agent-threat-rules 0.2.2 → 0.3.1

package/dist/flywheel.js

@@ -0,0 +1,121 @@
+/**
+ * Flywheel Manager -- automates the threat detection → rule generation → promotion cycle.
+ *
+ * Flow:
+ * 1. Tier 4 (LLM) detects novel threat → auto-scaffold rule
+ * 2. Rule enters shadow mode → ShadowEvaluator tracks FP rate
+ * 3. FP < threshold after N evaluations → auto-promote to stable
+ * 4. Promoted rule distributes to all users via Threat Cloud
+ *
+ * Machine speed, not human speed. No manual proposals or voting required.
+ *
+ * @module agent-threat-rules/flywheel
+ */
+import { RuleScaffolder } from './rule-scaffolder.js';
+import { ShadowEvaluator } from './shadow-evaluator.js';
+export class FlywheelManager {
+    scaffolder;
+    shadow;
+    config;
+    existingIds = new Set();
+    constructor(config = {}) {
+        this.scaffolder = new RuleScaffolder({ author: 'ATR Flywheel (auto-generated)' });
+        this.shadow = new ShadowEvaluator();
+        this.config = {
+            maxFPRate: config.maxFPRate ?? 0.001,
+            minEvaluations: config.minEvaluations ?? 1000,
+            onPromote: config.onPromote ?? (() => { }),
+            onShadowRule: config.onShadowRule ?? (() => { }),
+        };
+    }
+    /**
+     * Called when Tier 4 (LLM semantic) detects a novel threat.
+     * Auto-generates a shadow rule from the detection.
+     */
+    async onTier4Detection(match, event) {
+        // Only generate from high-confidence Tier 4 matches
+        if (match.confidence < 0.7)
+            return null;
+        // Extract category and severity from the match
+        const category = match.rule.tags?.category ?? 'prompt-injection';
+        const severity = match.rule.severity ?? 'medium';
+        // Build example payloads from ATTACK PATTERNS, not just raw content.
+        // Priority: matched patterns > event fields > event content
+        const payloads = [];
+        // 1. Matched patterns from the Tier 4 detection — these ARE the attack signals
+        if (match.matchedPatterns.length > 0) {
+            payloads.push(...match.matchedPatterns.filter((p) => p.length > 5));
+        }
+        // 2. Event fields (tool_args, tool_response, etc.) — more specific than content
+        if (event.fields) {
+            for (const value of Object.values(event.fields)) {
+                if (value && value.length > 10) {
+                    payloads.push(value.slice(0, 500));
+                }
+            }
+        }
+        // 3. Event content as fallback — but only if we don't have better signals
+        if (payloads.length === 0 && event.content) {
+            payloads.push(event.content.slice(0, 500));
+        }
+        // Ensure at least one payload
+        if (payloads.length === 0) {
+            payloads.push(match.rule.description ?? match.rule.title);
+        }
+        const input = {
+            title: `Auto: ${match.rule.description?.slice(0, 60) ?? match.rule.title}`,
+            category: category,
+            severity: severity,
+            attackDescription: match.rule.description ?? match.matchedPatterns.join('; '),
+            examplePayloads: payloads,
+        };
+        try {
+            const result = this.scaffolder.scaffold(input, this.existingIds);
+            const ruleYaml = result.yaml;
+            // Parse back to ATRRule object
+            const { default: yaml } = await import('js-yaml');
+            const rule = yaml.load(ruleYaml);
+            rule.status = 'experimental';
+            this.existingIds.add(result.id);
+            this.shadow.addRule(rule);
+            await this.config.onShadowRule(rule);
+            return rule;
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Called for every event -- runs shadow evaluation.
+     * Returns shadow matches (for logging only, not verdict).
+     */
+    evaluateShadow(event) {
+        return this.shadow.evaluate(event);
+    }
+    /** Record user feedback on a shadow match */
+    recordFeedback(ruleId, isTruePositive) {
+        this.shadow.recordFeedback(ruleId, isTruePositive);
+    }
+    /**
+     * Check for rules ready to promote and execute promotion.
+     * Call periodically (e.g., every 15 minutes).
+     */
+    async promoteReady() {
+        const candidates = this.shadow.getPromotionCandidates(this.config.maxFPRate, this.config.minEvaluations);
+        for (const candidate of candidates) {
+            // Promote: change status from experimental to stable
+            const promoted = { ...candidate.rule, status: 'stable' };
+            await this.config.onPromote(promoted, candidate.stats);
+        }
+        return candidates;
+    }
+    /** Get shadow evaluator stats */
+    getShadowStats() {
+        return this.shadow.getAllStats();
+    }
+    /** Number of rules in shadow mode */
+    shadowRuleCount() {
+        return this.shadow.size();
+    }
+}
+//# sourceMappingURL=flywheel.js.map

package/dist/flywheel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"flywheel.js","sourceRoot":"","sources":["../src/flywheel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,cAAc,EAAsB,MAAM,sBAAsB,CAAC;AAC1E,OAAO,EAAE,eAAe,EAA2B,MAAM,uBAAuB,CAAC;AAajF,MAAM,OAAO,eAAe;IACT,UAAU,CAAiB;IAC3B,MAAM,CAAkB;IACxB,MAAM,CAA2B;IACjC,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IAEjD,YAAY,SAAyB,EAAE;QACrC,IAAI,CAAC,UAAU,GAAG,IAAI,cAAc,CAAC,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG;YACZ,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,KAAK;YACpC,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;YAC7C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;YACzC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SAChD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAe,EAAE,KAAiB;QACvD,oDAAoD;QACpD,IAAI,KAAK,CAAC,UAAU,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAExC,+CAA+C;QAC/C,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,kBAAkB,CAAC;QACjE,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC;QAEjD,qEAAqE;QACrE,4DAA4D;QAC5D,MAAM,QAAQ,GAAa,EAAE,CAAC;QAE9B,+EAA+E;QAC/E,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,QAAQ,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,gFAAgF;QAChF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAC/B,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;QACH,CAAC;QAED,0EAA0E;QAC1E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7C,CAAC;QAED,8BAA8B;QAC9B,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,KAAK,GAAkB;YAC3B,KAAK,EAAE,SAAS,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;YAC1E,QAAQ,EAAE,QAAqC;YAC/C,QAAQ,EAAE,QAAqC;YAC/C,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAC7E,eAAe,EAAE,QAAQ;SAC1B,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACjE,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC;YAE7B,+BAA+B;YAC/B,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAY,CAAC;YAC5C,IAAI,CAAC,MAAM,GAAG,cAAc,CAAC;YAE7B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAChC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAE1B,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAErC,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,KAAiB;QAC9B,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED,6CAA6C;IAC7C,cAAc,CAAC,MAAc,EAAE,cAAuB;QACpD,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,sBAAsB,CACnD,IAAI,CAAC,MAAM,CAAC,SAAS,EACrB,IAAI,CAAC,MAAM,CAAC,cAAc,CAC3B,CAAC;QAEF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,qDAAqD;YACrD,MAAM,QAAQ,GAAG,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,QAAiB,EAAE,CAAC;YAClE,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QACzD,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,iCAAiC;IACjC,cAAc;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;IACnC,CAAC;IAED,qCAAqC;IACrC,eAAe;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IAC5B,CAAC;CACF"}

package/dist/index.d.ts

@@ -4,7 +4,7 @@
  * ATR is the detection layer: it evaluates agent events against rules
  * and returns match results. It does NOT execute response actions,
  * send notifications, or manage dashboards. Those are the responsibility
- * of products built on ATR (e.g., PanGuard, LlamaFirewall, or your own).
+ * of products built on ATR (e.g., LlamaFirewall, or your own).
  *
  * ATR 是偵測層：評估 agent 事件、回傳匹配結果。
  * 不執行回應動作、不發通知、不管 dashboard。
@@ -17,6 +17,18 @@ export type { ATREngineConfig } from './engine.js';
 export { loadRuleFile, loadRulesFromDirectory, validateRule } from './loader.js';
 export { SessionTracker } from './session-tracker.js';
 export type { SessionStateSnapshot } from './session-tracker.js';
+export { InvariantChecker } from './tier0-invariant.js';
+export type { SkillManifest, InvariantViolation, InvariantViolationType } from './tier0-invariant.js';
+export { InMemoryBlacklist, buildBlacklistMatch } from './tier1-blacklist.js';
+export type { BlacklistProvider, BlacklistEntry } from './tier1-blacklist.js';
+export { extractCapabilities } from './capability-extractor.js';
+export type { ExtractedCapabilities } from './capability-extractor.js';
+export { EmbeddingModule } from './modules/embedding.js';
+export type { EmbeddingModuleConfig } from './modules/embedding.js';
+export { VectorStore, loadVectorEntries } from './embedding/vector-store.js';
+export type { VectorEntry, SearchResult } from './embedding/vector-store.js';
+export { TransformersJSModel, MockEmbeddingModel } from './embedding/model-loader.js';
+export type { EmbeddingModel } from './embedding/model-loader.js';
 export { ModuleRegistry } from './modules/index.js';
 export type { ATRModule, ModuleCondition, ModuleResult } from './modules/index.js';
 export { SessionModule } from './modules/session.js';
@@ -31,6 +43,14 @@ export { RuleScaffolder } from './rule-scaffolder.js';
 export type { ScaffoldInput, ScaffoldResult, ScaffoldOptions } from './rule-scaffolder.js';
 export { CoverageAnalyzer } from './coverage-analyzer.js';
 export type { CoverageGap, CoverageReport } from './coverage-analyzer.js';
+export { convertRule, convertAllRules } from './converters/index.js';
+export type { ConvertedQuery, SIEMFormat } from './converters/index.js';
+export { ruleToSPL } from './converters/splunk.js';
+export { ruleToElastic } from './converters/elastic.js';
+export { ShadowEvaluator } from './shadow-evaluator.js';
+export type { PromotionCandidate } from './shadow-evaluator.js';
+export { FlywheelManager } from './flywheel.js';
+export type { FlywheelConfig } from './flywheel.js';
 export { computeVerdict, SEVERITY_RANK, isAutoResponseEnabled } from './verdict.js';
 export { ActionExecutor } from './action-executor.js';
 export type { ActionExecutorConfig } from './action-executor.js';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGjE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,YAAY,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAClE,kDAAkD;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,YAAY,EACV,gBAAgB,EAChB,eAAe,EACf,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAGlE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC3F,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAK1E,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,YAAY,EACV,OAAO,EACP,QAAQ,EACR,UAAU,EACV,cAAc,EACd,SAAS,EACT,WAAW,EACX,WAAW,EACX,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,WAAW,EACX,aAAa,EACb,OAAO,EACP,cAAc,EACd,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,eAAe,EACf,cAAc,EACd,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,SAAS,EACT,UAAU,GACX,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAGjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAGtG,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC9E,YAAY,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAG9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,YAAY,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGvE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,YAAY,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAC7E,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC7E,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACtF,YAAY,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAGlE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACnF,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,YAAY,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAClE,kDAAkD;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC/D,YAAY,EACV,gBAAgB,EAChB,eAAe,EACf,sBAAsB,GACvB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAGlE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC3F,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAG1E,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACrE,YAAY,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAGxD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,YAAY,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,YAAY,EACV,OAAO,EACP,QAAQ,EACR,UAAU,EACV,cAAc,EACd,SAAS,EACT,WAAW,EACX,WAAW,EACX,SAAS,EACT,aAAa,EACb,aAAa,EACb,YAAY,EACZ,WAAW,EACX,aAAa,EACb,OAAO,EACP,cAAc,EACd,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,WAAW,EACX,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,EACpB,eAAe,EACf,cAAc,EACd,UAAU,EACV,YAAY,EACZ,gBAAgB,EAChB,eAAe,EACf,SAAS,EACT,UAAU,GACX,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -4,7 +4,7 @@
  * ATR is the detection layer: it evaluates agent events against rules
  * and returns match results. It does NOT execute response actions,
  * send notifications, or manage dashboards. Those are the responsibility
- * of products built on ATR (e.g., PanGuard, LlamaFirewall, or your own).
+ * of products built on ATR (e.g., LlamaFirewall, or your own).
  *
  * ATR 是偵測層：評估 agent 事件、回傳匹配結果。
  * 不執行回應動作、不發通知、不管 dashboard。
@@ -16,6 +16,16 @@
 export { ATREngine } from './engine.js';
 export { loadRuleFile, loadRulesFromDirectory, validateRule } from './loader.js';
 export { SessionTracker } from './session-tracker.js';
+// ── Tier 0: Invariant Enforcement (hard boundaries) ──────────────
+export { InvariantChecker } from './tier0-invariant.js';
+// ── Tier 1: Blacklist Provider (known-bad lookup) ────────────────
+export { InMemoryBlacklist, buildBlacklistMatch } from './tier1-blacklist.js';
+// ── Shared Capability Extraction ─────────────────────────────────
+export { extractCapabilities } from './capability-extractor.js';
+// ── Tier 2.5: Embedding Similarity ───────────────────────────────
+export { EmbeddingModule } from './modules/embedding.js';
+export { VectorStore, loadVectorEntries } from './embedding/vector-store.js';
+export { TransformersJSModel, MockEmbeddingModel } from './embedding/model-loader.js';
 // ── Optional Detection Modules (Layer 2-3, beta) ────────────────
 export { ModuleRegistry } from './modules/index.js';
 export { SessionModule } from './modules/session.js';
@@ -26,8 +36,15 @@ export { SkillFingerprintStore } from './skill-fingerprint.js';
 // ── Tooling (rule authoring and coverage analysis) ──────────────
 export { RuleScaffolder } from './rule-scaffolder.js';
 export { CoverageAnalyzer } from './coverage-analyzer.js';
+// ── SIEM Converters (Splunk SPL, Elasticsearch Query DSL) ────────
+export { convertRule, convertAllRules } from './converters/index.js';
+export { ruleToSPL } from './converters/splunk.js';
+export { ruleToElastic } from './converters/elastic.js';
+// ── Flywheel (auto rule generation + shadow + promotion) ─────────
+export { ShadowEvaluator } from './shadow-evaluator.js';
+export { FlywheelManager } from './flywheel.js';
 // ── Integration Helpers (for products built on ATR) ─────────────
-// These help products like PanGuard, LlamaFirewall, etc. build
+// These help products like LlamaFirewall, etc. build
 // protection layers on top of ATR detection results.
 export { computeVerdict, SEVERITY_RANK, isAutoResponseEnabled } from './verdict.js';
 export { ActionExecutor } from './action-executor.js';

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,mEAAmE;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,kDAAkD;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAQ/D,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,mEAAmE;AACnE,+DAA+D;AAC/D,qDAAqD;AACrD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,mEAAmE;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,YAAY,EAAE,sBAAsB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,oEAAoE;AACpE,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAGxD,oEAAoE;AACpE,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG9E,oEAAoE;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAGhE,oEAAoE;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAEzD,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAE7E,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AAGtF,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,kDAAkD;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAEvD,kDAAkD;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAQ/D,mEAAmE;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,oEAAoE;AACpE,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAErE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAExD,oEAAoE;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAGhD,mEAAmE;AACnE,qDAAqD;AACrD,qDAAqD;AACrD,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/modules/embedding.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Embedding Module -- Tier 2.5 semantic similarity detection.
+ *
+ * Compares incoming text against pre-computed attack embeddings using
+ * cosine similarity. Catches paraphrases, multilingual attacks, and
+ * semantic variants that regex cannot detect.
+ *
+ * Uses all-MiniLM-L6-v2 (384 dimensions, ~22MB, runs locally in JS/WASM).
+ * No API calls. Optional dependency: @xenova/transformers.
+ *
+ * @module agent-threat-rules/modules/embedding
+ */
+import type { AgentEvent } from '../types.js';
+import type { ATRModule, ModuleCondition, ModuleResult } from './index.js';
+import { type VectorEntry, type SearchResult } from '../embedding/vector-store.js';
+import type { EmbeddingModel } from '../embedding/model-loader.js';
+export interface EmbeddingModuleConfig {
+    /** Pre-loaded attack vector entries */
+    readonly attackVectors?: readonly VectorEntry[];
+    /** Path to pre-computed attack-embeddings.json file */
+    readonly attackVectorsPath?: string;
+    /** Raw JSON data (alternative to file path) */
+    readonly attackVectorsData?: readonly {
+        id: string;
+        vector: number[];
+        label: string;
+        category: string;
+        severity: string;
+    }[];
+    /** Cosine similarity threshold (default: 0.65) */
+    readonly similarityThreshold?: number;
+    /** Top-K results to consider (default: 3) */
+    readonly topK?: number;
+    /** Custom embedding model (default: TransformersJSModel) */
+    readonly model?: EmbeddingModel;
+}
+export declare class EmbeddingModule implements ATRModule {
+    private readonly config;
+    readonly name = "embedding";
+    readonly description = "Vector similarity detection against known attack embeddings";
+    readonly version = "0.1.0";
+    readonly functions: {
+        name: string;
+        description: string;
+        args: ({
+            name: string;
+            type: "string";
+            required: boolean;
+            description: string;
+        } | {
+            name: string;
+            type: "number";
+            required: boolean;
+            description: string;
+        })[];
+    }[];
+    private store;
+    private model;
+    private readonly threshold;
+    private readonly topK;
+    private initialized;
+    constructor(config?: EmbeddingModuleConfig);
+    initialize(): Promise<void>;
+    evaluate(event: AgentEvent, condition: ModuleCondition): Promise<ModuleResult>;
+    /** Get search results with full details (for debugging/testing) */
+    searchDetailed(text: string, threshold?: number): Promise<readonly SearchResult[]>;
+    destroy(): Promise<void>;
+    /** Check if module is operational */
+    isAvailable(): boolean;
+}
+//# sourceMappingURL=embedding.d.ts.map

package/dist/modules/embedding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"embedding.d.ts","sourceRoot":"","sources":["../../src/modules/embedding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC3E,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,YAAY,EAClB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAMnE,MAAM,WAAW,qBAAqB;IACpC,uCAAuC;IACvC,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,WAAW,EAAE,CAAC;IAChD,uDAAuD;IACvD,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,+CAA+C;IAC/C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,SAAS;QACpC,EAAE,EAAE,MAAM,CAAC;QACX,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;KAClB,EAAE,CAAC;IACJ,kDAAkD;IAClD,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IACtC,6CAA6C;IAC7C,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,4DAA4D;IAC5D,QAAQ,CAAC,KAAK,CAAC,EAAE,cAAc,CAAC;CACjC;AAMD,qBAAa,eAAgB,YAAW,SAAS;IAgCnC,OAAO,CAAC,QAAQ,CAAC,MAAM;IA/BnC,QAAQ,CAAC,IAAI,eAAe;IAC5B,QAAQ,CAAC,WAAW,iEAAiE;IACrF,QAAQ,CAAC,OAAO,WAAW;IAE3B,QAAQ,CAAC,SAAS;;;;;;;;;;;;;;QAmBhB;IAEF,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,KAAK,CAAwB;IACrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,WAAW,CAAS;gBAEC,MAAM,GAAE,qBAA0B;IAOzD,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAsC3B,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IA2CpF,mEAAmE;IAC7D,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,YAAY,EAAE,CAAC;IAMlF,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAK9B,qCAAqC;IACrC,WAAW,IAAI,OAAO;CAGvB"}

package/dist/modules/embedding.js

@@ -0,0 +1,141 @@
+/**
+ * Embedding Module -- Tier 2.5 semantic similarity detection.
+ *
+ * Compares incoming text against pre-computed attack embeddings using
+ * cosine similarity. Catches paraphrases, multilingual attacks, and
+ * semantic variants that regex cannot detect.
+ *
+ * Uses all-MiniLM-L6-v2 (384 dimensions, ~22MB, runs locally in JS/WASM).
+ * No API calls. Optional dependency: @xenova/transformers.
+ *
+ * @module agent-threat-rules/modules/embedding
+ */
+import { VectorStore, loadVectorEntries, } from '../embedding/vector-store.js';
+// ---------------------------------------------------------------------------
+// Module
+// ---------------------------------------------------------------------------
+export class EmbeddingModule {
+    config;
+    name = 'embedding';
+    description = 'Vector similarity detection against known attack embeddings';
+    version = '0.1.0';
+    functions = [
+        {
+            name: 'similarity_search',
+            description: 'Find nearest known attacks by embedding similarity',
+            args: [
+                {
+                    name: 'field',
+                    type: 'string',
+                    required: false,
+                    description: 'Event field to embed (default: content)',
+                },
+                {
+                    name: 'threshold',
+                    type: 'number',
+                    required: false,
+                    description: 'Similarity threshold override',
+                },
+            ],
+        },
+    ];
+    store;
+    model;
+    threshold;
+    topK;
+    initialized = false;
+    constructor(config = {}) {
+        this.config = config;
+        this.threshold = config.similarityThreshold ?? 0.65;
+        this.topK = config.topK ?? 3;
+        this.model = config.model ?? null;
+        this.store = new VectorStore(config.attackVectors);
+    }
+    async initialize() {
+        if (this.initialized)
+            return;
+        // Load attack vectors from data
+        if (this.config.attackVectorsData) {
+            const entries = loadVectorEntries(this.config.attackVectorsData);
+            this.store = this.store.withEntries(entries);
+        }
+        // Load attack vectors from file
+        if (this.config.attackVectorsPath) {
+            try {
+                const { readFileSync } = await import('node:fs');
+                const data = JSON.parse(readFileSync(this.config.attackVectorsPath, 'utf-8'));
+                const entries = loadVectorEntries(data);
+                this.store = this.store.withEntries(entries);
+            }
+            catch {
+                // File not found = no pre-computed vectors, continue without them
+            }
+        }
+        // Load model if not provided
+        if (!this.model) {
+            try {
+                const { TransformersJSModel } = await import('../embedding/model-loader.js');
+                this.model = new TransformersJSModel();
+                await this.model.initialize();
+            }
+            catch (err) {
+                // Model not available = module degrades gracefully
+                const msg = err instanceof Error ? err.message : String(err);
+                console.warn(`[embedding] Model not available: ${msg}. Module disabled.`);
+                this.model = null;
+            }
+        }
+        this.initialized = true;
+    }
+    async evaluate(event, condition) {
+        if (!this.model || this.store.size() === 0) {
+            return { matched: false, value: 0, description: 'Embedding module not initialized' };
+        }
+        // Extract text to embed
+        const field = condition.args?.field ?? 'content';
+        const text = field === 'content'
+            ? event.content
+            : event.fields?.[field] ?? event.content;
+        if (!text || text.length < 5) {
+            return { matched: false, value: 0, description: 'Input too short for embedding' };
+        }
+        // Truncate to avoid excessive token usage
+        const truncated = text.slice(0, 512);
+        try {
+            // Encode input
+            const queryVec = await this.model.encode(truncated);
+            // Search for similar attacks
+            const threshold = condition.args?.threshold ?? this.threshold;
+            const results = this.store.search(queryVec, this.topK, threshold);
+            if (results.length === 0) {
+                return { matched: false, value: 0, description: 'No similar attacks found' };
+            }
+            const top = results[0];
+            return {
+                matched: true,
+                value: top.similarity,
+                description: `Similar to known attack: "${top.entry.label}" (${top.entry.category}, similarity: ${top.similarity.toFixed(3)})`,
+            };
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            return { matched: false, value: 0, description: `Embedding error: ${msg}` };
+        }
+    }
+    /** Get search results with full details (for debugging/testing) */
+    async searchDetailed(text, threshold) {
+        if (!this.model || this.store.size() === 0)
+            return [];
+        const queryVec = await this.model.encode(text.slice(0, 512));
+        return this.store.search(queryVec, this.topK, threshold ?? this.threshold);
+    }
+    async destroy() {
+        this.model = null;
+        this.initialized = false;
+    }
+    /** Check if module is operational */
+    isAvailable() {
+        return this.initialized && this.model !== null && this.store.size() > 0;
+    }
+}
+//# sourceMappingURL=embedding.js.map

package/dist/modules/embedding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"embedding.js","sourceRoot":"","sources":["../../src/modules/embedding.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,EACL,WAAW,EACX,iBAAiB,GAGlB,MAAM,8BAA8B,CAAC;AA4BtC,8EAA8E;AAC9E,SAAS;AACT,8EAA8E;AAE9E,MAAM,OAAO,eAAe;IAgCG;IA/BpB,IAAI,GAAG,WAAW,CAAC;IACnB,WAAW,GAAG,6DAA6D,CAAC;IAC5E,OAAO,GAAG,OAAO,CAAC;IAElB,SAAS,GAAG;QACnB;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,oDAAoD;YACjE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,yCAAyC;iBACvD;gBACD;oBACE,IAAI,EAAE,WAAW;oBACjB,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,+BAA+B;iBAC7C;aACF;SACF;KACF,CAAC;IAEM,KAAK,CAAc;IACnB,KAAK,CAAwB;IACpB,SAAS,CAAS;IAClB,IAAI,CAAS;IACtB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAA6B,SAAgC,EAAE;QAAlC,WAAM,GAAN,MAAM,CAA4B;QAC7D,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,mBAAmB,IAAI,IAAI,CAAC;QACpD,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,IAAI,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,IAAI,WAAW,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAE7B,gCAAgC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAClC,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YACjE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAC/C,CAAC;QAED,gCAAgC;QAChC,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;gBACjD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC9E,MAAM,OAAO,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,kEAAkE;YACpE,CAAC;QACH,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;gBAC7E,IAAI,CAAC,KAAK,GAAG,IAAI,mBAAmB,EAAE,CAAC;gBACvC,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;YAChC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,mDAAmD;gBACnD,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,IAAI,CAAC,oCAAoC,GAAG,oBAAoB,CAAC,CAAC;gBAC1E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YACpB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAiB,EAAE,SAA0B;QAC1D,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,kCAAkC,EAAE,CAAC;QACvF,CAAC;QAED,wBAAwB;QACxB,MAAM,KAAK,GAAI,SAAS,CAAC,IAAI,EAAE,KAAgB,IAAI,SAAS,CAAC;QAC7D,MAAM,IAAI,GACR,KAAK,KAAK,SAAS;YACjB,CAAC,CAAC,KAAK,CAAC,OAAO;YACf,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC;QAE7C,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,+BAA+B,EAAE,CAAC;QACpF,CAAC;QAED,0CAA0C;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC;YACH,eAAe;YACf,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAEpD,6BAA6B;YAC7B,MAAM,SAAS,GAAI,SAAS,CAAC,IAAI,EAAE,SAAoB,IAAI,IAAI,CAAC,SAAS,CAAC;YAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;YAElE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,0BAA0B,EAAE,CAAC;YAC/E,CAAC;YAED,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;YACxB,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,GAAG,CAAC,UAAU;gBACrB,WAAW,EAAE,6BAA6B,GAAG,CAAC,KAAK,CAAC,KAAK,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,iBAAiB,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG;aAC/H,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,oBAAoB,GAAG,EAAE,EAAE,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,SAAkB;QACnD,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7E,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAED,qCAAqC;IACrC,WAAW;QACT,OAAO,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;CACF"}

package/dist/modules/semantic.d.ts

@@ -97,6 +97,7 @@ export declare class SemanticModule implements ATRModule {
     destroy(): Promise<void>;
     private analyzeWithCache;
     private callLLM;
+    private callFPCheck;
     private parseAnalysis;
     private resolveEndpoint;
     private hashContent;

package/dist/modules/semantic.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"semantic.d.ts","sourceRoot":"","sources":["../../src/modules/semantic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA0CD;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,cAAe,YAAW,SAAS;IAC9C,QAAQ,CAAC,IAAI,cAAc;IAC3B,QAAQ,CAAC,WAAW,kDAAkD;IACtE,QAAQ,CAAC,OAAO,WAAW;IAE3B,QAAQ,CAAC,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2CP;IAEX,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;IACxD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;gBAE3C,MAAM,EAAE,oBAAoB;IAalC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAK3B,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IA8C9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YAMhB,gBAAgB;YA2BhB,OAAO;IAsDrB,OAAO,CAAC,aAAa;IA0BrB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,WAAW;IAUnB,OAAO,CAAC,gBAAgB;CAUzB"}
+{"version":3,"file":"semantic.d.ts","sourceRoot":"","sources":["../../src/modules/semantic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE3E,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,cAAc;IACd,MAAM,EAAE,MAAM,CAAC;IACf,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,qCAAqC;IACrC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,qEAAqE;IACrE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AA6DD;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,cAAe,YAAW,SAAS;IAC9C,QAAQ,CAAC,IAAI,cAAc;IAC3B,QAAQ,CAAC,WAAW,kDAAkD;IACtE,QAAQ,CAAC,OAAO,WAAW;IAE3B,QAAQ,CAAC,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2CP;IAEX,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiC;IACxD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;gBAE3C,MAAM,EAAE,oBAAoB;IAalC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAK3B,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IA8C9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YAMhB,gBAAgB;YA4ChB,OAAO;YAsDP,WAAW;IAkDzB,OAAO,CAAC,aAAa;IA0BrB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,WAAW;IAUnB,OAAO,CAAC,gBAAgB;CAUzB"}

package/dist/modules/semantic.js

@@ -38,6 +38,24 @@ Respond with ONLY a JSON object:
 Be conservative: legitimate requests should score < 0.3.
 Obvious attacks should score > 0.7.
 Subtle/ambiguous cases should score 0.3-0.7.`;
+const FP_CHECK_PROMPT = `You are a false positive reviewer for an AI agent security system.
+
+A previous analysis flagged this text as a potential security threat. Your job is to determine if it is a FALSE POSITIVE -- a legitimate, harmless input that was incorrectly flagged.
+
+Common false positives:
+- Legitimate tool descriptions that mention security concepts (e.g., "delete user account")
+- Normal API documentation mentioning credentials or authentication
+- Legitimate admin/management tool descriptions
+- Educational or security research content
+
+Respond with ONLY a JSON object:
+{
+  "likely_benign": <true or false>,
+  "confidence": <0.0 to 1.0>,
+  "reasoning": "<1 sentence>"
+}
+
+If the text is genuinely suspicious, set likely_benign to false.`;
 /**
  * Semantic detection module using LLM-as-judge.
  *
@@ -169,7 +187,24 @@ export class SemanticModule {
         if (cached && cached.expiresAt > now) {
             return cached.result;
         }
-        const result = await this.callLLM(text);
+        let result = await this.callLLM(text);
+        // If threat detected with moderate score, run parallel FP check to reduce false positives
+        if (result.threatScore >= 0.4 && result.threatScore < 0.85) {
+            try {
+                const fpResult = await this.callFPCheck(text);
+                if (fpResult.likelyBenign && fpResult.confidence >= 0.7) {
+                    // Reduce threat score -- FP check says it's benign
+                    result = {
+                        ...result,
+                        threatScore: result.threatScore * 0.4,
+                        reasoning: `${result.reasoning} [FP check: likely benign (${fpResult.reasoning})]`,
+                    };
+                }
+            }
+            catch {
+                // FP check failure is non-fatal
+            }
+        }
         // Evict oldest entries if cache is full
         if (this.cache.size >= this.config.maxCacheSize) {
             const firstKey = this.cache.keys().next().value;
@@ -228,6 +263,47 @@ export class SemanticModule {
             };
         }
     }
+    async callFPCheck(text) {
+        const truncated = text.length > 1000 ? text.slice(0, 1000) + '...[truncated]' : text;
+        const body = {
+            model: this.config.model,
+            messages: [
+                { role: 'system', content: FP_CHECK_PROMPT },
+                { role: 'user', content: `Is this a false positive?\n\n${truncated}` },
+            ],
+            temperature: 0,
+            max_tokens: 256,
+        };
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+        const response = await fetch(this.resolveEndpoint(), {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${this.config.apiKey}`,
+            },
+            body: JSON.stringify(body),
+            signal: controller.signal,
+        });
+        clearTimeout(timeoutId);
+        if (!response.ok) {
+            throw new Error(`FP check API error: HTTP ${response.status}`);
+        }
+        const data = await response.json();
+        const content = data.choices?.[0]?.message?.content ?? '';
+        try {
+            const cleaned = content.replace(/^```(?:json)?\s*\n?/i, '').replace(/\n?```\s*$/, '').trim();
+            const parsed = JSON.parse(cleaned);
+            return {
+                likelyBenign: parsed.likely_benign === true,
+                confidence: typeof parsed.confidence === 'number' ? parsed.confidence : 0,
+                reasoning: typeof parsed.reasoning === 'string' ? parsed.reasoning : 'unknown',
+            };
+        }
+        catch {
+            return { likelyBenign: false, confidence: 0, reasoning: 'Failed to parse FP check response' };
+        }
+    }
     parseAnalysis(content) {
         try {
             // Strip markdown code blocks if present

package/dist/modules/semantic.js.map

@@ -1 +1 @@
-{"version":3,"file":"semantic.js","sourceRoot":"","sources":["../../src/modules/semantic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAwCH,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;;;;;;;;;;6CAsBiB,CAAC;AAE9C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,UAAU,CAAC;IAClB,WAAW,GAAG,8CAA8C,CAAC;IAC7D,OAAO,GAAG,OAAO,CAAC;IAElB,SAAS,GAAG;QACnB;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;aACF;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,mDAAmD;YAChE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;aACF;SACF;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,WAAW,EAAE,2DAA2D;YACxE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;gBACD;oBACE,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,+BAA+B;iBAC7C;aACF;SACF;KACO,CAAC;IAEM,MAAM,CAAiC;IACvC,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEvD,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,aAAa;YACpC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,GAAG;YAClC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,GAAG;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM;YACjC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,OAAO;YACxC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;SAC1C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,mDAAmD;QACnD,gEAAgE;IAClE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAiB,EAAE,SAA0B;QAC1D,MAAM,KAAK,GAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAY,IAAI,SAAS,CAAC;QAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC;QAEpD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,KAAa,CAAC;QAClB,IAAI,WAAmB,CAAC;QAExB,QAAQ,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3B,KAAK,gBAAgB;gBACnB,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC7B,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC;gBACjC,MAAM;YAER,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,CAAC,WAAW,IAAI,GAAG,CAAC;gBAC5F,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAChC,WAAW,GAAG,WAAW;oBACvB,CAAC,CAAC,8BAA8B,QAAQ,CAAC,SAAS,EAAE;oBACpD,CAAC,CAAC,uBAAuB,CAAC;gBAC5B,MAAM;YACR,CAAC;YAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAW,CAAC;gBACnE,MAAM,eAAe,GAAG,QAAQ,CAAC,QAAQ,KAAK,cAAc,CAAC;gBAC7D,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;gBACrD,WAAW,GAAG,eAAe;oBAC3B,CAAC,CAAC,WAAW,cAAc,KAAK,QAAQ,CAAC,SAAS,EAAE;oBACpD,CAAC,CAAC,kBAAkB,cAAc,EAAE,CAAC;gBACvC,MAAM;YACR,CAAC;YAED;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,qBAAqB,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAC;QAChG,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QACtF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,2BAA2B;IAEnB,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAExC,wCAAwC;QACxC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;YAChD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;YACvB,MAAM;YACN,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU;SACxC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,IAAY;QAChC,0CAA0C;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;QAErF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,mBAAmB,EAAE;gBAChD,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,SAAS,EAAE,EAAE;aACjE;YACD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;SAClC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;iBAChD;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,YAAY,CAAC,SAAS,CAAC,CAAC;YAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,mFAAmF;gBACnF,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAE/B,CAAC;YAEF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uDAAuD;YACvD,sEAAsE;YACtE,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,kCAAkC,GAAG,EAAE;gBAClD,cAAc,EAAE,IAAI;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,OAAe;QACnC,IAAI,CAAC;YACH,wCAAwC;YACxC,MAAM,OAAO,GAAG,OAAO;iBACpB,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC;iBACnC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;iBACzB,IAAI,EAAE,CAAC;YAEV,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;YAE9D,OAAO;gBACL,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC1E,QAAQ,EAAE,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI;gBAC5E,SAAS,EAAE,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,uBAAuB;gBAClG,cAAc,EAAE,OAAO,MAAM,CAAC,iBAAiB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI;aACjG,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,8BAA8B;gBACzC,cAAc,EAAE,IAAI;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,OAAO,IAAI,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,GAAG,IAAI,mBAAmB,CAAC;QAC5D,OAAO,GAAG,IAAI,sBAAsB,CAAC;IACvC,CAAC;IAEO,WAAW,CAAC,IAAY;QAC9B,mCAAmC;QACnC,IAAI,IAAI,GAAG,UAAU,CAAC;QACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEO,gBAAgB,CAAC,KAAa,EAAE,QAAgB,EAAE,SAAiB;QACzE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;YACpC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;YACtC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;YACpC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;YACtC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,SAAS,CAAC;YACtC,OAAO,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACrC,CAAC;IACH,CAAC;CACF"}
+{"version":3,"file":"semantic.js","sourceRoot":"","sources":["../../src/modules/semantic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAwCH,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;;;;;;;;;;6CAsBiB,CAAC;AAE9C,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;iEAiByC,CAAC;AAElE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,UAAU,CAAC;IAClB,WAAW,GAAG,8CAA8C,CAAC;IAC7D,OAAO,GAAG,OAAO,CAAC;IAElB,SAAS,GAAG;QACnB;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;aACF;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,mDAAmD;YAChE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;aACF;SACF;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,WAAW,EAAE,2DAA2D;YACxE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;gBACD;oBACE,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,+BAA+B;iBAC7C;aACF;SACF;KACO,CAAC;IAEM,MAAM,CAAiC;IACvC,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEvD,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,aAAa;YACpC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,GAAG;YAClC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,GAAG;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM;YACjC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,OAAO;YACxC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;SAC1C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,mDAAmD;QACnD,gEAAgE;IAClE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAiB,EAAE,SAA0B;QAC1D,MAAM,KAAK,GAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAY,IAAI,SAAS,CAAC;QAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC;QAEpD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,KAAa,CAAC;QAClB,IAAI,WAAmB,CAAC;QAExB,QAAQ,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3B,KAAK,gBAAgB;gBACnB,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC7B,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC;gBACjC,MAAM;YAER,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,CAAC,WAAW,IAAI,GAAG,CAAC;gBAC5F,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAChC,WAAW,GAAG,WAAW;oBACvB,CAAC,CAAC,8BAA8B,QAAQ,CAAC,SAAS,EAAE;oBACpD,CAAC,CAAC,uBAAuB,CAAC;gBAC5B,MAAM;YACR,CAAC;YAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAW,CAAC;gBACnE,MAAM,eAAe,GAAG,QAAQ,CAAC,QAAQ,KAAK,cAAc,CAAC;gBAC7D,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;gBACrD,WAAW,GAAG,eAAe;oBAC3B,CAAC,CAAC,WAAW,cAAc,KAAK,QAAQ,CAAC,SAAS,EAAE;oBACpD,CAAC,CAAC,kBAAkB,cAAc,EAAE,CAAC;gBACvC,MAAM;YACR,CAAC;YAED;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,qBAAqB,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAC;QAChG,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QACtF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,2BAA2B;IAEnB,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEtC,0FAA0F;QAC1F,IAAI,MAAM,CAAC,WAAW,IAAI,GAAG,IAAI,MAAM,CAAC,WAAW,GAAG,IAAI,EAAE,CAAC;YAC3D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC9C,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;oBACxD,mDAAmD;oBACnD,MAAM,GAAG;wBACP,GAAG,MAAM;wBACT,WAAW,EAAE,MAAM,CAAC,WAAW,GAAG,GAAG;wBACrC,SAAS,EAAE,GAAG,MAAM,CAAC,SAAS,8BAA8B,QAAQ,CAAC,SAAS,IAAI;qBACnF,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;YAChD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;YACvB,MAAM;YACN,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU;SACxC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,IAAY;QAChC,0CAA0C;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;QAErF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,mBAAmB,EAAE;gBAChD,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,SAAS,EAAE,EAAE;aACjE;YACD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;SAClC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;iBAChD;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,YAAY,CAAC,SAAS,CAAC,CAAC;YAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,mFAAmF;gBACnF,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAE/B,CAAC;YAEF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uDAAuD;YACvD,sEAAsE;YACtE,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,kCAAkC,GAAG,EAAE;gBAClD,cAAc,EAAE,IAAI;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,IAAY;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;QAErF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE;gBAC5C,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,gCAAgC,SAAS,EAAE,EAAE;aACvE;YACD,WAAW,EAAE,CAAC;YACd,UAAU,EAAE,GAAG;SAChB,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;aAChD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;YAC1B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAE/B,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7F,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAyE,CAAC;YAC3G,OAAO;gBACL,YAAY,EAAE,MAAM,CAAC,aAAa,KAAK,IAAI;gBAC3C,UAAU,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACzE,SAAS,EAAE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;aAC/E,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,mCAAmC,EAAE,CAAC;QAChG,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,OAAe;QACnC,IAAI,CAAC;YACH,wCAAwC;YACxC,MAAM,OAAO,GAAG,OAAO;iBACpB,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC;iBACnC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;iBACzB,IAAI,EAAE,CAAC;YAEV,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;YAE9D,OAAO;gBACL,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC1E,QAAQ,EAAE,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI;gBAC5E,SAAS,EAAE,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,uBAAuB;gBAClG,cAAc,EAAE,OAAO,MAAM,CAAC,iBAAiB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI;aACjG,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,8BAA8B;gBACzC,cAAc,EAAE,IAAI;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,OAAO,IAAI,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,GAAG,IAAI,mBAAmB,CAAC;QAC5D,OAAO,GAAG,IAAI,sBAAsB,CAAC;IACvC,CAAC;IAEO,WAAW,CAAC,IAAY;QAC9B,mCAAmC;QACnC,IAAI,IAAI,GAAG,UAAU,CAAC;QACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEO,gBAAgB,CAAC,KAAa,EAAE,QAAgB,EAAE,SAAiB;QACzE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;YACpC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;YACtC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;YACpC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;YACtC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,SAAS,CAAC;YACtC,OAAO,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACrC,CAAC;IACH,CAAC;CACF"}

package/dist/rule-scaffolder.d.ts

@@ -22,6 +22,20 @@ export interface ScaffoldOptions {
     author?: string;
     schemaVersion?: string;
 }
+/**
+ * Attack pattern templates by category — reusable regex building blocks
+ * that detect BEHAVIOR, not package names.
+ */
+export declare const ATTACK_PATTERN_INDICATORS: ReadonlyArray<{
+    /** Regex to test if the payload contains this attack indicator */
+    readonly test: RegExp;
+    /** The detection regex to use in the rule */
+    readonly pattern: string;
+    /** Human-readable description */
+    readonly description: string;
+    /** Which categories this indicator applies to */
+    readonly categories: readonly ATRCategory[];
+}>;
 export declare class RuleScaffolder {
     private readonly options;
     constructor(options?: ScaffoldOptions);