agent-threat-rules 0.3.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (287) hide show
  1. package/README.md +190 -54
  2. package/package.json +3 -1
  3. package/rules/agent-manipulation/{ATR-2026-030-cross-agent-attack.yaml → ATR-2026-00030-cross-agent-attack.yaml} +3 -1
  4. package/rules/agent-manipulation/{ATR-2026-032-goal-hijacking.yaml → ATR-2026-00032-goal-hijacking.yaml} +3 -1
  5. package/rules/agent-manipulation/{ATR-2026-074-cross-agent-privilege-escalation.yaml → ATR-2026-00074-cross-agent-privilege-escalation.yaml} +3 -1
  6. package/rules/agent-manipulation/{ATR-2026-076-inter-agent-message-spoofing.yaml → ATR-2026-00076-inter-agent-message-spoofing.yaml} +3 -1
  7. package/rules/agent-manipulation/{ATR-2026-077-human-trust-exploitation.yaml → ATR-2026-00077-human-trust-exploitation.yaml} +3 -1
  8. package/rules/agent-manipulation/{ATR-2026-108-consensus-sybil-attack.yaml → ATR-2026-00108-consensus-sybil-attack.yaml} +3 -1
  9. package/rules/agent-manipulation/ATR-2026-00116-a2a-message-validation.yaml +92 -0
  10. package/rules/agent-manipulation/ATR-2026-00117-agent-identity-spoofing.yaml +92 -0
  11. package/rules/agent-manipulation/ATR-2026-00118-approval-fatigue.yaml +89 -0
  12. package/rules/agent-manipulation/ATR-2026-00119-social-engineering-via-agent.yaml +89 -0
  13. package/rules/agent-manipulation/ATR-2026-00132-casual-authority-escalation.yaml +105 -0
  14. package/rules/agent-manipulation/ATR-2026-00139-casual-authority-redirect.yaml +53 -0
  15. package/rules/context-exfiltration/{ATR-2026-020-system-prompt-leak.yaml → ATR-2026-00020-system-prompt-leak.yaml} +3 -1
  16. package/rules/context-exfiltration/{ATR-2026-021-api-key-exposure.yaml → ATR-2026-00021-api-key-exposure.yaml} +3 -1
  17. package/rules/context-exfiltration/{ATR-2026-075-agent-memory-manipulation.yaml → ATR-2026-00075-agent-memory-manipulation.yaml} +3 -1
  18. package/rules/context-exfiltration/{ATR-2026-102-disguised-analytics-exfiltration.yaml → ATR-2026-00102-disguised-analytics-exfiltration.yaml} +3 -1
  19. package/rules/context-exfiltration/ATR-2026-00113-credential-theft.yaml +89 -0
  20. package/rules/context-exfiltration/ATR-2026-00114-oauth-token-abuse.yaml +89 -0
  21. package/rules/context-exfiltration/ATR-2026-00115-env-var-harvesting.yaml +90 -0
  22. package/rules/context-exfiltration/ATR-2026-00136-tool-response-data-piggyback.yaml +100 -0
  23. package/rules/context-exfiltration/ATR-2026-00141-example-format-key-leak.yaml +52 -0
  24. package/rules/context-exfiltration/ATR-2026-00142-piggyback-transition-words.yaml +55 -0
  25. package/rules/context-exfiltration/ATR-2026-00145-obfuscated-key-disclosure.yaml +49 -0
  26. package/rules/context-exfiltration/ATR-2026-00146-env-var-existence-probe.yaml +49 -0
  27. package/rules/data-poisoning/{ATR-2026-070-data-poisoning.yaml → ATR-2026-00070-data-poisoning.yaml} +3 -1
  28. package/rules/excessive-autonomy/{ATR-2026-050-runaway-agent-loop.yaml → ATR-2026-00050-runaway-agent-loop.yaml} +3 -1
  29. package/rules/excessive-autonomy/{ATR-2026-051-resource-exhaustion.yaml → ATR-2026-00051-resource-exhaustion.yaml} +3 -1
  30. package/rules/excessive-autonomy/{ATR-2026-052-cascading-failure.yaml → ATR-2026-00052-cascading-failure.yaml} +3 -1
  31. package/rules/excessive-autonomy/{ATR-2026-098-unauthorized-financial-action.yaml → ATR-2026-00098-unauthorized-financial-action.yaml} +3 -1
  32. package/rules/excessive-autonomy/{ATR-2026-099-high-risk-tool-gate.yaml → ATR-2026-00099-high-risk-tool-gate.yaml} +4 -2
  33. package/rules/model-security/{ATR-2026-072-model-behavior-extraction.yaml → ATR-2026-00072-model-behavior-extraction.yaml} +3 -1
  34. package/rules/model-security/{ATR-2026-073-malicious-finetuning-data.yaml → ATR-2026-00073-malicious-finetuning-data.yaml} +3 -1
  35. package/rules/privilege-escalation/{ATR-2026-040-privilege-escalation.yaml → ATR-2026-00040-privilege-escalation.yaml} +3 -1
  36. package/rules/privilege-escalation/{ATR-2026-041-scope-creep.yaml → ATR-2026-00041-scope-creep.yaml} +3 -1
  37. package/rules/privilege-escalation/{ATR-2026-107-delayed-execution-bypass.yaml → ATR-2026-00107-delayed-execution-bypass.yaml} +3 -1
  38. package/rules/privilege-escalation/ATR-2026-00110-eval-injection.yaml +92 -0
  39. package/rules/privilege-escalation/ATR-2026-00111-shell-escape.yaml +93 -0
  40. package/rules/privilege-escalation/ATR-2026-00112-dynamic-import-exploitation.yaml +89 -0
  41. package/rules/privilege-escalation/ATR-2026-00143-casual-privilege-escalation.yaml +53 -0
  42. package/rules/privilege-escalation/ATR-2026-00144-rationalized-safety-bypass.yaml +49 -0
  43. package/rules/prompt-injection/{ATR-2026-001-direct-prompt-injection.yaml → ATR-2026-00001-direct-prompt-injection.yaml} +121 -11
  44. package/rules/prompt-injection/{ATR-2026-002-indirect-prompt-injection.yaml → ATR-2026-00002-indirect-prompt-injection.yaml} +3 -1
  45. package/rules/prompt-injection/{ATR-2026-003-jailbreak-attempt.yaml → ATR-2026-00003-jailbreak-attempt.yaml} +3 -1
  46. package/rules/prompt-injection/{ATR-2026-004-system-prompt-override.yaml → ATR-2026-00004-system-prompt-override.yaml} +3 -1
  47. package/rules/prompt-injection/{ATR-2026-005-multi-turn-injection.yaml → ATR-2026-00005-multi-turn-injection.yaml} +3 -1
  48. package/rules/prompt-injection/{ATR-2026-080-encoding-evasion.yaml → ATR-2026-00080-encoding-evasion.yaml} +3 -1
  49. package/rules/prompt-injection/{ATR-2026-081-semantic-multi-turn.yaml → ATR-2026-00081-semantic-multi-turn.yaml} +3 -1
  50. package/rules/prompt-injection/{ATR-2026-082-fingerprint-evasion.yaml → ATR-2026-00082-fingerprint-evasion.yaml} +3 -1
  51. package/rules/prompt-injection/{ATR-2026-083-indirect-tool-injection.yaml → ATR-2026-00083-indirect-tool-injection.yaml} +3 -1
  52. package/rules/prompt-injection/{ATR-2026-084-structured-data-injection.yaml → ATR-2026-00084-structured-data-injection.yaml} +3 -1
  53. package/rules/prompt-injection/{ATR-2026-085-audit-evasion.yaml → ATR-2026-00085-audit-evasion.yaml} +3 -1
  54. package/rules/prompt-injection/{ATR-2026-086-visual-spoofing.yaml → ATR-2026-00086-visual-spoofing.yaml} +3 -1
  55. package/rules/prompt-injection/{ATR-2026-087-rule-probing.yaml → ATR-2026-00087-rule-probing.yaml} +3 -1
  56. package/rules/prompt-injection/{ATR-2026-088-adaptive-countermeasure.yaml → ATR-2026-00088-adaptive-countermeasure.yaml} +3 -1
  57. package/rules/prompt-injection/{ATR-2026-089-polymorphic-skill.yaml → ATR-2026-00089-polymorphic-skill.yaml} +3 -1
  58. package/rules/prompt-injection/{ATR-2026-090-threat-intel-exfil.yaml → ATR-2026-00090-threat-intel-exfil.yaml} +3 -1
  59. package/rules/prompt-injection/{ATR-2026-091-nested-payload.yaml → ATR-2026-00091-nested-payload.yaml} +3 -1
  60. package/rules/prompt-injection/{ATR-2026-092-consensus-poisoning.yaml → ATR-2026-00092-consensus-poisoning.yaml} +3 -1
  61. package/rules/prompt-injection/{ATR-2026-093-gradual-escalation.yaml → ATR-2026-00093-gradual-escalation.yaml} +3 -1
  62. package/rules/prompt-injection/{ATR-2026-094-audit-bypass.yaml → ATR-2026-00094-audit-bypass.yaml} +3 -1
  63. package/rules/prompt-injection/{ATR-2026-097-cjk-injection-patterns.yaml → ATR-2026-00097-cjk-injection-patterns.yaml} +18 -1
  64. package/rules/prompt-injection/{ATR-2026-104-persona-hijacking.yaml → ATR-2026-00104-persona-hijacking.yaml} +3 -1
  65. package/rules/prompt-injection/ATR-2026-00130-indirect-authority-claim.yaml +103 -0
  66. package/rules/prompt-injection/ATR-2026-00131-fictional-academic-framing.yaml +99 -0
  67. package/rules/prompt-injection/ATR-2026-00133-paraphrase-injection.yaml +117 -0
  68. package/rules/prompt-injection/ATR-2026-00137-authority-claim-injection.yaml +52 -0
  69. package/rules/prompt-injection/ATR-2026-00138-fictional-framing-bypass.yaml +51 -0
  70. package/rules/prompt-injection/ATR-2026-00140-indirect-reference-reversal.yaml +52 -0
  71. package/rules/prompt-injection/ATR-2026-00148-language-switch-injection.yaml +71 -0
  72. package/rules/skill-compromise/{ATR-2026-060-skill-impersonation.yaml → ATR-2026-00060-skill-impersonation.yaml} +3 -1
  73. package/rules/skill-compromise/{ATR-2026-061-description-behavior-mismatch.yaml → ATR-2026-00061-description-behavior-mismatch.yaml} +4 -2
  74. package/rules/skill-compromise/{ATR-2026-062-hidden-capability.yaml → ATR-2026-00062-hidden-capability.yaml} +3 -1
  75. package/rules/skill-compromise/{ATR-2026-063-skill-chain-attack.yaml → ATR-2026-00063-skill-chain-attack.yaml} +5 -2
  76. package/rules/skill-compromise/{ATR-2026-064-over-permissioned-skill.yaml → ATR-2026-00064-over-permissioned-skill.yaml} +3 -1
  77. package/rules/skill-compromise/{ATR-2026-065-skill-update-attack.yaml → ATR-2026-00065-skill-update-attack.yaml} +3 -1
  78. package/rules/skill-compromise/{ATR-2026-066-parameter-injection.yaml → ATR-2026-00066-parameter-injection.yaml} +3 -1
  79. package/rules/skill-compromise/ATR-2026-00120-skill-instruction-injection.yaml +121 -0
  80. package/rules/skill-compromise/ATR-2026-00121-skill-dangerous-script.yaml +165 -0
  81. package/rules/skill-compromise/ATR-2026-00122-skill-weaponized-instruction.yaml +114 -0
  82. package/rules/skill-compromise/ATR-2026-00123-skill-overreach-permissions.yaml +118 -0
  83. package/rules/skill-compromise/ATR-2026-00124-skill-name-squatting.yaml +98 -0
  84. package/rules/skill-compromise/ATR-2026-00125-context-poisoning-compaction.yaml +93 -0
  85. package/rules/skill-compromise/ATR-2026-00126-skill-rug-pull-setup.yaml +99 -0
  86. package/rules/skill-compromise/ATR-2026-00127-subcommand-overflow.yaml +74 -0
  87. package/rules/skill-compromise/ATR-2026-00128-html-comment-hidden-payload.yaml +79 -0
  88. package/rules/skill-compromise/ATR-2026-00129-unicode-smuggling.yaml +73 -0
  89. package/rules/skill-compromise/ATR-2026-00134-fork-claim-impersonation.yaml +93 -0
  90. package/rules/skill-compromise/ATR-2026-00135-exfil-url-in-instructions.yaml +82 -0
  91. package/rules/skill-compromise/ATR-2026-00147-fork-impersonation.yaml +48 -0
  92. package/rules/tool-poisoning/{ATR-2026-010-mcp-malicious-response.yaml → ATR-2026-00010-mcp-malicious-response.yaml} +3 -1
  93. package/rules/tool-poisoning/{ATR-2026-011-tool-output-injection.yaml → ATR-2026-00011-tool-output-injection.yaml} +3 -1
  94. package/rules/tool-poisoning/{ATR-2026-012-unauthorized-tool-call.yaml → ATR-2026-00012-unauthorized-tool-call.yaml} +3 -1
  95. package/rules/tool-poisoning/{ATR-2026-013-tool-ssrf.yaml → ATR-2026-00013-tool-ssrf.yaml} +3 -1
  96. package/rules/tool-poisoning/{ATR-2026-095-supply-chain-poisoning.yaml → ATR-2026-00095-supply-chain-poisoning.yaml} +3 -1
  97. package/rules/tool-poisoning/{ATR-2026-096-registry-poisoning.yaml → ATR-2026-00096-registry-poisoning.yaml} +3 -1
  98. package/rules/tool-poisoning/{ATR-2026-100-consent-bypass-instruction.yaml → ATR-2026-00100-consent-bypass-instruction.yaml} +3 -1
  99. package/rules/tool-poisoning/{ATR-2026-101-trust-escalation-override.yaml → ATR-2026-00101-trust-escalation-override.yaml} +3 -1
  100. package/rules/tool-poisoning/{ATR-2026-103-hidden-safety-bypass-instruction.yaml → ATR-2026-00103-hidden-safety-bypass-instruction.yaml} +3 -1
  101. package/rules/tool-poisoning/{ATR-2026-105-silent-action-concealment.yaml → ATR-2026-00105-silent-action-concealment.yaml} +3 -1
  102. package/rules/tool-poisoning/{ATR-2026-106-schema-description-contradiction.yaml → ATR-2026-00106-schema-description-contradiction.yaml} +3 -1
  103. package/spec/atr-schema.yaml +32 -3
  104. package/dist/action-executor.d.ts +0 -44
  105. package/dist/action-executor.d.ts.map +0 -1
  106. package/dist/action-executor.js +0 -130
  107. package/dist/action-executor.js.map +0 -1
  108. package/dist/adapters/default-adapter.d.ts +0 -24
  109. package/dist/adapters/default-adapter.d.ts.map +0 -1
  110. package/dist/adapters/default-adapter.js +0 -51
  111. package/dist/adapters/default-adapter.js.map +0 -1
  112. package/dist/adapters/stdio-adapter.d.ts +0 -30
  113. package/dist/adapters/stdio-adapter.d.ts.map +0 -1
  114. package/dist/adapters/stdio-adapter.js +0 -128
  115. package/dist/adapters/stdio-adapter.js.map +0 -1
  116. package/dist/capability-extractor.d.ts +0 -35
  117. package/dist/capability-extractor.d.ts.map +0 -1
  118. package/dist/capability-extractor.js +0 -91
  119. package/dist/capability-extractor.js.map +0 -1
  120. package/dist/cli.d.ts +0 -12
  121. package/dist/cli.d.ts.map +0 -1
  122. package/dist/cli.js +0 -820
  123. package/dist/cli.js.map +0 -1
  124. package/dist/converters/elastic.d.ts +0 -36
  125. package/dist/converters/elastic.d.ts.map +0 -1
  126. package/dist/converters/elastic.js +0 -125
  127. package/dist/converters/elastic.js.map +0 -1
  128. package/dist/converters/index.d.ts +0 -28
  129. package/dist/converters/index.d.ts.map +0 -1
  130. package/dist/converters/index.js +0 -36
  131. package/dist/converters/index.js.map +0 -1
  132. package/dist/converters/splunk.d.ts +0 -19
  133. package/dist/converters/splunk.d.ts.map +0 -1
  134. package/dist/converters/splunk.js +0 -148
  135. package/dist/converters/splunk.js.map +0 -1
  136. package/dist/coverage-analyzer.d.ts +0 -43
  137. package/dist/coverage-analyzer.d.ts.map +0 -1
  138. package/dist/coverage-analyzer.js +0 -329
  139. package/dist/coverage-analyzer.js.map +0 -1
  140. package/dist/embedding/build-corpus.d.ts +0 -15
  141. package/dist/embedding/build-corpus.d.ts.map +0 -1
  142. package/dist/embedding/build-corpus.js +0 -105
  143. package/dist/embedding/build-corpus.js.map +0 -1
  144. package/dist/embedding/model-loader.d.ts +0 -41
  145. package/dist/embedding/model-loader.d.ts.map +0 -1
  146. package/dist/embedding/model-loader.js +0 -90
  147. package/dist/embedding/model-loader.js.map +0 -1
  148. package/dist/embedding/vector-store.d.ts +0 -41
  149. package/dist/embedding/vector-store.d.ts.map +0 -1
  150. package/dist/embedding/vector-store.js +0 -70
  151. package/dist/embedding/vector-store.js.map +0 -1
  152. package/dist/engine.d.ts +0 -163
  153. package/dist/engine.d.ts.map +0 -1
  154. package/dist/engine.js +0 -869
  155. package/dist/engine.js.map +0 -1
  156. package/dist/eval/corpus.d.ts +0 -42
  157. package/dist/eval/corpus.d.ts.map +0 -1
  158. package/dist/eval/corpus.js +0 -427
  159. package/dist/eval/corpus.js.map +0 -1
  160. package/dist/eval/eval-harness.d.ts +0 -44
  161. package/dist/eval/eval-harness.d.ts.map +0 -1
  162. package/dist/eval/eval-harness.js +0 -296
  163. package/dist/eval/eval-harness.js.map +0 -1
  164. package/dist/eval/index.d.ts +0 -13
  165. package/dist/eval/index.d.ts.map +0 -1
  166. package/dist/eval/index.js +0 -9
  167. package/dist/eval/index.js.map +0 -1
  168. package/dist/eval/metrics.d.ts +0 -74
  169. package/dist/eval/metrics.d.ts.map +0 -1
  170. package/dist/eval/metrics.js +0 -108
  171. package/dist/eval/metrics.js.map +0 -1
  172. package/dist/eval/pint-corpus.d.ts +0 -34
  173. package/dist/eval/pint-corpus.d.ts.map +0 -1
  174. package/dist/eval/pint-corpus.js +0 -109
  175. package/dist/eval/pint-corpus.js.map +0 -1
  176. package/dist/eval/rule-corpus.d.ts +0 -9
  177. package/dist/eval/rule-corpus.d.ts.map +0 -1
  178. package/dist/eval/rule-corpus.js +0 -4780
  179. package/dist/eval/rule-corpus.js.map +0 -1
  180. package/dist/eval/rule-metrics.d.ts +0 -34
  181. package/dist/eval/rule-metrics.d.ts.map +0 -1
  182. package/dist/eval/rule-metrics.js +0 -92
  183. package/dist/eval/rule-metrics.js.map +0 -1
  184. package/dist/eval/run-eval.d.ts +0 -7
  185. package/dist/eval/run-eval.d.ts.map +0 -1
  186. package/dist/eval/run-eval.js +0 -11
  187. package/dist/eval/run-eval.js.map +0 -1
  188. package/dist/eval/run-pint-benchmark.d.ts +0 -18
  189. package/dist/eval/run-pint-benchmark.d.ts.map +0 -1
  190. package/dist/eval/run-pint-benchmark.js +0 -157
  191. package/dist/eval/run-pint-benchmark.js.map +0 -1
  192. package/dist/flywheel.d.ts +0 -54
  193. package/dist/flywheel.d.ts.map +0 -1
  194. package/dist/flywheel.js +0 -121
  195. package/dist/flywheel.js.map +0 -1
  196. package/dist/hook-handler.d.ts +0 -61
  197. package/dist/hook-handler.d.ts.map +0 -1
  198. package/dist/hook-handler.js +0 -178
  199. package/dist/hook-handler.js.map +0 -1
  200. package/dist/index.d.ts +0 -62
  201. package/dist/index.d.ts.map +0 -1
  202. package/dist/index.js +0 -54
  203. package/dist/index.js.map +0 -1
  204. package/dist/layer-integration.d.ts +0 -55
  205. package/dist/layer-integration.d.ts.map +0 -1
  206. package/dist/layer-integration.js +0 -185
  207. package/dist/layer-integration.js.map +0 -1
  208. package/dist/loader.d.ts +0 -21
  209. package/dist/loader.d.ts.map +0 -1
  210. package/dist/loader.js +0 -124
  211. package/dist/loader.js.map +0 -1
  212. package/dist/mcp-server.d.ts +0 -13
  213. package/dist/mcp-server.d.ts.map +0 -1
  214. package/dist/mcp-server.js +0 -220
  215. package/dist/mcp-server.js.map +0 -1
  216. package/dist/mcp-tools/coverage-gaps.d.ts +0 -13
  217. package/dist/mcp-tools/coverage-gaps.d.ts.map +0 -1
  218. package/dist/mcp-tools/coverage-gaps.js +0 -55
  219. package/dist/mcp-tools/coverage-gaps.js.map +0 -1
  220. package/dist/mcp-tools/list-rules.d.ts +0 -17
  221. package/dist/mcp-tools/list-rules.d.ts.map +0 -1
  222. package/dist/mcp-tools/list-rules.js +0 -45
  223. package/dist/mcp-tools/list-rules.js.map +0 -1
  224. package/dist/mcp-tools/scan.d.ts +0 -24
  225. package/dist/mcp-tools/scan.d.ts.map +0 -1
  226. package/dist/mcp-tools/scan.js +0 -94
  227. package/dist/mcp-tools/scan.js.map +0 -1
  228. package/dist/mcp-tools/submit-proposal.d.ts +0 -12
  229. package/dist/mcp-tools/submit-proposal.d.ts.map +0 -1
  230. package/dist/mcp-tools/submit-proposal.js +0 -103
  231. package/dist/mcp-tools/submit-proposal.js.map +0 -1
  232. package/dist/mcp-tools/threat-summary.d.ts +0 -12
  233. package/dist/mcp-tools/threat-summary.d.ts.map +0 -1
  234. package/dist/mcp-tools/threat-summary.js +0 -74
  235. package/dist/mcp-tools/threat-summary.js.map +0 -1
  236. package/dist/mcp-tools/validate.d.ts +0 -15
  237. package/dist/mcp-tools/validate.d.ts.map +0 -1
  238. package/dist/mcp-tools/validate.js +0 -45
  239. package/dist/mcp-tools/validate.js.map +0 -1
  240. package/dist/modules/embedding.d.ts +0 -71
  241. package/dist/modules/embedding.d.ts.map +0 -1
  242. package/dist/modules/embedding.js +0 -141
  243. package/dist/modules/embedding.js.map +0 -1
  244. package/dist/modules/index.d.ts +0 -144
  245. package/dist/modules/index.d.ts.map +0 -1
  246. package/dist/modules/index.js +0 -82
  247. package/dist/modules/index.js.map +0 -1
  248. package/dist/modules/semantic.d.ts +0 -106
  249. package/dist/modules/semantic.d.ts.map +0 -1
  250. package/dist/modules/semantic.js +0 -359
  251. package/dist/modules/semantic.js.map +0 -1
  252. package/dist/modules/session.d.ts +0 -70
  253. package/dist/modules/session.d.ts.map +0 -1
  254. package/dist/modules/session.js +0 -128
  255. package/dist/modules/session.js.map +0 -1
  256. package/dist/rule-scaffolder.d.ts +0 -53
  257. package/dist/rule-scaffolder.d.ts.map +0 -1
  258. package/dist/rule-scaffolder.js +0 -301
  259. package/dist/rule-scaffolder.js.map +0 -1
  260. package/dist/session-tracker.d.ts +0 -58
  261. package/dist/session-tracker.d.ts.map +0 -1
  262. package/dist/session-tracker.js +0 -176
  263. package/dist/session-tracker.js.map +0 -1
  264. package/dist/shadow-evaluator.d.ts +0 -48
  265. package/dist/shadow-evaluator.d.ts.map +0 -1
  266. package/dist/shadow-evaluator.js +0 -128
  267. package/dist/shadow-evaluator.js.map +0 -1
  268. package/dist/skill-fingerprint.d.ts +0 -85
  269. package/dist/skill-fingerprint.d.ts.map +0 -1
  270. package/dist/skill-fingerprint.js +0 -284
  271. package/dist/skill-fingerprint.js.map +0 -1
  272. package/dist/tier0-invariant.d.ts +0 -49
  273. package/dist/tier0-invariant.d.ts.map +0 -1
  274. package/dist/tier0-invariant.js +0 -184
  275. package/dist/tier0-invariant.js.map +0 -1
  276. package/dist/tier1-blacklist.d.ts +0 -48
  277. package/dist/tier1-blacklist.d.ts.map +0 -1
  278. package/dist/tier1-blacklist.js +0 -91
  279. package/dist/tier1-blacklist.js.map +0 -1
  280. package/dist/types.d.ts +0 -190
  281. package/dist/types.d.ts.map +0 -1
  282. package/dist/types.js +0 -6
  283. package/dist/types.js.map +0 -1
  284. package/dist/verdict.d.ts +0 -26
  285. package/dist/verdict.d.ts.map +0 -1
  286. package/dist/verdict.js +0 -127
  287. package/dist/verdict.js.map +0 -1
package/dist/verdict.js DELETED
@@ -1,127 +0,0 @@
1
- /**
2
- * Verdict computation from ATR rule matches.
3
- *
4
- * Pure functions that determine the outcome (allow/ask/deny)
5
- * based on severity, confidence, and auto-response thresholds.
6
- *
7
- * @module agent-threat-rules/verdict
8
- */
9
- /** Severity rank from most severe (0) to least severe (4) */
10
- export const SEVERITY_RANK = {
11
- critical: 0,
12
- high: 1,
13
- medium: 2,
14
- low: 3,
15
- informational: 4,
16
- };
17
- /**
18
- * Check whether auto-response is enabled for a matched rule.
19
- * The auto_response_threshold field on ATRResponse indicates the
20
- * minimum confidence level at which the action should be taken
21
- * automatically (without human approval).
22
- */
23
- export function isAutoResponseEnabled(match) {
24
- const threshold = match.rule.response.auto_response_threshold;
25
- if (!threshold)
26
- return false;
27
- const thresholdMap = {
28
- high: 0.9,
29
- medium: 0.7,
30
- low: 0.5,
31
- };
32
- const requiredConfidence = thresholdMap[threshold];
33
- if (requiredConfidence === undefined)
34
- return false;
35
- return match.confidence >= requiredConfidence;
36
- }
37
- /**
38
- * Determine the verdict outcome based on severity and confidence.
39
- *
40
- * Decision matrix:
41
- * - critical severity -> deny
42
- * - high severity, conf >= 0.8 -> deny
43
- * - high severity, conf < 0.8 -> ask
44
- * - medium severity, conf >= 0.6 -> ask
45
- * - everything else -> allow
46
- */
47
- function determineOutcome(severity, confidence) {
48
- if (severity === 'critical') {
49
- return 'deny';
50
- }
51
- if (severity === 'high') {
52
- return confidence >= 0.8 ? 'deny' : 'ask';
53
- }
54
- if (severity === 'medium' && confidence >= 0.6) {
55
- return 'ask';
56
- }
57
- return 'allow';
58
- }
59
- /**
60
- * Collect unique actions from all matched rules, preserving order
61
- * of first appearance.
62
- */
63
- function collectUniqueActions(matches) {
64
- const seen = new Set();
65
- const actions = [];
66
- for (const match of matches) {
67
- for (const action of match.rule.response.actions) {
68
- if (!seen.has(action)) {
69
- seen.add(action);
70
- actions.push(action);
71
- }
72
- }
73
- }
74
- return Object.freeze(actions);
75
- }
76
- /**
77
- * Build a human-readable reason string from the highest severity match.
78
- */
79
- function buildReason(highestMatch, outcome, matchCount) {
80
- if (!highestMatch) {
81
- return 'No rules matched.';
82
- }
83
- const { rule, confidence } = highestMatch;
84
- const pct = Math.round(confidence * 100);
85
- return (`${outcome.toUpperCase()}: ${rule.title} ` +
86
- `[${rule.severity}/${pct}% confidence] ` +
87
- `(${matchCount} rule${matchCount === 1 ? '' : 's'} matched)`);
88
- }
89
- /**
90
- * Compute a verdict from an array of ATR matches.
91
- *
92
- * This is a pure function -- no side effects, no mutation.
93
- * Returns a frozen ATRVerdict object.
94
- */
95
- export function computeVerdict(matches) {
96
- if (matches.length === 0) {
97
- return Object.freeze({
98
- outcome: 'allow',
99
- reason: 'No rules matched.',
100
- matchCount: 0,
101
- highestSeverity: null,
102
- highestConfidence: 0,
103
- actions: Object.freeze([]),
104
- matches: Object.freeze([]),
105
- timestamp: new Date().toISOString(),
106
- });
107
- }
108
- // Matches are already sorted by the engine (severity desc, confidence desc).
109
- // The first match has the highest severity.
110
- const highestMatch = matches[0];
111
- const highestSeverity = highestMatch.rule.severity;
112
- const highestConfidence = highestMatch.confidence;
113
- const outcome = determineOutcome(highestSeverity, highestConfidence);
114
- const actions = collectUniqueActions(matches);
115
- const reason = buildReason(highestMatch, outcome, matches.length);
116
- return Object.freeze({
117
- outcome,
118
- reason,
119
- matchCount: matches.length,
120
- highestSeverity,
121
- highestConfidence,
122
- actions,
123
- matches: Object.freeze([...matches]),
124
- timestamp: new Date().toISOString(),
125
- });
126
- }
127
- //# sourceMappingURL=verdict.js.map
package/dist/verdict.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"verdict.js","sourceRoot":"","sources":["../src/verdict.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAUH,6DAA6D;AAC7D,MAAM,CAAC,MAAM,aAAa,GAA0C;IAClE,QAAQ,EAAE,CAAC;IACX,IAAI,EAAE,CAAC;IACP,MAAM,EAAE,CAAC;IACT,GAAG,EAAE,CAAC;IACN,aAAa,EAAE,CAAC;CACjB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe;IAEf,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IAC9D,IAAI,CAAC,SAAS;QAAE,OAAO,KAAK,CAAC;IAE7B,MAAM,YAAY,GAA2B;QAC3C,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,GAAG,EAAE,GAAG;KACT,CAAC;IAEF,MAAM,kBAAkB,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,kBAAkB,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEnD,OAAO,KAAK,CAAC,UAAU,IAAI,kBAAkB,CAAC;AAChD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,gBAAgB,CACvB,QAAqB,EACrB,UAAkB;IAElB,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;QAC5B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,OAAO,UAAU,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;IAC5C,CAAC;IACD,IAAI,QAAQ,KAAK,QAAQ,IAAI,UAAU,IAAI,GAAG,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,OAA4B;IAE5B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAa,CAAC;IAClC,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,KAAK,MAAM,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAClB,YAAkC,EAClC,OAAuB,EACvB,UAAkB;IAElB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,YAAY,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,CAAC,CAAC;IAEzC,OAAO,CACL,GAAG,OAAO,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,KAAK,GAAG;QAC1C,IAAI,IAAI,CAAC,QAAQ,IAAI,GAAG,gBAAgB;QACxC,IAAI,UAAU,QAAQ,UAAU,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,WAAW,CAC7D,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,OAA4B;IAE5B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC;YACnB,OAAO,EAAE,OAAgB;YACzB,MAAM,EAAE,mBAAmB;YAC3B,UAAU,EAAE,CAAC;YACb,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,CAAC;YACpB,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4CAA4C;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAE,CAAC;IACjC,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC;IACnD,MAAM,iBAAiB,GAAG,YAAY,CAAC,UAAU,CAAC;IAElD,MAAM,OAAO,GAAG,gBAAgB,CAAC,eAAe,EAAE,iBAAiB,CAAC,CAAC;IACrE,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,YAAY,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;IAElE,OAAO,MAAM,CAAC,MAAM,CAAC;QACnB,OAAO;QACP,MAAM;QACN,UAAU,EAAE,OAAO,CAAC,MAAM;QAC1B,eAAe;QACf,iBAAiB;QACjB,OAAO;QACP,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC;QACpC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC"}