agent-threat-rules 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +152 -642
- package/dist/capability-extractor.d.ts +35 -0
- package/dist/capability-extractor.d.ts.map +1 -0
- package/dist/capability-extractor.js +91 -0
- package/dist/capability-extractor.js.map +1 -0
- package/dist/cli.js +56 -2
- package/dist/cli.js.map +1 -1
- package/dist/converters/elastic.d.ts +36 -0
- package/dist/converters/elastic.d.ts.map +1 -0
- package/dist/converters/elastic.js +125 -0
- package/dist/converters/elastic.js.map +1 -0
- package/dist/converters/index.d.ts +28 -0
- package/dist/converters/index.d.ts.map +1 -0
- package/dist/converters/index.js +36 -0
- package/dist/converters/index.js.map +1 -0
- package/dist/converters/splunk.d.ts +19 -0
- package/dist/converters/splunk.d.ts.map +1 -0
- package/dist/converters/splunk.js +148 -0
- package/dist/converters/splunk.js.map +1 -0
- package/dist/embedding/build-corpus.d.ts +15 -0
- package/dist/embedding/build-corpus.d.ts.map +1 -0
- package/dist/embedding/build-corpus.js +105 -0
- package/dist/embedding/build-corpus.js.map +1 -0
- package/dist/embedding/model-loader.d.ts +41 -0
- package/dist/embedding/model-loader.d.ts.map +1 -0
- package/dist/embedding/model-loader.js +90 -0
- package/dist/embedding/model-loader.js.map +1 -0
- package/dist/embedding/vector-store.d.ts +41 -0
- package/dist/embedding/vector-store.d.ts.map +1 -0
- package/dist/embedding/vector-store.js +70 -0
- package/dist/embedding/vector-store.js.map +1 -0
- package/dist/engine.d.ts +23 -20
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +173 -24
- package/dist/engine.js.map +1 -1
- package/dist/eval/corpus.d.ts +42 -0
- package/dist/eval/corpus.d.ts.map +1 -0
- package/dist/eval/corpus.js +427 -0
- package/dist/eval/corpus.js.map +1 -0
- package/dist/eval/eval-harness.d.ts +44 -0
- package/dist/eval/eval-harness.d.ts.map +1 -0
- package/dist/eval/eval-harness.js +296 -0
- package/dist/eval/eval-harness.js.map +1 -0
- package/dist/eval/index.d.ts +13 -0
- package/dist/eval/index.d.ts.map +1 -0
- package/dist/eval/index.js +9 -0
- package/dist/eval/index.js.map +1 -0
- package/dist/eval/metrics.d.ts +74 -0
- package/dist/eval/metrics.d.ts.map +1 -0
- package/dist/eval/metrics.js +108 -0
- package/dist/eval/metrics.js.map +1 -0
- package/dist/eval/pint-corpus.d.ts +34 -0
- package/dist/eval/pint-corpus.d.ts.map +1 -0
- package/dist/eval/pint-corpus.js +109 -0
- package/dist/eval/pint-corpus.js.map +1 -0
- package/dist/eval/rule-corpus.d.ts +9 -0
- package/dist/eval/rule-corpus.d.ts.map +1 -0
- package/dist/eval/rule-corpus.js +4780 -0
- package/dist/eval/rule-corpus.js.map +1 -0
- package/dist/eval/rule-metrics.d.ts +34 -0
- package/dist/eval/rule-metrics.d.ts.map +1 -0
- package/dist/eval/rule-metrics.js +92 -0
- package/dist/eval/rule-metrics.js.map +1 -0
- package/dist/eval/run-eval.d.ts +7 -0
- package/dist/eval/run-eval.d.ts.map +1 -0
- package/dist/eval/run-eval.js +11 -0
- package/dist/eval/run-eval.js.map +1 -0
- package/dist/eval/run-pint-benchmark.d.ts +18 -0
- package/dist/eval/run-pint-benchmark.d.ts.map +1 -0
- package/dist/eval/run-pint-benchmark.js +157 -0
- package/dist/eval/run-pint-benchmark.js.map +1 -0
- package/dist/flywheel.d.ts +54 -0
- package/dist/flywheel.d.ts.map +1 -0
- package/dist/flywheel.js +98 -0
- package/dist/flywheel.js.map +1 -0
- package/dist/index.d.ts +21 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +19 -2
- package/dist/index.js.map +1 -1
- package/dist/modules/embedding.d.ts +71 -0
- package/dist/modules/embedding.d.ts.map +1 -0
- package/dist/modules/embedding.js +141 -0
- package/dist/modules/embedding.js.map +1 -0
- package/dist/modules/semantic.d.ts +1 -0
- package/dist/modules/semantic.d.ts.map +1 -1
- package/dist/modules/semantic.js +77 -1
- package/dist/modules/semantic.js.map +1 -1
- package/dist/session-tracker.d.ts +2 -0
- package/dist/session-tracker.d.ts.map +1 -1
- package/dist/session-tracker.js +1 -0
- package/dist/session-tracker.js.map +1 -1
- package/dist/shadow-evaluator.d.ts +48 -0
- package/dist/shadow-evaluator.d.ts.map +1 -0
- package/dist/shadow-evaluator.js +128 -0
- package/dist/shadow-evaluator.js.map +1 -0
- package/dist/skill-fingerprint.d.ts.map +1 -1
- package/dist/skill-fingerprint.js +10 -52
- package/dist/skill-fingerprint.js.map +1 -1
- package/dist/tier0-invariant.d.ts +49 -0
- package/dist/tier0-invariant.d.ts.map +1 -0
- package/dist/tier0-invariant.js +184 -0
- package/dist/tier0-invariant.js.map +1 -0
- package/dist/tier1-blacklist.d.ts +48 -0
- package/dist/tier1-blacklist.d.ts.map +1 -0
- package/dist/tier1-blacklist.js +91 -0
- package/dist/tier1-blacklist.js.map +1 -0
- package/package.json +7 -1
- package/rules/agent-manipulation/ATR-2026-108-consensus-sybil-attack.yaml +103 -0
- package/rules/context-exfiltration/ATR-2026-102-disguised-analytics-exfiltration.yaml +69 -0
- package/rules/privilege-escalation/ATR-2026-107-delayed-execution-bypass.yaml +67 -0
- package/rules/prompt-injection/ATR-2026-001-direct-prompt-injection.yaml +181 -94
- package/rules/prompt-injection/ATR-2026-003-jailbreak-attempt.yaml +23 -12
- package/rules/prompt-injection/ATR-2026-004-system-prompt-override.yaml +3 -3
- package/rules/prompt-injection/ATR-2026-081-semantic-multi-turn.yaml +2 -2
- package/rules/prompt-injection/ATR-2026-093-gradual-escalation.yaml +1 -1
- package/rules/prompt-injection/ATR-2026-104-persona-hijacking.yaml +72 -0
- package/rules/tool-poisoning/ATR-2026-100-consent-bypass-instruction.yaml +80 -0
- package/rules/tool-poisoning/ATR-2026-101-trust-escalation-override.yaml +66 -0
- package/rules/tool-poisoning/ATR-2026-103-hidden-safety-bypass-instruction.yaml +71 -0
- package/rules/tool-poisoning/ATR-2026-105-silent-action-concealment.yaml +67 -0
- package/rules/tool-poisoning/ATR-2026-106-schema-description-contradiction.yaml +66 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-tracker.js","sourceRoot":"","sources":["../src/session-tracker.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,kDAAkD;AAClD,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC,yCAAyC;AACzC,MAAM,YAAY,GAAG,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"session-tracker.js","sourceRoot":"","sources":["../src/session-tracker.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,kDAAkD;AAClD,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC,yCAAyC;AACzC,MAAM,YAAY,GAAG,MAAM,CAAC;AA6B5B,MAAM,OAAO,cAAc;IACR,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IAE5D;;;OAGG;IACH,WAAW,CAAC,SAAiB,EAAE,KAAiB,EAAE,WAA8B,EAAE;QAChF,IAAI,CAAC,cAAc,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,OAAO,GAAiB;YAC5B,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAE,CAAC;YAClC,UAAU,EAAE,GAAG;YACf,QAAQ;YACR,QAAQ;SACT,CAAC;QAEF,8BAA8B;QAC9B,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,IAAI,sBAAsB,EAAE,CAAC;YAClD,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;QAED,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1C,KAAK,CAAC,cAAc,GAAG,GAAG,CAAC;QAE3B,qBAAqB;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACjD,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC;QAED,wBAAwB;QACxB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC7C,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB,EAAE,QAAgB,EAAE,QAAgB;QACpE,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC;QAErB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACnC,IAAI,OAAO,CAAC,UAAU,IAAI,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAClE,KAAK,EAAE,CAAC;YACV,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,SAAiB,EAAE,OAAe,EAAE,QAAgB;QACtE,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC;QAErB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACnC,IAAI,OAAO,CAAC,UAAU,IAAI,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvE,KAAK,EAAE,CAAC;YACV,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,SAAiB,EAAE,QAAiB;QAChD,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC;QAErB,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;QAC7B,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACnC,IAAI,OAAO,CAAC,UAAU,IAAI,MAAM,EAAE,CAAC;gBACjC,KAAK,EAAE,CAAC;YACV,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,SAAiB;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAE7B,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACjF,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QAEvG,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,SAAS;YACT,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM;YAC/B,oBAAoB,EAAE,MAAM;YAC5B,oBAAoB,EAAE,MAAM;YAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;SACxD,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,OAAO,CAAC,QAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxC,IAAI,KAAK,CAAC,cAAc,GAAG,MAAM,EAAE,CAAC;gBAClC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACzB,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,yCAAyC;IACzC,eAAe;QACb,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACK,cAAc;QACpB,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,GAAG,YAAY;YAAE,OAAO;QAE9C,IAAI,QAA4B,CAAC;QACjC,IAAI,UAAU,GAAG,QAAQ,CAAC;QAE1B,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxC,IAAI,KAAK,CAAC,cAAc,GAAG,UAAU,EAAE,CAAC;gBACtC,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC;gBAClC,QAAQ,GAAG,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACjC,CAAC;IACH,CAAC;IAEO,kBAAkB,CAAC,SAAiB;QAC1C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,KAAK,GAAiB;YAC1B,MAAM,EAAE,EAAE;YACV,UAAU,EAAE,IAAI,GAAG,EAAE;YACrB,aAAa,EAAE,IAAI,GAAG,EAAE;YACxB,SAAS,EAAE,GAAG;YACd,cAAc,EAAE,GAAG;SACpB,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,eAAe,CAAC,KAAiB;QACvC,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;YACjE,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC;QACtD,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shadow Evaluator -- runs experimental rules without affecting verdict.
|
|
3
|
+
*
|
|
4
|
+
* Experimental rules evaluate against every event but don't influence
|
|
5
|
+
* the real verdict. Their match/no-match results are tracked to measure
|
|
6
|
+
* false positive rates. Rules with FP < threshold get promoted.
|
|
7
|
+
*
|
|
8
|
+
* @module agent-threat-rules/shadow-evaluator
|
|
9
|
+
*/
|
|
10
|
+
import type { ATRRule, ATRMatch, AgentEvent } from './types.js';
|
|
11
|
+
interface ShadowRuleStats {
|
|
12
|
+
readonly ruleId: string;
|
|
13
|
+
totalEvaluations: number;
|
|
14
|
+
totalMatches: number;
|
|
15
|
+
confirmedTruePositives: number;
|
|
16
|
+
confirmedFalsePositives: number;
|
|
17
|
+
firstSeen: number;
|
|
18
|
+
lastSeen: number;
|
|
19
|
+
}
|
|
20
|
+
export interface PromotionCandidate {
|
|
21
|
+
readonly rule: ATRRule;
|
|
22
|
+
readonly stats: Readonly<ShadowRuleStats>;
|
|
23
|
+
readonly fpRate: number;
|
|
24
|
+
}
|
|
25
|
+
export declare class ShadowEvaluator {
|
|
26
|
+
private readonly rules;
|
|
27
|
+
private readonly stats;
|
|
28
|
+
private readonly compiledPatterns;
|
|
29
|
+
/** Add an experimental rule for shadow evaluation */
|
|
30
|
+
addRule(rule: ATRRule): void;
|
|
31
|
+
/** Evaluate all shadow rules against an event (does NOT affect verdict) */
|
|
32
|
+
evaluate(event: AgentEvent): readonly ATRMatch[];
|
|
33
|
+
/** Record user feedback on a shadow match */
|
|
34
|
+
recordFeedback(ruleId: string, isTruePositive: boolean): void;
|
|
35
|
+
/**
|
|
36
|
+
* Get rules ready for promotion.
|
|
37
|
+
* Criteria: FP rate < maxFPRate AND minimum evaluations reached.
|
|
38
|
+
*/
|
|
39
|
+
getPromotionCandidates(maxFPRate?: number, minEvaluations?: number): readonly PromotionCandidate[];
|
|
40
|
+
/** Get stats for a specific rule */
|
|
41
|
+
getStats(ruleId: string): Readonly<ShadowRuleStats> | undefined;
|
|
42
|
+
/** Get all shadow rule stats */
|
|
43
|
+
getAllStats(): ReadonlyMap<string, Readonly<ShadowRuleStats>>;
|
|
44
|
+
/** Number of shadow rules */
|
|
45
|
+
size(): number;
|
|
46
|
+
}
|
|
47
|
+
export {};
|
|
48
|
+
//# sourceMappingURL=shadow-evaluator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shadow-evaluator.d.ts","sourceRoot":"","sources":["../src/shadow-evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAEhE,UAAU,eAAe;IACvB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,uBAAuB,EAAE,MAAM,CAAC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiB;IACvC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAsC;IAC5D,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAA6B;IAE9D,qDAAqD;IACrD,OAAO,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI;IAc5B,2EAA2E;IAC3E,QAAQ,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,QAAQ,EAAE;IAsDhD,6CAA6C;IAC7C,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,OAAO,GAAG,IAAI;IAU7D;;;OAGG;IACH,sBAAsB,CACpB,SAAS,GAAE,MAAc,EACzB,cAAc,GAAE,MAAa,GAC5B,SAAS,kBAAkB,EAAE;IAuBhC,oCAAoC;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,QAAQ,CAAC,eAAe,CAAC,GAAG,SAAS;IAK/D,gCAAgC;IAChC,WAAW,IAAI,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,eAAe,CAAC,CAAC;IAI7D,6BAA6B;IAC7B,IAAI,IAAI,MAAM;CAGf"}
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shadow Evaluator -- runs experimental rules without affecting verdict.
|
|
3
|
+
*
|
|
4
|
+
* Experimental rules evaluate against every event but don't influence
|
|
5
|
+
* the real verdict. Their match/no-match results are tracked to measure
|
|
6
|
+
* false positive rates. Rules with FP < threshold get promoted.
|
|
7
|
+
*
|
|
8
|
+
* @module agent-threat-rules/shadow-evaluator
|
|
9
|
+
*/
|
|
10
|
+
export class ShadowEvaluator {
|
|
11
|
+
rules = [];
|
|
12
|
+
stats = new Map();
|
|
13
|
+
compiledPatterns = new Map();
|
|
14
|
+
/** Add an experimental rule for shadow evaluation */
|
|
15
|
+
addRule(rule) {
|
|
16
|
+
if (this.rules.some((r) => r.id === rule.id))
|
|
17
|
+
return; // dedup
|
|
18
|
+
this.rules.push(rule);
|
|
19
|
+
this.stats.set(rule.id, {
|
|
20
|
+
ruleId: rule.id,
|
|
21
|
+
totalEvaluations: 0,
|
|
22
|
+
totalMatches: 0,
|
|
23
|
+
confirmedTruePositives: 0,
|
|
24
|
+
confirmedFalsePositives: 0,
|
|
25
|
+
firstSeen: Date.now(),
|
|
26
|
+
lastSeen: Date.now(),
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
/** Evaluate all shadow rules against an event (does NOT affect verdict) */
|
|
30
|
+
evaluate(event) {
|
|
31
|
+
const matches = [];
|
|
32
|
+
for (const rule of this.rules) {
|
|
33
|
+
const stat = this.stats.get(rule.id);
|
|
34
|
+
if (!stat)
|
|
35
|
+
continue;
|
|
36
|
+
stat.totalEvaluations++;
|
|
37
|
+
stat.lastSeen = Date.now();
|
|
38
|
+
// Simple regex evaluation for shadow rules
|
|
39
|
+
const detection = rule.detection;
|
|
40
|
+
const conditions = Array.isArray(detection.conditions)
|
|
41
|
+
? detection.conditions
|
|
42
|
+
: Object.values(detection.conditions);
|
|
43
|
+
let matched = false;
|
|
44
|
+
for (const cond of conditions) {
|
|
45
|
+
const c = cond;
|
|
46
|
+
const value = c['value'];
|
|
47
|
+
const field = c['field'];
|
|
48
|
+
if (!value || !field)
|
|
49
|
+
continue;
|
|
50
|
+
const text = event.fields?.[field] ?? event.content ?? '';
|
|
51
|
+
try {
|
|
52
|
+
let regex = this.compiledPatterns.get(value);
|
|
53
|
+
if (!regex) {
|
|
54
|
+
regex = new RegExp(value, 'i');
|
|
55
|
+
this.compiledPatterns.set(value, regex);
|
|
56
|
+
}
|
|
57
|
+
if (regex.test(text)) {
|
|
58
|
+
matched = true;
|
|
59
|
+
break;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
catch {
|
|
63
|
+
// Invalid regex
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
if (matched) {
|
|
67
|
+
stat.totalMatches++;
|
|
68
|
+
matches.push({
|
|
69
|
+
rule,
|
|
70
|
+
matchedConditions: ['shadow'],
|
|
71
|
+
matchedPatterns: ['shadow-match'],
|
|
72
|
+
confidence: 0.5, // Shadow matches have reduced confidence
|
|
73
|
+
timestamp: new Date().toISOString(),
|
|
74
|
+
});
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
return matches;
|
|
78
|
+
}
|
|
79
|
+
/** Record user feedback on a shadow match */
|
|
80
|
+
recordFeedback(ruleId, isTruePositive) {
|
|
81
|
+
const stat = this.stats.get(ruleId);
|
|
82
|
+
if (!stat)
|
|
83
|
+
return;
|
|
84
|
+
if (isTruePositive) {
|
|
85
|
+
stat.confirmedTruePositives++;
|
|
86
|
+
}
|
|
87
|
+
else {
|
|
88
|
+
stat.confirmedFalsePositives++;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Get rules ready for promotion.
|
|
93
|
+
* Criteria: FP rate < maxFPRate AND minimum evaluations reached.
|
|
94
|
+
*/
|
|
95
|
+
getPromotionCandidates(maxFPRate = 0.001, minEvaluations = 1000) {
|
|
96
|
+
const candidates = [];
|
|
97
|
+
for (const rule of this.rules) {
|
|
98
|
+
const stat = this.stats.get(rule.id);
|
|
99
|
+
if (!stat || stat.totalEvaluations < minEvaluations)
|
|
100
|
+
continue;
|
|
101
|
+
const fpRate = stat.totalMatches > 0
|
|
102
|
+
? stat.confirmedFalsePositives / stat.totalMatches
|
|
103
|
+
: 0;
|
|
104
|
+
// Only promote if:
|
|
105
|
+
// 1. Has been evaluated enough times
|
|
106
|
+
// 2. FP rate is below threshold
|
|
107
|
+
// 3. Has at least some matches (not a dead rule)
|
|
108
|
+
if (fpRate <= maxFPRate && stat.totalMatches > 0) {
|
|
109
|
+
candidates.push({ rule, stats: { ...stat }, fpRate });
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
return candidates;
|
|
113
|
+
}
|
|
114
|
+
/** Get stats for a specific rule */
|
|
115
|
+
getStats(ruleId) {
|
|
116
|
+
const stat = this.stats.get(ruleId);
|
|
117
|
+
return stat ? { ...stat } : undefined;
|
|
118
|
+
}
|
|
119
|
+
/** Get all shadow rule stats */
|
|
120
|
+
getAllStats() {
|
|
121
|
+
return new Map(Array.from(this.stats.entries()).map(([k, v]) => [k, { ...v }]));
|
|
122
|
+
}
|
|
123
|
+
/** Number of shadow rules */
|
|
124
|
+
size() {
|
|
125
|
+
return this.rules.length;
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
//# sourceMappingURL=shadow-evaluator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"shadow-evaluator.js","sourceRoot":"","sources":["../src/shadow-evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAoBH,MAAM,OAAO,eAAe;IACT,KAAK,GAAc,EAAE,CAAC;IACtB,KAAK,GAAG,IAAI,GAAG,EAA2B,CAAC;IAC3C,gBAAgB,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9D,qDAAqD;IACrD,OAAO,CAAC,IAAa;QACnB,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;YAAE,OAAO,CAAC,QAAQ;QAC9D,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE;YACtB,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,gBAAgB,EAAE,CAAC;YACnB,YAAY,EAAE,CAAC;YACf,sBAAsB,EAAE,CAAC;YACzB,uBAAuB,EAAE,CAAC;YAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;SACrB,CAAC,CAAC;IACL,CAAC;IAED,2EAA2E;IAC3E,QAAQ,CAAC,KAAiB;QACxB,MAAM,OAAO,GAAe,EAAE,CAAC;QAE/B,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI;gBAAE,SAAS;YAEpB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE3B,2CAA2C;YAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC;gBACpD,CAAC,CAAC,SAAS,CAAC,UAAU;gBACtB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAExC,IAAI,OAAO,GAAG,KAAK,CAAC;YACpB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,IAA0C,CAAC;gBACrD,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAW,CAAC;gBACnC,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,CAAW,CAAC;gBACnC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK;oBAAE,SAAS;gBAE/B,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC;gBAC1D,IAAI,CAAC;oBACH,IAAI,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;oBAC7C,IAAI,CAAC,KAAK,EAAE,CAAC;wBACX,KAAK,GAAG,IAAI,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;wBAC/B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;oBAC1C,CAAC;oBACD,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;wBACrB,OAAO,GAAG,IAAI,CAAC;wBACf,MAAM;oBACR,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI;oBACJ,iBAAiB,EAAE,CAAC,QAAQ,CAAC;oBAC7B,eAAe,EAAE,CAAC,cAAc,CAAC;oBACjC,UAAU,EAAE,GAAG,EAAE,yCAAyC;oBAC1D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,6CAA6C;IAC7C,cAAc,CAAC,MAAc,EAAE,cAAuB;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,IAAI,cAAc,EAAE,CAAC;YACnB,IAAI,CAAC,sBAAsB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,sBAAsB,CACpB,YAAoB,KAAK,EACzB,iBAAyB,IAAI;QAE7B,MAAM,UAAU,GAAyB,EAAE,CAAC;QAE5C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,GAAG,cAAc;gBAAE,SAAS;YAE9D,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,GAAG,CAAC;gBAClC,CAAC,CAAC,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC,YAAY;gBAClD,CAAC,CAAC,CAAC,CAAC;YAEN,mBAAmB;YACnB,qCAAqC;YACrC,gCAAgC;YAChC,iDAAiD;YACjD,IAAI,MAAM,IAAI,SAAS,IAAI,IAAI,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;gBACjD,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,oCAAoC;IACpC,QAAQ,CAAC,MAAc;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IACxC,CAAC;IAED,gCAAgC;IAChC,WAAW;QACT,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,CAAC;IAED,6BAA6B;IAC7B,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;CACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"skill-fingerprint.d.ts","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"skill-fingerprint.d.ts","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAU7C,mDAAmD;AACnD,UAAU,iBAAiB;IACzB,qDAAqD;IACrD,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5C,4CAA4C;IAC5C,QAAQ,CAAC,cAAc,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7C,yCAAyC;IACzC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC1C,oCAAoC;IACpC,QAAQ,CAAC,YAAY,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC3C,6EAA6E;IAC7E,QAAQ,CAAC,cAAc,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;CAC9C;AAED,qCAAqC;AACrC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,YAAY,EAAE,iBAAiB,CAAC;IACzC,gDAAgD;IAChD,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAED,sDAAsD;AACtD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAChB,mBAAmB,GACnB,oBAAoB,GACpB,gBAAgB,GAChB,kBAAkB,GAClB,oBAAoB,GACpB,sBAAsB,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAC1D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAsDD,MAAM,WAAW,sBAAsB;IACrC,yEAAyE;IACzE,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyC;IACtE,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAC5C,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,MAAM,CAAC,EAAE,sBAAsB;IAK3C;;;OAGG;IACH,gBAAgB,CACd,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,UAAU,GAChB,SAAS,eAAe,EAAE;IA8H7B;;OAEG;IACH,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAqB/D,kCAAkC;IAClC,gBAAgB,IAAI,MAAM,EAAE;IAI5B,uCAAuC;IACvC,cAAc,IAAI,MAAM;IAQxB,+BAA+B;IAC/B,eAAe,IAAI,MAAM;IAIzB;;OAEG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAIzC;;OAEG;IACH,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAgBjC,OAAO,CAAC,WAAW;IAkCnB,OAAO,CAAC,qBAAqB;CAU9B"}
|
|
@@ -11,62 +11,20 @@
|
|
|
11
11
|
* @module agent-threat-rules/skill-fingerprint
|
|
12
12
|
*/
|
|
13
13
|
import { createHash } from 'node:crypto';
|
|
14
|
+
import { extractCapabilities as sharedExtractCapabilities, } from './capability-extractor.js';
|
|
14
15
|
// ---------------------------------------------------------------------------
|
|
15
|
-
//
|
|
16
|
+
// Capability extraction (shared with tier0-invariant.ts)
|
|
16
17
|
// ---------------------------------------------------------------------------
|
|
17
|
-
|
|
18
|
-
const FS_READ_PATTERN = /(?:read(?:File)?|readdir|stat|access|exists|glob|find\s)/i;
|
|
19
|
-
const FS_DELETE_PATTERN = /(?:unlink|rm\s+-rf|delete(?:File)?|removeDir|rmdir)/i;
|
|
20
|
-
const NETWORK_PATTERN = /(?:https?:\/\/|fetch|curl|wget|axios|http\.request|net\.connect|socket)[\s('"]*([a-zA-Z0-9.-]+(?:\.[a-zA-Z]{2,}))/i;
|
|
21
|
-
const ENV_PATTERN = /(?:process\.env|os\.environ|getenv|System\.getenv)\[?['"(]?([A-Z_][A-Z0-9_]*)/i;
|
|
22
|
-
const ENV_INLINE_PATTERN = /\$\{?([A-Z_][A-Z0-9_]{2,})\}?/g;
|
|
23
|
-
const EXEC_PATTERN = /(?:child_process|spawn|exec(?:File)?|system\(|popen|subprocess|shell_exec|os\.system)\s*\(\s*['"(]?([^\s'")\]]{1,80})/i;
|
|
24
|
-
const EXFIL_PATTERN = /(?:base64|btoa|encode|compress|deflate|gzip).*(?:http|fetch|curl|send|post|upload)/i;
|
|
25
|
-
const REDIRECT_PATTERN = /(?:redirect|forward|proxy|tunnel)\s+(?:to\s+)?(?:https?:\/\/)/i;
|
|
26
|
-
/** Classify a text content into behavioral capabilities */
|
|
18
|
+
/** Wrapper for shared extractCapabilities, mapping to local format */
|
|
27
19
|
function extractCapabilities(text) {
|
|
28
|
-
const
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
20
|
+
const caps = sharedExtractCapabilities(text);
|
|
21
|
+
return {
|
|
22
|
+
filesystemOps: [...caps.filesystemOps],
|
|
23
|
+
networkTargets: [...caps.networkTargets],
|
|
24
|
+
envAccesses: [...caps.envAccesses],
|
|
25
|
+
processExecs: [...caps.processExecs],
|
|
26
|
+
outputPatterns: [...caps.outputPatterns],
|
|
34
27
|
};
|
|
35
|
-
if (!text || text.length === 0)
|
|
36
|
-
return result;
|
|
37
|
-
// Limit analysis to first 10KB to prevent ReDoS
|
|
38
|
-
const safeText = text.slice(0, 10_240);
|
|
39
|
-
// Filesystem
|
|
40
|
-
if (FS_WRITE_PATTERN.test(safeText))
|
|
41
|
-
result.filesystemOps.push('write');
|
|
42
|
-
if (FS_READ_PATTERN.test(safeText))
|
|
43
|
-
result.filesystemOps.push('read');
|
|
44
|
-
if (FS_DELETE_PATTERN.test(safeText))
|
|
45
|
-
result.filesystemOps.push('delete');
|
|
46
|
-
// Network targets
|
|
47
|
-
const netMatch = safeText.match(NETWORK_PATTERN);
|
|
48
|
-
if (netMatch?.[1])
|
|
49
|
-
result.networkTargets.push(netMatch[1]);
|
|
50
|
-
// Environment variable accesses
|
|
51
|
-
const envMatch = safeText.match(ENV_PATTERN);
|
|
52
|
-
if (envMatch?.[1])
|
|
53
|
-
result.envAccesses.push(envMatch[1]);
|
|
54
|
-
// Also check inline env vars like $HOME, ${API_KEY}
|
|
55
|
-
for (const m of safeText.matchAll(ENV_INLINE_PATTERN)) {
|
|
56
|
-
if (m[1] && !result.envAccesses.includes(m[1])) {
|
|
57
|
-
result.envAccesses.push(m[1]);
|
|
58
|
-
}
|
|
59
|
-
}
|
|
60
|
-
// Process executions
|
|
61
|
-
const execMatch = safeText.match(EXEC_PATTERN);
|
|
62
|
-
if (execMatch?.[1])
|
|
63
|
-
result.processExecs.push(execMatch[1]);
|
|
64
|
-
// Output patterns
|
|
65
|
-
if (EXFIL_PATTERN.test(safeText))
|
|
66
|
-
result.outputPatterns.push('exfiltration');
|
|
67
|
-
if (REDIRECT_PATTERN.test(safeText))
|
|
68
|
-
result.outputPatterns.push('redirect');
|
|
69
|
-
return result;
|
|
70
28
|
}
|
|
71
29
|
// ---------------------------------------------------------------------------
|
|
72
30
|
// Fingerprint Store
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"skill-fingerprint.js","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"skill-fingerprint.js","sourceRoot":"","sources":["../src/skill-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EACL,mBAAmB,IAAI,yBAAyB,GAEjD,MAAM,2BAA2B,CAAC;AAiEnC,8EAA8E;AAC9E,yDAAyD;AACzD,8EAA8E;AAE9E,sEAAsE;AACtE,SAAS,mBAAmB,CAAC,IAAY;IAOvC,MAAM,IAAI,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAC7C,OAAO;QACL,aAAa,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,CAAC;QACtC,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;QACxC,WAAW,EAAE,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC;QAClC,YAAY,EAAE,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC;QACpC,cAAc,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;KACzC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,yEAAyE;AACzE,MAAM,2BAA2B,GAAG,EAAE,CAAC;AAEvC,sEAAsE;AACtE,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,wCAAwC;AACxC,MAAM,UAAU,GAAG,KAAK,CAAC;AASzB,MAAM,OAAO,qBAAqB;IACf,YAAY,GAAG,IAAI,GAAG,EAA8B,CAAC;IACrD,kBAAkB,CAAS;IAC3B,YAAY,CAAS;IAEtC,YAAY,MAA+B;QACzC,IAAI,CAAC,kBAAkB,GAAG,MAAM,EAAE,kBAAkB,IAAI,2BAA2B,CAAC;QACpF,IAAI,CAAC,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,qBAAqB,CAAC;IACpE,CAAC;IAED;;;OAGG;IACH,gBAAgB,CACd,SAAiB,EACjB,KAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC5C,EAAE,CAAC,eAAe,EAAE,CAAC;QACrB,EAAE,CAAC,QAAQ,GAAG,GAAG,CAAC;QAElB,mDAAmD;QACnD,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,OAAO,IAAI,EAAE;YACnB,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,IAAI,EAAE;YACjC,KAAK,CAAC,MAAM,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE;SACtC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE1C,sDAAsD;QACtD,MAAM,SAAS,GAAsB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,KAAK,IAAI,CAAC;QAExC,IAAI,QAAQ,EAAE,CAAC;YACb,wDAAwD;YACxD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC9B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,mBAAmB;wBAChC,WAAW,EAAE,UAAU,SAAS,0CAA0C,EAAE,oBAAoB;wBAChG,QAAQ,EAAE,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;wBAC3E,QAAQ,EAAE,EAAE;wBACZ,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACzC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBACnC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,oCAAoC,MAAM,EAAE;wBAC5E,QAAQ,EAAE,MAAM;wBAChB,QAAQ,EAAE,MAAM;wBAChB,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACnC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC7B,MAAM,WAAW,GAAG,2CAA2C,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBAC1E,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,gBAAgB;wBAC7B,WAAW,EAAE,UAAU,SAAS,4BAA4B,GAAG,EAAE;wBACjE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ;wBAC7C,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACrC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,kBAAkB;wBAC/B,WAAW,EAAE,UAAU,SAAS,4BAA4B,IAAI,EAAE;wBAClE,QAAQ,EAAE,UAAU;wBACpB,QAAQ,EAAE,IAAI;wBACd,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACtC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBAChC,SAAS,CAAC,IAAI,CAAC;wBACb,SAAS;wBACT,WAAW,EAAE,oBAAoB;wBACjC,WAAW,EAAE,UAAU,SAAS,6BAA6B,GAAG,EAAE;wBAClE,QAAQ,EAAE,GAAG,KAAK,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;wBACtD,QAAQ,EAAE,GAAG;wBACb,SAAS,EAAE,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,gDAAgD;QAChD,IAAI,WAAW,GAAG,KAAK,CAAC;QACxB,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC5E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAC9E,CAAC;QACD,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAAC,WAAW,GAAG,IAAI,CAAC;YAAC,CAAC;QAClF,CAAC;QAED,kBAAkB;QAClB,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,WAAW,EAAE,CAAC;gBAChB,EAAE,CAAC,YAAY,GAAG,CAAC,CAAC;YACtB,CAAC;iBAAM,CAAC;gBACN,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,CAAC;YAED,iCAAiC;YACjC,IACE,EAAE,CAAC,eAAe,IAAI,IAAI,CAAC,kBAAkB;gBAC7C,EAAE,CAAC,YAAY,IAAI,IAAI,CAAC,YAAY,EACpC,CAAC;gBACD,EAAE,CAAC,UAAU,GAAG,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,SAAiB;QAC9B,MAAM,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,EAAE;YAAE,OAAO,SAAS,CAAC;QAE1B,OAAO;YACL,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,eAAe,EAAE,EAAE,CAAC,eAAe;YACnC,SAAS,EAAE,EAAE,CAAC,SAAS;YACvB,QAAQ,EAAE,EAAE,CAAC,QAAQ;YACrB,QAAQ,EAAE,EAAE,CAAC,UAAU,KAAK,IAAI;YAChC,YAAY,EAAE;gBACZ,aAAa,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC;gBACxC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;gBAC1C,WAAW,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,WAAW,CAAC;gBACpC,YAAY,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,YAAY,CAAC;gBACtC,cAAc,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,cAAc,CAAC;aAC3C;YACD,cAAc,EAAE,EAAE,CAAC,UAAU,IAAI,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC;SAChE,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,gBAAgB;QACd,OAAO,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,uCAAuC;IACvC,cAAc;QACZ,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,EAAE,CAAC;YAC5C,IAAI,EAAE,CAAC,UAAU,KAAK,IAAI;gBAAE,KAAK,EAAE,CAAC;QACtC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,+BAA+B;IAC/B,eAAe;QACb,OAAO,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,QAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QACrC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,MAAM,EAAE,CAAC;gBACzB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC/B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,0EAA0E;IAC1E,UAAU;IACV,0EAA0E;IAElE,WAAW,CAAC,SAAiB,EAAE,GAAW;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,8BAA8B;QAC9B,IAAI,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,UAAU,EAAE,CAAC;YACzC,IAAI,UAA8B,CAAC;YACnC,IAAI,UAAU,GAAG,QAAQ,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,IAAI,EAAE,CAAC,QAAQ,GAAG,UAAU,EAAE,CAAC;oBAC7B,UAAU,GAAG,EAAE,CAAC,QAAQ,CAAC;oBACzB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YACD,IAAI,UAAU;gBAAE,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACvD,CAAC;QAED,MAAM,EAAE,GAAuB;YAC7B,SAAS;YACT,eAAe,EAAE,CAAC;YAClB,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,GAAG;YACb,aAAa,EAAE,IAAI,GAAG,EAAE;YACxB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,WAAW,EAAE,IAAI,GAAG,EAAE;YACtB,YAAY,EAAE,IAAI,GAAG,EAAE;YACvB,cAAc,EAAE,IAAI,GAAG,EAAE;YACzB,UAAU,EAAE,IAAI;YAChB,YAAY,EAAE,CAAC;SAChB,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,qBAAqB,CAAC,EAAsB;QAClD,MAAM,KAAK,GAAG;YACZ,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACtC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACvC,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACpC,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;YACrC,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC;SACxC,CAAC;QACF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjF,CAAC;CACF"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tier 0: Invariant Enforcement
|
|
3
|
+
*
|
|
4
|
+
* Hard boundaries that enforce what a skill is ALLOWED to do,
|
|
5
|
+
* regardless of what its description says or how it phrases requests.
|
|
6
|
+
*
|
|
7
|
+
* This is NOT pattern matching. It is permission checking.
|
|
8
|
+
* A skill declares capabilities in its manifest. Any action outside
|
|
9
|
+
* the manifest is immediately denied with severity=critical.
|
|
10
|
+
*
|
|
11
|
+
* Inspired by Tesla's AEB (Automatic Emergency Braking):
|
|
12
|
+
* it doesn't care what the neural network thinks -- it enforces physics.
|
|
13
|
+
*
|
|
14
|
+
* @module agent-threat-rules/tier0-invariant
|
|
15
|
+
*/
|
|
16
|
+
import type { AgentEvent, ATRMatch } from './types.js';
|
|
17
|
+
/** Skill capability manifest -- declares what a skill is allowed to do */
|
|
18
|
+
export interface SkillManifest {
|
|
19
|
+
readonly skillId: string;
|
|
20
|
+
readonly allowedPaths?: readonly string[];
|
|
21
|
+
readonly allowedHosts?: readonly string[];
|
|
22
|
+
readonly allowedEnvVars?: readonly string[];
|
|
23
|
+
readonly allowedCommands?: readonly string[];
|
|
24
|
+
readonly maxNetworkCalls?: number;
|
|
25
|
+
readonly allowConfigModification?: boolean;
|
|
26
|
+
}
|
|
27
|
+
export type InvariantViolationType = 'path_scope' | 'host_scope' | 'env_scope' | 'command_scope' | 'config_modification' | 'network_limit';
|
|
28
|
+
/** Result when an invariant is violated */
|
|
29
|
+
export interface InvariantViolation {
|
|
30
|
+
readonly skillId: string;
|
|
31
|
+
readonly violationType: InvariantViolationType;
|
|
32
|
+
readonly description: string;
|
|
33
|
+
readonly observedValue: string;
|
|
34
|
+
readonly allowedValues: readonly string[];
|
|
35
|
+
}
|
|
36
|
+
export declare class InvariantChecker {
|
|
37
|
+
private readonly manifests;
|
|
38
|
+
constructor(manifests: ReadonlyMap<string, SkillManifest> | SkillManifest[]);
|
|
39
|
+
/**
|
|
40
|
+
* Check an event against the skill's manifest.
|
|
41
|
+
* Returns empty array if no violations (or no manifest for the skill).
|
|
42
|
+
*/
|
|
43
|
+
check(event: AgentEvent): readonly InvariantViolation[];
|
|
44
|
+
/** Build a synthetic ATRMatch from an invariant violation */
|
|
45
|
+
buildDenyMatch(violation: InvariantViolation): ATRMatch;
|
|
46
|
+
/** Resolve skill ID from event metadata */
|
|
47
|
+
private resolveSkillId;
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=tier0-invariant.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tier0-invariant.d.ts","sourceRoot":"","sources":["../src/tier0-invariant.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAwB,MAAM,YAAY,CAAC;AA6B7E,0EAA0E;AAC1E,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,YAAY,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,eAAe,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAC5C;AAED,MAAM,MAAM,sBAAsB,GAC9B,YAAY,GACZ,YAAY,GACZ,WAAW,GACX,eAAe,GACf,qBAAqB,GACrB,eAAe,CAAC;AAEpB,2CAA2C;AAC3C,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,aAAa,EAAE,sBAAsB,CAAC;IAC/C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC;CAC3C;AAMD,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAqC;gBAEnD,SAAS,EAAE,WAAW,CAAC,MAAM,EAAE,aAAa,CAAC,GAAG,aAAa,EAAE;IAY3E;;;OAGG;IACH,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,kBAAkB,EAAE;IAsGvD,6DAA6D;IAC7D,cAAc,CAAC,SAAS,EAAE,kBAAkB,GAAG,QAAQ;IA+BvD,2CAA2C;IAC3C,OAAO,CAAC,cAAc;CAKvB"}
|
|
@@ -0,0 +1,184 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tier 0: Invariant Enforcement
|
|
3
|
+
*
|
|
4
|
+
* Hard boundaries that enforce what a skill is ALLOWED to do,
|
|
5
|
+
* regardless of what its description says or how it phrases requests.
|
|
6
|
+
*
|
|
7
|
+
* This is NOT pattern matching. It is permission checking.
|
|
8
|
+
* A skill declares capabilities in its manifest. Any action outside
|
|
9
|
+
* the manifest is immediately denied with severity=critical.
|
|
10
|
+
*
|
|
11
|
+
* Inspired by Tesla's AEB (Automatic Emergency Braking):
|
|
12
|
+
* it doesn't care what the neural network thinks -- it enforces physics.
|
|
13
|
+
*
|
|
14
|
+
* @module agent-threat-rules/tier0-invariant
|
|
15
|
+
*/
|
|
16
|
+
import { extractCapabilities } from './capability-extractor.js';
|
|
17
|
+
// ---------------------------------------------------------------------------
|
|
18
|
+
// Helpers
|
|
19
|
+
// ---------------------------------------------------------------------------
|
|
20
|
+
/** Simple glob match: supports * (any chars) and ** (any path segments) */
|
|
21
|
+
function simpleGlobMatch(value, pattern) {
|
|
22
|
+
if (pattern === '*' || pattern === '**')
|
|
23
|
+
return true;
|
|
24
|
+
if (pattern === value)
|
|
25
|
+
return true;
|
|
26
|
+
// Convert glob to regex: * → [^/]*, ** → .*, escape rest
|
|
27
|
+
const regexStr = pattern
|
|
28
|
+
.replace(/[.+^${}()|[\]\\]/g, '\\$&')
|
|
29
|
+
.replace(/\*\*/g, '<<GLOBSTAR>>')
|
|
30
|
+
.replace(/\*/g, '[^/]*')
|
|
31
|
+
.replace(/<<GLOBSTAR>>/g, '.*');
|
|
32
|
+
try {
|
|
33
|
+
return new RegExp(`^${regexStr}$`).test(value);
|
|
34
|
+
}
|
|
35
|
+
catch {
|
|
36
|
+
return value.startsWith(pattern.replace(/\*/g, ''));
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
// ---------------------------------------------------------------------------
|
|
40
|
+
// Invariant Checker
|
|
41
|
+
// ---------------------------------------------------------------------------
|
|
42
|
+
export class InvariantChecker {
|
|
43
|
+
manifests;
|
|
44
|
+
constructor(manifests) {
|
|
45
|
+
const map = new Map();
|
|
46
|
+
if (Array.isArray(manifests)) {
|
|
47
|
+
for (const m of manifests) {
|
|
48
|
+
map.set(m.skillId, m);
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
else {
|
|
52
|
+
manifests.forEach((v, k) => map.set(k, v));
|
|
53
|
+
}
|
|
54
|
+
this.manifests = map;
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Check an event against the skill's manifest.
|
|
58
|
+
* Returns empty array if no violations (or no manifest for the skill).
|
|
59
|
+
*/
|
|
60
|
+
check(event) {
|
|
61
|
+
const skillId = this.resolveSkillId(event);
|
|
62
|
+
if (!skillId)
|
|
63
|
+
return [];
|
|
64
|
+
const manifest = this.manifests.get(skillId);
|
|
65
|
+
if (!manifest)
|
|
66
|
+
return []; // No manifest = fail-open (unmanifested skills are not checked)
|
|
67
|
+
const allText = [
|
|
68
|
+
event.content ?? '',
|
|
69
|
+
event.fields?.tool_args ?? '',
|
|
70
|
+
event.fields?.tool_response ?? '',
|
|
71
|
+
].join(' ');
|
|
72
|
+
const caps = extractCapabilities(allText);
|
|
73
|
+
const violations = [];
|
|
74
|
+
// Check filesystem paths
|
|
75
|
+
if (manifest.allowedPaths && caps.filesystemPaths.length > 0) {
|
|
76
|
+
for (const path of caps.filesystemPaths) {
|
|
77
|
+
const allowed = manifest.allowedPaths.some((pattern) => simpleGlobMatch(path, pattern));
|
|
78
|
+
if (!allowed) {
|
|
79
|
+
violations.push({
|
|
80
|
+
skillId,
|
|
81
|
+
violationType: 'path_scope',
|
|
82
|
+
description: `Skill "${skillId}" accessed path "${path}" outside allowed scope`,
|
|
83
|
+
observedValue: path,
|
|
84
|
+
allowedValues: manifest.allowedPaths,
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
// Check network hosts
|
|
90
|
+
if (manifest.allowedHosts && caps.networkTargets.length > 0) {
|
|
91
|
+
for (const host of caps.networkTargets) {
|
|
92
|
+
const allowed = manifest.allowedHosts.some((pattern) => host === pattern || host.endsWith('.' + pattern) || pattern === '*');
|
|
93
|
+
if (!allowed) {
|
|
94
|
+
violations.push({
|
|
95
|
+
skillId,
|
|
96
|
+
violationType: 'host_scope',
|
|
97
|
+
description: `Skill "${skillId}" contacted host "${host}" outside allowed scope`,
|
|
98
|
+
observedValue: host,
|
|
99
|
+
allowedValues: manifest.allowedHosts,
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
// Check environment variables
|
|
105
|
+
if (manifest.allowedEnvVars && caps.envAccesses.length > 0) {
|
|
106
|
+
for (const envVar of caps.envAccesses) {
|
|
107
|
+
const allowed = manifest.allowedEnvVars.some((pattern) => envVar === pattern || (pattern.endsWith('*') && envVar.startsWith(pattern.slice(0, -1))));
|
|
108
|
+
if (!allowed) {
|
|
109
|
+
violations.push({
|
|
110
|
+
skillId,
|
|
111
|
+
violationType: 'env_scope',
|
|
112
|
+
description: `Skill "${skillId}" accessed env var "${envVar}" outside allowed scope`,
|
|
113
|
+
observedValue: envVar,
|
|
114
|
+
allowedValues: manifest.allowedEnvVars,
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
// Check command execution
|
|
120
|
+
if (manifest.allowedCommands && caps.processExecs.length > 0) {
|
|
121
|
+
for (const cmd of caps.processExecs) {
|
|
122
|
+
const allowed = manifest.allowedCommands.some((pattern) => cmd === pattern || cmd.startsWith(pattern + ' '));
|
|
123
|
+
if (!allowed) {
|
|
124
|
+
violations.push({
|
|
125
|
+
skillId,
|
|
126
|
+
violationType: 'command_scope',
|
|
127
|
+
description: `Skill "${skillId}" executed command "${cmd}" outside allowed scope`,
|
|
128
|
+
observedValue: cmd,
|
|
129
|
+
allowedValues: manifest.allowedCommands,
|
|
130
|
+
});
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
// Check config modification
|
|
135
|
+
if (manifest.allowConfigModification === false && caps.configModifications) {
|
|
136
|
+
violations.push({
|
|
137
|
+
skillId,
|
|
138
|
+
violationType: 'config_modification',
|
|
139
|
+
description: `Skill "${skillId}" attempted to modify agent configuration files`,
|
|
140
|
+
observedValue: 'config file access detected',
|
|
141
|
+
allowedValues: ['none'],
|
|
142
|
+
});
|
|
143
|
+
}
|
|
144
|
+
return violations;
|
|
145
|
+
}
|
|
146
|
+
/** Build a synthetic ATRMatch from an invariant violation */
|
|
147
|
+
buildDenyMatch(violation) {
|
|
148
|
+
const syntheticRule = {
|
|
149
|
+
title: `Invariant Violation: ${violation.violationType}`,
|
|
150
|
+
id: `tier0-invariant-${violation.violationType}`,
|
|
151
|
+
status: 'stable',
|
|
152
|
+
description: violation.description,
|
|
153
|
+
author: 'atr-engine/tier0',
|
|
154
|
+
date: new Date().toISOString().slice(0, 10),
|
|
155
|
+
severity: 'critical',
|
|
156
|
+
tags: {
|
|
157
|
+
category: 'privilege-escalation',
|
|
158
|
+
subcategory: violation.violationType,
|
|
159
|
+
confidence: 'high',
|
|
160
|
+
},
|
|
161
|
+
agent_source: { type: 'skill_permission' },
|
|
162
|
+
detection: { conditions: [], condition: 'tier0-invariant' },
|
|
163
|
+
response: {
|
|
164
|
+
actions: ['block_input', 'alert', 'snapshot'],
|
|
165
|
+
message_template: violation.description,
|
|
166
|
+
},
|
|
167
|
+
};
|
|
168
|
+
return {
|
|
169
|
+
rule: syntheticRule,
|
|
170
|
+
matchedConditions: [violation.violationType],
|
|
171
|
+
matchedPatterns: [`${violation.observedValue} not in [${violation.allowedValues.join(', ')}]`],
|
|
172
|
+
confidence: 1.0,
|
|
173
|
+
timestamp: new Date().toISOString(),
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
/** Resolve skill ID from event metadata */
|
|
177
|
+
resolveSkillId(event) {
|
|
178
|
+
const fromMetadata = event.metadata?.skillId;
|
|
179
|
+
if (typeof fromMetadata === 'string')
|
|
180
|
+
return fromMetadata;
|
|
181
|
+
return event.fields?.skill_id ?? event.fields?.tool_name ?? undefined;
|
|
182
|
+
}
|
|
183
|
+
}
|
|
184
|
+
//# sourceMappingURL=tier0-invariant.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tier0-invariant.js","sourceRoot":"","sources":["../src/tier0-invariant.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,2EAA2E;AAC3E,SAAS,eAAe,CAAC,KAAa,EAAE,OAAe;IACrD,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,OAAO,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAEnC,yDAAyD;IACzD,MAAM,QAAQ,GAAG,OAAO;SACrB,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;SACpC,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC;SAChC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;SACvB,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IAElC,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAkCD,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,OAAO,gBAAgB;IACV,SAAS,CAAqC;IAE/D,YAAY,SAA+D;QACzE,MAAM,GAAG,GAAG,IAAI,GAAG,EAAyB,CAAC;QAC7C,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7B,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;gBAC1B,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;IACvB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAiB;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QAExB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,CAAC,CAAC,gEAAgE;QAE1F,MAAM,OAAO,GAAG;YACd,KAAK,CAAC,OAAO,IAAI,EAAE;YACnB,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,EAAE;YAC7B,KAAK,CAAC,MAAM,EAAE,aAAa,IAAI,EAAE;SAClC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,MAAM,IAAI,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAyB,EAAE,CAAC;QAE5C,yBAAyB;QACzB,IAAI,QAAQ,CAAC,YAAY,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7D,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CACrD,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAC/B,CAAC;gBACF,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,UAAU,CAAC,IAAI,CAAC;wBACd,OAAO;wBACP,aAAa,EAAE,YAAY;wBAC3B,WAAW,EAAE,UAAU,OAAO,oBAAoB,IAAI,yBAAyB;wBAC/E,aAAa,EAAE,IAAI;wBACnB,aAAa,EAAE,QAAQ,CAAC,YAAY;qBACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,IAAI,QAAQ,CAAC,YAAY,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5D,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,QAAQ,CAAC,YAAY,CAAC,IAAI,CACxC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,OAAO,KAAK,GAAG,CACjF,CAAC;gBACF,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,UAAU,CAAC,IAAI,CAAC;wBACd,OAAO;wBACP,aAAa,EAAE,YAAY;wBAC3B,WAAW,EAAE,UAAU,OAAO,qBAAqB,IAAI,yBAAyB;wBAChF,aAAa,EAAE,IAAI;wBACnB,aAAa,EAAE,QAAQ,CAAC,YAAY;qBACrC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,cAAc,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3D,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,cAAc,CAAC,IAAI,CAC1C,CAAC,OAAO,EAAE,EAAE,CAAC,MAAM,KAAK,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CACtG,CAAC;gBACF,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,UAAU,CAAC,IAAI,CAAC;wBACd,OAAO;wBACP,aAAa,EAAE,WAAW;wBAC1B,WAAW,EAAE,UAAU,OAAO,uBAAuB,MAAM,yBAAyB;wBACpF,aAAa,EAAE,MAAM;wBACrB,aAAa,EAAE,QAAQ,CAAC,cAAc;qBACvC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,QAAQ,CAAC,eAAe,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpC,MAAM,OAAO,GAAG,QAAQ,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,KAAK,OAAO,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,CAC9D,CAAC;gBACF,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,UAAU,CAAC,IAAI,CAAC;wBACd,OAAO;wBACP,aAAa,EAAE,eAAe;wBAC9B,WAAW,EAAE,UAAU,OAAO,uBAAuB,GAAG,yBAAyB;wBACjF,aAAa,EAAE,GAAG;wBAClB,aAAa,EAAE,QAAQ,CAAC,eAAe;qBACxC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,QAAQ,CAAC,uBAAuB,KAAK,KAAK,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC3E,UAAU,CAAC,IAAI,CAAC;gBACd,OAAO;gBACP,aAAa,EAAE,qBAAqB;gBACpC,WAAW,EAAE,UAAU,OAAO,iDAAiD;gBAC/E,aAAa,EAAE,6BAA6B;gBAC5C,aAAa,EAAE,CAAC,MAAM,CAAC;aACxB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,6DAA6D;IAC7D,cAAc,CAAC,SAA6B;QAC1C,MAAM,aAAa,GAAY;YAC7B,KAAK,EAAE,wBAAwB,SAAS,CAAC,aAAa,EAAE;YACxD,EAAE,EAAE,mBAAmB,SAAS,CAAC,aAAa,EAAE;YAChD,MAAM,EAAE,QAAiB;YACzB,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC3C,QAAQ,EAAE,UAAyB;YACnC,IAAI,EAAE;gBACJ,QAAQ,EAAE,sBAAsB;gBAChC,WAAW,EAAE,SAAS,CAAC,aAAa;gBACpC,UAAU,EAAE,MAAe;aAC5B;YACD,YAAY,EAAE,EAAE,IAAI,EAAE,kBAA2B,EAAE;YACnD,SAAS,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,iBAAiB,EAAE;YAC3D,QAAQ,EAAE;gBACR,OAAO,EAAE,CAAC,aAAsB,EAAE,OAAgB,EAAE,UAAmB,CAAC;gBACxE,gBAAgB,EAAE,SAAS,CAAC,WAAW;aACxC;SACF,CAAC;QAEF,OAAO;YACL,IAAI,EAAE,aAAa;YACnB,iBAAiB,EAAE,CAAC,SAAS,CAAC,aAAa,CAAC;YAC5C,eAAe,EAAE,CAAC,GAAG,SAAS,CAAC,aAAa,YAAY,SAAS,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YAC9F,UAAU,EAAE,GAAG;YACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,2CAA2C;IACnC,cAAc,CAAC,KAAiB;QACtC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC;QAC7C,IAAI,OAAO,YAAY,KAAK,QAAQ;YAAE,OAAO,YAAY,CAAC;QAC1D,OAAO,KAAK,CAAC,MAAM,EAAE,QAAQ,IAAI,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,SAAS,CAAC;IACxE,CAAC;CACF"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tier 1: Blacklist Provider
|
|
3
|
+
*
|
|
4
|
+
* Hash/name-based lookup for known-bad skills.
|
|
5
|
+
* O(1) lookup, zero false positives, zero latency.
|
|
6
|
+
*
|
|
7
|
+
* Sources: Threat Cloud skill_blacklist, CVE advisories, community reports.
|
|
8
|
+
*
|
|
9
|
+
* @module agent-threat-rules/tier1-blacklist
|
|
10
|
+
*/
|
|
11
|
+
import type { ATRMatch, ATRSeverity } from './types.js';
|
|
12
|
+
export interface BlacklistEntry {
|
|
13
|
+
readonly skillHash: string;
|
|
14
|
+
readonly skillName: string;
|
|
15
|
+
readonly reason: string;
|
|
16
|
+
readonly reportCount: number;
|
|
17
|
+
readonly severity: ATRSeverity;
|
|
18
|
+
}
|
|
19
|
+
export interface BlacklistProvider {
|
|
20
|
+
/** Check if a skill is blacklisted. Returns entry if found. */
|
|
21
|
+
lookup(skillId: string): BlacklistEntry | undefined;
|
|
22
|
+
/** Refresh the blacklist from source */
|
|
23
|
+
refresh(): Promise<void>;
|
|
24
|
+
/** Total blacklist size */
|
|
25
|
+
size(): number;
|
|
26
|
+
}
|
|
27
|
+
export declare class InMemoryBlacklist implements BlacklistProvider {
|
|
28
|
+
private byHash;
|
|
29
|
+
private byName;
|
|
30
|
+
constructor(entries?: readonly BlacklistEntry[]);
|
|
31
|
+
lookup(skillId: string): BlacklistEntry | undefined;
|
|
32
|
+
refresh(): Promise<void>;
|
|
33
|
+
size(): number;
|
|
34
|
+
/** Replace all entries (immutable update) */
|
|
35
|
+
withEntries(entries: readonly BlacklistEntry[]): InMemoryBlacklist;
|
|
36
|
+
}
|
|
37
|
+
/** Build a synthetic ATRMatch from a blacklist hit */
|
|
38
|
+
export declare function buildBlacklistMatch(entry: BlacklistEntry): ATRMatch;
|
|
39
|
+
/**
|
|
40
|
+
* Resolve skill identifier from event for blacklist lookup.
|
|
41
|
+
* Prioritizes package-level identifiers (hash, package name) over
|
|
42
|
+
* tool function names, since blacklists store package names.
|
|
43
|
+
*/
|
|
44
|
+
export declare function resolveSkillId(event: {
|
|
45
|
+
fields?: Record<string, string>;
|
|
46
|
+
metadata?: Record<string, unknown>;
|
|
47
|
+
}): string | undefined;
|
|
48
|
+
//# sourceMappingURL=tier1-blacklist.d.ts.map
|