npm - agent-threat-rules - Versions diffs - 0.3.1 → 1.0.0 - Mend

agent-threat-rules 0.3.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

package/dist/layer-integration.js DELETED Viewed

@@ -1,185 +0,0 @@
-/**
- * Layer Integration Helpers
- *
- * Bridges the ATREngine (Layer 1 regex) with:
- * - SkillFingerprintStore (Layer 2 behavioral fingerprinting)
- * - SemanticModule (Layer 3 LLM-as-judge)
- *
- * Extracted from engine.ts to keep file sizes manageable.
- *
- * @module agent-threat-rules/layer-integration
- */
-// ---------------------------------------------------------------------------
-// Layer 2: Skill Fingerprinting
-// ---------------------------------------------------------------------------
-/** Severity mapping for anomaly types */
-const ANOMALY_SEVERITY_MAP = {
-    critical: 'critical',
-    high: 'high',
-    medium: 'medium',
-    low: 'low',
-};
-/**
- * Resolve the skill identifier from an agent event.
- * Returns undefined if no skill identifier is present.
- */
-export function resolveSkillId(event) {
-    const fromMetadata = event.metadata?.['skill_id'];
-    if (typeof fromMetadata === 'string' && fromMetadata.length > 0) {
-        return fromMetadata;
-    }
-    const fromFields = event.fields?.['tool_name'];
-    if (typeof fromFields === 'string' && fromFields.length > 0) {
-        return fromFields;
-    }
-    return undefined;
-}
-/**
- * Create a synthetic ATRRule for a behavioral anomaly detected by Layer 2.
- * These rules are not loaded from YAML -- they are generated at runtime.
- */
-function buildAnomalyRule(anomaly) {
-    return {
-        title: `Skill Behavior Drift: ${anomaly.anomalyType}`,
-        id: `layer2-fingerprint-${anomaly.anomalyType}-${anomaly.skillName}`,
-        status: 'experimental',
-        description: anomaly.description,
-        author: 'atr-engine/layer2',
-        date: new Date(anomaly.timestamp).toISOString().slice(0, 10),
-        severity: ANOMALY_SEVERITY_MAP[anomaly.severity] ?? 'medium',
-        tags: {
-            category: 'skill-compromise',
-            subcategory: 'behavioral-drift',
-            confidence: anomaly.severity === 'critical' ? 'high' : 'medium',
-        },
-        agent_source: { type: 'skill_lifecycle' },
-        detection: {
-            conditions: [],
-            condition: 'layer2-runtime',
-        },
-        response: {
-            actions: anomaly.severity === 'critical' ? ['alert', 'block_tool'] : ['alert'],
-        },
-    };
-}
-/**
- * Run Layer 2 fingerprint analysis on an event.
- * Returns additional ATRMatch entries for any detected anomalies.
- */
-export function runFingerprintLayer(store, event, skillId) {
-    const anomalies = store.recordInvocation(skillId, event);
-    if (anomalies.length === 0) {
-        return [];
-    }
-    const matches = [];
-    for (const anomaly of anomalies) {
-        const rule = buildAnomalyRule(anomaly);
-        const confidence = anomaly.severity === 'critical'
-            ? 0.95
-            : anomaly.severity === 'high'
-                ? 0.85
-                : 0.7;
-        matches.push({
-            rule,
-            matchedConditions: [anomaly.anomalyType],
-            matchedPatterns: [anomaly.newValue],
-            confidence,
-            timestamp: new Date(anomaly.timestamp).toISOString(),
-        });
-    }
-    return matches;
-}
-// ---------------------------------------------------------------------------
-// Layer 3: Semantic Analysis
-// ---------------------------------------------------------------------------
-/** Minimum severity rank that triggers Layer 3 analysis */
-const SEMANTIC_TRIGGER_SEVERITIES = new Set([
-    'medium',
-    'high',
-    'critical',
-]);
-/**
- * Determine whether Layer 3 semantic analysis should run.
- *
- * Triggers when:
- * - Any Layer 1/2 match has medium or higher severity
- * - The event explicitly requests deep analysis via metadata
- */
-export function shouldRunSemanticLayer(layer1Matches, event) {
-    // Explicit opt-in via metadata
-    if (event.metadata?.['force_semantic'] === true) {
-        return true;
-    }
-    // Check if any existing matches have medium+ severity
-    for (const match of layer1Matches) {
-        if (SEMANTIC_TRIGGER_SEVERITIES.has(match.rule.severity)) {
-            return true;
-        }
-    }
-    return false;
-}
-/**
- * Create a SemanticModule instance from simplified config.
- * Returns undefined if the semantic module cannot be imported.
- */
-export function createSemanticModuleFromConfig(config) {
-    return {
-        apiUrl: config.baseUrl ?? 'https://api.openai.com',
-        apiKey: config.apiKey,
-        model: config.model ?? 'gpt-4o-mini',
-    };
-}
-/**
- * Run Layer 3 semantic analysis and return upgraded/new matches.
- *
- * The semantic module is called with `analyze_threat` to get a threat score.
- * If the score is >= 0.7, a synthetic high-severity match is produced.
- * If the score is 0.4-0.7, existing matches may have confidence boosted.
- */
-export async function runSemanticLayer(semanticModule, event, existingMatches) {
-    const result = await semanticModule.evaluate(event, {
-        module: 'semantic',
-        function: 'analyze_threat',
-        args: { field: 'content' },
-        operator: 'gte',
-        threshold: 0.4,
-    });
-    if (!result.matched) {
-        return [];
-    }
-    const additionalMatches = [];
-    // High threat score: create a new synthetic match
-    if (result.value >= 0.7) {
-        const syntheticRule = {
-            title: 'Semantic Threat Detected (Layer 3)',
-            id: 'layer3-semantic-threat',
-            status: 'experimental',
-            description: result.description,
-            author: 'atr-engine/layer3',
-            date: new Date().toISOString().slice(0, 10),
-            severity: result.value >= 0.9 ? 'critical' : 'high',
-            tags: {
-                category: 'prompt-injection',
-                subcategory: 'semantic-detection',
-                confidence: 'high',
-            },
-            agent_source: { type: 'llm_io' },
-            detection: {
-                conditions: [],
-                condition: 'layer3-runtime',
-            },
-            response: {
-                actions: result.value >= 0.9 ? ['block_input', 'alert'] : ['alert'],
-            },
-        };
-        additionalMatches.push({
-            rule: syntheticRule,
-            matchedConditions: ['semantic_analysis'],
-            matchedPatterns: [`threat_score=${result.value.toFixed(2)}`],
-            confidence: result.value,
-            timestamp: new Date().toISOString(),
-        });
-    }
-    return additionalMatches;
-}
-//# sourceMappingURL=layer-integration.js.map

package/dist/layer-integration.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"layer-integration.js","sourceRoot":"","sources":["../src/layer-integration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAoBH,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E,yCAAyC;AACzC,MAAM,oBAAoB,GAA0C;IAClE,QAAQ,EAAE,UAAU;IACpB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,GAAG,EAAE,KAAK;CACX,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB;IAC9C,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,CAAC;IAClD,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChE,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,WAAW,CAAC,CAAC;IAC/C,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5D,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAAwB;IAChD,OAAO;QACL,KAAK,EAAE,yBAAyB,OAAO,CAAC,WAAW,EAAE;QACrD,EAAE,EAAE,sBAAsB,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,SAAS,EAAE;QACpE,MAAM,EAAE,cAAc;QACtB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,MAAM,EAAE,mBAAmB;QAC3B,IAAI,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;QAC5D,QAAQ,EAAE,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ;QAC5D,IAAI,EAAE;YACJ,QAAQ,EAAE,kBAAkB;YAC5B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;SAChE;QACD,YAAY,EAAE,EAAE,IAAI,EAAE,iBAAiB,EAAE;QACzC,SAAS,EAAE;YACT,UAAU,EAAE,EAAE;YACd,SAAS,EAAE,gBAAgB;SAC5B;QACD,QAAQ,EAAE;YACR,OAAO,EAAE,OAAO,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;SAC/E;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAA4B,EAC5B,KAAiB,EACjB,OAAe;IAEf,MAAM,SAAS,GAAG,KAAK,CAAC,gBAAgB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAEzD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,KAAK,MAAM,OAAO,IAAI,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,UAAU,GAAG,OAAO,CAAC,QAAQ,KAAK,UAAU;YAChD,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,OAAO,CAAC,QAAQ,KAAK,MAAM;gBAC3B,CAAC,CAAC,IAAI;gBACN,CAAC,CAAC,GAAG,CAAC;QAEV,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,iBAAiB,EAAE,CAAC,OAAO,CAAC,WAAW,CAAC;YACxC,eAAe,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;YACnC,UAAU;YACV,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;SACrD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E,2DAA2D;AAC3D,MAAM,2BAA2B,GAA6B,IAAI,GAAG,CAAC;IACpE,QAAQ;IACR,MAAM;IACN,UAAU;CACX,CAAC,CAAC;AAEH;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,aAAkC,EAClC,KAAiB;IAEjB,+BAA+B;IAC/B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,gBAAgB,CAAC,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sDAAsD;IACtD,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;QAClC,IAAI,2BAA2B,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,8BAA8B,CAC5C,MAA2B;IAE3B,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,OAAO,IAAI,wBAAwB;QAClD,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,aAAa;KACrC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,cAA8B,EAC9B,KAAiB,EACjB,eAAoC;IAEpC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,KAAK,EAAE;QAClD,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE,gBAAgB;QAC1B,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE;QAC1B,QAAQ,EAAE,KAAK;QACf,SAAS,EAAE,GAAG;KACf,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,iBAAiB,GAAe,EAAE,CAAC;IAEzC,kDAAkD;IAClD,IAAI,MAAM,CAAC,KAAK,IAAI,GAAG,EAAE,CAAC;QACxB,MAAM,aAAa,GAAY;YAC7B,KAAK,EAAE,oCAAoC;YAC3C,EAAE,EAAE,wBAAwB;YAC5B,MAAM,EAAE,cAAc;YACtB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,MAAM,EAAE,mBAAmB;YAC3B,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC3C,QAAQ,EAAE,MAAM,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;YACnD,IAAI,EAAE;gBACJ,QAAQ,EAAE,kBAAkB;gBAC5B,WAAW,EAAE,oBAAoB;gBACjC,UAAU,EAAE,MAAM;aACnB;YACD,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;YAChC,SAAS,EAAE;gBACT,UAAU,EAAE,EAAE;gBACd,SAAS,EAAE,gBAAgB;aAC5B;YACD,QAAQ,EAAE;gBACR,OAAO,EAAE,MAAM,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;aACpE;SACF,CAAC;QAEF,iBAAiB,CAAC,IAAI,CAAC;YACrB,IAAI,EAAE,aAAa;YACnB,iBAAiB,EAAE,CAAC,mBAAmB,CAAC;YACxC,eAAe,EAAE,CAAC,gBAAgB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5D,UAAU,EAAE,MAAM,CAAC,KAAK;YACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,iBAAiB,CAAC;AAC3B,CAAC"}

package/dist/loader.d.ts DELETED Viewed

@@ -1,21 +0,0 @@
-/**
- * ATR Rule Loader - Reads and parses ATR YAML rule files
- * @module agent-threat-rules/loader
- */
-import type { ATRRule } from './types.js';
-/**
- * Load a single ATR rule from a YAML file.
- */
-export declare function loadRuleFile(filePath: string): ATRRule;
-/**
- * Recursively load all ATR YAML rules from a directory.
- */
-export declare function loadRulesFromDirectory(dirPath: string): ATRRule[];
-/**
- * Validate that a parsed object conforms to the ATR rule schema (basic checks).
- */
-export declare function validateRule(rule: unknown): {
-    valid: boolean;
-    errors: string[];
-};
-//# sourceMappingURL=loader.d.ts.map

package/dist/loader.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"loader.d.ts","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAE1C;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAStD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,EAAE,CAoBjE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAwFhF"}

package/dist/loader.js DELETED Viewed

@@ -1,124 +0,0 @@
-/**
- * ATR Rule Loader - Reads and parses ATR YAML rule files
- * @module agent-threat-rules/loader
- */
-import { readFileSync, readdirSync, statSync } from 'node:fs';
-import { join, extname } from 'node:path';
-import yaml from 'js-yaml';
-/**
- * Load a single ATR rule from a YAML file.
- */
-export function loadRuleFile(filePath) {
-    const content = readFileSync(filePath, 'utf-8');
-    const parsed = yaml.load(content);
-    if (!parsed.id || !parsed.title || !parsed.detection) {
-        throw new Error(`Invalid ATR rule in ${filePath}: missing required fields (id, title, detection)`);
-    }
-    return parsed;
-}
-/**
- * Recursively load all ATR YAML rules from a directory.
- */
-export function loadRulesFromDirectory(dirPath) {
-    const rules = [];
-    const entries = readdirSync(dirPath);
-    for (const entry of entries) {
-        const fullPath = join(dirPath, entry);
-        const stat = statSync(fullPath);
-        if (stat.isDirectory()) {
-            rules.push(...loadRulesFromDirectory(fullPath));
-        }
-        else if (stat.isFile() && (extname(entry) === '.yaml' || extname(entry) === '.yml')) {
-            try {
-                rules.push(loadRuleFile(fullPath));
-            }
-            catch (err) {
-                console.warn(`[ATR] Failed to load rule file ${fullPath}: ${err instanceof Error ? err.message : String(err)}`);
-            }
-        }
-    }
-    return rules;
-}
-/**
- * Validate that a parsed object conforms to the ATR rule schema (basic checks).
- */
-export function validateRule(rule) {
-    const errors = [];
-    const r = rule;
-    // Required fields
-    const required = ['title', 'id', 'status', 'description', 'author', 'date', 'severity', 'tags', 'agent_source', 'detection', 'response'];
-    for (const field of required) {
-        if (!r[field]) {
-            errors.push(`Missing required field: ${field}`);
-        }
-    }
-    // ID format
-    if (typeof r['id'] === 'string' && !/^ATR-\d{4}-\d{3}$/.test(r['id'])) {
-        errors.push(`Invalid id format: ${r['id']} (expected ATR-YYYY-NNN)`);
-    }
-    // Status enum
-    const validStatuses = ['draft', 'experimental', 'stable', 'deprecated'];
-    if (typeof r['status'] === 'string' && !validStatuses.includes(r['status'])) {
-        errors.push(`Invalid status: ${r['status']}`);
-    }
-    // Severity enum
-    const validSeverities = ['critical', 'high', 'medium', 'low', 'informational'];
-    if (typeof r['severity'] === 'string' && !validSeverities.includes(r['severity'])) {
-        errors.push(`Invalid severity: ${r['severity']}`);
-    }
-    // Tags category
-    const tags = r['tags'];
-    if (tags) {
-        const validCategories = [
-            'prompt-injection', 'tool-poisoning', 'context-exfiltration',
-            'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
-            'data-poisoning', 'model-abuse', 'skill-compromise',
-        ];
-        if (typeof tags['category'] === 'string' && !validCategories.includes(tags['category'])) {
-            errors.push(`Invalid tags.category: ${tags['category']}`);
-        }
-    }
-    // Agent source type
-    const agentSource = r['agent_source'];
-    if (agentSource) {
-        const validTypes = [
-            'llm_io', 'tool_call', 'mcp_exchange', 'agent_behavior',
-            'multi_agent_comm', 'context_window', 'memory_access',
-            'skill_lifecycle', 'skill_permission', 'skill_chain',
-        ];
-        if (typeof agentSource['type'] === 'string' && !validTypes.includes(agentSource['type'])) {
-            errors.push(`Invalid agent_source.type: ${agentSource['type']}`);
-        }
-    }
-    // Detection must have conditions and condition
-    const detection = r['detection'];
-    if (detection) {
-        if (!detection['conditions']) {
-            errors.push('Missing detection.conditions');
-        }
-        if (!detection['condition']) {
-            errors.push('Missing detection.condition');
-        }
-    }
-    // Response must have actions
-    const response = r['response'];
-    if (response) {
-        if (!Array.isArray(response['actions']) || response['actions'].length === 0) {
-            errors.push('Missing or empty response.actions');
-        }
-    }
-    // Test cases validation
-    const testCases = r['test_cases'];
-    if (testCases) {
-        const tp = testCases['true_positives'];
-        const tn = testCases['true_negatives'];
-        if (!Array.isArray(tp) || tp.length === 0) {
-            errors.push('test_cases.true_positives must have at least one entry');
-        }
-        if (!Array.isArray(tn) || tn.length === 0) {
-            errors.push('test_cases.true_negatives must have at least one entry');
-        }
-    }
-    return { valid: errors.length === 0, errors };
-}
-//# sourceMappingURL=loader.js.map

package/dist/loader.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"loader.js","sourceRoot":"","sources":["../src/loader.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,IAAI,MAAM,SAAS,CAAC;AAG3B;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAY,CAAC;IAE7C,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,kDAAkD,CAAC,CAAC;IACrG,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAe;IACpD,MAAM,KAAK,GAAc,EAAE,CAAC;IAE5B,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACrC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEhC,IAAI,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,MAAM,CAAC,EAAE,CAAC;YACtF,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,kCAAkC,QAAQ,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAClH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,IAAa;IACxC,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,CAAC,GAAG,IAA+B,CAAC;IAE1C,kBAAkB;IAClB,MAAM,QAAQ,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IACzI,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,YAAY;IACZ,IAAI,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACtE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACvE,CAAC;IAED,cAAc;IACd,MAAM,aAAa,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;IACxE,IAAI,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,gBAAgB;IAChB,MAAM,eAAe,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/E,IAAI,OAAO,CAAC,CAAC,UAAU,CAAC,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,gBAAgB;IAChB,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAwC,CAAC;IAC9D,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,eAAe,GAAG;YACtB,kBAAkB,EAAE,gBAAgB,EAAE,sBAAsB;YAC5D,oBAAoB,EAAE,sBAAsB,EAAE,oBAAoB;YAClE,gBAAgB,EAAE,aAAa,EAAE,kBAAkB;SACpD,CAAC;QACF,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACxF,MAAM,CAAC,IAAI,CAAC,0BAA0B,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,oBAAoB;IACpB,MAAM,WAAW,GAAG,CAAC,CAAC,cAAc,CAAwC,CAAC;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,UAAU,GAAG;YACjB,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,gBAAgB;YACvD,kBAAkB,EAAE,gBAAgB,EAAE,eAAe;YACrD,iBAAiB,EAAE,kBAAkB,EAAE,aAAa;SACrD,CAAC;QACF,IAAI,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YACzF,MAAM,CAAC,IAAI,CAAC,8BAA8B,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,+CAA+C;IAC/C,MAAM,SAAS,GAAG,CAAC,CAAC,WAAW,CAAwC,CAAC;IACxE,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAwC,CAAC;IACtE,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5E,MAAM,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,SAAS,GAAG,CAAC,CAAC,YAAY,CAAwC,CAAC;IACzE,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACxE,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC"}

package/dist/mcp-server.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-#!/usr/bin/env node
-/**
- * ATR MCP Server - Model Context Protocol server for Agent Threat Rules
- *
- * Exposes ATR functionality as MCP tools for AI agents and IDEs.
- * Start with: atr mcp (stdio transport)
- *
- * @module agent-threat-rules/mcp-server
- */
-import { Server } from '@modelcontextprotocol/sdk/server/index.js';
-export declare function createMCPServer(): Promise<Server>;
-export declare function startMCPServer(): Promise<void>;
-//# sourceMappingURL=mcp-server.d.ts.map

package/dist/mcp-server.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"mcp-server.d.ts","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAIH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAsKnE,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,CAoDvD;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAIpD"}

package/dist/mcp-server.js DELETED Viewed

@@ -1,220 +0,0 @@
-#!/usr/bin/env node
-/**
- * ATR MCP Server - Model Context Protocol server for Agent Threat Rules
- *
- * Exposes ATR functionality as MCP tools for AI agents and IDEs.
- * Start with: atr mcp (stdio transport)
- *
- * @module agent-threat-rules/mcp-server
- */
-import { resolve, dirname } from 'node:path';
-import { fileURLToPath } from 'node:url';
-import { Server } from '@modelcontextprotocol/sdk/server/index.js';
-import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { ListToolsRequestSchema, CallToolRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
-import { ATREngine } from './engine.js';
-import { handleScan } from './mcp-tools/scan.js';
-import { handleListRules } from './mcp-tools/list-rules.js';
-import { handleValidate } from './mcp-tools/validate.js';
-import { handleSubmitProposal } from './mcp-tools/submit-proposal.js';
-import { handleCoverageGaps } from './mcp-tools/coverage-gaps.js';
-import { handleThreatSummary } from './mcp-tools/threat-summary.js';
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = dirname(__filename);
-const RULES_DIR = resolve(__dirname, '..', 'rules');
-const TOOLS = [
-    {
-        name: 'atr_scan',
-        description: 'Scan text content for AI agent security threats using ATR detection rules. Returns matched rules with severity, confidence, and recommended actions.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                content: {
-                    type: 'string',
-                    description: 'The text content to scan for threats (prompt, tool response, agent output, etc.)',
-                },
-                event_type: {
-                    type: 'string',
-                    enum: ['llm_input', 'llm_output', 'tool_call', 'tool_response', 'agent_behavior', 'multi_agent_message'],
-                    description: 'Type of agent event being scanned. Defaults to "llm_input".',
-                },
-                min_severity: {
-                    type: 'string',
-                    enum: ['informational', 'low', 'medium', 'high', 'critical'],
-                    description: 'Minimum severity level to include in results. Defaults to "informational".',
-                },
-            },
-            required: ['content'],
-        },
-    },
-    {
-        name: 'atr_list_rules',
-        description: 'List and filter available ATR detection rules. Search by category, severity, or keyword.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                category: {
-                    type: 'string',
-                    enum: [
-                        'prompt-injection', 'tool-poisoning', 'context-exfiltration',
-                        'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
-                        'data-poisoning', 'model-abuse', 'skill-compromise',
-                    ],
-                    description: 'Filter rules by threat category.',
-                },
-                severity: {
-                    type: 'string',
-                    enum: ['informational', 'low', 'medium', 'high', 'critical'],
-                    description: 'Filter rules by severity level.',
-                },
-                search: {
-                    type: 'string',
-                    description: 'Search rules by keyword in title, description, or ID.',
-                },
-            },
-        },
-    },
-    {
-        name: 'atr_validate_rule',
-        description: 'Validate an ATR rule written in YAML format. Checks required fields, enum values, and structural correctness.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                yaml_content: {
-                    type: 'string',
-                    description: 'The ATR rule YAML content to validate.',
-                },
-            },
-            required: ['yaml_content'],
-        },
-    },
-    {
-        name: 'atr_submit_proposal',
-        description: 'Generate a draft ATR rule from a threat description. Produces YAML with detection patterns derived from example payloads.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                title: {
-                    type: 'string',
-                    description: 'Title for the new rule (e.g., "Multi-turn Context Hijacking").',
-                },
-                category: {
-                    type: 'string',
-                    enum: [
-                        'prompt-injection', 'tool-poisoning', 'context-exfiltration',
-                        'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
-                        'data-poisoning', 'model-abuse', 'skill-compromise',
-                    ],
-                    description: 'Threat category for the rule.',
-                },
-                attack_description: {
-                    type: 'string',
-                    description: 'Detailed description of the attack this rule detects.',
-                },
-                example_payloads: {
-                    type: 'array',
-                    items: { type: 'string' },
-                    description: 'Example attack payloads to generate detection patterns from.',
-                },
-                severity: {
-                    type: 'string',
-                    enum: ['informational', 'low', 'medium', 'high', 'critical'],
-                    description: 'Severity level. Defaults to "medium".',
-                },
-                mitre_refs: {
-                    type: 'array',
-                    items: { type: 'string' },
-                    description: 'Optional MITRE ATLAS reference IDs (e.g., "AML.T0051").',
-                },
-            },
-            required: ['title', 'category', 'attack_description', 'example_payloads'],
-        },
-    },
-    {
-        name: 'atr_coverage_gaps',
-        description: 'Analyze ATR rule coverage against security frameworks (OWASP Agentic AI, MITRE ATLAS). Identifies uncovered threat categories.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                framework: {
-                    type: 'string',
-                    enum: ['owasp_agentic', 'mitre_atlas', 'all'],
-                    description: 'Security framework to analyze against. Defaults to "all".',
-                },
-            },
-        },
-    },
-    {
-        name: 'atr_threat_summary',
-        description: 'Get aggregated statistics about loaded ATR rules. Shows distribution by category, severity, status, and test coverage.',
-        inputSchema: {
-            type: 'object',
-            properties: {
-                category: {
-                    type: 'string',
-                    enum: [
-                        'prompt-injection', 'tool-poisoning', 'context-exfiltration',
-                        'agent-manipulation', 'privilege-escalation', 'excessive-autonomy',
-                        'data-poisoning', 'model-abuse', 'skill-compromise',
-                    ],
-                    description: 'Optional: filter statistics to a single threat category.',
-                },
-            },
-        },
-    },
-];
-export async function createMCPServer() {
-    const engine = new ATREngine({ rulesDir: RULES_DIR });
-    const ruleCount = await engine.loadRules();
-    const server = new Server({
-        name: 'atr-mcp-server',
-        version: '0.2.1',
-    }, {
-        capabilities: {
-            tools: {},
-        },
-    });
-    server.setRequestHandler(ListToolsRequestSchema, async () => ({
-        tools: TOOLS,
-    }));
-    server.setRequestHandler(CallToolRequestSchema, async (request) => {
-        const { name, arguments: args } = request.params;
-        const toolArgs = (args ?? {});
-        switch (name) {
-            case 'atr_scan':
-                return await handleScan(engine, toolArgs);
-            case 'atr_list_rules':
-                return handleListRules(engine, toolArgs);
-            case 'atr_validate_rule':
-                return handleValidate(toolArgs);
-            case 'atr_submit_proposal':
-                return handleSubmitProposal(toolArgs);
-            case 'atr_coverage_gaps':
-                return handleCoverageGaps(engine, toolArgs);
-            case 'atr_threat_summary':
-                return handleThreatSummary(engine, toolArgs);
-            default:
-                return {
-                    content: [{ type: 'text', text: `Error: Unknown tool "${name}".` }],
-                    isError: true,
-                };
-        }
-    });
-    return server;
-}
-export async function startMCPServer() {
-    const server = await createMCPServer();
-    const transport = new StdioServerTransport();
-    await server.connect(transport);
-}
-// Auto-start when run directly
-const isDirectExecution = process.argv[1] &&
-    (process.argv[1].endsWith('mcp-server.js') ||
-        process.argv[1].endsWith('mcp-server.ts'));
-if (isDirectExecution) {
-    startMCPServer().catch((err) => {
-        process.stderr.write(`ATR MCP Server error: ${err instanceof Error ? err.message : String(err)}\n`);
-        process.exit(1);
-    });
-}
-//# sourceMappingURL=mcp-server.js.map

package/dist/mcp-server.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"mcp-server.js","sourceRoot":"","sources":["../src/mcp-server.ts"],"names":[],"mappings":";AACA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAEpE,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AACtC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAEpD,MAAM,KAAK,GAAG;IACZ;QACE,IAAI,EAAE,UAAU;QAChB,WAAW,EACT,sJAAsJ;QACxJ,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,kFAAkF;iBAChG;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,gBAAgB,EAAE,qBAAqB,CAAC;oBACxG,WAAW,EAAE,6DAA6D;iBAC3E;gBACD,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC;oBAC5D,WAAW,EAAE,4EAA4E;iBAC1F;aACF;YACD,QAAQ,EAAE,CAAC,SAAS,CAAC;SACtB;KACF;IACD;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EACT,0FAA0F;QAC5F,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE;wBACJ,kBAAkB,EAAE,gBAAgB,EAAE,sBAAsB;wBAC5D,oBAAoB,EAAE,sBAAsB,EAAE,oBAAoB;wBAClE,gBAAgB,EAAE,aAAa,EAAE,kBAAkB;qBACpD;oBACD,WAAW,EAAE,kCAAkC;iBAChD;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC;oBAC5D,WAAW,EAAE,iCAAiC;iBAC/C;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uDAAuD;iBACrE;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,+GAA+G;QACjH,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wCAAwC;iBACtD;aACF;YACD,QAAQ,EAAE,CAAC,cAAc,CAAC;SAC3B;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EACT,2HAA2H;QAC7H,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,gEAAgE;iBAC9E;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE;wBACJ,kBAAkB,EAAE,gBAAgB,EAAE,sBAAsB;wBAC5D,oBAAoB,EAAE,sBAAsB,EAAE,oBAAoB;wBAClE,gBAAgB,EAAE,aAAa,EAAE,kBAAkB;qBACpD;oBACD,WAAW,EAAE,+BAA+B;iBAC7C;gBACD,kBAAkB,EAAE;oBAClB,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uDAAuD;iBACrE;gBACD,gBAAgB,EAAE;oBAChB,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,8DAA8D;iBAC5E;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC;oBAC5D,WAAW,EAAE,uCAAuC;iBACrD;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,yDAAyD;iBACvE;aACF;YACD,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,kBAAkB,CAAC;SAC1E;KACF;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,gIAAgI;QAClI,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,CAAC,eAAe,EAAE,aAAa,EAAE,KAAK,CAAC;oBAC7C,WAAW,EAAE,2DAA2D;iBACzE;aACF;SACF;KACF;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EACT,wHAAwH;QAC1H,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE;wBACJ,kBAAkB,EAAE,gBAAgB,EAAE,sBAAsB;wBAC5D,oBAAoB,EAAE,sBAAsB,EAAE,oBAAoB;wBAClE,gBAAgB,EAAE,aAAa,EAAE,kBAAkB;qBACpD;oBACD,WAAW,EAAE,0DAA0D;iBACxE;aACF;SACF;KACF;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;IAE3C,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;QACE,IAAI,EAAE,gBAAgB;QACtB,OAAO,EAAE,OAAO;KACjB,EACD;QACE,YAAY,EAAE;YACZ,KAAK,EAAE,EAAE;SACV;KACF,CACF,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE,KAAK;KACb,CAAC,CAAC,CAAC;IAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACjD,MAAM,QAAQ,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;QAEzD,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,UAAU;gBACb,OAAO,MAAM,UAAU,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAE5C,KAAK,gBAAgB;gBACnB,OAAO,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAE3C,KAAK,mBAAmB;gBACtB,OAAO,cAAc,CAAC,QAAQ,CAAC,CAAC;YAElC,KAAK,qBAAqB;gBACxB,OAAO,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAExC,KAAK,mBAAmB;gBACtB,OAAO,kBAAkB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAE9C,KAAK,oBAAoB;gBACvB,OAAO,mBAAmB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;YAE/C;gBACE,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,wBAAwB,IAAI,IAAI,EAAE,CAAC;oBACnE,OAAO,EAAE,IAAI;iBACd,CAAC;QACN,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,+BAA+B;AAC/B,MAAM,iBAAiB,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACf,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC;QACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;AAE9C,IAAI,iBAAiB,EAAE,CAAC;IACtB,cAAc,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACpG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/mcp-tools/coverage-gaps.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-/**
- * atr_coverage_gaps MCP tool - Analyze coverage gaps against security frameworks
- * @module agent-threat-rules/mcp-tools/coverage-gaps
- */
-import type { ATREngine } from '../engine.js';
-export declare function handleCoverageGaps(engine: ATREngine, args: Record<string, unknown>): {
-    content: Array<{
-        type: string;
-        text: string;
-    }>;
-    isError?: boolean;
-};
-//# sourceMappingURL=coverage-gaps.d.ts.map

package/dist/mcp-tools/coverage-gaps.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"coverage-gaps.d.ts","sourceRoot":"","sources":["../../src/mcp-tools/coverage-gaps.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAE9C,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IACpF,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAkDA"}