agent-threat-rules 0.3.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (287) hide show
  1. package/README.md +190 -54
  2. package/package.json +3 -1
  3. package/rules/agent-manipulation/{ATR-2026-030-cross-agent-attack.yaml → ATR-2026-00030-cross-agent-attack.yaml} +3 -1
  4. package/rules/agent-manipulation/{ATR-2026-032-goal-hijacking.yaml → ATR-2026-00032-goal-hijacking.yaml} +3 -1
  5. package/rules/agent-manipulation/{ATR-2026-074-cross-agent-privilege-escalation.yaml → ATR-2026-00074-cross-agent-privilege-escalation.yaml} +3 -1
  6. package/rules/agent-manipulation/{ATR-2026-076-inter-agent-message-spoofing.yaml → ATR-2026-00076-inter-agent-message-spoofing.yaml} +3 -1
  7. package/rules/agent-manipulation/{ATR-2026-077-human-trust-exploitation.yaml → ATR-2026-00077-human-trust-exploitation.yaml} +3 -1
  8. package/rules/agent-manipulation/{ATR-2026-108-consensus-sybil-attack.yaml → ATR-2026-00108-consensus-sybil-attack.yaml} +3 -1
  9. package/rules/agent-manipulation/ATR-2026-00116-a2a-message-validation.yaml +92 -0
  10. package/rules/agent-manipulation/ATR-2026-00117-agent-identity-spoofing.yaml +92 -0
  11. package/rules/agent-manipulation/ATR-2026-00118-approval-fatigue.yaml +89 -0
  12. package/rules/agent-manipulation/ATR-2026-00119-social-engineering-via-agent.yaml +89 -0
  13. package/rules/agent-manipulation/ATR-2026-00132-casual-authority-escalation.yaml +105 -0
  14. package/rules/agent-manipulation/ATR-2026-00139-casual-authority-redirect.yaml +53 -0
  15. package/rules/context-exfiltration/{ATR-2026-020-system-prompt-leak.yaml → ATR-2026-00020-system-prompt-leak.yaml} +3 -1
  16. package/rules/context-exfiltration/{ATR-2026-021-api-key-exposure.yaml → ATR-2026-00021-api-key-exposure.yaml} +3 -1
  17. package/rules/context-exfiltration/{ATR-2026-075-agent-memory-manipulation.yaml → ATR-2026-00075-agent-memory-manipulation.yaml} +3 -1
  18. package/rules/context-exfiltration/{ATR-2026-102-disguised-analytics-exfiltration.yaml → ATR-2026-00102-disguised-analytics-exfiltration.yaml} +3 -1
  19. package/rules/context-exfiltration/ATR-2026-00113-credential-theft.yaml +89 -0
  20. package/rules/context-exfiltration/ATR-2026-00114-oauth-token-abuse.yaml +89 -0
  21. package/rules/context-exfiltration/ATR-2026-00115-env-var-harvesting.yaml +90 -0
  22. package/rules/context-exfiltration/ATR-2026-00136-tool-response-data-piggyback.yaml +100 -0
  23. package/rules/context-exfiltration/ATR-2026-00141-example-format-key-leak.yaml +52 -0
  24. package/rules/context-exfiltration/ATR-2026-00142-piggyback-transition-words.yaml +55 -0
  25. package/rules/context-exfiltration/ATR-2026-00145-obfuscated-key-disclosure.yaml +49 -0
  26. package/rules/context-exfiltration/ATR-2026-00146-env-var-existence-probe.yaml +49 -0
  27. package/rules/data-poisoning/{ATR-2026-070-data-poisoning.yaml → ATR-2026-00070-data-poisoning.yaml} +3 -1
  28. package/rules/excessive-autonomy/{ATR-2026-050-runaway-agent-loop.yaml → ATR-2026-00050-runaway-agent-loop.yaml} +3 -1
  29. package/rules/excessive-autonomy/{ATR-2026-051-resource-exhaustion.yaml → ATR-2026-00051-resource-exhaustion.yaml} +3 -1
  30. package/rules/excessive-autonomy/{ATR-2026-052-cascading-failure.yaml → ATR-2026-00052-cascading-failure.yaml} +3 -1
  31. package/rules/excessive-autonomy/{ATR-2026-098-unauthorized-financial-action.yaml → ATR-2026-00098-unauthorized-financial-action.yaml} +3 -1
  32. package/rules/excessive-autonomy/{ATR-2026-099-high-risk-tool-gate.yaml → ATR-2026-00099-high-risk-tool-gate.yaml} +4 -2
  33. package/rules/model-security/{ATR-2026-072-model-behavior-extraction.yaml → ATR-2026-00072-model-behavior-extraction.yaml} +3 -1
  34. package/rules/model-security/{ATR-2026-073-malicious-finetuning-data.yaml → ATR-2026-00073-malicious-finetuning-data.yaml} +3 -1
  35. package/rules/privilege-escalation/{ATR-2026-040-privilege-escalation.yaml → ATR-2026-00040-privilege-escalation.yaml} +3 -1
  36. package/rules/privilege-escalation/{ATR-2026-041-scope-creep.yaml → ATR-2026-00041-scope-creep.yaml} +3 -1
  37. package/rules/privilege-escalation/{ATR-2026-107-delayed-execution-bypass.yaml → ATR-2026-00107-delayed-execution-bypass.yaml} +3 -1
  38. package/rules/privilege-escalation/ATR-2026-00110-eval-injection.yaml +92 -0
  39. package/rules/privilege-escalation/ATR-2026-00111-shell-escape.yaml +93 -0
  40. package/rules/privilege-escalation/ATR-2026-00112-dynamic-import-exploitation.yaml +89 -0
  41. package/rules/privilege-escalation/ATR-2026-00143-casual-privilege-escalation.yaml +53 -0
  42. package/rules/privilege-escalation/ATR-2026-00144-rationalized-safety-bypass.yaml +49 -0
  43. package/rules/prompt-injection/{ATR-2026-001-direct-prompt-injection.yaml → ATR-2026-00001-direct-prompt-injection.yaml} +121 -11
  44. package/rules/prompt-injection/{ATR-2026-002-indirect-prompt-injection.yaml → ATR-2026-00002-indirect-prompt-injection.yaml} +3 -1
  45. package/rules/prompt-injection/{ATR-2026-003-jailbreak-attempt.yaml → ATR-2026-00003-jailbreak-attempt.yaml} +3 -1
  46. package/rules/prompt-injection/{ATR-2026-004-system-prompt-override.yaml → ATR-2026-00004-system-prompt-override.yaml} +3 -1
  47. package/rules/prompt-injection/{ATR-2026-005-multi-turn-injection.yaml → ATR-2026-00005-multi-turn-injection.yaml} +3 -1
  48. package/rules/prompt-injection/{ATR-2026-080-encoding-evasion.yaml → ATR-2026-00080-encoding-evasion.yaml} +3 -1
  49. package/rules/prompt-injection/{ATR-2026-081-semantic-multi-turn.yaml → ATR-2026-00081-semantic-multi-turn.yaml} +3 -1
  50. package/rules/prompt-injection/{ATR-2026-082-fingerprint-evasion.yaml → ATR-2026-00082-fingerprint-evasion.yaml} +3 -1
  51. package/rules/prompt-injection/{ATR-2026-083-indirect-tool-injection.yaml → ATR-2026-00083-indirect-tool-injection.yaml} +3 -1
  52. package/rules/prompt-injection/{ATR-2026-084-structured-data-injection.yaml → ATR-2026-00084-structured-data-injection.yaml} +3 -1
  53. package/rules/prompt-injection/{ATR-2026-085-audit-evasion.yaml → ATR-2026-00085-audit-evasion.yaml} +3 -1
  54. package/rules/prompt-injection/{ATR-2026-086-visual-spoofing.yaml → ATR-2026-00086-visual-spoofing.yaml} +3 -1
  55. package/rules/prompt-injection/{ATR-2026-087-rule-probing.yaml → ATR-2026-00087-rule-probing.yaml} +3 -1
  56. package/rules/prompt-injection/{ATR-2026-088-adaptive-countermeasure.yaml → ATR-2026-00088-adaptive-countermeasure.yaml} +3 -1
  57. package/rules/prompt-injection/{ATR-2026-089-polymorphic-skill.yaml → ATR-2026-00089-polymorphic-skill.yaml} +3 -1
  58. package/rules/prompt-injection/{ATR-2026-090-threat-intel-exfil.yaml → ATR-2026-00090-threat-intel-exfil.yaml} +3 -1
  59. package/rules/prompt-injection/{ATR-2026-091-nested-payload.yaml → ATR-2026-00091-nested-payload.yaml} +3 -1
  60. package/rules/prompt-injection/{ATR-2026-092-consensus-poisoning.yaml → ATR-2026-00092-consensus-poisoning.yaml} +3 -1
  61. package/rules/prompt-injection/{ATR-2026-093-gradual-escalation.yaml → ATR-2026-00093-gradual-escalation.yaml} +3 -1
  62. package/rules/prompt-injection/{ATR-2026-094-audit-bypass.yaml → ATR-2026-00094-audit-bypass.yaml} +3 -1
  63. package/rules/prompt-injection/{ATR-2026-097-cjk-injection-patterns.yaml → ATR-2026-00097-cjk-injection-patterns.yaml} +18 -1
  64. package/rules/prompt-injection/{ATR-2026-104-persona-hijacking.yaml → ATR-2026-00104-persona-hijacking.yaml} +3 -1
  65. package/rules/prompt-injection/ATR-2026-00130-indirect-authority-claim.yaml +103 -0
  66. package/rules/prompt-injection/ATR-2026-00131-fictional-academic-framing.yaml +99 -0
  67. package/rules/prompt-injection/ATR-2026-00133-paraphrase-injection.yaml +117 -0
  68. package/rules/prompt-injection/ATR-2026-00137-authority-claim-injection.yaml +52 -0
  69. package/rules/prompt-injection/ATR-2026-00138-fictional-framing-bypass.yaml +51 -0
  70. package/rules/prompt-injection/ATR-2026-00140-indirect-reference-reversal.yaml +52 -0
  71. package/rules/prompt-injection/ATR-2026-00148-language-switch-injection.yaml +71 -0
  72. package/rules/skill-compromise/{ATR-2026-060-skill-impersonation.yaml → ATR-2026-00060-skill-impersonation.yaml} +3 -1
  73. package/rules/skill-compromise/{ATR-2026-061-description-behavior-mismatch.yaml → ATR-2026-00061-description-behavior-mismatch.yaml} +4 -2
  74. package/rules/skill-compromise/{ATR-2026-062-hidden-capability.yaml → ATR-2026-00062-hidden-capability.yaml} +3 -1
  75. package/rules/skill-compromise/{ATR-2026-063-skill-chain-attack.yaml → ATR-2026-00063-skill-chain-attack.yaml} +5 -2
  76. package/rules/skill-compromise/{ATR-2026-064-over-permissioned-skill.yaml → ATR-2026-00064-over-permissioned-skill.yaml} +3 -1
  77. package/rules/skill-compromise/{ATR-2026-065-skill-update-attack.yaml → ATR-2026-00065-skill-update-attack.yaml} +3 -1
  78. package/rules/skill-compromise/{ATR-2026-066-parameter-injection.yaml → ATR-2026-00066-parameter-injection.yaml} +3 -1
  79. package/rules/skill-compromise/ATR-2026-00120-skill-instruction-injection.yaml +121 -0
  80. package/rules/skill-compromise/ATR-2026-00121-skill-dangerous-script.yaml +165 -0
  81. package/rules/skill-compromise/ATR-2026-00122-skill-weaponized-instruction.yaml +114 -0
  82. package/rules/skill-compromise/ATR-2026-00123-skill-overreach-permissions.yaml +118 -0
  83. package/rules/skill-compromise/ATR-2026-00124-skill-name-squatting.yaml +98 -0
  84. package/rules/skill-compromise/ATR-2026-00125-context-poisoning-compaction.yaml +93 -0
  85. package/rules/skill-compromise/ATR-2026-00126-skill-rug-pull-setup.yaml +99 -0
  86. package/rules/skill-compromise/ATR-2026-00127-subcommand-overflow.yaml +74 -0
  87. package/rules/skill-compromise/ATR-2026-00128-html-comment-hidden-payload.yaml +79 -0
  88. package/rules/skill-compromise/ATR-2026-00129-unicode-smuggling.yaml +73 -0
  89. package/rules/skill-compromise/ATR-2026-00134-fork-claim-impersonation.yaml +93 -0
  90. package/rules/skill-compromise/ATR-2026-00135-exfil-url-in-instructions.yaml +82 -0
  91. package/rules/skill-compromise/ATR-2026-00147-fork-impersonation.yaml +48 -0
  92. package/rules/tool-poisoning/{ATR-2026-010-mcp-malicious-response.yaml → ATR-2026-00010-mcp-malicious-response.yaml} +3 -1
  93. package/rules/tool-poisoning/{ATR-2026-011-tool-output-injection.yaml → ATR-2026-00011-tool-output-injection.yaml} +3 -1
  94. package/rules/tool-poisoning/{ATR-2026-012-unauthorized-tool-call.yaml → ATR-2026-00012-unauthorized-tool-call.yaml} +3 -1
  95. package/rules/tool-poisoning/{ATR-2026-013-tool-ssrf.yaml → ATR-2026-00013-tool-ssrf.yaml} +3 -1
  96. package/rules/tool-poisoning/{ATR-2026-095-supply-chain-poisoning.yaml → ATR-2026-00095-supply-chain-poisoning.yaml} +3 -1
  97. package/rules/tool-poisoning/{ATR-2026-096-registry-poisoning.yaml → ATR-2026-00096-registry-poisoning.yaml} +3 -1
  98. package/rules/tool-poisoning/{ATR-2026-100-consent-bypass-instruction.yaml → ATR-2026-00100-consent-bypass-instruction.yaml} +3 -1
  99. package/rules/tool-poisoning/{ATR-2026-101-trust-escalation-override.yaml → ATR-2026-00101-trust-escalation-override.yaml} +3 -1
  100. package/rules/tool-poisoning/{ATR-2026-103-hidden-safety-bypass-instruction.yaml → ATR-2026-00103-hidden-safety-bypass-instruction.yaml} +3 -1
  101. package/rules/tool-poisoning/{ATR-2026-105-silent-action-concealment.yaml → ATR-2026-00105-silent-action-concealment.yaml} +3 -1
  102. package/rules/tool-poisoning/{ATR-2026-106-schema-description-contradiction.yaml → ATR-2026-00106-schema-description-contradiction.yaml} +3 -1
  103. package/spec/atr-schema.yaml +32 -3
  104. package/dist/action-executor.d.ts +0 -44
  105. package/dist/action-executor.d.ts.map +0 -1
  106. package/dist/action-executor.js +0 -130
  107. package/dist/action-executor.js.map +0 -1
  108. package/dist/adapters/default-adapter.d.ts +0 -24
  109. package/dist/adapters/default-adapter.d.ts.map +0 -1
  110. package/dist/adapters/default-adapter.js +0 -51
  111. package/dist/adapters/default-adapter.js.map +0 -1
  112. package/dist/adapters/stdio-adapter.d.ts +0 -30
  113. package/dist/adapters/stdio-adapter.d.ts.map +0 -1
  114. package/dist/adapters/stdio-adapter.js +0 -128
  115. package/dist/adapters/stdio-adapter.js.map +0 -1
  116. package/dist/capability-extractor.d.ts +0 -35
  117. package/dist/capability-extractor.d.ts.map +0 -1
  118. package/dist/capability-extractor.js +0 -91
  119. package/dist/capability-extractor.js.map +0 -1
  120. package/dist/cli.d.ts +0 -12
  121. package/dist/cli.d.ts.map +0 -1
  122. package/dist/cli.js +0 -820
  123. package/dist/cli.js.map +0 -1
  124. package/dist/converters/elastic.d.ts +0 -36
  125. package/dist/converters/elastic.d.ts.map +0 -1
  126. package/dist/converters/elastic.js +0 -125
  127. package/dist/converters/elastic.js.map +0 -1
  128. package/dist/converters/index.d.ts +0 -28
  129. package/dist/converters/index.d.ts.map +0 -1
  130. package/dist/converters/index.js +0 -36
  131. package/dist/converters/index.js.map +0 -1
  132. package/dist/converters/splunk.d.ts +0 -19
  133. package/dist/converters/splunk.d.ts.map +0 -1
  134. package/dist/converters/splunk.js +0 -148
  135. package/dist/converters/splunk.js.map +0 -1
  136. package/dist/coverage-analyzer.d.ts +0 -43
  137. package/dist/coverage-analyzer.d.ts.map +0 -1
  138. package/dist/coverage-analyzer.js +0 -329
  139. package/dist/coverage-analyzer.js.map +0 -1
  140. package/dist/embedding/build-corpus.d.ts +0 -15
  141. package/dist/embedding/build-corpus.d.ts.map +0 -1
  142. package/dist/embedding/build-corpus.js +0 -105
  143. package/dist/embedding/build-corpus.js.map +0 -1
  144. package/dist/embedding/model-loader.d.ts +0 -41
  145. package/dist/embedding/model-loader.d.ts.map +0 -1
  146. package/dist/embedding/model-loader.js +0 -90
  147. package/dist/embedding/model-loader.js.map +0 -1
  148. package/dist/embedding/vector-store.d.ts +0 -41
  149. package/dist/embedding/vector-store.d.ts.map +0 -1
  150. package/dist/embedding/vector-store.js +0 -70
  151. package/dist/embedding/vector-store.js.map +0 -1
  152. package/dist/engine.d.ts +0 -163
  153. package/dist/engine.d.ts.map +0 -1
  154. package/dist/engine.js +0 -869
  155. package/dist/engine.js.map +0 -1
  156. package/dist/eval/corpus.d.ts +0 -42
  157. package/dist/eval/corpus.d.ts.map +0 -1
  158. package/dist/eval/corpus.js +0 -427
  159. package/dist/eval/corpus.js.map +0 -1
  160. package/dist/eval/eval-harness.d.ts +0 -44
  161. package/dist/eval/eval-harness.d.ts.map +0 -1
  162. package/dist/eval/eval-harness.js +0 -296
  163. package/dist/eval/eval-harness.js.map +0 -1
  164. package/dist/eval/index.d.ts +0 -13
  165. package/dist/eval/index.d.ts.map +0 -1
  166. package/dist/eval/index.js +0 -9
  167. package/dist/eval/index.js.map +0 -1
  168. package/dist/eval/metrics.d.ts +0 -74
  169. package/dist/eval/metrics.d.ts.map +0 -1
  170. package/dist/eval/metrics.js +0 -108
  171. package/dist/eval/metrics.js.map +0 -1
  172. package/dist/eval/pint-corpus.d.ts +0 -34
  173. package/dist/eval/pint-corpus.d.ts.map +0 -1
  174. package/dist/eval/pint-corpus.js +0 -109
  175. package/dist/eval/pint-corpus.js.map +0 -1
  176. package/dist/eval/rule-corpus.d.ts +0 -9
  177. package/dist/eval/rule-corpus.d.ts.map +0 -1
  178. package/dist/eval/rule-corpus.js +0 -4780
  179. package/dist/eval/rule-corpus.js.map +0 -1
  180. package/dist/eval/rule-metrics.d.ts +0 -34
  181. package/dist/eval/rule-metrics.d.ts.map +0 -1
  182. package/dist/eval/rule-metrics.js +0 -92
  183. package/dist/eval/rule-metrics.js.map +0 -1
  184. package/dist/eval/run-eval.d.ts +0 -7
  185. package/dist/eval/run-eval.d.ts.map +0 -1
  186. package/dist/eval/run-eval.js +0 -11
  187. package/dist/eval/run-eval.js.map +0 -1
  188. package/dist/eval/run-pint-benchmark.d.ts +0 -18
  189. package/dist/eval/run-pint-benchmark.d.ts.map +0 -1
  190. package/dist/eval/run-pint-benchmark.js +0 -157
  191. package/dist/eval/run-pint-benchmark.js.map +0 -1
  192. package/dist/flywheel.d.ts +0 -54
  193. package/dist/flywheel.d.ts.map +0 -1
  194. package/dist/flywheel.js +0 -121
  195. package/dist/flywheel.js.map +0 -1
  196. package/dist/hook-handler.d.ts +0 -61
  197. package/dist/hook-handler.d.ts.map +0 -1
  198. package/dist/hook-handler.js +0 -178
  199. package/dist/hook-handler.js.map +0 -1
  200. package/dist/index.d.ts +0 -62
  201. package/dist/index.d.ts.map +0 -1
  202. package/dist/index.js +0 -54
  203. package/dist/index.js.map +0 -1
  204. package/dist/layer-integration.d.ts +0 -55
  205. package/dist/layer-integration.d.ts.map +0 -1
  206. package/dist/layer-integration.js +0 -185
  207. package/dist/layer-integration.js.map +0 -1
  208. package/dist/loader.d.ts +0 -21
  209. package/dist/loader.d.ts.map +0 -1
  210. package/dist/loader.js +0 -124
  211. package/dist/loader.js.map +0 -1
  212. package/dist/mcp-server.d.ts +0 -13
  213. package/dist/mcp-server.d.ts.map +0 -1
  214. package/dist/mcp-server.js +0 -220
  215. package/dist/mcp-server.js.map +0 -1
  216. package/dist/mcp-tools/coverage-gaps.d.ts +0 -13
  217. package/dist/mcp-tools/coverage-gaps.d.ts.map +0 -1
  218. package/dist/mcp-tools/coverage-gaps.js +0 -55
  219. package/dist/mcp-tools/coverage-gaps.js.map +0 -1
  220. package/dist/mcp-tools/list-rules.d.ts +0 -17
  221. package/dist/mcp-tools/list-rules.d.ts.map +0 -1
  222. package/dist/mcp-tools/list-rules.js +0 -45
  223. package/dist/mcp-tools/list-rules.js.map +0 -1
  224. package/dist/mcp-tools/scan.d.ts +0 -24
  225. package/dist/mcp-tools/scan.d.ts.map +0 -1
  226. package/dist/mcp-tools/scan.js +0 -94
  227. package/dist/mcp-tools/scan.js.map +0 -1
  228. package/dist/mcp-tools/submit-proposal.d.ts +0 -12
  229. package/dist/mcp-tools/submit-proposal.d.ts.map +0 -1
  230. package/dist/mcp-tools/submit-proposal.js +0 -103
  231. package/dist/mcp-tools/submit-proposal.js.map +0 -1
  232. package/dist/mcp-tools/threat-summary.d.ts +0 -12
  233. package/dist/mcp-tools/threat-summary.d.ts.map +0 -1
  234. package/dist/mcp-tools/threat-summary.js +0 -74
  235. package/dist/mcp-tools/threat-summary.js.map +0 -1
  236. package/dist/mcp-tools/validate.d.ts +0 -15
  237. package/dist/mcp-tools/validate.d.ts.map +0 -1
  238. package/dist/mcp-tools/validate.js +0 -45
  239. package/dist/mcp-tools/validate.js.map +0 -1
  240. package/dist/modules/embedding.d.ts +0 -71
  241. package/dist/modules/embedding.d.ts.map +0 -1
  242. package/dist/modules/embedding.js +0 -141
  243. package/dist/modules/embedding.js.map +0 -1
  244. package/dist/modules/index.d.ts +0 -144
  245. package/dist/modules/index.d.ts.map +0 -1
  246. package/dist/modules/index.js +0 -82
  247. package/dist/modules/index.js.map +0 -1
  248. package/dist/modules/semantic.d.ts +0 -106
  249. package/dist/modules/semantic.d.ts.map +0 -1
  250. package/dist/modules/semantic.js +0 -359
  251. package/dist/modules/semantic.js.map +0 -1
  252. package/dist/modules/session.d.ts +0 -70
  253. package/dist/modules/session.d.ts.map +0 -1
  254. package/dist/modules/session.js +0 -128
  255. package/dist/modules/session.js.map +0 -1
  256. package/dist/rule-scaffolder.d.ts +0 -53
  257. package/dist/rule-scaffolder.d.ts.map +0 -1
  258. package/dist/rule-scaffolder.js +0 -301
  259. package/dist/rule-scaffolder.js.map +0 -1
  260. package/dist/session-tracker.d.ts +0 -58
  261. package/dist/session-tracker.d.ts.map +0 -1
  262. package/dist/session-tracker.js +0 -176
  263. package/dist/session-tracker.js.map +0 -1
  264. package/dist/shadow-evaluator.d.ts +0 -48
  265. package/dist/shadow-evaluator.d.ts.map +0 -1
  266. package/dist/shadow-evaluator.js +0 -128
  267. package/dist/shadow-evaluator.js.map +0 -1
  268. package/dist/skill-fingerprint.d.ts +0 -85
  269. package/dist/skill-fingerprint.d.ts.map +0 -1
  270. package/dist/skill-fingerprint.js +0 -284
  271. package/dist/skill-fingerprint.js.map +0 -1
  272. package/dist/tier0-invariant.d.ts +0 -49
  273. package/dist/tier0-invariant.d.ts.map +0 -1
  274. package/dist/tier0-invariant.js +0 -184
  275. package/dist/tier0-invariant.js.map +0 -1
  276. package/dist/tier1-blacklist.d.ts +0 -48
  277. package/dist/tier1-blacklist.d.ts.map +0 -1
  278. package/dist/tier1-blacklist.js +0 -91
  279. package/dist/tier1-blacklist.js.map +0 -1
  280. package/dist/types.d.ts +0 -190
  281. package/dist/types.d.ts.map +0 -1
  282. package/dist/types.js +0 -6
  283. package/dist/types.js.map +0 -1
  284. package/dist/verdict.d.ts +0 -26
  285. package/dist/verdict.d.ts.map +0 -1
  286. package/dist/verdict.js +0 -127
  287. package/dist/verdict.js.map +0 -1
package/dist/modules/semantic.js DELETED
@@ -1,359 +0,0 @@
1
- /**
2
- * ATR Semantic Module (Layer 3)
3
- *
4
- * AI-driven semantic analysis for detecting threats that bypass
5
- * regex patterns (Layer 1) and behavioral fingerprinting (Layer 2).
6
- *
7
- * Uses LLM-as-judge to evaluate whether an agent event represents
8
- * a genuine threat, even when the attacker uses:
9
- * - Semantic paraphrasing to avoid keyword matching
10
- * - Multi-language injection (non-English payloads)
11
- * - Context-aware social engineering
12
- * - Novel attack patterns not yet in the rule set
13
- *
14
- * Provider-agnostic: works with any OpenAI-compatible API.
15
- *
16
- * @module agent-threat-rules/modules/semantic
17
- */
18
- const JUDGE_SYSTEM_PROMPT = `You are an AI agent security analyst. Your job is to evaluate whether a given text input represents a security threat to an AI agent system.
19
-
20
- Analyze the input for these threat categories:
21
- - prompt-injection: Attempts to override system instructions
22
- - tool-poisoning: Malicious tool responses or MCP skill payloads
23
- - context-exfiltration: Attempts to extract system prompts, API keys, or internal context
24
- - agent-manipulation: Social engineering of AI agents
25
- - privilege-escalation: Attempts to gain unauthorized capabilities
26
- - data-poisoning: Injecting false data into agent memory/RAG
27
- - skill-compromise: Supply chain attacks on MCP skills
28
- - excessive-autonomy: Triggering uncontrolled agent actions
29
-
30
- Respond with ONLY a JSON object:
31
- {
32
- "threat_score": <0.0 to 1.0>,
33
- "category": "<category or null>",
34
- "reasoning": "<1 sentence explanation>",
35
- "mitre_technique": "<AML.TXXXX or null>"
36
- }
37
-
38
- Be conservative: legitimate requests should score < 0.3.
39
- Obvious attacks should score > 0.7.
40
- Subtle/ambiguous cases should score 0.3-0.7.`;
41
- const FP_CHECK_PROMPT = `You are a false positive reviewer for an AI agent security system.
42
-
43
- A previous analysis flagged this text as a potential security threat. Your job is to determine if it is a FALSE POSITIVE -- a legitimate, harmless input that was incorrectly flagged.
44
-
45
- Common false positives:
46
- - Legitimate tool descriptions that mention security concepts (e.g., "delete user account")
47
- - Normal API documentation mentioning credentials or authentication
48
- - Legitimate admin/management tool descriptions
49
- - Educational or security research content
50
-
51
- Respond with ONLY a JSON object:
52
- {
53
- "likely_benign": <true or false>,
54
- "confidence": <0.0 to 1.0>,
55
- "reasoning": "<1 sentence>"
56
- }
57
-
58
- If the text is genuinely suspicious, set likely_benign to false.`;
59
- /**
60
- * Semantic detection module using LLM-as-judge.
61
- *
62
- * Usage in ATR YAML:
63
- * ```yaml
64
- * detection:
65
- * conditions:
66
- * semantic_check:
67
- * module: semantic
68
- * function: analyze_threat
69
- * args:
70
- * field: user_input
71
- * operator: gte
72
- * threshold: 0.7
73
- * condition: "semantic_check"
74
- * ```
75
- */
76
- export class SemanticModule {
77
- name = 'semantic';
78
- description = 'AI-driven semantic threat analysis (Layer 3)';
79
- version = '0.1.0';
80
- functions = [
81
- {
82
- name: 'analyze_threat',
83
- description: 'Analyze text for semantic threat indicators using LLM',
84
- args: [
85
- {
86
- name: 'field',
87
- type: 'string',
88
- required: false,
89
- description: 'Event field to analyze (default: content)',
90
- },
91
- ],
92
- },
93
- {
94
- name: 'is_injection',
95
- description: 'Binary check: is this a prompt injection attempt?',
96
- args: [
97
- {
98
- name: 'field',
99
- type: 'string',
100
- required: false,
101
- description: 'Event field to analyze (default: content)',
102
- },
103
- ],
104
- },
105
- {
106
- name: 'classify_attack',
107
- description: 'Classify the type of attack (returns category confidence)',
108
- args: [
109
- {
110
- name: 'field',
111
- type: 'string',
112
- required: false,
113
- description: 'Event field to analyze (default: content)',
114
- },
115
- {
116
- name: 'target_category',
117
- type: 'string',
118
- required: true,
119
- description: 'ATR category to check against',
120
- },
121
- ],
122
- },
123
- ];
124
- config;
125
- cache = new Map();
126
- constructor(config) {
127
- this.config = {
128
- apiUrl: config.apiUrl,
129
- apiKey: config.apiKey,
130
- model: config.model ?? 'gpt-4o-mini',
131
- maxTokens: config.maxTokens ?? 512,
132
- temperature: config.temperature ?? 0.1,
133
- timeout: config.timeout ?? 10_000,
134
- cacheTtlMs: config.cacheTtlMs ?? 300_000,
135
- maxCacheSize: config.maxCacheSize ?? 1000,
136
- };
137
- }
138
- async initialize() {
139
- // Validate API connectivity with a minimal request
140
- // Skipped in production; caller should handle errors gracefully
141
- }
142
- async evaluate(event, condition) {
143
- const field = condition.args['field'] ?? 'content';
144
- const text = event.fields?.[field] ?? event.content;
145
- if (!text || text.length < 5) {
146
- return { matched: false, value: 0, description: 'Input too short for semantic analysis' };
147
- }
148
- const analysis = await this.analyzeWithCache(text);
149
- let value;
150
- let description;
151
- switch (condition.function) {
152
- case 'analyze_threat':
153
- value = analysis.threatScore;
154
- description = analysis.reasoning;
155
- break;
156
- case 'is_injection': {
157
- const isInjection = analysis.category === 'prompt-injection' && analysis.threatScore >= 0.5;
158
- value = isInjection ? 1.0 : 0.0;
159
- description = isInjection
160
- ? `Prompt injection detected: ${analysis.reasoning}`
161
- : 'No injection detected';
162
- break;
163
- }
164
- case 'classify_attack': {
165
- const targetCategory = condition.args['target_category'];
166
- const matchesCategory = analysis.category === targetCategory;
167
- value = matchesCategory ? analysis.threatScore : 0.0;
168
- description = matchesCategory
169
- ? `Matches ${targetCategory}: ${analysis.reasoning}`
170
- : `Does not match ${targetCategory}`;
171
- break;
172
- }
173
- default:
174
- return { matched: false, value: 0, description: `Unknown function: ${condition.function}` };
175
- }
176
- const matched = this.compareThreshold(value, condition.operator, condition.threshold);
177
- return { matched, value, description };
178
- }
179
- async destroy() {
180
- this.cache.clear();
181
- }
182
- // --- Internal methods ---
183
- async analyzeWithCache(text) {
184
- const cacheKey = this.hashContent(text);
185
- const now = Date.now();
186
- const cached = this.cache.get(cacheKey);
187
- if (cached && cached.expiresAt > now) {
188
- return cached.result;
189
- }
190
- let result = await this.callLLM(text);
191
- // If threat detected with moderate score, run parallel FP check to reduce false positives
192
- if (result.threatScore >= 0.4 && result.threatScore < 0.85) {
193
- try {
194
- const fpResult = await this.callFPCheck(text);
195
- if (fpResult.likelyBenign && fpResult.confidence >= 0.7) {
196
- // Reduce threat score -- FP check says it's benign
197
- result = {
198
- ...result,
199
- threatScore: result.threatScore * 0.4,
200
- reasoning: `${result.reasoning} [FP check: likely benign (${fpResult.reasoning})]`,
201
- };
202
- }
203
- }
204
- catch {
205
- // FP check failure is non-fatal
206
- }
207
- }
208
- // Evict oldest entries if cache is full
209
- if (this.cache.size >= this.config.maxCacheSize) {
210
- const firstKey = this.cache.keys().next().value;
211
- if (firstKey !== undefined) {
212
- this.cache.delete(firstKey);
213
- }
214
- }
215
- this.cache.set(cacheKey, {
216
- result,
217
- expiresAt: now + this.config.cacheTtlMs,
218
- });
219
- return result;
220
- }
221
- async callLLM(text) {
222
- // Truncate to avoid excessive token usage
223
- const truncated = text.length > 2000 ? text.slice(0, 2000) + '...[truncated]' : text;
224
- const body = {
225
- model: this.config.model,
226
- messages: [
227
- { role: 'system', content: JUDGE_SYSTEM_PROMPT },
228
- { role: 'user', content: `Analyze this input:\n\n${truncated}` },
229
- ],
230
- temperature: this.config.temperature,
231
- max_tokens: this.config.maxTokens,
232
- };
233
- try {
234
- const controller = new AbortController();
235
- const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
236
- const response = await fetch(this.resolveEndpoint(), {
237
- method: 'POST',
238
- headers: {
239
- 'Content-Type': 'application/json',
240
- 'Authorization': `Bearer ${this.config.apiKey}`,
241
- },
242
- body: JSON.stringify(body),
243
- signal: controller.signal,
244
- });
245
- clearTimeout(timeoutId);
246
- if (!response.ok) {
247
- // Do not include response body in error — it may contain API keys or internal data
248
- throw new Error(`LLM API error: HTTP ${response.status}`);
249
- }
250
- const data = await response.json();
251
- const content = data.choices?.[0]?.message?.content ?? '';
252
- return this.parseAnalysis(content);
253
- }
254
- catch (error) {
255
- // On failure, return safe default (no threat detected)
256
- // This prevents the semantic module from blocking legitimate requests
257
- const msg = error instanceof Error ? error.message : String(error);
258
- return {
259
- threatScore: 0,
260
- category: null,
261
- reasoning: `Semantic analysis unavailable: ${msg}`,
262
- mitreTechnique: null,
263
- };
264
- }
265
- }
266
- async callFPCheck(text) {
267
- const truncated = text.length > 1000 ? text.slice(0, 1000) + '...[truncated]' : text;
268
- const body = {
269
- model: this.config.model,
270
- messages: [
271
- { role: 'system', content: FP_CHECK_PROMPT },
272
- { role: 'user', content: `Is this a false positive?\n\n${truncated}` },
273
- ],
274
- temperature: 0,
275
- max_tokens: 256,
276
- };
277
- const controller = new AbortController();
278
- const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
279
- const response = await fetch(this.resolveEndpoint(), {
280
- method: 'POST',
281
- headers: {
282
- 'Content-Type': 'application/json',
283
- 'Authorization': `Bearer ${this.config.apiKey}`,
284
- },
285
- body: JSON.stringify(body),
286
- signal: controller.signal,
287
- });
288
- clearTimeout(timeoutId);
289
- if (!response.ok) {
290
- throw new Error(`FP check API error: HTTP ${response.status}`);
291
- }
292
- const data = await response.json();
293
- const content = data.choices?.[0]?.message?.content ?? '';
294
- try {
295
- const cleaned = content.replace(/^```(?:json)?\s*\n?/i, '').replace(/\n?```\s*$/, '').trim();
296
- const parsed = JSON.parse(cleaned);
297
- return {
298
- likelyBenign: parsed.likely_benign === true,
299
- confidence: typeof parsed.confidence === 'number' ? parsed.confidence : 0,
300
- reasoning: typeof parsed.reasoning === 'string' ? parsed.reasoning : 'unknown',
301
- };
302
- }
303
- catch {
304
- return { likelyBenign: false, confidence: 0, reasoning: 'Failed to parse FP check response' };
305
- }
306
- }
307
- parseAnalysis(content) {
308
- try {
309
- // Strip markdown code blocks if present
310
- const cleaned = content
311
- .replace(/^```(?:json)?\s*\n?/i, '')
312
- .replace(/\n?```\s*$/, '')
313
- .trim();
314
- const parsed = JSON.parse(cleaned);
315
- return {
316
- threatScore: Math.max(0, Math.min(1, Number(parsed['threat_score']) || 0)),
317
- category: typeof parsed['category'] === 'string' ? parsed['category'] : null,
318
- reasoning: typeof parsed['reasoning'] === 'string' ? parsed['reasoning'] : 'No reasoning provided',
319
- mitreTechnique: typeof parsed['mitre_technique'] === 'string' ? parsed['mitre_technique'] : null,
320
- };
321
- }
322
- catch {
323
- return {
324
- threatScore: 0,
325
- category: null,
326
- reasoning: 'Failed to parse LLM response',
327
- mitreTechnique: null,
328
- };
329
- }
330
- }
331
- resolveEndpoint() {
332
- const base = this.config.apiUrl.replace(/\/+$/, '');
333
- if (base.endsWith('/chat/completions'))
334
- return base;
335
- if (base.endsWith('/v1'))
336
- return `${base}/chat/completions`;
337
- return `${base}/v1/chat/completions`;
338
- }
339
- hashContent(text) {
340
- // Simple FNV-1a hash for cache key
341
- let hash = 0x811c9dc5;
342
- for (let i = 0; i < text.length; i++) {
343
- hash ^= text.charCodeAt(i);
344
- hash = (hash * 0x01000193) >>> 0;
345
- }
346
- return hash.toString(36);
347
- }
348
- compareThreshold(value, operator, threshold) {
349
- switch (operator) {
350
- case 'gt': return value > threshold;
351
- case 'gte': return value >= threshold;
352
- case 'lt': return value < threshold;
353
- case 'lte': return value <= threshold;
354
- case 'eq': return value === threshold;
355
- default: return value >= threshold;
356
- }
357
- }
358
- }
359
- //# sourceMappingURL=semantic.js.map
package/dist/modules/semantic.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"semantic.js","sourceRoot":"","sources":["../../src/modules/semantic.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAwCH,MAAM,mBAAmB,GAAG;;;;;;;;;;;;;;;;;;;;;;6CAsBiB,CAAC;AAE9C,MAAM,eAAe,GAAG;;;;;;;;;;;;;;;;;iEAiByC,CAAC;AAElE;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,cAAc;IAChB,IAAI,GAAG,UAAU,CAAC;IAClB,WAAW,GAAG,8CAA8C,CAAC;IAC7D,OAAO,GAAG,OAAO,CAAC;IAElB,SAAS,GAAG;QACnB;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;aACF;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EAAE,mDAAmD;YAChE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;aACF;SACF;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,WAAW,EAAE,2DAA2D;YACxE,IAAI,EAAE;gBACJ;oBACE,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,KAAK;oBACf,WAAW,EAAE,2CAA2C;iBACzD;gBACD;oBACE,IAAI,EAAE,iBAAiB;oBACvB,IAAI,EAAE,QAAiB;oBACvB,QAAQ,EAAE,IAAI;oBACd,WAAW,EAAE,+BAA+B;iBAC7C;aACF;SACF;KACO,CAAC;IAEM,MAAM,CAAiC;IACvC,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEvD,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,aAAa;YACpC,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,GAAG;YAClC,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,GAAG;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,MAAM;YACjC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,OAAO;YACxC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,IAAI;SAC1C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,mDAAmD;QACnD,gEAAgE;IAClE,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAiB,EAAE,SAA0B;QAC1D,MAAM,KAAK,GAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAY,IAAI,SAAS,CAAC;QAC/D,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC;QAEpD,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAEnD,IAAI,KAAa,CAAC;QAClB,IAAI,WAAmB,CAAC;QAExB,QAAQ,SAAS,CAAC,QAAQ,EAAE,CAAC;YAC3B,KAAK,gBAAgB;gBACnB,KAAK,GAAG,QAAQ,CAAC,WAAW,CAAC;gBAC7B,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC;gBACjC,MAAM;YAER,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,IAAI,QAAQ,CAAC,WAAW,IAAI,GAAG,CAAC;gBAC5F,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;gBAChC,WAAW,GAAG,WAAW;oBACvB,CAAC,CAAC,8BAA8B,QAAQ,CAAC,SAAS,EAAE;oBACpD,CAAC,CAAC,uBAAuB,CAAC;gBAC5B,MAAM;YACR,CAAC;YAED,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,MAAM,cAAc,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAW,CAAC;gBACnE,MAAM,eAAe,GAAG,QAAQ,CAAC,QAAQ,KAAK,cAAc,CAAC;gBAC7D,KAAK,GAAG,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC;gBACrD,WAAW,GAAG,eAAe;oBAC3B,CAAC,CAAC,WAAW,cAAc,KAAK,QAAQ,CAAC,SAAS,EAAE;oBACpD,CAAC,CAAC,kBAAkB,cAAc,EAAE,CAAC;gBACvC,MAAM;YACR,CAAC;YAED;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,qBAAqB,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAC;QAChG,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QACtF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAED,2BAA2B;IAEnB,KAAK,CAAC,gBAAgB,CAAC,IAAY;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,GAAG,EAAE,CAAC;YACrC,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,IAAI,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEtC,0FAA0F;QAC1F,IAAI,MAAM,CAAC,WAAW,IAAI,GAAG,IAAI,MAAM,CAAC,WAAW,GAAG,IAAI,EAAE,CAAC;YAC3D,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC9C,IAAI,QAAQ,CAAC,YAAY,IAAI,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;oBACxD,mDAAmD;oBACnD,MAAM,GAAG;wBACP,GAAG,MAAM;wBACT,WAAW,EAAE,MAAM,CAAC,WAAW,GAAG,GAAG;wBACrC,SAAS,EAAE,GAAG,MAAM,CAAC,SAAS,8BAA8B,QAAQ,CAAC,SAAS,IAAI;qBACnF,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gCAAgC;YAClC,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC;YAChD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;YACvB,MAAM;YACN,SAAS,EAAE,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU;SACxC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,OAAO,CAAC,IAAY;QAChC,0CAA0C;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;QAErF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,mBAAmB,EAAE;gBAChD,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,0BAA0B,SAAS,EAAE,EAAE;aACjE;YACD,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;YACpC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;SAClC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;iBAChD;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;gBAC1B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,YAAY,CAAC,SAAS,CAAC,CAAC;YAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,mFAAmF;gBACnF,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAE/B,CAAC;YAEF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,uDAAuD;YACvD,sEAAsE;YACtE,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnE,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,kCAAkC,GAAG,EAAE;gBAClD,cAAc,EAAE,IAAI;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAC,IAAY;QACpC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;QAErF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;YACxB,QAAQ,EAAE;gBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE;gBAC5C,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,gCAAgC,SAAS,EAAE,EAAE;aACvE;YACD,WAAW,EAAE,CAAC;YACd,UAAU,EAAE,GAAG;SAChB,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;aAChD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;YAC1B,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,YAAY,CAAC,SAAS,CAAC,CAAC;QAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACjE,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAE/B,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7F,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAyE,CAAC;YAC3G,OAAO;gBACL,YAAY,EAAE,MAAM,CAAC,aAAa,KAAK,IAAI;gBAC3C,UAAU,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACzE,SAAS,EAAE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;aAC/E,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,SAAS,EAAE,mCAAmC,EAAE,CAAC;QAChG,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,OAAe;QACnC,IAAI,CAAC;YACH,wCAAwC;YACxC,MAAM,OAAO,GAAG,OAAO;iBACpB,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC;iBACnC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC;iBACzB,IAAI,EAAE,CAAC;YAEV,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA4B,CAAC;YAE9D,OAAO;gBACL,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC1E,QAAQ,EAAE,OAAO,MAAM,CAAC,UAAU,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI;gBAC5E,SAAS,EAAE,OAAO,MAAM,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,uBAAuB;gBAClG,cAAc,EAAE,OAAO,MAAM,CAAC,iBAAiB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI;aACjG,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,WAAW,EAAE,CAAC;gBACd,QAAQ,EAAE,IAAI;gBACd,SAAS,EAAE,8BAA8B;gBACzC,cAAc,EAAE,IAAI;aACrB,CAAC;QACJ,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAAE,OAAO,IAAI,CAAC;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,GAAG,IAAI,mBAAmB,CAAC;QAC5D,OAAO,GAAG,IAAI,sBAAsB,CAAC;IACvC,CAAC;IAEO,WAAW,CAAC,IAAY;QAC9B,mCAAmC;QACnC,IAAI,IAAI,GAAG,UAAU,CAAC;QACtB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,GAAG,CAAC,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC3B,CAAC;IAEO,gBAAgB,CAAC,KAAa,EAAE,QAAgB,EAAE,SAAiB;QACzE,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;YACpC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;YACtC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;YACpC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;YACtC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,SAAS,CAAC;YACtC,OAAO,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACrC,CAAC;IACH,CAAC;CACF"}
package/dist/modules/session.d.ts DELETED
@@ -1,70 +0,0 @@
1
- /**
2
- * ATR Session Module - Built-in behavioral detection module
3
- *
4
- * Provides cross-event analysis using SessionTracker.
5
- * This is the reference implementation for ATR modules.
6
- *
7
- * Functions:
8
- * - call_frequency: Count tool calls within a time window
9
- * - pattern_frequency: Count pattern occurrences within a window
10
- * - event_count: Total events in a session within a window
11
- * - session_age: Time since first event in session (seconds)
12
- *
13
- * @module agent-threat-rules/modules/session
14
- */
15
- import type { AgentEvent } from '../types.js';
16
- import { SessionTracker } from '../session-tracker.js';
17
- import type { ATRModule, ModuleCondition, ModuleResult } from './index.js';
18
- export declare class SessionModule implements ATRModule {
19
- readonly name = "session";
20
- readonly description = "Cross-event behavioral analysis using session state tracking";
21
- readonly version = "0.1.0";
22
- readonly functions: readonly [{
23
- readonly name: "call_frequency";
24
- readonly description: "Count how many times a specific tool was called within a time window";
25
- readonly args: readonly [{
26
- readonly name: "tool_name";
27
- readonly type: "string";
28
- readonly required: true;
29
- readonly description: "Tool name to count";
30
- }, {
31
- readonly name: "window";
32
- readonly type: "string";
33
- readonly required: false;
34
- readonly description: "Time window (e.g., \"5m\", \"1h\"). Default: 5m";
35
- }];
36
- }, {
37
- readonly name: "pattern_frequency";
38
- readonly description: "Count how many times a pattern was matched within a time window";
39
- readonly args: readonly [{
40
- readonly name: "pattern";
41
- readonly type: "string";
42
- readonly required: true;
43
- readonly description: "Pattern string to count";
44
- }, {
45
- readonly name: "window";
46
- readonly type: "string";
47
- readonly required: false;
48
- readonly description: "Time window. Default: 5m";
49
- }];
50
- }, {
51
- readonly name: "event_count";
52
- readonly description: "Total number of events in the current session within a time window";
53
- readonly args: readonly [{
54
- readonly name: "window";
55
- readonly type: "string";
56
- readonly required: false;
57
- readonly description: "Time window. Default: 5m";
58
- }];
59
- }, {
60
- readonly name: "session_age";
61
- readonly description: "Time in seconds since the first event in this session";
62
- readonly args: readonly [];
63
- }];
64
- private tracker;
65
- constructor(tracker?: SessionTracker);
66
- initialize(): Promise<void>;
67
- evaluate(event: AgentEvent, condition: ModuleCondition): Promise<ModuleResult>;
68
- destroy(): Promise<void>;
69
- }
70
- //# sourceMappingURL=session.d.ts.map
package/dist/modules/session.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/modules/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE3E,qBAAa,aAAc,YAAW,SAAS;IAC7C,QAAQ,CAAC,IAAI,aAAa;IAC1B,QAAQ,CAAC,WAAW,kEAAkE;IACtF,QAAQ,CAAC,OAAO,WAAW;IAE3B,QAAQ,CAAC,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BP;IAEX,OAAO,CAAC,OAAO,CAAiB;gBAEpB,OAAO,CAAC,EAAE,cAAc;IAI9B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,QAAQ,CAAC,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IAqD9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAG/B"}
package/dist/modules/session.js DELETED
@@ -1,128 +0,0 @@
1
- /**
2
- * ATR Session Module - Built-in behavioral detection module
3
- *
4
- * Provides cross-event analysis using SessionTracker.
5
- * This is the reference implementation for ATR modules.
6
- *
7
- * Functions:
8
- * - call_frequency: Count tool calls within a time window
9
- * - pattern_frequency: Count pattern occurrences within a window
10
- * - event_count: Total events in a session within a window
11
- * - session_age: Time since first event in session (seconds)
12
- *
13
- * @module agent-threat-rules/modules/session
14
- */
15
- import { SessionTracker } from '../session-tracker.js';
16
- export class SessionModule {
17
- name = 'session';
18
- description = 'Cross-event behavioral analysis using session state tracking';
19
- version = '0.1.0';
20
- functions = [
21
- {
22
- name: 'call_frequency',
23
- description: 'Count how many times a specific tool was called within a time window',
24
- args: [
25
- { name: 'tool_name', type: 'string', required: true, description: 'Tool name to count' },
26
- { name: 'window', type: 'string', required: false, description: 'Time window (e.g., "5m", "1h"). Default: 5m' },
27
- ],
28
- },
29
- {
30
- name: 'pattern_frequency',
31
- description: 'Count how many times a pattern was matched within a time window',
32
- args: [
33
- { name: 'pattern', type: 'string', required: true, description: 'Pattern string to count' },
34
- { name: 'window', type: 'string', required: false, description: 'Time window. Default: 5m' },
35
- ],
36
- },
37
- {
38
- name: 'event_count',
39
- description: 'Total number of events in the current session within a time window',
40
- args: [
41
- { name: 'window', type: 'string', required: false, description: 'Time window. Default: 5m' },
42
- ],
43
- },
44
- {
45
- name: 'session_age',
46
- description: 'Time in seconds since the first event in this session',
47
- args: [],
48
- },
49
- ];
50
- tracker;
51
- constructor(tracker) {
52
- this.tracker = tracker ?? new SessionTracker();
53
- }
54
- async initialize() {
55
- // SessionTracker is ready immediately, no async setup needed
56
- }
57
- async evaluate(event, condition) {
58
- const sessionId = event.sessionId ?? 'default';
59
- const fn = condition.function;
60
- const args = condition.args;
61
- let value = 0;
62
- let description = '';
63
- switch (fn) {
64
- case 'call_frequency': {
65
- const toolName = String(args['tool_name'] ?? '');
66
- const window = String(args['window'] ?? '5m');
67
- const windowMs = parseWindow(window);
68
- value = this.tracker.getCallFrequency(sessionId, toolName, windowMs);
69
- description = `Tool "${toolName}" called ${value} times in ${window}`;
70
- break;
71
- }
72
- case 'pattern_frequency': {
73
- const pattern = String(args['pattern'] ?? '');
74
- const window = String(args['window'] ?? '5m');
75
- const windowMs = parseWindow(window);
76
- value = this.tracker.getPatternFrequency(sessionId, pattern, windowMs);
77
- description = `Pattern "${pattern}" seen ${value} times in ${window}`;
78
- break;
79
- }
80
- case 'event_count': {
81
- const window = String(args['window'] ?? '5m');
82
- const windowMs = parseWindow(window);
83
- value = this.tracker.getEventCount(sessionId, windowMs);
84
- description = `${value} events in session within ${window}`;
85
- break;
86
- }
87
- case 'session_age': {
88
- const snapshot = this.tracker.getSessionSnapshot(sessionId);
89
- if (snapshot && snapshot.oldestEventTimestamp) {
90
- value = Math.floor((Date.now() - snapshot.oldestEventTimestamp) / 1000);
91
- }
92
- description = `Session age: ${value} seconds`;
93
- break;
94
- }
95
- default:
96
- return { matched: false, value: 0, description: `Unknown function: ${fn}` };
97
- }
98
- const matched = compare(value, condition.operator, condition.threshold);
99
- return { matched, value, description };
100
- }
101
- async destroy() {
102
- // No cleanup needed
103
- }
104
- }
105
- function compare(value, operator, threshold) {
106
- switch (operator) {
107
- case 'gt': return value > threshold;
108
- case 'lt': return value < threshold;
109
- case 'eq': return value === threshold;
110
- case 'gte': return value >= threshold;
111
- case 'lte': return value <= threshold;
112
- default: return false;
113
- }
114
- }
115
- function parseWindow(window) {
116
- const match = window.match(/^(\d+)(s|m|h)$/);
117
- if (!match)
118
- return 300_000; // default 5m
119
- const [, num, unit] = match;
120
- const n = parseInt(num, 10);
121
- switch (unit) {
122
- case 's': return n * 1000;
123
- case 'm': return n * 60_000;
124
- case 'h': return n * 3_600_000;
125
- default: return 300_000;
126
- }
127
- }
128
- //# sourceMappingURL=session.js.map
package/dist/modules/session.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/modules/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAGH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAGvD,MAAM,OAAO,aAAa;IACf,IAAI,GAAG,SAAS,CAAC;IACjB,WAAW,GAAG,8DAA8D,CAAC;IAC7E,OAAO,GAAG,OAAO,CAAC;IAElB,SAAS,GAAG;QACnB;YACE,IAAI,EAAE,gBAAgB;YACtB,WAAW,EAAE,sEAAsE;YACnF,IAAI,EAAE;gBACJ,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,oBAAoB,EAAE;gBACjG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,6CAA6C,EAAE;aACzH;SACF;QACD;YACE,IAAI,EAAE,mBAAmB;YACzB,WAAW,EAAE,iEAAiE;YAC9E,IAAI,EAAE;gBACJ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,yBAAyB,EAAE;gBACpG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACtG;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,oEAAoE;YACjF,IAAI,EAAE;gBACJ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAiB,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACtG;SACF;QACD;YACE,IAAI,EAAE,aAAa;YACnB,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE,EAAE;SACT;KACO,CAAC;IAEH,OAAO,CAAiB;IAEhC,YAAY,OAAwB;QAClC,IAAI,CAAC,OAAO,GAAG,OAAO,IAAI,IAAI,cAAc,EAAE,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,UAAU;QACd,6DAA6D;IAC/D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,KAAiB,EAAE,SAA0B;QAC1D,MAAM,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QAC/C,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC;QAC9B,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC;QAE5B,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,WAAW,GAAG,EAAE,CAAC;QAErB,QAAQ,EAAE,EAAE,CAAC;YACX,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;gBACjD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;gBAC9C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACrC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBACrE,WAAW,GAAG,SAAS,QAAQ,YAAY,KAAK,aAAa,MAAM,EAAE,CAAC;gBACtE,MAAM;YACR,CAAC;YAED,KAAK,mBAAmB,CAAC,CAAC,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;gBAC9C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACrC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACvE,WAAW,GAAG,YAAY,OAAO,UAAU,KAAK,aAAa,MAAM,EAAE,CAAC;gBACtE,MAAM;YACR,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC;gBAC9C,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACrC,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACxD,WAAW,GAAG,GAAG,KAAK,6BAA6B,MAAM,EAAE,CAAC;gBAC5D,MAAM;YACR,CAAC;YAED,KAAK,aAAa,CAAC,CAAC,CAAC;gBACnB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC;gBAC5D,IAAI,QAAQ,IAAI,QAAQ,CAAC,oBAAoB,EAAE,CAAC;oBAC9C,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC;gBAC1E,CAAC;gBACD,WAAW,GAAG,gBAAgB,KAAK,UAAU,CAAC;gBAC9C,MAAM;YACR,CAAC;YAED;gBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,EAAE,EAAE,CAAC;QAChF,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;QAExE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,OAAO;QACX,oBAAoB;IACtB,CAAC;CACF;AAED,SAAS,OAAO,CAAC,KAAa,EAAE,QAAgB,EAAE,SAAiB;IACjE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;QACpC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,GAAG,SAAS,CAAC;QACpC,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,KAAK,SAAS,CAAC;QACtC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACtC,KAAK,KAAK,CAAC,CAAC,OAAO,KAAK,IAAI,SAAS,CAAC;QACtC,OAAO,CAAC,CAAC,OAAO,KAAK,CAAC;IACxB,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC,CAAC,aAAa;IACzC,MAAM,CAAC,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,KAAK,CAAC;IAC5B,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC5B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;QAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;QAC/B,OAAO,CAAC,CAAC,OAAO,OAAO,CAAC;IAC1B,CAAC;AACH,CAAC"}
package/dist/rule-scaffolder.d.ts DELETED
@@ -1,53 +0,0 @@
1
- /**
2
- * ATR Rule Scaffolder - Generates ATR rule YAML scaffolds from structured input
3
- * @module agent-threat-rules/rule-scaffolder
4
- */
5
- import type { ATRCategory, ATRSeverity, ATRSourceType } from './types.js';
6
- export interface ScaffoldInput {
7
- title: string;
8
- category: ATRCategory;
9
- severity?: ATRSeverity;
10
- attackDescription: string;
11
- examplePayloads: string[];
12
- agentSourceType?: ATRSourceType;
13
- owaspRefs?: string[];
14
- mitreRefs?: string[];
15
- }
16
- export interface ScaffoldResult {
17
- yaml: string;
18
- id: string;
19
- warnings: string[];
20
- }
21
- export interface ScaffoldOptions {
22
- author?: string;
23
- schemaVersion?: string;
24
- }
25
- /**
26
- * Attack pattern templates by category — reusable regex building blocks
27
- * that detect BEHAVIOR, not package names.
28
- */
29
- export declare const ATTACK_PATTERN_INDICATORS: ReadonlyArray<{
30
- /** Regex to test if the payload contains this attack indicator */
31
- readonly test: RegExp;
32
- /** The detection regex to use in the rule */
33
- readonly pattern: string;
34
- /** Human-readable description */
35
- readonly description: string;
36
- /** Which categories this indicator applies to */
37
- readonly categories: readonly ATRCategory[];
38
- }>;
39
- export declare class RuleScaffolder {
40
- private readonly options;
41
- constructor(options?: ScaffoldOptions);
42
- /**
43
- * Generate a complete ATR YAML rule from structured input.
44
- * Returns a ScaffoldResult with the YAML string, generated ID, and any warnings.
45
- */
46
- scaffold(input: ScaffoldInput, existingIds?: ReadonlySet<string>): ScaffoldResult;
47
- /**
48
- * Validate scaffold input, throwing on invalid required fields
49
- * and returning warnings for non-critical issues.
50
- */
51
- private validateInput;
52
- }
53
- //# sourceMappingURL=rule-scaffolder.d.ts.map
package/dist/rule-scaffolder.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"rule-scaffolder.d.ts","sourceRoot":"","sources":["../src/rule-scaffolder.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EACV,WAAW,EACX,WAAW,EACX,aAAa,EAGd,MAAM,YAAY,CAAC;AAEpB,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,WAAW,CAAC;IACtB,QAAQ,CAAC,EAAE,WAAW,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,CAAC,EAAE,aAAa,CAAC;IAChC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAwCD;;;GAGG;AACH,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC;IACpD,kEAAkE;IAClE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,6CAA6C;IAC7C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,iCAAiC;IACjC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,iDAAiD;IACjD,QAAQ,CAAC,UAAU,EAAE,SAAS,WAAW,EAAE,CAAC;CAC7C,CAqFA,CAAC;AAsEF,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA4B;gBAExC,OAAO,GAAE,eAAoB;IAOzC;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,aAAa,EAAE,WAAW,GAAE,WAAW,CAAC,MAAM,CAAa,GAAG,cAAc;IAwF5F;;;OAGG;IACH,OAAO,CAAC,aAAa;CAwBtB"}