agent-threat-rules 0.4.0 → 1.0.0

package/dist/coverage-analyzer.js

@@ -1,329 +0,0 @@
-/**
- * ATR Coverage Analyzer - Analyzes rule sets for coverage gaps
- * against OWASP Agentic Top 10 and MITRE ATLAS frameworks.
- * @module agent-threat-rules/coverage-analyzer
- */
-const OWASP_AGENTIC_TOP_10 = [
-    {
-        id: 'ASI01',
-        name: 'Prompt Injection',
-        categories: ['prompt-injection'],
-        recommendedMin: 3,
-    },
-    {
-        id: 'ASI02',
-        name: 'Tool/Skill Poisoning',
-        categories: ['tool-poisoning'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI03',
-        name: 'Insecure Output Handling',
-        categories: ['context-exfiltration'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI04',
-        name: 'Privilege Escalation',
-        categories: ['privilege-escalation'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI05',
-        name: 'Data Poisoning',
-        categories: ['data-poisoning'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI06',
-        name: 'Excessive Autonomy',
-        categories: ['excessive-autonomy'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI07',
-        name: 'Multi-Agent Manipulation',
-        categories: ['agent-manipulation'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI08',
-        name: 'Model Abuse',
-        categories: ['model-abuse'],
-        recommendedMin: 2,
-    },
-    {
-        id: 'ASI09',
-        name: 'Insufficient Logging',
-        categories: [],
-        recommendedMin: 1,
-        noDirectRules: true,
-    },
-    {
-        id: 'ASI10',
-        name: 'Supply Chain Compromise',
-        categories: ['skill-compromise'],
-        recommendedMin: 2,
-    },
-];
-// ---------------------------------------------------------------------------
-// MITRE ATLAS techniques to check
-// ---------------------------------------------------------------------------
-const MITRE_ATLAS_TECHNIQUES = [
-    {
-        id: 'AML.T0051',
-        name: 'LLM Prompt Injection',
-        categories: ['prompt-injection'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0051.000',
-        name: 'LLM Prompt Injection: Direct',
-        categories: ['prompt-injection'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0051.001',
-        name: 'LLM Prompt Injection: Indirect',
-        categories: ['prompt-injection'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0053',
-        name: 'Data Poisoning',
-        categories: ['data-poisoning'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0056',
-        name: 'LLM Plugin Compromise',
-        categories: ['tool-poisoning', 'skill-compromise'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0010',
-        name: 'ML Supply Chain Compromise',
-        categories: ['skill-compromise', 'tool-poisoning'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0020',
-        name: 'Poison Training Data',
-        categories: ['data-poisoning'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0018',
-        name: 'Backdoor ML Model',
-        categories: ['model-abuse', 'data-poisoning'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0024',
-        name: 'Exfiltration via ML Inference API',
-        categories: ['context-exfiltration'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0040',
-        name: 'ML Model Inference API Access',
-        categories: ['model-abuse'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0043',
-        name: 'Craft Adversarial Data',
-        categories: ['data-poisoning', 'prompt-injection'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0044',
-        name: 'Full ML Model Access',
-        categories: ['model-abuse'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0046',
-        name: 'Evade ML Model',
-        categories: ['prompt-injection', 'agent-manipulation'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0047',
-        name: 'ML-Enabled Product/Service Abuse',
-        categories: ['model-abuse', 'excessive-autonomy'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0050',
-        name: 'Command and Control via ML Service',
-        categories: ['agent-manipulation'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0052.000',
-        name: 'Phishing via LLM',
-        categories: ['model-abuse'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0054',
-        name: 'LLM Jailbreak',
-        categories: ['prompt-injection'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0055',
-        name: 'Unsafe LLM Output',
-        categories: ['context-exfiltration', 'model-abuse'],
-        recommendedMin: 1,
-    },
-    {
-        id: 'AML.T0057',
-        name: 'LLM Data Leakage',
-        categories: ['context-exfiltration'],
-        recommendedMin: 1,
-    },
-];
-// ---------------------------------------------------------------------------
-// All 9 ATR categories
-// ---------------------------------------------------------------------------
-const ALL_ATR_CATEGORIES = [
-    'prompt-injection',
-    'tool-poisoning',
-    'context-exfiltration',
-    'agent-manipulation',
-    'privilege-escalation',
-    'excessive-autonomy',
-    'data-poisoning',
-    'model-abuse',
-    'skill-compromise',
-];
-// ---------------------------------------------------------------------------
-// CoverageAnalyzer
-// ---------------------------------------------------------------------------
-export class CoverageAnalyzer {
-    rules;
-    constructor(rules) {
-        this.rules = rules;
-    }
-    /**
-     * Analyze the rule set for coverage gaps against OWASP Agentic Top 10,
-     * MITRE ATLAS, and ATR category distribution.
-     */
-    analyze() {
-        const activeRules = this.rules.filter((r) => r.status !== 'deprecated');
-        const categoryDistribution = this.buildCategoryDistribution(activeRules);
-        const gaps = [];
-        // Check OWASP Agentic Top 10
-        for (const item of OWASP_AGENTIC_TOP_10) {
-            const count = this.countCoveringRules(activeRules, item);
-            if (count < item.recommendedMin) {
-                gaps.push({
-                    framework: 'OWASP Agentic Top 10',
-                    riskId: item.id,
-                    riskName: item.name,
-                    currentRuleCount: count,
-                    recommendedMin: item.recommendedMin,
-                });
-            }
-        }
-        // Check MITRE ATLAS techniques
-        for (const item of MITRE_ATLAS_TECHNIQUES) {
-            const count = this.countCoveringRules(activeRules, item);
-            if (count < item.recommendedMin) {
-                gaps.push({
-                    framework: 'MITRE ATLAS',
-                    riskId: item.id,
-                    riskName: item.name,
-                    currentRuleCount: count,
-                    recommendedMin: item.recommendedMin,
-                });
-            }
-        }
-        const suggestions = this.generateSuggestions(gaps, categoryDistribution);
-        return {
-            totalRules: activeRules.length,
-            gaps,
-            categoryDistribution,
-            suggestions,
-        };
-    }
-    /**
-     * Count how many active rules cover a given framework item,
-     * either by ATR category match or by explicit reference in rule metadata.
-     */
-    countCoveringRules(activeRules, item) {
-        if (item.noDirectRules) {
-            return 0;
-        }
-        const covering = new Set();
-        for (const rule of activeRules) {
-            const matchesCategory = item.categories.includes(rule.tags.category);
-            const matchesOwaspRef = rule.references?.owasp_llm?.some((ref) => ref.includes(item.id)) ?? false;
-            const matchesMitreRef = rule.references?.mitre_atlas?.some((ref) => ref.includes(item.id)) ?? false;
-            if (matchesCategory || matchesOwaspRef || matchesMitreRef) {
-                covering.add(rule.id);
-            }
-        }
-        return covering.size;
-    }
-    /**
-     * Build a distribution count of rules per ATR category.
-     */
-    buildCategoryDistribution(activeRules) {
-        const dist = {};
-        for (const cat of ALL_ATR_CATEGORIES) {
-            dist[cat] = 0;
-        }
-        for (const rule of activeRules) {
-            const cat = rule.tags.category;
-            dist[cat] = (dist[cat] ?? 0) + 1;
-        }
-        return dist;
-    }
-    /**
-     * Generate human-readable suggestions based on identified gaps
-     * and category distribution.
-     */
-    generateSuggestions(gaps, categoryDistribution) {
-        const suggestions = [];
-        // Group OWASP gaps
-        const owaspGaps = gaps.filter((g) => g.framework === 'OWASP Agentic Top 10');
-        if (owaspGaps.length > 0) {
-            const ids = owaspGaps.map((g) => g.riskId).join(', ');
-            suggestions.push(`OWASP Agentic Top 10 coverage gaps found for: ${ids}. ` +
-                `Create rules targeting these risk areas to improve coverage.`);
-        }
-        // Group MITRE gaps
-        const mitreGaps = gaps.filter((g) => g.framework === 'MITRE ATLAS');
-        if (mitreGaps.length > 0) {
-            const ids = mitreGaps.map((g) => g.riskId).join(', ');
-            suggestions.push(`MITRE ATLAS technique coverage gaps found for: ${ids}. ` +
-                `Add detection rules or reference mappings for these techniques.`);
-        }
-        // Check for empty categories
-        const emptyCategories = ALL_ATR_CATEGORIES.filter((cat) => (categoryDistribution[cat] ?? 0) === 0);
-        if (emptyCategories.length > 0) {
-            suggestions.push(`No rules found for ATR categories: ${emptyCategories.join(', ')}. ` +
-                `Consider adding at least one rule per category for baseline coverage.`);
-        }
-        // ASI09 (Insufficient Logging) always appears as a gap since no direct rules exist
-        const asi09Gap = gaps.find((g) => g.riskId === 'ASI09');
-        if (asi09Gap) {
-            suggestions.push(`ASI09 (Insufficient Logging) has no direct ATR rule category. ` +
-                `Consider implementing logging validation at the agent framework level ` +
-                `rather than through detection rules.`);
-        }
-        // Suggest overall improvement if many gaps
-        if (gaps.length > 10) {
-            suggestions.push(`${gaps.length} total coverage gaps detected. Prioritize OWASP Agentic Top 10 ` +
-                `gaps first, then address MITRE ATLAS technique gaps.`);
-        }
-        if (suggestions.length === 0) {
-            suggestions.push('Rule coverage looks good across both OWASP and MITRE frameworks.');
-        }
-        return suggestions;
-    }
-}
-//# sourceMappingURL=coverage-analyzer.js.map

package/dist/coverage-analyzer.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"coverage-analyzer.js","sourceRoot":"","sources":["../src/coverage-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgCH,MAAM,oBAAoB,GAA6B;IACrD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kBAAkB;QACxB,UAAU,EAAE,CAAC,kBAAkB,CAAC;QAChC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE,CAAC,gBAAgB,CAAC;QAC9B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,UAAU,EAAE,CAAC,sBAAsB,CAAC;QACpC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE,CAAC,sBAAsB,CAAC;QACpC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,gBAAgB;QACtB,UAAU,EAAE,CAAC,gBAAgB,CAAC;QAC9B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,oBAAoB;QAC1B,UAAU,EAAE,CAAC,oBAAoB,CAAC;QAClC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,UAAU,EAAE,CAAC,oBAAoB,CAAC;QAClC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,aAAa;QACnB,UAAU,EAAE,CAAC,aAAa,CAAC;QAC3B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE,EAAE;QACd,cAAc,EAAE,CAAC;QACjB,aAAa,EAAE,IAAI;KACpB;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,yBAAyB;QAC/B,UAAU,EAAE,CAAC,kBAAkB,CAAC;QAChC,cAAc,EAAE,CAAC;KAClB;CACF,CAAC;AAEF,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E,MAAM,sBAAsB,GAA6B;IACvD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE,CAAC,kBAAkB,CAAC;QAChC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,8BAA8B;QACpC,UAAU,EAAE,CAAC,kBAAkB,CAAC;QAChC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,gCAAgC;QACtC,UAAU,EAAE,CAAC,kBAAkB,CAAC;QAChC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,gBAAgB;QACtB,UAAU,EAAE,CAAC,gBAAgB,CAAC;QAC9B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,uBAAuB;QAC7B,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;QAClD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,4BAA4B;QAClC,UAAU,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;QAClD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE,CAAC,gBAAgB,CAAC;QAC9B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,mBAAmB;QACzB,UAAU,EAAE,CAAC,aAAa,EAAE,gBAAgB,CAAC;QAC7C,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,mCAAmC;QACzC,UAAU,EAAE,CAAC,sBAAsB,CAAC;QACpC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,+BAA+B;QACrC,UAAU,EAAE,CAAC,aAAa,CAAC;QAC3B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,wBAAwB;QAC9B,UAAU,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;QAClD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,sBAAsB;QAC5B,UAAU,EAAE,CAAC,aAAa,CAAC;QAC3B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,gBAAgB;QACtB,UAAU,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;QACtD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,kCAAkC;QACxC,UAAU,EAAE,CAAC,aAAa,EAAE,oBAAoB,CAAC;QACjD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,oCAAoC;QAC1C,UAAU,EAAE,CAAC,oBAAoB,CAAC;QAClC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,kBAAkB;QACxB,UAAU,EAAE,CAAC,aAAa,CAAC;QAC3B,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,eAAe;QACrB,UAAU,EAAE,CAAC,kBAAkB,CAAC;QAChC,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,mBAAmB;QACzB,UAAU,EAAE,CAAC,sBAAsB,EAAE,aAAa,CAAC;QACnD,cAAc,EAAE,CAAC;KAClB;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,kBAAkB;QACxB,UAAU,EAAE,CAAC,sBAAsB,CAAC;QACpC,cAAc,EAAE,CAAC;KAClB;CACF,CAAC;AAEF,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,kBAAkB;IAClB,gBAAgB;IAChB,sBAAsB;IACtB,oBAAoB;IACpB,sBAAsB;IACtB,oBAAoB;IACpB,gBAAgB;IAChB,aAAa;IACb,kBAAkB;CACnB,CAAC;AAEF,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAM,OAAO,gBAAgB;IACV,KAAK,CAAqB;IAE3C,YAAY,KAAyB;QACnC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,YAAY,CAAC,CAAC;QACxE,MAAM,oBAAoB,GAAG,IAAI,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;QACzE,MAAM,IAAI,GAAkB,EAAE,CAAC;QAE/B,6BAA6B;QAC7B,KAAK,MAAM,IAAI,IAAI,oBAAoB,EAAE,CAAC;YACxC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YACzD,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC;oBACR,SAAS,EAAE,sBAAsB;oBACjC,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,gBAAgB,EAAE,KAAK;oBACvB,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,IAAI,IAAI,sBAAsB,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;YACzD,IAAI,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;gBAChC,IAAI,CAAC,IAAI,CAAC;oBACR,SAAS,EAAE,aAAa;oBACxB,MAAM,EAAE,IAAI,CAAC,EAAE;oBACf,QAAQ,EAAE,IAAI,CAAC,IAAI;oBACnB,gBAAgB,EAAE,KAAK;oBACvB,cAAc,EAAE,IAAI,CAAC,cAAc;iBACpC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QAEzE,OAAO;YACL,UAAU,EAAE,WAAW,CAAC,MAAM;YAC9B,IAAI;YACJ,oBAAoB;YACpB,WAAW;SACZ,CAAC;IACJ,CAAC;IAED;;;OAGG;IACK,kBAAkB,CACxB,WAA+B,EAC/B,IAAmB;QAEnB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;QAEnC,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAErE,MAAM,eAAe,GACnB,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC;YAC5E,MAAM,eAAe,GACnB,IAAI,CAAC,UAAU,EAAE,WAAW,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,IAAI,KAAK,CAAC;YAE9E,IAAI,eAAe,IAAI,eAAe,IAAI,eAAe,EAAE,CAAC;gBAC1D,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,yBAAyB,CAC/B,WAA+B;QAE/B,MAAM,IAAI,GAA2B,EAAE,CAAC;QAExC,KAAK,MAAM,GAAG,IAAI,kBAAkB,EAAE,CAAC;YACrC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC/B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACK,mBAAmB,CACzB,IAA4B,EAC5B,oBAAsD;QAEtD,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC,mBAAmB;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,sBAAsB,CAAC,CAAC;QAC7E,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,WAAW,CAAC,IAAI,CACd,iDAAiD,GAAG,IAAI;gBACxD,8DAA8D,CAC/D,CAAC;QACJ,CAAC;QAED,mBAAmB;QACnB,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,aAAa,CAAC,CAAC;QACpE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtD,WAAW,CAAC,IAAI,CACd,kDAAkD,GAAG,IAAI;gBACzD,iEAAiE,CAClE,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,MAAM,eAAe,GAAG,kBAAkB,CAAC,MAAM,CAC/C,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAChD,CAAC;QACF,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,WAAW,CAAC,IAAI,CACd,sCAAsC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gBACpE,uEAAuE,CACxE,CAAC;QACJ,CAAC;QAED,mFAAmF;QACnF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;QACxD,IAAI,QAAQ,EAAE,CAAC;YACb,WAAW,CAAC,IAAI,CACd,gEAAgE;gBAChE,wEAAwE;gBACxE,sCAAsC,CACvC,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;YACrB,WAAW,CAAC,IAAI,CACd,GAAG,IAAI,CAAC,MAAM,iEAAiE;gBAC/E,sDAAsD,CACvD,CAAC;QACJ,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,WAAW,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QACvF,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;CACF"}

package/dist/embedding/build-corpus.d.ts

@@ -1,15 +0,0 @@
-#!/usr/bin/env npx tsx
-/**
- * Build attack embedding corpus from ATR rule test cases.
- *
- * Reads all stable ATR rules, extracts true_positive test cases,
- * encodes them through all-MiniLM-L6-v2, and saves as JSON.
- *
- * Usage:
- *   npx tsx src/embedding/build-corpus.ts
- *
- * Output:
- *   data/attack-embeddings.json
- */
-export {};
-//# sourceMappingURL=build-corpus.d.ts.map

package/dist/embedding/build-corpus.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"build-corpus.d.ts","sourceRoot":"","sources":["../../src/embedding/build-corpus.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;GAWG"}

package/dist/embedding/build-corpus.js

@@ -1,105 +0,0 @@
-#!/usr/bin/env npx tsx
-/**
- * Build attack embedding corpus from ATR rule test cases.
- *
- * Reads all stable ATR rules, extracts true_positive test cases,
- * encodes them through all-MiniLM-L6-v2, and saves as JSON.
- *
- * Usage:
- *   npx tsx src/embedding/build-corpus.ts
- *
- * Output:
- *   data/attack-embeddings.json
- */
-import { readFileSync, writeFileSync, mkdirSync, readdirSync } from 'node:fs';
-import { join, resolve } from 'node:path';
-import * as yaml from 'js-yaml';
-const RULES_DIR = resolve(join(import.meta.dirname ?? '.', '..', '..', 'rules'));
-const OUTPUT_PATH = resolve(join(import.meta.dirname ?? '.', '..', '..', 'data', 'attack-embeddings.json'));
-async function main() {
-    console.log('Building attack embedding corpus...');
-    console.log(`Rules dir: ${RULES_DIR}`);
-    // Load model
-    console.log('Loading embedding model (first run downloads ~22MB)...');
-    const { TransformersJSModel } = await import('./model-loader.js');
-    const model = new TransformersJSModel();
-    await model.initialize();
-    console.log('Model loaded.');
-    // Collect all true_positive texts from rules
-    const attacks = [];
-    function walkDir(dir) {
-        const files = [];
-        for (const entry of readdirSync(dir, { withFileTypes: true })) {
-            const fullPath = join(dir, entry.name);
-            if (entry.isDirectory()) {
-                files.push(...walkDir(fullPath));
-            }
-            else if (entry.name.endsWith('.yaml') || entry.name.endsWith('.yml')) {
-                files.push(fullPath);
-            }
-        }
-        return files;
-    }
-    const ruleFiles = walkDir(RULES_DIR);
-    console.log(`Found ${ruleFiles.length} rule files.`);
-    for (const file of ruleFiles) {
-        try {
-            const content = readFileSync(file, 'utf-8');
-            const rule = yaml.load(content);
-            if (!rule?.id || !rule?.test_cases?.true_positives)
-                continue;
-            for (const tp of rule.test_cases.true_positives) {
-                const text = tp.input ?? tp.content ?? tp.user_input ?? tp.tool_response ?? tp.tool_description ?? tp.tool_args;
-                if (!text || text.length < 10)
-                    continue;
-                attacks.push({
-                    id: rule.id,
-                    text: text.slice(0, 512),
-                    category: rule.tags?.category ?? 'unknown',
-                    severity: rule.severity ?? 'medium',
-                    ruleTitle: rule.title ?? rule.id,
-                });
-            }
-        }
-        catch {
-            // Skip unparseable rules
-        }
-    }
-    console.log(`Extracted ${attacks.length} attack payloads from ${ruleFiles.length} rules.`);
-    // Deduplicate by text
-    const seen = new Set();
-    const unique = attacks.filter((a) => {
-        if (seen.has(a.text))
-            return false;
-        seen.add(a.text);
-        return true;
-    });
-    console.log(`Unique payloads: ${unique.length}`);
-    // Encode all payloads
-    console.log('Encoding payloads...');
-    const output = [];
-    for (let i = 0; i < unique.length; i++) {
-        const a = unique[i];
-        process.stdout.write(`\r  [${i + 1}/${unique.length}] ${a.id}`);
-        const vec = await model.encode(a.text);
-        output.push({
-            id: `${a.id}-tp${i}`,
-            text: a.text,
-            vector: Array.from(vec),
-            label: `${a.ruleTitle}: ${a.text.slice(0, 80)}`,
-            category: a.category,
-            severity: a.severity,
-        });
-    }
-    console.log('\n');
-    // Save
-    mkdirSync(join(OUTPUT_PATH, '..'), { recursive: true });
-    writeFileSync(OUTPUT_PATH, JSON.stringify(output, null, 2));
-    console.log(`Saved ${output.length} embeddings to ${OUTPUT_PATH}`);
-    console.log(`File size: ${(readFileSync(OUTPUT_PATH).length / 1024).toFixed(0)} KB`);
-}
-main().catch((err) => {
-    console.error('Fatal:', err);
-    process.exit(1);
-});
-//# sourceMappingURL=build-corpus.js.map

package/dist/embedding/build-corpus.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"build-corpus.js","sourceRoot":"","sources":["../../src/embedding/build-corpus.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,WAAW,EAAc,MAAM,SAAS,CAAC;AAC1F,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,KAAK,IAAI,MAAM,SAAS,CAAC;AAEhC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AACjF,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,GAAG,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC,CAAC;AAuB5G,KAAK,UAAU,IAAI;IACjB,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,cAAc,SAAS,EAAE,CAAC,CAAC;IAEvC,aAAa;IACb,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;IACtE,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,IAAI,mBAAmB,EAAE,CAAC;IACxC,MAAM,KAAK,CAAC,UAAU,EAAE,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAE7B,6CAA6C;IAC7C,MAAM,OAAO,GAA+F,EAAE,CAAC;IAE/G,SAAS,OAAO,CAAC,GAAW;QAC1B,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACvC,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;YACnC,CAAC;iBAAM,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,SAAS,SAAS,CAAC,MAAM,cAAc,CAAC,CAAC;IAErD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAgB,CAAC;YAC/C,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,cAAc;gBAAE,SAAS;YAE7D,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;gBAChD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,IAAI,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,UAAU,IAAI,EAAE,CAAC,aAAa,IAAI,EAAE,CAAC,gBAAgB,IAAI,EAAE,CAAC,SAAS,CAAC;gBAChH,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;oBAAE,SAAS;gBAExC,OAAO,CAAC,IAAI,CAAC;oBACX,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBACxB,QAAQ,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,SAAS;oBAC1C,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,QAAQ;oBACnC,SAAS,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE;iBACjC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yBAAyB;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,aAAa,OAAO,CAAC,MAAM,yBAAyB,SAAS,CAAC,MAAM,SAAS,CAAC,CAAC;IAE3F,sBAAsB;IACtB,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAClC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,GAAG,CAAC,oBAAoB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAEjD,sBAAsB;IACtB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,MAAM,MAAM,GAOP,EAAE,CAAC;IAER,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;QACrB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC;YACV,EAAE,EAAE,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE;YACpB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,KAAK,EAAE,GAAG,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAC/C,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAElB,OAAO;IACP,SAAS,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,MAAM,kBAAkB,WAAW,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACvF,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/embedding/model-loader.d.ts

@@ -1,41 +0,0 @@
-/**
- * Embedding model loader.
- *
- * Lazy-loads all-MiniLM-L6-v2 via @xenova/transformers (optional dep).
- * Model is ~22MB, cached to disk after first download.
- * Runs in pure JS/WASM -- no native bindings needed.
- *
- * @module agent-threat-rules/embedding/model-loader
- */
-export interface EmbeddingModel {
-    /** Encode text to embedding vector */
-    encode(text: string): Promise<Float32Array>;
-    /** Encode multiple texts (batched) */
-    encodeBatch(texts: readonly string[]): Promise<Float32Array[]>;
-    /** Initialize / load the model */
-    initialize(): Promise<void>;
-    /** Model output dimension */
-    readonly dimension: number;
-    /** Whether model is loaded */
-    readonly isLoaded: boolean;
-}
-export declare class TransformersJSModel implements EmbeddingModel {
-    readonly dimension = 384;
-    private pipeline;
-    get isLoaded(): boolean;
-    /** Lazy-load the model on first use */
-    initialize(): Promise<void>;
-    encode(text: string): Promise<Float32Array>;
-    encodeBatch(texts: readonly string[]): Promise<Float32Array[]>;
-}
-/** Create a no-op model for testing */
-export declare class MockEmbeddingModel implements EmbeddingModel {
-    readonly dimension = 384;
-    readonly isLoaded = true;
-    private readonly mockVectors;
-    constructor(mockVectors?: Map<string, Float32Array>);
-    initialize(): Promise<void>;
-    encode(text: string): Promise<Float32Array>;
-    encodeBatch(texts: readonly string[]): Promise<Float32Array[]>;
-}
-//# sourceMappingURL=model-loader.d.ts.map

package/dist/embedding/model-loader.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"model-loader.d.ts","sourceRoot":"","sources":["../../src/embedding/model-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAC5C,sCAAsC;IACtC,WAAW,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/D,kCAAkC;IAClC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,6BAA6B;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,8BAA8B;IAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B;AAKD,qBAAa,mBAAoB,YAAW,cAAc;IACxD,QAAQ,CAAC,SAAS,OAAa;IAC/B,OAAO,CAAC,QAAQ,CAAiB;IAEjC,IAAI,QAAQ,IAAI,OAAO,CAEtB;IAED,uCAAuC;IACjC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAoB3B,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAQ3C,WAAW,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;CAYrE;AAED,uCAAuC;AACvC,qBAAa,kBAAmB,YAAW,cAAc;IACvD,QAAQ,CAAC,SAAS,OAAa;IAC/B,QAAQ,CAAC,QAAQ,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA4B;gBAE5C,WAAW,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC;IAI7C,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAI3B,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAgB3C,WAAW,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;CAGrE"}

package/dist/embedding/model-loader.js

@@ -1,90 +0,0 @@
-/**
- * Embedding model loader.
- *
- * Lazy-loads all-MiniLM-L6-v2 via @xenova/transformers (optional dep).
- * Model is ~22MB, cached to disk after first download.
- * Runs in pure JS/WASM -- no native bindings needed.
- *
- * @module agent-threat-rules/embedding/model-loader
- */
-const MODEL_NAME = 'Xenova/all-MiniLM-L6-v2';
-const DIMENSION = 384;
-export class TransformersJSModel {
-    dimension = DIMENSION;
-    pipeline = null;
-    get isLoaded() {
-        return this.pipeline !== null;
-    }
-    /** Lazy-load the model on first use */
-    async initialize() {
-        if (this.pipeline)
-            return;
-        try {
-            // Dynamic import to keep @xenova/transformers optional
-            const { pipeline } = await import('@xenova/transformers');
-            this.pipeline = (await pipeline('feature-extraction', MODEL_NAME, {
-                quantized: true,
-            }));
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            if (msg.includes('Cannot find module') || msg.includes('MODULE_NOT_FOUND')) {
-                throw new Error('Embedding model requires @xenova/transformers. Install: npm install @xenova/transformers');
-            }
-            throw new Error(`Failed to load embedding model: ${msg}`);
-        }
-    }
-    async encode(text) {
-        if (!this.pipeline)
-            await this.initialize();
-        const pipelineFn = this.pipeline;
-        const output = await pipelineFn([text], { pooling: 'mean', normalize: true });
-        return new Float32Array(output.data.slice(0, DIMENSION));
-    }
-    async encodeBatch(texts) {
-        if (!this.pipeline)
-            await this.initialize();
-        const pipelineFn = this.pipeline;
-        const results = [];
-        // Process one at a time to control memory
-        for (const text of texts) {
-            const output = await pipelineFn([text], { pooling: 'mean', normalize: true });
-            results.push(new Float32Array(output.data.slice(0, DIMENSION)));
-        }
-        return results;
-    }
-}
-/** Create a no-op model for testing */
-export class MockEmbeddingModel {
-    dimension = DIMENSION;
-    isLoaded = true;
-    mockVectors;
-    constructor(mockVectors) {
-        this.mockVectors = mockVectors ?? new Map();
-    }
-    async initialize() {
-        // No-op for mock
-    }
-    async encode(text) {
-        const existing = this.mockVectors.get(text);
-        if (existing)
-            return existing;
-        // Generate deterministic vector from text hash
-        const vec = new Float32Array(DIMENSION);
-        for (let i = 0; i < DIMENSION; i++) {
-            vec[i] = Math.sin(text.charCodeAt(i % text.length) * (i + 1) * 0.01);
-        }
-        // Normalize
-        let mag = 0;
-        for (let i = 0; i < DIMENSION; i++)
-            mag += vec[i] * vec[i];
-        mag = Math.sqrt(mag);
-        for (let i = 0; i < DIMENSION; i++)
-            vec[i] /= mag;
-        return vec;
-    }
-    async encodeBatch(texts) {
-        return Promise.all(texts.map((t) => this.encode(t)));
-    }
-}
-//# sourceMappingURL=model-loader.js.map

package/dist/embedding/model-loader.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"model-loader.js","sourceRoot":"","sources":["../../src/embedding/model-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAeH,MAAM,UAAU,GAAG,yBAAyB,CAAC;AAC7C,MAAM,SAAS,GAAG,GAAG,CAAC;AAEtB,MAAM,OAAO,mBAAmB;IACrB,SAAS,GAAG,SAAS,CAAC;IACvB,QAAQ,GAAY,IAAI,CAAC;IAEjC,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,QAAQ,KAAK,IAAI,CAAC;IAChC,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,UAAU;QACd,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAE1B,IAAI,CAAC;YACH,uDAAuD;YACvD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAC1D,IAAI,CAAC,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,oBAAoB,EAAE,UAAU,EAAE;gBAChE,SAAS,EAAE,IAAI;aAChB,CAAC,CAAyB,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,IAAI,GAAG,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3E,MAAM,IAAI,KAAK,CACb,0FAA0F,CAC3F,CAAC;YACJ,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAE5C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAmG,CAAC;QAC5H,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9E,OAAO,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAwB;QACxC,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;QAE5C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAmG,CAAC;QAC5H,MAAM,OAAO,GAAmB,EAAE,CAAC;QACnC,0CAA0C;QAC1C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9E,OAAO,CAAC,IAAI,CAAC,IAAI,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;QAClE,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,uCAAuC;AACvC,MAAM,OAAO,kBAAkB;IACpB,SAAS,GAAG,SAAS,CAAC;IACtB,QAAQ,GAAG,IAAI,CAAC;IACR,WAAW,CAA4B;IAExD,YAAY,WAAuC;QACjD,IAAI,CAAC,WAAW,GAAG,WAAW,IAAI,IAAI,GAAG,EAAE,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,UAAU;QACd,iBAAiB;IACnB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,IAAY;QACvB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5C,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,+CAA+C;QAC/C,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,SAAS,CAAC,CAAC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;QACvE,CAAC;QACD,YAAY;QACZ,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE;YAAE,GAAG,IAAI,GAAG,CAAC,CAAC,CAAE,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;QAC7D,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE;YAAE,GAAG,CAAC,CAAC,CAAE,IAAI,GAAG,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAwB;QACxC,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,CAAC;CACF"}

package/dist/embedding/vector-store.d.ts

@@ -1,41 +0,0 @@
-/**
- * In-memory vector store with cosine similarity search.
- *
- * Stores pre-computed attack embeddings and finds nearest neighbors
- * for incoming text. Sub-millisecond for ~2000 vectors at 384 dimensions.
- *
- * @module agent-threat-rules/embedding/vector-store
- */
-import type { ATRSeverity } from '../types.js';
-export interface VectorEntry {
-    readonly id: string;
-    readonly vector: Float32Array;
-    readonly label: string;
-    readonly category: string;
-    readonly severity: ATRSeverity;
-}
-export interface SearchResult {
-    readonly entry: VectorEntry;
-    readonly similarity: number;
-}
-export declare class VectorStore {
-    private readonly entries;
-    constructor(entries?: readonly VectorEntry[]);
-    /** Create new store with additional entries (immutable) */
-    withEntries(newEntries: readonly VectorEntry[]): VectorStore;
-    /**
-     * Find top-K nearest neighbors by cosine similarity.
-     * Only returns results above the threshold.
-     */
-    search(query: Float32Array, topK?: number, threshold?: number): readonly SearchResult[];
-    size(): number;
-}
-/** Load pre-computed embeddings from JSON */
-export declare function loadVectorEntries(data: readonly {
-    id: string;
-    vector: number[];
-    label: string;
-    category: string;
-    severity: string;
-}[]): VectorEntry[];
-//# sourceMappingURL=vector-store.d.ts.map

package/dist/embedding/vector-store.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"vector-store.d.ts","sourceRoot":"","sources":["../../src/embedding/vector-store.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,WAAW,CAAC;CAChC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyB;gBAErC,OAAO,CAAC,EAAE,SAAS,WAAW,EAAE;IAI5C,2DAA2D;IAC3D,WAAW,CAAC,UAAU,EAAE,SAAS,WAAW,EAAE,GAAG,WAAW;IAI5D;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,IAAI,GAAE,MAAU,EAAE,SAAS,GAAE,MAAa,GAAG,SAAS,YAAY,EAAE;IAiBhG,IAAI,IAAI,MAAM;CAGf;AAyBD,6CAA6C;AAC7C,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,SAAS;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,EAAE,GACnG,WAAW,EAAE,CAQf"}