecs) {
+            if (!fp.processExecs.has(p)) {
+                fp.processExecs.add(p);
+                newCapsSeen = true;
+            }
+        }
+        for (const o of caps.outputPatterns) {
+            if (!fp.outputPatterns.has(o)) {
+                fp.outputPatterns.add(o);
+                newCapsSeen = true;
+            }
+        }
+        // Track stability
+        if (!isStable) {
+            if (newCapsSeen) {
+                fp.stableStreak = 0;
+            }
+            else {
+                fp.stableStreak++;
+            }
+            // Mark stable when threshold met
+            if (fp.invocationCount >= this.stabilityThreshold &&
+                fp.stableStreak >= this.stableStreak) {
+                fp.stableHash = this.computeCapabilityHash(fp);
+            }
+        }
+        return anomalies;
+    }
+    /**
+     * Get an immutable fingerprint snapshot for a skill.
+     */
+    getFingerprint(skillName) {
+        const fp = this.fingerprints.get(skillName);
+        if (!fp)
+            return undefined;
+        return {
+            skillName: fp.skillName,
+            invocationCount: fp.invocationCount,
+            firstSeen: fp.firstSeen,
+            lastSeen: fp.lastSeen,
+            isStable: fp.stableHash !== null,
+            capabilities: {
+                filesystemOps: new Set(fp.filesystemOps),
+                networkTargets: new Set(fp.networkTargets),
+                envAccesses: new Set(fp.envAccesses),
+                processExecs: new Set(fp.processExecs),
+                outputPatterns: new Set(fp.outputPatterns),
+            },
+            capabilityHash: fp.stableHash ?? this.computeCapabilityHash(fp),
+        };
+    }
+    /** Get all tracked skill names */
+    getTrackedSkills() {
+        return [...this.fingerprints.keys()];
+    }
+    /** Get count of stable fingerprints */
+    getStableCount() {
+        let count = 0;
+        for (const fp of this.fingerprints.values()) {
+            if (fp.stableHash !== null)
+                count++;
+        }
+        return count;
+    }
+    /** Get total tracked skills */
+    getTrackedCount() {
+        return this.fingerprints.size;
+    }
+    /**
+     * Reset a skill's fingerprint (e.g., after a legitimate update).
+     */
+    resetFingerprint(skillName) {
+        this.fingerprints.delete(skillName);
+    }
+    /**
+     * Evict fingerprints not seen since cutoffMs ago.
+     */
+    cleanup(cutoffMs) {
+        const cutoff = Date.now() - cutoffMs;
+        let evicted = 0;
+        for (const [name, fp] of this.fingerprints) {
+            if (fp.lastSeen < cutoff) {
+                this.fingerprints.delete(name);
+                evicted++;
+            }
+        }
+        return evicted;
+    }
+    // -----------------------------------------------------------------------
+    // Private
+    // -----------------------------------------------------------------------
+    getOrCreate(skillName, now) {
+        const existing = this.fingerprints.get(skillName);
+        if (existing)
+            return existing;
+        // Evict oldest if at capacity
+        if (this.fingerprints.size >= MAX_SKILLS) {
+            let oldestName;
+            let oldestTime = Infinity;
+            for (const [name, fp] of this.fingerprints) {
+                if (fp.lastSeen < oldestTime) {
+                    oldestTime = fp.lastSeen;
+                    oldestName = name;
+                }
+            }
+            if (oldestName)
+                this.fingerprints.delete(oldestName);
+        }
+        const fp = {
+            skillName,
+            invocationCount: 0,
+            firstSeen: now,
+            lastSeen: now,
+            filesystemOps: new Set(),
+            networkTargets: new Set(),
+            envAccesses: new Set(),
+            processExecs: new Set(),
+            outputPatterns: new Set(),
+            stableHash: null,
+            stableStreak: 0,
+        };
+        this.fingerprints.set(skillName, fp);
+        return fp;
+    }
+    computeCapabilityHash(fp) {
+        const parts = [
+            [...fp.filesystemOps].sort().join(','),
+            [...fp.networkTargets].sort().join(','),
+            [...fp.envAccesses].sort().join(','),
+            [...fp.processExecs].sort().join(','),
+            [...fp.outputPatterns].sort().join(','),
+        ];
+        return createHash('sha256').update(parts.join('|')).digest('hex').slice(0, 16);
+    }
+}
+//# sourceMappingURL=skill-fingerprint.js.map

package/dist/skill-fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-fingerprint.js","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAkEzC,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E,MAAM,gBAAgB,GAAG,6EAA6E,CAAC;AACvG,MAAM,eAAe,GAAG,2DAA2D,CAAC;AACpF,MAAM,iBAAiB,GAAG,sDAAsD,CAAC;AAEjF,MAAM,eAAe,GAAG,oHAAoH,CAAC;AAE7I,MAAM,WAAW,GAAG,gFAAgF,CAAC;AACrG,MAAM,kBAAkB,GAAG,gCAAgC,CAAC;AAE5D,MAAM,YAAY,GAAG,wHAAwH,CAAC;AAE9I,MAAM,aAAa,GAAG,qFAAqF,CAAC;AAC5G,MAAM,gBAAgB,GAAG,gEAAgE,CAAC;AAE1F,2DAA2D;AAC3D,SAAS,mBAAmB,CAAC,IAAY;IAOvC,MAAM,MAAM,GAAG;QACb,aAAa,EAAE,EAAc;QAC7B,cAAc,EAAE,EAAc;QAC9B,WAAW,EAAE,EAAc;QAC3B,YAAY,EAAE,EAAc;QAC5B,cAAc,EAAE,EAAc;KAC/B,CAAC;IAEF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IAE9C,gDAAgD;IAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAEvC,aAAa;IACb,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxE,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtE,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE1E,kBAAkB;IAClB,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACjD,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,gCAAgC;IAChC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,oDAAoD;IACpD,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtD,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,kBAAkB;IAClB,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7E,IAAI,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAE5E,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,yEAAyE;AACzE,MAAM,2BAA2B,GAAG,EAAE,CAAC;AAEvC,sEAAsE;AACtE,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,wCAAwC;AACxC,MAAM,UAAU,GAAG,KAAK,CAAC;AASzB,MAAM,OAAO,qBAAqB;IACf,YAAY,GAAG,IAAI,GAAG,EAA8B,CAAC;IACrD,kBAAkB,CAAS;IAC3B,YAAY,CAAS;IAEtC,YAAY,MAA+B;QACzC,IAAI,CAAC,kBAAkB,GAAG,MAAM,EAAE,kBAAkB,IAAI,2BAA2B,CAAC;QACpF,IAAI,CAAC,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,qBAAqB,CAAC;IACpE,CAAC;IAED;;;OAGG;IACH,gBAAgB,CACd,SAAiB,EACjB,KAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC5C,EAAE,CAAC,eAAe,EAAE,CAAC;QACrB,EAAE,CAAC,QAAQ,GAAG,GAAG,CAAC;QAElB,mDAAmD;QACnD,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,OAAO,IAAI,EAAE;YACnB,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE;YACjC,KAAK,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE;SACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE1C,sDAAsD;QACtD,MAAM,SAAS,GAAsB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,KAAK,IAAI,CAAC;QAExC,IAAI,QAAQ,EAAE,CAAC;YACb,wDAAwD;YACxD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC9B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,mBAAmB;wBAChC,WAAW,EAAE,UAAU,SAAS,0CAA0C,EAAE,oBAAoB;wBAChG,QAAQ,EAAE,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;wBAC3E,QAAQ,EAAE,EAAE;wBACZ,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,oCAAoC,MAAM,EAAE;wBAC5E,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,MAAM;wBAChB,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,WAAW,GAAG,2CAA2C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC1E,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,gBAAgB;wBAC7B,WAAW,EAAE,UAAU,SAAS,4BAA4B,GAAG,EAAE;wBACjE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;wBAC7C,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,kBAAkB;wBAC/B,WAAW,EAAE,UAAU,SAAS,4BAA4B,IAAI,EAAE;wBAClE,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,IAAI;wBACd,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,6BAA6B,GAAG,EAAE;wBAClE,QAAQ,EAAE,GAAG,KAAK,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;wBACtD,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC5E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC9E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,WAAW,EAAE,CAAC;gBAChB,EAAE,CAAC,YAAY,GAAG,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,CAAC;YAED,iCAAiC;YACjC,IACE,EAAE,CAAC,eAAe,IAAI,IAAI,CAAC,kBAAkB;gBAC7C,EAAE,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,EACpC,CAAC;gBACD,EAAE,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,SAAiB;QAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE;YAAE,OAAO,SAAS,CAAC;QAE1B,OAAO;YACL,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,eAAe,EAAE,EAAE,CAAC,eAAe;YACnC,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,QAAQ,EAAE,EAAE,CAAC,UAAU,KAAK,IAAI;YAChC,YAAY,EAAE;gBACZ,aAAa,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC;gBACxC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;gBAC1C,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,WAAW,CAAC;gBACpC,YAAY,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC;gBACtC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;aAC3C;YACD,cAAc,EAAE,EAAE,CAAC,UAAU,IAAI,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,uCAAuC;IACvC,cAAc;QACZ,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,EAAE,CAAC,UAAU,KAAK,IAAI;gBAAE,KAAK,EAAE,CAAC;QACtC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+BAA+B;IAC/B,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,QAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC/B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0EAA0E;IAC1E,UAAU;IACV,0EAA0E;IAElE,WAAW,CAAC,SAAiB,EAAE,GAAW;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,8BAA8B;QAC9B,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;YACzC,IAAI,UAA8B,CAAC;YACnC,IAAI,UAAU,GAAG,QAAQ,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,UAAU,EAAE,CAAC;oBAC7B,UAAU,GAAG,EAAE,CAAC,QAAQ,CAAC;oBACzB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YACD,IAAI,UAAU;gBAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,EAAE,GAAuB;YAC7B,SAAS;YACT,eAAe,EAAE,CAAC;YAClB,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;YACb,aAAa,EAAE,IAAI,GAAG,EAAE;YACxB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,WAAW,EAAE,IAAI,GAAG,EAAE;YACtB,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;SAChB,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,qBAAqB,CAAC,EAAsB;QAClD,MAAM,KAAK,GAAG;YACZ,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACtC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACvC,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACpC,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACrC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;SACxC,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjF,CAAC;CACF"}

package/dist/types.d.ts

@@ -12,6 +12,7 @@ export type ATROperator = 'gt' | 'lt' | 'eq' | 'gte' | 'lte' | 'deviation_from_b
 export type ATRAction = 'block_input' | 'block_output' | 'block_tool' | 'quarantine_session' | 'reset_context' | 'alert' | 'snapshot' | 'escalate' | 'reduce_permissions' | 'kill_agent';
 export interface ATRReferences {
     owasp_llm?: string[];
+    owasp_agentic?: string[];
     mitre_atlas?: string[];
     mitre_attack?: string[];
     cve?: string[];
@@ -77,7 +78,7 @@ export interface ATRTestCase {
     agent_output?: string;
     tool_name?: string;
     tool_args?: string;
-    expected: 'trigger' | 'no_trigger';
+    expected: 'trigger' | 'no_trigger' | 'triggered' | 'not_triggered';
 }
 export interface ATRTestCases {
     true_positives: ATRTestCase[];
@@ -126,4 +127,61 @@ export interface ATRMatch {
     confidence: number;
     timestamp: string;
 }
+/** Verdict outcome from evaluating matched rules */
+export type VerdictOutcome = 'allow' | 'ask' | 'deny';
+/** Verdict returned after evaluating an event against all rules */
+export interface ATRVerdict {
+    readonly outcome: VerdictOutcome;
+    readonly reason: string;
+    readonly matchCount: number;
+    readonly highestSeverity: ATRSeverity | null;
+    readonly highestConfidence: number;
+    readonly actions: readonly ATRAction[];
+    readonly matches: readonly ATRMatch[];
+    readonly timestamp: string;
+}
+/** Result of executing a single action */
+export interface ActionResult {
+    readonly action: ATRAction;
+    readonly success: boolean;
+    readonly message: string;
+    readonly timestamp: string;
+}
+/** Context provided to platform adapters when executing actions */
+export interface ExecutionContext {
+    readonly event: AgentEvent;
+    readonly matches: readonly ATRMatch[];
+    readonly verdict: ATRVerdict;
+    readonly sessionId?: string;
+    readonly metadata?: Readonly<Record<string, unknown>>;
+}
+/** Platform-specific adapter for executing ATR actions */
+export interface PlatformAdapter {
+    readonly name: string;
+    blockInput(ctx: ExecutionContext): Promise<ActionResult>;
+    blockOutput(ctx: ExecutionContext): Promise<ActionResult>;
+    blockTool(ctx: ExecutionContext): Promise<ActionResult>;
+    quarantineSession(ctx: ExecutionContext): Promise<ActionResult>;
+    resetContext(ctx: ExecutionContext): Promise<ActionResult>;
+    alert(ctx: ExecutionContext): Promise<ActionResult>;
+    snapshot(ctx: ExecutionContext): Promise<ActionResult>;
+    escalate(ctx: ExecutionContext): Promise<ActionResult>;
+    reducePermissions(ctx: ExecutionContext): Promise<ActionResult>;
+    killAgent(ctx: ExecutionContext): Promise<ActionResult>;
+}
+/** Hook input from Claude Code / agent host */
+export interface HookInput {
+    readonly hook: 'PreToolUse' | 'PostToolUse';
+    readonly tool_name: string;
+    readonly tool_input: Readonly<Record<string, unknown>>;
+    readonly session_id?: string;
+    readonly timestamp?: string;
+}
+/** Hook output to Claude Code / agent host */
+export interface HookOutput {
+    readonly decision: VerdictOutcome;
+    readonly reason?: string;
+    readonly message?: string;
+    readonly matched_rules?: readonly string[];
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,cAAc,GAAG,QAAQ,GAAG,YAAY,CAAC;AAE3E,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,eAAe,CAAC;AAEnF,MAAM,MAAM,WAAW,GACnB,kBAAkB,GAClB,gBAAgB,GAChB,sBAAsB,GACtB,oBAAoB,GACpB,sBAAsB,GACtB,oBAAoB,GACpB,gBAAgB,GAChB,aAAa,GACb,kBAAkB,CAAC;AAEvB,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEtD,MAAM,MAAM,aAAa,GACrB,QAAQ,GACR,WAAW,GACX,cAAc,GACd,gBAAgB,GAChB,kBAAkB,GAClB,gBAAgB,GAChB,eAAe,GACf,iBAAiB,GACjB,kBAAkB,GAClB,aAAa,CAAC;AAElB,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC;AAE1E,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,GAAG,yBAAyB,CAAC;AAEzF,MAAM,MAAM,SAAS,GACjB,aAAa,GACb,cAAc,GACd,YAAY,GACZ,oBAAoB,GACpB,eAAe,GACf,OAAO,GACP,UAAU,GACV,UAAU,GACV,oBAAoB,GACpB,YAAY,CAAC;AAEjB,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,WAAW,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,aAAa,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,aAAa,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,YAAY,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,WAAW,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,eAAe,EAAE,CAAC;CAC1B;AAED,0EAA0E;AAC1E,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,+CAA+C;AAC/C,MAAM,MAAM,aAAa,GACrB,iBAAiB,EAAE,GACnB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,sBAAsB,GAAG,oBAAoB,CAAC,CAAC;AAExF,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,aAAa,CAAC;IAC1B,kGAAkG;IAClG,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,SAAS,GAAG,YAAY,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,WAAW,EAAE,CAAC;IAC9B,cAAc,EAAE,WAAW,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,SAAS,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,aAAa,CAAC;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,YAAY,EAAE,cAAc,CAAC;IAC7B,SAAS,EAAE,YAAY,CAAC;IACxB,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,YAAY,CAAC;CAC3B;AAED,mDAAmD;AACnD,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,YAAY,GACZ,WAAW,GACX,eAAe,GACf,gBAAgB,GAChB,qBAAqB,CAAC;AAE1B,mDAAmD;AACnD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,+CAA+C;AAC/C,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,SAAS,GAAG,OAAO,GAAG,cAAc,GAAG,QAAQ,GAAG,YAAY,CAAC;AAE3E,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,eAAe,CAAC;AAEnF,MAAM,MAAM,WAAW,GACnB,kBAAkB,GAClB,gBAAgB,GAChB,sBAAsB,GACtB,oBAAoB,GACpB,sBAAsB,GACtB,oBAAoB,GACpB,gBAAgB,GAChB,aAAa,GACb,kBAAkB,CAAC;AAEvB,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEtD,MAAM,MAAM,aAAa,GACrB,QAAQ,GACR,WAAW,GACX,cAAc,GACd,gBAAgB,GAChB,kBAAkB,GAClB,gBAAgB,GAChB,eAAe,GACf,iBAAiB,GACjB,kBAAkB,GAClB,aAAa,CAAC;AAElB,MAAM,MAAM,YAAY,GAAG,UAAU,GAAG,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC;AAE1E,MAAM,MAAM,WAAW,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,KAAK,GAAG,yBAAyB,CAAC;AAEzF,MAAM,MAAM,SAAS,GACjB,aAAa,GACb,cAAc,GACd,YAAY,GACZ,oBAAoB,GACpB,eAAe,GACf,OAAO,GACP,UAAU,GACV,UAAU,GACV,oBAAoB,GACpB,YAAY,CAAC;AAEjB,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;CAChB;AAED,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,WAAW,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,aAAa,CAAC;CAC5B;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,aAAa,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,UAAU,EAAE,YAAY,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,WAAW,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,eAAe,EAAE,CAAC;CAC1B;AAED,0EAA0E;AAC1E,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,+CAA+C;AAC/C,MAAM,MAAM,aAAa,GACrB,iBAAiB,EAAE,GACnB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,sBAAsB,GAAG,oBAAoB,CAAC,CAAC;AAExF,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,aAAa,CAAC;IAC1B,kGAAkG;IAClG,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,SAAS,EAAE,CAAC;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,SAAS,GAAG,YAAY,GAAG,WAAW,GAAG,eAAe,CAAC;CACpE;AAED,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,WAAW,EAAE,CAAC;IAC9B,cAAc,EAAE,WAAW,EAAE,CAAC;CAC/B;AAED,MAAM,WAAW,OAAO;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,SAAS,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,aAAa,CAAC;IAC3B,IAAI,EAAE,OAAO,CAAC;IACd,YAAY,EAAE,cAAc,CAAC;IAC7B,SAAS,EAAE,YAAY,CAAC;IACxB,QAAQ,EAAE,WAAW,CAAC;IACtB,UAAU,CAAC,EAAE,YAAY,CAAC;CAC3B;AAED,mDAAmD;AACnD,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,YAAY,GACZ,WAAW,GACX,eAAe,GACf,gBAAgB,GAChB,qBAAqB,CAAC;AAE1B,mDAAmD;AACnD,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,yCAAyC;IACzC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,+CAA+C;AAC/C,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,oDAAoD;AACpD,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,KAAK,GAAG,MAAM,CAAC;AAEtD,mEAAmE;AACnE,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,OAAO,EAAE,cAAc,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;IAC7C,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,OAAO,EAAE,SAAS,SAAS,EAAE,CAAC;IACvC,QAAQ,CAAC,OAAO,EAAE,SAAS,QAAQ,EAAE,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,0CAA0C;AAC1C,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,mEAAmE;AACnE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE,SAAS,QAAQ,EAAE,CAAC;IACtC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED,0DAA0D;AAC1D,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACzD,WAAW,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1D,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACxD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAChE,YAAY,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAC3D,KAAK,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACpD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACvD,iBAAiB,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAChE,SAAS,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACzD;AAED,+CAA+C;AAC/C,MAAM,WAAW,SAAS;IACxB,QAAQ,CAAC,IAAI,EAAE,YAAY,GAAG,aAAa,CAAC;IAC5C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,8CAA8C;AAC9C,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC5C"}

package/dist/verdict.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Verdict computation from ATR rule matches.
+ *
+ * Pure functions that determine the outcome (allow/ask/deny)
+ * based on severity, confidence, and auto-response thresholds.
+ *
+ * @module agent-threat-rules/verdict
+ */
+import type { ATRMatch, ATRSeverity, ATRVerdict } from './types.js';
+/** Severity rank from most severe (0) to least severe (4) */
+export declare const SEVERITY_RANK: Readonly<Record<ATRSeverity, number>>;
+/**
+ * Check whether auto-response is enabled for a matched rule.
+ * The auto_response_threshold field on ATRResponse indicates the
+ * minimum confidence level at which the action should be taken
+ * automatically (without human approval).
+ */
+export declare function isAutoResponseEnabled(match: ATRMatch): boolean;
+/**
+ * Compute a verdict from an array of ATR matches.
+ *
+ * This is a pure function -- no side effects, no mutation.
+ * Returns a frozen ATRVerdict object.
+ */
+export declare function computeVerdict(matches: readonly ATRMatch[]): ATRVerdict;
+//# sourceMappingURL=verdict.d.ts.map

package/dist/verdict.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verdict.d.ts","sourceRoot":"","sources":["../src/verdict.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,QAAQ,EACR,WAAW,EAEX,UAAU,EAEX,MAAM,YAAY,CAAC;AAEpB,6DAA6D;AAC7D,eAAO,MAAM,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAM/D,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,QAAQ,GACd,OAAO,CAcT;AAwED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,SAAS,QAAQ,EAAE,GAC3B,UAAU,CAkCZ"}

package/dist/verdict.js

@@ -0,0 +1,127 @@
+/**
+ * Verdict computation from ATR rule matches.
+ *
+ * Pure functions that determine the outcome (allow/ask/deny)
+ * based on severity, confidence, and auto-response thresholds.
+ *
+ * @module agent-threat-rules/verdict
+ */
+/** Severity rank from most severe (0) to least severe (4) */
+export const SEVERITY_RANK = {
+    critical: 0,
+    high: 1,
+    medium: 2,
+    low: 3,
+    informational: 4,
+};
+/**
+ * Check whether auto-response is enabled for a matched rule.
+ * The auto_response_threshold field on ATRResponse indicates the
+ * minimum confidence level at which the action should be taken
+ * automatically (without human approval).
+ */
+export function isAutoResponseEnabled(match) {
+    const threshold = match.rule.response.auto_response_threshold;
+    if (!threshold)
+        return false;
+    const thresholdMap = {
+        high: 0.9,
+        medium: 0.7,
+        low: 0.5,
+    };
+    const requiredConfidence = thresholdMap[threshold];
+    if (requiredConfidence === undefined)
+        return false;
+    return match.confidence >= requiredConfidence;
+}
+/**
+ * Determine the verdict outcome based on severity and confidence.
+ *
+ * Decision matrix:
+ *   - critical severity           -> deny
+ *   - high severity, conf >= 0.8  -> deny
+ *   - high severity, conf < 0.8   -> ask
+ *   - medium severity, conf >= 0.6 -> ask
+ *   - everything else             -> allow
+ */
+function determineOutcome(severity, confidence) {
+    if (severity === 'critical') {
+        return 'deny';
+    }
+    if (severity === 'high') {
+        return confidence >= 0.8 ? 'deny' : 'ask';
+    }
+    if (severity === 'medium' && confidence >= 0.6) {
+        return 'ask';
+    }
+    return 'allow';
+}
+/**
+ * Collect unique actions from all matched rules, preserving order
+ * of first appearance.
+ */
+function collectUniqueActions(matches) {
+    const seen = new Set();
+    const actions = [];
+    for (const match of matches) {
+        for (const action of match.rule.response.actions) {
+            if (!seen.has(action)) {
+                seen.add(action);
+                actions.push(action);
+            }
+        }
+    }
+    return Object.freeze(actions);
+}
+/**
+ * Build a human-readable reason string from the highest severity match.
+ */
+function buildReason(highestMatch, outcome, matchCount) {
+    if (!highestMatch) {
+        return 'No rules matched.';
+    }
+    const { rule, confidence } = highestMatch;
+    const pct = Math.round(confidence * 100);
+    return (`${outcome.toUpperCase()}: ${rule.title} ` +
+        `[${rule.severity}/${pct}% confidence] ` +
+        `(${matchCount} rule${matchCount === 1 ? '' : 's'} matched)`);
+}
+/**
+ * Compute a verdict from an array of ATR matches.
+ *
+ * This is a pure function -- no side effects, no mutation.
+ * Returns a frozen ATRVerdict object.
+ */
+export function computeVerdict(matches) {
+    if (matches.length === 0) {
+        return Object.freeze({
+            outcome: 'allow',
+            reason: 'No rules matched.',
+            matchCount: 0,
+            highestSeverity: null,
+            highestConfidence: 0,
+            actions: Object.freeze([]),
+            matches: Object.freeze([]),
+            timestamp: new Date().toISOString(),
+        });
+    }
+    // Matches are already sorted by the engine (severity desc, confidence desc).
+    // The first match has the highest severity.
+    const highestMatch = matches[0];
+    const highestSeverity = highestMatch.rule.severity;
+    const highestConfidence = highestMatch.confidence;
+    const outcome = determineOutcome(highestSeverity, highestConfidence);
+    const actions = collectUniqueActions(matches);
+    const reason = buildReason(highestMatch, outcome, matches.length);
+    return Object.freeze({
+        outcome,
+        reason,
+        matchCount: matches.length,
+        highestSeverity,
+        highestConfidence,
+        actions,
+        matches: Object.freeze([...matches]),
+        timestamp: new Date().toISOString(),
+    });
+}
+//# sourceMappingURL=verdict.js.map

package/dist/verdict.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verdict.js","sourceRoot":"","sources":["../src/verdict.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,6DAA6D;AAC7D,MAAM,CAAC,MAAM,aAAa,GAA0C;IAClE,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,aAAa,EAAE,CAAC;CACjB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe;IAEf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC9D,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAE7B,MAAM,YAAY,GAA2B;QAC3C,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAC;IAEF,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,kBAAkB,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEnD,OAAO,KAAK,CAAC,UAAU,IAAI,kBAAkB,CAAC;AAChD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,gBAAgB,CACvB,QAAqB,EACrB,UAAkB;IAElB,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAC5C,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,OAA4B;IAE5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAa,CAAC;IAClC,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,YAAkC,EAClC,OAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;IAEzC,OAAO,CACL,GAAG,OAAO,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,KAAK,GAAG;QAC1C,IAAI,IAAI,CAAC,QAAQ,IAAI,GAAG,gBAAgB;QACxC,IAAI,UAAU,QAAQ,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,WAAW,CAC7D,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,OAA4B;IAE5B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,OAAgB;YACzB,MAAM,EAAE,mBAAmB;YAC3B,UAAU,EAAE,CAAC;YACb,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,CAAC;YACpB,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4CAA4C;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACjC,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;IACnD,MAAM,iBAAiB,GAAG,YAAY,CAAC,UAAU,CAAC;IAElD,MAAM,OAAO,GAAG,gBAAgB,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAElE,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,OAAO;QACP,MAAM;QACN,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,eAAe;QACf,iBAAiB;QACjB,OAAO;QACP,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-threat-rules",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "type": "module",
   "description": "Open detection rules for AI agent threats. Like Sigma, but for prompt injection, tool poisoning, and agent manipulation.",
   "main": "./dist/index.js",
@@ -14,6 +14,10 @@
       "import": "./dist/index.js",
       "types": "./dist/index.d.ts"
     },
+    "./mcp": {
+      "import": "./dist/mcp-server.js",
+      "types": "./dist/mcp-server.d.ts"
+    },
     "./rules": "./rules",
     "./spec": "./spec/atr-schema.yaml"
   },
@@ -59,6 +63,7 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.12.0",
     "js-yaml": "^4.1.0"
   },
   "devDependencies": {

package/rules/agent-manipulation/ATR-2026-030-cross-agent-attack.yaml

@@ -10,7 +10,7 @@ description: |
   or manipulates message format conventions to deceive target agents.
   These attacks exploit trust relationships between agents to achieve
   unauthorized actions, data exfiltration, or safety bypass.
-author: "Panguard AI"
+author: "ATR Community"
 date: "2026/03/08"
 schema_version: "0.1"
 detection_tier: pattern

package/rules/agent-manipulation/ATR-2026-032-goal-hijacking.yaml

@@ -10,7 +10,7 @@ description: |
   failure, unauthorized actions, data leakage, or resource waste.
   This rule uses regex-only detection on both user input and agent output
   to identify redirection language patterns.
-author: "Panguard AI"
+author: "ATR Community"
 date: "2026/03/08"
 schema_version: "0.1"
 detection_tier: pattern